Unsecured Microsoft SQL, MySQL servers hit by Gh0stCringe malware
Unsecured Microsoft SQL, MySQL servers hit by Gh0stCringe malware (bleepingcomputer.com)
Hackers target poorly protected SQL and MySQL databases to deploy Gh0stCringe remote access trojans on the devices. Gh0stCringe is a variant of the Gh0st RAT malware deployed by cyber-espionage operators in 2020. These hackers are now targeting exposed processes to remotely install the malicious executable on the database server. Once it is on the server, the malware can now run malicious commands or exfiltrate data on top of providing other services to an adversary, including keylogging and self-sustaining through other processes.
Kenneth Saltisky
Thousands of Secret Keys Found in Leaked Samsung Source Code
I found this article interesting because it’s related to encryption and it’s just insane how hackers work to steal people sensitive information and maybe sell it or use it for their own benefit. . This article is about hackers who has stolen thousand of secret keys due to leaked Samsung source code. A group of cybercriminals called Lapsus claim to have stolen 190 Gb of data and the tech giant has confirmed that the compromised information included source code related to Galaxy devices. Source codes belonging to the victims (some of the victims) were made public and that’s cybercriminals were able to steal the codes and exploit the system.
https://www.securityweek.com/thousands-secret-keys-found-leaked-samsung-source-code?&web_view=true
“90% of MSPs Suffer Successful Cyberattacks, N-able Research Finds”
Within the past 18 months, 90% of Managed Service Providers (MSPs) came across some kind of cyber-attack. According to N-able (IT provider that provides cloud-based software solutions for MSPs) , 82% of MSPs experienced attacks resulting in financial loss, business disruption, and a loss of trust from customers. Also, because the number of attacks prevented by the organizations doubled, studies have shown that they are more likely to become primary targets themselves rather than their customers. Even though MSPs offer two-factor authentication, just 40% of their customers have applied it in their homes. MSPs handle a vast amount of valuable data for various businesses, so cybersecurity is top priority. They need to understand how the threats continue to progress and make the changes needed to protect both their customers and themselves.
https://www.msspalert.com/cybersecurity-research/90-of-msps-suffer-successful-cyberattacks-n-able-research-finds/
Christopher Clayton
“Passwordless: More Mirage Than Reality”
During an informal closing meeting, one of my clients asked my team and I how we felt about going passwordless. Passwordless is that extra layer of security to then be prompted for MFA. Would going passwordless really fly with the regulators? MFA has other forms of authentications such as one time passwords, push notifications, and SMS notifications. Based off of Microsoft, passwordless is being implemented for one of the factors such as weak passwords. This is the reason why strong passwords need to be put in place.
Microsoft states there are 3 ways to help users keep their identifies safe such as Windows Hello (facial, thumbprint), Microsoft Authenticator, and FIDO2 Security Keys (Standards-based passwordless authentication).
However, passwords are not going to go away anytime soon. Passwords are the most cost friendly and easy authentication option which makes it difficult to push away.
Reference:
https://thehackernews.com/2021/04/passwordless-more-mirage-than-reality.html
By Victoria Zak
Malware disguised as security tool targets Ukraine’s IT Army
Malware disguised as security tool targets Ukraine’s IT Army (bleepingcomputer.com)
Last month, Ukraine announced a new IT army consisting of individuals worldwide working together to conduct cyberattacks and DDoS attacks on Russian entities. However, a spread of threat actors is taking advantage of this by posting fake DDoS tools on Telegram that installs an information-stealing Trojan. Although the legitimate version of the tool is “clean” and illegal to use, it is not possible to check for the malware payload prior to running the tool since neither the legitimate nor the fake tool are digitally signed. Running the malicious tool results in an information-stealing payload executing that steals website data as well as local file information and system information. Although this malware has existed prior to this incident, it has seen a rise as a result of the current world situations.
Kenneth Saltisky
“Hackers Who Broke Into NVIDIA’s Network Leak DLSS Source Code Online”
The technology company NVIDIA had a breach in its network from an extortionist group called LAPSUS$ allowing them to leak data containing a source code to NVIDIA’s Deep Learning Super Sampling (DLSS) technology. They appear to have admitted responsibility of this hack and warned of leaking confidential information unless they received a fee. However, they made a change their demand for NVIDIA to “commit to completely open-source their GPU drivers for Windows, macOS, and Linux”, otherwise, they would distribute more leaks. Although NVIDIA took security measures by hardening their network and notifying law enforcement, they don’t see this incident as a major disruption to their business or serving their customers.
Hackers Who Broke Into NVIDIA’s Network Leak DLSS Source Code Online (thehackernews.com)
Christopher Clayton
North Korean Hackers Using Windows Update Service to Infect PCs with Malware
The notorious Lazarus Group has launched a new campaign that uses the Windows Update service to execute its malicious loads, expanding the library of off-the-ground (LotL) technologies that the APT group exploits to achieve its goals. The latest spear phishing attack, detected by Malwarebytes on January 18, stems from a job-themed decoy impersonating weaponized documents from U.S. global security and aerospace company Lockheed Martin. Researchers note that this is an interesting technique used by Lazarus, which uses Windows Update clients to run its malicious DLLs to bypass security detection mechanisms. The evidence links them to past attacks by the same participants, including infrastructure overlaps, document metadata, and the use of job offer templates to select victims.
https://thehackernews.com/2022/01/north-korean-hackers-using-windows.html
Dan Xu
Spanish Police Arrest SIM Swappers Who Stole Money from Victims Bank Accounts
The Spanish National Police last week arrested eight people involved in financial fraud using SIM swapping attacks. This group disguises itself as a bank or an organization trusted by victims, and they use traditional phishing techniques to obtain victims’ personal information and banking data. Criminals forge official authorization documents to pretend the victim’s identity, and then they go to the phone store to get the SIM card. After obtaining the SIM card they will receive a secure confirmation from the bank and withdraw money from the account.
Link: https://thehackernews.com/2022/02/spanish-police-arrest-sim-swappers-who.html
Yangyuan Lin
Malware infiltrates Microsoft Store via clones of popular games
Malware infiltrates Microsoft Store via clones of popular games (bleepingcomputer.com)
A malware identified as Electron Bot has been found in numerous games uploaded to the Microsoft Store. This has been accomplished by individuals creating malicious game apps similar to popular existing apps and hiding the malicious payload until the next Windows launch. On launch, it creates a hidden browser window and remotely connects to a malicious page that alters browsing experiences in a negative way. This includes by promoting malicious sites on search engines, promoting malicious products, and directed social media promotion.
Kenneth Saltisky
Author – Jessica Handcastle
3/15/22
The article I read this week discusses a major purchase in the realm of cybersecurity that took place recently. The firm SentinelOne purchased the identity security vendor Attivo Networks for $616.5 million. The firm believes that the acquisition will increase its market in the realm of identity threat detection & response in their XDR tech by roughly $4 billion, calling the acquisition the missing link. XDR works by collecting & analyzing logs in response to potential threats, & the aim is to centralize security data & incident response. SentinelOne is one of several companies that have been moving into the realm of XDR recently, along with CrowdStrike & McAfee, and it isn’t their first purchase in XDR, either, as they acquired the data analytics platform Scalyr last year. The reason for this is because larger cybersecurity firms want to obtain “zero-trust enabling technologies” to integrate into their platforms. Attivo believes that combining their technology with SentinelOne’s XDR will bring real-time identity threat detection/response to the front lines of cyber defense.
https://www.theregister.com/2022/03/15/sentinelone_attivo_617m/