What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-11 00:12:02 | Using Trend Analysis to Operationalize OT Threat Intelligence with Neighborhood Keeper (lien direct) | >In the previous blog in this series, we covered the foundational elements that make up Neighborhood Keeper, as well as... The post Using Trend Analysis to Operationalize OT Threat Intelligence with Neighborhood Keeper first appeared on Dragos. | Threat Prediction | ★★★ | |
 |
2023-02-10 02:00:00 | Top cybersecurity M&A deals for 2023 (lien direct) | Uncertainty and instability marked the end of 2022 for many in the tech sector, a trend that bled into the beginning of 2023. Following on the heels of a drought in IT talent came mass layoffs at many of the world's biggest tech companies as predictions of recession loomed and war in Ukraine dragged on with no end in sight.Global concern over cybersecurity has never been higher, with attacks coming fast and furious and in ever-growing numbers, and 65% of organizations planned to increase cybersecurity spending in 2023. That means CISOs may be pressured to do more with what they have as budgets shrink even as demand for security increases. And they should be aware of what could change if one of their vendors is acquired in this climate.To read this article in full, please click here | Prediction | ★★ | |
|
2023-02-09 13:24:00 | BrandPost: Security Trends to Watch in 2023 (lien direct) | It's that time of year again when many of your favorite security professionals and vendors roll out their predictions for the coming year. Although not all of us have clairvoyant abilities, seasoned pros can spot a trend early and inform the rest of us before we're caught off guard. Because adversaries continually adapt and change, security practitioners must also adapt their thinking, understanding, and defenses to combat innovation by using tools such as threat intelligence, threat hunting, and proactive suppression. In this spirit, we have identified a few trends to look out for before it's too late. Geopolitical unrest Although distributed denial-of-service (DDoS) attacks have steadily increased over the past 20 years, recent data firmly establishes the reality that network operators need to understand, prepare for, and expect attacks related to politics, religion, and ideology. Nation-state actors often directly target internet infrastructure to take out critical communications, e-commerce, and other vital infrastructure dependent on internet connectivity. This, of course, means targeting internet service provider (ISP) networks to hobble internet connectivity.To read this article in full, please click here | Threat Prediction | ★ | |
 |
2023-02-09 11:15:15 | How will the NIS2 Directive impact the European bug bounty market? (lien direct) | >The NIS2 Directive is due to be implemented across the EU by September next year. Find out how the legislation will impact the region's bug bounty and cybersecurity industry. In 2022, the bug bounty and crowdsourced security industry experienced a surge in its validation and growth across the globe due to supportive legislation. This trend […] | Prediction | ★★★ | |
 |
2023-02-08 14:00:00 | What CISOs Should Know About Hacking in 2023 (lien direct) | >The art of cyber crime is in a constant state of flux and evolution. Simply staying on pace with these trends is a significant part of the CISO’s job. Today’s modern CISO must ensure they are always prepared for the next big trend and remain ahead of adversaries. As we begin to navigate 2023, the […] | Prediction | ★★★ | |
 |
2023-02-07 22:16:16 | KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach (lien direct) | KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. While I can't predict what the producers will do with the video interviews we shot, it's fair to say the series will explore tantalizing new clues as to who may have been responsible for the attack. | Prediction | ★★★ | |
 |
2023-02-07 08:09:44 | ChatGPT : la bataille de la recherche web a commencé (lien direct) | Google, Baidu et Microsoft lui-même élargissent leur communication sur leurs stratégies respectives " IA + recherche web ". | Prediction | ChatGPT | ★★★ |
 |
2023-02-06 14:49:44 | Microsoft Exchange Server Vulnerability Trend in 2022 (lien direct) | >By SOCRadar Research Microsoft Exchange Server, a widely used email and calendar server for businesses,... | Vulnerability Prediction | ★★ | |
 |
2023-02-06 11:00:00 | The ethics of biometric data use in security (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In a world where you can scan the veins in your hand to unlock a smartphone, how do you maintain control over personal data? Biometric authentication, the use of distinctive human features like iris patterns, fingerprints and even gait in lieu of a password, is gaining ground in the tech world. Proponents tout its inherent, hard-to-replicate qualities as a security benefit, while detractors see the same features as an invasion of privacy. Both sides may be right. The problems with biometrics Unlike a password, you can’t forget your face at home. But also, unlike a password, you can’t reset your face — meaning you’re out of luck if someone steals a photo of it. In 2016, a biometrics researcher helped investigators hack into a murder victim’s phone with only a photo of the man’s fingerprint. While security systems are getting more advanced all the time, current technology also allows cybercriminals to run wild with a single piece of biometric data, accessing everything from laptop logins to bank accounts. By its very nature, biometric authentication requires third parties to store biometric data. What happens if the information is exposed? In addition to potential hacking, breaching people’s personal data might reveal something they’d rather keep private. Vein patterns could reveal that a person has a vascular disorder, raising their insurance premiums. Fingerprints could expose a chromosomal disease. True, people give this same information to their doctors, and a medical data breach could have the same repercussions. But handing off biometric data to a commercial company — which isn’t bound by HIPAA or sworn to do no harm — is a much grayer area. Another issue that occasionally plagues biometric authentication is injuries and natural bodily changes. A single paper cut can derail a fingerprint scanner, and an aging eye throws iris scanners for a loop. People will have to update their photos every few years to remind the system what they look like. Some facial recognition programs can even predict how long a person will live. Insurance companies have expressed interest in getting hold of this data, since the way a person ages says a lot about their health. If stolen biometric data fed into an algorithm predicts a person won’t make it past 50, will their employer pass them up for a promotion? In the event of an accident, your family won’t easily be able to access your accounts if you use biometric authentication, since it’s not as simple as writing down a list of passwords. Maybe that’s a good thing — but maybe not. Another ethical dilemma with biometric data use is identifying people without their consent. Most people are used to being on camera at the grocery store, but if that same camera snaps a photo without permission and stores it for later retrieval, they probably won’t be too happy. Some people point out that you have no right to privacy in a public space, and that’s true — to an extent. But where do you draw the line between publicity and paparazzi? Is it OK to snap a stranger’s photo while you’re talking to them, or is that considered rude and intrusive? The benefits of biometric data Of course, no one would be handing off a photo of their face if the | Data Breach Hack Prediction Medical | ★★ | |
 |
2023-02-06 03:03:36 | What\'s in the Cards for Cybersecurity in 2023? (lien direct) | It's another new year and hence another occasion to predict how the cybersecurity landscape will evolve in 2023. Once again, it will be challenging, as most every year is, and could wind up being an unusually difficult 12 months because of multiple headwinds. One is that it has become clear that a huge increase in remote working is here to stay, if only because so many companies have adopted a durable hybrid policy – one that blends remote work with work in the office some weekdays. This is good for workers, who prefer to commute to work less, but not for corporate cybersecurity because remote... | Prediction | ★★★ | |
 |
2023-02-06 00:00:00 | (Déjà vu) Cloud-ready and Channel-first (lien direct) | Trend Micro named one of 2023's coolest cloud security companies | Prediction | ★ | |
 |
2023-02-03 17:42:00 | Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations (lien direct) | The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers," Trend Micro researchers Mohamed Fahmy, Sherif | Prediction | APT 34 | ★★ |
 |
2023-02-03 15:06:57 | OilRig Hackers Exfiltrate Data From Govt. Agencies Using New Backdoors (lien direct) | In an ongoing cyber espionage campaign that uses a new backdoor to exfiltrate data, the Iranian nation-state hacker group OilRig has continued to target Middle Eastern governments. Researchers at Trend Micro, Mohamed Fahmy, Sherif Magdy, and Mahmoud Zohdy, explained that the effort “abuses legitimate but hacked email accounts to deliver stolen data to external mail […] | Prediction | APT 34 | ★★★ |
 |
2023-02-01 21:34:45 | Using Artificial Intelligence and Machine Learning to Combat Hands-on-Keyboard Cybersecurity Attacks (lien direct) | Malware gets the headlines, but the bigger threat is hands-on-keyboard adversary activity which can evade traditional security solutions and present detection challenges Machine learning (ML) can predict and proactively protect against emerging threats by using behavioral event data. CrowdStrike's artificial intelligence (AI)-powered indicators of attack (IOAs) use ML to detect and predict adversarial patterns in […] | Malware Threat Prediction | ★★★ | |
 |
2023-02-01 07:00:00 | The Environment as an Imperative (lien direct) | >About 15 months ago we made a prediction. “COP26 has been the most urgent we have seen yet, with governments, businesses, and individuals all hearing and responding to scientists' calls for expedient action to protect our ways of life. We will see this imperative running through RFPs and procurement choices in 2022, and I predict […] | Prediction | ★★ | |
 |
2023-02-01 03:15:08 | CVE-2023-0587 (lien direct) | A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed. | Vulnerability Prediction | ||
 |
2023-01-31 08:00:00 | Predictions For Securing Today\'s Hybrid Workforce (lien direct) | Since requirements differ for users who work both from home and in the office, policies - and underlying technology - must adapt. | Prediction | ★★★ | |
 |
2023-01-30 13:58:02 | Trend Micro mobilise les hackers éthiques à l\'échelle mondiale pour identifier les vulnérabilités des véhicules connectés (lien direct) | Sécurité des systèmes embarqués Trend Micro mobilise les hackers éthiques à l'échelle mondiale pour identifier les vulnérabilités des véhicules connectés Pour renforcer la cybersécurité dans ce domaine stratégique, la Zero Day Initiative crée un bug bounty dédié : le Pwn2Own Automotive. - Business | Prediction | ★★ | |
 |
2023-01-30 06:59:43 | Analysis Report on Malware Distributed via Microsoft OneNote (lien direct) | This document is an analysis report on malware that is being actively distributed using Microsoft OneNote. The ASEC analysis team identified the rapidly increasing trend of OneNote malware distribution from November 2022 and has classified the malware according to the level of intricacy based on the screen that appears when the file is actually opened. These categories include ‘1) The type where malicious objects are hidden with simple block images’ and ‘2) The more intricately created malicious OneNote types’. Below... | Malware Prediction | ★★★★ | |
|
2023-01-26 11:00:00 | Predicting which hackers will become persistent threats (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the authors in this article. This blog was jointly written with David Maimon, Professor at Georgia State University.
Website defacement
Websites are central to business operations but are also the target of various cyber-attacks. Malicious hackers have found several ways to compromise websites, with the most common attack vector being SQL injection: the act of injecting malicious SQL code to gain unauthorized access to the server hosting the website. Once on the server, the hacker can compromise the target organization's website, and vandalize it by replacing the original content with content of their own choosing. This criminal act is referred to as website defacement. See Figure 1 for examples of past website defacements.
  Figure 1. Examples of past website defacements.
While the act of vandalizing a website may seem trivial, it can be devastating for the victimized entities. If an e-commerce site is publicly compromised, for example, they suffer direct and indirect financial loss. The direct losses can be measured by the amount of revenue that would have been generated had the website not been compromised, and by the time and money spent to repair the damaged site. Indirect losses occur because of reputational damage. Potential customers may be deterred from providing their banking information to an organization portrayed and perceived as incapable of protecting their assets.
Threat actors
Unlike most forms of hacking, website defacement has a public facing component. Assailants are eager to get credit for their success in compromising websites and are notorious for bragging about their exploits across various platforms, including general social media (e.g., Facebook, Twitter, Youtube, etc.) and hacking specific sites. The most popular platform on which hackers report successful defacements is Zone-H. Users of the platform upload evidence of their attack, and once the attack is verified by the site’s administrators, it is permanently housed in the archive and viewable on Zone-H’s webpage. Zone-H is the largest hacking archive in the world: over 15 million attacks have been verified by Zone-H thus far, with over 160,000 unique active users. The archive, as depicted in Figure 2, includes the hackers’ moniker, the attacked website's domain name, and an image of the defacement content (resembling the images depicted in Figure 1).
Figure 2. Zone-H: The largest hacking archive in the world.
Hackers tend to use the same moniker across platforms to bolster the reputation and status of their online identity, which allows for the gathering of digital artifacts and threat intelligence pertinent to the attack and attacker, respectively. Indeed, we have been systematically gathering data on active malicious hackers who report their successful defacements to Zone-H since 2017 and, in doing so, have uncovered several interesting findings that shed light on this underground community. For example, and in direct contrast to Hollywood’s stereotype of the lone actor, we observed an interconnected community of hackers who form teams and develop their skills through collaboration and camaraderie. We also found variation in hackers’ attack frequency: some hackers are extremely prolific and can be classified as persistent threats, while others only engage in a few attacks before disappearing. These finding |
Threat Prediction | ★★ | |
|
2023-01-26 10:15:36 | Netscout : DDOS attacks mirroring increased global geopolitical tensions (lien direct) | As distributed-denial-of-service (DDoS*) attack volumes have gradually increased over the course of the last 20 years, recent data has firmly established the link between geopolitical conflicts and these types of cyberattacks. The most apparent example of this trend is the ongoing war between Russia and Ukraine. The war has resulted in 66 per cent** of businesses changing their cybersecurity strategies, and 82 per cent*** of security professionals today believe that geopolitics and cybersecurity are intrinsically linked. What's more, according to NETSCOUT's 1H2022 Threat Intelligence Report, since Russia invaded Ukraine nearly a year ago, cyberattacks have become increasingly featured as part of threat actors' attack methodology. - Malware Update | Threat Prediction | ★★ | |
|
2023-01-26 00:00:00 | New Mimic Ransomware Abuses Everything APIs for its Encryption Process (lien direct) | Trend Micro researchers discovered a new ransomware that abuses the APIs of a legitimate tool called Everything, a Windows filename search engine developed by Voidtools that offers quick searching and real-time updates for minimal resource usage. | Ransomware Tool Prediction | ★★ | |
|
2023-01-25 11:06:00 | Attackers move away from Office macros to LNK files for malware delivery (lien direct) | For years attackers have used Office documents with malicious macros as one of the primary methods of infecting computers with malware. Microsoft finally took steps to disable such scripts by default in documents downloaded from the internet, forcing many groups to change tactics and increasingly choose LNK (shortcut) files as a delivery mechanism.This trend has led to the creation of paid tools and services dedicated to building malicious LNK files. Some of these builders include MLNK Builder, Quantum Builder, Macropack, LNKUp, Lnk2pwn, SharPersist, and RustLnkBuilder, but their use can provide opportunities for easier detection by security products.To read this article in full, please click here | Malware Prediction | ★ | |
 |
2023-01-24 18:14:53 | (Déjà vu) 2022 Report Confirms Business-Related Phishing Emails Trend [INFOGRAPHIC] (lien direct) |
![2022 Report Confirms Business-Related Phishing Emails Trend [INFOGRAPHIC]](https://blog.knowbe4.com/hubfs/Q42022-SOCIAL.jpg)
KnowBe4's latest reports on top-clicked phishing email subjects have been released for 2022 and Q4 2022. We analyze 'in the wild' attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects. |
Prediction | ★★★★★ | |
|
2023-01-24 00:00:00 | Vice Society Ransomware Group Targets Manufacturing Companies (lien direct) | In this blog entry, we'd like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry. | Ransomware Prediction | ★★ | |
|
2023-01-20 07:15:12 | CVE-2022-48191 (lien direct) | A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system. | Vulnerability Prediction | ||
|
2023-01-19 19:57:37 | Cloud Threats Memo: Threat Actors Continue to Abuse Cloud Services to Deliver Malware in 2023 (lien direct) | >Our most recent Cloud and Threat Report highlighted how threat actors abuse cloud services (with a special focus on cloud storage apps) to deliver malicious content (and yes, OneDrive leads the chart of the most exploited apps). To confirm that this trend will likely continue in 2023, researchers at Trend Micro have discovered an active […] | Malware Threat Guideline Prediction | ★★★ | |
 |
2023-01-19 17:00:00 | Prédictions de cybersécurité - 2023 Cybersecurity Predictions - 2023 (lien direct) |
Pas de details / No more details | Prediction | ★★ | |
|
2023-01-18 22:54:00 | Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa (lien direct) | An ongoing campaign dubbed Earth Bogle is leveraging geopolitical-themed lures to deliver the NjRAT remote access trojan to victims across the Middle East and North Africa. "The threat actor uses public cloud storage services such as files[.]fm and failiem[.]lv to host malware, while compromised web servers distribute NjRAT," Trend Micro said in a report published Wednesday. Phishing emails, | Threat Prediction | ★★ | |
|
2023-01-18 18:10:00 | KnowBe4 2022 Phishing Test Report Confirms Business-Related Emails Trend (lien direct) | KnowBe4 releases overall 2022 and Q4 2022 global phishing test reports and finds business-related emails continue to be utilized as a phishing strategy and reveal top holiday email phishing subjects. | Prediction | ★★ | |
 |
2023-01-17 16:00:00 | Earth Bogle Group Targets Middle East With NjRAT, Geopolitical Lures (lien direct) | Ongoing since at least mid-2022, the campaign was discovered by Trend Micro | Prediction | ★★★ | |
|
2023-01-17 13:53:00 | How attackers might use GitHub Codespaces to hide malware delivery (lien direct) | Attackers could start abusing GitHub Codespaces, a new service that allows developers to create and test applications inside development containers running on GitHub's servers. Developers can make their applications accessible via public GitHub URLs for preview by others, a functionality that can be abused to distribute malware payloads in a stealthy way."If the application port is shared privately, browser cookies are used and required for authentication," researchers from security firm Trend Micro said in a new report. "However, if ports are shared with the public (that is, without authentication or authentication context), attackers can abuse this feature to host malicious content such as scripts and malware samples."To read this article in full, please click here | Malware Prediction | ★ | |
 |
2023-01-17 13:09:56 | Attackers Can Abuse GitHub Codespaces for Malware Delivery (lien direct) | A GitHub Codespaces feature meant to help with code development and collaboration can be abused for malware delivery, Trend Micro reports. | Malware Prediction | ★ | |
|
2023-01-13 20:00:00 | Malware Comes Standard With This Android TV Box on Amazon (lien direct) | The bargain T95 Android TV device was delivered with preinstalled malware, adding to a trend of Droid devices coming out-of-the-box tainted. | Malware Prediction | ★★★★ | |
|
2023-01-12 21:17:00 | Darktrace Publishes 2022 Cyberattack Trend Data For Energy, Healthcare & Retail Sectors Globally (lien direct) | Pas de details / No more details | Prediction | ★★★★ | |
 |
2023-01-12 08:59:29 | DER Entitlements: The (Brief) Return of the Psychic Paper (lien direct) | Posted by Ivan Fratric, Project Zero Note: The vulnerability discussed here, CVE-2022-42855, was fixed in iOS 15.7.2 and macOS Monterey 12.6.2. While the vulnerability did not appear to be exploitable on iOS 16 and macOS Ventura, iOS 16.2 and macOS Ventura 13.1 nevertheless shipped hardening changes related to it. Last year, I spent a lot of time researching the security of applications built on top of XMPP, an instant messaging protocol based on XML. More specifically, my research focused on how subtle quirks in XML parsing can be used to undermine the security of such applications. (If you are interested in learning more about that research, I did a talk on it at Black Hat USA 2022. The slides and the recording can be found here and here). At some point, when a part of my research was published, people pointed out other examples (unrelated to XMPP) where quirks in XML parsing led to security vulnerabilities. One of those examples was a vulnerability dubbed Psychic Paper, a really neat vulnerability in the way Apple operating system checks what entitlements an application has. Entitlements are one of the core security concepts of Apple’s operating systems. As Apple’s documentation explains, “An entitlement is a right or privilege that grants an executable particular capabilities.” For example, an application on an Apple operating system can’t debug another application without possessing proper entitlements, even if those two applications run as the same user. Even applications running as root can’t perform all actions (such as accessing some of the kernel APIs) without appropriate entitlements. Psychic Paper was a vulnerability in the way entitlements were checked. Entitlements were stored inside the application’s signature blob in the XML format, so naturally the operating system needed to parse those at some point using an XML parser. The problem was that the OS didn’t have a single parser for this, but rather a staggering four parsers that were used in different places in the operating system. One parser was used for the initial check that the application only has permitted entitlements, and a different parser was later used when checking whether the application has an entitlement to perform a specific action. | Vulnerability Guideline Prediction | ★★★ | |
|
2023-01-12 02:00:00 | Cybersecurity spending and economic headwinds in 2023 (lien direct) | Now that everyone, their brother, sister, and dog have chimed in on cybersecurity predictions for 2023, here are a few observations based on some recent ESG research.First the numbers: 53% of organizations will increase IT spending in 2023, 30% say IT spending will remain flat in 2023, and 18% forecast a decrease in IT spending. As for cybersecurity, 65% of organizations plan to increase cybersecurity spending in 2023.These numbers mean that some organizations with flat or decreasing IT budgets will still increase spending on cybersecurity. This trend is further supported by the fact that 40% of survey respondents claim that improving cybersecurity is the most important justification for IT investments in 2023. This research was conducted in late 2022 when respondents were well aware of the economic headwinds and built appropriate assumptions into their budget planning.To read this article in full, please click here | Prediction | ★★ | |
|
2023-01-10 12:18:55 | ChatGPT-Written Malware (lien direct) | I don’t know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild. …within a few weeks of ChatGPT going live, participants in cybercrime forums—some with little or no coding experience—were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks. “It's still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web,” company researchers wrote. “However, the cybercriminal community has already shown significant interest and are jumping into this latest trend to generate malicious code.”... | Malware Tool Prediction | ChatGPT | ★★ |
|
2023-01-06 19:16:00 | Dridex Malware Now Attacking macOS Systems with Novel Infection Method (lien direct) | A variant of the infamous Dridex banking malware has set its sights on Apple's macOS operating system using a previously undocumented infection method, according to latest research. It has "adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files," Trend Micro researcher Armando Nathaniel | Malware Prediction | ★★★ | |
|
2023-01-06 10:23:00 | Trend Micro crée CTOne, une entité dédiée à la sécurité de la 5G (lien direct) | Trend Micro crée CTOne, une entité dédiée à la sécurité de la 5G. CTOne assure une protection complète des applications au sein des environnements réseaux 5G. - Business | Prediction | ★ | |
|
2023-01-05 16:35:50 | I\'m a Technology Leader Who Sees Opportunities for Accelerating Security Transformation Through Networking and Infrastructure. Here\'s Why I Joined Netskope. (lien direct) | >Right now, I see a great opportunity in the cybersecurity industry to help customers as they navigate through security transformation. I don't come from a traditional security background; I'm what we might call a “networking guy.” But about two and a half years ago, in my previous role at Dell, I started noticing a trend […] | Prediction | ★ | |
|
2023-01-05 14:37:00 | Trend Micro Announces New Subsidiary for 5G Cybersecurity (lien direct) | Pas de details / No more details | Prediction | ★★ | |
|
2023-01-05 11:00:00 | The dos and don\'ts of ransomware negotiations (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Has your organization suddenly been attacked by a ransomware virus? Take a deep breath and try to remain composed. It can be easy to panic or become overwhelmed in the face of an attack, but it is vital to remain calm and focused in order to make the best decisions for your organization. The initial actions to take in the event of a ransomware attack Disconnect the affected devices from the network as soon as possible. This can help to prevent the ransomware from spreading to other computers or devices. Determine what data has been affected and assess the extent of the damage. Determine the specific type of ransomware virus that has infected your devices to understand how this malware operates and what steps you need to take to remove it. It is important to notify all employees about the ransomware attack and instruct them not to click on any suspicious links or open any suspicious attachments. Consider reporting the attack. This can help to increase awareness of the attack and may also help to prevent future attacks. Please note that in some regions, business owners are required by law to report an attack. Do not rush into a decision. Take the time to carefully evaluate your options and the potential consequences of each of them before deciding whether to pay the ransom or explore other solutions. Paying the ransom is not the only option. Consider exploring other solutions, such as restoring your data from backups. If you do not have backups, cybersecurity experts may be able to help you recover your data since many ransomware strains were decrypted and keys are publicly available. Strategies cybercrooks employ to obtain funds from victims swiftly Cyber extortionists use various tactics beyond just encrypting data. They also use post-exploitation blackmail methods to coerce victims into paying them. Very often, cybercriminals use several extortion tactics simultaneously. Some examples of these tactics include: Steal and disclose Cyber extortionists not only encrypt victims' data but also often steal it. If the ransom is not paid, the stolen files may be made publicly available on special leak websites, which can cause severe damage to the victim's reputation and make them more likely to give in to the attackers' demands. Destroy keys if a negotiation company intervenes Some ransomware authors have threatened to delete the private keys necessary for decrypting victims' data if they seek the help of a professional third party to negotiate on their behalf. Launch a DDoS attack Ransomware attackers often threaten to flood the victim's website with a large volume of traffic in an effort to put it down and intimidate the targeted company into paying the ransom faster. Cause printers to behave abnormally Some hackers were able to take control of the printers and print ransom notes directly in front of partners and customers. This provides a high level of visibility for the attack, as it is difficult for people to ignore the ransom notes being printed. Use Facebook ads for malicious purposes Criminals have been known to use advertising to gain attention for their attacks. In one ins | Ransomware Malware Threat Prediction | ★★★ | |
 |
2023-01-05 05:50:00 | Focusing on Your Adversary (lien direct) | Every day, we hear news stories or read articles about data breaches and other cyber security threats. As malicious threat actors and the risk of cyber threats increase, protecting networks and valuable information becomes more critical. So what can organizations do to ensure their networks remain secure? Organizations must understand their adversaries’ identities to keep data safe and protect it from cyber-attacks. This article will explore the different types of threats facing enterprise organizations and what they can do to stay ahead of them. Evolving Cyber Attacks Cyber attacks are constantly evolving as attackers continue to find new ways to exploit vulnerabilities. This includes: Increased use of artificial intelligence (AI) and machine learning: Attackers are using AI and machine learning to automate and improve the effectiveness of their attacks. For example, AI can be used to generate convincing phishing emails or to bypass security systems. Rise of ransomware: Ransomware attacks, which involve encrypting a victim’s data and demanding a ransom to decrypt it, have become increasingly common in recent years. Ransomware attacks can significantly impact businesses, disrupting operations and resulting in financial losses. More targeted attacks: Rather than broad-based attacks that aim to compromise as many systems as possible, attackers are increasingly using targeted attacks designed to exploit a particular organization’s vulnerabilities. Increased focus on mobile devices: Mobile devices, such as smartphones and tablets, are becoming increasingly vulnerable to cyber-attacks. As a result, attackers focus more on exploiting these devices’ vulnerabilities. Increased use of cloud services: As more organizations move to the cloud, attackers are finding new ways to exploit vulnerabilities in these systems. For example, attackers may try to gain access to an organization’s cloud-based data or disrupt its cloud-based operations. It’s not only crucial for organizations to stay up-to-date on the latest trends in cyber attacks and to implement appropriate security measures to protect against them. It’s even more important to pinpoint your adversaries to understand their TTPs to protect and predict their next attack. Types of Adversaries There are many different types of cybersecurity adversaries that organizations have to deal with. Some common types of adversaries include: Hackers: Individuals or groups who attempt to gain unauthorized access to systems or networks for various reasons, such as stealing data, disrupting operations, or causing damage. Cybercriminals: Individuals or groups who use the internet to commit crimes, such as identity theft, fraud, or extortion. Cyber Terrorists: A group that’s goal is to disrupt operations, cause harm, and destroy data. Increasingly targeting critical infrastructures such as power plants, water treatment facilities, transportation systems, and healthcare providers. Nation-state actors: Governments or government-sponsored organizations that use cyber attacks as part of their foreign policy or military operations. Insider threats: Individuals with legitimate access to an organization’s systems or networks use that access to cause harm or steal sensitive information. Malicious insiders: These are individuals who are intentionally malicious and seek to cause harm to an organization’s systems or networks. Hacktivists: The term “hacktivists” refers to people who use hacking techniques to disrupt computer systems and networks in pursuit of political goals. Hackers often work alone, though some groups do exist. Script Kiddies: Originally used to describe young hackers, it now refer | Ransomware Malware Tool Vulnerability Threat Industrial Prediction | ★★★ | |
|
2023-01-03 11:00:00 | Five reasons why Cybersecurity training is important in 2023 (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The digital world is ever-expanding in scope and influence, both in personal and professional matters. In the last few years, business operations have become increasingly dependent on technology, and on employees to use that technology safely. While remote and mobile work have been necessary and useful, they also open the door for cybercriminals to take advantage of lax security measures and employees’ ignorance of best practices. So long as companies are carrying out some or all of their affairs in the digital realm, cybersecurity is easily as important as physical security. As one cybersecurity awareness training guide puts it: “if businesses are to thrive in the Fourth Industrial Revolution, security needs to be not only top of mind, but a fluent language.” Some of the most pressing reasons for cybersecurity training are detailed below. 1. Compliance with regulations There are many areas of business operations which are governed by legal or regulatory oversight to protect against various risks inherent to digital activities. These include HIPAA, which outlines rules regarding private health information, PCI SSC, which seeks to strengthen payment account security, and GDPR, which regulates general data privacy. Complying with these regulations is necessary for several reasons, although the dominant motivator for compliance is that the organizations can and will impose fines on businesses that fail to meet standards. It has often been said that a business is only as strong as its weakest link, and nowhere is this truer than in the world of data security. Any one employee can be a liability when it comes to the practices that an enterprise puts in place to protect consumer data as well as their own. When compliance is mandated and the threat of fines is looming, companies must ensure that all of their employees are properly trained and informed on the regulations in place. 2. Protecting enterprise assets Aside from wanting to avoid fines, however, businesses should still attempt to meet these regulatory standards for their own good. While meeting the bare minimum of compliance standards will keep a company out of hot water with regulatory boards, it will not necessarily protect the company itself. According to one report from IBM, the average cost of a data breach is 4.35 million USD. Ensuring that employees are trained in cybersecurity awareness greatly decreases the risk of a data breach occurring, as well as ensuring that employees know how to respond in the event that there is an attack targeting the company’s data. 3. Protecting consumer data Ostensibly protected by the aforementioned regulatory standards, consumer data is still at a huge risk of being obtained, stolen, or leveraged by cybercriminals. An attack that only targets a company’s internal data is dangerous to the company, but an attack that targets consumer data can have far-reaching consequences that affect thousands or millions of people. The responsibility for password complexity and variation, device and website privacy settings, and the amount of data shared can be at least partially placed upon the consumer’s shoulders. But the company must have its own measures in place as well to protect against attacks on customer data. Thorough and effective cybersecurity awareness training will reduce the chances of employee error l | Data Breach Threat Guideline Industrial Prediction | ★★★ | |
|
2022-12-26 00:00:00 | CISO\'s Challenges Involved with Business Leader & SOC (lien direct) | Yohei Ishihara, IoT security evangelist at Trend Micro, discussed the challenges CISOs facing within organizations driving industrial IoT. | Industrial Prediction | ★★ | |
|
2022-12-24 00:15:08 | CVE-2022-45798 (lien direct) | A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Vulnerability Prediction | ||
|
2022-12-21 17:53:00 | (Déjà vu) Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems (lien direct) | The Raspberry Robin worm has been used in attacks against telecommunications and government office systems across Latin America, Australia, and Europe since at least September 2022. "The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools," Trend Micro researcher Christopher So | Prediction | ★★ | |
|
2022-12-21 17:07:00 | The Rise of the Rookie Hacker - A New Trend to Reckon With (lien direct) | More zero knowledge attacks, more leaked credentials, more Gen-Z cyber crimes - 2022 trends and 2023 predictions. Cybercrime remains a major threat to individuals, businesses, and governments around the world. Cybercriminals continue to take advantage of the prevalence of digital devices and the internet to perpetrate their crimes. As the internet of things continues to develop, cybercriminals | Threat Prediction | ★★ | |
|
2022-12-21 11:41:48 | Malicious PyPI Package Found Posing as SentinelOne SDK in recent Hack Trend (lien direct) | In-depth studies on cybersecurity have just recently uncovered a new malicious package that was hiding out in the Python Package Index (PyPI) repository. This package was participating in a campaign known as SentinelSneak, in which it pretended to be a software development kit (SDK) for SentinelOne, a major company in the field of cybersecurity. The […] | Hack Studies Prediction | ★ |
To see everything:
Our RSS (filtrered)
