Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Transatlantic Cable ...

 News

Dave and I kick off this episode of the Transatlantic Cable podcast with one of our favorite topics: Facebook. In this tale, the Silicon Valley titan is locked in a battle with Ireland’s Data Protection Commission about sharing European data with US servers. Facebook has threatened to pull out of the region   show more ...

entirely. Let’s hope we have enough popcorn to watch this one play out. From there, it’s a sad story out of Germany. Over the past week, we followed the story of a patient who died after having to be redirected from a hospital because it was hit with ransomware. From there, we take a few minutes to review the new documentary The Social Dilemma. For those who haven’t heard about it yet, the film takes a look at some negative aspects of social networks — and our discussion contains some spoilers. To close out the show, we look at the millions of people still getting DVDs by mail from Netflix. If you liked the podcast, please consider subscribing or sharing with your friends, and for more information on the stories we covered, visit the links below: Facebook says it will stop operating in Europe if regulators don’t back down Hospital patient dies following botched ransomware attack The Social Dilemma: Take action Defending digital privacy: taking personal protection to the next level Have you ever considered data as currency? Why are 2 million people still getting Netflix DVDs by mail?

image for Govt. Services Firm ...

 Ransomware

Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but their response so far is   show more ...

straight out of the playbook for responding to ransomware incidents. Plano, Texas-based Tyler Technologies [NYSE:TYL] has some 5,300 employees and brought in revenues of more than $1 billion in 2019. It sells a broad range of services to state and local governments, including appraisal and tax software, integrated software for courts and justice agencies, enterprise financial software systems, public safety software, records/document management software solutions and transportation software solutions for schools. Earlier today, the normal content on tylertech.com was replaced with a notice saying the site was offline. In a statement provided to KrebsOnSecurity after the markets closed central time, Tyler Tech said early this morning the company became aware that an unauthorized intruder had gained access to its phone and information technology systems. “Upon discovery and out of an abundance of caution, we shut down points of access to external systems and immediately began investigating and remediating the problem,” Tyler’s Chief Information Officer Matt Bieri said. “We have since engaged outside IT security and forensics experts to conduct a detailed review and help us securely restore affected equipment. We are implementing enhanced monitoring systems, and we have notified law enforcement.” “At this time and based on the evidence available to us to-date, all indications are that the impact of this incident is limited to our internal network and phone systems,” their statement continues. “We currently have no reason to believe that any client data, client servers, or hosted systems were affected.” While it may be comforting to hear that last bit, the reality is that it is still early in the company’s investigation. Also, ransomware has moved well past just holding a victim firm’s IT systems hostage in exchange for an extortion payment: These days, ransomware purveyors will offload as much personal and financial data that they can before unleashing their malware, and then often demand a second ransom payment in exchange for a promise to delete the stolen information or to refrain from publishing it online. Tyler Technologies declined to say how the intrusion is affecting its customers. But several readers who work in IT roles at local government systems that rely on Tyler Tech said the outage had disrupted the ability of people to pay their water bills or court payments. “Tyler has access to a lot of these servers in cities and counties for remote support, so it was very thoughtful of them to keep everyone in the dark and possibly exposed if the attackers made off with remote support credentials while waiting for the stock market to close,” said one reader who asked to remain anonymous. Depending on how long it takes for Tyler to recover from this incident, it could have a broad impact on the ability of many states and localities to process payments for services or provide various government resources online. Tyler Tech has pivoted on the threat of ransomware as a selling point for many of its services, using its presence on social media to promote ransomware survival guides and incident response checklists. With any luck, the company was following some of its own advice and will weather this storm quickly.

image for Microsoft: Attackers ...

 Other

Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsoft’s warning comes just days after the U.S. Department of Homeland Security issued   show more ...

an emergency directive instructing all federal agencies to patch the vulnerability by Sept. 21 at the latest. DHS’s Cybersecurity and Infrastructure Agency (CISA) said in the directive that it expected imminent exploitation of the flaw — CVE-2020-1472 and dubbed “ZeroLogon” — because exploit code which can be used to take advantage of it was circulating online. Last night, Microsoft’s Security Intelligence unit tweeted that the company is “tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon vulnerability.” “We have observed attacks where public exploits have been incorporated into attacker playbooks,” Microsoft said. “We strongly recommend customers to immediately apply security updates.” Microsoft released a patch for the vulnerability in August, but it is not uncommon for businesses to delay deploying updates for days or weeks while testing to ensure the fixes do not interfere with or disrupt specific applications and software. CVE-2020-1472 earned Microsoft’s most-dire “critical” severity rating, meaning attackers can exploit it with little or no help from users. The flaw is present in most supported versions of Windows Server, from Server 2008 through Server 2019. The vulnerability could let an unauthenticated attacker gain administrative access to a Windows domain controller and run an application of their choosing. A domain controller is a server that responds to security authentication requests in a Windows environment, and a compromised domain controller can give attackers the keys to the kingdom inside a corporate network. Scott Caveza, research engineering manager at security firm Tenable, said several samples of malicious .NET executables with the filename ‘SharpZeroLogon.exe’ have been uploaded to VirusTotal, a service owned by Google that scans suspicious files against dozens of antivirus products. “Given the flaw is easily exploitable and would allow an attacker to completely take over a Windows domain, it should come as no surprise that we’re seeing attacks in the wild,” Caveza said. “Administrators should prioritize patching this flaw as soon as possible. Based on the rapid speed of exploitation already, we anticipate this flaw will be a popular choice amongst attackers and integrated into malicious campaigns.”

image for Public Sector Mega-V ...

 Business

Tyler Technologies, the U.S.’s largest provider of software and services to the public sector said on Wednesday that it was hacked by unknown assailants, who gained “unauthorized access” to the company’s IT and phone systems. Tyler, which sells software that supports a wide range of public   show more ...

sector functions such as...Read the whole entry... » Related StoriesSpotlight Podcast: Taking a Risk-Based Approach to Election SecuritySpotlight Podcast: QOMPLX CISO Andy Jaquith on COVID, Ransomware and Resilience401(k) Cyber Fraud Is Growing. Everyone Could Be Liable

 Malware and Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency is warning of an uptick in attacks using LokiBot, an information stealer capable of sweeping up credentials.

 Trends, Reports, Analysis

Amidst rising tensions with China, a combination of economic, political, and social factors is driving an increase in cyber threat activity out of India, according to researchers.

 Trends, Reports, Analysis

The median number of flaws per asset affecting manufacturing firms is 10, slightly higher than in other industries (7). However, they are lagging behind the average in “remediation velocity.”

 Incident Response, Learnings

In a year-long investigation, federal and New South Wales police in Australia say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials.

 Trends, Reports, Analysis

A steady blitz of large-scale cybersecurity breaches in recent years have flooded the dark web with credentials that are used in subsequent attacks such as those on Reddit and State Farm.

 Trends, Reports, Analysis

Identity management vendor Centrify surveyed 200 business decision makers in large and medium-sized UK firms in September, in order to assess the impact of the pandemic on IT organizations.

 Identity Theft, Fraud, Scams

The scam first shows you some cheery messages from a fake Apple chatbot to tell you why you had enough luck to be chosen to take part in an iPhone 12 trial, and then it invites you.

 Incident Response, Learnings

For the second time this week, federal regulators have doled out a hefty financial penalty as a part of a HIPAA settlement after an investigation of a breach tied to a hacking incident.

 Trends, Reports, Analysis

In H1 2020, Group-IB found that 43% of malicious emails had spyware as attachments or links that led to their download. Ransomware had a share of less than 1% among the malicious emails.

 Trends, Reports, Analysis

Cisco published a report based on MITRE ATT&CK classifications combined with IoCs revealing fileless threats as the most common attack vector used against enterprises over the first half of 2020.

 Trends, Reports, Analysis

Over the past few years, the increasing number of mercenary groups that exhibit hacker-for-hire services has become a trend driven by the public release and commoditization of APT-like TTPs.

 Feed

Ubuntu Security Notice 4539-1 - Andrew Bartlett discovered that DAViCal Andrew's Web Libraries did not properly manage session keys. An attacker could possibly use this issue to impersonate a session.

 Feed

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

 Feed

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

 Feed

Ubuntu Security Notice 4536-1 - Youssouf Boulouiz discovered that SPIP incorrectly handled login error messages. A remote attacker could potentially exploit this to conduct cross-site scripting attacks. Gilles Vincent discovered that SPIP incorrectly handled password reset requests. A remote attacker could possibly   show more ...

use this issue to cause SPIP to enumerate registered users. Guillaume Fahrner discovered that SPIP did not properly sanitize input. A remote authenticated attacker could possibly use this issue to execute arbitrary code on the host server. Various other issues were also addressed.

 Feed

Ubuntu Security Notice 4538-1 - Vaisha Bernard discovered that PackageKit incorrectly handled certain methods. A local attacker could use this issue to learn the MIME type of any file on the system. Sami Niemimäki discovered that PackageKit incorrectly handled local deb packages. A local user could possibly use this issue to install untrusted packages, contrary to expectations.

 Feed

Ubuntu Security Notice 4537-1 - Vaisha Bernard discovered that Aptdaemon incorrectly handled the Locale property. A local attacker could use this issue to test for the presence of local files.

 Feed

Red Hat Security Advisory 2020-3835-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2020-3832-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2020-3833-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2020-3834-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.

 Feed

Ubuntu Security Notice 4535-1 - Gabriel Corona discovered that RDFLib did not properly load modules on the command-line. An attacker could possibly use this issue to cause RDFLib to execute arbitrary code.

 Feed

Red Hat Security Advisory 2020-3806-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.2.6.SP2 serves as a replacement for Red Hat support   show more ...

for Spring Boot 2.2.6.SP1, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include cross site scripting and denial of service vulnerabilities.

 Feed

Ever wonder how hackers can hack your smartphone remotely? In a report shared with The Hacker News today, Check Point researchers disclosed details about a critical vulnerability in Instagram's Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image. What's more worrisome is that the flaw not only lets attackers

 Law & order

Why are Zoom and Twitter making some people disappear? How are Counter-Strike: Global Offensive cheats getting their just desserts? And the founder of a anti cyber-fraud firm is charged with fraud. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

 Business + Partners

Reading Time: ~ 5 min. Guest blog by Mit Patel, Managing Director of London based IT Support company, Netstar. In this article, Webroot sits down with Mit Patel, Managing Director of London-based MSP partner, Netstar, to discuss the topic of remote work during a pandemic and tips to stay cyber resilient. Why is it   show more ...

important to be cyber resilient, specifically when working remote? It’s always important to be cyber resilient, but a lot has changed since the start of the COVID-19 lockdown that needs to be taken into consideration. Remote work has posed new problems for businesses when it comes to keeping data secure. Since the start of lockdown, there has been a significant increase in phishing scams, ransomware attacks and malicious activity. Scammers now have more time to innovate and are using the widespread anxiety of coronavirus to target vulnerable people and businesses. Moreover, the sudden shift in working practices makes the pandemic a prime time for cyber-attacks. Employees can no longer lean over to ask a colleague if they are unsure about the legitimacy of an email or web page. Instead, they need to be confident in their ability to spot and avoid potential security breaches without assistance. Remote work represents a significant change that can’t be ignored when it comes to the security of your business. Instead, businesses need to be extra vigilant and prioritise their cyber resilience. What does cyber resilience mean to you? It’s important to differentiate between cyber resilience and cyber security. Cyber security is a component of cyber resilience, referring to the technologies and processes designed to prevent cyber-attacks. Whereas, I believe cyber resilience goes a step further, referring to the ability to prevent, manage and respond to cyber threats. Cyber resilience recognises that breaches can and do happen, finding effective solutions that mean businesses recover quickly and maintain functionality. The main components of cyber resilience include, training, blocking, protecting, backing up and recovering. When all these components are optimised, your cyber resilience will be strong, and your business will be protected and prepared for any potential cyber threats. Can you share some proactive methods for staying cyber resilient when working remote? Absolutely. But it’s important to note that no solution is 100% safe and that a layered approach to IT security is necessary to maximise protection and futureproof your business. Get the right antivirus software. Standard antivirus software often isn’t enough to fully protect against viruses. Businesses need to consider more meticulous and comprehensive methods. One of our clients, a licensed insolvency practitioner, emphasized their need for software that will ensure data is protected and cyber security is maximised. As such, we implemented Webroot SecureAnywhere AnitVirus, receiving excellent client feedback, whereby the client stressed that they can now operate safe in the knowledge that their data is secure. Protect your network. DNS Protection is a critical layer for your cyber resilience strategy. DNS will protect you against threats such as malicious links, hacked legitimate websites, phishing attacks, CryptoLocker and other ransomware attacks. We have implemented DNS Protection for many of our clients, including an asset management company that wanted to achieve secure networks with remote working capability. In light of the current remote working situation, DNS Protection should be a key consideration for any financial business looking to enhance their cyber resilience. Ensure that you have a strong password policy. Keeping your passwords safe is fundamental for effective cyber resilience, but it may not be as simple as you think. Start by making sure that you and your team know what constitutes a strong password. At Netstar, we recommend having a password that: Is over 10 characters longContains a combination of numbers, letters and symbolsIs unpredictable with no identifiable words (even if numbers or symbols are substituted for letters) You should also have different passwords for different logins, so that if your security is compromised for any reason, hackers can only access one platform. To fully optimise your password policy, you need to consider multi-factor authentication. Multi-factor authentication goes a step further than the traditional username-password login. It requires multiple forms of identification in order to access a certain email account, website, CRM etc. This will include at least two of the following: Something you know (e.g. a password)Something you have (e.g. an ID badge)Something you are (e.g. a fingerprint) Ensure that you have secure tools for communication. Collaboration tools, like Microsoft Teams, are essential for remote working. They allow you to communicate with individuals, within teams and company-wide via audio calls, video calls and chat. When it comes to cyber resilience, it’s essential that your team know what is expected of them. You should utilise collaboration tools to outline clear remote working guidance to all employees. For example, we would recommend discouraging employees from using personal devices for work purposes. The antivirus software installed on these devices is unlikely to be of the same quality as the software installed on work devices, so it could put your business at risk. Furthermore, you need to be confident that your employees can recognise and deal with potential security threats without assistance. Individuals can no longer lean across to ask a colleague if they’re unsure of the legitimacy of something. They need to be able to do this alone. Security awareness training is a great solution for this. It will teach your team about the potential breaches to look out for and how to deal with them. This will cover a range of topics including, email phishing, social media scams, remote working risks and much more. Moreover, courses are often added and updated, meaning that your staff will be up to date with the latest scams and cyber threats. Implement an effective backup and disaster recovery strategy Even with every preventive measure in place, things can go wrong, and preparing for disaster is crucial for effective cyber resilience. In fact, a lot of companies that lose data because of an unexpected disaster go out of business within just two years, which is why implementing an effective backup and disaster recovery strategy is a vital layer for your cyber resilience strategy. First, we advise storing and backing up data using an online cloud-based system. When files are stored on the cloud, they are accessible from any device at any time. This is particularly important for remote working; it means that employees can collaborate on projects and access necessary information quickly and easily. It also means that, if your device is wiped or you lose your data, you can simply log in to your cloud computing platform and access anything you might need. Thus, data can easily be restored, and you’re protected from potential data loss. Overall, disaster recovery plans should focus on keeping irreplaceable data safe. Consider what would happen to your data in the event of a disaster. If your office burned down, would you be confident that all your data would be protected? You should be working with an IT support partner that can devise an effective and efficient disaster recovery plan for your business. This should set out realistic expectations for recovery time and align with your insurance policy to protect any loss of income. Their goal should be to get your business back up and running as quickly as possible, and to a high standard (you don’t want an IT support partner that cuts corners). Lastly, your IT support provider should regularly test your strategy, making sure that if disaster did occur, they could quickly and effectively restore the functionality of your business. What else should fellow MSPs keep in mind during this trying time? In the last four years, cyber resilience has become increasingly important; there are so many more threats out there, and so much valuable information that needs protecting. We have happy clients because their machines run quickly, they experience less IT downtime, and they rarely encounter viruses or malicious activity. We know that we need to fix customers’ problems quickly, while also ensuring that problems don’t happen in the first place. Innovation is incredibly important to us, which is why we’ve placed a real focus on proactive client advisory over the last 24 months. That’s where a strong cyber resilience strategy comes into play. MSPs need to be able to manage day-to-day IT queries, while also focusing on how technology can help their clients grow and succeed in the future.There is plenty of advice around the nuts and bolts of IT but it’s the advisory that gives clients the most value. As such, MSPs should ensure they think like a customer and make technological suggestions that facilitate overall business success for their clients. The post MSP Insight: Netstar Shares Cyber Resilience Strategies for Remote Work appeared first on Webroot Blog.

2020-09
Aggregator history
Thursday, September 24
TUE
WED
THU
FRI
SAT
SUN
MON
SeptemberOctoberNovember