Researchers at cybersecurity vendor Proofpoint have analyzed a new remote access Trojan (RAT) malware campaign using sophisticated evasion techniques and leveraging COVID-19 themed messaging to target global organizations. The malware, dubbed “Nerbian RAT” and written in the Go programming language, uses significant anti-analysis and anti-reversing capabilities and open-source Go libraries to conduct malicious activities, the researchers stated.
The campaign was first analyzed by Proofpoint in late April and disproportionately impacts entities in Italy, Spain and the UK. In a statement, Proofpoint Vice President Threat Research and Detection Sherrod DeGrippo said the research demonstrates how malware authors continue to operate at the intersection of open-source capability and criminal opportunity.
Infrastructure software provider Progress has announced the launch of Progress Chef Cloud Security to extend DevSecOps with compliance support for native cloud assets, enabling end-to-end management of on premise, cloud, and native cloud resources. In a press release, the company stated that the offering is complemented by new capabilities across the Chef portfolio targeting DevOps success in enterprise deployments to deliver a unified and scalable platform that accelerates the delivery of secure and compliant application releases in mixed computing environments.
A predominantly Black college, based in Illinois, USA, is closing its doors after 157 years – citing the challenges it faced due to the Coronavirus pandemic, and the aftermath of a ransomware attack.
Read more in my article on the Hot for Security blog.
As the fallout from the Apache Log4J vulnerabilities earlier this year shows, the biggest risks in enterprise software today are not necessarily with insecure code written directly by in-house software development teams. The flaws of the components, libraries and other open-source code that makes up the bulk of today’s software code bases are the underwater part of the insecurity iceberg.
The truth is that so much of the enterprise software and custom applications produced by DevOps teams and software engineering groups is not actually coded by their developers. Modern software today is modular. Developers use what is called a microservices architecture to make new applications by constructing them a lot like a Lego house—using blocks that are made of premade code. Rather than reinventing the wheel every time they need their application to perform a common function, developers root around in their proverbial box of blocks to find just the right one that will do what they need without a lot of fuss.
It’s that time that I fill out the annual cyber insurance policy application. Each year it gives me an insight into what insurance vendors are using to rate the risks and threats to our business and what they are stressing I should have as best practices. Not having them in place could affect insurance rates and whether I qualify for cyber insurance at all.
This year was interesting because it asked for specific ransomware prevention techniques and protections. Here are the questions that stood out.
Is two-factor authentication in place?
My insurance vendor asked if I had two factor authentication (2FA) in place protecting remote network access. They are reacting to the reality that both virtual private networks (VPNs) and Remote Desktop Protocol (RDP) provide effective access for attackers as well as users. We sometimes leave behind remote access to get into physical and virtual servers, but attackers target these remote access tools to gain network access.
Lenny Wang discovered that NSS incorrectly handled certain
messages. A remote attacker could possibly use this issue to cause
servers compiled with NSS to stop responding, resulting in a denial of service.
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
