Countries Attacked Spike, Industry Specific Shifts, Victims Double: GuidePoint Security

Posted in Commentary with tags on March 16, 2023 by itnerd

GuidePoint Security has published its monthly GuidePoint Research and Intelligence Team’s (GRIT) Ransomware Report, which found that compared to January, February 2023 showed a heavy increase in ransomware activity in reported victims and the countries affected.

Key Findings Include:

  • The most notable change was the increase in victim count by Lockbit which more than doubled. 
  • The data also revealed some shifts in the industries targeted by ransomware groups, with significant increases seen across the Food and Beverage, Banking and Finance, and Engineering industry. 
  • Ransomware groups targeted victims in nearly 50 countries in February, a steep increase from those attacked in January.

You can read the report here.

Leave a comment »

If You Need Another Reason To Install Microsoft’s Latest Patch Tuesday Updates, The Canadian Government Can Help You With That

Posted in Commentary with tags on March 16, 2023 by itnerd

The Canadian Government is urging users of Microsoft operating systems to install all the patches that came out as part of Microsoft’s Patch Tuesday dump to fix a vulnerability where a malicious email can pwn you even before you open the email in question:

The Canadian Centre for Cyber Security is warning about a significant vulnerability impacting Microsoft email users that allows threat actors to steal victims’ identities.

The alert sent out Wednesday says the advisory from Microsoft was one of “several critical vulnerabilities” published by the company the day before.

“We are flagging this alert this evening due to the seriousness of the vulnerability,” a spokesperson for the Cyber Centre said in an email to Global News Wednesday.

The advisory in question, dubbed CVE-2023-23397 by Microsoft, disclosed a zero-day vulnerability found in an email crafted by threat actors that contains a malicious payload, the agency said.

That payload will cause the victim’s Outlook email client to automatically connect to a universal naming convention agent controlled by the actor who will then receive the user’s password hash, which contains login credentials.

Microsoft users are being advised to install newly-pushed security patches immediately to protect themselves from the vulnerability.

I’ve rarely seen a Patch Tuesday where there has been critical patch after critical patch that users are urged to install. My suggestion would be not to treat this batch of Patch Tuesday updates as trivial. Instead, I would get about patching all the things ASAP because it’s a safe bet that threat actors are going to exploit these vulnerabilities, if they haven’t already.

Leave a comment »

UK Government To Ban TikTok On Government Issued Devices…. But TikTok Has Bigger Issues At The Moment

Posted in Commentary with tags on March 16, 2023 by itnerd

Another day, another TikTok ban on government devices. This time it’s the UK government:

Chinese-owned social media app TikTok is set to be banned on phones and other devices used by government ministers and civil servants on security grounds.

Cabinet Office Minister Oliver Dowden will make a statement to MPs later. 

There has been no official comment – but Security Minister Tom Tugendhat had asked the National Cyber Security Centre to review the issue. 

TikTok has strongly denied allegations that it hands users’ data to the Chinese government.

Well, the veracity of that last sentence is in question. But in any case, this is the latest ban of the popular social media app. And it’s not the biggest problem that it has right now. This is:

The Biden administration is threatening a potential ban of TikTok in the United States if its Chinese owners refuse to sell their stakes in the video sharing app, a source close to the company told NBC News on Thursday.

The source, however, cautioned that the company did not see this as a final order. 

The administration’s demand, first reported by the Wall Street Journal, signals a significant shift in the U.S. stance toward Beijing-based ByteDance Ltd., which owns the popular video sharing app.

The White House and Treasury Department declined to provide comment to NBC News.

In a statement, a spokesperson for TikTok said: “If protecting national security is the objective, divestment doesn’t solve the problem: a change in ownership would not impose any new restrictions on data flows or access. The best way to address concerns about national security is with the transparent, U.S.-based protection of U.S. user data and systems, with robust third-party monitoring, vetting, and verification, which we are already implementing.”

Any divestiture by ByteDance Ltd. would have to be approved by the Chinese government. A Foreign Ministry spokesperson said Thursday that the U.S. had failed to provide any evidence that TikTok poses a threat to its national security.

“The U.S. side should stop spreading false information on the issue of data security, stop unreasonably suppressing the enterprises concerned, and provide an open, fair, just and non-discriminatory business environment for enterprises of all countries to invest and operate in the U.S.,” the spokesperson, Wang Wenbin, said at a regular news briefing.

Based on how TikTok and the Chinese Communist Party responded to this latest threat of an outright ban of TikTok in the US, I am going to go out on a limb and say that TikTok is going to get banned unless either TikTok, ByteDance or the CCP blink. Because they have to know that if the US bans TikTok, other countries will do the same. Thus it might be time for the CCP, ByteDance and TikTok to start engaging with the US and others to address all the concerns that they have before they get wiped off the phones of millions.

Leave a comment »

Nozomi Networks Added to the Department of Homeland Security Continuous Diagnostics and Mitigation Approved Product List

Posted in Commentary with tags on March 16, 2023 by itnerd

Nozomi Networks, the leader in OT and IoT security, today announced its product line has been added to the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) Program’s approved product list (APL).

The Cybersecurity and Infrastructure Security Agency’s (CISA) CDM Program dynamically fortifies the cybersecurity of civilian government networks and systems with real-time risk monitoring and defense. The CDM program provides cybersecurity tools, integration services, and dashboards to participating federal agencies to support them in improving their respective security posture.

Nozomi Networks’ products align perfectly with the CDM program’s goals by delivering exceptional network and asset visibility, threat detection, and insights for critical infrastructure environments. Nozomi Networks solutions help reduce the threat surface, speed response, and streamline reporting. CDM-approved products include:

  • Vantage, the industry’s first SaaS-based security and visibility platform for dynamic OT & IoT networks
  • Guardian, sensors that make it possible to see, secure and monitor all ICS, OT, IoT, IT, edge and cloud assets
  • Threat and Asset Intelligence Services, which provide continuous updates on emerging threats and new asset vulnerabilities for strong security and response.

Recognized as the market leader in OT and IoT security, Nozomi Networks is valued for superior operational visibility, advanced OT and IoT threat detection and highly scalable deployments. Nozomi Networks solutions support more than 89 million devices in thousands of installations across government agencies and critical infrastructure organizations worldwide. With the flexibility of deploying onsite and/or in the cloud, Nozomi Networks spans IT, OT and IoT to automate the hard work of inventorying, visualizing and monitoring networks through the innovative use of artificial intelligence. Use cases stretch beyond cybersecurity, and include troubleshooting, asset management and predictive maintenance.

Leave a comment »

If You Haven’t Applied Yesterday’s Patch Tuesday Updates… Now Would Be A Good Time

Posted in Commentary with tags on March 15, 2023 by itnerd

I say that because Microsoft used Patch Tuesday to correct a zero-day bug in the Windows SmartScreen anti-malware web service that was allowing hackers to deliver malware without users noticing. Tracked as CVE-2023-24880, this vulnerability allowed the hackers to prevent security alerts from popping up and warning users when opening malicious files from the Internet.

The exploit was discovered by Google’s Threat Analysis Group (TAG) and reported to Microsoft on February 15. The exploit uses malicious MSI files that were signed with a specially crafted Authenticode signature that would cause SmartScreen to fail and not alert the user. TAG points out that the real issue here is that Microsoft had “narrowly” patched a similar vulnerability, CVE-2022-44698, back in December, but as they pointed in out in their blog post this week:

“This security bypass is an example of a larger trend Project Zero has highlighted previously: vendors often release narrow patches, creating an opportunity for attackers to iterate and discover new variants,”

“When patching a security issue, there is tension between a localized, reliable fix and a potentially harder fix of the underlying root cause issue. Because the root cause behind the SmartScreen security bypass was not addressed, the attackers were able to quickly identify a different variant of the original bug.

Morten Gammelgaard, EMEA, co-founder, BullWall had this to say:

   “The fact is, malicious actors will always find a way to get into your network. Microsoft had patched this vulnerability last December only to see the threat actors change direction and find a new way in. There is no final fix for network security. As we saw in a recent LA Housing Authority ransomware attack,  the LockBit group was in that network for an entire year before they took action and encrypted the network. 

   “Even Elon Musk had his spaceship designs stolen and held for ransom recently. And if you think no one will notice your small business, they will probably notice your suppliers and either shut down your supply chain or move laterally into your network itself.”

If you’re wondering where the Elon Musk reference comes from, this will help you to get up to speed on that. But in any case, given that this is a significant vulnerability that you need to get about patching ASAP.

Leave a comment »

Salesforce Web3 Announced By Salesforce

Posted in Commentary with tags on March 15, 2023 by itnerd

Salesforce has announced Salesforce Web3 to help companies create, manage, and deploy non-fungible tokens (NFTs) in a sustainable and trusted way. Salesforce Web3 enables brands to create connected customer experiences across Web2 and Web3, and scale efficiently with a unified platform.

Salesforce survey data finds nearly half (45%) of consumers would be more interested in purchasing an NFT if it came from their favorite brand and NFT Management and Web3 Connect innovations deliver a seamless experience creating NFTs easily and securely.

  • NFT Management helps retailers build brand love with digital collections. With NFT Management, brands are able to:
    • Create NFT Collections with Clicks, Not Code: In just a few clicks, customize and deploy secure, audited smart contracts they fully own and control in perpetuity.
    • Deliver Trusted Experiences: Keep their data secure with configurable privacy controls and proactive fraud detection.
  • Web3 Connect unifies customer data from Web3 across the Customer 360. By using Web3 Connect, companies can:
    • Enrich customer profiles with Web3 data: Unify Web2 and Web3 identities in their CRM with Web3 wallet IDs, NFT transaction history, and wallet risk scores
    • Create personalized, omnichannel experiences: Delight customers with a seamless experience across Web2 and Web3 channels, powered by their Customer 360 platform.
  • Salesforce customers Crown Royal, Mattel and Scotch & Soda agree after successfully creating and securely deploying NFT Collections during the pilot program that supported nearly 275,000 transactions between them.

See the newsroom post HERE for more details on these Web3 product innovations.

Leave a comment »

Jscrambler Takes Gold for Client-Side Security in Cybersecurity Excellence Awards 

Posted in Commentary with tags on March 15, 2023 by itnerd

Jscrambler today announced it received Gold Place in Client-Side Security in the Cybersecurity Excellence Awards.  

Jscrambler’s Webpage Integrity (WPI) offers a large set of functionalities aimed at protecting customers against sensitive data leaks and unwanted changes which may harm their company’s reputation and business. This is especially important as more commerce is conducted online than ever before. Two global e-commerce brands that rely on Jscrambler to protect their payment pages saw significant activity during Q4 2022. Webpage Integrity monitored a combined 40.3 million user sessions and blocked over 60.2 million data access attempts by third-party vendors. The continuous monitoring and proactive blocking of JavaScript running in the browser prevent these vendors from potentially accessing sensitive credit card data.   

WPI allows organizations to understand all the scripts that are being loaded onto each of their websites, as well as the potential risk associated. WPI provides rich information and insights to assist in mitigating any potential threats. Considering that vulnerabilities in third-party software account for 13% of all data breaches’ initial attack vectors with an average cost of $4.55M per data breach, it is fundamental for companies to have total visibility and control on their websites. 

Jscrambler  is a leading authority in client-side security software. Its solution defends enterprises from revenue and reputational harm caused by accidental or intentional JavaScript misbehavior. Jscrambler makes first-party code that is resilient to tampering and prevents interference with third-party code. The solution works continuously, keeping organizations protected regardless of how frequently things change. From code to runtime, Jscrambler has companies covered with a level of visibility and control that supports business innovation. Jscrambler’s customers include the FORTUNE 500, retailers, airlines, banks and other enterprises whose success depends on safely engaging with their customers online. Jscrambler keeps these interactions secure so they can continue to innovate without fear of damaging their revenue source, reputation, or regulatory compliance.

Find out more at: https://jscrambler.com/  

Leave a comment »

Has Amazon’s Ring Been Hacked? Ransomware Gang Posts Threat To Leak Data

Posted in Commentary with tags on March 15, 2023 by itnerd

The ALPHV ransomware group has claimed responsibility for an attack on Amazon’s security camera company, Ring, and is threatening to leak their data. This came to light because of this Tweet:

ALPHV is known for using the BlackCat malware in their attacks. The ALPHV group operates a ransomware-as-a-service platform. The group also has a searchable database of its victims who deny paying the ransom on the site.

The fact that someone might have pwned Amazon is plausible. Last December Brian Krebs carried a story on two US teens that were busted for taking control of RING camera’s and then Swatting the home owners and recording the police raid. The RING system is just one more IoT device that is attractive, and apparently vulnerable, to malicious hackers.

David Maynor, Senior Director of Threat Intelligence, Cybrary had this comment:

   “The exploitation of IOT devices that consumers rely on continues to march towards every dystopian movie plot. Attackers have moved from ransoming devices to ransoming companies. These attacks continue to have an increasing impact on the daily life of users.”

We’ll know soon enough if this threat to leak data is real or not. If it is real, I assure you, any company who plays in this space will be freaking out. And so will their customers.

Leave a comment »

Killnet Group Attempting to Form a Private Military Hacking Company

Posted in Commentary with tags on March 15, 2023 by itnerd

On March 13, Killmilk, the leader of the Russian hacktivist DDoS collective Killnet, announced on Telegram the establishment of “Black Skills,” a Private Military Hacking Company. 

The name “Private Military Hacking Company” is a clear riff on the growing presence and cult of private military companies in Russia (primarily the Wagner Group). It is also likely a not-so-subtle invitation to the Russian government to use Killnet’s resources as a cyber mercenary group, although it’s also unlikely they will deeply vet their clientele. 

This blog post from Flashpoint’s analysis team has a lot more detail on this: https://flashpoint.io/blog/killnet-killmilk-private-military-hacking-company/

Leave a comment »

NodeZero Analytics exposes attack paths & exploitability priorities, integrates with defensive tools

Posted in Commentary with tags on March 15, 2023 by itnerd

Horizon3.ai, leaders in autonomous penetration testing, have launched a major product refresh, doubling down on its commitment to help organizations continuously verify their security posture, including NodeZero Analytics, bringing “train like you fight” readiness and principles to security teams and MSSPs. 

NodeZero Analytics yields deeper insights, and answers the top questions every CISO and security team ask: “What’s exposed?” “What needs to be fixed first?” and “How will we do more with less?”

Foundational to Horizon3.ai’s philosophy is to use offense to inform defense, a derivative of the military principle to “train like you fight” in order to be prepared for a real cyber attack. NodeZero, Horizon3.ai’s continuous penetration testing platform, enables organizations to test their infrastructure at scale by chaining together harvested credentials, misconfigurations, dangerous product defaults, and exploitable vulnerabilities to achieve critical impacts like domain compromise and sensitive data exposure. 

The updated user experience puts powerful new insights into security teams’ hands to make autonomous pentesting a force multiplier. At the heart of the refresh are detailed attack paths with proof of exploitation, prioritized fix actions, and 1-click verification that the remediation was successful.

Leading by example: During a recent autonomous pentest of a large enterprise, NodeZero successfully elevated privileges to become a domain administrator while also compromising the organization’s business email system. The autonomous attack took 30 minutes to execute, with no humans involved, and chained together a variety of techniques including:  

  1. User enumeration combined with password spraying to compromise a domain user
  2. Dumping the SAM database by exploiting local admin privileges assigned to the domain user
  3. Reusing local admin credentials across multiple machines 
  4. Discovering a domain administrator credential by dumping credentials in LSA on a neighboring machine 
  5. Pivoting from domain admin to the Microsoft Azure Active Directory infrastructure (AzureAD)
  6. Gaining access to the domain administrator’s email, which did not have multi-factor authentication (MFA) enabled 

“The sequence of events in this attack path are typical of APT’s and ransomware organizations,” said Naveen Sunkavally, chief architect at Horizon3.ai. “What’s incredible is that this attack path isn’t hard coded as a runbook or predefined scripts anywhere in the product. Our machine learning techniques were able to figure out how to combine these different steps into an exploitable attack sequence safely in a production environment.” 

KEY FEATURES OF NodeZero: 

  1. Attack paths that clearly explain the exact sequence of events that lead to a critical impact, with proof of exploitation and detailed descriptions for exactly what to fix. 
  2. Leverage scoring that helps organizations prioritize and fix actions based on risk to the organization as well as return on effort. For example, leverage scoring can help an IT admin determine that fixing a single issue will eliminate 70% of all exploitable attack paths discovered in the pentest.
  3. Automatically generating compliance reports required for SOC2, HIPAA, GDPR, and other common compliance requirements.
  4. Surfacing systemic issues and policy recommendations to help organizations identify the true root cause for their exploitable attack surface. For example, poor credential policies can lead to systemically weak passwords that can be easily cracked by attackers. Compare Pentest Feature helps teams easily complete the Find-Fix-Verify Cycle by confirming that weaknesses and vulnerabilities identified in previous tests have been fixed.
  5. Self-service user experience that makes pentesting conveniently accessible to all types of users, from early career IT professionals to 20-year pentesting experts.
  6. Features specifically valuable for MSSP’s and MSP’s, including white labeled reporting, multi-client management, and auto-generating statements of work for remediation services. 

Leave a comment »

« Older Entries
Newer Entries »