Research shows that only five percent of companies' folders are properly protected, and most business executives (54%) seem to be aware of the fact that they need to improve their cybersecurity. Regardless of the latter, over 22 billion records were breached in 2021 alone. More: - Security reports show that there were 1,862 recorded data breaches in 2021, surpassing the 2017 record of 1,506 breaches. 2022 is already on track to become one of the most difficult years for companies and their cybersecurity.
- With the recent increase in awareness regarding the importance of cybersecurity in the workspace, they need help from security professionals more than ever. The question has now become what steps they have to take to improve their security protocols.
Answer the following question here: - What is the No. 1 cybersecurity mistake companies make today?
| |
North Korean threat actors have been tracked using a Dell flaw that may breach hundreds of millions of victims by disabling the Windows Security feature on Windows devices. Lazarus Group is believed to be responsible. More: - The security flaw has a CVSS score of 8.8 and is officially tracked as CVE‑2021‑21551. According to researchers, if this bug is exploited, it could lead to hackers gaining unauthorized control. From there, they could leak data, use cyber espionage, sell data, etc.
- This is the first time that Lazarus Group has breached Windows Kernel servers using these specific methods. The hacker group utilized a spear phishing tool that it had deployed before to breach companies such as Amazon.
- Lazarus was able to successfully override the registry, file system, process creation, event tracing, and other key mechanisms.
- Besides the unknown methods that were used with its spear phishing tool, the group also used trademark methods such as open-source trojans that are able to decrypt payloads the group infected the victims with. The payloads then deploy the rest of the code, completing the breach.
- This hacking campaign is also the first time that CVE‑2021‑21551 has been breached.
Zoom Out: - Lazarus hacker group is believed to be actively deploying hacking campaigns since 2010. The threat actor, also known as Hidden Cobra, Zinc, Whois Team, and Guardians of Peace, recently made headlines for stealing over $620M from a blockchain game known as Axie Infinity.
- The group is believed to be state-backed by the North Korean government. The threat actor has also launched cyberattacks against pharmaceutical companies, cryptocurrency exchanges, public institutions, etc.
- The group has been placed by the U.S. Department of Justice on the national sanctions list.
| |
A message from SECURITY COMPASS Discover an automated, scalable, developer-centric approach to threat modeling. So what differentiates a developer-centric threat modeling platform from more traditional threat modeling tools? A holistic developer-centric threat modeling platform offers a solution that covers the entire process—from analysis to implementation to measurement and reporting. It will help you release secure software faster by: - Automatically generating threat modeling diagrams
- Identifying required threat countermeasures and security controls
- Engaging key stakeholders (especially developers)
- Ensuring developers implement the required controls
- Measuring the effectiveness of the program
- Maintaining audit trails and data
- Understanding a change in risk profile
Read Developer Centric Software Threat Modeling Powered by Automation, a comprehensive guide on why developer-centric threat modeling is critical for your business. Get the guide | |
Russian men are dodging the partial military mobilization through fake exemption passes provided by cybercriminals. There are no official statistics on the number of counterfeit passes given yet. More: - Scammers are allegedly providing fake reports that claim the individual is physically unfit to serve in the military as a member of the reservist force. The scammers also claim that they will be able to update the database so it doesn't show any conflicting data.
- In return for the service, the scammers ask for $470 (in Russian rubles).
- If the Russian citizens seeking to flee the war pay $630, they will receive fake certificates claiming that they are HIV infected.
- Besides fake health certificates, Russians are also purchasing SIM cards that cannot be tracked by the government. Regular SIM cards that use IMEI can be easily tracked by the telecom provider that operates the number, while "gray cards" are harder to track.
| |
Several Los Angeles schools have had their data leaked after a hacking campaign by hacker group Vice Society managed to breach the Los Angeles Unified School District. The group is reportedly asking for ransom. More: - According to early estimates, the group has leaked several student Social Security numbers.
- The school district claims that, unlike student information, employee information has not been breached.
- The group claims that it has employee contracts, health records, vaccination records, and other personal information in its possession.
- The threat actor gave the district until Monday to pay the ransom, otherwise threatening to leak data. The hacker, however, leaked data two days before the deadline as the district openly refused to pay any amount of money.
- This district has a $20B budget for 2021-2022, the second largest in the U.S. It is unclear how much the threat actor asked for ransom.
| |
|
German police have tracked a hacker group that stole $3.9M by using phishing as a threat vector. The attacks happened from October 2020 to May 2021. More: - The police arrested two suspects, while a third possible suspect is being investigated.
- According to German authorities, the hackers sent fraudulent emails to their victims, leading them to believe that the bank was changing its security protocols and that, as a measure, they would need to rewrite their log-in credentials.
- Once the victims wrote their log-in credentials, the hackers contacted them by phone and managed to steal their funds through social engineering.
- In order to cover their tracks, the hackers deployed DDoS attacks against the banks. It is believed that they also purchased different tools on the dark web that could've helped them deploy other hacking campaigns.
- One of the arrested individuals is being charged with 124 acts of computer fraud.
| |
Hackers have stolen payment information from several KFC and McDonald's stores in the Middle East and Singapore. The hacking campaign was tracked by Cloudsek. More: - Threat actors are using multiple vectors to breach their victims. The hacking campaign contains a fake landing page that is similar to the Google Play Store and displays an app named KFC Saudi Arabia 4+.
- The app is a browser-based application for Chrome.
- Once users click on the directed malicious link, they are led to download a malicious file that appears as a desktop shortcut.
- Another website that Cloudsek tracked leads users to click a phishing link that asks for their payment information. The website uses special algorithms that can detect if the user is inputting a false credit card, making it appear as a legitimate payment source.
- The company asks that users be vigilant while visiting sites and submitting their payment information, identify and report domains that pretend to be other companies, etc.
| |
Quick Hits: - The 3 Things to Never Build In Your App: Authentication, Notifications, and Payments.*
- Microsoft has announced that it will soon deploy a feature that allows team members and organizations to know when a phishing link is being sent to them. The feature will alert organizations in the Microsoft Teams app.
- A court in New Jersey has sentenced a Florida resident for trafficking and selling counterfeit Cisco equipment worth more than $1B.
- Hackers are now reportedly able to manipulate patient health scan images. The security flaws, tracked as CVE-2022-37461, are linked with Canon Medical's Vitrea View medical device.
- BlackCat ransomware, a hacker group known for popularizing Ransomware-as-a-service and uniquely using Rust as its go-to programming language, is claiming that it has hacked a U.S. defense contractor.
*This is sponsored content. | |
Upcoming events at Inside: - October 11 - AMA with Mike Malone (Smallstep)* (Register Here)
- October 13 - AMA with Ram Bartov (Chief Accounting Officer at TripActions)* (Register Here)
- October 19 - AMA with Zecca Lehn (Responsibly VC) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
- November 02 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- December 07 - Live AMA with Deividi Silva ( Head of Developer Relations at Gun.io) (Register Here)
*This is a sponsored listing. | |
| | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
Sign up for our monthly Kustomer newsletter to stay up to date on all things CX. | |