News – Page 504

Malware and Trojans, but there’s only one horse the boss man wants to hear about

Posted on 30 July 2021

From theregister.com

A call from the executive floor is rarely a harbinger of happiness, especially when one is wading knee-deep through the molasses of malware. Welcome to one Register reader’s experience in On Call.

Our story takes place a few years ago and concerns “Ruud” (not his name) who had joined a very well-known company as head of IT. As befitted a person of his job title, Ruud had started putting the company’s house in order and begun rolling out some standard security tools “to get us to a decent baseline.”

It did not go well, or went too well depending on one’s standpoint, and the new tools spotted some malware running on dozens of PCs. It was an all-hands-on-deck moment to stop the nasties spreading any further through the company. Leading from the front, Ruud dived in to do his bit.

“I was downstairs freezing my tits off in a cold store working on an affected PC when I got a tap on the shoulder from my boss,” he told us. The managing director had called down and wanted a word. Now.

Engaging with governments is a data security priority

Posted on 30 July 2021

From helpnetsecurity.com

Global tax systems are responsible for handling and storing vast amounts of data. Whether it’s details of a supplier’s transactions with its customers, or personal financial information, this data is an important commodity, the protection of which is paramount.

It’s also increasingly vulnerable. Over the last 18 months, opportunistic cyber criminals have taken advantage of crisis conditions to infiltrate the networks of organizations across the globe.

Cyber attacks increased in both frequency and intensity at the height of the COVID-19 pandemic – the first half of 2020 saw a 273 percent rise in the number of large-scale data breaches compared to the same period 12 months earlier.

9 Security Bugs Found in 3 Open Source Projects Used by Several Organizations

Posted on 29 July 2021

From cybersecuritynews.com

9 Security Bugs Found in 3 Open Source Projects Used by Several Organizations

Recently, 3 open-source projects that are EspoCRM, Pimcore, and Akaunting have been affected by 9 vulnerabilities, and all these 3 open-source projects were extensively used by different small as well as medium businesses.

Not only this but if these projects get successfully exploited, then it might allow a hacker to implement a way that leads to the execution of more sophisticated attacks.

Creating and Analyzing a Malicious PDF File with PDF-Parser Tool

Posted on 29 July 2021

From gbhackers.com

Creating and Analyzing a Malicious PDF File with PDF-Parser Tool

This tool will parse a PDF document to distinguish the central components utilized as a part of analyzed file. It won’t render a PDF archive.

Features included:

Load/parse objects and headers
Extract metadata (author, description, …)
Extract text from ordered pages
Support of compressed pdf
Support of MAC OS Roman charset encoding
Handling of hexa and octal encoding in text sections
PSR-0 compliant (autoloader)
PSR-1 compliant (code styling)

TA456 – Iranian Hackers Attack Defense Contractors with Malware To Exfiltrate Sensitive Data

Posted on 29 July 2021

From gbhackers.com

TA456 – Iranian Hackers Attack Defense Contractors with Malware To Exfiltrate Sensitive Data

The security researchers at Proofpoint have uncovered that the Iranian Hacking group, TA456 which is also known as “Tortoiseshell” and “Imperial Kitten” has recently executed several targeted attacks on defense contractors with malware.

On Facebook, the hackers of this group mimicked themselves as aerobics instructors simply to fool the defense contractors and then compromise their systems to exfiltrate sensitive data.

Here during the ongoing cyber espionage, the hackers mainly targeted the employees of the contractor companies working in the US aerospace defense; especially those who are involved in the operations in the Middle East.

The Perils of Cyber Insurance

Posted on 29 July 2021

From securityboulevard.com

On this episode of The View With Vizard, host Mike Vizard talks with Max Pruger, general manager of compliance for Kaseya, about the pros and cons, benefits and pitfalls of cyber insurance. The video is below, followed by a transcript of the conversation.

Top 30 Critical Security Vulnerabilities Most Exploited by Hackers

Posted on 29 July 2021

From thehackernews.com

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to weaponize publicly disclosed flaws to their advantage swiftly.

“Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) noted.