Monthly Archives: July 2022

News

New Facebook malware targets business accounts

Read Time:27 Second

Helsinki-based cybersecurity vendor WithSecure (formerly F-Secure Business) says it has discovered an operation, dubbed “DUCKTAIL,” that uses social media-based spear phishing attacks to gain access to Facebook Business accounts.

The company said that it has “high confidence” that a Vietnamese threat actor is behind the attacks, which aim malicious messages at LinkedIn users who are likely to have admin access to their companies’ Facebook accounts. The threat actor also targets email addresses of potential victims directly.

To read this article in full, please click here

Read More

News

CrowdStrike enhances container visibility and threat hunting capabilities

Read Time:38 Second

Cloud-native security provider CrowdStrike has launched a cloud threat hunting service called Falcon Overwatch, while also adding greater container visibility capabilities to its Cloud Native Application Protection Platform (CNAPP).

Falcon Overwatch includes agent and agentless threat hunting

Falcon Overwatch is a standalone threat hunting service that uses CrowdStrike’s cloud-oriented indicators of attack to gain visibility into evolved and sophisticated cloud threats across the entire control plane, which includes the network components and functions used for cloud workloads.

The service leverages both the CrowdStrike CNAPP’s agent-based (Falcon cloud workload protection) and agentless (Falcon Horizon cloud security posture management) solutions, to provide greater visibility across multiple clouds, including Amazon Web Services, Azure, and Google Cloud.

To read this article in full, please click here

Read More

News

Apple’s Lockdown Mode

Read Time:1 Minute, 38 Second

I haven’t written about Apple’s Lockdown Mode yet, mostly because I haven’t delved into the details. This is how Apple describes it:

Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware. Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.

At launch, Lockdown Mode includes the following protections:

Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
Wired connections with a computer or accessory are blocked when iPhone is locked.
Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

What Apple has done here is really interesting. It’s common to trade security off for usability, and the results of that are all over Apple’s operating systems—and everywhere else on the Internet. What they’re doing with Lockdown Mode is the reverse: they’re trading usability for security. The result is a user experience with fewer features, but a much smaller attack surface. And they aren’t just removing random features; they’re removing features that are common attack vectors.

There aren’t a lot of people who need Lockdown Mode, but it’s an excellent option for those who do.

News article.

Read More