Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Kaspersky EDR comes ...

 Business

The best way to prove the effectiveness of a security solution is to test it in conditions that are as real-world as possible, using typical tactics and techniques of targeted attacks. Kaspersky regularly participates in such tests and sits pretty at the top of the ratings. The results of a recent test — Enterprise   show more ...

Advanced Security (EDR): Enterprise 2022 Q2 – DETECTION — were revealed in an SE Labs report. The British company has been putting the security solutions of major vendors through their paces for several years now. In this latest test, our business product Kaspersky Endpoint Detection and Response Expert achieved an absolute 100% score in targeted attack detection and was awarded the highest possible rating – AAA. This is not SE Labs first analysis of our products for protecting corporate infrastructure against sophisticated threats. The company previously ran its Breach Response Test (which we took part in in 2019). In 2021, our product was tested in their Advanced Security Test (EDR). Since then, the testing methodology has been tweaked, and the test itself has been divided into two parts: Detection and Protection. This time, SE Labs studied how effective security solutions are at detecting malicious activity. Besides Kaspersky EDR Expert, four other products took part in the test: Broadcom Symantec, CrowdStrike, BlackBerry, and another, anonymous, solution. Grading system The testing was made up of several checks, but to get a feel for the results, it will suffice to look at the Total Accuracy Ratings. This basically shows how well each solution detected attacks at different stages, and whether it pestered the user with false positives. For even greater visual clarity, the participating solutions were assigned an award: from AAA (for products with a high Total Accuracy Rating) to D (for the least effective solutions). As mentioned, our solution got a 100% result and an AAA rating. The Total Accuracy Ratings consist of scores in two categories: Detection Accuracy: this takes into account the success of detecting each significant stage of an attack. Legitimate Software Rating: the fewer the false positives generated by the product, the higher the score. Theres one other key indicator: Attacks Detected. This is the percentage of attacks detected by the solution during at least one of the stages, giving the infosec team a chance to respond to the incident. How we were tested Ideally, testing should reveal how the solution would behave during a real attack. With that in mind, SE Labs tried to make the test environment as life-like as possible. First, it wasnt the developers who configured the security solutions for the test, but SE Labs own testers, who received instructions from the vendor – as clients infosec teams usually do. Second, the tests were carried out across the entire attack chain – from first contact to data theft or some other outcome. Third, the tests were based on the attack methods of four real and active APT groups: Wizard Spider, which targets corporations, banks and even hospitals. Among its tools is the banking Trojan Trickbot. Sandworm, which primarily targets government agencies and is infamous for its NotPetya malware, which masqueraded as ransomware, but in fact destroyed victims data beyond recovery. Lazarus, which became widely known after the large-scale attack on Sony Pictures in November 2014. Having previously focused on the banking sector, the group has recently set its sights on crypto-exchanges. Operation Wocao, which targets government agencies, service providers, energy and tech companies, and the healthcare sector. Threat detection tests In the Detection Accuracy test, SE Labs studied how effectively security solutions detect threats. This involved carrying out 17 complex attacks based on four real-world attacks by Wizard Spider, Sandworm, Lazarus Group, and Operation Wocao actors, in which four significant stages were highlighted, each of which consisted of one or more interconnected steps: Delivery/Execution Action Privilege Escalation/Action Lateral Movement/Action The test logic does not require the solution to detect all events at any particular stage of the attack; it is enough to identify at least one of them. For example, if the product failed to notice how the payload got onto the device, but detected an attempt to run it, it successfully passed the first stage. Delivery/Execution. This stage tested the solutions capacity to detect an attack in its infancy: at the time of delivery — for example, of a phishing e-mail or malicious link — and execution of the dangerous code. In real conditions, the attack is usually stopped there, since the security solution simply doesnt allow the malware to go any further. But for the purposes of the test, the attack chain was continued to see how the solution would cope with the next stages. Action. Here, the researchers studied the solutions behavior when attackers have already gained access to the endpoint. It was required to detect an illegitimate action by the software. Privilege Escalation/Action. In a successful attack, the intruder attempts to gain more privileges in the system and cause even more damage. If the security solution monitors such events or the privilege escalation process itself, its awarded extra points. Lateral Movement/Action. Having penetrated the endpoint, the attacker can try to infect other devices on the corporate network. This is known as lateral movement. The testers checked whether the security solutions detected attempts at such movement or any actions made possible as a consequence of it. Kaspersky EDR Expert scored 100% in this segment; that is, not a single stage of any attack went unnoticed. Legitimate Software Ratings Good protection has to not only reliably repel threats, but also not prevent the user from using safe services. For this, the researchers introduced a separate score: the higher it was, the less often the solution mistakenly flagged legitimate websites or programs – especially popular ones – as dangerous. Once again, Kaspersky EDR Expert got 100%. Test results Based on all the test results, Kaspersky Endpoint Detection and Response Expert was awarded the highest available rating: AAA. Three other products earned the same rating: Broadcom Symantec Endpoint Security and Cloud Workload Protection, CrowdStrike Falcon, and the anonymous solution. However, only we and Broadcom Symantec achieved a 100% score in the Total Accuracy Ratings.

image for PayPal Phishing Scam ...

 A Little Sunshine

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be   show more ...

charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer. KrebsOnSecurity recently heard from a reader who received an email from paypal.com that he immediately suspected was phony. The message’s subject read, “Billing Department of PayPal updated your invoice.” A copy of the phishing message included in the PayPal.com invoice. While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. For starters, all of the links in the email lead to paypal.com. Hovering over the “View and Pay Invoice” button shows the button indeed wants to load a link at paypal.com, and clicking that link indeed brings up an active invoice at paypal.com. Also, the email headers in the phishing message (PDF) show that it passed all email validation checks as being sent by PayPal, and that it was sent through an Internet address assigned to PayPal. Both the email and the invoice state that “there is evidence that your PayPal account has been accessed unlawfully.” The message continues: “$600.00 has been debited to your account for the Walmart Gift Card purchase. This transaction will appear in the automatically deducted amount on PayPal activity after 24 hours. If you suspect you did not make this transaction, immediately contact us at the toll-free number….” Here’s the invoice that popped up when the “View and Pay Invoice” button was clicked: The phony PayPal invoice, which was sent and hosted by PayPal.com. The reader who shared this phishing email said he logged into his PayPal account and could find no signs of the invoice in question. A call to the toll-free number listed in the invoice was received by a man who answered the phone as generic “customer service,” instead of trying to spoof PayPal or Walmart. Very quickly into the conversation he suggested visiting a site called globalquicksupport[.]com to download a remote administration tool. It was clear then where the rest of this call was going. I can see this scam tricking a great many people, especially since both the email and invoice are sent through PayPal’s systems — which practically guarantees that the message will be successfully delivered. The invoices appear to have been sent from a compromised or fraudulent PayPal Business account, which allows users to send invoices like the one shown above. Details of this scam were shared Wednesday with PayPal’s anti-abuse (phishing@paypal.com) and media relations teams. PayPal said in a written statement that phishing attempts are common and can take many forms. “We have a zero-tolerance policy on our platform for attempted fraudulent activity, and our teams work tirelessly to protect our customers,” PayPal said. “We are aware of this well-known phishing scam and have put additional controls in place to mitigate this specific incident. Nonetheless, we encourage customers to always be vigilant online and to contact Customer Service directly if they suspect they are a target of a scam.” It’s remarkable how well today’s fraudsters have adapted to hijacking the very same tools that financial institutions have long used to make their customers feel safe transacting online. It’s no accident that one of the most prolific scams going right now — the Zelle Fraud Scam — starts with a text message about an unauthorized payment that appears to come from your bank. After all, financial institutions have spent years encouraging customers to sign up for mobile alerts via SMS about suspicious transactions, and to expect the occasional inbound call about possibly fraudulent transactions. Also, today’s scammers are less interested in stealing your PayPal login than they are in phishing your entire computer and online life with remote administration software, which seems to be the whole point of so many scams these days. Because why rob just one online account when you can plunder them all? The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums. Most phishing scams invoke a temporal element that warns of dire consequences should you fail to respond or act quickly. If you’re unsure whether the message is legitimate, take a deep breath and visit the site or service in question manually — ideally, using a browser bookmark to avoid potential typosquatting sites.

image for Episode 241: If Its ...

 anti malware

We speak with Mikko Hyppönen on the sidelines of the DEF CON Conference in Las Vegas to talk about his new book, “If its Smart it Vulnerable." The post Episode 241: If Its Smart, Its Vulnerable a Conversation with Mikko Hyppönen appeared first on The Security Ledger with Paul F. Roberts. Click the icon below   show more ...

to listen. Related StoriesEpisode 241: If Its Smart, Its Vulnerable a Conversation wit Mikko HyppönenFeel Good Ukraine Tractor Story Highlights Ag Cyber RiskDEF CON DOOM Patrol: Deere Jailbreak Raises Questions on Security, Competition

 Malware and Vulnerabilities

A new Orchard botnet was found using the transaction information of Satoshi Nakamoto’s Bitcoin account to generate C2 domains. Since February 2021, the botnet has had three different versions. With Orchard’s latest version, users can launch an XMRig mining program to mine Monero by exploiting the compromised system's resources.

 Malware and Vulnerabilities

A major computer manufacturer discovered that playing the music video for Janet Jackson's Rhythm Nation would crash certain models of laptops. Investigation revealed that all the crashing laptops shared the same 5400 RPM hard disk drive.

 Malware and Vulnerabilities

the crypter usually delivers information stealers and remote access trojans (RATs) like AgentTesla, AsyncRat, NanoCore, and RedLine, though some samples have been seen delivering such targeted payloads as Cobalt Strike and Metasploit.

 Malware and Vulnerabilities

Google hasn't released many details about the patched vulnerabilities until the bulk of Chrome users are updated and the code is fixed. Meanwhile, Apple issued macOS 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 updates to address flaws.

 Identity Theft, Fraud, Scams

The best way to avoid falling for a rental scam is to use the smell test: If it smells fishy, it’s probably fishy. Clues like weird grammar, refusing to talk on the phone, and unnecessary demand for money should be seen as suspicious attempts.

 Malware and Vulnerabilities

The most common way to steal data is by compromising passwords. According to Verizon, 81% of all cybercrime has stolen or guessed credentials as a starting point, a huge vulnerability for all organizations.

 Malware and Vulnerabilities

BlackByte's version 2.0 is here along with a new data leak site. The site doesn't correctly embed the Bitcoin and Monero addresses that "customers" can use to purchase or delete the data, making these new features currently broken.

 Malware and Vulnerabilities

As the Ring Android app has over 10 million downloads and is used by people worldwide, the ability to access a customer's saved camera recordings could allow a wide range of malicious behavior, ranging from extortion to data theft.

 Breaches and Incidents

Russia's nation-state crews have been breaking into Ukrainian networks and attempting to disrupt or even destroy vulnerable systems. A bevy of attacks and malware samples can all be tied back to Kremlin-backed hacking groups.

 Breaches and Incidents

Like many threat groups, TA558 has quickly adapted to Microsoft’s decision over recent months to disable macros by default in Office products, using container files like RAR and ISO attachments instead of macro-enabled Office docs.

 Feed

Advantech iView software versions prior to 5.7.04.6469 are vulnerable to an unauthenticated command injection vulnerability via the NetworkServlet endpoint. The database backup functionality passes a user-controlled parameter, backup_file to the mysqldump command. The sanitization functionality only tests for SQL   show more ...

injection attempts and directory traversal, so leveraging the -r and -w mysqldump flags permits exploitation. The command injection vulnerability is used to write a payload on the target and achieve remote code execution as NT AUTHORITYSYSTEM.

 Feed

Ubuntu Security Notice 5570-1 - Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. The list of issues is below - CVE-2022-32893 - An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web content CVE-2022-32894 - An

 Feed

The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration," Cybereason researchers Meroujan Antonyan and

 Feed

Pentesting and vulnerability scanning are often confused for the same service. The problem is, business owners often use one when they really need the other. Let's dive in and explain the differences. People frequently confuse penetration testing and vulnerability scanning, and it's easy to see why. Both look for weaknesses in your IT infrastructure by exploring your systems in the same way an

 Feed

A .NET-based evasive crypter named DarkTortilla has been used by threat actors to distribute a broad array of commodity malware as well as targeted payloads like Cobalt Strike and Metasploit, likely since 2015. "It can also deliver 'add-on packages' such as additional malicious payloads, benign decoy documents, and executables," cybersecurity firm Secureworks said in a Wednesday report. "It

 Feed

The Chinese advanced persistent threat (APT) actor tracked as Winnti (aka APT41) has targeted at least 13 organizations geographically spanning across the U.S, Taiwan, India, Vietnam, and China against the backdrop of four different campaigns in 2021. "The targeted industries included the public sector, manufacturing, healthcare, logistics, hospitality, education, as well as the media and

2022-08
Aggregator history
Thursday, August 18
MON
TUE
WED
THU
FRI
SAT
SUN
AugustSeptemberOctober