New Remote Access Trojan that provides ransomware services to threat actors is no laughing matter

Read More

Teleport, an open-source platform designed to provide zero trust access management for servers and cloud applications, has announced the availability of Teleport 9, the latest version of its unified access plane.  

To read this article in full, please click here

Read More

UK high street retailer The Works has shut some of its stores following a “cyber security incident” which saw hackers gain unauthorised access to its systems.

Read more in my article on the Hot for Security blog.

Read More

SASE platform provider Cato Networks has introduced a new risk-based application access control for combatting security threats and productivity challenges posed by remote working and bring your own device (BYOD). The vendor said that with its new control, enterprise policies can consider real-time device context when restricting access to capabilities within corporate applications, as well as internet and cloud resources. The announcement comes amid calls from global governments for organizations to assess and improve their cybersecurity defenses in response to ongoing military and cyber tensions surrounding the Russia-Ukraine conflict.

New access control uses converged device context

In today’s threat landscape, user identity alone is not sufficient for zero-trust network access (ZTNA) or BYOD risk assessment, Cato stated in a press release. Identity spoofing and rogue personal devices pose significant security threats, and so an enforcement solution with contextual awareness to balance user productivity with risk mitigation is required, it added.

To read this article in full, please click here

Read More

Brian Krebs has a detailed post about hackers using fake police data requests to trick companies into handing over data.

Virtually all major technology companies serving large numbers of users online have departments that routinely review and process such requests, which are typically granted as long as the proper documents are provided and the request appears to come from an email address connected to an actual police department domain name.

But in certain circumstances ­– such as a case involving imminent harm or death –­ an investigating authority may make what’s known as an Emergency Data Request (EDR), which largely bypasses any official review and does not require the requestor to supply any court-approved documents.

It is now clear that some hackers have figured out there is no quick and easy way for a company that receives one of these EDRs to know whether it is legitimate. Using their illicit access to police email systems, the hackers will send a fake EDR along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately.

In this scenario, the receiving company finds itself caught between two unsavory outcomes: Failing to immediately comply with an EDR -­- and potentially having someone’s blood on their hands -­- or possibly leaking a customer record to the wrong person.

Another article claims that both Apple and Facebook (or Meta, or whatever they want to be called now) fell for this scam.

We allude to this kind of risk in our 2015 “Keys Under Doormats” paper:

Third, exceptional access would create concentrated targets that could attract bad actors. Security credentials that unlock the data would have to be retained by the platform provider, law enforcement agencies, or some other trusted third party. If law enforcement’s keys guaranteed access to everything, an attacker who gained access to these keys would enjoy the same privilege. Moreover, law enforcement’s stated need for rapid access to data would make it impractical to store keys offline or split keys among multiple keyholders, as security engineers would normally do with extremely high-value credentials.

The “credentials” are even more insecure than we could have imagined: access to an email address. And the data, of course, isn’t very secure. But imagine how this kind of thing could be abused with a law enforcement encryption backdoor.

Read More