Security News > 2023 > November

In interactions with threat intelligence analysts, farnetwork shared valuable details that link them to ransomware operations starting 2019 and a botnet with access to multiple corporate networks. According to a report Group-IB shared with BleepingComputer, the threat actor has several usernames and has been active on multiple Russian-speaking hacker forums trying to recruit affiliates for various ransomware operations.

Singapore-based luxury resort and casino Marina Bay Sands has suffered a data breach that exposed data of 665,000 non-casino rewards program members. "Marina Bay Sands became aware of a data security incident on 20 October 2023 involving unauthorized third-party access on 19 and 20 October 2023 to some of our customers' loyalty programme membership data," the hospitality establishment said in a security incident notice.

SaaS applications make up 70% of total company software usage, and as businesses increase their reliance on SaaS apps, they also increase their reliance on those applications being secure. These SaaS apps store an incredibly large volume of data so safeguarding the organization's SaaS app stack and data within is paramount.

Webinar Daily incursions are underway with the aim of removing every bit of data that you've got - the cyber criminals' aim is to break in and get out again laden with digital booty. Without that data exfiltration there's no ransom to pay.

One of the requirements of eIDAS 2.0 is that browser makers trust government-approved Certificate Authorities and do not implement security controls beyond those specified by the European Telecommunications Standards Institute. When a browser visits that site, the website presents a public portion of its CA-issued certificate to the browser, and the browser checks the cert was indeed issued by one of the CAs it trusts, using the root certificate, and is correct for that site.

Singapore-headquartered Group-IB, which attempted to infiltrate a private RaaS program that uses the Nokoyawa ransomware strain, said it underwent a "Job interview" process with the threat actor, learning several valuable insights into their background and role. "Throughout the threat actor's cybercriminal career, which began in 2019, farnetwork has been involved in several connected ransomware projects, including JSWORM, Nefilim, Karma, and Nemty, as part of which they helped develop ransomware and manage the RaaS programs before launching their own RaaS program based on Nokoyawa ransomware," Nikolay Kichatov, threat intelligence analyst at Group-IB, said.

For SOC teams to be able to defend their organization against ransomware attacks, they need to have the right security toolset, but also an understanding of the three primary ransomware attack stages. Instead, there are often many different indicators of compromise at different stages of the attack that seem benign when looked at individually.

The Aqua Trivy open-source scanner now supports vulnerability scanning for Kubernetes components and Kubernetes Bill of Materials generation. Now, companies can better understand the components within their Kubernetes environment and how secure they are to reduce risk.

The emergence of AI has put into question the roles of software developers everywhere. In this Help Net Security video, Cat Hicks, VP of Research Insights at Pluralsight, discusses pressing questions that engineering organizations face regarding the rapidly-changing possibilities of AI-assisted coding.

Companies need help to get visibility into the operations of their AI programs, potentially reducing productivity while creating significant risks around governance, data security, and more, according to Portal26. Two-thirds of respondents admitted to a Generative AI security or misuse incident in the past year.