Category Archives: News

News

22 cybersecurity myths organizations need to stop believing in 2022

Read Time:34 Second

The past few years have seen a dramatic shift in how organizations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs’ jobs more complex than ever.

This convoluted environment requires a new mindset to defend, and things that might have held true in the past might no longer be useful. Can digital certificates’ expiration dates still be managed in a spreadsheet? Is encryption ‘magic dust’? And are humans actually the weakest link?

Security experts weigh in the 22 cybersecurity myths that we finally need to retire in 2022.

To read this article in full, please click here

Read More

News

22 cybersecurity myths organizations need to stop believing in 2022

Read Time:34 Second

The past few years have seen a dramatic shift in how organizations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs’ jobs more complex than ever.

This convoluted environment requires a new mindset to defend, and things that might have held true in the past might no longer be useful. Can digital certificates’ expiration dates still be managed in a spreadsheet? Is encryption ‘magic dust’? And are humans actually the weakest link?

Security experts weigh in the 22 cybersecurity myths that we finally need to retire in 2022.

To read this article in full, please click here

Read More

News

Red vs. blue vs. purple teams: How to run an effective exercise

Read Time:46 Second

In the arsenal of cybersecurity defenses is the exercise that goes by the name of red team/blue team simulated attack. These simulations are designed to closely mimic real-world conditions. For example, one red team member might take on the role of an employee clicking on a phishing link that deposits malware on the network. The defending team members must then find this malware before it spreads across their network and infects web servers and other applications. To make things more realistic, the simulation replays real network traffic to obscure the attacks, just like in the real world.

Let’s talk about the red and blue designations. Red team members usually play the role of attackers and try to overcome security protocols. They use the same tools and techniques that attackers use, similar to how penetration testers operate but on a much broader scale.

To read this article in full, please click here

Read More

News

Red vs. blue vs. purple teams: How to run an effective exercise

Read Time:46 Second

In the arsenal of cybersecurity defenses is the exercise that goes by the name of red team/blue team simulated attack. These simulations are designed to closely mimic real-world conditions. For example, one red team member might take on the role of an employee clicking on a phishing link that deposits malware on the network. The defending team members must then find this malware before it spreads across their network and infects web servers and other applications. To make things more realistic, the simulation replays real network traffic to obscure the attacks, just like in the real world.

Let’s talk about the red and blue designations. Red team members usually play the role of attackers and try to overcome security protocols. They use the same tools and techniques that attackers use, similar to how penetration testers operate but on a much broader scale.

To read this article in full, please click here

Read More

News

MoonBounce UEFI implant used by spy group brings firmware security into spotlight

Read Time:38 Second

Researchers uncovered a stealthy UEFI rootkit that’s being used in highly targeted campaigns by a notorious Chinese cyberespionage group with suspected government ties. The group is known for using software supply-chain attacks in the past. Dubbed MoonBounce by researchers from Kaspersky Lab, the implant’s goal is to inject a malicious driver into the Windows kernel during the booting stages, providing attackers with a high level of persistence and stealthiness.

While MoonBounce is not the first UEFI rootkit found in the wild — LoJax, MosaicRegressor are two examples– these types of implants are not common because they require knowledge of low-level firmware programming. They are typically found in the arsenal of well-resourced and sophisticated attacker groups.

To read this article in full, please click here

Read More

News

Attackers use public cloud providers to spread RATs

Read Time:40 Second

A campaign that uses public cloud service providers to spread malware has been discovered by Cisco Talos. The offensive is the latest example of threat actors abusing cloud services like Microsoft Azure and Amazon Web Services for malicious purposes, security researchers Chetan Raghuprasad and Vanja Svajcer wrote in the Talos blog.

To camouflage their activity, the researchers noted, the hackers used the DuckDNS dynamic DNS service to change the domain names of the command-and-control hosts used for the campaign, which started distributing variants of Nanocore, Netwire, and AsyncRATs to targets in the United States, Italy and Singapore, starting around October 26. Those variants are packed with multiple features to take control of a target’s computer, allowing it to issue commands and steal information.

To read this article in full, please click here

Read More

News

Homelife of Connecticut Residents Secretly Recorded

Read Time:1 Minute, 47 Second

Homelife of Connecticut Residents Secretly Recorded

A man from Connecticut has been arrested on suspicion of using digital devices to record his neighbors. 

Waterford resident Keith Hancock allegedly recorded 10 victims from outside their homes, two of whom were juveniles. Six of the individuals were filmed while undressing. 

Hancock is also suspected of recording more victims while inside his home on Overlook Drive. 

Cops arrested 53-year-old Hancock on Tuesday and charged him with eight counts of voyeurism and three counts of criminal trespass in the third degree.

According to an arrest affidavit for Hancock, the alleged voyeur admitted filming individuals in two residences without their knowledge or consent.

The investigation that led to Hancock’s arrest began on October 07 2021 when the Waterford Police Department responded to a report of an intruder entering a male resident’s backyard. 

According to news source The Day, the resident became aware of the intruder’s presence when he let his dog out into the yard and the animal started to bark. When the resident shone a flashlight into the yard, he was able to see an intruder running away. 

The resident searched his backyard and found a pair of binoculars and a black Canon camcorder stashed behind a tree. A portable chair and two posts were discovered on the other side of the wall that separated the resident’s property from his neighbor’s.

Stored on the SD card inside the recovered camcorder was video footage of another home, focusing on an upstairs window. 

Police traced the camcorder to Hancock and obtained a search warrant for his residence. Stored on a laptop seized in the search was video footage of a woman undressing. Another video showed a woman naked from the waist down and urinating into a toilet. 

The bathroom in the video matched a bathroom shown in an online real estate listing of Hancock’s house. When officers searched Hancock’s bathroom, they found a hole in the base of a cabinet set opposite the toilet through which they believe the defendant filmed his victims. 

Hancock was released on a $100,000 bond. He is scheduled to appear in court on February 23.

Read More

News

Pennsylvania Approves Ransomware Bill

Read Time:1 Minute, 48 Second

Pennsylvania Approves Ransomware Bill

Pennsylvania has approved new legislation barring state and local governments from using taxpayers’ money to pay ransoms to cyber-criminals. 

Senate Bill 726, amending Title 18 (Crimes and Offenses) of the Pennsylvania Consolidated Statutes, was approved by the Pennsylvania Senate on Wednesday. The legislation has now advanced to the House of Representatives for further consideration.

The amendment defines ransomware and makes it illegal to possess, use, develop, sell or threaten to use the malware in Pennsylvania. 

Penalties set for the newly imposed ransomware offenses vary depending on how much money is being exploited. While some violations are classed as first-degree misdemeanors, others have been designated a first-degree felony.

While prohibiting state and local governments from spending taxpayers’ dollars on cyber ransoms generally, the legislation allows this practice to go ahead should a declaration of disaster emergency be made and authorized by the governor.

Under the new legislation, state agencies, including the General Assembly, local government entities, school districts, state-related universities, community colleges and charter and cyber schools are required to notify the Office of Administration of ransomware attacks within an hour of discovery. Commonwealth agencies must report ransomware within two hours. 

The Office of Administration is required to notify the FBI of ransomware attacks within 24 hours. In addition, the office must submit an annual report to the General Assembly on ransomware attacks. 

The bill’s primary sponsor, senator Kristin Phillips-Hill, said: “We have seen an increase in ransomware attacks in governmental entities at all levels, as well as against critical infrastructure across the United States.

“We know that these attacks will grow as technology used by criminals becomes more sophisticated.” 

She added: “This legislation draws a line in the sand to say that taxpayers will not pay the ransom requested by entities seeking to illegally extort cash from hard-working Pennsylvanians.”

On January 19, the Senate of Pennsylvania also approved legislation that would create a new Office of Information Technology and require cybersecurity best practices across state agencies.

The new office would manage and maintain IT procurement within state agencies and establish a strategic plan for future IT projects across state government.

Read More

News

Crime Shop Sells Hacked Logins to Other Crime Shops

Read Time:2 Minute, 43 Second

Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.

Criminals ripping off other crooks is a constant theme in the cybercrime underworld; Accountz Club’s slogan  — “the best autoshop for your favorite shops’ accounts” — just normalizes this activity by making logins stolen from users of various cybercrime shops for sale at a fraction of their account balances.

The site says it sells “cracked” accounts, or those that used passwords which could be easily guessed or enumerated by automated tools. All of the credentials being sold by Accountz provide access to services that in turn sell access to stolen information or hijacked property, as in the case of “bot shops” that resell access to infected computers.

One example is Genesis Market, where customers can search for stolen credentials and authentication cookies from a broad range of popular online destinations. Genesis even offers a custom-made web browser where you can load authentication cookies from botted PCs and waltz right into the account without having to enter a username or password or mess with multi-factor authentication.

Accountz is currently selling four different Genesis logins for about 40-50 percent of their unspent balances. Genesis mostly gets its inventory of botted computers and stolen logins from resellers who specialize in deploying infostealer malware via email and booby-trapped websites. Likewise, it appears Accountz also derives much of its stock from a handful of resellers, who presumably are the same ones doing the cybercrime service account cracking.

The Genesis bot shop.

In essence, Accountz customers are paying for illicit access to cybercrime services that sell access to compromised resources that can be abused for cybercrime. That’s seriously meta.

Accountz says its inventory is low right now but that it expects to offer a great deal more stock in the coming days. I don’t doubt that’s true, and it’s somewhat remarkable that services like this aren’t more common: From reporting my “Breadcrumbs” series on prominent cybercrime actors, it’s clear that a great many cybercriminals will use the same username and password across multiple services online.

What’s more, relatively few cybercrime shops online offer their users any sort of multi-factor authentication. That’s probably because so few customers supply their real contact information when they sign up. As a result, it is often far easier for customers to simply create a new account than it is to regain control over a hacked one, or to change a forgotten password. On top of that, most shops have only rudimentary tools for blocking automated login attempts and password cracking activity.

It will be interesting to see whether any of the cybercrime shops most heavily represented in the logins for sale at Accountz start to push back. After all, draining customer account balances and locking out users is likely to increase customer support costs for these shops, lower customer satisfaction, and perhaps even damage their reputations on the crime forums where they peddle their wares.

Oh, the horror.

Read More