Microsoft Teams now automatically blocks phishing attempts
www.bleepingcomputer.com/news/security/microsoft-teams-now-automatically-blocks-phishing-attempts/ Microsoft has extended Defender for Office 365 Safe Links protection to Microsoft Teams to safeguard users from malicious URL-based phishing attacks.. This added protection couldn’t have come at a better time, seeing that, based on Microsoft’s stats, the Microsoft Teams userbase has exploded over the last 18 months since the start of the pandemic and the quick switch to remote work.. Also
UK worries Starlink and OneWeb may interfere with each other, plans new rules
arstechnica.com/information-technology/2021/07/starlink-and-similar-networks-could-block-each-others-signals-uk-warns/ A UK government agency is worried that OneWeb, SpaceX’s Starlink, and similar low Earth orbit (LEO) satellite-broadband systems could block each others’ signals.. “The potential for harmful interference between different satellite systems is usually managed by operators cooperating with each other under the ITU satellite coordination procedures,” Ofcom wrote. The agency added: However, coordination between NGSO systems is proving to be more challenging due to the dynamic nature of these systems […]
New Attacks on Kubernetes via Misconfigured Argo Workflows
www.intezer.com/blog/container-security/new-attacks-on-kubernetes-via-misconfigured-argo-workflows/ We have identified infected nodes and there is the potential for larger scale attacks due to hundreds of misconfigured deployments. We have detected exposed instances of Argo Workflows that belong to companies from different sectors including technology, finance and logistics.
IDEMIA fixes vulnerability that can allow threat actors to open doors remotely
therecord.media/idemia-fixes-vulnerability-that-can-allow-threat-actors-to-open-doors-remotely/ Tracked as CVE-2021-35522, the vulnerability impacted IDEMIA devices like VisionPass facial recognition devices, SIGMA fingerprint terminals, and MorphoWave and MorphoAccess vein and fingerprint authentication solutions.
Biden administration officials endorse ransomware reporting rules
A Controversial Tool Calls Out Thousands of Hackable Websites
www.wired.com/story/punkspider-web-site-vulnerabilities/ At the Defcon hacker conference next week, Alejandro Caceres and Jason Hopper plan to releaseor, rather, to upgrade and re-release after a years-long hiatusa tool called PunkSpider. Essentially a search engine that constantly crawls the entire web, PunkSpider automatically identifies hackable vulnerabilities in websites, and then allows anyone to search those results to find sites susceptible
The Challenges of Vulnerability Management in OT Environments
www.dragos.com/blog/the-challenges-of-vulnerability-management-in-ot-environments/ After careful analysis and field validation, Dragos has found that publicly announced vulnerability severity scores are often inaccurate, incomplete and lack both context and guidance. This means that industrial teams are struggling with how to interpret and apply them in their environments and spending too much time chasing the wrong issues.. Whitepaper at
A new chapter for Googles Vulnerability Reward Program
security.googleblog.com/2021/07/a-new-chapter-for-googles-vulnerability.html To celebrate our anniversary and ensure the next 10 years are just as (or even more) successful and collaborative, we are excited to announce the launch of our new platform, bughunters.google.com.. We also want to take a moment to shine a light on some aspects of the VRP that are not yet well-known, such as: Submitting patches to open-source software is eligible for a reward. We have rewards for research papers on the security of open source. Your open-source software might be eligible for a subsidy
HP finds 75% of threats were delivered by email in first six months of 2021
www.zdnet.com/article/hp-finds-75-of-threats-were-delivered-by-email-in-first-six-months-of-2021/ HP’s researchers found that there has been a 65% rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021. Some of the tools are able to solve CAPTCHA challenges using computer vision techniques. . Report at
Hackers Turning to ‘Exotic’ Programming Languages for Malware Development
thehackernews.com/2021/07/hackers-turning-to-exotic-programming.html Earlier this year, enterprise security firm Proofpoint discovered new malware written in Nim (NimzaLoader) and Rust (RustyBuer) that it said were being used in active campaigns to distribute and deploy Cobalt Strike and ransomware strains via social engineering campaigns. In a similar vein, CrowdStrike last month observed a ransomware sample that borrowed implementations from previous HelloKitty . and FiveHands variants, while using a Golang packer to encrypt its main C++-based payload.
Threat Actors Exploit Misconfigured Apache Hadoop YARN
www.trendmicro.com/en_us/research/21/g/threat-actors-exploit-misconfigured-apache-hadoop-yarn.html It should be noted that the exposure of these cloud services is not because they are inherently unsecure, but only because of misconfiguration. Nevertheless, this is an alarming security risk as it allows remote code execution (RCE) on the cluster. Unfortunately, threat actors have been actively exploiting these services for years.
Online Retail Fraud in the Criminal Underground
go.recordedfuture.com/hubfs/reports/cta-2021-0726.pdf In 2021 and for the foreseeable future, we believe that the sale of compromised customer data and account information, credential stuffing tools, and refund fraud tutorials will each likely remain among the most serious threats targeting online retail organizations and e-commerce platforms. . Looking ahead, threat actors likely will continue to use dark web marketplaces, forums, and shops to advertise compromised victim PII, account information and rewards, and payment or gift cards. Threat actors advertising these commodities seemingly do not target specific retailers exclusively, instead regularly selling similar data from many retail and e-commerce entities.
PHOBOS ransomware infection at the Clinical Hospital No.1 CF Witting in Bucharest
www.databreaches.net/phobos-ransomware-infection-at-the-clinical-hospital-no-1-cf-witting-in-bucharest/ Moreover, the present attack is similar to the one in the summer of 2019, when 4 other hospitals in Romania were affected by PHOBOS, in the context of the lack of antivirus solutions at the level of the IT&C infrastructure used by them. PHOBOS ransomware has a medium level of complexity, using as a method of infection, mainly Remote Desktop Protocol (RDP) connections.
‘Praying Mantis’ threat actor targeting Windows internet-facing servers with malware
www.zdnet.com/article/praying-mantis-threat-actor-targeting-windows-internet-facing-servers-with-malware/#ftag=RSSbaffb68 The report said that the advanced and persistent threat actor — which they have named “Praying Mantis” or “TG1021” — mostly used deserialization attacks to load a completely volatile, custom malware platform tailored for the Windows IIS environment.. Report at