You are here

Home » Cybersecurity

Cybersecurity

Six Steps to Go Passwordless at Your Organization

While still the most popular method of authentication, passwords suffer significant drawbacks in terms of security and cost as we continue to struggle at creating less crackable ones. Dark Reading has written a piece describing six steps organizations can take to transition to passwordless authentication methods to help reduce the reliance on humans to create strong enough passwords to reduce the occurrence of information and data leaks. First, passwordless programs must start small, instead of attempting to switch the entire organization over at once.

Research Shows BEC Attacks Increased by 84% Between First and Second Half of 2021

Abnormal Security released a blog post on its research into BEC trends, which details the significant rise they’ve observed in BEC attacks between the first and second halves of 2021. Between July and December 2021, 84% more Abnormal customers’ inboxes were targeted by BEC lures, though the tactic itself stayed relatively uncommon, hitting less than one out of one thousand inboxes.

Threat Awareness – Qbot/Qakbot Changes Delivery Tactics

Security researchers have observed the Qbot/Qakbot botnet distributing malware payloads via a new delivery method. The technique involves sending a phishing email that includes a password-protected ZIP archive attachment containing malicious MSI Windows Installer packages. Qakbot, which WaterISAC has reported on numerous times, is a highly modular malware used for many malign activities such as credential harvesting and dropping ransomware.

Another One for the Good Guys – U.S. Government Disrupts Russian Cyclops Blink Botnet Prior to it Being Deployed

Yesterday, the Department of Justice (DOJ) announced the disruption of the Cyclops Blink botnet before it could be used for malicious activity. The malware, dubbed Cyclops Blink, targets WatchGuard Firebox firewall appliances and multiple ASUS router models and has reportedly been operated by the Russian-backed Sandworm group since at least June 2019. Cyclops Blink allows threat actors to establish persistence on a device via firmware updates, providing remote access to compromised networks. The malware is modular allowing it to be easily upgraded to target new systems.

Endpoint Security Continues to Be Essential as Remote Work becomes New Normal

Security Intelligence has posted a blog discussing the continued prevalence of remote work and detailing the various components of endpoint security that cybersecurity professionals should be aware of as they mature their endpoint protections to meet this new security landscape. The author reviews over a dozen concerns that network defenders should consider in order to have a truly robust defense, from VPNs to EDR solutions.

Security Updates Addressing "Spring4Shell" and Spring Cloud Function Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory on the release of Spring updates that address the remote code execution (RCE) vulnerability CVE-2022-22965, also known as “Spring4Shell.” Cloud Function versions 3.1.7 and 3.2.3 and Spring Framework versions 5.3.18 and 5.2.20 are available on the Spring by VMWare blog.

Threat Awareness – Borat RAT Malware

Security researchers have identified a new remote access trojan (RAT) malware, dubbed Borat, available on criminal marketplaces which allows threat actors to deploy ransomware, conduct DDoS attacks, user account control (UAC) bypass, and more. It is unknown if Borat is sold or shared for free among cyber criminals, but researchers note the malware is distributed as a highly modular comprehensive package allowing criminals to mix and match technical exploits that can be tailored for targeted attacks.

Pages

Subscribe to Cybersecurity