IT Security Guru

Social Media Fails to Monitor Extremist Content

Thu, 21 Jan 2021 16:44:18 GMT

All Social Media platforms need to do more to properly monitor their platforms for any activity that may involve extremist groups or conspiracy theories. New rules have been set out, indicating how social media firms should moderate their content.

Facebook claims it had removed 30,000 pages, events and groups related to what it called “militarised social movements”. Monika Bickert, Facebook’s vice president of global policy management stated: “We have a 24-hour operation centre where we are looking for content from groups… of citizens who might use militia-style language.” Yet, half of all designated white supremacist groups still had a presence on Facebook just last year.

Twitter was also questioned on its decision to ban former President Donald Trump. In response, Nick Pickles, the head of Twitter’s public policy strategy declared that it was time to “move beyond” a debate about whether social networks are enforcing their own rules properly.

Finally, while TikTok did not play a huge part in motivating the riots, Yvette Cooper, the chair of the Home Affairs Committee did find that the video platform contained a significant amount of anti-Semitic content.

The post Social Media Fails to Monitor Extremist Content appeared first on IT Security Guru.

Biden Administration to put Stronger Emphasis on Cyber Security

Thu, 21 Jan 2021 16:05:04 GMT

Two top national security nominees, Retired Army Gen. Lloyd Austin and Avril Haines, have advocated for stronger federal cybersecurity following a supply chain breach that affected several federal agencies. If these nominees are confirmed, they will begin their jobs in the middle of the damage assessment process. The attack has been attributed to Russian hackers, who presumably got access through the SolarWinds breach.

Austin made a statement, declaring that: “We must elevate cybersecurity as an imperative across the government in order to defend the American people and U.S. critical infrastructure.” Federal investigators are still dealing with the aftermath of the attack, although reports claim there were “fewer than 10” breaches.

The post Biden Administration to put Stronger Emphasis on Cyber Security appeared first on IT Security Guru.

Phishing Scam Exposes Stolen Passwords

Thu, 21 Jan 2021 15:45:39 GMT

Check Point Research published a blog post on Thursday, explaining the phishing campaign, in which stolen information was discarded on WordPress domains. The attackers had been targeting the construction and energy sectors.

The attack began with a fraudulent email template, mimicking Xerox/Xeros scan notifications, along with the victim’s name in the title or subject line. The messages originated from a Linux server and were sent through PHP mailer and 1&1 email servers. The hackers included an attached HTML file containing embedded JavaScript code. This had one function: covert background checks of password use. Once they detected credential input, these were harvested and the users were sent to legitimate login pages.

Check Point said: “While this infection chain may sound simple, it successfully bypassed Microsoft Office 365 Advanced Threat Protection (ATP) filtering and stole over a thousand corporate employees’ credentials.”

The post Phishing Scam Exposes Stolen Passwords appeared first on IT Security Guru.

How did SolarWind Hackers evade Detection?

Thu, 21 Jan 2021 15:28:30 GMT

A report from the Microsoft 365 Defender Team, Microsoft Threat Intelligence Center (MSTIC), and Microsoft Cyber Defence Operations Center (CDOC) details how the SolarWinds hackers managed to remain undetected for so long. The report discloses new details including the steps and tools used to deploy the custom Cobalt Strike loaders (Teardrop, Raindrop, etc.) after the hackers dropped the Solorigate (Sunburst) DLL backdoor.

It was revealed that: “During our in-depth analysis of the attacker’s tactics, techniques, and procedures (TTPs) seen through the lens of Microsoft 365 Defender’s rich telemetry, we observed a few techniques that are worth disclosing to help other defenders better respond to this incident and use hunting tools like Microsoft 365 Defender advanced hunting or Azure Sentinel queries to search for potential traces of past activity.”

Following the report, Microsoft stated that it is “actively working with MITRE to make sure that any novel technique emerging from this incident is documented in future updates of the ATT&CK framework.”

The post How did SolarWind Hackers evade Detection? appeared first on IT Security Guru.

Barmak Meftah Joins Nozomi Networks Board of Directors

Thu, 21 Jan 2021 11:41:09 GMT

Nozomi Networks Inc., the leader in OT and IoT security, today announced that Barmak Meftah has joined Nozomi Networks’ board of directors. Recognized globally as one of the most successful business leaders in enterprise security, Mr. Meftah has more than 25 years of experience building market-leading enterprise SaaS and cybersecurity companies. Most recently, he was President of AT&T Cybersecurity, a role he assumed after the acquisition of AlienVault, where he served for six year as President and CEO. During his two-year tenure at AT&T, he established the cybersecurity division, reporting directly to the CEO of AT&T Business, and grew revenue by double digits . Under his leadership, AT&T Cybersecurity became a top cybersecurity company and one of the leading managed security services providers (MSSPs).

“Barmak’s impressive track record of success in Silicon Valley has gained him international respect as a pillar in enterprise security,” Said Nozomi Networks CEO Edgard Capdevielle. “His keen business instincts and depth of knowledge in security software and SaaS will be invaluable as we add cloud-based solutions to our product portfolio and accelerate market expansion and growth. We are ecstatic to welcome him to the board.”

“Nozomi Networks is leading the charge to ensure a secure future for critical infrastructure and industrial networks,” Mr. Meftah said, commenting on his board appointment. “IT/OT convergence and a growing reliance on AI-powered processes and IoT devices has created a flaming hot market for advanced security solutions that can help CISOs effectively span mixed networks, physical systems and IoT devices. Nozomi Networks’ innovation agility, global team of experts and passion for customer success has quickly established the company as the premier provider of OT and IoT security and services. I look forward to helping Nozomi Networks take its business to the next level.”

Over the course of his career, Mr. Meftah has built some of the industry’s most innovative and successful cybersecurity companies. During his time at AT&T Cybersecurity, the division grew to become a top cybersecurity provider and one of the leading managed security services provider (MSSPs) in the world. At AlienVault, Mr. Meftah served as President and CEO, raising more than $118 million, establishing the company as the market leader in unified security management and opensource threat intelligence and growing it to more than 10,000 customers and more than 700 partners before being acquired by AT&T in 2018. Prior to that, he served as Vice President of the Enterprise Security Products division at HP, a role he assumed after HP’s acquisition of Fortify where he served as Chief Product Office and was one Fortify’s first 10 employees. Mr. Meftah also served in several senior management roles at Oracle Corporation including head of products for the Oracle RDBMS for the Windows platform in the Server Technologies group. In addition to his independent board position with Nozomi Networks, Mr. Meftah serves on various boards of directors, is an advisor and coach to multiple CEOs, and is an independent investor as well as a limited partner to a number of VC funds. Respected for his forward-thinking perspective on cybersecurity issues and innovations, he has been recognized by the World Economic Forum for Tech Innovation, and is a regular speaker at leading industry conferences including RSA Conference and Black Hat.

The post Barmak Meftah Joins Nozomi Networks Board of Directors appeared first on IT Security Guru.

Airline Passenger Data Stolen by Hackers

Wed, 20 Jan 2021 13:31:18 GMT

For the past few years, a Chinese hacking group has been targeting the airline industry to obtain passenger data. Their goal was to track the movement of person of interest. The threat actor responsible has been given the name Chimera.

The groups activities were first reported in 2020, and are thought to be nation state actors. The NCC Group and Fox-IT compiled a report, which was published last week, that claims the intrusions are broader than initially believed.

“The goal of targeting some victims appears to be to obtain Passenger Name Records (PNR),” the two companies said. “How this PNR data is obtained likely differs per victim, but we observed the usage of several custom DLL files used to continuously retrieve PNR data from memory of systems where such data is typically processed, such as flight booking servers.”

The post Airline Passenger Data Stolen by Hackers appeared first on IT Security Guru.

Emails exposed to SolarWinds Hackers

Wed, 20 Jan 2021 13:15:00 GMT

SolarWinds attackers managed to gain access to internal emails via a different intrusion vector. This was confirmed by Malwarebytes, who stated that a second threat vector was used to infiltrate private emails with the use of password guessing or spraying and/or exploiting admin or service credentials.

The vendor reported suspicious activity on December 15 and linked it to the same threat actor involved in the SolarWinds attacks. “The investigation indicates the attackers leveraged a dormant email protection product within our Office 365 tenant that allowed access to a limited subset of internal company emails. We do not use Azure cloud services in our production environments.”

Fortunately, Malwarebytes found no evidence of unauthorised access or compromise of its on-premises or production environments.

The post Emails exposed to SolarWinds Hackers appeared first on IT Security Guru.

Covid-19 and Brexit result in 70% of UK financial firms suffering cyber-attacks

Wed, 20 Jan 2021 12:53:24 GMT

New research by the Ponemon Institute and Keeper Security has found that 70% of the UK’s financial sector has experienced a cyber-attack in 2020. The researchers have warned that this increase in the rate of attacks could result in “disastrous consequences” if action is not taken.

The report has also found that 59% of these attacks were made more likely due to the acceleration in remote working due to the pandemic, as the workforce is now more vulnerable to attackers. According to the research, 41% of finance bosses believe that it is their remote workforce who have made their company more susceptible to data breaches.

The post Covid-19 and Brexit result in 70% of UK financial firms suffering cyber-attacks appeared first on IT Security Guru.

1.4 million Pixlr user records shared on hacker forum

Wed, 20 Jan 2021 12:38:38 GMT

1.4 million Pixlr user records have been leaked online to a hacker forum. The user records contain information that can be used by malicious actors to carry out credential stuffing and targeted phishing attacks. The hacker known as ShinyHunters shared the user record database for free to the hacker forum, claiming that the data was stolen from 123rf, whos parent company Inmagine also owns Pixlr. In their post ShinyHunters said that they stole the database from the company’s AWS bucket.

The post 1.4 million Pixlr user records shared on hacker forum appeared first on IT Security Guru.

Vdoo Reveals an Extension Funding Round with Qumra Capital and Verizon Ventures Joining as Investors

Tue, 19 Jan 2021 16:09:52 GMT

Vdoo, a leader in product security for embedded software, today revealed it had extended its Series B funding to $57M, in an additional round led by Qumra Capital, Verizon Ventures, and others.

The round was completed in the third quarter of last year, and the new funding was leveraged to expand Vdoo’s offering to the telco and smart utility space, at the backdrop of the connectivity surge induced by COVID-19. The round increased the total capital raised by Vdoo to $70M. Qumra Capital and Verizon Ventures joined existing investors 83North, GGV Capital, WRVI Capital, Dell Technologies Capital, NTT DOCOMO Ventures, MS&AD Ventures, and prominent private investors in the extension round.

According to Netanel Davidi, Co-Founder and CEO of Vdoo, “Over the last year, we’ve experienced huge market demand from device deployers such as telcos and utilities. These companies are responsible for the security of the millions of devices such as routers, connected home appliances, and smart meters that they deploy to their end-user and customer environment. With Vdoo’s new offering, they can now quickly and easily vet the security and standard compliance of these devices and continue to monitor and protect the devices over the lifecycle of the product. As a result, our newest customers include top U.S. and global telcos and additional utilities players globally. We are happy to announce this round after receiving strong market validation, and we are thankful we were able to grow significantly in these challenging times.”

The connected product security market continues to expand; research firm Markets and Markets predicts the global device security market to grow from $12.5 billion in 2020 to $36.6 billion by 2025. COVID-19 and the shift to working from home (WFH) have dramatically increased the number of remotely connected devices, accelerating the demand for securing connected products.

Vdoo delivers the industry’s leading automated product security platform for device manufacturers and deployers. Vdoo’s platform performs a complete security assessment in minutes, providing a comprehensive report identifying zero-day vulnerabilities, CVEs, configuration and hardening issues, standard incompliances, and other security exposures with suggested prioritization and remediation mechanisms.

“The world’s top device manufacturers and deployers choose to work with Vdoo because they recognize the importance of securing their products,” said Davidi. “They’re leveraging the Vdoo platform to analyze their security and standards posture before deployment, and then continue to protect their devices through the end of product life. Our customers include dozens of Fortune 500 companies across every industry, geography, and type of connected product, such as automotive, industrial, medical, smart buildings, and now also telcos and utilities.”

“The number of connected IoT devices is rapidly growing, creating greater opportunities for security breaches,” said Boaz Dinte, Managing Partner of Qumra Capital that led the round. “Vdoo’s unique device-centric, deep technology automated approach has already brought immediate value to vendors in a very short period of time. We believe the market opportunity is huge, and with newly infused growth capital, Vdoo is well-positioned to become the leading global player for securing connected devices.”

“With the expansion of 5G networks and mobile edge compute, there’s a need for an end-to-end, device-centric security approach to IoT,” said Verizon Ventures Managing Director Tammy Mahn. “As the venture arm of a leading telco, Verizon Ventures is proud to invest in Vdoo and its world-class team on their journey to solve this global need, while ushering in a new era of security by design in our increasingly connected world.”

About Vdoo

Vdoo’s automated approach to securing connected products has helped Fortune 500 manufacturers and service providers to scale up their product security capabilities across multiple lines of business, enabling them to significantly shorten their time-to-market, reduce resource requirements, increase sales and lower overall risk profiles.

Founded by a team of serial entrepreneurs with deep expertise in endpoint and embedded system security, Vdoo is a global company with offices in the U.S., Germany, Israel and Japan. For more information, visit www.vdoo.com

The post Vdoo Reveals an Extension Funding Round with Qumra Capital and Verizon Ventures Joining as Investors appeared first on IT Security Guru.

Vishing attacks are stealing corporate accounts

Tue, 19 Jan 2021 13:36:58 GMT

The Federal Bureau of Investigation (FBI) has released a warning to notify people of the ongoing vishing attacks which are attempting to steal corporate accounts, as well as the account’s credentials, in order to gain network access and privileges from both US and international-based staff.

The FBI PIN says, “during COVID-19 shelter-in-place and social distancing orders, many companies had to quickly adapt to changing environments and technology.” It goes on to read, “with these restrictions, network access and privilege escalation may not be fully monitored.”

The post Vishing attacks are stealing corporate accounts appeared first on IT Security Guru.

IObit hacked with malware spread to forum members

Tue, 19 Jan 2021 13:13:38 GMT

This weekend IObit, a Windows utility developer, was hacked resulting in strange DeroHE ransomware being distributed to a number of its forum users. IObit is a software developer that is known for anti-malware programs, such as Advanced SystemCare, and Windows system optimization.

Over the weekend IObit forum members started to receive emails that were supposedly from IObit. The emails stated that forum members are entitled to a 1-year license to their software for free.

The post IObit hacked with malware spread to forum members appeared first on IT Security Guru.

Stealthy Miners Exploit Bitcoin Owners

Tue, 19 Jan 2021 12:44:54 GMT

The Bitcoin value is currently experiencing a high, with 1 Bitcoin worth around $36,000. With this, researchers have recorded an increase in coinminer malware which, according to Alexander Vukcevic “exploits other people’s computer resources for illegal mining activities.” This type of malware runs completely undetected on a victim’s computer. The aim of coinminer malware is not to steal data, but to use resources from the infected computer. These resources include the processor, graphics card, main memory and the network bandwidth.

Bitcoin has become iconic in day to day life, and is one of the most well-known cryptocurrencies around the world. This gives coinminer malware plenty of targets, putting many Bitcoin owners at risk of exploitation.

The post Stealthy Miners Exploit Bitcoin Owners appeared first on IT Security Guru.

Capitol Riots fuelling Disinformation Campaigns

Tue, 19 Jan 2021 12:13:46 GMT

The FBI released a “joint threat assessment” on Thursday detailing fears that “Russian, Iranian and Chinese influence actors have seized the opportunity to amplify narratives in furtherance of their policy interest amid the presidential transition.”

Additionally, a U.S. Intelligence memo claims that a Russian “proxy” took advantage of the event to advance a conspiracy theory, claiming that anti-fascist groups (antifa for short) were, in fact, responsible for the Capitol insurrection. Russia is also suspected to have “amplified themes related to the violent and chaotic nature of the Capitol Hill incident, impeachment of President Trump and social media censorship.”

As a result, the spread of misinformation surrounding the siege has the FBI on high alert. Leading up the inauguration of President-elect Joe Biden the risk of violence is expected to remain elevated.

The post Capitol Riots fuelling Disinformation Campaigns appeared first on IT Security Guru.

Signal fixes Outage after Surge in New Users

Mon, 18 Jan 2021 13:12:32 GMT

After resolving technical issues that had affected both the mobile and web application on Friday, Signal said: “Thanks to the millions of new Signal users around the world for your patience.”

As a result of the discontent over WhatsApp’s new Terms&Conditions, both Signal and Telegram have hugely benefited from an increase in downloads and users. The surge caused users to experience some technical issues. Many reported problems with sending messages, which lasted for several hours. Signal published a series of tweets stating that, although users might see some errors in their chats, their security would not be affected.

The post Signal fixes Outage after Surge in New Users appeared first on IT Security Guru.

Fake Vaccine Data used to Spread Fear

Mon, 18 Jan 2021 11:52:16 GMT

Last week, a report by the EMA disclosed that attackers had hacked into their servers and stolen data related to the BioNTech Covid-19 vaccine. Until recently, the hackers’ motives had been unclear. New developments from the EMA, however, reveal that: “Some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines.”

The attack could have either been perpetrated by state-sponsored threat actors or hacktivists attempting to appeal to the anti-vaxxer movement. The EMA sought to reassure the public to trust in the effectiveness of the vaccine in a statement on Friday. “Despite [the] urgency [to make vaccines available across the EU as quickly as possible], there has always been consensus across the EU not to compromise the high quality standards and to base any recommendation on the strength of the scientific evidence on a vaccine’s safety, quality and efficacy, and nothing else.”

The post Fake Vaccine Data used to Spread Fear appeared first on IT Security Guru.

Financial sector’s cyber security guidelines tightened in Singapore

Mon, 18 Jan 2021 11:46:16 GMT

Singapore has recently revised its Technology Risk Management Guidelines so that they now include “strong oversight” of partnerships with third-party companies in order to maintain data confidentiality. The updated guidelines also covered stress tests and security controls, as well as appointments of senior IT executives and third-party vendors.

The Technology Risk Management Guidelines have been revised due to the increasing usage of cloud technologies and application programming interfaces in financial institutions. As the use of technology in the financial sector grows so does the need to incorporated risk mitigation strategies and security controls.

The statement published by Monetary Authority of Singapore (MAS) on Monday said that “the recent spate of cyber attacks on supply chains, which targeted multiple IT service providers through the exploitation of widely-used network management software, is a clear indication of a worsening cyber threat environment.”

The post Financial sector’s cyber security guidelines tightened in Singapore appeared first on IT Security Guru.

DuckDuckGo sees rapid growth in 2020

Mon, 18 Jan 2021 11:29:09 GMT

DuckDuckGo, a privacy-focused search engine, has experienced impressive growth in 2020, receiving 102M daily searches in January.

DuckDuckGo is a search engine that uses data from platforms such as Bing and Wikipedia to build a search index. They do not track users searches in order to build a user profile, and they also do not share any identifiable or personal data with third-parties. As concern rises about how personal data is being used online, DuckDuckGo has seen rapid growth in recent years.

The post DuckDuckGo sees rapid growth in 2020 appeared first on IT Security Guru.

400,000 customer details compromised in Resident Evil and Street Fighter gaming company ...

Fri, 15 Jan 2021 17:12:37 GMT

A ransomware attack launched against gaming company Capcom last November keeps getting worse, threatpost reported this week. The company now says that the personal data of up to 400,000 of its customers was compromised in the attack — 40,000 more than the company originally thought. Capcom is a Japan-based publisher of blockbuster games like Resident Evil, Street Fighter and Dark Stalkers. The breach was first detected on Nov. 2.. On Nov. 19, Capcom said its personal as well as corporate data was compromised. This is the third update from Capcom on the incident.

Commenting on the news, Michael Barragry, operations lead and security consultant at Edgescan, stated:

Lockdowns and less population mobility inevitably lead to higher uptake in online gaming, and in-game purchases may increase the “value” of some user accounts for attackers.

The stolen data belonging to 400,000 users could be used for further attacks such phishing/social engineering/ID impersonation, therefore users are encouraged to change their account credentials and to be extremely cautious when opening on unsolicited emails. Even messages coming from Capcom themselves might be malicious, as attackers sometimes attempt to trick affected users into clicking on a malicious link by pretending to be the vendor informing them of the security breach.

It’s interesting how these attacks often “get worse” over time – the severity of such attacks are not always entirely understood at the beginning.

The post 400,000 customer details compromised in Resident Evil and Street Fighter gaming company ransomware attack appeared first on IT Security Guru.

XSS vulnerability affects government websites

Fri, 15 Jan 2021 17:06:30 GMT

An undisclosed Cross-Site Scripting (XSS) vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA, BleepingComputer reported today.

Although 90 days have elapsed since the vulnerability was reported and patched, BleepingComputer is not aware of a formal disclosure made by the project.Security researcher Jackson Henry of the Sakura Samurai ethical hacking group had first discovered and reported the vulnerability to Apache in early October, 2020.

Although the project had acknowledged Henry’s report and issued a publicly visible fix on GitHub on November 5th, 2020, a proper public disclosure never took place which left Sakura Samurai researchers concerned.

Commenting on the news, Craig Young, principal security researcher at Tripwire, explained:

The vulnerability in question is a case of reflected cross-site scripting. With this type of weakness, the attacker prepares a malicious link and must convince victims to load this malicious address link in their browsers.

The impact of a reflected cross-site scripting generally varies based on whether the victim of an attack was authenticated to the affected site. If a logged-on user loads an attack URL, the attacker will be able to perform actions on the affected site using the victim’s account.

Besides using cross-site scripting for privilege escalation, an attacker might use this vulnerability to spoof content on vulnerable sites. For example, someone looking to spread conspiracy theories online could prepare links which make it look like official government web sites are confirming wild conspiracy theories. It’s also possible to imagine other, more targeted, attacks leveraging this style of spoofing attack.

The post XSS vulnerability affects government websites appeared first on IT Security Guru.