Security News > 2023 > February

The survey found somewhat muted faith in current safety measures, with the 51% saying they are only "Somewhat prepared," 39% feel "Very prepared," 6% feel they are not at all prepared in their overall cyber defense strategies, and 4% are unsure. The survey points to the need for ever-increasing vigilance via employee training and awareness, along with continued investment in system upgrades and staff.

The study also found that 50 percent of organizations have indirect relationships with at least 200 breached fourth-party vendors in the last two years. The study, which analyzed data from over 235,000 organizations across the globe and more than 73,000 vendors and products used by them directly or used by their vendors, offers an in-depth examination of how the interdependence of modern digital supply chains impacts organizational cyber risk exposure.

New stealthy malware designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021 to build a botnet that mines for Monero cryptocurrency. "This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers," the researchers said.

Google sweetened the potential pot to $30,000 for bug hunters in its open source OSS-Fuzz code testing project. On Wednesday, Google increased bounties for fuzzing coverage projects, and added rewards for some FuzzBench integrations.

The LockBit ransomware gang has again started using encryptors based on other operations, this time switching to one based on the leaked source code for the Conti ransomware. This week, cybersecurity collective VX-Underground first reported that the ransomware gang is now using a new encryptor named 'LockBit Green,' based on the leaked source code of the now-disbanded Conti gang.

A threat actor named InTheBox is promoting on Russian cybercrime forums an inventory of 1,894 web injects for stealing credentials and sensitive data from banking, cryptocurrency exchange, and e-commerce apps. Typically, mobile banking trojans check what apps are present on an infected device and pull from the command and control server the web injects corresponding to the apps of interest.

Instead of continuously changing passwords in an attempt to stay ahead of online threats, the best solution is no passwords at all. The reality of poor password practices like this is that the average person has roughly 191 different logins, passwords or other credentials to manage - meaning it requires too much effort to remember, paired with an "It won't happen to me" mentality.

Google Fi, Google's U.S.-only telecommunications and mobile internet service, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some customers warned that it allowed SIM swapping attacks. Google sent notices of a data breach to Google Fi customers this week, informing them that the incident exposed their phone numbers, SIM card serial numbers, account status, account activation date, and mobile service plan details.

The firm previously identified four kinds of financial supply chain compromise, which dispense with impersonation of internal executives at the target company and instead wear the garb of one of the company's vendors. Abnormal Security says Firebrick Ostrich has used one of these types of financial supply chain compromises - third-party reconnaissance attacks - to commit 346 BEC campaigns dating back to April 2021, impersonating 151 organizations and using 212 maliciously registered domains, nearly all in the U.S. Crane Hassold, director of threat intelligence at Abnormal Security, said the amount of money that can be gotten from external, third-party impersonation is three times higher than traditional BEC exploits, and that their success stems from awareness deficit, as companies and their employees are trained to look for emails impersonating an internal executive, not a vendor.

Some other cybercriminals have found a different way to keep abusing Microsoft products for infecting computers with malware: infected OneNote documents. A new Bitdefender study exposes a phishing campaign abusing OneNote to infect computers with malware.