Blog

Cybersecurity news

• Extended spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information and in some cases, passwords, to Google and Microsoft respectively. While this may be a known and intended feature of these web browsers, it does raise concerns about what happens to the data after transmission and how safe the practice might be, particularly when it comes to password fields.
• Romanian cybersecurity firm Bitdefender has released a free decryptor to help LockerGoga ransomware victims recover their files without paying a ransom. The free tool is available for download from Bitdefender’s servers and allow to recover encrypted files using instructions in usage guide.
• The NSA has published requirements for quantum-resistant (QR) algorithms to be implemented by suppliers and operators of national security systems to process classified or important information for military and intelligence operations.
• An international law enforcement operation has resulted in the dismantling of WT1SHOP, an online criminal marketplace that specialized in the sales of stolen login credentials and other personal information. The website peddled over 5.85 million records of personally identifying information, including approximately 25,000 scanned driver’s licenses/passports, 1.7 million login credentials for various online shops, 108,000 bank accounts, 21,800 credit cards.

More

Effective exchange of information about threats among multiple participants works like collective immunity: the more participants are involved in this process, the higher the probability of successfully resisting the attackers. We will tell you in the article about the culture of sharing such data and what are the main pitfalls of this area.

What is data exchange culture, and why is it needed?

It is worth exchanging information about threats for at least three reasons. Firstly, to save money, because it is cheaper to prevent an attack than to eliminate damage from it. Secondly, to be socially responsible: to fight together with other companies against a common enemy. Finally, thirdly, to have a good reputation. A company is trusted not only by customers but also by investors if it is conditionally safe.

To date, it is possible to distinguish several types of data shared by TI exchange participants:

• incidents — detailed information about attempted attacks and their success;
• threats and vulnerabilities — it often happens that attackers manage to take advantage of a vulnerability before it gets into known vulnerability databases;
• methods of vulnerability elimination, localization, or threat blocking;

More

Cybersecurity news

• A new and upgraded version of the SharkBot malware has returned to Google’s Play Store, targeting banking logins of Android users through apps that have tens of thousands of installations. The malware was present in two Android apps that did not feature any malicious code when submitted to Google’s automatic review.
• The source code of a remote access trojan dubbed ‘CodeRAT’ has been leaked on GitHub after malware analysts confronted the developer about attacks that used the tool. The malicious operation, which appears to originate from Iran, targeted Farsi-speaking software developers with a Word document that included a Microsoft Dynamic Data Exchange exploit.
• Threat analysts have spotted a new malware campaign dubbed ‘GO#WEBBFUSCATOR’ that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware.
• Galois, a firm specialized in the research and development of new technologies, has open sourced a suite of tools for identifying vulnerabilities in C and C++ code. Dubbed MATE, the tools are the result of a collaborative effort supported by the United States Air Force and Defense Advanced Research Project Agency (DARPA).

More

On the 6th and 7th of September in Dubai, UAE there will be held the third annual conference dedicated to cyber security innovations – CSIS 2022 and the Defensys company is a partner of this respectful conference.

CSIS aggregates professionals in the area of IT and cybersecurity for the exchange of experience and competencies in order to counter the problems that companies from all over the world face on a daily basis: the growth of cyberattacks, data leaks, security problems related to cloud technologies etc. The main discussions will focus on artificial intelligence, machine learning, cybersecurity regulation and, of course, high-tech solutions for infrastructure protection. This conference is designed to help various businesses and governments maintain resilience and adapt to the ever-changing methods of cyberattacks.

We invite all colleagues to our booth, where the latest version of Defensys cybersecurity ecosystem will be presented. Our team is ready to provide you with all the details regarding the technologies of SOC, threat intelligence, attack detection, network simulation gathered within the single SGRC system for the comprehensive control and development of the cybersecurity within your business. You will see how all the cybersecurity risks and results of compliance assessments can be calculated and properly presented standing on Defensys cybersecurity technologies and all the solutions and systems that are already implemented in your infrastructure.

More

Cybersecurity news

• Kaspersky linked with medium confidence the Maui ransomware operation to the North Korea-backed APT group Andariel, which is considered a division of the Lazarus APT Group. North Korean nation-state actors used Maui ransomware to encrypt servers providing healthcare services, including electronic health records services, diagnostics services, imaging services, and intranet services.
• The young hacker based in Verona, Italy recently uploaded multiple malicious Python packages containing ransomware scripts to the Python Package Index (PyPI), supposedly as an experiment. According to the researchers at Sonatype who spotted the malicious code on PyPI, one of the packages (requesys) was downloaded about 258 times.
• A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed AEPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that’s akin to an “uninitialized memory read in the CPU itself.”
• Two researchers recently discovered security flaws in 5G IoT APIs that could allow attackers to access data or direct access to IoT devices on networks.

More