Cybersecurity news
- Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word installers.
- Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond what’s needed to offer the promised functionality.
- Cybersecurity experts reported the discovery of the Meduza Stealer malware designed for it “Complex data theft”. The virus monitors “User activity on the Internet, extraction of huge amounts of data related to browsers”.
- Researchers have pulled back the curtain on an updated version of an Apple macOS malware called RustBucket that comes with improved capabilities to establish persistence and avoid detection by security software.
- Researchers discovered an undisclosed malware family named EarlyRat being used by a branch of the North Korea-backed Lazarus Group. The malware was deployed in Log4j and phishing attacks, marking its first identification in the cybersecurity landscape.
- A trojanized installer for the popular Super Mario 3: Mario Forever game for Windows has been infecting unsuspecting players with multiple malware infections.
Cybersecurity Blog Posts
- Mirko Zorz spoke in detail about the hidden costs of cyberattacks of the healthcare system and how organizations can better manage their cyber risks.
- Sylvain Cortes shared his opinion on how to cultivate a culture of continuous cybersecurity improvement.
- The Cyber ark blog describes the problem of data sovereignty and methods to achieve a balance between location requirements and access rights.
Research and analytics
- ILTA and Conversant Group announce the release of a joint cybersecurity research report titled Security at Issue: State of Cybersecurity in Law Firms. The survey was targeted specifically at understanding law firms’ cybersecurity controls, tools, practices, and assumptions to determine how their cyber defenses could be improved. Almost a third of the law firms surveyed reported cybersecurity breaches in 2021, and 36% reported malware infections.
- Even in the context of a cooling hiring market, the role of CISO is maturing as organizations’ technological needs and risks become greater and multiply, according to the 2023 Global Chief Information Security Officer (CISO) Survey, released by Heidrick & Struggles. 76% of CISOs said they were very or entirely open to changing companies in the next three years, underscoring the importance of succession planning and an increased focus on retention strategies.
- In 2022, the total number of DDoS attacks worldwide increased by 115.1% over the amount observed in 2021, according Nexusguard DDoS Statistical Report for 2022. The data also showed that cyber attackers continued to alter their threat vectors by targeting the application platforms, online databases, and cloud-based storage systems within Internet Service Providers (ISPs). This resulted in a significantly greater impact globally as organizations continue to move more of their workloads to the cloud.
- The survey of over 1,000 Managed Service Providers and Managed Security Service Providers reveals as more businesses experience resource and cost constraints, a majority (86%) of MSPs and MSSPs customers are outsourcing their security needs to consolidate security tools.
- The Virus Bulletin spam report for Q2 2023 is out. Experts continues to see the majority of spam successfully being blocked by email security solutions, and with higher scores this time against malware and phishing samples.
- Akamai delves into all the protocols and techniques that can be abused for lateral movement on Linux.
- Zimperium released its Global Mobile Threat Report 2023. This year’s report reveals a continued growth toward mobile-powered business along with the increasingly sophisticated security risks facing it, including spyware, phishing, and ransomware. Research finds 187% year-over-year increase in the number of compromised devices that were fully exploited, highlighting growing risks posed to mobile-powered businesses.
- CardinalOps’ annual report analyzes real-world data from production SIEMs covering nearly 4,000 detection rules across diverse industry verticals. Enterprise SIEMs Miss 76% of all MITRE ATT&CK Techniques Used by Adversaries.
- The PSA Certified 2023 Security Report highlights significance of upcoming security regulation as 64% of businesses say it will have bigger ramifications than GDPR. Connected device security spend accelerates as three quarters (75%) of businesses report that security has become a bigger business priority in the last 12 months.
- A recent survey conducted by Gigamon has revealed that despite high levels of confidence in hybrid cloud security, nearly one third of security breaches go unnoticed by IT and security professionals. The survey found that 94% of global respondents believe their security tools and processes provide complete visibility and insights into their IT infrastructure. However, the reality is that a significant number of breaches are not being detected in a timely manner.
- Aggregated honeypot data, over a six-month period, showed that more than 50% of the attacks focused on defense evasion, according to Aqua Security. These attacks included masquerading techniques, such as files executed from /tmp, and obfuscated files or information, such as dynamic loading of code. In addition, in 5% of the attacks, threat actors used a memory resident malware. Compared with 2022, there was a 1,400% increase in fileless attacks.
Major Cyber Incidents
- A researcher recently discovered that a Bangladesh government website leaks the personal data of citizens. The leaked data included full names, phone numbers, email addresses, and national ID numbers.
- The Port of Nagoya, the largest and busiest port in Japan, has been targeted in a ransomware attack that currently impacts the operation of container terminals.
- Some Dublin airport staff’s financial information has been compromised by a cyber-attack on provider company Aon that also affected various other firms.
- A Chinese nation-state group has been observed targeting Foreign Affairs ministries and embassies in Europe using HTML smuggling techniques to deliver the PlugX remote access trojan on compromised systems.
- Hacker has stolen the messages, call logs and locations intercepted by a widely used phone monitoring app called LetMeSpy.
- Siemens Energy and Schneider Electric have joined the growing list of apparent victims of the MOVEit Transfer vulnerability, currently being exploited by Cl0p ransomware gang, which is now thought to have impacted more than 100 organisations around the world.