Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for How to protect corpo ...

 Business

As every infosec expert knows, cybercriminals just love holidays. Trusting users can expect sales scams and phishing under the guise of gifts and congratulations, while organizations can look forward to DDoS attacks on their servers (like the ones Xbox and PlayStation services experienced) or, worse, network   show more ...

intrusions (talking about you, BBC). For network attackers, Christmas provides two golden opportunities. First, people wind down before the holidays, making them less prepared for a serious incident, and second, lots of IT staff are on vacation. Both these factors negatively impact the speed and effectiveness of the response. To minimize the chances of a successful attack, you can take a few simple but quite effective measures beforehand. Sure, they wont guarantee total security, but will greatly curtail the hackers options. Log out As 2022 has shown, the world of cybercrime has become even more specialized and niche-oriented. Cybercriminals sell initial access to corporate networks as a service, where one of the most common commodities is the legitimate credentials of current employees stolen using malware or phishing. You can make such attacks harder to carry out by introducing a costly multifactor authentication system and a Zero Trust strategy, though the week before Christmas is definitely not the time to make radical changes to your security system. But there are simple steps you can take: Check that the list of employees with access to the corporate infrastructure via VPN or RDP does not include unauthorized persons, needless technical accounts, or laid-off colleagues. Revoke access from those who dont need it. Change the administrator account passwords and make sure all on-duty admins have got the new password. If multifactor authentication is not enabled for some, now is the time to do it. A more radical version of the previous tip is to create special emergency admin accounts for potential incident response over the holidays. The rights granted to regular administrator accounts can even be temporarily restricted so that attackers cannot exploit them. Terminate unnecessary sessions that employees have left on any devices for an extended period of time. This applies equally to corporate messengers, web applications, and any other services. Terminate unnecessary VPN connections. Install patches Another common way to infiltrate a corporate network is by exploiting unpatched vulnerabilities. And for hackers the undisputed leader are holes in the corporate server infrastructure, such as ProxyShell (CVE-2021-34473). These make it possible to penetrate the juiciest parts of the network and take over additional servers, right up to the domain controller. Therefore, before the holidays, it wont hurt to check and install fresh patches for all key applications. Of course, this process is far simpler if you use security solutions with a built-in patch management system. Assign responsibility Appoint (in writing) people responsible for incident response. All those involved must know the allocation of roles, and key people must be available by phone and online 24/7. In the event of a major attack, corporate messengers and mail may be down, so its important to have backup communication channels that all members of the alert team are connected to. Conduct drills If you have access to some platform for security awareness training, now is the time to carry out a Christmas-themed phishing exercise. All those who fall for it should probably retake the training course (probably next year) and change their passwords before the holidays. If you dont have access to such a system yet, at least send out an email reminding employees to be vigilant, with a couple of screenshots of Christmas phishing attached as an example. Consider MDR If, when preparing for an attack during the holiday season, you realize that your team is not ready to provide 24/7 network protection, you might want to consider employing Managed Detection and Response experts. This is basically an outsourced team to solve infosec issues. MDR providers can deploy solutions based on leading infosec products fairly rapidly, but its still going to be a tough ask the week before Christmas. So, switching to MDR could be a New Years resolution, since it is the most effective solution for companies that cant yet afford a 24/7 Christmas watch.

image for Hacked Ring Cams Use ...

 Ne'er-Do-Well News

Photo: BrandonKleinPhoto / Shutterstock.com Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force.   show more ...

Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arrived. Prosecutors in Los Angeles allege 20-year-old James Thomas Andrew McCarty, a.k.a. “Aspertaine,” of Charlotte, N.C., and Kya Christian Nelson, a.k.a. “ChumLul,” 22, of Racine, Wisc., conspired to hack into Yahoo email accounts belonging to victims in the United States. From there, the two allegedly would check how many of those Yahoo accounts were associated with Ring accounts, and then target people who used the same password for both accounts. An indictment unsealed this week says that in the span of just one week in November 2020, McCarty and Nelson identified and swatted at least a dozen different victims across the country. “The defendants then allegedly accessed without authorization the victims’ Ring devices and transmitted the audio and video from those devices on social media during the police response,” reads a statement from Martin Estrada, the U.S. Attorney for the Central District of California. “They also allegedly verbally taunted responding police officers and victims through the Ring devices during several of the incidents.” James Thomas Andrew McCarty. The indictment charges that McCarty continued his swatting spree in 2021 from his hometown in Kayenta, Ariz., where he called in bomb threats or phony hostage situations on more than two dozen occasions. The Telegram and Discord aliases allegedly used by McCarty — “Aspertaine” and “Couch,” among others — correspond to an identity that was active in certain channels dedicated to SIM-swapping, a crime that involves stealing wireless phone numbers and hijacking the online financial and social media accounts tied to those numbers. Aspertaine bragged on Discord that he’d amassed more than $330,000 in virtual currency. On Telegram, the Aspertaine/Couch alias frequented several popular SIM-swapping channels, where they initially were active as a “holder” — a low-level but key SIM-swapping group member who agrees to hold stolen cryptocurrency after an account takeover is completed. Aspertaine later claimed more direct involvement in individual SIM-swapping attacks. In September, KrebsOnSecurity broke the news about a wide-ranging federal investigation into “violence-as-a-service” offerings on Telegram and other social media networks, wherein people can settle scores by hiring total strangers to carry out physical attacks such as brickings, shootings, and firebombings at a target’s address. The story observed that SIM swappers were especially enamored of these “IRL” or “In Real Life” violence services, which they frequently used to target one another in response to disagreements over how stolen money should be divided amongst themselves. And a number of Aspertaine’s peers on these SIM-swapping channels claimed they’d been ripped off after Aspertaine took more than a fair share from them. On April 30, 2022, a member of a popular SIM-swapping group on Telegram who was slighted by Aspertaine put out the word that he was looking for some physical violence to be visited on McCarty’s address in North Carolina. “Anyone live near here and wants to [do] a job for me,” the job ad with McCarty’s home address read. “Jobs range from $1k-$50k. Payment in BTC [bitcoin].” It’s unclear if anyone responded to that job offer. In May 2021, KrebsOnSecurity published The Wages of Password ReUse: Your Money or Your Life, which noted that when normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. Whereas, when cybercriminals reuse passwords, it often costs them their freedom. But perhaps that story should be updated, because it’s now clear that password reuse can also put you in mortal danger. Swatting attacks are dangerous, expensive hoaxes that sometimes end in tragedy. In June 2021, an 18-year-old serial swatter from Tennessee was sentenced to five years in prison for his role in a fraudulent swatting attack that led to the death of a 60-year-old man. In 2019, prosecutors handed down a 20-year sentence to Tyler Barriss, a then 26-year-old serial swatter from California who admitted making a phony emergency call to police in late 2017 that led to the shooting death of an innocent Kansas man. McCarty was arrested last week, and charged with conspiracy to intentionally access computers without authorization. Prosecutors said Nelson is currently incarcerated in Kentucky in connection with unrelated investigation. If convicted on the conspiracy charge, both defendants would face a statutory maximum penalty of five years in federal prison. The charge of intentionally accessing without authorization a computer carries a maximum possible sentence of five years. A conviction on the additional charge against Nelson — aggravated identity theft — carries a mandatory two-year consecutive sentence.

image for The Equifax Breach S ...

 Data Breaches

Millions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this particular   show more ...

offer is legit (if paltry), scammers are likely to soon capitalize on public attention to the settlement money. One reader’s copy of their Equifax Breach Settlement letter. They received a check for $6.97. In 2017, Equifax disclosed a massive, extended data breach that led to the theft of Social Security Numbers, dates of birth, addresses and other personal information on nearly 150 million people. Following a public breach response perhaps best described as a giant dumpster fire, the big-three consumer credit reporting bureau was quickly hit with nearly two dozen class-action lawsuits. In exchange for resolving all outstanding class action claims against it, Equifax in 2019 agreed to a settlement that includes up to $425 million to help people affected by the breach. Affected consumers were eligible to apply for at least three years of credit monitoring via all three major bureaus simultaneously, including Equifax, Experian and Trans Union. Or, if you didn’t want to take advantage of the credit monitoring offers, you could opt for a cash payment of up to $125. The settlement also offered reimbursement for the time you may have spent remedying identity theft or misuse of your personal information caused by the breach, or purchasing credit monitoring or credit reports. This was capped at 20 total hours at $25 per hour ($500), with total cash reimbursement payments not to exceed $20,000 per consumer. Those who did file a claim probably started receiving emails or other communications earlier this year from the Equifax Breach Settlement Fund, which has been messaging class participants about methods of collecting their payments. How much each recipient receives appears to vary quite a bit, but probably most people will have earned a payment on the smaller end of that $125 scale — like less than $10. Those who received higher amounts likely spent more time documenting actual losses and/or explaining how the breach affected them personally. So far this week, KrebsOnSecurity has received at least 20 messages from readers seeking more information about these notices. Some readers shared copies of letters they got in the mail along with a paper check from the Equifax Breach Settlement Fund (see screenshot above). Others said they got emails from the Equifax Breach Settlement domain that looked like an animated greeting card offering instructions on how to redeem a virtual prepaid card. If you received one of these settlement emails and are wary about clicking the included links (good for you, by the way), copy the redemption code and paste it into the search box at myprepaidcenter.com/redeem. Successfully completing the card application requires accepting a prepaid MasterCard agreement (PDF). The website for the settlement — equifaxbreachsettlement.com — also includes a lookup tool that lets visitors check whether they were affected by the breach; it requires your last name and the last six digits of your Social Security Number. In February 2020, the U.S. Justice Department indicted four Chinese officers of the People’s Liberation Army (PLA) for perpetrating the 2017 Equifax hack. DOJ officials said the four men were responsible for carrying out the largest theft of sensitive personal information by state-sponsored hackers ever recorded. Equifax surpassed Wall Street’s expectations in its most recently quarterly earnings: The company reported revenues of $1.24 billion for the quarter ending September 2022. Of course, most of those earnings come from Equifax’s continued legal ability to buy and sell eye-popping amounts of financial and personal data on U.S. consumers. As one of the three major credit bureaus, Equifax collects and packages information about your credit, salary, and employment history. It tracks how many credit cards you have, how much money you owe, and how you pay your bills. Each company creates a credit report about you, and then sells this report to businesses who are deciding whether to give you credit. Americans currently have no legal right to opt out of this data collection and trade. But you can and also should and freeze your credit, which by the way can make your credit profile less profitable for companies like Equifax — because they make money every time some potential creditor wants a peek inside your financial life. Also, it’s probably a good idea to freeze the credit of your children and/or dependents as well. It’s free on both counts.

image for Why digital certific ...

 5G

As 5G gains traction, service providers need to be able to trust their networks’ security to truly take advantage of 5G’s capabilities. Digital certificates are critical to that, writes Alexa Tahan of Nokia. The post Why digital certificates are critical to 5G security appeared first on The Security Ledger with   show more ...

Paul F. Roberts. Related StoriesThe Future of IoT Security StandardsWhat CISOs Can Do to Win the Ransomware GameEpisode 241: If Its Smart, Its Vulnerable a Conversation with Mikko Hyppönen

 Malware and Vulnerabilities

The vulnerability, which was discovered and reported by researchers at the Renmin University of China, could be exploited via rigged PDF files of web pages, the company warned in an advisory.

 Incident Response, Learnings

The company behind teen-favorite video game Fortnite will pay more than half a billion dollars to U.S. federal regulators to settle allegations it violated children's privacy law and duped users and parents into funding unauthorized in-game charges.

 Trends, Reports, Analysis

The number of unique C2 servers spiked by 30% this year, from 13,629 in 2021 to 17,000 in 2022. While China hosted 4000 C2 servers, the U.S. was second with 3,928 and Hong Kong with 1451. With the rise in attention to servers like Cobalt Strike from network defenders, attackers have been looking for alternative C2 frameworks.

 Security Products & Services

This will improve the confidentiality of emails when they rest on Google’s servers, by applying encryption to the email body and attachments while providing Workspace customers with control over the encryption keys and the identity service used.

 Breaches and Incidents

New Android malware campaign dubbed MoneyMonger was discovered extorting people who were trapped by the hackers after they borrowed a sum through money-lending apps. According to researchers at Zimperium, hackers use the Flutter framework to develop malware apps that help them obfuscate malicious features and diminish the odds of detection of any malicious activity.

 Malware and Vulnerabilities

Trend Micro security analysts spotted a sample of the Agenda ransomware written in Rust. The actors seem to have modified the previous ransomware version, originally written in the Go language, for intended victims. Moreover, the Rust variant has also been using intermittent encryption tactics for faster encryption and detection evasion.

 Identity Theft, Fraud, Scams

According to @serpent, the hacker contacted the victim and asked to license IP rights for BAYC #2060. They claimed to be a casting director for Forte Pictures, an L. A based Emmy Award-winning company. The alias the scammer used was fake.

 Trends, Reports, Analysis

78% Americans report unsafe online behaviors that open them up to cyber threats, such as reusing or sharing passwords, skipping software updates and more – a 14% increase from just two years ago, according to Comcast.

 Malware and Vulnerabilities

Experts at Nozomi Networks announced that they spotted an ongoing Glupteba botnet campaign, starting June 2022. Just a year ago, Google had claimed to dismantle the botnet’s infrastructure. Glupteba operators used the Bitcoin blockchain for hiding C&C domains, making it resilient to takedown efforts. It took cybercriminals roughly six months to build a new campaign.

 Malware and Vulnerabilities

Security analysts at Cyble observed two phishing sites imitating Grammarly and Cisco to distribute the DarkTortilla malware. The malware is capable of adding more RAT and stealer payloads, such as AgentTesla, AsyncRAT, NanoCore, and others to an infected system. The complex .NET-based malware has been operating since 2015.

 Trends, Reports, Analysis

Revived levels of holiday spending have caught the eye of threat actors who exploit consumer behaviors and prey on the surge of online payments and digital activities during the holidays.

 Malware and Vulnerabilities

RisePro stealer malware has been found targeting sensitive information on infected systems and harvesting data in the form of logs. It may have been dropped or downloaded by the pay-per-install malware downloader service PrivateLoader, finds Flashpoint. The malware first appeared on a Russian forum.

 Feed

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant   show more ...

to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

 Feed

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant   show more ...

to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.

 Feed

Epic Games has reached a $520 million settlement with the U.S. Federal Trade Commission (FTC) over allegations that the Fortnite creator violated online privacy laws for children and tricked users into making unintended purchases in the video game. To that end, the company will pay a record $275 million monetary penalty for breaching the Children's Online Privacy Protection Act (COPPA) by

 Feed

Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications. The shortcoming, dubbed Achilles (CVE-2022-42821, CVSS score: 5.5), was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a logic

 Feed

The Russia-linked Gamaredon group attempted to unsuccessfully break into a large petroleum refining company within a NATO member state earlier this year amid the ongoing Russo-Ukrainian war. The attack, which took place on August 30, 2022, is just one of multiple attacks orchestrated by the advanced persistent threat (APT) that's attributed to Russia's Federal Security Service (FSB). Gamaredon,

 Feed

It's no secret that keeping software up to date is one of the key best practices in cybersecurity. Software vulnerabilities are being discovered almost weekly these days. The longer it takes IT teams to apply updates issued by developers to patch these security flaws, the more time attackers have to exploit the underlying vulnerability. Once threat actors gain access to corporate IT ecosystems,

 Feed

An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and RedM, which are game modifications for Grand Theft Auto V and Red Dead Redemption 2, as well as

 Feed

The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called BrasDex that has been observed targeting Brazilian users as part of an ongoing multi-platform campaign. BrasDex features a "complex keylogging system designed to abuse Accessibility Services to extract credentials specifically from a set of Brazilian targeted apps,

2022-12
Aggregator history
Tuesday, December 20
THU
FRI
SAT
SUN
MON
TUE
WED
DecemberJanuaryFebruary