News Items

  • news

    Visible to the public "IBM Launches Experimental Homomorphic Data Encryption Environment for the Enterprise"

    IBM Security has launched a new service that lets companies experiment with Fully Homomorphic Encryption (FHE). This encryption scheme enables computers to perform operations on encrypted data without having to decrypt it, further enhancing the privacy of existing IT architecture, products, and data. FHE will significantly improve data protection in the realms of data science and machine learning. Although IBM and the broader research community have been working on the development of homomorphic encryption for more than a decade, FHE has been considered impractical because of its significant drain on computational power and slow computation speeds. However, industry compute power has grown exponentially, and the algorithms behind FHE have been refined, allowing it to be performed at seconds per bit and fast enough for various types of real-world use cases and early trials with companies. In addition, IBM is implementing lattice cryptography to make FHE quantum-safe or resistant to being broken by future quantum-computing speeds. This article continues to discuss the purpose of the new IBM Security Homomorphic Encryption Services, as well as the concept, advancement, and potential uses of FHE.

    ZDNet reports "IBM Launches Experimental Homomorphic Data Encryption Environment for the Enterprise"

  • news

    Visible to the public "DDoS Attacks Hit Citrix Application Delivery Controllers, Hindering Customer Performance"

    Citrix has reported that its Citrix Application Delivery Controllers (ADCs) were hit by a Distributed Denial-of-Service (DDoS) attack. ADCs are networking products that allow security and network teams to manage application delivery speed and quality. The Citrix threat advisory reveals that the Citrix ADC Datagram Transport Layer Security (DTLS) network throughput can be overwhelmed by bots or the attacker, potentially exhausting outbound bandwidth. According to Citrix, organizations with limited bandwidth have experienced a greater challenge when dealing with the DDoS attack. The attack has impacted a small number of customers globally. Citrix also says that there are no known Citrix vulnerabilities related to this incident. Security teams are encouraged to keep up to date on attack indicators and continuously monitor their systems. Citrix recommends that security teams monitor outbound traffic volume for anomalies and spikes to determine if an ADC has been hit by this attack. Citrix customers impacted by the DDoS attack should temporarily disable DTLS to stop an attack and eliminate the vulnerability to the attack. This article continues to discuss the recent threat advisory from Citrix about the DDoS attack impacting Citrix ADCs and suggested mitigation techniques for this attack.

    SC Media reports "DDoS Attacks Hit Citrix Application Delivery Controllers, Hindering Customer Performance"

  • news

    Visible to the public "Email Threat Predictions for 2021"

    Dan Fein, the Director of Email Security Products at the AI cybersecurity company Darktrace, gave his predictions about new tactics and techniques that email attackers could use in 2021. According to Fein, attackers will attempt to commit more supply chain fraud than CEO fraud as attackers can impact thousands of companies by sending fraudulent invoices from one compromised company. This shift of direction is indicated by the decrease in spoofing attacks against the C-suite and the increase in attacks targeting staff in accounts payable departments observed earlier this year. Attacks aimed at compromising email accounts will be more capable of evading multifactor authentication as they continue to grow in sophistication. The average life span of a phishing attack will continue to decrease, making it harder to block malicious IPs, identify indicators of compromise, and find the specific threat actors behind these attacks. Fein's other predictions pertaining to email threats in 2021 include an increase in email-borne fraudulent invoices and single-use phishing domains and a decrease in the deployment of email security solutions and third-party gateways via Mail Exchanger (MX) Records. This article continues to discuss email threat predictions for 2021 and the importance of adopting adaptive email security technology.

    Dark Reading reports "Email Threat Predictions for 2021"

  • news

    Visible to the public "Developing a Better Way to Address Vulnerabilities at the Source-Code Level"

    A team of researchers from the University of California, Santa Barbara (UCSB), Purdue University, and the Swiss Federal Institute of Technology Lausanne (EPFL) received a four-year, $3.9 million grant from the Defense Advanced Research Project Agency (DARPA) in support of a project called "Assured Micropatching." The DARPA project aims to improve the patching process for code in vulnerable embedded systems such as those in medical devices, trucks, and airplanes. These embedded systems are often found to be running on software for which the source code and the original compilation toolchain are unavailable. Many of the old software components running in these systems contain vulnerabilities that could be used as an entry point for cyberattacks. However, patching them may be difficult or impossible. This article continues to discuss the DARPA project focused on developing an effective way to fix vulnerabilities at the source-code level.

    UCSB reports "Developing a Better Way to Address Vulnerabilities at the Source-Code Level"

  • news

    Visible to the public "Network Operator Spend on Multi-Access Edge Computing to Reach $8.3B by 2025"

    In a new study, researchers found that the amount of money network operators will spend on multi-access edge computing (MEC) will grow from $2.7 billion in 2020 to $8.3 billion in 2025, as operators invest heavily in upgrading network capacities and infrastructure to support the increasing data generated by 5G networks. The study also revealed that by 2025, the number of deployed multi-access edge computing nodes will reach 2 million globally, up from 230,000 in 2020. These devices, which take the form of access points, base stations, and routers, will play a vital role in managing the vast quantities of data generated by connected vehicles, smart city systems, and other emerging data-intensive services. The researchers forecast that over 920 million individuals will benefit from edge-enhanced Internet connectivity by 2025, rising from 100 million in 2020.

    Help Net Security reports: "Network Operator Spend on Multi-Access Edge Computing to Reach $8.3B by 2025"

  • news

    Visible to the public "Only 30% Prepared to Secure a Complete Shift to Remote Work"


    Researchers at DTEX Systems conducted a new survey and discovered that that the biggest security concerns facing businesses are data leaking through endpoints (27 percent), loss of visibility of user activity (25 percent), and maintaining compliance with regulatory requirements (24 percent). The researchers also found that only 30 percent of companies surveyed were fully prepared to secure and support a complete shift to remote work, and 50 percent reported their company would continue to support work from home capabilities due to increased productivity and business benefit. Nearly three-quarters of organizations surveyed were concerned about the security risks introduced by users working from home. Many organizations (73 percent) reported partial or no visibility into user activity if remote workers disable their VPN; only 27% reported full or complete visibility into user activity. The researchers also found that users are mixing personal use and corporate use on their work laptops, increasing the risk of drive-by-downloads (25 percent), users are more susceptible to phishing attacks at home (15 percent), and organizations no longer have visibility since most remote workers operate outside the corporate network (13 percent).

    Help Net Security reports: "Only 30% Prepared to Secure a Complete Shift to Remote Work"

  • news

    Visible to the public "Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack"

    Researchers at Kaspersky have found that the advanced persistent threat (APT) known as Lazarus Group and other sophisticated nation-state actors are actively trying to steal COVID-19 research to speed up their countries' vaccine-development efforts. The Lazarus Group, widely believed to be linked to North Korea, has recently attacked a pharmaceutical company and a government health ministry related to the COVID-19 response. The goal of the APT was intellectual-property theft. The group is mostly known for its financial activities, but it is a good reminder that it can go after strategic research as well, the researchers stated. In the first cyberattack, the adversaries installed a sophisticated malware called "wAgent" on the government health ministry's servers, which is fileless (it only works in memory). The malware fetches additional payloads from a remote server. During the cyberattack against the pharma company, the Lazarus Group deployed Bookcode malware in a likely supply-chain attack through a South Korean software company.

    Threatpost reports: "Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack"

  • news

    Visible to the public "Apple Ships Hacker-Friendly iPhones to Security Researchers"

    Apple is sending hacker-friendly iPhones to security researchers. These iPhones allow researchers to examine the mobile OS for security vulnerabilities and report them easily. Researchers will be able to probe these iPhones for 12 months, which could be extended by Apple finds it necessary. The researchers are expected to report vulnerabilities as soon as they discover them. This effort is a part of Apple's bug bounty program, which awards money to those who report security flaws. The amount paid to researchers is based on the level of severity of the discovered flaw. This article continues to discuss the hacker-friendly iPhones currently being shipped to security researchers and Apple's bug bounty program.

    PCMag reports "Apple Ships Hacker-Friendly iPhones to Security Researchers"

  • news

    Visible to the public "New Decryption Platform to Combat Encryption Misuse"

    Europol's European Cybercrime Centre (EC3) and the European Commission's Joint Research Centre have launched a new decryption platform that allows authorities to decrypt information gathered lawfully during criminal investigations. According to the agencies, this platform uses in-house expertise, software, and hardware to help in accessing encrypted material for law enforcement investigations. This article continues to discuss the goal of the new decryption platform, how EC3 works to improve law enforcement response to cybercrime in the European Union, as well as the cybercriminal activities that the agency helps combat.

    CISO MAG reports "New Decryption Platform to Combat Encryption Misuse"

  • news

    Visible to the public "Leaky Server Exposes 12 Million Medical Records to Meow Attacker"

    A team of cybersecurity researchers at SafetyDetectives discovered an unsecured Elasticsearch server belonging to the Vietnamese tech firm Innovative Solution for Healthcare (iSofH). This company provides medical information and hospital management software to 18 medical facilities, including eight top-tier hospitals and clinics. The server found to be publicly accessible without encryption or password protection exposes 12 million records, impacting 80,000 patients and healthcare employees. These records reveal sensitive information, including full names, dates of birth, postal addresses, phone numbers, email addresses, credit card numbers, medical records, test results, and diagnoses. The leaked data also affects some children. Three days following the discovery, the publicly exposed server was attacked by the Meow bot, which deleted some of its indexes. This article continues to discuss the discovery, disclosure, and potential impact of iSofH's Elasticsearch server leak.

    Infosecurity Magazine reports "Leaky Server Exposes 12 Million Medical Records to Meow Attacker"

  • news

    Visible to the public "Hey Alexa, Who Am I Messaging?"

    The potential for digital-home assistants like Amazon Alexa to infringe on user privacy by making and saving voice recordings of them is already widely known. According to new research by a team of researchers from the University of Cambridge, microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info. The researchers constructed an attack in which they used this capability to identify PINs and text typed into smartphones. Given just 10 guesses, five-digit PINs can be found up to 15 percent of the time, and text can be constructed with 50 percent accuracy.

    Threatpost reports: "Hey Alexa, Who Am I Messaging?"

  • news

    Visible to the public "Emotet Returns to Hit 100K Mailboxes Per Day"

    Just in time for the Christmas holiday, researchers have found that after a lull of nearly two months, the Emotet botnet has returned with updated payloads and a campaign that is hitting 100,000 targets per day. The botnet is spreading TrickBot malware, a well-known and sophisticated trojan first developed in 2016 as banking malware. Users infected with the TrickBot trojan will see their device become part of a botnet that attackers use to load second-stage malware. Typical consequences of TrickBot infections are bank-account takeover, high-value wire fraud, and ransomware attacks.

    Threatpost reports: "Emotet Returns to Hit 100K Mailboxes Per Day"

  • news

    Visible to the public "FBI Warns of DoppelPaymer Attacks on Critical Infrastructure"

    The FBI issued a warning to private sector organizations about DoppelPaymer ransomware attacks and the change in techniques used by the operators behind these attacks. DoppelPaymer has affected various industries and targets, demanding the payment of six- to seven-figure ransoms. These attacks have impacted healthcare, emergency, and education services globally. One DoppelPaymer attack that occurred in September 2020 resulted in officials being unable to access a computer-aided dispatch system at a county's emergency call center. DoppelPaymner operators are among the first to follow up on ransomware infections with phone calls to pressure victims into paying the demanded ransoms. In addition to threats of leaking or selling the victim's corporate data, an operator threatened to send someone to an employee's home. This article continues to discuss the FBI's warning about the DoppelPaymer attacks and the operator's cold-calling approach to pressuring victims into paying ransoms.

    Dark Reading reports "FBI Warns of DoppelPaymer Attacks on Critical Infrastructure"

  • news

    Visible to the public "Worldwide New Account Fraud Declined 23.2% in 2020"

    In a new study by researchers at Jumio, the researchers examined fraudulent attempts to open a new account using a manipulated government-issued ID and a corroborating selfie. Selfie-based fraud describes fraudulent attempts to use a picture or video (e.g., deepfake) instead of a genuine selfie to corroborate a digital identity. The researchers discovered that new account fraud based on ID verification declined 23.2% worldwide in 2020, compared to 2019. In 2020 Selfie-based fraud rates were five times higher than ID-based fraud. The fraud associated with the selfie averaged 7.15% globally in 2020, compared to 1.41% for ID-only verifications. The researchers also found that new account fraud using a driver's license is significantly lower than other document types (e.g., passports and ID cards).

    Help Net Security reports: "Worldwide New Account Fraud Declined 23.2% in 2020"

  • news

    Visible to the public "Can We Be Manipulated Into Sharing Private Info Online? Yes, Says Ben-Gurion U. Study"

    According to a new study conducted by Ben-Gurion University of the Negev (BGU) researchers, online users are more likely to disclose private information depending on how website forms ask for information. Their study demonstrated how smartphone and PC users of online services could be led into revealing more information about themselves. The researchers manipulated how information items such as name, address, email, and more, are presented on a website form and observed how such manipulation affects the likelihood that users sign-up for a service. One of the techniques used by the BGU researchers to entice users to reveal more of their private information is the requesting of personal information from less important to more private. Another effective technique is placing each request for information on successive, separate pages. The general public and regulators must be aware of ascending privacy intrusion and multiple-page manipulations. This article continues to discuss the study on the manipulation of online users into disclosing private information, the techniques used to increase the likelihood of online disclosure, and the importance of raising awareness about these methods.

    EurekAlert! reports "Can We Be Manipulated Into Sharing Private Info Online? Yes, Says Ben-Gurion U. Study"

  • news

    Visible to the public "Script for Detecting Vulnerable TCP/IP Stacks Released"

    The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released a new advisory about four newly discovered vulnerabilities impacting the Treck TCP/IP stack. These vulnerabilities affect Treck TCP/IP stack version 6.0.1.67 and older versions. The most critical vulnerability allows attackers to perform Denial-of-Service (DoS) attacks and execute arbitrary code. Forescout released an open-source script called the project-memoria-detector tool that can be used to detect whether a network device is running one of the four open-source TCP/IP stacks impacted by the vulnerabilities. This article continues to discuss the new vulnerabilities discovered in the Treck TCP/IP stack and the tool developed by Forescout to detect the use of vulnerable TCP/IP stacks.

    Help Net Security reports "Script for Detecting Vulnerable TCP/IP Stacks Released"

  • news

    Visible to the public "Institute for Security and Technology Launches Multisector Ransomware Task Force"

    The Institute for Security and Technology (IST) has launched a multisector task force aimed at developing solutions for combating ransomware attacks. The Ransomware Task Force (RTF) will involve cybersecurity firms, cybersecurity threat sharing groups, cybersecurity promoting organizations, law firms, think tanks, and technology companies, including McAfee, Cyber Threat Alliance, Venable, Third Way, Microsoft, and more. This article continues to discuss the growing threat of ransomware, the impact of ransomware attacks, the RTF, and the multisector approach taken by this new task force to find solutions to ransomware.

    SC Media reports "Institute for Security and Technology Launches Multisector Ransomware Task Force"

  • news

    Visible to the public "“Is It You In The Video?” – Don’t Fall For This Messenger Scam"

    Researchers have discovered a new phishing attempt that is using Facebook Messenger. Adversaries use people's social media accounts to send "a video" to the user's friends. The adversaries then ask, "is it you in this video". There is no video, and it shows a black image that links to a URL shortening service, which in turn redirects to a URL that pops up what looks like a Facebook login page. Unfortunately, if a victim does end up putting in their username and password into the fake login page, it would submit the credentials to a server running on a low-cost web hosting service in the USA, using a vaguely legitimate-looking domain name that was registered less than a month ago. Scammers have been targeting social media passwords more frequently because it allows the adversaries a level of trusted access to one's friends and family, making scams of all sorts much easier to pull off.

    Naked Security reports: ""Is It You In The Video?" - Don't Fall For This Messenger Scam"

  • news

    Visible to the public "Ransomware Gangs Use 'SystemBC' Tor Backdoor in Attacks"

    Sophos researchers have reported the use of a backdoor named SystemBC by multiple ransomware families, including Ryuk and Egregor. The continuously evolving backdoor executes commands and enables adversaries to download and run scripts, executables, and DLLs. The researchers have observed SystemBC being used in hundreds of attacks in combination with Cobalt Strike and other post-exploitation tools. This article continues to discuss the observations made by researchers surrounding the capabilities and impact of the SystemBC backdoor, as well as why this is an attractive tool for attackers in the performance of ransomware attacks.

    Security Week reports "Ransomware Gangs Use 'SystemBC' Tor Backdoor in Attacks"

  • news

    Visible to the public "CyberMDX Research Team Discovers Critical Vulnerabilities in Dell Wyse Thin Client Devices"

    Researchers at the healthcare cybersecurity provider CyberMDX discovered critical vulnerabilities in Dell Wyse Thin Client devices. The exploitation of these vulnerabilities could allow attackers to remotely run malicious code and access arbitrary files on affected devices. The first vulnerability enables users to access the configuration server and read configurations belonging to other clients, which could lead to the exposure of sensitive data such as passwords. The second vulnerability allows users to access the server and make changes to configurations belonging to other thin clients. Elad Luz, the Head of Research at CyberMDX has pointed out the lack of consideration for security in these devices' design. This article continues to discuss CyberMDX's discovery of the vulnerabilities using its AI/ML anomaly detection feature, the use of thin client devices, the root of the vulnerabilities, and other efforts by CyberMDX to bolster the security of healthcare organizations against cyberattacks.

    PRNewswire reports "CyberMDX Research Team Discovers Critical Vulnerabilities in Dell Wyse Thin Client Devices"

  • news

    Visible to the public Impact of Russian hacking campaign broadens

    The Russian hacking attack is much wider than originally appeared--it's a continuing massive campaign impacting government agencies, private companies, and critical infrastructure. Additionally, the SolarWinds Orion software wasn't the only way that systems have been breached. CISA alerts that the scope of this breach poses a grave risk to networks in both the government and private sector.

    #cybersecurity #scienceofsecurity #RussianHackers

    https://www.cnn.com/2020/12/17/politics/us-government-hack-extends-beyond-solarwinds/index.html

  • news

    Visible to the public "5G Standalone Networks May Have More Vulnerabilities Than You Think"

    Positive Technologies released a new report titled "5G Standalone Core Security Research," highlighting several potential vulnerabilities in 5G standalone networks that could lead to Denial-of-Service (DoS) attacks. Researchers conducted network architecture analysis. They also examined subscriber authentication, registration procedures, and how network elements interact. The report brings attention to possible security problems with 5G networks, such as the registration of new attacker-controlled network functions, disclosure of unique subscriber identifiers, the occurrence of subscriber DoS resulting from flaws contained by the Packet Forwarding Control Protocol (PFCP), and more. This article continues to discuss key points made by Positive Technologies' report regarding potential attack scenarios against 5G standalone networks and the improvement of security for 5G traffic.

    TechRepublic reports "5G Standalone Networks May Have More Vulnerabilities Than You Think"

  • news

    Visible to the public "Bouncy Castle Bug Puts Bcrypt Passwords at Risk"

    Synopsys researchers discovered a severe authentication bypass vulnerability in a popular Java cryptography library called Bouncy Castle. The vulnerability exists in the OpenBSDBcrypt class of Bouncy Castle. The exploitation of this vulnerability could allow attackers to circumvent password checks performed by applications using the Bcrypt password hashing algorithm. Although Bouncy Castle released a patch for the bug in early November, over 90% of organizations that use the vulnerable version of this library still have not applied the patch. Bouncy Castle is used by developers across 26,000 organizations for securing applications, making the flaw a significant threat to supply chain security. This article continues to discuss the severity, potential exploitation, and impact of the Bouncy Castle bug.

    Infosecurity Magazine reports "Bouncy Castle Bug Puts Bcrypt Passwords at Risk"

  • news

    Visible to the public "5M WordPress Sites Running ‘Contact Form 7’ Plugin Open to Attack"

    Researchers at Astra Security found a critical bug for the popular WordPress plugin called Contact Form 7. The critical bug allows an unauthenticated adversary to take over a website running the plugin or hijack the entire server hosting the website. The WordPress utility is active on 5 million websites, with most of those sites (70 percent) running version 5.3.1 or older of the Contact Form 7 plugin. Researchers worked hard with the plugin developer, and a patch has been created recently. It is suggested everyone update the Contact Form 7 plugin to the new version 5.3.2.

    Threatpost reports: "5M WordPress Sites Running 'Contact Form 7' Plugin Open to Attack"

  • news

    Visible to the public "K-12 Schools Need to Take Cyberattacks More Seriously"

    There has been a significant increase in cyberattacks against public schools in the United States since the beginning of the 2020-21 school year. Federal cybersecurity officials expect these attacks to continue growing in frequency and sophistication. One of the factors contributing to the increased targeting of public schools by cybercriminals is that most schools do not spend enough to bolster their cybersecurity. Another factor is the lack of preparation by public schools to defend themselves against cyberattacks. A school system's network may not have proper security mechanisms or professionals in place to protect sensitive personal information from cyberattacks. This article continues to discuss notable cyberattacks faced by public schools this year, the factors contributing to the significant growth in attacks targeting public schools, how cybercriminals are leveraging the COVID-19 pandemic in their execution of ransomware attacks against these schools, and what schools can do to strengthen their cybersecurity.

    Homeland Security News Wire reports "K-12 Schools Need to Take Cyberattacks More Seriously"

  • news

    Visible to the public "Hackers Use Mobile Emulators to Steal Millions"

    IBM Trusteer researchers report that hackers are using mobile emulators to spoof banking customers' mobile devices in order to steal millions of dollars from online banking accounts belonging to customers located in the U.S. and Europe. Mobile emulators are virtual devices that can mimic the functionality of real mobile devices. Developers often use them to test applications and features on various types of devices. According to IBM, attackers used 20 mobile emulators to mimic more than 16,000 compromised devices. The attackers were able to access thousands of bank accounts and steal millions of dollars within days using the spoofed devices. Each spoofed device was discarded and replaced by another spoofed device to restart the attack cycle after it successfully compromised an account. IBM researchers found that in some cases, attackers made it look like a customer was accessing an account from a new device to further evade security protections implemented by banks. This article continues to discuss how hackers used mobile emulators to steal millions of dollars from banks in the U.S. and Europe.

    GovInfoSecurity reports "Hackers Use Mobile Emulators to Steal Millions"

  • news

    Visible to the public "Migration Delays Prevent AD-Centric Zero Trust Security Framework Adoption"

    Researchers at One Identity conducted a new survey of 1,216 IT security professionals. They found that 37 percent of the participants rated rapid changes in their AD/AAD environment as the key impact of COVID-19 on their organization's identity management team. Almost half of the survey respondents stated that granting and revoking access through AD and AAD has proven to be more important than ever, highlighting that companies are using AD/AAD as the foundation of their identity management programs. Migration to AAD is slow going, with companies operating in various stages of AD/AAD migration. Only 8 percent of companies globally have fully moved to AAD, with only 9 percent planning to do so next year.

    Help Net Security reports: "Migration Delays Prevent AD-Centric Zero Trust Security Framework Adoption"

  • news

    Visible to the public "Microsoft and FireEye Create a 'Killswitch' for SUNBURST Malware Affecting SolarWinds' Orion"

    Microsoft, FireEye, and GoDaddy have worked together to create a "killswitch" for SUNBURST, which is the malware distributed in the supply chain attack on SolarWinds' Orion IT management platform. This platform is used by several U.S. government agencies, including the departments of Treasury, Commerce, and Homeland Security, as well as companies in the private domain, including Boeing and Los Alamos National Laboratory. The killswitch was designed to take over one of the domains used by attackers to infect victims' systems with SUNBURST malware. According to a FireEye spokesperson, this killswitch will affect new and previous SUNBURST infections. This article continues to discuss the supply chain attack on the SolarWinds Orion platform and how the killswitch works to prevent further spread of the SUNBURST malware.

    CISO MAG reports "Microsoft and FireEye Create a 'Killswitch' for SUNBURST Malware Affecting SolarWinds' Orion"

  • news

    Visible to the public "3M Users Targeted by Malicious Facebook, Insta Browser Add-Ons"

    Researchers at Avast Threat Intelligence have recently identified malware existing in popular add-ons for Facebook, Vimeo, Instagram, and others commonly used in browsers from Google and Microsoft. A total of 28 popular extensions for Google Chrome and Microsoft Edge browsers may contain malware and likely should be uninstalled by the more than 3 million people that already have downloaded them. The researchers discovered the threat in November but have stated that it could have gone unnoticed for years. Reviews on the Chrome Web Store show evidence of this, as reviews mention link hijacking from as far back as December 2018.

    Threatpost reports: "3M Users Targeted by Malicious Facebook, Insta Browser Add-Ons"

  • news

    Visible to the public "GAO Highlights Supply Chain Practices Amid SolarWinds Hack"

    The Government Accountability Office (GAO) released a report revealing that most large agencies did not implement the National Institute of Standards and Technology's (NIST) Supply Chain Risk Management (SCRM) practices following closely after the SolarWinds breach, which affected the U.S. Treasury and Commerce Departments. The report compares agency policies against seven foundational practices for SCRM highlighted in various NIST guidance documents. It was discovered that most CFO Act agencies do not follow practices such as executive oversight of SCRM activities, the enforcement of organizational requirements for the supply chain, the establishment of procedures for detecting compromised products prior to their deployment, and more. This article continues to discuss the key findings shared by the GAO report on the implementation of SCRM practices by Federal agencies.

    MeriTalk reports "GAO Highlights Supply Chain Practices Amid SolarWinds Hack"

  • news

    Visible to the public "Knowing What the Enemy Knows Is Key to Proper Defense"

    Etay Maor, the Chief Security Officer (CSO) at the threat intelligence firm IntSights gave a presentation at the Black Hat Europe 2020 virtual event in which they emphasized the importance of knowing what the enemy knows when defending an organization against cyber threats. Maor also highlights the need for organizations to examine how much they know about themselves so they could enhance protection against such threats. According to Maor, attackers are increasingly using social engineering techniques, simple web searches, and Dark Web markets to obtain credentials to log into a targeted network instead of breaking into it. The significant growth in remote work due to the COVID-19 pandemic has opened more opportunities for cybercriminals to find this type of information. Organizations are encouraged to explore the different ways in which criminals can collect information. This article continues to discuss the importance of thinking like an attacker to defend an organization against cyberthreats, how cybercriminals could collect intelligence that could be used in an attack, and the increased availability of such information in underground criminal marketplaces.

    Dark Reading reports "Knowing What the Enemy Knows Is Key to Proper Defense"

  • news

    Visible to the public "Total Published CVEs Hits Record High for Fourth Year"

    Researchers at K2 cybersecurity have found that the past 12 months have seen a record number of CVEs published by the US authorities, which is the fourth year in a row the number of CVEs published has risen. Last year, 17,306 CVEs were published, including 4337 high-risk, 10,956 medium-risk, and 2013 low-risk flaws. As of December 15th, 17,447 CVEs were recorded in total, including 4168 high-risk, 10,710 medium-risk, and 2569 low-risk bugs. The researchers also found that between 2005-16 numbers ranged from around 4000 to 8000 vulnerabilities each year. In 2017 the number of CVEs reported skyrocketed to over 14,000. The researchers argue that the pandemic might have impacted the number of disclosures this year.

    Infosecurity reports: "Total Published CVEs Hits Record High for Fourth Year"

  • news

    Visible to the public "RAM-Generated Wi-Fi Signals Allow Data Exfiltration From Air-Gapped Systems"

    Mordechai Guri, the head of R&D at the Ben-Gurion University of the Negev in Israel, recently published a paper detailing a new technique to exfiltrate data from an air-gapped system. Air gapping is a security measure in which a computer or network that contains highly sensitive information is isolated from the Internet or any other internet-connected systems. The new method called AIR-FI involves the installation of malware on a compromised air-gapped system to generate Wi-Fi signals that a smartphone, Internet of Things (IoT) device, or laptop can intercept and send to attackers through the Internet. This technique relies on DDR SDRAM buses to generate these covert Wi-Fi signals. AIR-FI assumes that the adversary has successfully compromised the air-gapped system and collected credentials, documents, files, and other data of interest. According to Guri, this attack method also works on Virtual Machines (VMs). This article continues to discuss the AIR-FI data exfiltration technique and proposed countermeasures against this attack method.

    Security Week reports "RAM-Generated Wi-Fi Signals Allow Data Exfiltration From Air-Gapped Systems"

  • news

    Visible to the public "Millions of Medical Imaging Files Freely Accessible on Unprotected Servers"

    Researchers at CyberAngel discovered that more than 45 million medical imaging files, including X-rays and CT scans, can be accessed on over 2,140 unprotected servers across the US, UK, Germany, and 64 other countries. These files include personally identifiable information and personal healthcare information such as name, birth date, height, weight, and diagnosis. The researchers have emphasized that the exposure of sensitive imaging files poses a major threat to patients' security as threat actors could use the information contained by the files to launch ransomware attacks, commit fraud, and more. This article continues to discuss the discovery and potential impact of this exposure of medical imaging files, as well as the importance of having a balance between security and accessibility to prevent such leaks from turning into a significant data breach.

    Infosecurity Magazine reports "Millions of Medical Imaging Files Freely Accessible on Unprotected Servers"

  • news

    Visible to the public "New, Free Tool Adds Layer of Security for the Software Supply Chain"

    Researchers at the NYU Tandon School of Engineering developed an open-source tool called "in-toto" to bolster software supply chain security against cyberattacks. In-toto is a free and easy-to-use framework that cryptographically ensures the integrity of all steps in designing and developing a piece of software. This tool has been adopted and implemented into major open-source software projects, including those hosted by the Cloud Native Computing Foundation, a Linux Foundation project. When applying in-toto, a company must establish a set of rules or protocols associated with each step conducted in software development. When each step is performed, in-to gathers link metadata confirming that the step was followed according to the established set of rules or protocols. This article continues to discuss the goal, development, operation, and adoption of in-toto.

    NYU reports "New, Free Tool Adds Layer of Security for the Software Supply Chain"

  • news

    Visible to the public "Apple's App 'Privacy Labels' Are Here—and They're a Big Step Forward"

    Apple has launched new privacy labels for iOS and macOS App Stores to increase the transparency of apps' data collection. The labels are considered nutrition facts for apps in that they provide details to users about what data is collected and accessed by each app. The labels fall into three categories: Data Used to Track You, Data Linked to You, and Data Not Linked to You. A label consists of bullet points, with each detailing what is happening behind an app. For example, a label may reveal that the app collects location data, financial details, and contact information. The label might reveal that the app links this data to the device's ID number or other identifiers. The label may also show that the app shares information with other companies to track users across websites and services. The enforcement of these labels is expected to raise awareness among users about apps' data gathering and encourage developers into taking user privacy more seriously. However, one concern is whether developers will provide accurate information for these labels. Another concern is whether developers have a clear understanding of how their app collects and manages data. This article continues to discuss Apple's app privacy labels and the aspects that could impact the effectiveness of these labels, as well as other efforts in the development of privacy or security breakdown labels.

    Wired reports "Apple's App 'Privacy Labels' Are Here--and They're a Big Step Forward"

  • news

    Visible to the public "Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure"

    Researchers at Armis found that thousands of organizations remain at risk from the URGENT/11 and CDPwn collections of vulnerabilities, which affect operational technology (OT) gear and the internet of things (IoT). Even though there are patches out that fix the vulnerabilities, many of the OT devices and IoT devices have not been patched yet. The researchers discovered that 97 percent of the OT devices impacted by URGENT/11 have not been patched, despite fixes being delivered in 2019. 80 percent of those devices affected by CDPwn remain unpatched as well.

    Threatpost reports: "Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure"

  • news

    Visible to the public "DHS CISA Alerts to Medtronic MyCareLink Medical Device Flaws"

    The U.S. Homeland Security Department's Cybersecurity & Infrastructure Security Agency (CISA) released an alert about vulnerabilities found in Medtronic MyCareLink (MCL) medical devices. The vulnerabilities were discovered by the Internet of Things (IoT) security firm Sternum and a team of researchers from the University of California Santa Barbara, University of Florida, and the University of Michigan. The flaws impact all versions of the MCL Smart Model 25000 Patient Reader. This device is used to obtain information about a patient's implanted cardiac device and transmit the information through the patient's mobile device to the Medtronic CareLink network to assist in managing the patient's care. According to the researchers, the flaws stem from improper authentication, heap-based buffer overflow, as well as time-of-check or time-of-use race condition. The authentication method used by the MCL Smart Patient Reader and the Medtronic MyCareLink Smart Mobile app is vulnerable to being circumvented by attackers. One of the flaws could result in the exposure of resources or functionality, which could lead to unauthorized access to sensitive information or the execution of arbitrary code. This article continues to discuss the security flaws impacting the MCL Smart Patient Reader, how Medtronic has responded to this discovery, and the importance of vulnerability disclosures in the improvement of medical device security.

    HealthITSecurity reports "DHS CISA Alerts to Medtronic MyCareLink Medical Device Flaws"

  • news

    Visible to the public "HackerOne, Verizon Weigh Pros and Cons of Making Live Hacking Contests Virtual"

    One of the effects of the COVID-19 pandemic is the change of live hacking events from being hosted in-person to being held virtually. Due to the pandemic, Verizon Media, in collaboration with HackerOne, had to hold two hacking events online. They both recently hosted what is said to be the world's largest live hacking contest. Whether hosted in-person or online, live hacking events allow companies to find security flaws in their assets with the help of ethical hackers that could be exploited by attackers to perform malicious activities. These events also provide opportunities to hire hackers for corporate positions. This article continues to discuss the benefits and concerns surrounding virtual, live hacking events.

    CyberScoop reports "HackerOne, Verizon Weigh Pros and Cons of Making Live Hacking Contests Virtual"

  • news

    Visible to the public "New Windows Trojan Steals Browser Credentials, Outlook Files"

    Researchers with Palo Alto's Unit 42 research team have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities. The trojan is called PyMicropsia (due to it being built with Python) and was developed by the threat group AridViper. The trojan's information-stealing capabilities include file uploading, payload downloading/execution, browser-credential stealing, the ability to clear browsing history and profiles, taking screenshots, and keylogging. Also, PyMicropsia can collected information from USB drives, record audio, harvest Outlook .OST files, and kill/ disable Outlook processes.

    Threatpost reports: "New Windows Trojan Steals Browser Credentials, Outlook Files"

  • news

    Visible to the public "Phishing Campaign Uses Outlook Migration Message"

    Researchers at Abnormal Security have released details about an ongoing phishing campaign aimed at harvesting users' Office 365 credentials. The phishing emails in the campaign are designed to appear as if they were sent from the IT department of an organization at which the targeted user works. The phishing emails urge users to migrate to the latest version of Microsoft Outlook. When victims click the link in the email, they are taken to a malicious domain displaying an older version of the Outlook sign-up page. When a victim enters their username and password into the login page, attackers can access any platform where those same credentials are used. According to the security researchers, the emails are written in English or German. It has also been discovered that the phishing emails have reached around 80,000 inboxes thus far. This article continues to discuss the phishing campaign's use of an Outlook migration message to collect users' Office 365 credentials, how the campaign uses the COVID-19 pandemic to increase the success of its attack, and other Office 365 attacks that have been observed this year.

    BankInfoSecurity reports "Phishing Campaign Uses Outlook Migration Message"

  • news

    Visible to the public CISA and the FBI issue alert about rise in ransomware attacks of K-12 schools

  • news

    Visible to the public "Contact-Tracing Apps Still Expose Users to Security, Privacy Issues"

    An analysis of 95 COVID-19 contact-tracing apps conducted by the mobile security firm Guardsquare revealed that 40% did not use the official API of the Exposure Notifications protocol created by Apple and Google to protect user privacy and security. The company looked at 52 Android apps and 43 iOS apps. Out of the 40% that did not use the official Exposure Notifications, only around 5% applied more than two out of the six essential security measures, including sensitive string encryption, data at rest encryption, jailbreak monitoring, and the linking of hosts to their SSL keys. Many of these applications use Global Positioning System (GPS) data to determine a user's location, which is then linked with identifying details such as their phone number or passport identifier. Mapping GPS location information to such details about a user poses a significant threat to users' security and privacy as it enables surveillance. This article continues to discuss the lack of the use of the Exposure Notifications protocol for many contact-tracing apps.

    Dark Reading reports "Contact-Tracing Apps Still Expose Users to Security, Privacy Issues"

  • news

    Visible to the public "Ad-Injecting Malware Hijacks Chrome, Edge, Firefox"

    The Microsoft 365 Defender Research Team has issued a warning about ad-injecting malware called Adrozek. According to Microsoft, cybercriminals have been distributing Adrozek malware since May 2020, with its peak occurring in August when more than 30,000 devices were being infected every day. The main goal of Adrozek is to inject ads and redirect traffic to other websites. However, Microsoft researchers warn of the Adrozek attack chain's sophisticated behavior that can allow attackers to gain a strong foothold on a victim's device. Adrozek malware is capable of modifying browser extensions, specific DLLs, browser security settings, and systems settings, as well as stealing user credentials. Adrozek infects devices via drive-by downloads. This article continues to discuss observations and key findings surrounding the impact and capabilities of Adrozek malware, in addition to the prevention and mitigation of this malware.

    Help Net Security reports "Ad-Injecting Malware Hijacks Chrome, Edge, Firefox"

  • news

    Visible to the public "Researchers Warn of Security Vulnerabilities in These Widely Used Point-of-Sale Terminals"

    Security vulnerabilities have been discovered in two widely used Point-of-Sale (PoS) terminals that could allow cybercriminals to conduct a number of malicious activities such as stealing credit card details, cloning terminals, and more. The vulnerabilities that exist in Verifone and Ingenico products used in millions of stores globally were detailed by independent researcher Aleksei Stennikov, and the head of offensive security research at Cyber R&D Lab Timur Yunusov at Black Hat Europe 2020. According to the researchers, one of the vulnerabilities impacting both brands stems from the use of default passwords, which could allow attackers to access service menus, manipulate code on machines, and run malicious commands. These security issues are said to have existed for at least ten years. Attackers could gain access to PoS devices to perform malicious activities physically or remotely. Once remote access is achieved, an attacker can execute arbitrary code, buffer overflows, and other techniques that can lead to the escalation of privileges, manipulation of devices, and data exposure. This article continues to discuss the source, potential exploitation, and impact of vulnerabilities found in PoS terminals, as well as how PoS device manufacturers responded to this discovery and how retailers can protect against attacks abusing PoS vulnerabilities.

    ZDNet reports "Researchers Warn of Security Vulnerabilities in These Widely Used Point-of-Sale Terminals"

  • news

    Visible to the public "PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers"

    Researchers are warning of an active ransomware campaign that is targeting MySQL database servers. MySQL is an open-source relational database management system. The ransomware is called PLEASE_READ_ME, and has so far breached at least 85,000 servers worldwide, and has posted at least 250,000 stolen databases on a website to sell. The attack exploits weak credentials on internet-facing MySQL servers, of which there are close to 5 million worldwide. Since the researchers first observed the ransomware campaign in January, the attackers have switched up their techniques to put more pressure on victims and to automate the payment process for the ransom.

    Threatpost reports: "PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers"

  • news

    Visible to the public "Critical Steam Flaws Could Let Gamers Crash Opponents’ Computers"

    Valve fixed critical bugs (CVE-2020-6016, CVE-2020-6017, CVE-2020-6018, and CVE-2020-6019) in its Steam gaming client, a popular platform for video games like Counter Strike: Global Offensive, Dota2, and Half Life. The first three CVEs score 9.8 out of 10 on the CVSS scale, making them critical in severity, while the fourth ranks 7.5 out of 10, making it high-severity. If exploited, the flaws could allow a remote attacker to crash an opponent's game client, take over the computer, and hijack all computers connected to a third-party game server.

    Threatpost reports: "Critical Steam Flaws Could Let Gamers Crash Opponents' Computers"

  • news

    Visible to the public "Security by Design"

    Nadya Bliss, the executive director of Arizona State University's Global Security Initiative, and her colleagues from the University of Maryland, Lehigh University, Cornell University, and the University of Utah are calling on technologists to prioritize security together with capability in the design of new technologies. They released a white paper titled "A Research Ecosystem for Secure Computing," discussing how security can be incentivized in the design and development of new technologies. The steps outlined by their paper that supports security incentivization include investment in lifelong learning and training, sustained investment in computer science research, public/private partnerships surrounding security metrics, and more. This article continues to discuss the need to balance capabilities and convenience with security, the goal of Quadrennial Papers released by the Computing Research Association (CRA), and the white paper that outlines steps toward the incentivization of security in the development of technological innovations.

    ASU reports "Security by Design"

  • news

    Visible to the public "Palo Alto Creates Visualization Tool to Guide Response to Egregor Ransomware Attacks"

    Palo Alto's Unit 42 developed a tool to help security teams visualize the techniques used by the attack group behind the Egregor ransomware attacks and to improve responses to these attacks. The Unit 42 ATOM Viewer allows security professionals to view what tactics are used by the attackers using a chart, which they can click through to see what to enable on a Palo Alto firewall. Companies that have not implemented Palo Alto firewalls can map the information provided by the ATOM Viewer to the MITRE ATT&CK framework. This article continues to discuss the impact of Egregor ransomware, its similarities with other ransomware strains, and the visualization tool developed by Palo Alto to guide security professionals' response to Egregor ransomware attacks.

    SC Media reports "Palo Alto Creates Visualization Tool to Guide Response to Egregor Ransomware Attacks"

  • news

    Visible to the public "Vulnerabilities Found in Multiple GE Imaging Systems"

    A team of researchers at CyberMDX discovered flaws in more than one hundred different GE Healthcare imaging and ultrasound products widely used in US hospitals. The exploitation of these vulnerabilities could allow attackers to gain access to Protected Health Information (PHI), modify this data, and interfere with the availability of medical devices. These vulnerabilities stem from unsecured communications between medical devices and vendor servers. GE Healthcare confirmed that the flaws affect over 100 radiological devices, including CT scanners, PET machines, MRI machines, ultrasound devices, X-ray machines, and more. The US Cybersecurity and Infrastructure Agency (CISA) recently issued an ICS Medical Advisory about the vulnerabilities. This article continues to discuss the discovery, possible exploitation, and potential impact of the vulnerabilities in GE imaging and ultrasound products.

    Infosecurity Magazine reports "Vulnerabilities Found in Multiple GE Imaging Systems"