Security News > 2022 > October

Presented in the form of a fictional narrative involving a breach at a company, the book tracks the actions of the company's new IT Security Director. The world's most infamous hacker offers an insider's view of the low-tech threats to high-tech security.

The CIS Critical Security Controls are a prioritized set of safeguards to mitigate cyber-attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks.

Digital transformation requires far-reaching and innovative business solutions, frequently tailormade. Perhaps the foremost challenge is identity - a vital foundational step in any security apparatus, and a critical component for the creation of a smooth and seamless customer experience.

Hard-to-control collaboration, complex SaaS permissions, and risky misconfigurations - such as admin accounts without multi-factor authentication - have left a dangerous amount of cloud data exposed to insider threats and cyberattacks, according to Varonis. For the report, researchers analyzed nearly 10 billion cloud objects across a random sample of data risk assessments performed at more than 700 companies worldwide.

Hotel chain Shangri-La Group has admitted to its systems being attacked, and personal data describing guests accessed by unknown parties, over a timeframe that includes the dates on which a high-level international defence conference was staged at one of its Singapore properties. "Shangri-La Group recently discovered unauthorized activities on our IT network," states a notice from the chain that goes on to reveal that "Between May and July 2022, a sophisticated threat actor managed to bypass Shangri-La's IT security monitoring systems undetected, and illegally accessed. guest databases".

The U.S. Government today released an alert about state-backed hackers using a custom CovalentStealer malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base sector. The hackers combined custom malware called CovalentStealer, the open-source Impacket collection of Python classes, the HyperBro remote access trojan, and well over a dozen ChinaChopper webshell samples.

The U.S. Government today released an alert about state-backed hackers using a custom 'CovalentStealer' malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base sector. The hackers combined custom malware called CovalentStealer, the open-source Impacket collection of Python classes, the HyperBro remote access trojan, and well over a dozen ChinaChopper webshell samples.

They are also required to update all vulnerability detection signatures "At an interval no greater than 24 hours from the last vendor-released signature update." CISA now has six months to publish requirements for agencies that need to provide this machine-level vulnerability enumeration performance data. Once CISA has published these requirements, the agencies must, at regular intervals, upload vulnerability data to a central continuous diagnostics and mitigation dashboard.

Former Netwalker ransomware affiliate Sebastien Vachon-Desjardins has been sentenced to 20 years in prison and demanded to forfeit $21.5 million for his attacks on a Tampa company and other entities.Vachon-Desjardins, a 34 Canadian man extradited from Quebec, was sentenced today in a Florida court after pleading guilty to 'Conspiracy to commit Computer Fraud', 'Conspiracy to Commit Wire Fraud', 'Intentional Damage to Protected Computer,' and 'Transmitting a Demand in Relation to Damaging a Protected Computer.

In this case, we're referring to Elvis Eghosa Ogiekpolor, jailed for 25 years in Atlanta, Georgia for running a cybercrime group that scammed close to $10,000,000 in uunder two years from individuals and business caught up in so-called romance and BEC scams. BEC is short for business email compromise, an umbrella term for a form of online scam in which the attackers acquire login access to email accounts inside a company, so that the fraudulent emails they send don't just seem to come from the company they're attacking, but actually do come from there.