Researchers at cybersecurity vendor Proofpoint have analyzed a new remote access Trojan (RAT) malware campaign using sophisticated evasion techniques and leveraging COVID-19 themed messaging to target global organizations. The malware, dubbed “Nerbian RAT” and written in the Go programming language, uses significant anti-analysis and anti-reversing capabilities and open-source Go libraries to conduct malicious activities, the researchers stated.

The campaign was first analyzed by Proofpoint in late April and disproportionately impacts entities in Italy, Spain and the UK. In a statement, Proofpoint Vice President Threat Research and Detection Sherrod DeGrippo said the research demonstrates how malware authors continue to operate at the intersection of open-source capability and criminal opportunity.

To read this article in full, please click here

Read More

Infrastructure software provider Progress has announced the launch of Progress Chef Cloud Security to extend DevSecOps with compliance support for native cloud assets, enabling end-to-end management of on premise, cloud, and native cloud resources. In a press release, the company stated that the offering is complemented by new capabilities across the Chef portfolio targeting DevOps success in enterprise deployments to deliver a unified and scalable platform that accelerates the delivery of secure and compliant application releases in mixed computing environments.

To read this article in full, please click here

Read More

A predominantly Black college, based in Illinois, USA, is closing its doors after 157 years – citing the challenges it faced due to the Coronavirus pandemic, and the aftermath of a ransomware attack.

Read more in my article on the Hot for Security blog.

Read More

Service Could help minimize spoofing and privacy risks

Read More

It’s that time that I fill out the annual cyber insurance policy application. Each year it gives me an insight into what insurance vendors are using to rate the risks and threats to our business and what they are stressing I should have as best practices. Not having them in place could affect insurance rates and whether I qualify for cyber insurance at all.

This year was interesting because it asked for specific ransomware prevention techniques and protections. Here are the questions that stood out.

Is two-factor authentication in place?

My insurance vendor asked if I had two factor authentication (2FA) in place protecting remote network access. They are reacting to the reality that both virtual private networks (VPNs) and Remote Desktop Protocol (RDP) provide effective access for attackers as well as users. We sometimes leave behind remote access to get into physical and virtual servers, but attackers target these remote access tools to gain network access.

To read this article in full, please click here

Read More

As the fallout from the Apache Log4J vulnerabilities earlier this year shows, the biggest risks in enterprise software today are not necessarily with insecure code written directly by in-house software development teams. The flaws of the components, libraries and other open-source code that makes up the bulk of today’s software code bases are the underwater part of the insecurity iceberg.

The truth is that so much of the enterprise software and custom applications produced by DevOps teams and software engineering groups is not actually coded by their developers. Modern software today is modular. Developers use what is called a microservices architecture to make new applications by constructing them a lot like a Lego house—using blocks that are made of premade code. Rather than reinventing the wheel every time they need their application to perform a common function, developers root around in their proverbial box of blocks to find just the right one that will do what they need without a lot of fuss.

To read this article in full, please click here

Read More

Report reveals big variety in affiliate groups

Read More

Some 73 vulnerabilities have been resolved this month

Read More

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows.

By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925, a weakness in a central component of Windows security (the “Local Security Authority” process within Windows). CVE-2022-26925 was publicly disclosed prior to today, and Microsoft says it is now actively being exploited in the wild. The flaw affects Windows 7 through 10 and Windows Server 2008 through 2022.

Greg Wiseman, product manager for Rapid7, said Microsoft has rated this vulnerability as important and assigned it a CVSS (danger) score of 8.1 (10 being the worst), although Microsoft notes that the CVSS score can be as high as 9.8 in certain situations.

“This allows attackers to perform a man-in-the-middle attack to force domain controllers to authenticate to the attacker using NTLM authentication,” Wiseman said. “This is very bad news when used in conjunction with an NTLM relay attack, potentially leading to remote code execution. This bug affects all supported versions of Windows, but Domain Controllers should be patched on a priority basis before updating other servers.”

Wiseman said the most recent time Microsoft patched a similar vulnerability — last August in CVE-2021-36942 — it was also being exploited in the wild under the name “PetitPotam.”

“CVE-2021-36942 was so bad it made CISA’s catalog of Known Exploited Vulnerabilities,” Wiseman said.

Seven of the flaws fixed today earned Microsoft’s most-dire “critical” label, which it assigns to vulnerabilities that can be exploited by malware or miscreants to remotely compromise a vulnerable Windows system without any help from the user.

Among those is CVE-2022-26937, which carries a CVSS score of 9.8, and affects services using the Windows Network File System (NFS). Trend Micro’s Zero Day Initiative notes that this bug could allow remote, unauthenticated attackers to execute code in the context of the Network File System (NFS) service on affected systems.

“NFS isn’t on by default, but it’s prevalent in environment where Windows systems are mixed with other OSes such as Linux or Unix,” ZDI’s Dustin Childs wrote. “If this describes your environment, you should definitely test and deploy this patch quickly.”

Once again, this month’s Patch Tuesday is sponsored by Windows Print Spooler, a core Windows service that keeps spooling out the security hits. May’s patches include four fixes for Print Spooler, including two information disclosure and two elevation of privilege flaws.

“All of the flaws are rated as important, and two of the three are considered more likely to be exploited,” said Satnam Narang, staff research engineer at Tenable. “Windows Print Spooler continues to remain a valuable target for attackers since PrintNightmare was disclosed nearly a year ago. Elevation of Privilege flaws in particular should be carefully prioritized, as we’ve seen ransomware groups like Conti favor them as part of its playbook.”

Other Windows components that received patches this month include .NET and Visual Studio, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Office, Windows Hyper-V, Windows Authentication Methods, BitLocker, Remote Desktop Client, and Windows Point-to-Point Tunneling Protocol.

Also today, Adobe issued five security bulletins to address at least 18 flaws in Adobe CloudFusion, Framemaker, InCopy, InDesign, and Adobe Character Animator. Adobe said it is not aware of any exploits in the wild for any of the issues addressed in today’s updates.

For a more granular look at the patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the skinny on any patches that may be causing problems for Windows users.

As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these patches, please drop a note about it here in the comments.

Read More

Whether it was bush fires, Covid, floods, or the Ukraine conflict, the news agenda over the last two years has been jam-packed. So, when McAfee released the findings of their first Global Connected Family Study, it was clear to me that connecting safely online needs to make it back into the news. 

Over 15,000 parents and 12,000 children aged 10-18 from 10 countries (including Australia) were interviewed for the study with the goal of finding out how families both connect and protect themselves online. So, let me share with you the results that need to spring us into action. 

Aussie children report the 2nd highest rate of cyberbullying (24%) out of the 10 countries surveyed. US children reported the highest rate. The average for all countries was 17%. 

Aussie parents are not completely aware of what’s happening in their children’s digital lives with just 20% nominating that their child had experienced cyberbullying while in fact 24% had experienced it. 

Children want to feel safe online and 73% of those surveyed look to their parents more than any other resource for help however parents are struggling to deliver. 

Parents are more inclined to protect their daughters online than their sons. Girls aged 10-14 were more likely to have parental controls on their PCs/laptops in almost every country surveyed. 

Children and teens want their privacy online and more than half (59%) will take steps to actively hide their online activity from hiding their browsing history to omitting details about what they are doing online. 

What Can We Do About It? 

I’m the first to admit that being a digital parent can be incredibly overwhelming. Staying abreast of the latest trends, apps and social media platforms can seem like a full-time job! And let’s not forget the latest threats and risks too. But findings, like the ones above, do have a way of shaking up priorities and do serve to provide clarity on where we need to focus our attention as parents.  

So, let’s break it down into 5 steps that you can take to ensure you are minimising the negativity and risks your kids may experience online: 

1. Check Your Family’s Communication Culture 

Without a doubt, one of the best things you can do for your family is create a culture where honest and genuine communication is a feature of everyday life. If your kids know they can confide in you, no matter what the problem is, then they are far more likely to come to you before a problem such as cyberbullying can feel unsolvable.  

2. Commit to Understanding Your Kids’ Online World 

It’s impossible to set boundaries and appreciate the risks in the digital world, if you don’t really know what your kids are dealing with. You may have little natural interest in joining Kik, Snapchat or Instagram but if you kids use it – then you know what you need to do! And if your kids can see that you are more actively involved online and using similar platforms, they will be more likely to come to you if they experience a problem. 

3. Introduce A Family Technology Contract 

In my opinion, one of the biggest causes of issues online is the fact that children are given internet-enabled devices that require adult levels of maturity and problem-solving skills. But let’s keep it real – that horse has bolted – most of our kids have phones in their pockets! So, the best way of managing this is to introduce a family technology contract.  

Now this can be as simple or complex as you feel is necessary for your tribe. You may want to insist on just a few rules such as not sharing passwords with friends, seeking permission before downloading apps, and always being kind online. You could simply write these on a piece of paper and have your kids sign it. Whatever works for you but remember, the research is showing that our kids are looking to us to help keep them safe online, so include as much here as you think your kids need. And of course, these need to be age-appropriate. I love this one for under 5’s from our eSafety Commissioner and this one is great for tweens and teens from The Modern Parent. 

4. Talk Cyberbullying (And Empathy) With Your Kids 

Bullying has existed long before the internet was even a word so unfortunately, it isn’t going anywhere. But coupled with the intensity and very public nature of the online world, it can be devastating. In my opinion, the key to cyberbullying is prevention. So, ensuring your kids know they can come to you with any problem, having a tight connection with your child so you can pick when things are ‘off’ and arming them with a basic cyber safety toolkit (not sharing passwords, privacy settings on, being kind online & having time away from devices) is essential.  

One of the ways we can also keep our kids from making mistakes online is by teaching them empathy. If kids haven’t developed empathy, then they make decisions based solely on their own desires – without any consideration for others. Many experts believe that it is the absence of empathy that leads directly to bullying.   

So, be a role model and start weaving the good old saying ‘do unto others as you would like them to do to you’ into your family dialogue.  

5. Consider Parental Controls & Protection Software 

The research findings are very clear: our kids want us to take charge of their online safety. So, let’s get technology working for us so we can keep them safe. 

Parental controls are not the silver bullet but when they are used in conjunction with proactive parenting then they can be transformative. McAfee’s Safe Family offers parents the ability to monitor device activity, limit screentime, block apps, and filter websites. This is a great way of teaching boundaries and limits while also giving yourself peace of mind that your kids are as safe as possible. 

Investing in comprehensive protection software for your (and your kid’s) devices is another way of adding a layer of protection to their online world. Comprehensive security software like McAfee’s Total Protection will protect against dangerous downloads, viruses, malware, online threats, and visits to risky websites. It will also encrypt the files on your computer and help manage your passwords! A complete no-brainer!!  

So, please don’t be overwhelmed and don’t even aim to be the perfect digital parent! Break it down and do the best you can because protecting our kids online needs to be a top priority. So, as soon as possible – check your family communication, take some time to understand your kids’ online world, put a digital contract in place, talk a little, and use some parental controls. But please do not forget about the power of role modeling. As parents, we are our kids’ biggest influencers so it might just be time for you to up your own digital safety game too!! 

Till next time. 

Stay safe everyone! 

The post Aussie Children Have 2nd Highest Rate of Cyberbullying, Time To Focus on Digital Parenting appeared first on McAfee Blog.

Read More