Security News > 2022 > July

The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. What's changed in the newer iterations is the use of cloud services like Dropbox and Google Drive to conceal their actions and retrieve additional malware into target environments.

Passwork aims to enable efficient and secure working processes through the automated management of passwords and corporate accounts. Manage corporate accounts and passwords from a central point, via a smart and intuitive interface;.

This new research reveals that several popular business web applications have failed to implement critical password and authentication requirements to protect customers. Specops' analysis found inadequate password and authentication requirements that could leave customers vulnerable, including allowing users to set weak and breached passwords, often with little or no strong authentication in place.

The government of Belgium has claimed it detected three Chinese Advanced Persistent Threat actors attacking its public service and defence forces. A government statement names Advanced Persistent Threat 27, 30, and 31 - aka UNSC 2814, GALLIUM, and SOFTCELL - as the groups responsible for the attacks.

Beating these criminals means staying one step ahead and using the most comprehensive and responsive vulnerability detection support you can. A vulnerability scanner checks your systems for security flaws that can be used to steal data or sensitive information or generally cause disruption to your business.

At a time when enterprises are increasingly banking on digital ecosystems for their growth strategies, TCS' survey shows that only 16% of chief risk officers and chief information security officers ranked digital ecosystems as a concern when assessing expected cyber targets, and only 14% listed the risks from such ecosystems as the top priority arising out of board-level discussions. "Companies across the globe are increasingly turning to digital ecosystems of partners, vendors, and even competitors to reimagine and grow their business. Ignoring the threats originating from these ecosystems represents a blind spot which needs to be addressed urgently," said Santha Subramoni, Global Head, Cybersecurity, TCS. "One way of reducing the probability of an attack within digital supply chains is to implement a 'zero trust' policy-a framework based on the principle of 'never trust, always verify,' applied not only to humans but also machines."

A handful of vulnerabilities, some critical, in MiCODUS GPS tracker devices could allow criminals to disrupt fleet operations and spy on routes, or even remotely control or cut off fuel to vehicles, according to CISA. And there's no fixes for these security flaws. "Successful exploitation of these vulnerabilities could allow an attacker control over any MV720 GPS tracker, granting access to location, routes, fuel cutoff commands, and the disarming of various features," the US government agency warned in an advisory posted Tuesday.

A cryptomining gang known as 8220 Gang has been exploiting Linux and cloud app vulnerabilities to grow their botnet to more than 30,000 infected hosts. The group is a low-skilled, financially-motivated actor that infects AWS, Azure, GCP, Alitun, and QCloud hosts after targeting publicly available systems running vulnerable versions of Docker, Redis, Confluence, and Apache.

Knauf is a German-based multinational building and construction materials producer that holds approximately 81% of the world's wallboard market. Notably, Knauf Insulation has also posted a notice about the cyberattack on its site, so that entity has been impacted too.

A number of companies pledged to do their parts to help assuage the shortage of cybersecurity professionals during the White House National Cyber Workforce and Education Summit on Tuesday. "The summit's goal was to"raise the bar on cybersecurity through greater awareness, education and training,'' the White House said in a statement.