Security News

A corporate cyber-espionage hacker group has resurfaced after a seven-month hiatus with new intrusions targeting four companies this year, including one of the largest wholesale stores in Russia, while simultaneously making tactical improvements to its toolset in an attempt to thwart analysis. "In every attack, the threat actor demonstrates extensive red teaming skills and the ability to bypass traditional antivirus detection using their own custom malware," Group-IB's Ivan Pisarev said.

Phishing emails are now skating past traditional defenses. Even with the most sophisticated email scanning and phishing detection system available, phishing emails are still a very common intrusion vector for cybercriminals to use to introduce malware, including ransomware, to a business' network.

A crew of highly-skilled hackers specialized in corporate espionage has resumed activity, one of their victims this year being a large wholesale company in Russia. Active since 2018, RedCurl is responsible for at least 30 attacks against businesses in Russia, Ukraine, Canada, Norway, the UK, and Germany, the latest four of them occurring this year.

An astonishing piece of vulnerability probing gave infosec researchers a way into to Microsoft's management controls for Azure Cosmos DB - with full read and write privileges over customer databases. The so-called ChaosDB vuln gave Wiz researchers "Access to the control panel of the underlying service" that hosts Azure Cosmos, Microsoft's managed cloudy document database service, they said.

Business leaders and managers who have integrated SIEMs to detect, analyze and respond to organizational threats - both external and internal - are already one step ahead. SIEM tools, when integrated with other layers of security, can help flag anomalous behavior and potential issues in real time. An SIEM could immediately handle a DoS attack or, at the very least, identify compromised devices.

The survey found that concerns around internet security rose by 16% from 2020 to the highest level of U.S. internet security concerns in the 15 years that Unisys has been running the study. "With the hybrid workforce here to stay, the survey shines a light on the need to balance productivity and collaboration tools with security, which do not have to be mutually exclusive," said Leon Gilbert, SVP and GM, Digital Workplace Solutions, Unisys.

Most notably, the research reveals data exfiltration remains a significant threat and despite large investments in security tools, organizations are not confident they can stop data exfiltration. "Existing tools are no longer a sufficient measure to prevent data exfiltration. Anti data exfiltration provides a new approach in the ongoing fight against cyberattacks."

Surveying 100 key executives across financial services, Theta Lake found that 83% of respondents are turning off key productivity and usability features of collaboration platforms like Zoom, Microsoft Teams, and Webex due to their organizations' technical inability to adhere to relevant regulatory compliance and security requirements. Collaboration tools need appropriate compliance oversight The top three collaboration features considered to be threats or challenges to privacy and security include: files uploaded or transferred in chats, links shared in chats or onscreen and screenshares.

The launch of a standing offer to pay for Windows virtual private network software zero-day exploits came to light this week, even as the U.S. mulls new regulations on the export of tools that could be used in cyberattacks against the U.S. or its interests. The U.S. Department of Commerce Bureau of Industry and Security has announced new regulations on the export of "Certain items" that could be used in cyberattacks.

The U.S. Commerce Department on Wednesday announced new rules barring the sales of hacking software and equipment to authoritarian regimes and potentially facilitate human rights abuse for national security and anti-terrorism reasons. "The United States Government opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that U.S. companies are not fueling authoritarian practices," BIS said in a press release.