Security News > 2022 > May

The Computer Emergency Response Team of Ukraine has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The mass email campaign carries the subject line "Chemical attack" and contains a link to a macro-enabled Microsoft Excel file, opening which leads to computers getting infected with Jester Stealer.

Hardware attacks are becoming more and more sophisticated. Security increasingly supported in hardware - Mistakes can introduce severe vulnerabilities.

A recent Imperva report found only 18 percent prioritized spend on a dedicated insider threat program compared to 25 percent focused on external threat intelligence. In addition to getting people onboard and policies in place, the business will need to inventory its data and locate data sources, determine how it will monitor behaviors, adapt the training program, and carry out investigations as well as how the ITP itself will be assessed on a regular basis.

The Resecurity HUNTER unit identified a new underground service called "Frappo", which is available on the Dark Web. "Frappo" acts as a Phishing-as-a-Service and enables cybercriminals to host and generate high-quality phishing pages which impersonate major online banking, e-commerce, popular retailers, and online services to steal customer data.

Microsoft on Monday disclosed that it mitigated a security flaw affecting Azure Synapse and Azure Data Factory that, if successfully exploited, could result in remote code execution. "The vulnerability was specific to the third-party Open Database Connectivity driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime and did not impact Azure Synapse as a whole," the company said.

Opposition is building to India's recently introduced rules on reporting computer security breaches, which have come under fire for being impractical, ineffective, and impinging on privacy. Concern about the rules has been voiced within and outside India, the latter typified by global tech lobby group the Information Technology Industry Council sending CERT-In a letter [PDF] that suggests the six-hour reporting requirement is not feasible, and is also not aligned with global best practice of 72-hour reporting.

Dubbed as Dark Crystal RAT, the malware is being peddled online to hackers in Russian by a lone rookie malware writer with a penchant for cut-rate pricing. "DCRat is one of the cheapest commercial RATs we've ever come across. The price for this backdoor starts at for a two-month subscription, and occasionally dips even lower during special promotions," according to BlackBerry researchers who published their findings on Monday.

Over the past several years, we have seen more and more examples of vulnerabilities in cloud assets, cloud service provider outages, sensitive data disclosure, and breaches involving the use of public cloud environments. The 2021 Data Breach Investigations Report from Verizon, released in the second quarter of 2021, noted that compromised external cloud assets were more common than on premises assets in both incidents and breaches.

You've probably encountered numerous threat intelligence reports outlining top attack campaigns in the past year. These reports are helpful in that they provide insight into common attacker behaviors and methods, but most of them fail to help you to apply this insight or include examples of the mitigation steps taken by defenders.

Organizations with investments in Azure are naturally looking to integrate Azure Sentinel and customize it for their specific needs. Those with complex, hybrid environments or with large volumes of data and legacy technology stacks find it difficult to focus more of their time on enabling Azure Sentinel's advanced capabilities, to provide more proactive, measurable threat management.