A quick Saturday digest of cybersecurity news articles from other sources.
Microsoft Reports Cyberattacks on Targeted Email Accounts
Original release date: October 4, 2019
The Microsoft Threat Intelligence Center (MSTIC) has released a blog post describing an increase in malicious cyber activity from the Iranian group known as Phosphorus. These threat actors are exploiting password reset or account recovery features to take control of targeted email accounts.
In a 30-day period between August and September, the Microsoft Threat Intelligence Center (MSTIC) observed Phosphorus making more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers and then attack 241 of those accounts. The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran. Four accounts were compromised as a result of these attempts; these four accounts were not associated with the U.S. presidential campaign or current and former U.S. government officials. Microsoft has notified the customers related to these investigations and threats and has worked as requested with those whose accounts were compromised to secure them.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the Microsoft blog for additional information and recommendations and CISA’s Tip on Supplementing Passwords.
Server-squashing zero-day published for phpMyAdmin tool
A researcher has just published a zero-day security bug in one of the web’s most popular database administration software packages.
New Guide: Implementing a Zero-Trust Approach to Network Security
Designating users as being internal or external is becoming meaningless because of the increasing deprecations of the perimeter and the growing number of users with legitimate reasons to access network resources.
Using a zero-trust approach to network security means there is no need to differentiate between the two types of threat; every potential threat is treated in the same way.
Canadian Centre for Cyber Security Releases Advisory on New Ransomware Campaign
Original release date: September 25, 2019
The Canadian Centre for Cyber Security (CCCS) has released an advisory on a new ransomware campaign. The malware, named TFlower, may infect users via exposed, unpatched Remote Desktop Protocol (RDP) services.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review CCCS’s TFlower Ransomware Campaign Advisory for recommended mitigations and refer to CISA’s resource page on ransomware for more information on protecting against ransomware.
Cloudflare adds VPN features to 1.1.1.1 privacy app
As promised in April, Cloudflare has finally launched Warp, a consumer mobile privacy app that looks a lot like a VPN without actually being one.
Share
OCT
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com