Cyberthreats | SC Media Cyberthreats

Cyberthreats

Peter Stephenson

Threat hunting with next-generation tools

We’ve covered two AI-based next generation tools: deception networks and network monitoring.  This time we’re going to use next generation enterprise forensics to go on a threat hunt. If you recall, we deployed an Attivo BOTSink deception network in the lab and added, last time, the MixMode Packetsled network monitor.  Both of these use true…

Organizations still struggle to manage vulnerability patches, report

Nearly 27 percent of organizations worldwide have been breached as a result of an unpatched vulnerability, according to Tripwire’s 2019 Vulnerability Management Survey.. In Europe, companies fair worse with 34 percent of respondents reporting a breach due to the same cause. Tripwire partnered with Dimensional Research to survey 340 infosecurity professionals on vulnerability management trends…

Great White North bombarded with malicious email campaigns, report

During the first four months of 2019 threat actors conducted thousands of malicious email campaigns, hundreds of which targeted Canadian organizations. Proofpoint researchers detected nearly 100 campaigns that specifically geo-targeted Canada or were customized for Canadian audiences in the first four months of 2019 mostly using the Emotet banking trojan, according to Proofpoint’s Beyond “North…

Cybersecurity threats and unified communications

Given that businesses and customers are constantly working to become more connected and digital-first, there is a paramount need for them to protect their cyber assets and personal information as a result. Analysts estimate that by 2020, 60 percent of all enterprises will be the victims of a major cybersecurity breach. As reported by Cybersecurity…

Vulnerability enables downgrading of MySQL SSL/TLS connections

Spike in Bots using ‘Cipher Stunting’ to avoid threat detection

Akamai observed attackers using a technique dubbed, Cipher Stunting, or using advanced methods to randomize SSL/TLS signatures in an attempt to evade detection attempts. Researchers noted spikes in distinct fingerprints in August 2018 with 18,652 distinct fingerprints globally but at the time there was no evidence of any tampering with Client Hello or any other…

DHS warns against ‘password spray’ brute force attacks

The DHS recently issued a warning against the use of common and or easily guessed passwords after several government agencies have been targeted by “password spray” attacks. In these attacks brute force login attacks, attempt to break into accounts using these simple passwords with the goal of stealing sensitive information and unlike social engineering, these…

Threat actors target Git repositories with wiper ransomware

An anonymous hacker has been infecting Git repositories with ransomware and threatening to wipe them clean if not paid in 10 days. Hundreds of accounts have been infected and researchers believe the threat actor has scanned the entire internet for Git config files, extracted their credentials, and then used these login to access and infect…

badduck

Qakbot upgrade includes new obfuscation technique

The Qakbot banking trojan, a.k.a, Qbot has developed new obfuscation techniques that make it harder to detect and remove. Cisco Talos researchers spotted a change in the infection chain of the trojan that may allow the download of the malware to go undetected since it is obfuscated when downloaded and saved in two separate files,…

Slack logo

Slack warns investors of future cybersecurity risks

Cloud-based work collaboration tool provider Slack warned investors of the risks posed by organized cybercrime and nation-state threat actors in a filing with the SEC. The company warned that threats from these organizations including advanced persistent threat intrusions are a strong possibility considering that more than 600,000 organizations use the platform making it a prime…

data center

Threat actors use US data center to spread malware

Bromium researchers spotted scammers used Nevada data centers to distributed Dridex, GandCrab and other malware in a campaign that lasted between May 2018 to March 2019. Typically, threat actors organize their operations outside of the reach of U.S. law enforcement but these made a bold statement using servers that could easily be seized and shut…

Next post in Cybercrime