More than four-fifths (85%) of the UK’s top 20 universities are putting their students, staff and suppliers at risk of email fraud, according to a new study by Proofpoint. The researchers found that just 15% of the universities have implemented the recommended and strictest level of domain-based message authentication, reporting and conformance (DMARC). DMARC is an
Month: September 2021
Executive Summary Today, enterprises tend to use multiple layers of security defenses, ranging from perimeter defense on network entry points to host based security solutions deployed at the end user’s machines to counter the ever-increasing threats. This includes inline traffic filtering and management security solutions deployed at access and distribution layers in the network, as
Misconfigurations of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here’s what you can do to prevent cloud configuration conundrums. Forget shadowy attackers deploying bespoke zero-day exploits from afar. A risk that is far more real for organizations as they embark on ambitious digital transformation projects is human error.
Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. “These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables,” researchers from Eclypsium said
by Paul Ducklin VMware’s latest security update includes patches for 19 different CVE-numbered vulnerabilities affecting the company’s vCenter Server and Cloud Foundation products. All of the bugs can be considered serious – they wouldn’t be enumerated in an official security advisory if they weren’t – but VMware has identified one of them, dubbed CVE-2021-22005, as
International information security accreditation and certification body CREST has appointed Rowland Johnson as its new President. Johnson will take over from Ian Glover, who retired as President of CREST on September 1 after nearly 13 years in the post. This will be for an initial term of one year. Johnson was previously a member of the CREST
BlackMatter is a new ransomware threat discovered at the end of July 2021. This malware started with a strong group of attacks and some advertising from its developers that claims they take the best parts of other malware, such as GandCrab, LockBit and DarkSide, despite also saying they are a new group of developers. We
The group used phishing, BEC and other types of attacks to swindle victims out of millions Law enforcement agencies from Europe have cracked down on an organized group that is associated with the Italian Mob and has been involved in all manner of cybercrime, including phishing campaigns, SIM swapping and Business Email Compromise (BEC). The criminal
Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that’s involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. “With over 100 available phishing templates that mimic known
by Paul Ducklin Apple’s iOS 15 is now out – the very latest software version for iPhones, just in time for the official launch of the new iPhone 13 later in the week. (Yes, you can buy an iPhone 13 today, but only by placing what modern sales and marketing jargon refers to as a
“Wrapped” Bitcoin worth more than $12m has been stolen from the decentralized finance protocol pNetwork. The cross-chain project announced the theft of 277 BTC on September 19 via Twitter, ascribing the hack to a codebase vulnerability. The theft was executed on Binance Smart Chain, which featured in the biggest ever DeFi heist in history – the $610m Poly
Microsoft is warning its users of a zero-day vulnerability in Windows 10 and versions of Windows Server that is being leveraged by remote, unauthenticated attackers to execute code on the target system using specifically crafted office documents. Tracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a
Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe’s ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target’s network 79 hours after the hack. The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for
by Paul Ducklin We’ve been warning about fake courier scams on Naked Security for many years, even before the coronavirus pandemic increased our collective reliance on home deliveries. These scams can take many different forms, including: A fake gift sent by an online “friend” is delayed by customs charges. This is a common ruse used
Register now for our 15th Annual Infosecurity Magazine Autumn Online Summit The event showcases an extensive education program featuring high caliber speakers and thought leaders in the cyber community as well as offer packed resource centers featuring the latest reports, research and case studies. The event showcases an extensive education program featuring high caliber speakers
Summary McAfee Enterprise’s Advanced Threat Research (ATR) team provided deep insight into a long-term campaign Operation Harvest. In the blog, they detail the MITRE Tactics and Techniques the actors used in the attack. In this blog, our Pre-Sales network defenders describe how you can defend against a campaign like Operation Harvest with McAfee Enterprise’s MVISION
Law enforcement agencies in Italy and Spain have dismantled an organized crime group linked to the Italian Mafia that was involved in online fraud, money laundering, drug trafficking, and property crime, netting the gang about €10 million ($11.7 million) in illegal proceeds in just a year. “The suspects defrauded hundreds of victims through phishing attacks
Summary The REvil (also known as Sodinokibi) ransomware was first identified on April 17, 2019. It is used by the financially motivated GOLD SOUTHFIELD threat group, which distributes ransomware via exploit kits, scan-and-exploit techniques, RDP servers, and backdoored software installers. Secureworks® Counter Threat Unit™ (CTU) analysis suggests that REvil is likely associated with the GandCrab
A cyber-criminal who defrauded American telecommunications giant AT&T out of more than $200m through a phone-unlocking bribery scheme has been sentenced to prison. Muhammad Fahd, a 35-year-old citizen of Pakistan and Grenada, led a seven-year conspiracy in which AT&T employees were bribed to unlawfully unlock nearly two million customers’ cell phones for profit. The plot began in
For this week’s executive spotlight, I’m highlighting Kathleen Curry, senior vice president, Global Enterprise Channels at McAfee Enterprise. Curry was named one of CRN’s 2021 Channel Chiefs. Joining the company in April 2020, she was acknowledged for her contributions expanding our partner program initiatives to reward partners for servicing customers in line with their modern needs
Analysis of Numando banking trojan, steps to mitigate attack surface, and more! – Week in security with Tony Anscombe In this edition of Week in security, Tony looks at these topics: ESET Research continues its series on Latin American banking trojans, this time dissecting Numando, which targets mainly Brazil and rarely Mexico and Spain. An
New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices. The flaw — dubbed “Seventh Inferno” (CVSS score: 9.8) — is part of a trio of security weaknesses, called Demon’s Cries (CVSS
More Native American tribes are going to be given enhanced access to critical databases containing national crime information for the United States. In an announcement made September 16, the Department of Justice said that 12 tribes have been newly selected to participate in the Tribal Access Program for National Crime Information (TAP), bringing the total number of
Sadly, online job scams targeting older adults have been an issue for years. However, in a pandemic job market, cybercriminals are working overtime to devise schemes that exploit job seekers’ need for financial security. According to the Better Business Bureau, Americans lost more than $62 million in employment scams in 2020. In addition, with federal unemployment benefits ending this month, that number is expected to rise as more
The (probably) penultimate post in our occasional series demystifying Latin American banking trojans. Before concluding our series, there is one more LATAM banking trojan that deserves a closer look – Numando. The threat actor behind this malware family has been active since at least 2018. Even though it is not nearly as lively as Mekotio
A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar. Cisco Talos dubbed the malware attacks “Operation Layover,” building on previous research from
Summary The activities of some non-governmental organizations (NGOs) challenge governments on politically sensitive issues such as social, humanitarian, and environmental policies. As a result, these organizations are often exposed to increased government-directed threats aimed at monitoring their activities, discrediting their work, or stealing their intellectual property. BRONZE PRESIDENT is a likely People’s Republic of China
Over $133m has already been lost this year to romance scams, with victims increasingly urged to invest in fraudulent cryptocurrency opportunities, according to the FBI. A new Public Service Announcement was published yesterday revealing that the FBI Internet Crime Complaint Center (IC3) received over 1,800 complaints from January 1 to June 31 this year, resulting in soaring
Why am I here? There’s a lot of information out there on critical vulnerabilities; this short bug report contains an overview of what we believe to be the most news and noteworthy vulnerabilities. We don’t rely on a single scoring system like CVSS to determine what you need to know about; this is all about
Discover the best ways to mitigate your organization’s attack surface, in order to maximize cybersecurity. In almost all coverage of modern breaches you’ll hear mention of the “cyberattack surface” or something similar. It’s central to understanding how attacks work and where organizations are most exposed. During the pandemic the attack surface has grown arguably further