Global Banking Trojan Resurfaces With A Vengeance 

Posted in Commentary with tags on May 21, 2024 by itnerd

According to a new report from IBM’s X-Force, a widespread banking malware Grandoreiro has resurfaced in numerous new campaigns with improved functionality designed to make it a more meaningful threat.

The cybersecurity unit has been tracking several large-scale phishing campaigns since March including attacks impersonating Mexico’s Tax Administration Service, Federal Electricity Commission and Secretary of Administration and Finance, as well as the Revenue Service of Argentina and the South African Revenue Service.

“In each campaign, the recipients are instructed to click on a link to view an invoice or fee, account statement, make a payment, etc. depending on the impersonated entity.

“If the user who clicks on the links is within a specific country (depending on the campaign, Mexico, Chile, Spain, Costa Rica, Peru, or Argentina), they are redirected to an image of a PDF icon, and a ZIP file is downloaded in the background. The ZIP files contain a large executable disguised with a PDF icon, found to have been created the day prior to, or the day of the email being sent,” IBM X-Force said.

The malware has been observed since at least 2017 previously only targeting Spanish-speaking countries. The new Grandoreiro is a modular operation with the ability to target over 1500 global banking applications and websites in over 60 countries.

The latest version features updates that allow the malware to contact at least 12 different C2 domains per day. There are also new capabilities allowing it to spread more efficiently by harvesting victim data from targeted email clients.

“The updates made to the malware, in addition to the significant increase in banking applications across several nations, indicate that the Grandoreiro distributors are seeking to conduct campaigns and deliver malware on a global scale,” IBM X-Force concluded.

Emily Phelps, Director, Cyware:

   “This incident underscores the need for organizations to adopt more proactive cybersecurity strategies. A collective defense approach and the implementation of cyber fusion strategies can help organizations get ahead of threats, operationalizing relevant threat insights and breaking down silos so that security teams can rapidly take action. As adversaries evolve their tactics, our collective defense must be equally dynamic and resilient.”

This highlights the fact that threat actors are taking attack code that is already out there and making them a lot more dangerous. This is why having the sort of defence that Ms. Phelps describes is the best way to stop your organization from getting pwned.

Leave a comment »

WebTPA Discloses 2023 Breach Impacting Over 2.4 Million

Posted in Commentary on May 21, 2024 by itnerd

In an undated notice on its website, WebTPA has reported it was the victim of a “data security incident” last year that may have impacted 2,429,175 people.

Texas-based WebTPA, a company that provides administrative services to health benefit plans and insurance companies, says an investigation launched in late last year revealed that an “unauthorized actor may have obtained personal information between April 18 and April 23, 2023.”

On May 8, WebTPA told the federal Department of Health and Human Services that the exposed information is different depending on the individual, and data may include:

  • Name
  • Contact information
  • Date of birth
  • Date of death
  • Social Security number
  • Insurance information

Company President Lisa Tranberg said that “financial information, such as financial account information or credit card numbers, and treatment or diagnostic information were not impacted.”

The announcement comes amidst the global healthcare disruption of the Change Healthcare breach and, more recently, the attack on the Ascension hospital chain and Australian prescriptions company MediSecure.

BullWall Executive, Carol Volk had this to say:

   “It’s no longer up for debate, assume you will be hacked and breached and that your data will be stolen, held for ransom or destroyed. Your only option is to be prepared. Every organization with valuable data, which means every one of us, must have in place, in addition to sophisticated EDR defense and backup methods, a comprehensive ransomware containment solution. The focus must be to protect, not just detect. When attackers breach the walls, they must not be allowed into the vault.”

This is good advice as we’re in a place now where it’s not if, but when you’re going to get pwned by hackers. Thus you have to shift from not just trying to keep the bad guys out, but containment if they do get in.

Leave a comment »

Kashable and BrightDime Launch New Partnership

Posted in Commentary with tags , on May 20, 2024 by itnerd

Kashable, a fintech platform that provides Socially Responsible Credit™ and financial wellness solutions as an employer-sponsored voluntary benefit, and BrightDime®, a trusted partner that provides a real-time 360-degree view of individuals’ holistic financial picture, have announced a new partnership. This partnership aims to provide access to personalized financial coaching and money management tools. At inception, the program will be implemented across 50 companies, including IKEA, Chobani, and Nasdaq, covering over 170,000 employees.

According to a recent study, 86% of employees indicated that they’re stressed about finances, directly impacting their overall health and performance at work. Having access to financial literacy and coaching tools is crucial to lowering stress and empowering employees to manage their finances effectively and achieve long-term financial stability and security.

Beginning today, employees who have access to Kashable’s Financial Wellness Program will also have access to free financial coaching sessions and other educational resources from BrightDime.

Adding BrightDime’s financial coaching marks a significant stride in empowering employees with the tools they need to enhance and prioritize their financial wellness and security. Through one-on-one and on-demand financial coaching, employees receive support during challenging financial circumstances. This guidance is essential in navigating important financial decisions, enabling employees to stride confidently toward financial independence and well-being.

To speak with Kashable about access to BrightDime’s personalized financial wellness tools, visit Kashable.com.

Leave a comment »

Horizon3.ai Publishes Fortinet FortiSIEM Command Injection Deep-Dive & Exploit POC 

Posted in Commentary with tags on May 20, 2024 by itnerd

Horizon3.ai Chief Attack Engineer Zach Hanley and the Horizon3.ai Red Team Zach Hanley has just published CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive with indicators of compromise and a link to the team’s proof of concept exploit on GitHub to blindly execute commands as root on vulnerable FortiSIEM appliances.  

Hanley said: “Several issues were discovered during this audit that ultimately lead to unauthenticated remote code execution in the context of the root user. The vulnerabilities were assigned CVE-2023-34992 with a CVSS3.0 score of 10.0 given that the access allowed reading of secrets for integrated systems, allowing for pivoting into those systems.”

FortiSIEM is Fortinet’s security information and event management (SIEM) with user and entity behavior analytics (UEBA), with the functionality typical to SIEM solutions such as log collection, correlation, automated response, and remediation. It also allows for simple and complex deployments ranging from a standalone appliance to scaled out solutions for enterprises and MSPs.

Leave a comment »

The App Tracking Bug In iOS 17.5 Has Been Fixed

Posted in Commentary with tags on May 19, 2024 by itnerd

It appears this issue for app tracking and asking apps to request to track is now working properly. To recap, after updating to iOS 17.5, many people noticed that if you went to Privacy & Security –> Tracking, an option called “Allow apps to request to track” was greyed out so that you couldn’t turn it off or on. This blew up the Internet for a couple of days as this wasn’t exactly a trivial bug.

Apple appears to have fixed it based on the fact that I noted this late yesterday:

Compare that with this photo taken at the time that the issue surfaced:

You’ll note in the first picture the control for this option is now live again. I am guessing that this was some sort of server side fix. As in Apple made some sort of change on their end for iPhones running iOS 17.5 that fixed this.

Now if they would only fix this issue which appears to be extremely widespread. I haven’t seen it. But I know people who have and this looks really bad on Apple.

Leave a comment »

Twitter.com Is Now X.com…. But It’s Still Twitter To Me

Posted in Commentary with tags on May 19, 2024 by itnerd

Elon Musk has been obsessed with rebranding Twitter to X. But if you went to various parts of the site, you would find references to Twitter. But that appears to be no longer the case based on this Tweet from Elon himself:

Let’s start with the fact that this X logo looks nothing like the X logo that Elon has been using for a while now. What’s up with that? And how much does this move to X.com break things for people on the Internet? That’s a good question.

Regardless of what Elon thinks. This site will still be Twitter to me and many other people. And there’s nothing that Elon can do about it.

Leave a comment »

Presto Card Support Coming To iPhone…. Soon…. Whatever That Means

Posted in Commentary with tags on May 18, 2024 by itnerd

For those of you who live in the Greater Toronto Area, your best way to use public transit is to use a Presto Card to pay for your trips on transit. Now Android users have had the ability to have their Presto Cards on their phones for a while now. iPhone users were out of luck. But that appears to be changing based on this Tweet:

I’m not sure what “soon” means to Metrolinx which is the organization that oversees transit in the Greater Toronto Area. I say that because this organization has a pretty poor track record of delivering projects on time and on budget. Thus “soon” could be next year or next week. Who knows? But the fact that they are saying something implies that maybe something is coming in the next few weeks? We will have to see and hopefully this doesn’t become another Metrolinx fiasco where they promise something but don’t deliver on time.

Leave a comment »

AI Increases True Positives On Vendor Risk 500%: VISO TRUST

Posted in Commentary with tags on May 17, 2024 by itnerd

VISO TRUST has issued its “2024 State of Third Party Risk Management: AI’s Impacts and Future Trends” which codifies that longstanding Third-Party Risk Management (TPRM) methods are increasingly inadequate in today’s digital business environment. 

The report leverages VISO TRUST Platform-derived data, which includes profiles of more than 2.4 million companies, and insight from CISOs, security, and TPRM professionals across various industries.

Among key findings on legacy TPRM: 

  • Inadequate responses: Approximately 75% of vendors responding to legacy questionnaire approaches requiring manual input either ignore or delay crucial risk assessments.
  • False positives: Conventional cyber risk ratings yield a 90% false positive rate, undermining their reliability.

AI-driven transformation of TPRM findings:

  • Efficiency gains: AI-assisted modern TPRM programs reduce vendor and partner assessment timelines from months to days.
  • Near-complete coverage: AI and automation achieve almost 100% coverage of third-party networks.
  • Significant increase in true positives: data analysis revealed a 500% rise in accurate risk identifications.
  • Faster assessments: Risk evaluation times have decreased from 60 to 90 days to just five to eight days.
  • Enhanced accuracy: AI-driven methods refine risk assessment precision.

Leave a comment »

Apple Has A Significant Bug In iOS 17.5

Posted in Commentary with tags on May 17, 2024 by itnerd

Apple is likely looking at this bug that appears to be widespread based on what I am seeing online. If you go to Privacy & Security –> Tracking, you’ll see this:

The allow apps to request to track is completely greyed out. You can’t change this option at all. Now the second paragraph says that this is due to the fact that my Apple ID is missing age information. Except that it isn’t. I checked that. So this is a bug.

Why should you care? If you want to control how apps track you across the Internet, then this setting is kind of important because when it’s turned on, it allows apps to request permission to do so. When it’s off, apps can’t track you at all. So in the state that this setting is currently in, you may actually be better off as it is ensuring that your app usage and the like remains private. But at the same time, I can see a scenario where this breaks some application because it can’t track your activities. Thus this needs to be fixed. And I assume that Apple will have to push out an iOS update to do that. Let’s hope that they do that soon as this bug along with a Photo’s bug where photos that were deleted have come back from the dead make it look like Apple’s QA team dropped the ball. Which of course isn’t a good look for Apple.

1 Comment »

GuidePoint GRIT Ransomware Report For April Is Out

Posted in Commentary with tags on May 17, 2024 by itnerd

GuidePoint Security has published its April 2024 GRIT (GuidePoint Research and Intelligence Team) Ransomware report.

Last month, research revealed one of the year’s biggest takeaways thus far: Play, a typically smaller ransomware group, has overtaken Alphv and LockBit for the top spot in April 2024. 

Additional key highlights include vertical trends as manufacturing remains the most impacted industry, with technology resurging as a frequent target, healthcare and retail/wholesale continue to be in the Top 5 most impacted industries, a notable change from previous years.

With regards to geographical distribution, the US remains the most targeted country, while attacks in the south worldwide are increasingly attributed to newer, developing groups.

Additionally, the report explores the operations of emerging ransomware groups and their innovative tactics, including using lower-quality malware and exploiting historical vulnerabilities. 

You can read the report at https://www.guidepointsecurity.com/blog/grit-ransomware-report-april-2024/

Leave a comment »

« Older Entries
Newer Entries »