Security News

On Tuesday, Microsoft released its annual Digital Defense Report providing a glimpse of the trends shaping the cybersecurity landscape during the last year. The Digital Defense Report analyzes cybersecurity threats from the second half of 2019 through the first half of 2020.

FireEye found that there is usually three days of dwell time between these early warning signs and detonation of ransomware. How does a security team find these weak but important early warning signals? Somewhat surprisingly perhaps, the network provides a unique vantage point to spot the pre-encryption activity of ransomware actors such as those behind Maze.

After a short lesson in internet history, the author puts the reader in the shoes of the attacker and explains how simple it is to hack a website, as well as how easy it is to obtain and apply hacking tools. The author proceeds to offer basic knowledge about how the internet, browsers, web servers and programmers work.

Some information needs to be leaked from the kernel that reveals the current layout of its components in RAM. If a ROP exploit just guesses the kernel's layout and is wrong, it will trigger a crash, and this can be detected and acted on by an administrator. "Using speculative execution for crash suppression allows the elevation of basic memory write vulnerabilities into powerful speculative probing primitives that leak through microarchitectural side effects," the paper stated.

Fully aligned with SASE's edge-based security approach, the Zero Trust security construct can be executed using the SASE framework. To understand how SASE is an approach that enables a Zero Trust security model, we'll dig a little deeper into Gartner's vision.

Massachusetts Institute of Technology scientists have created a cryptographic platform that allows companies to securely share data on cyber attacks they suffered and the monetary cost of their cybersecurity failures without worrying about revealing sensitive information to their competitors or damaging their own reputation. The researchers recruited seven large companies that had a high level of security sophistication and a CISO to test out the platform, i.e., to contribute encrypted information about their network defenses and a list of all monetary losses from cyber attacks and their associated defensive failures over a two-year period.

Shlayer adware creators have found a way to get their malicious payload notarized by Apple, allowing it to bypass anti-malware checks performed by macOS before installing any software. The first known instance of notarized macOS malware was discovered last week, by a college student who noticed that people who want to download Homebrew and make the mistake of entering the wrong URL are getting served with a warning saying their Adobe Flash Player is out of date and offering an update for download. Security researcher Patrick Wardle analyzed the served package and confirmed that it is not an update, but a notarized version of the macOS Shlayer adware, which doesn't get detected as malicious by Gatekeeper.

The MITRE Corporation has taken the wraps off a knowledge base of common techniques and tactics that defenders can use to ensure their networks and assets are kept secure. Called MITRE Shield, the publicly available, free resource is aimed at cyber-experts looking to engage an active cyber defense and, similarly with MITRE ATT&CK, presents a series of active defense concepts.

The United States Cybersecurity and Infrastructure Security Agency has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. To achieve this, attackers first identify high-value targets, perform extensive research on their social and professional networks, and then pose as recruiters to send malicious documents loaded with the malware, masquerading as job advertisements and offerings.

CISOs at Stanford University, the University of Chicago Medicine, and The Ohio State University list phishing as the top security threat to students, professors, and researchers. The group also agreed zero trust is the best security approach but a hard sell in an academic setting.