Security News > 2020 > June

Attackers are impersonating human resource employees from Collins Aerospace and General Dynamics in a spear-phishing campaign leveraging LinkedIn's messaging service. "To operate under the radar, the attackers frequently recompiled their malware, abused native Windows utilities and impersonated legitimate software and companies. To our knowledge, the custom malware used in Operation In(ter)ception hasn't been previously documented."

Amnesty International warned Tuesday that contact-tracing technology developed to contain the novel coronavirus threatens users' privacy, highlighting Bahraini, Kuwaiti and Norwegian apps as "Among the most dangerous". Detailed technical analysis of 11 such apps around the world showed that Bahrain, Kuwait and Norway's offerings were "Carrying out live or near-live tracking of users' locations", the rights group said.

Dropbox unveiled several new features to help users keep life organized and keep work moving. Dropbox is introducing new Dropbox Plus features to help users better manage personal life essentials.

Infosec pros and hackers regularly abuse cloud service providers to conduct reconnaissance and attacks, despite efforts by cloud providers to limit such activity. Of the 75 security professionals and hackers they spoke with as a part of a larger examination of attacker psychology, more than 93 per cent admitted to abusing cloud services to create attack environments and launch attacks.

The recent attack which saw Norway's state-owned investment fund, Norfund, lose an eye-watering USD 10 million was down to a simple but devastatingly effective tactic used by cybercriminals: a spoofed email address. These attacks, known as business email compromise work because they prey on human nature, the innate psychological traits shared by everyone.

Cybersecurity researchers today took the wraps off a new sophisticated cyber-espionage campaign directed against aerospace and military organizations in Europe and the Middle East with an aim to spy on key employees of the targeted firms and, in some case, even to siphon money. Social Engineering via LinkedIn Stating that the campaign was highly targeted, ESET said it relied on social engineering tricks to lure employees working for the chosen companies with fake job offers using LinkedIn's messaging feature, posing as HR managers of well-known companies in the aerospace and defense industry, including Collins Aerospace and General Dynamics.

The Department of Homeland Security and CISA ICS-CERT today issued a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting billions of Internet-connected devices manufactured by many vendors across the globe. According to Israeli cybersecurity company JSOF-who discovered these flaws-the affected devices are in use across various industries, ranging from home/consumer devices to medical, healthcare, data centers, enterprises, telecom, oil, gas, nuclear, transportation, and many others across critical infrastructure.

No financial firm is ever safe, especially as cybercriminals become more determined and sophisticated in their attack methods. Cybercriminals often work to exploit fear and uncertainty during major world events by launching cyber attacks, and the pandemic is no exception.

Exabeam's 2020 State of the SOC Report reveals that 82% of SOCs are confident in the ability to detect cyberthreats, despite just 22% of frontline workers tracking mean time to detection, which helps determine hacker dwell time. Compounding this unfounded confidence, 39% of organizations still struggle with SOC staff shortages and finding qualified people to fill the cybersecurity skills gap.

As millions of employees continue to work from home for the foreseeable future and in some cases perhaps indefinitely, balancing the ongoing demands of employee productivity and information security will be paramount. When the pandemic first hit, IT departments responded quickly with what one IT analyst called the "Remote Lite" approach-just get staff the basic equipment they need to work from home as efficiently as possible.