Oct 04 2021

Cybersecurity Awareness Month: #BeCyberSmart

Category: Information SecurityDISC @ 9:15 am
Cybersecurity Awareness Month: #BeCyberSmart

As you probably know (or, at least, as you know now!), October is Cybersecurity Awareness Month, which means it’s a great opportunity to do three things: Stop. Think. Connect.

Those three words were chosen many years ago by the US public service as a short and simple motto for cybersecurity awareness.

5 tips for you and your family on Safer Internet Day

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021 by [Cybersecurity and Infrastructure Security Agency]

Cybersecurity Awareness Month 2021 Kick-off Week

Cybersecurity Awareness Month 2021 has officially begun! join CISA in spreading cybersecurity awareness and encourage everyone to own their role in protecting Internet-connected devices. “Do Your Part. #BeCyberSmart.”

Visit www.cisa.gov/cybersecurity-awareness-month for more information.

#BeCyberSmart #CyberMonth

Week 1

The focus of Cybersecurity Awareness Month’s first week is “Do Your Part. #BeCyberSmart.”

Cybersecurity starts with YOU and is everyone’s responsibility. There are currently an estimated 5.2 billion Internet users—over 65% of the world’s population![1] This number will only grow, making the need to #BeCyberSmart more important than ever.

Join us and get involved by visiting www.cisa.gov/cybersecurity-awareness-month for more information.

#BeCyberSmart #CyberMonth

Week 2

Cybersecurity Awareness Month’s second week focuses on steps individuals and organizations can take to reduce their risks to phishing and ransomware.

This year has seen an increase in phishing incidents that often lead to ransomware attacks. These attacks disrupt the way we work, learn, and socialize. With our homes, schools, and business more connected than ever, it’s vital to #BeCyberSmart.

Learn how to #FightThePhish and report suspicious emails by visiting www.cisa.gov/cybersecurity-awareness-month for more information.

 #BeCyberSmart #CyberMonth

Week 3

Cybersecurity Awareness Month’s third week is Cybersecurity Career Awareness Week. This week, learn the vital role cybersecurity professionals play in global society and security. Also, learn how you can explore #Cybersecurity as your next career.

For professional development and educational resources visit www.cisa.gov/cybersecurity-awareness-month.

#BeCyberSmart #CyberMonth

Week 4

The final week of Cybersecurity Awareness Month looks at how #Cybersecurity is a year-round effort and should be one of individuals and organizations first considerations when they create or buy new devices and connected services.

For ways on how organizations and individuals can incorporate cybersecurity best practices into their decision making processes, visit www.cisa.gov/cybersecurity-awareness-month.

#BeCyberSmart #CyberMonth

Tags: BeCyberSmart, Cybersecurity Awareness Month, Cybersecurity Awareness Month 2021, Cybersecurity Awareness Month 2021 Toolkit

Oct 03 2021

The Biden administration will work with 30 countries to curb global cybercrime

Category: Cyber crimeDISC @ 1:39 pm
The Biden administration will work with 30 countries to curb global cybercrime

U.S. President Joe Biden announced that the US will work with 30 countries to curb cybercrime and dismantle ransomware gangs that are targeting organizations worldwide.

“This month, the United States will bring together 30 countries to accelerate our cooperation in combatting cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically,” announced President Biden.

The Biden Administration announced that it will work with representatives of 30 countries to accelerate the cooperation among states and international law enforcement agencies in fighting cyber criminal activities. Biden also announced a special effort in building a coalition of nations to advocate for and invest in trusted 5G technology and to secure its supply chains.

The coalition also aims at managing both the risks and opportunities associated with the adoption of emerging technologies like quantum computing and artificial intelligence.

The wave of ransomware attacks that hit US organizations in the first half of 2021 and that were carried out by Russian gangs like REvil and Darkside worried US authorities and was discussed by Presidents Biden and Putin during a phone call in July.

CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation

CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation by [United States Government Accountability Office]

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021 

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021 by [Cybersecurity and Infrastructure Security Agency]

Tags: Biden administration, Cybersecurity and Infrastructure Security Agency, Cybersecurity Awareness Month 2021 Toolkit, Cybersecurity for Our Nation

Oct 02 2021

Baby died at Alabama Springhill Medical Center due to cyber attack

Category: Cyber Attack,hipaaDISC @ 3:18 pm
Baby died at Alabama Springhill Medical Center due to cyber attack

A baby allegedly received inadequate childbirth health care, and later died, at an Alabama Springhill Medical Center due to a ransomware attack.

An Alabama woman named Teiranni Kidd has filed suit after the death of her baby, she claims that the Springhill Medical Center was not able to respond to a cyberattack that crippled its systems causing the death of the infant daughter, reported The Wall Street Journal.

According to Kidd, the Alabama hospital did not disclose that it was hit by a severe cyberattack that interfered with the care for her baby, Nicko Silar.

“Nicko suffered a severe brain injury when medical staff failed to notice the umbilical cord was wrapped around her neck because of a “lack of access to critical services and information caused by the cyberattack,” the suit said. She died nine months after the cord cut off her blood and oxygen supply.” reported The New York Post.

1200px-Springhill_Medical_Center_2018

The hospital released a public statement about the security breach the day before the infant was born announcing it “has continued to safely care for our patients and will continue to provide the high quality of service that our patients deserve and expect.”

The 2022 Report on Healthcare Cyber Security: World Market Segmentation by City

Tags: cyber attack

Oct 01 2021

Gift card fraud: four suspects hit with money laundering charges

Category: CybercrimeDISC @ 11:44 am
Gift card fraud: four suspects hit with money laundering charges

You might be forgiven for thinking that cybercrime is almost all about ransomware and cryptocoins these days.

In a ransomware attack, the crooks typically blackmail you to send them cryptocurrency in return for giving you your stolen data back (or for not selling it on to someone else).

In a cryptocoin attack, the crooks typically take your cryptocurrency for themselves, perhaps by exploiting a bug in the trading software you use, or by stealing your private keys so they have direct access to your cryptocurrency wallet.

This sort of criminality sometimes involves amounts reaching tens of millions of dollars, or even hundreds of millions of dollars, in a single attack.

But gift card fraud still fills a distressing niche in the cybercrime ecosystem, where a gang of crooks redeem gift cards that you paid for, either because you were convinced that those cards were earmarked for something else, or because the crooks got temporary access to one of your online accounts that allowed them to buy gift cards on your dime.

Indeed, the US Department of Justice announced this week the indictment of four suspected gift card scammers, and alleges that that these four had ended up with more than 5000 fraudulently obtained cards to spend on themselves.

This sort of crime might not reach the stratospheric financial territory of ransomware criminals, or the truly cosmic amounts seen in cryptocurrency attacks…

…but if we reasonably assume an average of $200 a gift card (we know that in many scams, crooks come away with more than that on each card), we’re still looking at $1,000,000 of ill-gotten gains in this court case alone.

Don’t Panic! I’m A Professional Fraud Analyst – 2022 Diary: Customized Work Planner Gift For A Busy Fraud Analyst.

Tags: Gift card fraud, money laundering

Oct 01 2021

CISA releases Insider Risk Mitigation Self-Assessment Tool

Category: Risk Assessment,Security Risk AssessmentDISC @ 9:39 am
CISA releases Insider Risk Mitigation Self-Assessment Tool

The US CISA has released a new tool that allows to assess the level of exposure of organizations to insider threats and devise their own defense plans against such risks.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Insider Risk Mitigation Self-Assessment Tool, a new tool that allows organizations to assess their level of exposure to insider threats.

Insider threats pose a severe risk to organizations, the attacks are carried out by current or former employees, contractors, or others with inside knowledge, for this reason they are not easy to detect.

An attack from insiders could compromise sensitive information, cause economic losses, damages the reputation of the organization, theft of intellectual property, reduction of market share, and even physical harm to people. 

The tool elaborates the answers of the organizations to a survey about their implementations of a risk program management for insider threats.

“The Cybersecurity and Infrastructure Security Agency (CISA) released an Insider Risk Mitigation Self-Assessment Tool today, which assists public and private sector organizations in assessing their vulnerability to an insider threat.  By answering a series of questions, users receive feedback they can use to gauge their risk posture.  The tool will also help users further understand the nature of insider threats and take steps to create their own prevention and mitigation programs.” reads the announcement published by CISA.

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021

Held every October, Cybersecurity Awareness Month is a collaborative effort between government and industry to ensure every American has the resources they need to stay safe and secure online while increasing the resilience of the Nation against cyber threats.
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) co-lead Cybersecurity Awareness Month.

Cybersecurity Awareness Month 2021 Toolkit: Key messaging, articles, social media, and more to promote Cybersecurity Awareness Month 2021 by [Cybersecurity and Infrastructure Security Agency]

Tags: CISA, Cybersecurity Awareness Month 2021, Risk Mitigation Self-Assessment Tool

Oct 01 2021

New APT ChamelGang Targets Russian Energy, Aviation Orgs

Category: APT,Information SecurityDISC @ 9:23 am

First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks.

A new APT group has emerged that’s specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks.

Researchers at security firm Positive Technologies have been tracking the group, dubbed ChamelGang for its chameleon-like capabilities, since March. Though attackers mainly have been seen targeting Russian organizations, they have attacked targets in 10 countries so far, researchers said in a report by company researchers Aleksandr Grigorian, Daniil Koloskov, Denis Kuvshinov and Stanislav Rakovsky published online Thursday.

To avoid detection, ChamelGang hides its malware and network infrastructure under legitimate services of established companies like Microsoft, TrendMicro, McAfee, IBM and Google in a couple of unique ways, researchers observed.

more detail analysis on: New APT ChamelGang Targets Russian Energy, Aviation Orgs

Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK™ Framework and open source tools

Tags: APT ChamelGang, ATT&CK™ Framework, open source tools, Threat Hunting

Sep 30 2021

Supply Chain Emerging as Cloud Security Threat

Category: Cloud computing,Cyber ThreatsDISC @ 9:20 am
Supply Chain Emerging as Cloud Security Threat

Misconfigurations in software development environments and poor security hygiene in the supply chain can impact cloud infrastructure and offer opportunities for malicious actors to control unwitting victims’ software development processes.

These were the results of a report from Palo Alto Networks’ security specialist Unit 42, which conducted a red team exercise with a large SaaS provider.

Within three days, the company discovered critical software development flaws that could have exposed the organization to an attack similar to those perpetrated against SolarWinds and Kaseya.

If an attacker (like an APT) compromises third-party developers, it’s possible to infiltrate thousands of organizations’ cloud infrastructures, the report warned.

Supply Chain Flaws in the Cloud

Matt Chiodi, CSO of public cloud at Palo Alto Networks, explained that supply chain flaws in the cloud are difficult to detect because of the massive number of building blocks that go into even a basic cloud-native application.

“Our researchers estimated that the typical cloud-native application is built upon hundreds of these packages,” he said. “Let’s call them ‘Legos.’ Each of these Legos that developers plug into their application carries a certain risk and can be a vector to another supply chain attack.”

The report highlights how vulnerabilities and misconfigurations can quickly snowball within the context of the cloud software supply chain, and called for organizations to “shift security left.”

“Shifting security left is about moving security as close to development as possible,” said Chiodi. “Historically, security and development teams have operated independently of each other.” He added that development teams like to move quickly and try new things and security is more often the opposite.

“The concept of ‘shift left’ attempts to not change developer behaviors, but rather equip them with processes and tools that work natively to secure their existing methods of developing software,” Chiodi said. “If security teams can equip development teams with processes and tools that work natively with development tools and measure regularly, they greatly reduce their risks of supply chain insecurity from cloud-native applications. This is a good first step.”

He pointed out the first wave of migrations to the cloud was marked by “lift and shift,” meaning that organizations simply took existing applications as-is and moved them to the cloud.

“When they did this, they could say the applications were running in the cloud, but the applications themselves were not cloud-native,” he said.

Being Truly Cloud-Native

supply chain data secure

Tags: cloud security, cloud security threat, supply chain

Sep 30 2021

Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones

Category: Information Security,Mobile SecurityDISC @ 9:08 am

Researchers have demonstrated that someone could use a stolen, unlocked iPhone to pay for thousands of dollars of goods or services, no authentication needed.

An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning.

The problem is due to unpatched vulnerabilities in both the Apple Pay and Visa systems, according to an academic team from the Universities of Birmingham and Surrey, backed by the U.K.’s National Cyber Security Centre (NCSC). But Visa, for its part, said that Apple Pay payments are secure and that any real-world attacks would be difficult to carry out.

The team explained that fraudulent tap-and-go payments at card readers can be made using any iPhone that has a Visa card set up in “Express Transit” mode. Express Transit allows commuters around the world, including those riding the New York City subway, the Chicago El and the London Underground, to tap their phones on a reader to pay their fares without unlocking their devices.

“An attacker only needs a stolen, powered-on iPhone,” according to a writeup (PDF) published this week. “The transactions could also be relayed from an iPhone inside someone’s bag, without their knowledge. The attacker needs no assistance from the merchant.”

In a proof-of-concept video, the researchers showed a £1,000 payment being sent from a locked iPhone to a standard, non-transit Europay, Mastercard and Visa (EMV) credit-card reader.

Exploiting Apple Pay Express Transit Mode

The attack is an active man-in-the-middle replay and relay attack, according to the paper. It requires an iPhone to have a Visa card (credit or debit) set up as a transit card in Apple Pay.

The attackers would need to set up a terminal that emulates a legitimate ticket barrier for transit. This can be done using a cheap, commercially available piece of radio equipment, researchers said. This tricks the iPhone into believing it’s connecting to a legitimate Express Transit option, and so, therefore, it doesn’t need to be unlocked.

“If a non-standard sequence of bytes (Magic Bytes) precedes the standard ISO 14443-A WakeUp command, Apple Pay will consider this [to be] a transaction with a transport EMV reader,” the team explained.

Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones

Tags: apple pay, unlocked iphones, visa hacked

Sep 29 2021

Expert discloses new iPhone lock screen vulnerability in iOS 15

Category: Security vulnerabilities,Smart PhoneDISC @ 2:12 pm
Expert discloses new iPhone lock screen vulnerability in iOS 15

The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed.

The security researcher Jose Rodriguez (@VBarraquito) discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be addressed by Apple. A threat actor with physical access to a vulnerable device can access Notes via Siri/Voice Over.

Rodriguez explained that in real incidents, unattended or stolen devices with a lock screen bypass vulnerability are exposed to attacks that could leverage a lock screen vulnerability to access sensitive information.

This specific type of vulnerability represents a serious threat to individuals and organizations, for this reason, the expert suggests including their research when conducting a mobile pen-testing assessment.

The expert disclosed details about the lock screen bypass vulnerability after Apple downplayed similar flaws, tracked as CVE-2021-1835 and CVE-2021-30699, reported by the researcher earlier this year.

The flaws allowed an attacker to access instant messaging apps like WhatsApp or Telegram even while the mobile device was locked.

Rodriguez explained that Apple partially fixed the issue and did not involve him in the test of the released patch.

Then the expert proposed a variant of the same bypass issue that leverages Apple Siri and VoiceOver services to access the Notes app.

The expert also published a video PoC for the latest screen bypass vulnerability:

Let me suggest reading a post published by the expert that includes a long list of similar vulnerabilities:

https://blog.dinosec.com/2014/09/bypassing-ios-lock-screens.html

The iPhone Manual – Tips and Hacks

Tags: ios 15, iPhone Hacks, iPhone lock screen vulnerability, iPhone manual, iPhone tips

Sep 29 2021

How to Mitigate the Top 4 Ransomware Vectors

Category: RansomwareDISC @ 9:44 am
How to Mitigate the Top 4 Ransomware Vectors

The ransomware economy is booming. Ransomware gangs are so successful that if cybercriminals were companies, some would be considered “unicorns.” Organized crime syndicates have taken over this highly lucrative extortion racket and are now running the ransomware economy at an industrial scale. The U.S. is reportedly hit by seven ransomware attacks every hour, with ransomware demands expected to hit $20 billion this year and $265 billion in ten years.

Top Infection Vectors of a Ransomware Attack

Cybercriminals need a delivery system that drops the ransomware payload on the target machine. Once this malware infiltrates your network, it takes over and can perform several damaging actions such as file encryption, credential hijacking, data exfiltration and even deletion or corruption of your backups. Recognizing and fortifying defenses against such infection vectors is key for a proactive ransomware defense. Cybercriminals continue to evolve their vectors in line to changes in internet and technology however, here are the top four infection vectors:

How to Mitigate the Top 4 Ransomware Vectors

Ransomware Protection Playbook

Tags: Ransomware Protection Playbook

Sep 28 2021

Check What Information Your Browser Leaks

Category: Web SecurityDISC @ 11:58 am
Check What Information Your Browser Leaks

These two sites tell you what sorts of information you’re leaking from your browser.

The Browser Hacker’s Handbook

Tags: Browser Hacker's Handbook, Browser Leaks

Sep 27 2021

Port of Houston was hit by an alleged state-sponsored attack

Category: Cyber AttackDISC @ 9:45 pm
Port of Houston was hit by an alleged state-sponsored attack

One of the major US ports, the Port of Houston, revealed that it was hit by a cyber attack in August that had no impact on its systems.

“The Port of Houston Authority (Port Houston) successfully defended itself against a cybersecurity attack in August. Port Houston followed its Facilities Security Plan in doing so, as guided under the Maritime Transportation Security Act (MTSA), and no operational data or systems were impacted as a result.” reads a statement issued on Thursday by Port officials.

Cybersecurity and Infrastructure Security Agency Director Jen Easterly disclosed the attack at a Senate committee hearing Thursday morning. She believed the attack was conducted by a “nation-state actor” that exploited a zero-day flaw in a Zoho user authentication device.

“We are working very closely with our interagency partners and the intelligence community to better understand this threat actor so that we can ensure that we are not only able to protect systems, but ultimately to be able to hold these actors accountable,” Easterly added.

Tags: state-sponsored attack

Sep 27 2021

Ways to Improve Internet Speed

Category: Network securityDISC @ 2:31 pm
Ways to Improve Internet Speed

A slow-speed internet that makes you wait for ages before you can finally access a webpage is surely quite a pain! It tests your patience to the last limits and doesn’t allow you to complete your work on time. It is equally frustrating for game lovers, who always need an active internet connection to play the games. Alongside this, the slow internet hinders with user’s efficiency to a great deal.

If you are sick and tired of your slow-poke internet, here are a few ways through which you can augment the speed of your internet, easily.

  • Restart the Router

This is surely an age-old formula to repair things and works quite well most of the time. If your internet connectivity is getting blocked or the connection gets interrupted quite a lot, you need to try this method for sure. All you need to do is to turn off the switch giving power to the router. Once you turn it on again, it will work well and deliver you with the speed you always wanted

  • Use a Cable

Going back to the old typical cable connectivity might help you with your internet speed this time. Yes, you read that right! You may need to take that dangling wire out of your storage box and put it back to work. The speed it delivers will amaze you. This happens because there is no distraction, distortion, or blockade anymore, which might affect the signal strength of the Wi-Fi.

Tags: Boost internet speed, Improve Internet Speed

Sep 27 2021

Proper password security falling short despite increase in online presence

Category: Information Security,Password SecurityDISC @ 9:32 am
Proper password security falling short despite increase in online presence

While 92 percent of people know that using the same password or a variation is a risk, 65 percent still re-use passwords across accounts, drastically increasing the risks to their sensitive information, a LastPass report revealed.

proper password security

While consumers have a solid understanding of proper password security and the actions necessary to minimize risk, they still pick and choose which information they apply that knowledge to, according to the report.

Spending more time online, yet lacking proper password security

Strong cybersecurity habits are more important than ever this year, given the sheer volume of time individuals have spent online in the last 18 months and the corresponding spike in cyber-attacks. Yet the survey revealed that despite 71 percent of people working wholly or partly remote and 70 percent spending more time online for personal entertainment during the pandemic, people were still exhibiting poor password behavior.

Password Authentication for Web and Mobile Apps

Tags: password security

Sep 26 2021

STILL ALIVE! iOS 12 gets 3 zero-day security patches – update now

Category: Mobile Security,Zero dayDISC @ 11:20 am
STILL ALIVE! iOS 12 gets 3 zero-day security patches – update now

If you’ve already listened to this week’s Naked Security Podcast you’ll know that we had finally concluded that iOS 12, the version before the version before the latest-and-greatest iOS 15, which arrived this Monday…

…had been dumped forever by Apple.

Apple notoriously won’t tell you anything about the security situation in its products unless and until it has a patch out.

So when iOS 14 got updated in the last couple of patch cycles, but iOS 12 didn’t, we couldn’t tell whether it was still safe and didn’t need the patches, whether it needed the patches but they’d be a bit late, or whether it needed the patches but would never get them.

And with iOS 15 arriving as the new kid on the block this week, we assumed the worst, following the “one-in-one-out” principle.

We haven’t finished because we haven’t even started

iOS Application Security

Tags: iOS 12, iOS Application Security

Sep 24 2021

Treasury Sanctions SUEX Exchange for Laundering Ransoms

Category: RansomwareDISC @ 11:46 am
Treasury Sanctions SUEX Exchange for Laundering Ransoms

The Biden administration fired another shot in its battle against ransomware Tuesday as the U.S. Treasury Department took steps to disrupt the financial infrastructure behind ransoms, designating for sanctions the SUEX OTC, S.R.O. virtual currency exchange for laundering ransom payments.

By designating SUEX, the Treasury Department’s Office of Foreign Assets Control (OFAC) is blocking the exchange’s property (and interests in property) that are under U.S. jurisdiction. In addition, if a designated person owns 50% or more of an entity, they also can be blocked; those involved in some transactions or activities – whether individuals or financial institutions – could be exposed to sanctions or some other penalty.

While the actions taken against SUEX aren’t attached to a particular ransomware-as-a-service (RaaS) or ransomware variant, the agency said an analysis of the exchange’s activities found transactions made for at least eight ransomware variants.

“This advisory is really a final warning for companies to get their security operations in order,” said Jake Williams, co-founder and CTO at BreachQuest. “The vast majority of ransomware incidents we respond to were trivially preventable.”

The government, he said, “sees companies facilitating ransomware payments as encouraging future ransomware attacks.”

The new advisory may prevent organizations from paying attackers to recover their data, “making it even more critical that they do what they can now to ensure they don’t suffer a ransomware attack in the first place,” said Williams.

Praising the Biden administration for doing “more for cybersecurity awareness and direction than we’ve seen in the past,” Bill O’Neill, vice president of public sector at ThycoticCentrify, added that, “The idea of disincentivizing organizations from paying out a ransom to attackers will likely only end up backfiring and having an adverse effect economically.” While the average company most often folds to ransomware demands “because they lack the proper knowledge, resources and technology to wrest [back] control of the data that was stolen from them to begin with,” O’Neill said, “Penalizing business owners for complying will only hurt them twofold while doing nothing to ultimately stop attacks from happening.”

If attackers can’t get ransom, then they’ll turn to the black market to make money by selling the data they pilfered. “Their victims, however, will be exponentially worse off and possibly open to further attacks,” said O’Neill. “The better approach would be to continue introducing policies and programs to raise awareness and educate organizations about the best ways to stay safe and prevent attacks, as well as providing resources surrounding key technologies to implement to help further minimize risks.”

The sanctions might be a good first step, but John Bambenek, principal threat hunter at Netenrich, said, “What is more important in stopping ransomware is finding those involved and getting them brought to justice; these kinds of actions could also impair intelligence collection on those bad actors.”

sanctions currency exchange

Treasury Sanctions SUEX Exchange for Laundering Ransoms

Bitcoin Investigation Manual: Hunting Bitcoin in the AML-Money Laundering World

Tags: Laundering Ransoms, money laundering, SUEX Exchange

Sep 24 2021

OWASP Top 10 2021: The most serious web application security risks

Category: App Security,Web SecurityDISC @ 9:49 am
OWASP Top 10 2021: The most serious web application security risks

How is the list compiled?

“We get data from organizations that are testing vendors by trade, bug bounty vendors, and organizations that contribute internal testing data. Once we have the data, we load it together and run a fundamental analysis of what CWEs map to risk categories,” the Open Web Application Security Project (OWASP) explains.

“This installment of the Top 10 is more data-driven than ever but not blindly data-driven. We selected eight of the ten categories from contributed data and two categories from the Top 10 community survey at a high level.”

The reason for leaving space for direct input from application security and development experts on the front lines is the fact that it takes time to find ways to test new vulnerabilities, and they can offer knowledge on essential weaknesses that the contributed data may not show yet.

The list is then published so that it can be reviewed by practitioners, who may offer comments and suggestions for improvements.

OWASP Top 10 2021

OWASP Top 10 2021: What has changed in the last 4 years?

Tags: OWASP Top 10

Sep 23 2021

FBI Had the REvil Decryption Key

Category: CryptograghyDISC @ 3:03 pm
FBI Had the REvil Decryption Key

Real-World Cryptography

Tags: Decryption Key, FBI, Real-World Cryptography, Revil

Sep 23 2021

How to protect the corporate network from spyware

Category: Cyber Spy,SpywareDISC @ 1:55 pm
How to protect the corporate network from spyware

There are a range of security policies for dealing with users’ smartphones, from the most restrictive approach – no smartphone access allowed – to an open approach that allows personal phones to connect to the internal corporate network. We suggest that the right solution is somewhere in between.

You may have read about the Pegasus spyware in the news; the NSO Group’s software exploits flaws in iOS (iPhones) to gain access to data on an unsuspecting target’s phone. NSO sells Pegasus to governments, ostensibly to track criminals, but it’s often used by repressive regimes to spy on their opponents, political figures, and activists.

In the past, Pegasus infections were primarily achieved by sending a link to the victim’s phone; when the target clicked on it, they would trigger an exploit that would allow attackers to gain root access to the phone. Once the spyware obtains root access, it can read messages on apps like iMessage, WhatsApp, Telegram, Gmail and others. A sophisticated command and control network can report back to the operator and control the phone as well.

Reducing the risk

What Is Pegasus? All About the Infamous Software (Infographic)

anti-spyware A Complete Guide

How To Protect Yourself From Adware Or Spyware

Tags: anti-spyware, Pegasus spyware, Spyware and Adware

Sep 22 2021

VMware patch bulletin warns: “This needs your immediate attention.”

Category: VirtualizationDISC @ 11:02 am
VMware patch bulletin warns: “This needs your immediate attention.”

VMware’s latest security update includes patches for 19 different CVE-numbered vulnerabilities affecting the company’s vCenter Server and Cloud Foundation products.

All of the bugs can be considered serious – they wouldn’t be enumerated in an official security advisory if they weren’t – but VMware has identified one of them, dubbed CVE-2021-22005, as more critical than the rest.

Indeed, VMware’s official FAQ for Security Advisory VMSA-2021-0020 urges that:

The ramifications of this vulnerability are serious and it is a matter of time – likely minutes after the disclosure – before working exploits are publicly available.

In particular, the company explains:

The most urgent [patch] addresses CVE-2021-22005, a file upload vulnerability that can be used to execute commands and software on the vCenter Server Appliance. This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server.

VMware unabashedly says that “this needs your immediate attention,”, and we think it’s a good thing to see a software vendor talking about cybersecurity response in plain English instead of mincing its words.

VMware vSphere and Virtual Infrastructure Security

Tags: VMware

« Previous PageNext Page »