North Korean hackers have been exploiting a zero-day in Chrome.

The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors. One group was dubbed Operation Dream Job, and it targeted more than 250 people working for 10 different companies. The other group, known as AppleJeus, targeted 85 users.

Details:

The attackers made use of an exploit kit that contained multiple stages and components in order to exploit targeted users. The attackers placed links to the exploit kit within hidden iframes, which they embedded on both websites they owned as well as some websites they compromised.

The kit initially serves some heavily obfuscated javascript used to fingerprint the target system. This script collected all available client information such as the user-agent, resolution, etc. and then sent it back to the exploitation server. If a set of unknown requirements were met, the client would be served a Chrome RCE exploit and some additional javascript. If the RCE was successful, the javascript would request the next stage referenced within the script as “SBX”, a common acronym for Sandbox Escape. We unfortunately were unable to recover any of the stages that followed the initial RCE.

Careful to protect their exploits, the attackers deployed multiple safeguards to make it difficult for security teams to recover any of the stages. These safeguards included:

Only serving the iframe at specific times, presumably when they knew an intended target would be visiting the site.
On some email campaigns the targets received links with unique IDs. This was potentially used to enforce a one-time-click policy for each link and allow the exploit kit to only be served once.
The exploit kit would AES encrypt each stage, including the clients’ responses with a session-specific key.
Additional stages were not served if the previous stage failed.

Although we recovered a Chrome RCE, we also found evidence where the attackers specifically checked for visitors using Safari on MacOS or Firefox (on any OS), and directed them to specific links on known exploitation servers. We did not recover any responses from those URLs.

If you’re a Chrome user, patch your system now.

Read More

ESET announced a host of changes to its cybersecurity product line Wednesday. Changes include making it easier to manage risks in its ESET Protect software, rebranding its Enterprise Inspector offering as ESET Inspect Cloud, and refreshing its endpoint solutions for Windows, macOS and Android.

ESET Inspect Cloud gives the company’s flagship product ESET Protect extended detection and response (XDR) capabilities, with the cloud offering able to identify post-execution malicious code and the protect solution able to provide security teams with full visibility into the response to the code. XDR capabilities include advanced threat hunting, incident response, full network visibility, and cloud-based threat defense,

To read this article in full, please click here

Read More

Texas-based cybersecurity vendor Praetorian has launched a new machine learning-based secrets scanner, called Nosey Parker, onto its Chariot Platform, which provides attack surface management and offensive security managed services. 

Nosey Parker is a machine learning-based service developed using the regular expression (regex) pattern matching technique to detect sensitive secrets like passwords, API keys, access tokens, asymmetric private keys, client secrets and credentials left inadvertently in source code and configuration files. 

To read this article in full, please click here

Read More

If you want to work remotely from home — or stay on the move as a digital nomad — you can thank zero trust for making that possible.

Read More

This blog was written by an independent guest blogger.

Credential stuffing attacks essentially doubled in number between 2020 and 2021. As reported by Help Net Security, researchers detected 2,831,028,247 credential stuffing attacks between October 2020 and September 2021—growth of 98% over the previous year. Of the sectors that did experience credential stuffing during that period, gaming, digital and social media, as well as financial services experienced the greatest volume of attacks. What’s more, the United Kingdom was one of the top three regions that launched the most credential stuffing attacks in the world, followed by Asia and North America.

Looking towards the rest of 2022, the security community expects the volume of credential stuffing attacks to grow even further. “Expect to see credential stuffing attacks double in number again in 2022,” noted Forbes.

Why is credential stuffing a concern for organizations?

First, the role of automation in credential stuffing makes it possible for anyone—even attackers with low levels of expertise—to perpetrate these attacks. A low barrier of entry helps to explain why credential stuffing is so pervasive and why it’s expected to continue in this way for 2022.

Let’s examine the flow of credential stuffing to illustrate this fact. According to the Open Web Application Security Project (OWASP), a credential stuffing attack begins when a malicious actor acquires compromised usernames and passwords from password dumps, data breaches, phishing campaigns, and other means. They then use automated tools to test those credentials across multiple websites including banks and social media platforms. If they succeed in authenticating themselves with a credential set, they can then conduct a password reuse attack, harvest the compromised account’s information/funds, and/or monetize it on the dark web.

Which brings us to our second reason why credential stuffing is so concerning: the impact of a successful attack can be far-reaching. The applications of a successful credential stuffing attack are tantamount to a data breach, so organizations can bet that all data privacy regulations will be enforced.

Meaning? Organizations could incur fines totaling millions of dollars in the aftermath of credential stuffing, per Cybersecurity Dive. Those penalties don’t include the costs that organizations will need to pay to understand the impact of the attack, figure out which data the malicious actors might have compromised, and remediate the incident. They also don’t cover the brand damage and legal fees that organizations could face after notifying their customers.

Credential stuffing defense best practices

To avoid the costs discussed above, organizations need to take action to defend themselves against a credential stuffing attack. Here are seven ways that they can do this.

1. Make credential stuffing defense an ongoing collaborative discussion

Organizations can’t tackle credential stuffing if there’s not even a discussion about the threat. Acknowledging this reality, TechRepublic recommends that organizations bring their security, fraud, and digital teams together to discuss credential stuffing, among other fraud trends, along with ways that they can use digital metrics to coordinate their defense efforts.

2. Implement multi-factor authentication

Credential stuffing hinges on the fact that malicious actors can translate access to a credential set into access to an account. Multi-factor authentication (MFA) denies this pivot point, as it forces attackers to also provide another factor such as an SMS-based text code or a fingerprint for authentication. This raises the barrier of taking over an account by forcing malicious actors to compromise those additional authentication factors in addition to the original credential set.

3. Use security awareness to familiarize employees with password best practices

Organizations can go a long way towards blocking a credential stuffing attack by cultivating their employees’ levels of security awareness. For instance, they can educate their employees on how malicious actors can leverage password reuse as part of a credential stuffing campaign. Per How-To Geek, organizations can also provide employees with a password manager for storing credentials that they’ve created in accordance with company password policies.

4. Analyze and baseline traffic for signs of credential stuffing

Infosecurity Magazine recommends that organizations create a baseline for their traffic including account activity. They can then use that baseline to monitor for anomalies such as a spike in failed login attempts and unusual account access requests.

5. Prevent users from securing their accounts with exposed passwords

The last thing security teams want is for their employees to use a password that’s been exposed in a previous security incident. Malicious actors use data breaches, information dumps, and other leaks to power automated tools used in credential stuffing, after all. Acknowledging this point, infosec personnel need to monitor the web for data breaches, information dumps, and other leaks that malicious actors could use to engage in credential stuffing. They can actively monitor the news for these types of incidents. They can also rely on receiving alerts from data breach tracking services such as Have I Been Pwned (HIBP).

6. Implement device fingerprinting

Infosec teams can use operating system, web browser version, language settings, and other attributes to fingerprint an employee’s device. They can then leverage that fingerprint to monitor for suspicious activity such as a user attempting to authenticate themselves with the device in a different country, noted Security Boulevard. If a circumstance like that arises, security teams can then prompt employees to submit additional authentication factors to confirm that someone hasn’t taken over their account.

7. Avoid using email addresses as user IDs

Password reuse isn’t the only factor that increases the risk of a credential stuffing attack. So too does the reuse of usernames and/or account IDs. Salt Security agrees with this statement.

“Credential stuffing relies on users leveraging the same usernames or account IDs across services,” it noted in a blog post. “The risk runs higher when the ID is an email address since it is easily obtained or guessed by attackers.”

Subsequently, organizations should consider using unique usernames that malicious actors can’t use for their authentication attempts across multiple web services.

Beating credential stuffing with the basics

Credential stuffing is one of the most prevalent forms of attack today. This popularity is possible because of how simple it is for malicious actors to obtain exposed sets of credentials on the web. However, as discussed above, it’s also simple for organizations to defend themselves against credential stuffing. They can do so in large part by focusing on the basics such as implementing MFA, awareness training, and baselining their traffic.

Read More

Vulnerability has echoes of infamous Struts and Log4Shell vulnerabilities

Read More

Provider claims attackers first compromised VPN appliance

Read More

FBI-led operation lasted three months

Read More

Facciamo un gioco. Vai all’app Foto sul tuo telefono e guarda il numero totale di video e immagini presenti sul tuo dispositivo: preziosi ricordi delle tue vacanze in famiglia, clip del tuo concerto preferito e le innumerevoli istantanee del tuo compagno peloso. Adesso vai sul computer portatile o desktop e controlla quanti documenti hai in archivio: probabilmente tutte le relazioni di ricerca che hai salvato per sostenere la tua tesi di laurea o un’importante presentazione che devi consegnare al tuo capo lunedì. Se dovessi tirare a indovinare, diresti che il numero totale di tutti questi vari dati è nell’ordine delle migliaia? Ora immagina se tutti questi dati scomparissero improvvisamente. Cosa faresti?

Magari stai pensando: “Questo non succederà mai a me.” In realtà, questa situazione è più comune di quanto si pensi. Solo nel corso di quest’anno, più di 60 milioni di computer si guasteranno in tutto il mondo e oltre 200.000 smartphone verranno smarriti o rubati. Ecco perché celebriamo la Giornata mondiale del backup illustrandoti come puoi eseguire correttamente il backup dei tuoi file e avere la tranquillità di sapere che i tuoi dati sono sani e salvi.

Cosa sono i backup e perché sono importanti?

Un backup è una copia separata dei tuoi file e delle tue informazioni digitali importanti e a cui tieni sentimentalmente. Memorizzare tutti quei dati in un’unica posizione, come un personal computer o uno smartphone, può rivelarsi pericoloso. La creazione di un’altra copia di quei dati tramite un backup garantirà che vengano conservati e tenuti al sicuro da qualche altra parte nel caso in cui il tuo dispositivo venga cancellato o rubato.

È importante rendersi conto che la perdita di dati non è qualcosa che accade solo alle grandi aziende o alle vittime ignare dei film di spionaggio. Siamo tutti suscettibili di perdita o furto di dati e il backup costituisce un facile accorgimento per proteggere tutte le nostre informazioni e impedire ai criminali informatici di prendere ciò che non è loro.

Informazioni di base sull’archiviazione dei dati

I dati sono una delle risorse più importanti nel mondo moderno. Come abbiamo detto in precedenza, le persone accumulano innumerevoli file che contengono informazioni preziose che vogliono tenere al sicuro. Fortunatamente, ci sono due modi comuni e poco costosi in cui si possono conservare i propri dati e i relativi backup che diventano sempre più importanti.

Archiviazione nel cloud

Anche se “il cloud” è diventato un termine in voga da qualche anno, la sua definizione rimane tuttora piuttosto nebulosa per alcune persone. Il cloud esiste in data center remoti ai quali si può accedere via Internet. Tutti i dati che hai caricato nel cloud si trovano su server dedicati e su volumi di archiviazione ospitati in luoghi lontani dove generalmente risiedono altri centri dedicati a questa funzione. I data center sono di proprietà dei fornitori di servizi cloud, i quali sono responsabili di mantenere i server attivi e funzionanti.

Per mantenere i tuoi dati fisicamente al sicuro dal furto e dalla distruzione, e per assicurarsi che siano disponibili ogni volta che desideri accedervi, i data center gestiscono grandi sistemi di raffreddamento per evitare il surriscaldamento dei componenti elettronici e dispongono di almeno un generatore di riserva in caso di interruzioni di corrente. Ma come si assicurano che questi dati siano sicuri nella cybersfera? I sistemi cloud utilizzano processi di autenticazione come nomi utente e password per limitare l’accesso, oltre alla crittografia dei dati per proteggerli in caso di furto o intercettazione. È importante ricordare però che le password possono essere violate. Di solito, il fornitore di servizi detiene le chiavi di crittografia dei dati, il che significa che dipendenti disonesti potrebbero, in teoria, accedervi. Allo stesso modo, i dati potrebbero anche essere potenzialmente ricercati e sequestrati da enti dello stato.

Questo fa sorgere la domanda: fidarsi o non fidarsi? Poiché la loro attività dipende dalla loro reputazione, le aziende di archiviazione cloud fanno di tutto per utilizzare le tecniche di sicurezza più avanzate e fornire il servizio più affidabile possibile. Per contribuire a garantire la sicurezza dei tuoi dati nel caso tu scelga di archiviare o eseguire il backup nel cloud, tieni tutto ciò che è veramente sensibile in un cloud privato protetto da un firewall.

Disco rigido esterno

Con un disco rigido esterno puoi eseguire manualmente il backup di tutti i tuoi dati e file su un dispositivo fisico a cui puoi accedere in qualsiasi momento. Queste unità costituiscono un modo affidabile per ottenere la ridondanza dei dati. Un disco rigido esterno non dipende dall’accesso a Internet come i servizi basati sul cloud e rappresenta una soluzione comoda quando occorre trasferire i dati su un nuovo dispositivo. L’utilizzo di dischi rigidi esterni, tuttavia, richiede un approccio più pratico per il backup dei dati. È tua responsabilità eseguire regolarmente i backup e conservare il disco rigido in un luogo sicuro. Mentre le soluzioni cloud offrono enormi quantità di spazio di archiviazione, quello disponibile sui dischi rigidi è limitato, quindi potrebbe essere necessario acquistare più di un dispositivo. Cerca un disco esterno con almeno un terabyte di spazio per ospitare tutti i tuoi dati, che tendono ad accumularsi rapidamente.

Inizia le pulizie di primavera digitali

Così come pulisci il tuo garage e riordini la tua casa, fai un po’ di pulizie di primavera digitali in questa Giornata mondiale del backup. Dai una bella ripulita ai tuoi dispositivi, alle app e agli account online e aumenta la tranquillità sapendo che tutti i tuoi dati preziosi sono conservati in un luogo sicuro e protetto… e che disponi di un backup nel caso qualcosa vada storto. Ricorda, la proattività è fondamentale per rafforzare la tua sicurezza informatica e la protezione delle tue informazioni.

The post È la Giornata mondiale del backup! Ecco come puoi proteggere i tuoi file appeared first on McAfee Blog.

Read More