Security News

The idea is simple: instead of building a single-purpose malware program for each attack, and unleashing it on its own, why not spearhead the attack with a general purpose malware agent that calls home to report its arrival, and awaits further instructions? Emotet first, to form a beachhead inside your network; Followed by Trickbot or some other network-snooping malware to learn, plunder, hack, tweak, reconfigure and manipulate your computer estate until the crooks behind the stealing and surveillance had learned as much as they felt they needed to know; Followed by a final, apocalyptic, flaming-skulls-on-your-wallpaper-type blast of ransomware and an associated, possibly breathtakingly expensive, blackmail demand.

A third of employees admit lying to hide the fact that they accidentally deleted data, most doing so out of embarrassment or fear of punishment. A study of knowledge workers in 10 countries found that workplace cultures of blame and fear are causing businesses to lose critical, sensitive data that could have otherwise been saved if employees were comfortable enough to come forward.

The report isn't just one researcher's work, or even one department's work, but the combined effort of SophosLabs, Sophos Managed Threat Response, Sophos Rapid Response, and Sophos Artificial Intelligence. Don't take Joe's word for it read the report and see how we live up to those three principles!

"July started off relatively quietly, but towards the middle of the month the average daily count of DDoS attacks exceeded 1,000, with a whopping 8,825 attacks on August 18," the report said. More than 40 percent of DDoS attacks during the third quarter targeted operations in the U.S., followed by Hong Kong and China, the report found.

A new bad actor called Tortilla is running the campaign, and most affected users are in the U.S. Cisco Talos has a warning out for U.S. companies about a new variant of the Babuk ransomware. Security researchers Chetan Raghuprasad, Vanja Svajcer and Caitlin Huey describe the new threat in a Talos Intelligence blog post.

More than half of large companies are not effectively stopping cyberattacks, finding and fixing breaches quickly or reducing the impact of breaches, according to a new research study from Accenture. "Accenture's State of Cybersecurity Resilience 2021 study explored the extent to which organizations prioritize security, the effectiveness of current security efforts and how their security investments are performing. The pandemic served as"a breeding ground for new attacks,'' according to the study, which was based on a survey of more than 4,700 executives globally.

BlackMatter, which operates as a ransomware as a service operation, will still allow its infrastructure to issue mail to companies for further communication as well as permit its affiliates to get a decryptor for its ransomware, according to the message. VX-Underground told BleepingComputer that the message was sent to the organization directly from BlackMatter, according to a published report.

Signal has added an easy way for users to report and block spam straight from message request screens with a single mouse click. Message requests were added to Signal last year, in August 2020, to allow new users to reach out to other Signal users even if they're not in their address books and provide more contextual info to those on the receiving end.

Lazarus Group, the advanced persistent threat group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities. The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbed BLINDINGCAN and COPPERHEDGE to attack the defense industry, an IT asset monitoring solution vendor based in Latvia, and a think tank located in South Korea, according to a new Q3 2021 APT Trends report published by Kaspersky.

Help Net Security: XDR Report has been releasedThe topic of this inaugural report is extended detection and response, an emerging technology that has been receiving a lot of buzz in the last few years. Apache OpenOffice users should upgrade to newest security release!The Apache Software Foundation has released Apache OpenOffice 4.1.11, which fixes a handful of security vulnerabilities, including CVE-2021-33035, a recently revealed RCE vulnerability that could be triggered via a specially crafted document.