News threat intelligence...

News threat intelligence

  • Adam Marrè: Learning to be a leader. [CISO] [Career Notes]
    par CyberWire, Inc. le 25 septembre 2022 à 7h16

    Adam Marrè, CISO from Arctic Wolf sits down to share his story of rising through the ranks. After 9/11 he decided he wanted to make a difference in the world and so he chose to go into the FBI, there he learned the skills that got him to where he is today. In his time at the FBI, he was able to do what he loved which was working with computers while gaining more knowledge on cybersecurity and became computer forensic certified. Ultimately he needed a change in the end and decided to leave the FBI, He was able to learn the leadership skills he needed to move past that career path and follow a new dream. He is now able to share his passion with the world and help people understand security to help protect themselves as well as helping people finding success in their careers and in their lives. We thank Adam for sharing his story.

  • American Airlines learned it was breached from phishing targets
    par Sergiu Gatlan le 24 septembre 2022 à 19h59

    American Airlines says its Cyber Security Response Team found out about a recently disclosed data breach from the targets of a phishing campaign that was using an employee's hacked Microsoft 365 account. [...]

  • American Airlines learned they were breached from phishing targets
    par Sergiu Gatlan le 24 septembre 2022 à 16h54

    American Airlines says its Cyber Security Response Team (CIRT) found out about a recently disclosed data breach from the targets of a phishing campaign that was using an employee's hacked Microsoft 365 account. [...]

  • Microsoft SQL servers hacked in TargetCompany ransomware attacks
    par Bill Toulas le 24 septembre 2022 à 16h54

    Security analysts at ASEC have discovered a new wave of attacks targeting vulnerable Microsoft SQL servers, involving the deployment of a ransomware strain named FARGO. [...]

  • Windows 11 now warns when typing your password in Notepad, websites
    par Lawrence Abrams le 24 septembre 2022 à 16h54

    Windows 11 22H2 was just released, and with it comes a new security feature called Enhanced Phishing Protection that warns users when they enter their Windows password in insecure applications or on websites. [...]

  • Keeping an eye on RDS vulnerabilities. [Research Saturday]
    par CyberWire, Inc. le 24 septembre 2022 à 7h09

    Gafnit Amiga, Director of Security Research from Lightspin joins Dave to discuss her team's research "AWS RDS Vulnerability Leads to AWS Internal Service Credentials." The research describes how the vulnerability was caught and right after it was reported the AWS Security team applied an initial patch limited only to the recent Amazon Relational Database Service (RDS) and Aurora PostgreSQL engines, excluding older versions.They followed by personally reaching out to the customers affected by the vulnerability and helped them through the update process. The research states "Lightspin's Research Team obtained credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension."The research can be found here:AWS RDS Vulnerability Leads to AWS Internal Service Credentials

  • The Week in Ransomware - September 23rd 2022 - LockBit leak
    par Lawrence Abrams le 23 septembre 2022 à 21h33

    This week we saw some embarrassment for the LockBit ransomware operation when their programmer leaked a ransomware builder for the LockBit 3.0 encryptor. [...]

  • Privateers seem to be evolving into front groups for the Russian organs. Unidentified threat actors engaging in cyberespionage. Catphishing from a South Carolina prison.
    par CyberWire, Inc. le 23 septembre 2022 à 21h06

    The GRU's closely coordinating with cyber criminals. An unidentified threat actor deploys malicious NPM packets. Gootloader uses blogging and SEO poisoning to attract victims. Metador is a so-far unattributed threat actor. Johannes Ullrich from SANS on Resilient DNS Infrastructure. Maria Varmazis interviews Anthony Colangelo, host of spaceflight podcast Main Engine Cutoff, about the iPhone 14 “Emergency SOS via Satellite” feature. And having too much time on your hands while doing time is not a good thing.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/11/184Selected reading.GRU: Rise of the (Telegram) MinIOns (Mandiant)Void Balaur | The Sprawling Infrastructure of a Careless Mercenary (SentinelOne)An unidentified threat actor deploys malicious NPM packets (CyberWire)Threat analysis: Malicious npm package mimics Material Tailwind CSS tool (ReversingLabs)A Multimillion Dollar Global Online Credit Card Scam Uncovered (ReasonLabs)Gootloader Poisoned Blogs Uncovered by Deepwatch’s ATI Team (Deepwatch) The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities (SentinelOne) SC inmate sentenced for ‘sextortion’ scheme that targeted military (Stars and Stripes)

  • App Developers Increasingly Targeted via Slack, DevOps Tools
    par Robert Lemos, Contributing Writer, Dark Reading le 23 septembre 2022 à 20h46

    Slack, Docker, Kubernetes, and other applications that allow developers to collaborate have become the latest vector for software supply chain attacks.

  • Malicious Apps With Millions of Downloads Found in Apple App Store, Google Play
    par Becky Bracken, Editor, Dark Reading le 23 septembre 2022 à 20h15

    The ongoing ad fraud campaign can be traced back to 2019, but recently expanded into the iOS ecosystem, researchers say.