Security News > 2022 > August

Meta first reported the new Android malware in its Q2 2022 adversarial threat report, where they briefly mentioned its data-stealing, geo-locating, and microphone-activation capabilities. While Meta mentions laced versions of Telegram, WhatsApp, and YouTube, Cyble's investigation only uncovered a trojanized version of the Signal messaging app.

Microsoft has warned that Windows devices with the newest supported processors might be susceptible to data damage, noting the initial fix might have slowed operations down for some. It's a bit awkward since Microsoft insisted that its infamous hardware compatibility list for Windows 11 was about CPU security and experience, but here we are.

Resecurity identified threat actors leveraging open redirect vulnerabilities in online services and apps to bypass spam filters to ultimately deliver phishing content. The spike of LogoKit was been identified around the beginning of August, when multiple new domain names impersonating popular services had been registered and leveraged together with open redirects.

TL;DR: As weird as it might sound, seeing a few false positives reported by a security scanner is probably a good sign and certainly better than seeing none. Ask the security team behind any SIEM what their biggest operational challenge is, and chances are that false positives will be mentioned.

Hive, LockBit and BlackCat, three prominent ransomware gangs, consecutively attacked the same network, according to Sophos. "Multiple attackers create a whole new level of complexity for recovery, particularly when network files are triple encrypted. Cybersecurity that includes prevention, detection and response is critical for organizations of any size and type-no business is immune."

Cloud communications company Twilio has announced that some of it employees have been phished and that the attackers used the stolen credentials to gain access to some internal company systems and customer data.Apparently, Twilio employees were not the only ones targeted by these attackers.

Cybercrime is being supercharged through "Plug and play" malware kits that make it easier than ever to launch attacks. Cyber syndicates are collaborating with amateur attackers to target businesses, putting our online world at risk.

Driven by security operations complexity, 46% of organizations are consolidating or plan on consolidating the number of vendors they do business with. As a result of this drive toward security technology consolidation, 77% of infosec pros would like to see more industry cooperation and support for open standards promoting interoperability, according to ISSA and ESG. This Help Net Security video highlights how organizations push their security vendors to adopt open industry standards.

What's notable about this campaign is its heavy reliance on Telegram bots and chats to coordinate operations and create phishing and scam pages. When a potential victim contacts the seller through the online storefront, the Classiscam operator deceives the target into continuing the chat on a third-party messaging service like WhatsApp or Viber before sending a link to a rogue payment page to complete the transaction.

SMBs should focus on their attack surface and work on reducing it to the bare minimum required to operate their business. Understanding your attack surface is key to understanding what you are defending and how.