Tag Archives: threat

10Fold – Security Never Sleeps – 77

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Ransomware has become such a major threat to both consumers and enterprises that the United States and Canada recently issued a joint alert on this type of malware.  Cisco Systems has released patches to fix serious denial-of-service flaws in its Wireless LAN Controller (WLC) software, Cisco Adaptive Security Appliance (ASA) software and the Secure Real-Time Transport Protocol (SRTP) library that’s used in many products. According to a new survey out by Osterman Research of some 200 enterprises, most organizations still don’t assess database activity continuously and lack the capability to identify database breaches in a timely fashion. Malicious actors have abused PowerShell and Google Docs to deliver a Trojan known as Laziok, FireEye reported on Thursday.

Ransomware: A Formidable Enterprise Threat – Publication: SecurityWeek- Reporter name: STAFF

Ransomware’s extortion-based business model, currently the latest major trend in the cybercrime industry, is marking a major change in the purpose and outcome of malware attacks and has become a major threat to consumers and enterprises alike. Almost unheard of a few years ago, ransomware attacks are making the headlines almost daily, with new malware families emerging nearly every week. This should not be surprising, as the underlining business model for cybercriminals it to hit as many victims as possible and monetize attacks before security researchers react and block their malicious activities.

Cisco fixes serious denial-of-service flaws in wireless LAN controllers, other products – Publication: PCWorld- Reporter name: Lucian Constantin

The Cisco WLC software contains two denial-of-service vulnerabilities, one of which is rated critical and could be exploited by an unauthenticated attacker through specially crafted HTTP requests sent to the device. This can cause a buffer overflow condition that, in addition to a device reload, might also allow for execution of arbitrary code on the device. The second vulnerability, rated high, stems from how the Cisco WLC software handles Bonjour traffic and can be exploited in a similar manner as the HTTP one to cause a device reload. A third DoS vulnerability was patched in the Cisco AireOS software that also runs on some of the company’s Wireless LAN Controller devices. It can be exploited by an unauthenticated hacker by attempting to access a URL that is not generally accessible from and supported by the device’s management interface.

 Databases Remain Soft Underbelly Of Cybersecurity  – Publication: DarkReading – Reporter name: Ericka Chickowski

The study, commissioned by DB Networks, found the top three database security issues among enterprises were tracking compromised credentials; the potential for the organization to experience a major data breach; and the inability of the organization to identify data breaches until it was too late to mitigate damage. At the most basic level, 59% of organizations admit they lack a high degree of certainty about which applications, users, and clients are accessing their databases. And 43% of organizations don’t even have a high degree of certainty about the number and types of databases residing in their IT infrastructure.

Attackers Use PowerShell, Google Docs to Deliver “Laziok” Trojan – Publication: SecurityWeek – Reporter name: Eduard Kovacs

Laziok, a reconnaissance tool and information stealer, was first spotted last year when a threat group leveraged the malware in a sophisticated multi-stage attack campaign targeting energy companies in the Middle East. Attackers exploited an old Windows vulnerability tracked as CVE-2012-0158 to drop the Trojan onto users’ systems. According to FireEye, attackers found a way to bypass Google’s security checks and uploaded the malicious payload to Google Docs. The malware was uploaded in March and remained there until Google was notified by the security firm.

10Fold – Security Never Sleeps – 74

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: A new brand of malware called GozNym, is targeting business accounts at banks rather than the bank itself. New artificial intelligence platform offers 3x detection capabilities with 5x fewer false positives – Dubbed AI2, the technology has shown the capability to offer three times more predictive capabilities and drastically fewer false positive than today’s analytics methods. Real-life whaling attempts show the intricate changes perpetrators try to make to trick a CEO. “60 Minutes” highlights iPhone vulnerability by showcasing how they tapped into a congressman’s calls.

New “Double-Headed” Malware Has Stolen $4 Million From U.S. and Canadian Banks – Publication: Fortune- Reporter name: Clay Dillow

Meet GozNym, the hybrid malware robbing your business account. A new breed of malicious software has stolen roughly $4 million from 24 U.S. and Canadian banks over the first several days of April, IBM cybersecurity researchers report. The malware—known by the portmanteau GozNym—is a hybrid of two strains of known malware “that takes the best of both,” according to a blog post by IBM’s X-Force, part of IBM’s security division. The program is largely targeting business accounts, mostly in the U.S., and mostly via credit unions and “popular e-commerce platforms.” IBM didn’t name the specific institutions but says they have been notified.

MIT AI Researchers Make Breakthrough on Threat Detection – Publication: DarkReading – Reporter name: Ericka Chickowski

CSAIL gave a sneak peek into AI2 in a presentation to the academic community last week at the IEEE International Conference on Big Data Security, which detailed the specifics of a paper released to the public this morning. The driving force behind AI2 is its blending of artificial intelligence with what researchers at CSAIL call “analyst intuition,” essentially finding an effective way to continuously model data with unsupervised machine learning while layering in periodic human feedback from skilled analysts to inform a supervised learning model.

 10 whaling emails that could get by an unsuspecting CEO – Publication: NetworkWorld – Reporter name: Ryan Francis

Whaling threats or CEO fraud continues to grow with 70 percent of firms seeing an increase in these email-based attacks designed to extort money. There has been an uptick of activity lately as fraudsters spend the first few months of the year taking advantage of tax season, targeting finance departments with emails that look like they are coming from a company’s senior executive. Case in point are Snapchat and Seagate as companies that inadvertently gave up employees’ personal information. Email security company Mimecast has shared a handful of real-life examples of fraud attempts targeted at the person in the corner office.

Hackers Track Your Phone No Matter What Security Measures You Take – Publication: Fortune – Reporter name: Aaron Pressman

“60 Minutes” taps congressman’s calls in demo. A flaw in one part of the global cellphone network allows hackers to track phone locations and listen in on calls and text messages, 60 Minutes reported Sunday. Hackers in Germany used the weakness in Signaling System Seven, or SS7, which carriers use to exchange billing information for roaming customers, in a demonstration to track and tap the calls of U.S. Rep. Ted Lieu (D-Calif.). 60 Minutes arranged the demonstration and Lieu knew hackers would be trying to tap his iPhone