Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for How to avert an evil ...

 Business

An evil-maid attack is just about the most primitive type of attack there is, but it’s also one of the most unpleasant. Preying on unattended devices, the “evil maid” tries to steal secret information or install spyware or remote access tools to gain access to the corporate network. Here’s how   show more ...

to stay safe from intruder actions. Classic example In December 2007, a delegation from the US Department of Commerce traveled to Beijing for talks on a joint counterpiracy strategy. On return to the US, however, the commerce secretary’s laptop contained spyware whose installation would have required physical access to the computer. The owner of the laptop said he’d had the device with him at all times during the negotiations, and had left it in his hotel room — in the safe — only while dining downstairs. In theory, a pro can compromise a device in 3 to 4 minutes, but that sort of thing tends to occur when the computer is left unattended and unlocked (or not password-protected). But even with basic security measures in place, an evil-maid attack still has a chance. How attackers gain access to information Loads of ways exist to get to critical information. They depend on the age of the computer and the security software on it. For example, older machines that do not support Secure Boot are bootable from external drives and therefore are defenseless against evil-maid attacks. Modern PCs tend to come with Secure Boot activated by default. Communication ports that support fast data exchange or direct interaction with device memory can serve as siphons for extracting personal or corporate secrets. Thunderbolt, for example, achieves its high speed of data transmission through direct access to memory — which opens the door to evil-maid attacks. Last spring, computer security expert Björ­n Ruytenberg shared a way he’d found to hack any Thunderbolt-enabled Windows or Linux device, even one locked and with connections by unfamiliar devices through external ports disabled. Ruytenberg’s method, dubbed Thunderspy, assumes physical access to the gadget and involves rewriting the firmware of the controller. Thunderspy requires the attacker to reprogram the Thunderbolt chip with their version of the firmware. The new firmware disables built-in protection, and the attacker gains full control over the device. In theory, the Kernel Direct Memory Access Protection policy patches the vulnerability, but not everyone uses it (and those with Windows versions prior to 10 couldn’t). However, Intel announced a solution to the problem: Thunderbolt 4. Good old USB can also serve as an attack channel. A miniature device, inserted into a USB port, becomes active when the user turns on the computer and execute BadUSB attack. If the information they’re after is particularly valuable, cybercriminals might even attempt the difficult and costly task of stealing the device and replacing it with a similar one that already contains spyware. Sure, the spoofing will be revealed soon enough, but most likely not until after the victim enters their password. Fortunately, as we said, pulling off that switch is both difficult and expensive. How to minimize your risk The easiest and most reliable way to guard against evil-maid attacks is to keep your device where only you can access it. Don’t leave it in a hotel room if you can help it, for example. If your employees have to go on business trips with work laptops, however, here are some steps you can take to mitigate the risk: Deploy temporary laptops with no access to critical corporate systems or work data, and then format the hard drive and reinstall the operating system after each trip; Require employees to turn off work laptops that must be left unattended; Encrypt the hard drives of any computers that leave the office building; Use security solutions that block suspicious outgoing traffic; Ensure your security solution detects BadUSB attacks (Kaspersky Endpoint Security for Business does); Update all software, especially the operating system, in a timely manner; Restrict direct access to device memory through FireWire, Thunderbolt, PCI, and PCI Express ports on every device that allows it.

image for IRS to Make ID Prote ...

 Security Tools

The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only   show more ...

to those who fill out an ID theft affidavit, or to taxpayers who’ve experienced tax refund fraud in previous years. Tax refund fraud is a perennial problem involving the use of identity information and often stolen or misdirected W-2 forms to electronically file an unauthorized tax return for the purposes of claiming a refund in the name of a taxpayer. Victims usually first learn of the crime after having their returns rejected because scammers beat them to it. Even those who are not required to file a return can be victims of refund fraud, as can those who are not actually due a refund from the IRS.   Many of the reasons why refund fraud remains a problem have to do with timing, and some of them are described in more detail here. But the short answer is the IRS is under tremendous pressure to issue refunds quickly and to minimize “false positives” (flagging legitimate claims as fraud) — even when it may not yet have all of the information needed to accurately distinguish phony filings from legitimate ones. One way the IRS has sought to stem the flow of bogus tax refund applications is to issue the IP PIN, which is a six-digit number assigned to eligible taxpayers to help prevent the use of their Social Security number on a fraudulent income tax return. Each PIN is good only for the tax year for which it was issued. But up until now, the IRS has restricted who can apply for an IP PIN, although it has over the past few years issued them proactively to some taxpayers as part of a multi-state experiment to determine if doing so more widely might reduce the overall incidence of refund fraud. The IRS says it will make its Get IP PIN tool available to all taxpayers in mid-January. Until then, if you haven’t already done so you should plant your flag at the IRS by stepping through the agency’s “secure access authentication” process. Creating an account requires supplying a great deal of personal data; the information that will be requested is listed here. The signup process requires one to validate ownership of a mobile phone number in one’s name, and it will reject any voice-over-IP-based numbers services such as those tied to Skype or Google Voice. If the process fails at this point, the site should offer to send an activation code via postal mail to your address on file.

image for Why Workers Aren’t ...

 Business + Partners

According to data from a recent report, only 60% of office workers worldwide believe their company is resilient against cyberattacks. Nearly one in four (23%) admit to not knowing, while nearly one in five (18%) flat-out think it isn’t. In the anonymous, write-in responses to the survey, many workers agreed that   show more ...

their employers could be doing more to support them and ensure their security. When asked to elaborate on why they didn’t believe their company was resilient against attacks, the most-repeated answers were along the following lines: My company has been hacked before.My company doesn’t prioritize security/security spend.My company’s equipment and software are poorly maintained.My company outsources its security, so we have no direct control.I still get phishing emails. Our filtering must not be good enough. These types of responses highlight two things: a general lack of faith in the company’s security and the perception that companies aren’t investing enough in security systems OR their employees. When considered alongside another question from the survey, there seems to be a third factor at play: there is also confusion as to who should be responsible for a company’s cyber resilience in the first place. Overall, only 14% of office workers worldwide consider cyber resilience to be a responsibility all employees share. If workers also feel their companies don’t invest enough in them or the tools that protect them, it makes sense that they might not feel like cyber resilience is something they should worry about. If a person feels their employer doesn’t value them appropriately or empower them with the right tools to do their jobs, then the notion of having to expend one’s own time and energy on the company’s security could rankle. So how do you overcome the challenge of personal investment? How to empower your people and your security Investment Dr. Prashanth Rajivan, cybersecurity and human behavior expert, says businesses that want to foster a feeling of personal investment must first tackle the notion of shared responsibility. He explains that, when people perceive themselves to have a greater responsibility to others, their average level of willingness to engage in risky behavior decreases. “If you’re asking individuals to make changes to their own behavior for the greater safety of all, then you need to make it clear that you are willing to invest in them. By creating a feeling of personal investment in the individuals who make up a company, you encourage the employees to return that feeling of investment toward their workplace. That’s a huge part of ensuring that cybersecurity is part of the culture.” – Prashanth Rajivan, Ph.D. One way to both empower your workforce to become a strong first line of defense while also demonstrating investment is by implementing a security awareness training program with phishing simulations, as well as giving employees enough time to carefully and thoughtfully complete the learning exercises and understand any applicable feedback. Consistency According to Phil Karcher, principal product manager in charge of Webroot® Security Awareness Training, running regular, up-to-date training on an ongoing basis is one of the best ways to help end users avoid attacks and become a strong first line of defense for the company as a whole. “Data from Webroot® Security Awareness Training shows that, if you want people to make lasting changes to their behavior, you have to run consistent, relevant training courses and phishing simulations that are also varied enough that people won’t get bored or find them predictable. Running a second simulation makes a dramatic impact — and it only gets better from there.”– Philipp Karcher, principal product manager, Carbonite + Webroot, OpenText Companies Number of Phishing SimulationsClick-through Rate111%2-38%4-106%11-145%15-174% Feedback Dr. Rajivan also reminds us that human behavior is shaped by experience and reinforcement. He and Phil agree that consistency is key for empowering your workforce to become more resilient. But Dr. Rajivan also stresses the importance of feedback over consequences. “Without appropriate feedback, no amount of training will be effective. And because the average person handles uncertainty poorly, training must include a variety of different scenarios. Human behavior is shaped through varied experiences, with a mix of positive and negative outcomes and applicable feedback.This feedback and incentive structure needs to be carefully calibrated. Too much could lead to heightened anxiety and false alarms, but too little could lead to underweighted risk, i.e. people knowing the correct actions, but not taking them.”– Prashanth Rajivan, Ph.D. Next steps As phishing attacks continue to be a primary way that businesses get breached, the need for consistent end user education is clear. And by implementing a regular training regimen, you can demonstrate care and investment in your people, educate employees on scams, risks and what to do if the unthinkable happens, and successfully build cyber resilience into your overall company culture. To take the first step towards cyber resilience and trial an engaging Security Awareness Training program, Take a Free Trial.   The post Why Workers Aren’t Confident in their Companies’ Security (and What to Do About it) appeared first on Webroot Blog.

 Threat Intel & Info Sharing

Cybercriminals are using a recently registered lookalike domain in a phishing campaign targeting United States organizations, FINRA (the Financial Industry Regulatory Authority) warns.

 Identity Theft, Fraud, Scams

It appears as if the non-profit was hit by a classic BEC scam, where attackers compromise an employee’s email account and then silently monitor messages sent back and forth.

 Breaches and Incidents

US retail department store Kmart has suffered a ransomware attack that impacted the back-end services at the company. A ransom note shows that the 'KMART' Windows domain was compromised in the attack.

 Threat Intel & Info Sharing

Among the educational establishments to be hit by the Shadow Academy campaign are Louisiana State University in the US and Oxford, Brighton, and Wolverhampton Universities in the United Kingdom.

 Malware and Vulnerabilities

VMware has patched a zero-day bug that was disclosed in late November – an escalation-of-privileges flaw that impacts Workspace One and other platforms, for both Windows and Linux operating systems.

 Feed

A session token vulnerability has been discovered in VestaCP version 0.9.8-26. The vulnerability allows remote attackers to gain unauthenticated or unauthorized access by client-side token manipulation.

 Feed

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

 Feed

Whitepaper called Encrypted Linux x86-64 Loadable Kernel Modules (ELKM). The aim is to protect kernel-based rootkits and implants against observation by EndpointDetection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling.

 Feed

Savsoft Quiz version 5 suffers from a persistent cross site scripting vulnerability. This finding differs from the original discovery of persistent cross site scripting in this version found originally by th3d1gger.

 Feed

A global spear-phishing campaign has been targeting organizations associated with the distribution of COVID-19 vaccines since September 2020, according to new research. Attributing the operation to a nation-state actor, IBM Security X-Force researchers said the attacks took aim at the vaccine cold chain, companies responsible for storing and delivering the COVID-19 vaccine at safe temperatures.

 Feed

There is no question that attackers are going after your sensitive account data. Passwords have long been a target of those looking to compromise your environment. Why would an attacker take the long, complicated way if they have the keys to the front door? No matter how extensive your security solutions are, protecting the various systems in your environment, your organization may likely be an

 Feed

Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US. Dubbed "PowerPepper" by Kaspersky researchers, the malware has been attributed to the DeathStalker group (formerly called

 Data loss

Passengers on Vancouver's transit system were unable to use their credit and debit cards for ticket payments after the service was badly hit by a ransomware attack. TransLink, the public transport operator in Vancouver, Canada, first indicated its IT systems were suffering problems on 1 December, when it said it   show more ...

was "investigating an issue." That "issue" turned out to be the Egregor ransomware, which hijacked TransLink's printers and spewed out a ransom note. Read more in my article on the Hot for Security blog.

 Industry Intel

Biological Worries Over Malware Attacks Researchers have recently unveiled the latest potential victim for malware authors: biological laboratories. By illicitly accessing these facilities, hackers may be able to digitally replace sections of DNA strings, causing unexpected results when biologists go to create or   show more ...

experiment with these compounds. While it is fortunate that this specific targeted attack was simulated in a closed environment, it brought to light the extreme focus that a cyber-attack may be capable of implementing, and the lengths some attackers may go to accomplish their goal. SMS App Exposes Messages of Millions Despite the weeks of effort from the developer, GO SMS Pro an instant messaging app with over 100 million users is still suffering from messages being leaked. What originated as a bug has left the messaging app critically flawed for upwards of three months, with no clear signs of resolution, as even new versions of the app have been unable to rectify the problem. The researchers who discovered the flaw were able to view video and picture messages, along with other private messages, due to the URL shortening that occurs when the messages are sent to contacts that don’t have the app installed. Colorado Health Service Provider Suffers Patient Data Breach Sometime during the middle of September, the Colorado-based health service provider AspenPointe suffered a data breach that may have compromised the sensitive health information of nearly 300,000 patients. The facility noticed the unauthorized access over a two-week period, but only began notifying patients of the breach in the third week of November. Officials have also confirmed that everything from names to medical history, and other highly sensitive personal information was stolen, though no reports of misuse have yet arisen. Ransomware Shuts Down Alabama School District The Huntsville City school district, one of the largest in Alabama, has been forced to close all operations following a ransomware attack that took place as students and staff were returning from Thanksgiving break. District officials worked quickly to take all devices offline, be them computers or smart phones, to stop the spread of the attack. Students were also sent home early, with no firm statement on when classes would resume, as the attack could take them days or weeks to recover from. Five Arrested in Louisiana Child Crime Sweep At least 5 individuals have been arrested by the Louisiana Cyber Crime Unit, following an investigation into the online exploitation of children. By tracing IP addresses and even simply viewing social media profiles of all 5 individuals, law enforcement agents have been able to confirm charges of possession or creation of child pornography, thus removing another group of child predators from the general population. The post Cyber News Rundown: Biological Worries Over Malware Attacks appeared first on Webroot Blog.

2020-12
Aggregator history
Friday, December 04
TUE
WED
THU
FRI
SAT
SUN
MON
DecemberJanuaryFebruary