Original release date: April 7, 2022
CISA’s Sharing Cyber Event Information Fact Sheet provides our stakeholders with clear guidance and information about what to share, who should share, and how to share information about unusual cyber incidents or activity.
CISA uses this information from partners to build a common understanding of how adversaries are targeting U.S. networks and critical infrastructure sectors. This information fills critical information gaps and allows CISA to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims. Click the fact sheet link to learn more and visit our Shields Up site for useful information.
Some things just never change – Developers do not view application security as a top priority, study finds
This is why we keeping have the breaches and cyber attacks over and over again. Developers just can be bothered to write secure code. Too hard, too different, too weird. Training may help alleviate some of these issues (doubt it, you have to want to change), along with clearer directives (threats up to and including termination?) by management.
Credit agency warns weak cybersecurity defenses could hurt a company’s credit rating, even before an attack
S&P Global Credit adds cybersecurity to list of risk factors for evaluating credit scores and will use NIST standards for the evaluation process.
When you search for Anti-Virus (AV) solutions to protect your mobile devices, you don’t expect these solutions to do the opposite i.e. make devices vulnerable to malware.
This what the Check Point Research (CPR) team encountered while analyzing suspicious applications found in Google Play. These applications pretended to be genuine AV solutions while in reality they downloaded and installed an Android Stealer called Sharkbot.
Sharkbot steals credentials and banking information. The malware implements a geofencing feature and evasion techniques that makes it stand out in the field. It also makes use of Domain Generation Algorithm (DGA), an aspect rarely used in the world of Android malware. Sharkbot lures victims to enter their credentials in windows that mimic benign credential input forms. When the user enters credentials in these windows, the compromised data is sent to a malicious server.
Sharkbot has a handful of tricks up its sleeve. It doesn’t target every potential victim it encounters, but only select ones, using the geofencing feature to identify and ignore users from China, India, Romania, Russia, Ukraine or Belarus. More including TTPs, IOCs, and screen shots…
A new Traffic Direction System (TDS) we are calling Parrot TDS, using tens of thousands of compromised websites, has emerged in recent months and is reaching users from around the world. The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites.
We identified several infected servers hosting phishing sites. These phishing sites, imitating, for example, a Microsoft office login page, were hosted on compromised servers in the form of PHP scripts. The figure below shows the aforementioned Microsoft phishing observed on an otherwise legitimate site. We don’t have enough information to assign this to Parrot TDS directly. However, a significant number of the compromised servers contained phishing as well.
Top Six Advantages of ZTNA Compared to Remote Access VPN
While VPN has long served us well, the surge in remote working has highlighted the limitations of this aging technology. As such, organizations are turning to Zero Trust Network Access (ZTNA) to address their remote access challenges.
To help you understand why, we’ve put together a ZTNA buyers guide where we explore:
- The challenges with remote access VPN
- How ZTNA works
- The top six advantages of ZTNA over VPN
- What to look for in a ZTNA solution
It also introduces Sophos ZTNA and how it delivers tangible real-world benefits to visibility, protection, and response.
From capital letters to punctuation and numbers, most sites require long and complex passwords to best protect user information. While the benefits of added security are understandable, trying to keep track of the complicated passwords used across dozens of websites and applications can be easier said than done. Studies estimate that the average business user has 191 passwords to keep straight.
For those who struggle to manage passwords across dozens of sites, a password manager can be an excellent investment. These programs are designed to manage security by creating strong passwords and keeping them organized, and both businesses and individuals alike can make use of the protections they offer. From safeguarding confidential corporate content to keeping personal banking logins secure, a password manager can be a very valuable tool. More…
Original release date: April 13, 2022
CISA, the Department of Energy (DOE), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), warning that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices using custom-made tools.
CISA encourages all critical infrastructure organizations to review joint CSA: APT Cyber Tools Targeting ICS/SCADA Devices and apply the recommended mitigations.