APT trends report Q2 2021
securelist.com/apt-trends-report-q2-2021/103517/ We have reported several supply-chain attacks in recent months.. While some were major and have attracted worldwide attention, we observed equally successful low-tech attacks, such as BountyGlad, CoughingDown and the attack targeting Codecov.
Cyber-attack on Iranian railway was a wiper incident, not ransomware
therecord.media/cyber-attack-on-iranian-railway-was-a-wiper-incident-not-ransomware/ The cyber-attack that paralyzed Irans national railway system at the start of the month was caused by a disk-wiping malware strain named Meteor and not by a ransomware attack, according to research published by security firms Amnpardaz and SentinelOne, which managed to obtain a copy of the malware.. Also
Disentangling Disinformation: Not as Easy as it Looks
www.eff.org/deeplinks/2021/07/disentangling-disinformation-not-easy-it-looks But while disinformation superspreaders are easy to identify based on the sheer amount of information they disseminate, tackling disinformation at a systemic level is not an easy task, and some of the policy proposals were seeing have us concerned. Heres why.
Google Play Protect fails Android security tests once more
www.bleepingcomputer.com/news/security/google-play-protect-fails-android-security-tests-once-more/ Google Play Protect, the Android built-in malware defense system, has failed the real-world tests of antivirus testing lab AV-TEST after detecting just over two thirds out of more than 20,000 malicious apps it was pitted against.
New Android malware records smartphones via VNC to steal passwords
therecord.media/new-android-malware-records-smartphones-via-vnc-to-steal-passwords/ Security researchers have discovered a novel piece of Android malware that uses the VNC technology to record and broadcast a victims smartphone activity, allowing threat actors to collect keyboard presses and app passwords.. Also
Malicious Content Delivered Through archive.org
isc.sans.edu/diary/rss/27688 That’s the wild Internet today: If you allow users to create an account and upload some data, chances are big that the feature will be (ab)used to host malicious content. Indeed, archive.org is a top domain and is usually not blocked or tagged as malicious.
‘Woefully insufficient’: Biden administration’s assessment of critical infrastructure infosec protection
www.theregister.com/2021/07/29/biden_memo_on_critical_infrastructure_control_systems_security/ The Memorandum was accompanied by transcripts of remarks made by a “Senior administration official” who said the edicts are needed because “We have a patchwork of sector-specific statutes that have been adopted piecemeal, typically in response to discrete security threats in particular sectors that gained public attention.
Israel begins investigation into NSO Group spyware abuse
www.technologyreview.com/2021/07/28/1030244/israel-investigation-nso-group-pegasus-spyware/ Israeli government officials visited the offices of the hacking company NSO Group on Wednesday to investigate allegations that the firms spyware has been used to target activists, politicians, business executives, and journalists, the countrys defense ministry said in a statement today.. Also in NSO coverage
www.ft.com/content/24f22b28-56d1-4d66-8f76-c9020b1b5cb1 “How Israel used NSO spyware as diplomatic calling card”, and BSI guidance at
Microsoft researcher found Apple 0-day in March, didnt report it
nakedsecurity.sophos.com/2021/07/29/microsoft-researcher-found-apple-0-day-in-march-didnt-report-it/ With this in mind, of course, you could argue that putting the bug on ice for an expected five months (March to August) created a realistic risk that someone else would find it in the meantime, and that the bug-hunter who rediscovered it might decide to use it as a zero-day, and not for the purposes of responsible research. (Indeed, that seems to be what happened.)
Understanding the increase in Supply Chain Security Attacks
www.enisa.europa.eu/news/enisa-news/understanding-the-increase-in-supply-chain-security-attacks The European Union Agency for Cybersecurity mapping on emerging supply chain attacks finds 66% of attacks focus on the suppliers code.. Report at
Mid-Year Attack Trends Report Reveals A 29% Increase In Cyberattacks Against Organizations Globally
research.checkpoint.com/2021/check-point-softwares-mid-year-attack-trends-report-reveals-a-29-increase-in-cyberattacks-against-organizations-globally/ Cyber Attack Trends: 2021 Mid-Year Report uncovers how cybercriminals have continued to exploit the Covid-19 pandemic and highlights a dramatic global 93% increase in the number of ransomware attacks
IBM cost of data breach report
www.ibm.com/downloads/cas/OJDVQGRY The average total cost of a data breach increased by nearly 10% year over year, the largest single year cost increase in the last seven years. Remote working and digital transformation due to the COVID-19 pandemic increased the average total cost of a data breach. Healthcare organizations experienced the highest average cost of a data breach, for the eleventh year in a row
– From stolen laptop to inside the company network
dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network To recap, we took a locked down FDE laptop, sniffed the BitLocker decryption key coming out of the TPM, backdoored a virtualized image, and used its VPN auto-connect feature to attack the internal corporate network. That is one way to go from stolen laptop to internal compromise.
PDF as a Weapon of Choice on the Cybersecurity Battlefield
www.deepinstinct.com/2021/07/28/pdf-as-a-weapon-of-choice-on-the-cybersecurity-battlefield/ In this blog well look more closely at the PDF and a variety of ways cybercriminals are using it to fool detection and infiltrate networks. Well also show how Deep Instinct detects compromised PDFs, immediately disabling them from being opened.
Microsoft provides more mitigation instructions for the PetitPotam attack
blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/microsoft-provides-more-mitigation-instructions-for-the-petitpotam-attack/ In a revision of KnowledgeBase article KB5005413, Microsoft has provided more elaborate mitigation instructions for the PetitPotam attacks that were disclosed a week ago.. Advice at
NSA Issues Guidance on Securing Wireless Devices in Public Settings
www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2711968/nsa-issues-guidance-on-securing-wireless-devices-in-public-settings/ NSA released the Cybersecurity Information Sheet, Securing Wireless Devices in Public Settings today to help National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) teleworkers identify potential threats and minimize risks to their wireless devices and data.. Guidance at
Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs
thehackernews.com/2021/07/hackers-exploit-microsoft-browser-bug.html An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an “unusual” campaign.. Also
Estonia says a hacker downloaded 286,000 ID photos from government database
therecord.media/estonia-says-a-hacker-downloaded-286000-id-photos-from-government-database/ Estonian officials said they arrested last week a local suspect who used a vulnerability to gain access to a government database and download government ID photos for 286,438 Estonians.. In a FAQ page published yesterday, RIA said its database usually checked with five different subsystems before returning a query to display a users government ID photo. The suspect discovered a security vulnerability in one of RIAs applications that did not sufficiently check the validity of the query, RIA said yesterday.. According to Oskar Gross, Head of the Cybercrime Bureau of the National Criminal Police, this information was discovered on the suspects computer during a house search last week, along with the downloaded photos.
Meet Paragon: An American-Funded, Super-Secretive Israeli Surveillance Startup That Hacks WhatsApp And Signal
www.forbes.com/sites/thomasbrewster/2021/07/29/paragon-is-an-nso-competitor-and-an-american-funded-israeli-surveillance-startup-that-hacks-encrypted-apps-like-whatsapp-and-signal/ Paragons product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether thats WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get longer-lasting access to a device, even . even when its rebooted.