Security News > 2023 > June

As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. There certainly is a lot being marketed and published about data security posture management solutions themselves, but we first wanted to dig into what is data security posture?

The Chinese nation-stage group known as Camaro Dragon has been linked to yet another backdoor that's designed to meet its intelligence-gathering goals. Camaro Dragon overlaps with a threat actor widely tracked as Mustang Panda, a state-sponsored group from China that is known to be active since at least 2012.

There's new information about the zero-day vulnerability in Progress Software's MOVEit Transfer solution exploited by attackers and - more importantly - patches and helpful instructions for customers. The MOVEit Transfer zero-day and updated mitigation and remediation advice.

Qakbot - banking malware-turned-malware/ransomware distribution network - has been first observed in 2007 and is active to this day. "Qakbot operators tend to reduce or stop their spamming attacks for long periods of time on a seasonal basis, returning to activity with a modified suite of tools," Chris Formosa and Steve Rudd, researchers with Lumen's Black Lotus Labs, have noted.

ReversingLabs detected a Python package in April that mixed malware with compiled code as a way to evade detection by security tools that only check source code files and not compiled output. It's a worrying threat given the increasing number of attacks not only on PyPI but other open source code repositories like GitHub, NPM, and RubyGems.

"Successful compromises of the targeted individuals enable Kimsuky actors to craft more credible and effective spear-phishing emails that can be leveraged against sensitive, high-value targets." Kimsuky refers to an ancillary element within North Korea's Reconnaissance General Bureau and is known to collect tactical intelligence on geopolitical events and negotiations affecting the regime's interests.

The United States and the Republic of Korea have issued a joint cyber security advisory [PDF] about North Koreas "Kimsuky" cyber crime group. In their joint advisory, US and South Korean authorities said Kimsuky targets "Think tanks, academic institutions, and news outlets for the purpose of intelligence gathering." The South says the gang is also involved in stealing info used by the DPRK's satellite program.

According to the World Economic Forum's 2023 Global Cybersecurity Outlook, 86% of business leaders and an even higher percentage of cyber leaders, 93%, believe a catastrophic cyber event is likely in the next two years due to global geopolitical instability. For defense contractors, who work with some of our country's most sensitive information, establishing effective cybersecurity protocols takes on an added layer of importance.

In the book, Howard challenges the conventional wisdom of current cybersecurity best practices, strategy, and tactics and makes the case that the profession needs to return to first principles. He lays out the arguments for the absolute cybersecurity first principle and then discusses the strategies and tactics required to achieve it.

According to Egress, the evolving attack methodologies currently used by cybercriminals are designed to get through traditional perimeter security. "Although traditional signature-based detection can filter out phishing emails with known malicious payloads, cybercriminals are constantly refining their attack methods to bypass existing detection systems and appear more credible to their victims. Our report reveals that attacks are increasingly leveraging social engineering, advanced technical measures, and compromised email addresses to deliver sophisticated payloads or defraud organizations. Every attack we analyzed had bypassed other forms of anti-phishing detection, including secure email gateways," Chapman continued.