News – Page 516

Mitigating sophisticated attacks — the NuData way (part II)

Posted on 15 July 2021

From securityboulevard.com

This is the continuation of part I. If you haven’t read it, we suggest you start there for more attack types and fraud mitigation techniques.

Now, where were we? Right, we just talked about spotting human-driven attacks. Let’s look at how to spot probing attacks that sneak in, to learn from your security parameters.

1. Spotting probing attacks

Some of the most potentially damaging attacks we see on the NuData network start extremely small. By probing your defenses with a hard-to-detect, low-volume attack, a cybercriminal can ferret out your vulnerabilities without setting off any alarms. Then they use that knowledge to launch a larger attack tailored to your system’s specific weaknesses, hoping to overwhelm your defenses completely.

To prevent that from happening, early detection of probing is key. Think of those initial attacks as the first phase of a pest infestation. You might not notice or be bothered by the first ant scout who appears on a solo mission to find food in your kitchen. But you will definitely notice when there’s a several-feet-long trail of ants to the leaky pot of jam in your cupboard a day later. Intercepting that first ant takes extra work, but it saves you a lot of trouble in the long run.

macOS: Bashed Apples of Shlayer and Bundlore

Posted on 15 July 2021

From securityaffairs.co

The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer telemetry alerts using shell scripts. Though these scripts have slight variations, they mostly belong to a plague of adware strains—Shlayer and Bundlore. These malware are the most predominant malware in macOS, also with a history of evading and bypassing the built-in Xprotect, Gatekeeper, Notarization and File Quarantine security features of macOS.

In this post, we will showcase the different variants of malicious shell scripts used in Shlayer and Bundlore that have been constantly in the rounds. We will also discuss the inbuilt macOS utilities leveraged by these malwares and showcase the Uptycs EDR detection capabilities.

Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild

Posted on 15 July 2021

From thehackernews.com

Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year.

What’s more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an uptick in real-world attacks. The list of now-patched vulnerabilities is as follows –

22% of exploits for sale in underground forums are more than three years old

Posted on 15 July 2021

From helpnetsecurity.com

Trend Micro released a research urging organizations to focus patching efforts on the vulnerabilities that pose the greatest risk to their organization, even if they are years old.

The research found that 22% of exploits for sale in underground forums are more than three years old.

“Criminals know that organizations are struggling to prioritize and patch promptly, and our research shows that patch delays are frequently taken advantage of,” said Mayra Rosario, senior threat researcher for Trend Micro.

IPv6 still 5–10 years away from mainstream use, but K8s networking and multi-cloud are now real

Posted on 15 July 2021

From theregister.com

Gartner Hype Cycle for Enterprise Networking 2021

IPv6 is still five to ten years away from ascending to analyst firm Gartner’s plateau of productivity, and remains a technology employed by only “early mainstream” users.

So says the firm’s 2021 Hype Cycle for Enterprise Networking, published last week and now grasped in The Register’s claws.

Let’s start with the graphic depicting the Hype Cycle in all its glory.

Disrupting Ransomware with Advanced File System Techniques

Posted on 15 July 2021

From securityboulevard.com

Technology is becoming more effective at early ransomware detection. Solutions can often automatically shut down attacks and minimize the damage. It is reasonable to conclude, however, that there is no truly impenetrable ransomware defense. The more complete answer lies in recovery.

Maintaining pristine datasets that are more readily restored, minimizing loss while preserving data integrity, is arguably as important as prevention in a cybersecure posture. This means making data immune from damage or alteration, and in some cases tracking access and copy patterns, so recovery from attacks is possible without paying ransoms or exposing sensitive information in the first place.

Updated Elcomsoft iOS Forensic Toolkit Simplifies macOS Installs, Fixes Corrupted File System Extraction

Posted on 15 July 2021

From blog.elcomsoft.com

While we are still working on the new version of Elcomsoft iOS Forensic Toolkit featuring forensically sound and nearly 100% compatible checkm8 extraction, an intermediate update is available with two minor yet important improvements. The update makes it easier to install the tool on macOS computers, and introduces a new agent extraction option.