Security News > 2022 > July

A threat actor associated with the LockBit 3.0 ransomware operation is abusing the Windows Defender command line tool to load Cobalt Strike beacons on compromised systems and evade detection by security software. Security solutions have become better at detecting Cobalt Strike beacons, causing threat actors to look for innovative ways to deploy the toolkit.

A threat actor associated with the LockBit 3.0 ransomware operation is abusing the Windows Defender command line tool to load Cobalt Strike beacons on compromised systems and evade detection by security software. Security solutions have become better at detecting Cobalt Strike beacons, causing threat actors to look for innovative ways to deploy the toolkit.

Microsoft is testing a new multi-app kiosk mode lockdown feature for IT admins in the latest Windows 11 Insider Preview build released to the Dev Channel. "Multi-app kiosk mode is a lockdown feature for Windows 11 that allows an IT administrator to select a set of allowable apps to run on the device, while all other functionalities are blocked," Windows Insider team members Amanda Langowski and Brandon LeBlanc said.

Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics. "On July 26, 2022, Microsoft researchers discovered the FakeUpdates malware being delivered via existing Raspberry Robin infections," Microsoft revealed Thursday.

The rise of machine identities is creating cybersecurity debt, and increasing security risks. Let's take a look at three of the top security risks which machine identities create - and how you can combat them.

Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563, the "Vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the credentials in a new request towards the camera," Nozomi Networks said in a Thursday report.

Threat actors are switching to email attachments using Windows Shortcut files and container file formats instead. The popularity decline of malicious macros. The beginning of the decreasing popularity of malicious macro-enabled files can be traced back to Microsoft's announcement in late 2021 of its intention to disable Excel 4.0 XLM macros in Microsoft 365 by default.

A Panaseer survey of global insurers across the UK and US found that 82% are expecting the rise in premiums to continue, with 74% of insurers agreeing that their inability to accurately understand a customer's security posture is impacting price increases. This Help Net Security video highlights how the increasing cost of ransomware affects global insurers.

The popularity of stolen data bazaar BreachForums surged after it was used to sell a giant database of stolen information describing Chinese citizens, threat intelligence firm Cybersixgill said on Thursday. The number of leaks posted on BreachForums increased - from an average of 14 a month to 52 per month - following the posting of the infamous billion-record Shanghai National Police database in early July, reported Cybersixgill.

The costs incurred by organizations suffering data losses continue to go up, and 60 percent of companies surveyed by IBM said they were passing them onto customers. Almost 50 percent of the costs of a breach are incurred more than a year after the incident, IBM found.