Security News > 2021 > January
A researcher has launched Malvuln, a project that catalogues vulnerabilities discovered in malware and provides information on how those vulnerabilities can be exploited. The Malvuln website currently has 26 entries describing remotely exploitable buffer overflow vulnerabilities and privilege escalation flaws related to insecure permissions.
We all know that our cell phones constantly give our location away to our mobile network operators; that's how they work. "Pretty Good Phone Privacy" protects both user identity and user location using the existing cellular networks.
The National Security Agency on Wednesday published guidance for businesses on the adoption of an encrypted domain name system protocol, specifically DNS over HTTPS. Designed to translate the domain names included in URLs into IP addresses, for an easier navigation of the Internet, DNS has become a popular attack vector, mainly because requests and responses are transmitted in plaintext. "Using DoH with external resolvers can be good for home or mobile users and networks that do not use DNS security controls. For enterprise networks NSA recommends using only designated enterprise DNS resolvers in order to properly leverage essential enterprise cybersecurity defenses, facilitate access to local network resources, and protect internal network information," the NSA notes.
Find out what your company could risk by not getting cybersecurity audits. Steven Wertheim, president of SonMax Consultants, in his CPA Journal article Auditing for Cybersecurity Risk makes a strong case that auditing should be a part of every cybersecurity defense program.
The Scottish Environment Protection Agency confirmed on Thursday that some of its contact center, internal systems, processes and internal communications were affected following a ransomware attack that took place on Christmas Eve. "SEPA confirms ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds," the agency said.
Signal users are currently experiencing issues around the world, with users unable to send and receive messages. When attempting to send messages via Signal, users are seeing loading screen and error message "502".
Microsoft today warned admins that updates addressing the Windows Zerologon vulnerability will transition into the enforcement phase starting next month. "DC enforcement mode requires that all Windows and non-Windows devices use secure RPC with Netlogon secure channel unless customers have explicitly allowed the account to be vulnerable by adding an exception for the non-compliant device."
More than 40 scammer groups are actively engaged in schemes leveraging a scam-as-a-service offering that provides users the tools and resources needed to conduct fraud, according to threat hunting and intelligence company Group-IB. The automated scam service has been named Classiscam by Group-IB and it's meant to help cybercriminals steal money and payment data from unsuspecting victims, through the use of fake pages mimicking those of legitimate classifieds, marketplaces and delivery services. Simple and straightforward, the scheme has gained a lot of popularity, with over 5,000 scammers registered in the 40 most popular Telegram chats by the end of 2020.
These bots work to expose and take advantage of vulnerabilities at a rapid pace, stealing critical personal and financial data, scraping intellectual property, installing malware, contributing to DDoS attacks, distorting web analytics and damaging SEO. Luckily, tools, approaches, solutions and best practices exist to help companies combat these malicious bots, but cybercriminals have not been resting on their laurels and are constantly working on ways to bypass the protections used to block bot activity. It is important to regularly review what tactics you are using to combat bot traffic and analyze your success rate, as this process will help you understand whether your mitigation approach has already been figured out and worked around by cybercriminals.
In the aftermath of the SolarWinds hack, a better understanding of third-party hacks in any update that you provide to your colleagues, bosses, and even the board of directors may be warranted. Any such update that you provide on SolarWinds should certainly cover whether or not your organization is one of the 300,000 SolarWinds customers and whether or not you were one of the 18,000 or so that were using the specific version of Orion that was hacked.