Nuspire Introduces Managed Microsoft Defender Solution

Posted in Commentary with tags on March 16, 2023 by itnerd

Nuspire, a leading managed security services provider (MSSP), has announced the launch of its Managed Microsoft Defender services for Endpoint, ID, O365 and Cloud App Security. The new service will help organizations realize the full value of Microsoft Defender through a seamless, expert-led managed solution.

Microsoft Defender offers robust protection against a wide range of threats, including malware, ransomware and other sophisticated attacks. However, configuring, tuning, maintaining and monitoring Microsoft Defender can be challenging, especially when it comes to technology and operating systems outside of the Windows environment. In addition, there is still a significant talent shortage in the security industry, and companies have fewer resources to manage security solutions like Defender and respond to threats.

To address these challenges, Nuspire’s Managed Microsoft Defender services leverage the expertise of seasoned security professionals to guide integration and implementation. Nuspire’s team will monitor, mitigate, respond to and remediate threats directly in a client’s environment. The service also provides 24×7 monitoring and SOC support to reduce false positives and alert fatigue.

For more information on Nuspire’s Managed Microsoft Defender services, please visit https://www.nuspire.com/services/managed-security/managed-microsoft-defender.  

Leave a comment »

HP Wolf Security report shows move to block macros by default is forcing threat actors to think outside the ‘box’

Posted in Commentary with tags on March 16, 2023 by itnerd

HP today issued its latest quarterly HP Wolf Security Threat Insights Report, showing cybercriminals are diversifying attack methods, including a surge in QR code phishing campaigns. By isolating threats on PCs that have evaded detection tools, HP Wolf Security has specific insight into the latest techniques being used by cybercriminals in the fast-changing cybercrime landscape. To date, HP Wolf Security customers have clicked on over 25 billion email attachments, web pages, and downloaded files with no reported breaches. Further HP Wolf Security insights will be featured at the upcoming Amplify Partner Conference, March 28-30, McCormick Place Chicago.

From February 2022, Microsoft began blocking macros in Office files by default, making it harder for attackers to run malicious code. Data collected by the HP Threat Research team shows that from Q2 2022, attackers have been diversifying their techniques to find new ways to breach devices and steal data. Based on data from millions of endpoints running HP Wolf Security, the research found:

  • The rise of QR scan scams: Since October 2022, HP has seen almost daily QR code “scan scam” campaigns. These scams trick users into scanning QR codes from their PCs using their mobile devices – potentially to take advantage of weaker phishing protection and detection on such devices. QR codes direct users to malicious websites asking for credit and debit card details. Examples in Q4 included phishing campaigns masquerading as parcel delivery companies seeking payment.
  • HP noted a 38% rise in malicious PDF attachments: Recent attacks use embedded images that link to encrypted malicious ZIP files, bypassing web gateway scanners. The PDF instructions contain a password that the user is tricked into entering to unpack a ZIP file, deploying QakBot or IcedID malware to gain unauthorized access to systems, which are used as beachheads to deploy ransomware.
  • 42% of malware was delivered inside archive files like ZIP, RAR, and IMG: The popularity of archives has risen 20% since Q1 2022, as threat actors switch to scripts to run their payloads. This is compared to 38% of malware delivered through Office files such as Microsoft Word, Excel, and PowerPoint. 

In Q4, HP also found 24 popular software projects imitated in malvertising campaigns used to infect PCs with eight malware families – compared to just two similar campaigns in the previous year. The attacks rely on users clicking on search engine advertisements, which lead to malicious websites that look almost identical to the real websites. 

HP Wolf Security runs risky tasks like opening email attachments, downloading files and clicking links in isolated, micro-virtual machines (micro-VMs) to protect users, capturing detailed traces of attempted infections. HP’s application isolation technology mitigates threats that might slip past other security tools and provides unique insights into novel intrusion techniques and threat actor behavior. 

The full report can be found here: https://threatresearch.ext.hp.com/hp-wolf-security-threat-insights-report-q4-2022/

Leave a comment »

Hackuity Partners With Appurity

Posted in Commentary with tags , on March 16, 2023 by itnerd

Hackuity, the risk-based vulnerability management company, today announced a new partnership with Appurity, a specialist in mobile and application security. Appurity will take Hackuity’s solution to market with enterprises in critical infrastructure, finance, pharma, and other sectors that recognize the pressing need to protect their entire estates against vulnerabilities. The goal is simple yet ambitious: provide a new level of control for reported security alerts and enable security departments to better prioritize them.

Hackuity has been growing its channel partners across Europe with a strategic focus on the UK. As Hackuity aims to solve vulnerability management issues within the enterprise workforce, the company will partner with providers which focus on creating a seamless, single point of view for internal security teams.

Appurity specializes in assessing security environments and delivering best-in-class mobile and application security solutions which adhere to the requirements of regulations and schemes such as Cyber Essentials and ISO’s Information Security Standards. Appurity works with companies to develop and implement impenetrable security strategies which utilize the latest technologies and security frameworks, including ZTNA, SSE, CASB, and MTD.

Find out more about Hackuity at https://www.hackuity.io and find out more about Appurity at https://appurity.co.uk/

Leave a comment »

New Vishing Attack Targets 160,000 End Users: Armorblox

Posted in Commentary with tags on March 16, 2023 by itnerd

As tax season approaches, cybercriminals are getting more creative in their attempts to steal sensitive information. Armorblox has released its newest research on the latest attack that impersonated one of the most trusted government entities in the US, the Social Security Administration, in an attempt to prey on the trust and uncertainty that many end-users experience during tax season.

These emails, targeting over 160,000 end users of a large educational institution, bypassed native email security.

How it Works: In this attack, end users were presented with an email, from what appeared to be the Social Security Administration, notifying them of suspicious activity that requires immediate action. For recipients who opened the attachment, they were welcomed with a blunt account suspension letter on what looks like official SSA letterhead. The end goal of this targeted vishing email attack was to get victims to open the email attachment, call the customer support number included, and render personal information.

You can read the research here.

Leave a comment »

New Cloud Storage Re-Up Email Attack Exploits Users via Social Engineering, URL Redirect to Steal CC Details

Posted in Commentary with tags on March 16, 2023 by itnerd

Jeremy Fuchs, Cybersecurity Researcher/Analyst at Avanan, A Check Point Software Company, will uncover how hackers are using the threat of deleting personal files to get money and credentials from end users. 

In this attack, hackers try to convince users to give over their credit card information to add more storage to their cloud storage account by sending a notice that the storage limit of cloud files has been reached; but if users act now, they’ll get 50GB for free. 

However, the link does not go to any cloud file storage site as it redirects a SendGrid URL to a malicious page. The only way to “validate” that it’s your account is to enter your credit card number, but of course, that won’t validate anything – it’ll just charge your card. 

You can read the report here.

Leave a comment »

New Previously Undiscovered TeamTNT Malware Payload Recently Surfaced During High Profile Attack

Posted in Commentary with tags on March 16, 2023 by itnerd

Cado Security have revealed a  previously undiscovered TeamTNT malware sample that Cado Labs encountered after Sysdig reported on a sophisticated cloud attack identified in a client environment. 

Without more information, it’s impossible to conclusively link the sample analyzed in this blog to the attack Sysdig reported. Still, it’s interesting that these files surfaced around the same time. 

The new report unearths a previously-undiscovered payload from a threat actor well-known to Cado researchers.

You can read the report here.

Leave a comment »

Countries Attacked Spike, Industry Specific Shifts, Victims Double: GuidePoint Security

Posted in Commentary with tags on March 16, 2023 by itnerd

GuidePoint Security has published its monthly GuidePoint Research and Intelligence Team’s (GRIT) Ransomware Report, which found that compared to January, February 2023 showed a heavy increase in ransomware activity in reported victims and the countries affected.

Key Findings Include:

  • The most notable change was the increase in victim count by Lockbit which more than doubled. 
  • The data also revealed some shifts in the industries targeted by ransomware groups, with significant increases seen across the Food and Beverage, Banking and Finance, and Engineering industry. 
  • Ransomware groups targeted victims in nearly 50 countries in February, a steep increase from those attacked in January.

You can read the report here.

Leave a comment »

If You Need Another Reason To Install Microsoft’s Latest Patch Tuesday Updates, The Canadian Government Can Help You With That

Posted in Commentary with tags on March 16, 2023 by itnerd

The Canadian Government is urging users of Microsoft operating systems to install all the patches that came out as part of Microsoft’s Patch Tuesday dump to fix a vulnerability where a malicious email can pwn you even before you open the email in question:

The Canadian Centre for Cyber Security is warning about a significant vulnerability impacting Microsoft email users that allows threat actors to steal victims’ identities.

The alert sent out Wednesday says the advisory from Microsoft was one of “several critical vulnerabilities” published by the company the day before.

“We are flagging this alert this evening due to the seriousness of the vulnerability,” a spokesperson for the Cyber Centre said in an email to Global News Wednesday.

The advisory in question, dubbed CVE-2023-23397 by Microsoft, disclosed a zero-day vulnerability found in an email crafted by threat actors that contains a malicious payload, the agency said.

That payload will cause the victim’s Outlook email client to automatically connect to a universal naming convention agent controlled by the actor who will then receive the user’s password hash, which contains login credentials.

Microsoft users are being advised to install newly-pushed security patches immediately to protect themselves from the vulnerability.

I’ve rarely seen a Patch Tuesday where there has been critical patch after critical patch that users are urged to install. My suggestion would be not to treat this batch of Patch Tuesday updates as trivial. Instead, I would get about patching all the things ASAP because it’s a safe bet that threat actors are going to exploit these vulnerabilities, if they haven’t already.

Leave a comment »

UK Government To Ban TikTok On Government Issued Devices…. But TikTok Has Bigger Issues At The Moment

Posted in Commentary with tags on March 16, 2023 by itnerd

Another day, another TikTok ban on government devices. This time it’s the UK government:

Chinese-owned social media app TikTok is set to be banned on phones and other devices used by government ministers and civil servants on security grounds.

Cabinet Office Minister Oliver Dowden will make a statement to MPs later. 

There has been no official comment – but Security Minister Tom Tugendhat had asked the National Cyber Security Centre to review the issue. 

TikTok has strongly denied allegations that it hands users’ data to the Chinese government.

Well, the veracity of that last sentence is in question. But in any case, this is the latest ban of the popular social media app. And it’s not the biggest problem that it has right now. This is:

The Biden administration is threatening a potential ban of TikTok in the United States if its Chinese owners refuse to sell their stakes in the video sharing app, a source close to the company told NBC News on Thursday.

The source, however, cautioned that the company did not see this as a final order. 

The administration’s demand, first reported by the Wall Street Journal, signals a significant shift in the U.S. stance toward Beijing-based ByteDance Ltd., which owns the popular video sharing app.

The White House and Treasury Department declined to provide comment to NBC News.

In a statement, a spokesperson for TikTok said: “If protecting national security is the objective, divestment doesn’t solve the problem: a change in ownership would not impose any new restrictions on data flows or access. The best way to address concerns about national security is with the transparent, U.S.-based protection of U.S. user data and systems, with robust third-party monitoring, vetting, and verification, which we are already implementing.”

Any divestiture by ByteDance Ltd. would have to be approved by the Chinese government. A Foreign Ministry spokesperson said Thursday that the U.S. had failed to provide any evidence that TikTok poses a threat to its national security.

“The U.S. side should stop spreading false information on the issue of data security, stop unreasonably suppressing the enterprises concerned, and provide an open, fair, just and non-discriminatory business environment for enterprises of all countries to invest and operate in the U.S.,” the spokesperson, Wang Wenbin, said at a regular news briefing.

Based on how TikTok and the Chinese Communist Party responded to this latest threat of an outright ban of TikTok in the US, I am going to go out on a limb and say that TikTok is going to get banned unless either TikTok, ByteDance or the CCP blink. Because they have to know that if the US bans TikTok, other countries will do the same. Thus it might be time for the CCP, ByteDance and TikTok to start engaging with the US and others to address all the concerns that they have before they get wiped off the phones of millions.

Leave a comment »

Nozomi Networks Added to the Department of Homeland Security Continuous Diagnostics and Mitigation Approved Product List

Posted in Commentary with tags on March 16, 2023 by itnerd

Nozomi Networks, the leader in OT and IoT security, today announced its product line has been added to the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) Program’s approved product list (APL).

The Cybersecurity and Infrastructure Security Agency’s (CISA) CDM Program dynamically fortifies the cybersecurity of civilian government networks and systems with real-time risk monitoring and defense. The CDM program provides cybersecurity tools, integration services, and dashboards to participating federal agencies to support them in improving their respective security posture.

Nozomi Networks’ products align perfectly with the CDM program’s goals by delivering exceptional network and asset visibility, threat detection, and insights for critical infrastructure environments. Nozomi Networks solutions help reduce the threat surface, speed response, and streamline reporting. CDM-approved products include:

  • Vantage, the industry’s first SaaS-based security and visibility platform for dynamic OT & IoT networks
  • Guardian, sensors that make it possible to see, secure and monitor all ICS, OT, IoT, IT, edge and cloud assets
  • Threat and Asset Intelligence Services, which provide continuous updates on emerging threats and new asset vulnerabilities for strong security and response.

Recognized as the market leader in OT and IoT security, Nozomi Networks is valued for superior operational visibility, advanced OT and IoT threat detection and highly scalable deployments. Nozomi Networks solutions support more than 89 million devices in thousands of installations across government agencies and critical infrastructure organizations worldwide. With the flexibility of deploying onsite and/or in the cloud, Nozomi Networks spans IT, OT and IoT to automate the hard work of inventorying, visualizing and monitoring networks through the innovative use of artificial intelligence. Use cases stretch beyond cybersecurity, and include troubleshooting, asset management and predictive maintenance.

Leave a comment »

« Older Entries
Newer Entries »