The campaign is not only ongoing, the threat actors increased its efforts to compromise targets using VileRAT

Read More

The report shows an 11% rise in archive files containing malware, including LNK files

Read More

One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a “+” character after the username portion of your email address — followed by a notation specific to the site you’re signing up at — lets you create an infinite number of unique email addresses tied to the same account. Aliases can help users detect breaches and fight spam. But not all websites allow aliases, and they can complicate account recovery. Here’s a look at the pros and cons of adopting a unique alias for each website.

What is an email alias? When you sign up at a site that requires an email address, think of a word or phrase that represents that site for you, and then add that prefaced by a “+” sign just to the left of the “@” sign in your email address. For instance, if I were signing up at example.com, I might give my email address as krebsonsecurity+example@gmail.com. Then, I simply go back to my inbox and create a corresponding folder called “Example,” along with a new filter that sends any email addressed to that alias to the Example folder.

Importantly, you don’t ever use this alias anywhere else. That way, if anyone other than example.com starts sending email to it, it is reasonable to assume that example.com either shared your address with others or that it got hacked and relieved of that information. Indeed, security-minded readers have often alerted KrebsOnSecurity about spam to specific aliases that suggested a breach at some website, and usually they were right, even if the company that got hacked didn’t realize it at the time.

Alex Holden, founder of the Milwaukee-based cybersecurity consultancy Hold Security, said many threat actors will scrub their distribution lists of any aliases because there is a perception that these users are more security- and privacy-focused than normal users, and are thus more likely to report spam to their aliased addresses.

Holden said freshly-hacked databases also are often scrubbed of aliases before being sold in the underground, meaning the hackers will simply remove the aliased portion of the email address.

“I can tell you that certain threat groups have rules on ‘+*@’ email address deletion,” Holden said. “We just got the largest credentials cache ever — 1 billion new credentials to us — and most of that data is altered, with aliases removed. Modifying credential data for some threat groups is normal. They spend time trying to understand the database structure and removing any red flags.”

Why might spamming aliases be a bad idea? According to the breach tracking site HaveIBeenPwned.com, only about .03 percent of the breached records in circulation today include an alias.

Email aliases are rare enough that seeing just a few email addresses with the same alias in a breached database can make it trivial to identify which company likely got hacked and leaked said database. That’s because the most common aliases are simply the name of the website where the signup takes place, or some abbreviation or shorthand for it.

Hence, for a given database, if there are more than a handful of email addresses that have the same alias, the chances are good that whatever company or website corresponds to that alias has been hacked.

That might explain the actions of Allekabels, a large Dutch electronics web shop that suffered a data breach in 2021. Allekabels said a former employee had stolen data on 5,000 customers, and that those customers were then informed about the data breach by Allekabels.

But Dutch publication RTL Nieuws said it obtained a copy of the Allekabels user database from a hacker who was selling information on 3.6 million customers at the time, and found that the 5,000 number cited by the retailer corresponded to the number of customers who’d signed up using an alias. In essence, RTL argued, the company had notified only those most likely to notice and complain that their aliased addresses were suddenly receiving spam.

“RTL Nieuws has called more than thirty people from the database to check the leaked data,” the publication explained. “The customers with such a unique email address have all received a message from Allekabels that their data has been leaked – according to Allekabels they all happened to be among the 5000 data that this ex-employee had stolen.”

HaveIBeenPwned’s Hunt arrived at the conclusion that aliases account for about .03 percent of registered email addresses by studying the data leaked in the 2013 breach at Adobe, which affected at least 38 million users. Allekabels’s ratio of aliased users was considerably higher than Adobe’s — .14 percent — but then again European Internet users tend to be more privacy-conscious.

While overall adoption of email aliases is still quite low, that may be changing. Apple customers who use iCloud to sign up for new accounts online automatically are prompted to use Apple’s Hide My Email feature, which creates the account using a unique email address that automatically forwards to a personal inbox.

What are the downsides to using email aliases, apart from the hassle of setting them up? The biggest downer is that many sites won’t let you use a “+” sign in your email address, even though this functionality is clearly spelled out in the email standard.

Also, if you use aliases, it helps to have a reliable mnemonic to remember the alias used for each account (this is a non-issue if you create a new folder or rule for each alias). That’s because knowing the email address for an account is generally a prerequisite for resetting the account’s password, and if you can’t remember the alias you added way back when you signed up, you may have limited options for recovering access to that account if you at some point forget your password.

What about you, Dear Reader? Do you rely on email aliases? If so, have they been useful? Did I neglect to mention any pros or cons? Feel free to sound off in the comments below.

Read More

Despite previously claiming the DogWalk vulnerability did not constitute a security issue, Microsoft has now released a patch to stop attackers from actively exploiting the vulnerability.

Read More

The Emotet botnet continues to evolve and now includes a credit card stealer module

Read More

Learn how to leverage our latest cloud security discovery feature, Tenable.cs Agentless Assessment, to enhance the way you can scan for software vulnerabilities and misconfigurations in the cloud.

Historically, vulnerability scanning in the cloud has been accomplished by way of using network-based scanners like Nessus or an agent-based approach with Nessus Agents. For years, Tenable has been the gold standard for security practitioners who want fast, comprehensive and accurate vulnerability scans backed by world class vulnerability research. Our customers have asked for easier ways to configure and manage their Nessus scans in the cloud and, in 2020, we released Tenable.io Frictionless Assessment, which was our first step into transforming Nessus to become more cloud-focused.

Tenable.cs Agentless Assessment for Amazon Web Services (AWS), introduced today, takes the groundbreaking work that Tenable.io Frictionless Assessment laid out and completely upgrades it for a truly seamless cloud native scanning solution.

A common problem security professionals run into within the cloud is attempting to apply traditional vulnerability management concepts to cloud workloads — especially ephemeral workloads. Auto scaling enables cloud instances to spin up and spin down, which means traditional scan windows could miss assets needing to be assessed. Service account credentials for scanning are a pain to manage in the cloud, and it can be a challenge to get different teams to standardize and adopt endpoint agents or simply use images approved by the security team. Necessity is the mother of invention, as they say, and, with Tenable.cs Agentless Assessment, we set out to build a unique technology that overcomes these obstacles.

It’s clear that removing obstacles that extend the time to discover and detect vulnerabilities, in general, has a significant impact on the amount of risk carried by an organization. Agentless Assessment aims to enhance the abilities of security teams to gain complete visibility into cloud configurations and perform comprehensive vulnerability assessment in a quick and efficient way, giving our customers a better shot at reducing that risk, faster.

Agentless Assessment and Live Results for AWS

Tenable.cs Agentless Assessment for AWS enables cloud security teams to use the power of Nessus for vulnerability and misconfiguration assessments without the need to install scanners or agents, configure credentials on target hosts or set up scan policies. Using a proprietary approach, it enables users to onboard their cloud accounts within minutes and scan all assets for software vulnerabilities and cloud posture misconfigurations without any impact on compute speed or costs. The speed at which we’re able to collect data, coupled with our event-driven approach, dramatically improves Tenable’s ability to ensure our customers are confident in the vulnerability information we’re providing. In the process, we’re helping cloud security teams and developers quickly identify security weaknesses and providing actionable recommendations on what should be done to fix them.

Furthermore, when a new vulnerability detection is published to our vulnerability research feed, Tenable.cs Live Results allows security teams to identify potential vulnerabilities within their existing collected inventory without needing to execute a new scan. This near real-time detection and unique approach to vulnerability assessment enables users to reduce their mean time to remediate issues. As a result, it provides the crucial data security teams need to make informed decisions about how to prioritize their remediation efforts.

Additional benefits of Tenable.cs Agentless Assessment include:

Ease of deployment: Agentless Assessment is API driven, so the deployment is a breeze with a single integration point: a read-only role to check for misconfigurations and vulnerabilities in one fell swoop.
Two solutions in one: Scan for vulnerabilities and cloud infrastructure configurations with a single tool.
Limited scan overhead: There are no agents to deploy or bake, no scan templates, and no policies to define. Data simply flows into Tenable.cs.
Gold standard vulnerability detection: The Tenable Research vulnerability and threat feeds, trusted by thousands of organizations around the globe, are utilized by Agentless Assessment.
Continuous vulnerability assurance: When new vulnerabilities are identified and detections are created, the Tenable.cs Live Results feature immediately rescans and re-assesses all stored inventories against the most updated vulnerability feed.
Safety: The scans are read-only, no write permissions are required.
Flexibility: The tool allows users the ability to run continuous Software-as-a-Service (SaaS) event-driven scans, scheduled scans, or simply execute manual scans on an ad-hoc basis.

Additionally, Tenable.cs Agentless Assessment makes it easy for cloud security teams to ensure AWS cloud workloads are configured correctly by providing pre-built policy templates for detecting risks in runtime, such as:

Identity-based (e.g., overprivileged admins)
Insecure storage configuration or access activities (e.g., wide open and/or unencrypted Amazon Simple Storage [S3] buckets in AWS, etc.)
Insecure instance creation and deletion
Insecure network configurations and activities
And many more…

How to use Agentless Assessment for AWS

Step 1. Onboard all of your AWS accounts in minutes. 

Getting started is super fast and easy. All you need is a read-only role, easily deployed via our provided CloudFormation template. For multi-account AWS environments, we make a CloudFormation StackSet available that will automatically deploy the needed role at all sub accounts that are within scope.

Source: Tenable, August 2022

Step 2. Take AWS Elastic Block Store (EBS) snapshots

This is a prerequisite because the Agentless Assessment process reads installed package data from the Elastic Compute Cloud (EC2) storage snapshots. You can create snapshots manually or you can automate the process using AWS Data Lifecycle Manager (DLM). Although snapshots can be created manually, Tenable recommends that you automate this process. For further guidance, see:

Create an EBS snapshot manually
Automate EBS snapshot creation with AWS DLM

Source: Tenable, August 2022

Step 3. Start Agentless Assessment scans

With Agentless Assessment, there are no scan templates to configure, you’ve already deployed the role so you have no credentials to set up. You create a new Tenable.cs AWS project, select EC2 as the AWS service to be scanned, and launch the scan on demand or on a schedule. At this point, data simply flows into Tenable.cs and vulnerabilities are presented within the unified findings workspace.

Source: Tenable, August 2022

Step 4. Achieve up-to-date visibility of all your cloud assets that is easily searchable

As data flows into Tenable.cs, users can leverage existing functionality to prioritize vulnerabilities for remediation. Agentless Assessment uses the same great Tenable Research vulnerability feed, so users immediately have access to the Vulnerability Priority Rating for advanced risk prioritization. Furthermore, this is where we take advantage of Live Results. Now that we have data flowing into Tenable.cs, new vulnerability checks will be evaluated against the inventory we’ve already collected.

Source: Tenable, August 2022

What’s next?

Existing Tenable customers can now get early access to Tenable.cs Agentless Assessment for AWS. The new functionality is scheduled for general availability at the end of September. In Q4, Tenable expects to release Agentless Assessment for Microsoft Azure and Google Cloud Platform (GCP), along with additional enhancements around container security.

Learn more

Read the blog: Introducing Tenable Cloud Security with Agentless Assessment and Live Results
Attend the webinar: What’s New with Tenable Cloud Security?
Visit the Tenable.cs product page: https://www.tenable.com/products/tenable-cs

Read More

Tenable’s latest cloud security enhancements unify cloud security posture and vulnerability management with new, 100% API-driven scanning and zero-day detection capabilities.

Tenable has helped thousands of our customers scan and manage vulnerabilities in their cloud infrastructure for years. We accelerated our cloud native application protection (CNAPP) capabilities in 2021 and 2022 with our purchase of Accurics, the launch of Tenable.cs and integration with Tenable.io. We offer a unique approach to cloud security, unifying cloud security posture and vulnerability management into a single solution.

Today, Tenable announced new cloud security features that not only reflect significant technological advances but also offer clients a unified approach to cloud security posture and vulnerability management across cloud and non-cloud assets. With the latest release of Tenable.cs, users can extend to the cloud the same level of visibility and vulnerability management they’re accustomed to from our suite of market-leading solutions. The new features include:

Tenable.cs Agentless Assessment and Tenable.cs Live Results
Enhanced policy management and reporting
Expanded DevOps / GitOps coverage

Tenable.cs Agentless Assessment and Tenable.cs Live Results

Empowering security teams to monitor the sprawling attack surface with continuous, complete cloud visibility is critical for any organization looking to build a unified cloud security program.

Tenable.cs Agentless Assessment and Tenable.cs Live Results enable security teams to quickly and easily discover and assess all their cloud assets. Data is continuously updated via live scans that are automatically triggered by any logged change event. When a new vulnerability is added to the database by our industry-leading Tenable Research team, Tenable.cs Live Results allow security teams to see if a vulnerability exists in their current asset inventory, without needing to execute a new scan.

Source: Tenable, August 2022

This will help organizations assess vulnerabilities on a continuous basis, discover zero-day threats as soon as they are published — without having to re-scan their entire environment — and reduce the potential for exploits to be executed. With coverage for more than 70,000 vulnerabilities, Tenable has the industry’s most extensive database of Common Vulnerabilities and Exposures (CVE). In addition, Tenable’s security configuration data helps customers understand all of their exposures across all of their assets.

Existing Tenable customers can now get early access to Tenable.cs Agentless Assessment for Amazon Web Services (AWS). For more on Agentless Assessment read the blog: Title TKTKTK

In Q4, Tenable expects to release Tenable.cs Agentless Assessment for Microsoft Azure and Google Cloud Platform, along with additional enhancements around container security.

Enhanced policy management and reporting

For years we’ve been hearing about the importance of certain cybersecurity practices in cloud environments, particularly:

Cloud security to properly protect those environments
DevSecOps to embed security into software delivery pipelines
“Shift left” to start security checks as part of local development cycles where they can be immediately fixed

Curious about the challenges involved in adopting these practices in the real world, we polled 388 Tenable webinar attendees in June about their concerns with regard to security in the public cloud. The responses offer us a glimpse into key areas of concern. When asked “What’s your main challenge with regards to the security of your assets in public cloud platforms?” more than 60% of respondents cited poor visibility into their assets and their security posture or concerns about cloud providers’ infrastructure security.

At Tenable, we believe organizations that have made significant investments in putting security and compliance gates into their application and infrastructure deployment lifecycles are now at a loss for the same in their journey to the public cloud.

With enriched policy workflows, new compliance reporting and failing policy groupings, Tenable.cs offers valuable insights to help users improve their cloud governance and cloud security posture management.

Tenable.cs Compliance Reporting: The image below shows how we dynamically update compliance reports and provide groupings for pre-defined benchmarks. Tenable.cs supports over 20 benchmarks, including Service Organization Control 2 (SOC2), Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR).

Source: Tenable, August 2022

Tenable.cs Automated Workflows: The image below shows an example of how users can easily create integrated workflows based on a specific policy so they can quickly re-assess any out-of-the-box policy or use it as a template to build a new customized policy specific to their environment.

Source: Tenable, August 2022

Expanded Remediation, DevOps and GitOps coverage

In the webinar poll referenced above, we asked clients, “What’s the level of integration and automation of your security checks with your software development and delivery process (aka DevSecOps)?” The response was overwhelmingly one-sided. Nearly 70% of respondents indicated minimal or no automation. This can lead to a high level of exposure and long remediation times

Tenable.cs helps DevSecOps teams reduce the number of security weaknesses found in production by integrating into existing DevOps workflows. Along these lines, we have made several key enhancements to aid DevSecOps teams.

Automated remediation workflow improvements
HashiCorp Terraform cloud run task support
Improved source code management 

Automated Remediation Workflows: Out of the box, Tenable.cs provides an integrated view of all the resources failing a security policy that includes individual details along with the remediation recommendations that can be quickly passed to development teams using quick links that start automated workflows. As part of this release, we’ve made a number of improvements to enhance Jira-specific workflows and alert management. See example below.

Source: Tenable, August 2022

HashiCorp Terraform cloud run task integration: This new integration enables Tenable.cs to scan Terraform templates during the Terraform cloud deploy step. This allows Terraform cloud customers to detect any security issues within their Infrastructure as Code (IaC) using Tenable.cs as part of the planning phase of the Terraform execution. By adding this support for Terraform cloud run tasks in Tenable.cs, we’re helping developers detect and fix compliance and security risks in their IaC so they can mitigate issues before cloud infrastructure is provisioned. See example below.

Source: Tenable, August 2022

Users interested in viewing the setup guide on how to connect Tenable.cs with Terraform cloud workspace can find detailed documentation here.

Improved source code management integration and scanning: Tenable.cs provides a “no experience necessary” mechanism of discovering all your repositories and can pull multiple repositories into an integrated view of all the resources failing security policies or compliance benchmarks. Any policy violations can quickly be resolved via auto-generated pull requests that can be submitted and tracked all within the same console. See example below.

Source: Tenable, August 2022

Learn more

Attend the webinar: What’s New with Tenable Cloud Security?
Read the blog: Accelerate Vulnerability Detection and Response for AWS with Tenable Cloud Security Agentless Assessment
Visit our Tenable.cs product page: https://www.tenable.com/products/tenable-cs

Read More

Earlier this year, our global Connected Family Study revealed the online habits of parents and their children. What we found called for a closer look. 

One finding that leaped out, in particular, is—cyberbullying occurs far more often than parents think. And in many cases, children are keeping it from their parents.  

Now with our follow-on research, we set out to answer many of the questions families have about cyberbullying. Where it happens most, who’s most affected, and are children cyberbullying others without even knowing it? 

Our report, “Hidden in Plain Sight: More Dangers of Cyberbullying Emerge,” provides insights into these questions and several more. We’ll cover the top findings here in this blog, while you can get the full story by downloading the report here. 

Worries about cyberbullying have only grown in 2022—and they appear justified. 

Even as stay-at-home mandates in 2020 and 2021 saw children exposed to more cyberbullying while they spent more time online, our ten-country survey found that concerns about cyberbullying in 2022 are even higher today: 

60% of children said they were more worried this year about cyberbullying compared to last year.    
74% of parents are more worried this year about their child being cyberbullied than last. 

And just as the level of concern is high, the findings show us why. Families reported alarming rates of racially motivated cyberbullying, along with high rates of attacks on the major social media and messaging platforms.  

Additionally, children shared insights into who’s doing the bullying (it’s largely people who know them) and more than half are the ones doing the bullying—and they don’t even realize it. 

Further findings include: 

Cyberbullies are aiming racist attacks at children as young as ten. 
Millions of children have deleted their social media accounts to avoid cyberbullying.  
Despite its efforts, Meta’s social media and messaging platforms have the highest level of cyberbullying. 
A growing number of parents turn to therapy to help their children deal with cyberbullying. 

Regional and cultural backdrops give cyberbullying a distinctive feel. 

Our research further revealed how the face of cyberbullying takes on different form around the globe. From nation to nation, the influences of polarized politics, racial relations, and different traditions in parent-child relationships shape and re-shape the forms of cyberbullying that children see. 

Each of our ten nations surveyed set themselves apart with trends of their own, some of them including: 

United States: Despite some of the most engaged parents, children in the U.S. experience among the highest rates of cyberbullying in its most extreme forms, such as sexual harassment, compromised privacy, and personal attacks.  
India: Cyberbullying reaches alarming highs as more than 1 in 3 kids face cyber racism, sexual harassment, and threats of physical harm as early as at the age of 10—making India the #1 nation for reported cyberbullying in the world.  
Canada: Canadian children experience cyberbullying largely on par with global rates—yet their parents act on it less often than other parents. Meanwhile, Canadian children are the least likely to seek help when it happens to them.  
Australia: Australian cyberbullying rates dropped significantly since our last report, yet Snapchat stands out as a primary platform for cyberbullying, more than anywhere else in the world. And of all parents worldwide, Australians feel most strongly that technology companies should do more to protect their children. 

Cyberbullying in 2022: The facts confirm your feelings. 

These new findings reflect the concerns of parents and children alike—cyberbullying remains a pervasive and potentially harmful fact of life online, particularly as racism and other severe forms of cyberbullying take rise.  

Without question, cyberbullying endures as a persistent growing pain that the still relatively young internet has yet to shake. 

The solution is arguably just as complex as the factors that give cyberbullying its shape—cultural, regional, technological, societal, even governmental. Addressing one factor alone won’t curb it. Significantly curtailing cyberbullying for an internet that’s far safer than it is today requires addressing those factors in concert.   

While we recognize that tall order for what it is, and as a leader in online protection, we remain committed to it.   

With these findings, and continued research to come, our aim is to further an understanding of cyberbullying for all—whether that’s educators, technology innovators, policymakers, and of course parents. With this understanding, programs, platforms, and legislation can put protections in place that still allow for companies to innovate and create platforms that people love to use. Safely and securely. 

The post More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report appeared first on McAfee Blog.

Read More

Cybersecurity vendor CrowdStrike has added new AI-powered indicators of attack (IoA) functionality to its Falcon platform. Announced at the Black Hat USA 2022 Conference, the enhancement leverages AI techniques to create new IoAs at machine speed and scale to help organizations stop emerging attack techniques and enable them to optimize detection and response, the firm said.

AI IoAs trained on real-world adversary behavior, rich threat intelligence

In a press release, CrowdStrike stated that Falcon now allows organizations to find emerging attack techniques with IoAs created by AI models trained on real-world adversary behavior and rich threat intelligence. Brian Trombley vice president product management, endpoint security at CrowdStrike, tells CSO that the AI-powered IoAs leverage intelligence from the CrowdStrike Security Cloud, where the firm collects over one trillion security events per day from its customer base.

To read this article in full, please click here

Read More