• Cybercriminals Leverage Microsoft Sway in a Phishing Attack
    The phishing attack also affects those organizations that do not use the software. The attack is triggered by sending potential victims a malicious Sway phishing page through email with notification for voicemail or fax.Read More
  • This Sneaky Phishing Technique is Tricking Employees into Installing Malware or Sharing Their Credentials
    Termed as ‘conversation-hijacking’, the attack involves bad actors infiltrating real business email threads. The infiltration is done by exploiting previously compromised credentials.Read More
  • Microsoft Patches Critical ‘NSACrypt’ Flaw Reported by NSA
    Software giant Microsoft has released security patches for 49 vulnerabilities as part of the January 2020 Patch Tuesday. Out of these 7 have been rated as ‘Critical’ on CVSS score. By far, one of the most notable vulnerabilities is a flaw that was first reported by the National Security Agency (NSA).Read More
  • Google Plans to Nix Third-party Tracking Cookies
    Google announced that it has made progress in phasing-out third-party cookies on its search website in an effort to boost privacy. The use of cookies to track where people go, what they do, and what they buy online was always a focus of many privacy activists. The online giant, however, said its "Sandbox" program would still assist advertisers in delivering targeted messages.Read More
  • Google Researchers Publish Technical Details of Critical iMessage Vulnerability
    Google Project Zero security researchers have published technical details on the critical iMessage vulnerability that was addressed last year. The vulnerability only affects the devices that are running iOS 12 or later versions. The security flaw has a CVSS score of 9.8.Read More
  • Nemty Ransomware Operators Threaten to Leak Data on Website
    Nemty ransomware actors have created a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom. Nemty attacks on network with a builder mode, which helps the actors create executables to target an entire network rather than individual systems. The ransomware operators expect that the victim companies are likely to pay a ransom if it costs them less overall.Read More
  • New Phishing Campaign Leverages Aging Reports to Target Businesses
    A hacker group called Ancient Tortoise was reportedly found targeting accounts receivable specialists for hoodwinking them into obtaining information on customers via aging reports.Read More
  • Scammers siphon off $2.3 million from Texas school district in three transactions
    Manor Independent School District (ISD) lost approximately $2.3 million in a phishing scam in three different fraudulent transactions. The scammers carried out the attacks in a variety of ways including disguised email addresses, phone numbers, fake links, etc. Located at a distance of about 15 miles from Austin, Texas, Manor ISD serves more than 9,600 students.Read More
  • These subject lines are the most clicked for phishing
    Research for the report was gathered through an examination of thousands of email subject lines from simulated phishing tests. KnowBe4 also reviewed "in-the-wild" email subject lines, which added previously received email as an additional incentive to open, as well as company emails reported to IT departments as suspicious. Top 10 most-clicked phishing using general email subjects The above email subject lines are a combination of both simulated phishing templates KnowBe4 created and custom tests from their customers. The "in-the-wild" email subject lines were gathered from actual user emails, which were then reported to their company IT department. Email users "should be especially cautious if an email seems too good to be true, such as a giveaway," Sjouwerman said.Read More
  • Airbus researcher explores ‘Stuxnet-type attack’ for security training
    In a new study to improve security, a researcher at the cybersecurity subsidiary of European planemaker Airbus describes how he designed a program to execute code in a “Stuxnet-type attack” on a programmable logic controller (PLC), the ruggedized computers that monitor and control industrial systems like pumps, circuit breakers and valves. Familiar tactics, different target Airbus’s Flavian Dola was able to use one of Stuxnet’s tricks: replace a file running on the PLC with his own malicious code, and then use that to hook together functions in PLC communications to execute the code. (Dola had physical access to the PLC, whereas the Stuxnet attackers had to use portable media to get their malware onto an engineering workstation, and eventually, the PLCs at Natanz). Given the right conditions, “implementing Stuxnet-type attacks on PLCs from other manufacturers is possible,” Dola concluded. Although he conducted his attack on an older version of the Schneider Electric PLC’s software, the PLC itself is still used at industrial facilities.Read More
  • South Carolina Campus to House National Guard Cyberfacility
    (TNS) — A South Carolina National Guard cybersecurity facility is slated for USC Aiken in Gov. "I am thrilled to hear the governor has recommended $15 million for the National Guard's DreamPort Collaborative, which will be located on the campus of USC Aiken," Aiken Mayor Rick Osbon, said in the release. "The City of Aiken is glad to be able to assist the National Guard as it continues to protect our security in the cyber domain. In the facility, classified and unclassified environments will allow experts to solve some pressing challenges in the cyber realm, as well as utilize the S.C. National Guard's cyber security expertise to benefit the state. "We are grateful for the support of Aiken and Aiken County's leadership and our local legislative delegation serving in the statehouse who are aware of the state's cyber needs and the threats that continue to emerge on a daily basis, and thus, have supported this unique initiative and worked to ensure it was part of the governor's budget," Jordan said in the release.Read More
  • FDIC, OCC issue cybersecurity bulletin amid 'heightened' global risk
    WASHINGTON — Federal banking regulators issued a cybersecurity warning to financial institutions late Thursday, citing a "heightened risk" environment amid global tensions. "Implementing and maintaining effective cybersecurity controls is critical to protecting financial institutions from malicious activity, especially in periods of heightened risk," the Federal Deposit Insurance Corp. and Office of the Comptroller of the Currency said in a joint bulletin. The news bulletin did not mention Iran by name, but the Department of Homeland Security warned U.S. businesses last week to expect heightened risk of cyber attack after a U.S. military strike killed senior Iranian military commander Qassem Soleimani. Some security experts also have warned that Iranian hackers may go after U.S. targets, including financial services companies, in retaliation for the Soleimani assassination on Jan. 3.And just this week, the Federal Reserve Bank of New York warned that a major cybersecurity attack could cripple the U.S. financial system in a "pre-mortem" analysis of the industry's vulnerability.Read More
  • FBI: Nation-State Actors Have Breached Two US Municipalities
    The hacks took place after attackers used the CVE-2019-0604 vulnerability in Microsoft SharePoint servers to breach the two municiplities' networks. An unpatched SharePoint server was utilized to gain access to a US municipality's network, steal the Active Directory (AD) database, compromise administrative credentials, and drop webshells for remote/backdoor access to the compromised servers. Both cybersecurity agencies reported seeing attackers take over SharePoint servers to plant a version of the China Chopper web shell, a type of malware installed on servers that allows hackers to control hacked (SharePoint) servers. Throughout the year, attacks using this bug only intensified, as various hacking groups began realizing this a vulnerability that was both easy to exploit, there were plenty of companies that had failed to patch, and attacks usually yielded access to lots of high-value corporate targets.Read More
  • The Army’s cyber school now teaches information operations
    As Army Cyber Command looks to focus on the information warfare environment, the Army’s Cyber Center of Excellence in Georgia has started training cyber and electronic warfare personnel on the specifics of information operations. “We’ve been thinking about it for many months now, about how we’re going to integrate what is going on in information operations with what’s going on with both running, defending and doing cyberspace operations and electronic warfare,” Col. Paul Craft, commandant of the cyber school at Fort Gordon, told reporters during a phone call Jan 15. Leaders at Army Cyber Command have repeatedly said they would like to change the name and focus of the organization to reflect a greater emphasis on information warfare. “The Cyber Center of Excellence is leading a force modernization proponency for operations in the information environment,” Todd Boudreau, deputy commandant at the cyber school, told reporters. Much of the curriculum is coming directly from lessons learned from the operational force, Craft said, and includes a mixture of cyberspace operations, electronic warfare and information operations.Read More
  • Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor
    127.0.0.2 - - [12/Jan/2020:21:55:19 -0500] "POST /vpn/../vpns/portal/scripts/newbm.pl HTTP/1.1" 304 - "-" "curl/7.67.0" FireEye believes that actors deploy NOTROBIN to block exploitation of the CVE-2019-19781 vulnerability while maintaining backdoor access to compromised NetScaler devices. Figure 7: File handling listing of compromised NetScaler device NOTROBIN Efficacy During one engagement, FireEye reviewed forensic evidence of NetScaler exploitation attempts against a single device, both before and after NOTROBIN was deployed by an actor. 127.0.0.2 - - [13/Jan/2020:05:09:07 -0500] "GET /vpn/../vpns/portal/wTyaINaDVPaw8rmh.xml HTTP/1.1" 404 48 "-" "curl/7.47.0"Read More
  • FBI Vows To Warn More Election Officials If Discovering A Cyberattack
    ET The FBI says it plans to warn state and local election officials if it discovers cyberattacks this year. If the FBI discovered that a cyberattack had successfully breached a local election system, the old policy meant the bureau would tell that county, for example, but not the state government. Now, the FBI says it plans to alert the top election official in the state in which a cyberattack occurred at roughly the same time as it alerts the county that was breached. "It is the intent of the FBI that this new policy will result in increased collaboration between all levels of government for the integrity and security of U.S. elections," the bureau said in a statement. "Federal, state, and local governments must work together to better detect and protect against cyber-attack," the secretaries of state said.Read More
  • Skyview Capital, LLC Acquires Fidelis Cybersecurity
    Fidelis Cybersecurity is a leading provider of Network Traffic Analysis and Digital Forensics and Incident Response solutions that enable enterprises and government organizations to detect, hunt and respond to advanced threats that evade traditional security solutions. Fidelis solutions are delivered as standalone network, endpoints and deception products, an integrated platform, or as a 24×7 Managed Detection and Response service that augments existing security operations, threat hunting and incident response capabilities. "We are excited to partner with Skyview Capital and benefit from their ability to help us take the Fidelis platform, which provides unmatched visibility and empowers security teams to rapidly respond to threats, into other markets. Darryl Smith, Skyview Capital's President of Global Portfolio Operations, said, "The Skyview Portfolio Operations team is working closely with the Fidelis team to ensure a smooth transition into Skyview's portfolio.Read More
  • 70,000 Tinder photos of women are being circulated in cybercrime forum
    BTW Members of a cybercrime forum are circulating a large cache of more than 70,000 photos of female Tinder users, Gizmodo reports. Metadata embedded in the images also show that some of the photos were uploaded to Tinder as recently as October 2019. A Tinder official told Gizmodo that the company will take whatever action is necessary to have the photos removed, though the data has already likely spread to countless parties online. “We know that this work is ever-evolving for the industry as a whole, and we are constantly identifying and implementing new best practices and measures to make it more difficult for anyone to commit a violation like this.” Aaron DeVera, who founded the taskforce that located the data, warns that the photos could be used by criminals and stalkers alike. “Dumps of data such as this typically attract fraudsters, who use it for making large collections of convincing fake accounts on other platforms,” DeVera said.Read More