New Previously Undiscovered TeamTNT Malware Payload Recently Surfaced During High Profile Attack

Posted in Commentary with tags on March 16, 2023 by itnerd

Cado Security have revealed a  previously undiscovered TeamTNT malware sample that Cado Labs encountered after Sysdig reported on a sophisticated cloud attack identified in a client environment. 

Without more information, it’s impossible to conclusively link the sample analyzed in this blog to the attack Sysdig reported. Still, it’s interesting that these files surfaced around the same time. 

The new report unearths a previously-undiscovered payload from a threat actor well-known to Cado researchers.

You can read the report here.

Leave a comment »

Countries Attacked Spike, Industry Specific Shifts, Victims Double: GuidePoint Security

Posted in Commentary with tags on March 16, 2023 by itnerd

GuidePoint Security has published its monthly GuidePoint Research and Intelligence Team’s (GRIT) Ransomware Report, which found that compared to January, February 2023 showed a heavy increase in ransomware activity in reported victims and the countries affected.

Key Findings Include:

  • The most notable change was the increase in victim count by Lockbit which more than doubled. 
  • The data also revealed some shifts in the industries targeted by ransomware groups, with significant increases seen across the Food and Beverage, Banking and Finance, and Engineering industry. 
  • Ransomware groups targeted victims in nearly 50 countries in February, a steep increase from those attacked in January.

You can read the report here.

Leave a comment »

If You Need Another Reason To Install Microsoft’s Latest Patch Tuesday Updates, The Canadian Government Can Help You With That

Posted in Commentary with tags on March 16, 2023 by itnerd

The Canadian Government is urging users of Microsoft operating systems to install all the patches that came out as part of Microsoft’s Patch Tuesday dump to fix a vulnerability where a malicious email can pwn you even before you open the email in question:

The Canadian Centre for Cyber Security is warning about a significant vulnerability impacting Microsoft email users that allows threat actors to steal victims’ identities.

The alert sent out Wednesday says the advisory from Microsoft was one of “several critical vulnerabilities” published by the company the day before.

“We are flagging this alert this evening due to the seriousness of the vulnerability,” a spokesperson for the Cyber Centre said in an email to Global News Wednesday.

The advisory in question, dubbed CVE-2023-23397 by Microsoft, disclosed a zero-day vulnerability found in an email crafted by threat actors that contains a malicious payload, the agency said.

That payload will cause the victim’s Outlook email client to automatically connect to a universal naming convention agent controlled by the actor who will then receive the user’s password hash, which contains login credentials.

Microsoft users are being advised to install newly-pushed security patches immediately to protect themselves from the vulnerability.

I’ve rarely seen a Patch Tuesday where there has been critical patch after critical patch that users are urged to install. My suggestion would be not to treat this batch of Patch Tuesday updates as trivial. Instead, I would get about patching all the things ASAP because it’s a safe bet that threat actors are going to exploit these vulnerabilities, if they haven’t already.

Leave a comment »

UK Government To Ban TikTok On Government Issued Devices…. But TikTok Has Bigger Issues At The Moment

Posted in Commentary with tags on March 16, 2023 by itnerd

Another day, another TikTok ban on government devices. This time it’s the UK government:

Chinese-owned social media app TikTok is set to be banned on phones and other devices used by government ministers and civil servants on security grounds.

Cabinet Office Minister Oliver Dowden will make a statement to MPs later. 

There has been no official comment – but Security Minister Tom Tugendhat had asked the National Cyber Security Centre to review the issue. 

TikTok has strongly denied allegations that it hands users’ data to the Chinese government.

Well, the veracity of that last sentence is in question. But in any case, this is the latest ban of the popular social media app. And it’s not the biggest problem that it has right now. This is:

The Biden administration is threatening a potential ban of TikTok in the United States if its Chinese owners refuse to sell their stakes in the video sharing app, a source close to the company told NBC News on Thursday.

The source, however, cautioned that the company did not see this as a final order. 

The administration’s demand, first reported by the Wall Street Journal, signals a significant shift in the U.S. stance toward Beijing-based ByteDance Ltd., which owns the popular video sharing app.

The White House and Treasury Department declined to provide comment to NBC News.

In a statement, a spokesperson for TikTok said: “If protecting national security is the objective, divestment doesn’t solve the problem: a change in ownership would not impose any new restrictions on data flows or access. The best way to address concerns about national security is with the transparent, U.S.-based protection of U.S. user data and systems, with robust third-party monitoring, vetting, and verification, which we are already implementing.”

Any divestiture by ByteDance Ltd. would have to be approved by the Chinese government. A Foreign Ministry spokesperson said Thursday that the U.S. had failed to provide any evidence that TikTok poses a threat to its national security.

“The U.S. side should stop spreading false information on the issue of data security, stop unreasonably suppressing the enterprises concerned, and provide an open, fair, just and non-discriminatory business environment for enterprises of all countries to invest and operate in the U.S.,” the spokesperson, Wang Wenbin, said at a regular news briefing.

Based on how TikTok and the Chinese Communist Party responded to this latest threat of an outright ban of TikTok in the US, I am going to go out on a limb and say that TikTok is going to get banned unless either TikTok, ByteDance or the CCP blink. Because they have to know that if the US bans TikTok, other countries will do the same. Thus it might be time for the CCP, ByteDance and TikTok to start engaging with the US and others to address all the concerns that they have before they get wiped off the phones of millions.

Leave a comment »

Nozomi Networks Added to the Department of Homeland Security Continuous Diagnostics and Mitigation Approved Product List

Posted in Commentary with tags on March 16, 2023 by itnerd

Nozomi Networks, the leader in OT and IoT security, today announced its product line has been added to the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) Program’s approved product list (APL).

The Cybersecurity and Infrastructure Security Agency’s (CISA) CDM Program dynamically fortifies the cybersecurity of civilian government networks and systems with real-time risk monitoring and defense. The CDM program provides cybersecurity tools, integration services, and dashboards to participating federal agencies to support them in improving their respective security posture.

Nozomi Networks’ products align perfectly with the CDM program’s goals by delivering exceptional network and asset visibility, threat detection, and insights for critical infrastructure environments. Nozomi Networks solutions help reduce the threat surface, speed response, and streamline reporting. CDM-approved products include:

  • Vantage, the industry’s first SaaS-based security and visibility platform for dynamic OT & IoT networks
  • Guardian, sensors that make it possible to see, secure and monitor all ICS, OT, IoT, IT, edge and cloud assets
  • Threat and Asset Intelligence Services, which provide continuous updates on emerging threats and new asset vulnerabilities for strong security and response.

Recognized as the market leader in OT and IoT security, Nozomi Networks is valued for superior operational visibility, advanced OT and IoT threat detection and highly scalable deployments. Nozomi Networks solutions support more than 89 million devices in thousands of installations across government agencies and critical infrastructure organizations worldwide. With the flexibility of deploying onsite and/or in the cloud, Nozomi Networks spans IT, OT and IoT to automate the hard work of inventorying, visualizing and monitoring networks through the innovative use of artificial intelligence. Use cases stretch beyond cybersecurity, and include troubleshooting, asset management and predictive maintenance.

Leave a comment »

If You Haven’t Applied Yesterday’s Patch Tuesday Updates… Now Would Be A Good Time

Posted in Commentary with tags on March 15, 2023 by itnerd

I say that because Microsoft used Patch Tuesday to correct a zero-day bug in the Windows SmartScreen anti-malware web service that was allowing hackers to deliver malware without users noticing. Tracked as CVE-2023-24880, this vulnerability allowed the hackers to prevent security alerts from popping up and warning users when opening malicious files from the Internet.

The exploit was discovered by Google’s Threat Analysis Group (TAG) and reported to Microsoft on February 15. The exploit uses malicious MSI files that were signed with a specially crafted Authenticode signature that would cause SmartScreen to fail and not alert the user. TAG points out that the real issue here is that Microsoft had “narrowly” patched a similar vulnerability, CVE-2022-44698, back in December, but as they pointed in out in their blog post this week:

“This security bypass is an example of a larger trend Project Zero has highlighted previously: vendors often release narrow patches, creating an opportunity for attackers to iterate and discover new variants,”

“When patching a security issue, there is tension between a localized, reliable fix and a potentially harder fix of the underlying root cause issue. Because the root cause behind the SmartScreen security bypass was not addressed, the attackers were able to quickly identify a different variant of the original bug.

Morten Gammelgaard, EMEA, co-founder, BullWall had this to say:

   “The fact is, malicious actors will always find a way to get into your network. Microsoft had patched this vulnerability last December only to see the threat actors change direction and find a new way in. There is no final fix for network security. As we saw in a recent LA Housing Authority ransomware attack,  the LockBit group was in that network for an entire year before they took action and encrypted the network. 

   “Even Elon Musk had his spaceship designs stolen and held for ransom recently. And if you think no one will notice your small business, they will probably notice your suppliers and either shut down your supply chain or move laterally into your network itself.”

If you’re wondering where the Elon Musk reference comes from, this will help you to get up to speed on that. But in any case, given that this is a significant vulnerability that you need to get about patching ASAP.

Leave a comment »

Salesforce Web3 Announced By Salesforce

Posted in Commentary with tags on March 15, 2023 by itnerd

Salesforce has announced Salesforce Web3 to help companies create, manage, and deploy non-fungible tokens (NFTs) in a sustainable and trusted way. Salesforce Web3 enables brands to create connected customer experiences across Web2 and Web3, and scale efficiently with a unified platform.

Salesforce survey data finds nearly half (45%) of consumers would be more interested in purchasing an NFT if it came from their favorite brand and NFT Management and Web3 Connect innovations deliver a seamless experience creating NFTs easily and securely.

  • NFT Management helps retailers build brand love with digital collections. With NFT Management, brands are able to:
    • Create NFT Collections with Clicks, Not Code: In just a few clicks, customize and deploy secure, audited smart contracts they fully own and control in perpetuity.
    • Deliver Trusted Experiences: Keep their data secure with configurable privacy controls and proactive fraud detection.
  • Web3 Connect unifies customer data from Web3 across the Customer 360. By using Web3 Connect, companies can:
    • Enrich customer profiles with Web3 data: Unify Web2 and Web3 identities in their CRM with Web3 wallet IDs, NFT transaction history, and wallet risk scores
    • Create personalized, omnichannel experiences: Delight customers with a seamless experience across Web2 and Web3 channels, powered by their Customer 360 platform.
  • Salesforce customers Crown Royal, Mattel and Scotch & Soda agree after successfully creating and securely deploying NFT Collections during the pilot program that supported nearly 275,000 transactions between them.

See the newsroom post HERE for more details on these Web3 product innovations.

Leave a comment »

Jscrambler Takes Gold for Client-Side Security in Cybersecurity Excellence Awards 

Posted in Commentary with tags on March 15, 2023 by itnerd

Jscrambler today announced it received Gold Place in Client-Side Security in the Cybersecurity Excellence Awards.  

Jscrambler’s Webpage Integrity (WPI) offers a large set of functionalities aimed at protecting customers against sensitive data leaks and unwanted changes which may harm their company’s reputation and business. This is especially important as more commerce is conducted online than ever before. Two global e-commerce brands that rely on Jscrambler to protect their payment pages saw significant activity during Q4 2022. Webpage Integrity monitored a combined 40.3 million user sessions and blocked over 60.2 million data access attempts by third-party vendors. The continuous monitoring and proactive blocking of JavaScript running in the browser prevent these vendors from potentially accessing sensitive credit card data.   

WPI allows organizations to understand all the scripts that are being loaded onto each of their websites, as well as the potential risk associated. WPI provides rich information and insights to assist in mitigating any potential threats. Considering that vulnerabilities in third-party software account for 13% of all data breaches’ initial attack vectors with an average cost of $4.55M per data breach, it is fundamental for companies to have total visibility and control on their websites. 

Jscrambler  is a leading authority in client-side security software. Its solution defends enterprises from revenue and reputational harm caused by accidental or intentional JavaScript misbehavior. Jscrambler makes first-party code that is resilient to tampering and prevents interference with third-party code. The solution works continuously, keeping organizations protected regardless of how frequently things change. From code to runtime, Jscrambler has companies covered with a level of visibility and control that supports business innovation. Jscrambler’s customers include the FORTUNE 500, retailers, airlines, banks and other enterprises whose success depends on safely engaging with their customers online. Jscrambler keeps these interactions secure so they can continue to innovate without fear of damaging their revenue source, reputation, or regulatory compliance.

Find out more at: https://jscrambler.com/  

Leave a comment »

Has Amazon’s Ring Been Hacked? Ransomware Gang Posts Threat To Leak Data

Posted in Commentary with tags on March 15, 2023 by itnerd

The ALPHV ransomware group has claimed responsibility for an attack on Amazon’s security camera company, Ring, and is threatening to leak their data. This came to light because of this Tweet:

ALPHV is known for using the BlackCat malware in their attacks. The ALPHV group operates a ransomware-as-a-service platform. The group also has a searchable database of its victims who deny paying the ransom on the site.

The fact that someone might have pwned Amazon is plausible. Last December Brian Krebs carried a story on two US teens that were busted for taking control of RING camera’s and then Swatting the home owners and recording the police raid. The RING system is just one more IoT device that is attractive, and apparently vulnerable, to malicious hackers.

David Maynor, Senior Director of Threat Intelligence, Cybrary had this comment:

   “The exploitation of IOT devices that consumers rely on continues to march towards every dystopian movie plot. Attackers have moved from ransoming devices to ransoming companies. These attacks continue to have an increasing impact on the daily life of users.”

We’ll know soon enough if this threat to leak data is real or not. If it is real, I assure you, any company who plays in this space will be freaking out. And so will their customers.

Leave a comment »

Killnet Group Attempting to Form a Private Military Hacking Company

Posted in Commentary with tags on March 15, 2023 by itnerd

On March 13, Killmilk, the leader of the Russian hacktivist DDoS collective Killnet, announced on Telegram the establishment of “Black Skills,” a Private Military Hacking Company. 

The name “Private Military Hacking Company” is a clear riff on the growing presence and cult of private military companies in Russia (primarily the Wagner Group). It is also likely a not-so-subtle invitation to the Russian government to use Killnet’s resources as a cyber mercenary group, although it’s also unlikely they will deeply vet their clientele. 

This blog post from Flashpoint’s analysis team has a lot more detail on this: https://flashpoint.io/blog/killnet-killmilk-private-military-hacking-company/

Leave a comment »

« Older Entries
Newer Entries »