Security News > 2021 > September

Audit functions that fail to adapt well to hybrid auditing risk a loss of effectiveness and influence at a time when real-time assurance has never been more vital to the wider organization, according to Gartner. With hybrid audit engagements here to stay for the foreseeable future, audit leaders must ensure audit processes are still effective and staff remain engaged.

End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France. The Switzerland-based company said it received a "Legally binding order from the Swiss Federal Department of Justice" related to a collective called Youth for Climate, which it was "Obligated to comply with," compelling it to handover the IP address and information related to the type of device used by the group to access the ProtonMail account.

An ongoing campaign has been found to leverage a network of websites acting as a "Dropper as a service" to deliver a bundle of malware payloads to victims looking for "Cracked" versions of popular business and consumer applications. The attacks work by taking advantage of a number of bait pages hosted on WordPress that contain "Download" links to software packages, which, when clicked, redirect the victims to a different website that delivers potentially unwanted browser plug-ins and malware, such as installers for Raccoon Stealer, Stop ransomware, the Glupteba backdoor, and a variety of malicious cryptocurrency miners that masquerade as antivirus solutions.

Perry rediscovered this risk recently, when he decided to use a popular NPM package called Proxy-Agent to provide the proxy support he wanted in his HTTP Toolkit product. Numerous corporate-style tools exist to help computers on a network locate their official internal proxies automatically, including PAC, short for proxy auto-configuration, and WPAD, short for web proxy auto-discovery.

Incident responders and blue teams have a new tool called Chainsaw that speeds up searching through Windows event log records to identify threats. Windows event logs are a ledger of the system's activities, comprising details about applications and user logins.

Tony Lauro, director of security technology and strategy at Akamai, discusses how to disrupt account takeovers in the exploitation phase of an attack. In these last two stages, attackers put the bots aside, roll up their sleeves and take a manual approach to try and compromise individual accounts.

An alleged Russian developer for the notorious TrickBot malware gang was arrested in South Korea after attempting to leave the country. The TrickBot cybercrime group is responsible for a variety of sophisticated malware targeting Windows and Linux devices to gain access to victim's networks, steal data, and deploy other malware, such as ransomware.

The Jenkins team issued a reminder over the weekend that one should keep one's systems patched as it found itself with a compromised Confluence service. Although the affected instance of Confluence integrated with the company's identity system, the group said: "At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected."

Netgear has released firmware updates for more than a dozen of its smart switches used on corporate networks to address high-severity vulnerabilities. The company fixed three security flaw that affect 20 Netgear products, mostly smart switches.

I thought how many "Variants" of Loki are online-albeit less charismatic-trying to pull off fraudulent tricks to bilk victims out of money or identity information. The tricks are getting more unique as the related tools grow more complex and widely available.