New Malware Targets Windows Subsystem for Linux to Evade Detection
The Hacker News reports an new malware focusing on Linux systems.
A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines.
The "distinct tradecraft" marks the first instance where a threat actor has been found abusing WSL to install subsequent payloads.
Read further on The Hacker News
Stolen Credentials Led to Data Theft at United Nations
The Threat Post reported on cybersecurity incident in U.N.O. caused by credentials theft.
A threat actor used stolen credentials from a United Nations employee to breach parts of the UN's network in April and steal critical data, a spokesman for the intergovernmental organization has confirmed.
That data lifted from the network can be used to target agencies within the UN, which already has experienced and responded to further attacks linked to the breach, Stephane Dujarric, spokesman for the UN Secretary-General, told Bloomberg, which broke the news in a report published Thursday.
Read further on The Threat Post
Critical Cosmos Database Flaw Affected Thousands of Microsoft Azure Customers
The Hacker News reported on critical Cosmos database flow which can potentially affect thousands of Azure customers.
Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization.
The flaw, which grants read, write, and delete privileges, has been dubbed "ChaosDB," with Wiz researchers noting that "the vulnerability has a trivial exploit that doesn't require any previous access to the target environment, and impacts thousands of organizations, including numerous Fortune 500 companies."
Read further on The Hacker News
This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection
The Hacker News published a report on the malware cheating Windows Defender
Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign.
"The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers said in a report shared with The Hacker News. "The malware arrives on target systems by posing as cracked installers. It downloads a malware sprayer that obtains a list of URLs from the C2 server and downloads the payloads from the received links."
CISA Publishes Catalog of Poor Security Practices
The DARKReading edition published a list of poor security practices
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) is creating a catalog of poor security practices that increase risk for organizations, especially those supporting designated critical infrastructure or what it calls National Critical Functions (NCFs).
Security professionals, including the team at CISA, often focus on promoting best practices they should take, wrote CISA Executive Assistant Director Eric Goldstein in a blog post on the news. It's equally important, he continued, that they focus on stopping poor security practices as well.
5 Critical Steps to Recover From a Ransomware Attack
The Hacker News published a short manual on essential steps for recovery after ransomware attack.
Hackers are increasingly using ransomware as an effective tool to disrupt businesses and fund malicious activities.
A recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020, while Cybersecurity Ventures predicts that a ransomware attack will occur every 11 seconds in 2021.
Read further on The Hacker News
DarkSide Ransomware Gang Extorted $90 Million from Several Victims in 9 Months
The Hacker News reported on ransomeware campaign of DarkSide.
"In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets," blockchain analytics firm Elliptic said. "According to DarkTracer, 99 organizations have been infected with the DarkSide malware - suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million."
Read further on the Hacker News
3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances
The Hacker News informed that SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild.
Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidiary on March 26, 2021, after the cybersecurity firm detected post-exploitation web shell activity on an internet-accessible system within a customer's environment that had SonicWall's Email Security (ES) application running on a Windows Server 2012 installation. A third flaw (CVE-2021-20023) identified by FireEye was disclosed to SonicWall on April 6, 2021
When security and resiliency converge: A CSO's perspective on how security organizations can thrive
The Security Magazine published an article by John Scimone on perspectives for security organizations.
You've just been hired to lead the security program of a prominent multinational organization. You're provided a seasoned team and budget, but you can't help looking around and asking yourself: How will I possibly protect every asset of this company, every day, against every threat, globally? After all, this is the expectation of most organizations, their customers and shareholders, as well as regulators and lawmakers. In my experience, one of the top challenges security leaders face is trying to optimize a modest security budget to protect a highly complex and ever-expanding organizational attack surface. In fact, Accenture found that 69% of security professionals say staying ahead of attackers is a constant battle and the cost is unsustainable. For most, this challenge is extremely discouraging. However, success is not necessarily promised to those with resources. It's more about how resourceful you can be.
Read further on the Security Magazine
Security ratings could raise the bar on cyber hygiene, but won't stop the next SolarWinds
SC Media discusses the plans to introduce ratings for security products.
Plans from the Biden administration to release product security rating system could raise the bar for security overall, say experts, but won't likely prevent the next SolarWinds or Microsoft hacks.
In a briefing to reporters Friday, senior official compared the forthcoming rating system to the health and safety letter grades at restaurants. And it is a concept that the cybersecurity community has batted around for some time: place a label on the box that says a product is or is not secure, and let consumers create a market around security.