TDR | SC Media

TDR

Peter Stephenson

Threat hunting with next-generation tools

We’ve covered two AI-based next generation tools: deception networks and network monitoring.  This time we’re going to use next generation enterprise forensics to go on a threat hunt. If you recall, we deployed an Attivo BOTSink deception network in the lab and added, last time, the MixMode Packetsled network monitor.  Both of these use true…

cameras

ACLU warns security cameras could lead to surveillance

Millions of security cameras become equipped with “video analytics” and other AI-infused technologies that allow computers not only record but “understand” the objects they’re capturing, they could be used for both security and marketing purposes, the American Civil Liberties Union (ACLU) warned in a recent report ,“The Dawn of Robot Surveillance.” As they become more…

Organizations still struggle to manage vulnerability patches, report

Nearly 27 percent of organizations worldwide have been breached as a result of an unpatched vulnerability, according to Tripwire’s 2019 Vulnerability Management Survey.. In Europe, companies fair worse with 34 percent of respondents reporting a breach due to the same cause. Tripwire partnered with Dimensional Research to survey 340 infosecurity professionals on vulnerability management trends…

Great White North bombarded with malicious email campaigns, report

During the first four months of 2019 threat actors conducted thousands of malicious email campaigns, hundreds of which targeted Canadian organizations. Proofpoint researchers detected nearly 100 campaigns that specifically geo-targeted Canada or were customized for Canadian audiences in the first four months of 2019 mostly using the Emotet banking trojan, according to Proofpoint’s Beyond “North…

Cybersecurity threats and unified communications

Given that businesses and customers are constantly working to become more connected and digital-first, there is a paramount need for them to protect their cyber assets and personal information as a result. Analysts estimate that by 2020, 60 percent of all enterprises will be the victims of a major cybersecurity breach. As reported by Cybersecurity…

Vulnerability enables downgrading of MySQL SSL/TLS connections

Spike in Bots using ‘Cipher Stunting’ to avoid threat detection

Akamai observed attackers using a technique dubbed, Cipher Stunting, or using advanced methods to randomize SSL/TLS signatures in an attempt to evade detection attempts. Researchers noted spikes in distinct fingerprints in August 2018 with 18,652 distinct fingerprints globally but at the time there was no evidence of any tampering with Client Hello or any other…

DHS warns against ‘password spray’ brute force attacks

The DHS recently issued a warning against the use of common and or easily guessed passwords after several government agencies have been targeted by “password spray” attacks. In these attacks brute force login attacks, attempt to break into accounts using these simple passwords with the goal of stealing sensitive information and unlike social engineering, these…

Threat actors target Git repositories with wiper ransomware

An anonymous hacker has been infecting Git repositories with ransomware and threatening to wipe them clean if not paid in 10 days. Hundreds of accounts have been infected and researchers believe the threat actor has scanned the entire internet for Git config files, extracted their credentials, and then used these login to access and infect…

badduck

Qakbot upgrade includes new obfuscation technique

The Qakbot banking trojan, a.k.a, Qbot has developed new obfuscation techniques that make it harder to detect and remove. Cisco Talos researchers spotted a change in the infection chain of the trojan that may allow the download of the malware to go undetected since it is obfuscated when downloaded and saved in two separate files,…

Slack logo

Slack warns investors of future cybersecurity risks

Cloud-based work collaboration tool provider Slack warned investors of the risks posed by organized cybercrime and nation-state threat actors in a filing with the SEC. The company warned that threats from these organizations including advanced persistent threat intrusions are a strong possibility considering that more than 600,000 organizations use the platform making it a prime…

Next post in APTs/cyberespionage