SecuitNEWS

Cybersecurity industry analysis: Another recurring vulnerability we must correct I have spent my career finding, fixing, discussing, and breaking down software vulnerabilities, one way or another. I know that when it comes to some common security bugs, despite being in our orbit since the 90s, they continue to plague our software and cause major problems, even though the (often simple) fix has been known for almost the same length of time. It truly feels like Groundhog Day , where we as an industry seem to do the same thing over and over and expect a different result. There’s another little problem, however. We’re not getting realistic advice, nor the fastest solutions, to combat the non-stop onslaught that is the modern threat landscape. Of course, each breach is different in its own way and there are numerous attack vectors that can be exploited in vulnerable software. Feasible generic advice will be limited, but the best practice approach is looking more flawed by the hour. To...

Helping security teams respond to gaps in security and compliance programs with Qualys CSAM Unlike traditional inventory tools that focus solely on visibility or rely on third-party solutions to collect security data, Qualys CyberSecurity Asset Management (CSAM) is an all-in-one solution. In this interview with Help Net Security, Edward Rossi, VP, Product Management, Asset Inventory and Discovery at Qualys , talks about how the solution enables security professionals to see the entire picture of their assets – from inventory to detection to response. Many organizations can’t secure their hybrid IT environments since they don’t know what is in their inventory. What makes visibility into security context a gold mine for security teams? When we spoke with our customers, it became clear that organizations need a comprehensive security view of their IT asset infrastructure, and they are struggling to get it. While traditional IT teams and inventory tools provide an IT view of invento...

Trojan.Win32.Scar.dulk Insecure Permissions ≈ Packet Storm – Digitalmunition Discovery / credits: Malvuln – malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/317cd84b5c0d11a9c3aacdfe2bb6031c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Scar.dulk Vulnerability: Insecure Permissions Description: The malware creates an insecure dir named “xzzzs” under c: drive and grants change (C) permissions to the authenticated user group. Standard users can rename the executables dropped by the malware to disable it or replace it with their own executable. Then wait for a privileged user to logon to the infected machine to potentially escalate privileges. Type: PE32 MD5: 317cd84b5c0d11a9c3aacdfe2bb6031c Vuln ID: MVID-2021-0227 Dropped files: zxzz.exe Disclosure: 05/28/2021 Exploit/PoC: C:>dir xzzzs Volume in drive C has no label. Directory of C:xzzzs 03/02/2021 02:08 AM 434,688 zxzz.exe 1 File(s) 434,688 bytes C:>cacls ...

Have I Been Pwned goes open source, bags help from FBI • The Register In brief The creator of the Have I Been Pwned (HIBP) website, which alerts you if it turns out your credentials have been swiped and leaked from an account database, has open sourced the project’s internals. Troy Hunt set up HIBP in 2013, and the dot-com is now said to be getting a billion requests a month. Last year, the man Down Under announced plans to make key portions of the system open source for others to pick up, use, and improve. Now the Pwned Passwords code base is available from GitHub under a BSD three-clause license. Hunt also said the FBI has offered to feed known compromised passwords into HIBP. “Their goal here is perfectly aligned with mine and, I dare say, with the goals of most people reading this: to protect people from account takeovers by proactively warning them when their password has been compromised,” he said . In addition to the code, there’s also a 3D print schematic ...

Group-IB opens MEA Threat Intelligence & Research Center in Dubai Group-IB has officially announced the opening of its Middle East & Africa Threat Intelligence & Research Center in Dubai. The grand opening, held at the Habtoor Palace Dubai, was attended by representatives of the local financial organizations, government institutions, and the guest of honor, Mr. Craig Jones, INTERPOL Cybercrime director. Group-IB’s leadership views the opening of its MEA Threat Intelligence & Research Center as a critical milestone toward achieving the strategic goal of building the first ever decentralized global cybersecurity company with fully operational R&D centers in the key financial hubs. Group-IB’s office would not only operate just as a sales hub but also as a full-scale regional HQ, offering all core technological competencies and bringing with it the top skills that are found across its global HQ in Singapore and other offices. The new Center, located at the Dubai...

Shenoy Sandeep joins Cyble as Regional Director of META Cyble announced that regional cybersecurity expert Shenoy Sandeep has joined Cyble as the Regional Director – Middle East, Turkey, and Africa (META). This news follows Cyble’s recent announcement of a USD 4 million seed financing led by Blackbird Ventures and Spider Capital, with participation from Xoogler Ventures, Picus Capital, and Cathexis Ventures. Shenoy brings over 13+ years’ experience in the cybersecurity, having advised some of the most critical organizations in the region. A well-known figure in the local cybersecurity community, Shenoy will be responsible for driving growth across the META region by highlighting the true value Cyble provides in the cyber threat intelligence monitoring space. Mandar Patil, VP – International Market and Customer Success at Cyble said, “Shenoy is a reputed regional cybersecurity expert, and I am excited to be working with him. With his ability to understand the cybersecurity threat...

Genetic tricks of the longest-lived animals Enlarge / Bats, remarkable little things. Life, for most of us, ends far too soon—hence the effort by biomedical researchers to find ways to delay the aging process and extend our stay on Earth. But there’s a paradox at the heart of the science of aging: The vast majority of research focuses on fruit flies, nematode worms and laboratory mice , because they’re easy to work with and lots of genetic tools are available. And yet, a major reason that geneticists chose these species in the first place is because they have short lifespans. In effect, we’ve been learning about longevity from organisms that are the least successful at the game. Today, a small number of researchers are taking a different approach and studying unusually long-lived creatures—ones that, for whatever evolutionary reasons, have been imbued with lifespans far longer than other creatures they’re closely related to. The hope is that by exploring and understanding ...

Epsilon Red Ransomware Attacks Unpatched Microsoft Exchange Servers Epsilon Red ransomware is a new player in the ransomware scenario which uses attacks that are relying on more than a dozen scripts before reaching the encryption stage and also uses a commercial remote desktop utility. The name of the malicious group comes from the Marvel Universe as Epsilon Red is a little-known character, a Russian super-soldier with four tentacles that can breathe in space. Source Researchers at Sophos have discovered the new Epsilon Red ransomware when they were investigating an attack at a fairly large U.S. company in the hospitality sector. It seems the threat actor breached the enterprise network by exploiting unpatched vulnerabilitie s in the on-premise Microsoft Exchange server. Andrew Brandt , the principal researcher at Sophos, says in its report that the attackers have probably leveraged the ProxyLogon set of vulnerabilities to reach machines on the network, as the Pr...

Can Your Business Email Be Spoofed? Check Your Domain Security Now! Are you aware of how secure your domain is? In most organizations, there is an assumption that their domains are secure and within a few months, but the truth soon dawns on them that it isn’t. Spotting someone spoofing your domain name is one way to determine if your security is unsatisfactory – this means that someone is impersonating you (or confusing some of your recipients) and releasing false information. You may ask, “But why should I care?” Because these spoofing activities can potentially endanger your reputation. With so many companies being targeted by domain impersonators, email domain spoofing shouldn’t be taken lightly. By doing so, they could put themselves, as well as their clients, at risk. Your domain’s security rating can make a huge difference in whether or not you get targeted by phishers looking to make money quickly or to use your domain and brand to spread ransomware without you knowing it...

5 Free and Open Source Patch Management Tools Your Company Needs Microsoft has long supported the patching of vulnerabilities, as outdated software is one of the main entry points malicious code has into a network. While initially overlooked, this crucial cybersecurity process has become a priority for businesses around the world. For this reason, using patch management tools is mandatory for the digital safety of your enterprise. Patch management tools are cybersecurity solutions that identify software applications running on outdated versions. They then proceed to deploy and install the corresponding patch, which can enhance security, fix bugs or add new functionalities, depending on the intent behind its release. In the following lines, I will go over why patch management tools are important, then move on to present five free and/or open source alternatives that your company needs. As always, stay tuned until the end for even more ways to up your company’s vulnerability managem...

World’s Faster AI Supercomputer Built from 6,159 NVIDIA A100 Tensor Core GPUs Slashdot reader 4wdloop shared this report from NVIDIA’s blog, joking that maybe this is where all NVIDIA’s chips are going: It will help piece together a 3D map of the universe, probe subatomic interactions for green energy sources and much more. Perlmutter, officially dedicated Thursday at the National Energy Research Scientific Computing Center (NERSC), is a supercomputer that will deliver nearly four exaflops of AI performance for more than 7,000 researchers. That makes Perlmutter the fastest system on the planet on the 16- and 32-bit mixed-precision math AI uses. And that performance doesn’t even include a second phase coming later this year to the system based at Lawrence Berkeley National Lab. More than two dozen applications are getting ready to be among the first to ride the 6,159 NVIDIA A100 Tensor Core GPUs in Perlmutter, the largest A100-powered system in the world. They aim to advance s...

CISA-FBI Alert: 350 Organizations Targeted in Attack Abusing Email Marketing Service An alert released on Friday by the FBI and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) revealed that the number of organizations targeted in a recent attack abusing a legitimate email marketing service was higher than initially reported. Microsoft reported last week that the Russia-linked threat actor it tracks as Nobelium, which is believed to be responsible for the SolarWinds supply chain attack , had been abusing a legitimate mass email service named Constant Contact to target government and other types of organizations in the United States and a dozen other countries. The attacks, which appear to have started on May 25, involved Nobelium compromising the Constant Contact account of the United States Agency for International Development (USAID), which is responsible for civilian foreign aid and development assistance. Microsoft said spear-phishing emails apparently coming...