Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Techniques, tactics  ...

 Business

Kaspersky experts conducted an in-depth analysis of the tactics, techniques, and procedures of the eight most common ransomware groups — Conti/Ryuk, Pysa, Clop, Hive, Lockbit2.0, RagnarLocker, BlackByte, and BlackCat. Comparing the methods and tools of attackers at different stages of attacks, they concluded that   show more ...

many groups operate rather similarly. This permits creation of effective universal countermeasures for protecting a companys infrastructure from ransomware. The study, with detailed analysis of all techniques and examples of their use in the wild, can be found in the Common TTPs of Modern Ransomware Groups report. It also contains rules for detecting malicious techniques in the SIGMA format. The report is intended primarily for SOC analysts, threat-hunting and threat-intelligence experts, and incident response and investigation specialists. However, our researchers also collated some best practices for countering ransomware from various sources in the report. Here are some of them: Intrusion prevention The ideal prevention option is to stop a ransomware attack before the threat gets inside the corporate perimeter. The following measures help reduce the risk of intrusion: Filtering of incoming traffic. Filtering policies should be implemented on all perimeter devices — routers, firewalls, IDS systems. And dont forget about mail filtering from spam and phishing: its wise to use a sandbox to validate email attachments. Blocking of malicious websites. Restricting access to known malicious websites; for example, by implementing intercepting proxy servers. Its also worth using threat Intelligence data feeds to maintain up-to-date lists of cyberthreats. Using deep packet inspection (DPI). A DPI-class solution at the gateway level allows you to check traffic for malware. Blocking malicious code. Using signatures to block malware. RDP protection. Disabling RDP wherever possible. If for some reason you cant stop using it, place systems with an open RDP port (3389) behind a firewall, and allow access to them only through a VPN. Multi-factor authentication. Using multi-factor authentication, strong passwords, and automatic account lockout policies at all points that can be accessed remotely. Listing allowed connections. Enforcing IP allow-listing using hardware firewalls. Fixing known vulnerabilities. Timely installing patches for vulnerabilities in remote access systems and devices with a direct connection to the internet. The report also contains practical advice on protection against exploitation and lateral movement, as well as recommendations for countering data leaks and preparing for an incident. Additional protection In order to arm enterprises with additional tools that can help eliminate an attack spread-path as early as possible and investigate an incident, weve also updated our EDR solution. The new version, suitable for enterprises with mature IT-security processes, is called Kaspersky Endpoint Detection and Response Expert. It can be deployed via the cloud or on-premise. You can learn more about the capabilities of this solution here.

image for The Concerning Stati ...

 Companies

Are cyber professionals as good at protecting their mental health as their IT environments? Thomas Kinsella, COO of Tines, talks about the worrying mental health statistics in cyber and how to protect your team. The post The Concerning Statistics About Mental Health in Cybersecurity appeared first on The Security   show more ...

Ledger with Paul F. Roberts. Related StoriesIdentity Fraud: The New Corporate BattlegroundUnderstanding the Economic Impact of Credential Stuffing AttacksHow to Bring the Power of No-Code Security Automation to Your Team in 2022

 Govt., Critical Infrastructure

When it comes to cybersecurity in state and local government, industry experts point to myriad challenges, including ransomware attacks, open-source software vulnerabilities, phishing emails, outdated legacy code, and other issues.

 Threat Actors

A new ToddyCat APT has been targeting Microsoft Exchange servers since December 2020, across Asia and Europe, revealed security experts form Trend Micro. The group leveraged a new trojan malware, named Ninja Trojan, and a passive backdoor, named Samurai. Organizations are suggested to make use of threat intelligence services to stay abreast of new threats and secure their networks.

 Malware and Vulnerabilities

The exploit entailed two HTTP GET requests — which are used to retrieve a specific resource from a server — to trigger remote code execution by fetching rogue commands from the attacker-controlled infrastructure.

 Identity Theft, Fraud, Scams

This is clearly a technique that is working for phishers no matter the location. NFT NYC describes itself as “the leading annual non-fungible token event”. Users reported scam billboards in NYC with QR codes leading to wallet drainer sites.

 Identity Theft, Fraud, Scams

The UK’s National Health Service (NHS) has warned the public about a spate of fake messages, sent out as SMS text messages, fraudulently telling recipients that they have been exposed to the Omicron variant of COVID-19.

 Identity Theft, Fraud, Scams

Resecurity spotted a surge in phishing messages delivered via Azure Front Door, Microsoft’s cloud CDN service. Most of the content targeted Amazon, SendGrid, and Docusign customers. Through well-known cloud services the criminals are constantly trying to evade detection of their phishing attacks by posing themselves as legitimate.

 Malware and Vulnerabilities

Microsoft claimed that hackers are increasingly deploying malware, including QBot, Emotet, Bazarloader, and ICEID, through infected LNK files. To distribute LNK files to victims, threat actors use spam emails and malicious URLs. Users should exercise caution when opening dangerous links and attachments in phishing emails.

 Govt., Critical Infrastructure

According to Akamai, that has been following the situation, the fertile ground for the bot was created by a backlog of over 700,000 passport applications on the Ministry of the Interior, resulting from the lifting of travel restrictions.

 Trends, Reports, Analysis

Privacy Affairs researchers concluded criminals using the dark web need only spend $1,115 for a complete set of a person’s account details, enabling them to create fake IDs and forge private documents, such as passports and driver’s licenses.

 Feed

Ubuntu Security Notice 5492-1 - It was discovered that Vim incorrectly handled memory when opening and searching the contents of certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash.

 Feed

Ubuntu Security Notice 5487-3 - USN-5487-1 fixed several vulnerabilities in Apache HTTP Server. Unfortunately it caused regressions. USN-5487-2 reverted the patches that caused the regression in Ubuntu 14.04 ESM for further investigation. This update re-adds the security fixes for Ubuntu 14.04 ESM and fixes two   show more ...

different regressions: one affecting mod_proxy only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM and Ubuntu 18.04 LTS.

 Feed

A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched,

 Feed

Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint. The list of packages includes loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype security researcher Ax Sharma. The packages and as

 Feed

A China-based advanced persistent threat (APT) group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora,

 Feed

A suspected ransomware intrusion against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment. The findings come from cybersecurity firm CrowdStrike, which traced the source of the attack to a Linux-based Mitel VoIP device sitting on the network perimeter, while also identifying a previously unknown

 Feed

A week after it emerged that a sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in Google Play Protect — Android's built-in malware defense service — to protect all users, Benoit Sevens and Clement Lecigne of Google Threat

2022-06
WED
THU
FRI
SAT
SUN
MON
TUE
JuneJulyAugust