Security News > 2022 > June

A new feature in Microsoft Defender for Endpoint can make it more difficult for attackers to perform lateral movement within company networks, as it allows admins to prevent traffic flowing to and from unmanaged devices that have been compromised. "While devices enrolled in Microsoft Defender for Endpoint can be isolated to prevent bad actors from compromising other devices, responding to a compromised device not enrolled in Microsoft Defender for Endpoint can be a challenge for organizations today," noted Yossi Basha, Principal Product Manager, M365 Defender at Microsoft.

Canonical released data from a survey revealing the goals, benefits, and challenges of cloud-native technologies. The report has surveyed more than 1,300 IT professionals over the last year about their usage of Kubernetes, bare metal, VMs, containers, and serverless applications.

"The new malware is a.NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week. "The malware leverages a DNS attack technique called 'DNS Hijacking' in which an attacker-controlled DNS server manipulates the response of DNS queries and resolves them as per their malicious requirements."

A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds. "As of today, the main current objective of SeaFlower is to modify Web3 wallets with backdoor code that ultimately exfiltrates the seed phrase," Confiant's Taha Karim said in a technical deep-dive of the campaign.

Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts. "Unlike other ransomware groups, this ransomware family doesn't have an active leak site; instead it prefers to direct the impacted victim to negotiations through Tox chat and onion-based messenger instances," Daniel Bunce and Doel Santos, security researchers from Palo Alto Networks Unit 42, said in a new write-up.

In this video for Help Net Security, Ravi Srinivasan, CEO of Votiro, discusses ThoughtLab's 2022 cybersecurity benchmarking study, Cybersecurity Solutions for a Riskier World. The research revealed that the pandemic has brought cybersecurity to a critical inflection point.

What makes these attacks so interesting is how they are executed: unlike a traditional "Hack," an API attack doesn't hinge on there being something wrong with the API. Rather, attackers can legitimately use the way an API functions against it and can simply find out if it hasn't been developed securely through standard interaction. In some cases, the data used by the API has no user validation and is accessible to the public, while in other cases error messages return too much information, providing the attacker with more information on how to abuse the API. Defending against BOLA attacks requires the validation of all user privileges for all functions across the API. API authorization should be well defined in the API specification and random/unpredictable IDs.

Netacea released its report into how businesses are dealing with bot attacks. Bot owners are shifting their tactics, with 60% of businesses detecting attacks on APIs and 39% detecting attacks on mobile apps.

BPFDoor isn't new to the cyberattack game - in fact, it's gone undetected for years - but PwC researchers discovered the piece of malware in 2021. BPFDoor is a piece of malware associated with China-based threat actor Red Menshen that has hit mostly Linux operating systems.

A Thales report, conducted by 451 Research, reveals that 45% of businesses have experienced a cloud-based data breach or failed audit in the past 12 months, up 5% from the previous year, raising even greater concerns regarding to protecting sensitive data from cybercriminals. Despite their increasing prevalence and use, businesses share common concerns about the increasing complexity of cloud services with 51% of IT professionals agreeing that it is more complex to manage privacy and data protection in the cloud.