Joe Sullivan was charged two years ago with obstruction of justice and misprision
Daily Archives: October 6, 2022
USN-5661-1: LibreOffice vulnerabilities
It was discovered that LibreOffice incorrectly validated macro signatures.
If a user were tricked into opening a specially crafted document, a remote
attacker could possibly use this issue to execute arbitrary macros.
(CVE-2022-26305)
It was discovered that Libreoffice incorrectly handled encrypting the
master key provided by the user for storing passwords for web connections.
A local attacker could possibly use this issue to obtain access to
passwords stored in the user’s configuration data. (CVE-2022-26306,
CVE-2022-26307)
A Snapshot of CIS’s Work to Strengthen macOS Security
The Center for Internet Security has been hard at work in partnership with Apple to strengthen users’ macOS security everywhere.
Dashlane launches new Dark Web Insights tool, MFA authenticator app, small biz Starter plan
Password manager vendor Dashlane has announced updates to its suite of enterprise offerings. These include a new Dark Web Insights tool that provides a breakdown of compromised passwords, a standalone authenticator app for enabling account multi-factor authentication (MFA), and a low-cost starter plan for small businesses. The firm has also introduced new live phone support service whereby users can request and book a call directly with Dashlane’s support team.
Breached employee credentials on dark web pose significant threat to businesses
In a press release, Dashlane stated that its new Dark Web Insights tool “continuously scans” more than 20 billion records attached to hacks or data breaches on the dark web, providing users with a bespoke breakdown of compromised passwords across their organization. Dark Web Insights also provides admins the ability to scan their organization for incidences of breached credentials and invite non-Dashlane using, breached employees to begin using Dashlane through built-in seat provisioning. The firm said that, by pairing this alert function with the ability to generate new, random, and unique passwords, admins can take action quickly once alerted about compromised credentials.
7 Biggest Cybersecurity Threats of the 21st Century
This blog was written by an independent guest blogger.
The 21st century has seen a dramatic increase in the number and sophistication of cybersecurity threats. Here are the 7 biggest threats that businesses and individuals need to be aware of.
Ransomware as a service
In the past few years, ransomware has become one of the most popular tools for cybercriminals. Ransomware as a service (RaaS) is a new business model that allows anyone with little to no technical expertise to launch their own ransomware attacks. All they need is to sign up for a RaaS platform and pay a fee (usually a percentage of the ransom they collect).
RaaS is a growing threat because it makes it easy for anyone to launch attacks. Cybercriminals can target any organization, no matter its size or resources. And, because RaaS platforms typically take care of all the technical details, ransomware attacks can be launched with little effort.
In the past several years, there have been a number of high-profile ransomware attacks that have made headlines. In May 2017, the WannaCry ransomware attack affected more than 200,000 computers in 150 countries. The attack caused billions of dollars in damage and disrupted critical infrastructure, such as hospitals and banks. In December 2017, the NotPetya ransomware attack hit more than 10,000 organizations in over 60 countries. The attack caused billions of dollars in damage and disrupted critical infrastructure, such as hospitals and banks.
Ransomware attacks have become more sophisticated and targeted. Cybercriminals are now using RaaS platforms to launch targeted attacks against specific organizations. These attacks are often called “spear phishing” attacks because they use carefully crafted emails to trick people into clicking on malicious links or opening attachments that install ransomware on their computers.
Organizations of all sizes need to be aware of the threat of ransomware and take steps to protect themselves. This includes having a robust backup and recovery plan in place in case of an attack.
Internet of Things
The Internet of Things (IoT) is a network of physical devices, vehicles, home appliances, and other items that are embedded with electronics, software, sensors, and connectivity enabling these objects to connect and exchange data.
The IoT is a growing market with more and more devices being connected to the internet every day. However, this also creates new security risks. Because IoT devices are often connected to the internet, they can be hacked and used to launch attacks.
In October 2016, a massive Distributed Denial of Service (DDoS) attack was launched against the Dyn DNS service using a network of IoT devices that had been infected with the Mirai malware. The attack caused widespread internet disruptions and took down major websites, such as Twitter and Netflix.
The IoT presents a unique challenge for security because there are so many different types of devices that can be connected to the internet. Each type of device has its own security risks and vulnerabilities. And, as the number of IoT devices continues to grow, so do the opportunities for cybercriminals to exploit them.
Cloud security
The cloud has become an essential part of business for many organizations. It offers a number of advantages, such as flexibility, scalability, and cost savings. However, the cloud also creates new security risks.
One of the biggest security risks associated with the cloud is data breaches. Because data is stored remotely on servers, it is more vulnerable to attack. In addition, cloud service providers often have access to customer data, which creates another potential point of entry for hackers.
Another security risk associated with the cloud is malicious insiders. Because cloud service providers have access to customer data, they could potentially misuse this data or sell it to third parties.
In addition, employees of cloud service providers could also be coerced into giving hackers access to customer data.
Organizations need to be aware of the security risks associated with the cloud and take steps to protect themselves. This includes encrypting data in transit and at rest, as well as using multi-factor authentication.
Cryptocurrency mining malware
Cryptocurrency mining malware is a type of malware that infects computers and uses their resources to mine for cryptocurrency. This can slow down the infected computer and use up a lot of electricity. In some cases, it can even damage the computer.
Cryptocurrency mining malware is often delivered through phishing emails or malicious websites. Once the malware is installed on a computer, it can be difficult to remove.
Organizations need to be aware of the threat of cryptocurrency mining malware and take steps to protect their computers. This includes using antivirus software and avoiding clicking on links or opening attachments from unknown sources.
Insider threats
An insider threat is a threat to an organization that comes from within. This can be from an employee, contractor, or third party with authorized access to the organization’s systems and data.
Insider threats can occur when someone with malicious intent gains access to an organization’s systems and data. They can also occur when someone with authorized access misuses their privileges.
Organizations need to be aware of the threat of insider threats and take steps to protect themselves. This includes monitoring user activity, requiring multi-factor authentication, and providing security training to employees.
Quantum computing
Quantum computing is a type of computing that uses quantum-mechanical phenomena, such as superposition and entanglement, to perform operations on data. Quantum computers are able to solve certain problems much faster than classical computers.
The development of quantum computers poses a threat to traditional cryptography. This is because quantum computers can easily factor large numbers, which is the basis of many cryptographic algorithms.
Organizations need to be aware of the threat of quantum computing and take steps to protect their data. This includes using quantum-resistant cryptography and storing data in multiple locations.
DDoS attacks
A DDoS attack is a type of attack that attempts to make a computer or network resource unavailable to its users. This is done by overwhelming the target with traffic from multiple sources.
DDoS attacks can be incredibly disruptive and cause significant damage to an organization. They can also be difficult to defend against because the attacker can use multiple computers or devices to generate the traffic.
Organizations need to be aware of the threat of DDoS attacks and take steps to protect themselves. This includes having a DDoS mitigation plan in place and working with a reputable DDoS protection provider.
Conclusion
Cybersecurity threats are constantly evolving and organizations need to be aware of the latest threats in order to protect themselves. Cybercrime and data theft now represent a serious global problem and the stakes are only getting higher. As we move into the future, it is critical that organizations take steps to protect themselves from these threats.
RDP Attacks Decline 89% in Eight Months
Smashing Security podcast #292: Trussterflucks and eBay stalking
Has new UK prime minister Liz Truss been careless with her mobile phone, and hear the most extraordinary story of corporate cyberstalking.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by nobody for reasons that will become obvious.
5 reasons why security operations are getting harder
Recent ESG research reveals that 52% of security professionals believe security operations are more difficult today than they were two years ago. Why? Security operations center (SOC) teams point to issues such as:
A rapidly evolving and changing threat landscape: Forty-one percent of security professionals find it difficult to understand and counteract modern threats like ransomware or supply chain attacks and then build this knowledge into a comprehensive security operations program. Most react to threats and indicators of compromise (IoCs) rather than study cyber-adversaries and plan ahead.
A growing attack surface: This issue came up with 39% of respondents, but attack surface challenges are no surprise. Other ESG research indicates that the attack surface is growing at two-thirds (67%) of organizations, driven by third-party IT connections, support for remote workers, increased public cloud usage, and adoption of SaaS applications. A growing attack surface means more work, vulnerabilities, and blind spots for SOC teams. Little wonder then why 69% of organizations admit to a cyber-incident emanating from an unknown, unmanaged, or poorly managed internet-facing asset.
The volume and complexity of security alerts: We’ve all heard about “alert storms” and “alert fatigue.” Based on the ESG data, these conditions aren’t just marketing hype, as 37% of SOC teams say that alert volume and complexity is making security operations more difficult. It’s easy to understand this one: Imagine viewing, triaging, prioritizing, and investigating a constant barrage of amorphous security alerts from a variety of different detection tools and you’ll get the picture. Seems overwhelming but that’s the reality for level 1 SOC analysts at many organizations.
Public cloud usage: Beyond just expanding the attack surface, more than one-third (34%) say that security operations are more difficult as a direct result of growing use of the public cloud. This is not just a numbers game. Securing cloud workloads is difficult due to multi-cloud deployment, ephemeral cloud instances, and developer use of new cloud services that security teams may be unfamiliar with. Chasing cloud evolution and associated software developer whims has become part of the job.
Keeping up with the care and feeding of security technologies: More than half (54%) of organizations use more than 26 different commercial, homegrown, or open-source tools for security operations. The burden of managing and maintaining all these disparate technologies alone can be difficult. This is one reason why many firms are replacing on-site security tools with cloud-based alternatives.
Growing scale complicates security operations
In analyzing this data, it’s easy to see a common theme across these different responses – scale. Everything is growing – threats, IT, alerts, tools, everything. The research illustrates the fact that we don’t have the people, processes, or technologies to keep up with these scaling needs.