Security News

While many companies are beginning to migrate security tools to the cloud, a significant number have concerns, a survey by Exabeam reveals. Typically, organizations migrate security tools to the cloud to minimize the resources and overhead associated with owning and maintaining on-premises equipment and software.

The cybersecurity firm told SecurityWeek that its Mandiant Intelligence team tracks nearly 100 tools that can be used to exploit vulnerabilities in ICS or interact with industrial equipment in an effort to support intrusions or attacks. Of the ICS hacking tools tracked by FireEye - the company calls them ICS cyber operation tools - 28% are designed for discovering ICS devices on a network and 24% for software exploitation.

The general availability of ICS-specific intrusion and attack tools is widening the pool of attackers capable of targeting operational technology networks and industrial control systems. "As ICS are a distinct sub-domain to information and computer technology, successful intrusions and attacks against these systems often requires specialized knowledge, establishing a higher threshold for successful attacks. Since intrusion and attack tools are often developed by someone who already has the expertise, these tools can help threat actors bypass the need for gaining some of this expertise themselves, or it can help them gain the requisite knowledge more quickly," FireEye researchers point out.

During 2019 a SafeBreach research team discovered major vulnerabilities in widely used security products that were written and tested by reputable cybersecurity companies. Product What can happen Underlying flaws Trend Micro Maximum Security 2019 and 2020 DLL Search-Order Hijacking Signed Execution Whitelisting Bypass Uncontrolled search path, no digital certificate validation against the binary.

Earlier this year, Prevailion's security researchers identified a TA505 campaign targeting German companies with fake job application emails, but the attacks appear to have started in June 2019, or even the month before. Through the use of legitimate tools that are unlikely to be removed by traditional security software, the attackers can perform a broad range of activities, such as stealing files, capturing screens, and even recording audio.

Hackers are getting hacked via trojanized hacking toolsSomeone has been trojanizing a wide variety of hacking tools to compromise the machines of hackers who want to use the tools for free, Cybereason researcher Amit Serper has revealed. SECURE Magazine: RSAC 2020 special issue releasedRSA Conference, the world's leading information security conference and exposition, concluded its 29th annual event in San Francisco.

Identity management firm Auth0 has launched Auth0 Signals, a collection of threat intelligence tools and capabilities designed to protect customers from identity attacks. The purchased company's knowledge of malicious IP addresses provides an additional source of IP threat intelligence to Auth0's anomaly detection engine, which protects Auth0 customers.

Criminals targeting other criminals is nothing new, but researchers have now uncovered a years-long campaign that trojanizes hacking tools in order to infect other hackers with njRAT. Just as trojanized mobile apps can be downloaded from app stores and installed by trusting users, so trojanized hacking tools are downloaded and installed by trusting hackers. The njRAT infection route in the campaign appears to be via cracked and trojanized hacking tools.

Someone has been trojanizing a wide variety of hacking tools to compromise the machines of hackers who want to use the tools for free, Cybereason researcher Amit Serper has revealed. "So far, we have found samples that are either pretending to be various hacking tools or pretending to be installers of the Chrome Internet browser," they noted.

A former CIA software engineer accused of stealing a massive trove of the agency's hacking tools and handing it over to WikiLeaks was convicted of only minor charges Monday, after a jury deadlocked on the more serious espionage charges against him. Joshua Schulte, who worked as a coder at the agency's headquarters in Langley, Virginia, was convicted by a jury of contempt of court and making false statements after a four-week trial in Manhattan federal court that offered an unusual window into the CIA's digital sleuthing and the team that designs computer code to spy on foreign adversaries.