Plus: Pentagon releases new cybersecurity strategy for the Department of Defense
| Part of  Network | |
 Presented by  |
Ducktail Hacker Group is targeting companies that use Facebook ads with a hacking campaign that is becoming more dangerous than before. The group is now using WhatsApp to spear phish victims. More: - Based on analysis and data gathered by researchers, a Vietnamese threat actor is responsible for the cyber attack.
- The threat actor targets individuals and employees that manage their Facebook Business accounts with information-stealer malware.
- The malware is designed to steal browser cookies and information from the victim's Facebook account and proceed to hijack any Facebook Business account that the victim may own.
- Meta released a statement regarding this report, saying that the company is aware of the threat actor and regularly intercepts its campaigns. The company also called on users to be aware of the files they are downloading since the info stealer malware used in this campaign infects its victims by downloading files.
| |
Cisco Secure Email Gateway may be easily breached by threat actors, according to a report. An anonymous researcher stated that he had reported the issue to Cisco, but the response was not productive. More: - According to the anonymous researchers, the methods used to breach Cisco Secure Email Gateway affect Outlook, Mozilla Thunderbird, Mutt, and Vivaldi.
- There are three methods through which the security flaw in Cisco's system can be abused:
- Cloaked Base 64 (impacts Microsoft Outlook, Mozilla, Vivaldi, Mutt)
- yEnc Encoding (impacts Mozilla Thunderbird)
- Cloaked Quoted-Printable (impacts Vivaldi and Mutt)
- The researcher claims that the tools used to launch this cyberattack are open-source tools found on GitHub repositories.
- Cisco has previously released a warning regarding a security flaw in its Secure Emai Gateway system. According to the warning page, the company has worked on patching the bug as recently as today.
| |
 A message from SECURITY COMPASS Security teams and developers may be aligned on what is needed, but the delivery of these requirements leaves room for improvement. This interactive report examines the maturity and approaches of application security training for software developers. It emphasizes the frustrations developers experience with current eLearning options and organizational views on its effectiveness. Key takeaways from the study include: - 40% of respondents indicate their company provides interactive content, yet a lack of interactive content remains a top frustration.
- In total, 75% of respondents indicated they had to look up security-related topics regularly - once or twice a week (54%) or daily (21%).
- The best time to do secure development training was during code implementation.
- 37% of developers stated that implementing new code to satisfy security requirements was the most costly and time-consuming activity they perform.
To view the full “2022 DevSecOps Perspectives on AppSec Training” research report and learn more. Click here
| |
Researchers have found a code sample from the Donut extortion group ransomware. The group has now been confirmed to use ransomware as a threat vector. More: - Once the ransomware starts to encrypt the files, the Donut ransomware changes the extension that the files have. This means that, if infected, the regular jpeg files in your device would be changed to a d0nut extension.
- The group sends the usual ransom warning message to its victims. The note includes obfuscated content in order to avoid being tracked and instructs the victim to continue communicating with the group in TOR and in a dedicated website.
- Donut group is a new threat actor that was tracked only a few months ago, but it already seems to have evolved quickly.
- Researchers believe that the group may be an affiliate of numerous other threat actors, which would explain why its previous breach was claimed by multiple threat actors.
| |
Pentagon has released a guide that presents its new zero-trust cybersecurity strategy for the Department of Defense. The agency said that all DoD components must adapt to the new philosophy in order to ensure safety. More: - The plan contains four main strategic points:
- Zero trust culture adoption,
- DoD information systems secured and defended,
- technology acceleration, and
- and zero trust enablement.
- This plan does not specify what software and tools federal agencies have to use, but it guides them on the methods they should implement when buying and using them.
- In addition to this plan, the DoD released a complementary roadmap that specifies how the agencies will achieve the full implementation of this program.
- The Pentagon stated that all agencies need to present a clear execution plan by Sept. 23, 2023. Implementation is expected to begin at the end of 2023.
| |
 A message from LAIKA If you’re trying to close deals, SOC 2 is probably a thorn in your side. What is it, and who cares? Your business needs SOC 2. But building compliance from scratch is complicated, time-consuming, and the cost can be crippling. Laika has you covered. Uncomplicate SOC 2 with our guide for growth-minded founders. In the guide by Laika you’ll learn: - What is SOC 2 compliance and why it matters for your startup
- How to close more deals faster by becoming SOC 2 compliant
- How to prepare for SOC 2 compliance
- What to expect in terms of time and cost
- What to do after the report is in
What makes Laika the authority on SOC 2? They’re the only compliance automation solution that was built by compliance experts. Learn how to turn compliance from a pain point into a secret edge over your competitors. Download Now 
| |
Security has surpassed innovation as the No. 1 IT funding priority for companies, according to a report. 44% of the respondents stated that security is among their top three priorities. More: - Security was the most important priority for 40% of the executives that were interviewed. Cloud security was the second overall with 38%, and the top priority in the cloud vertical.
- Security automation also was the top automation priority, ahead of cloud services automation and network automation.
- This growth in the budget allocation for cybersecurity may be credited to the increasing number of cyberattacks that have been affecting companies worldwide for the last two years. There were nearly 2,000 cyberattacks in 2021 in the U.S. alone. Cyberattacks have caused over $1T in direct and indirect global economic damages.
- The cybersecurity market is expected to reach $310B by 2027, up from $150B in 2021.
| |
Quick Hits: - DUER's founder wanted pants that stretch "from bike lane to boardroom to an evening night out." Try the World's Most Comfortable Pants during Black Friday — shop up to 50% off sitewide.*
- Australian citizens feel left out of the debates regarding their own data security and have little faith in the government's ability to protect them from cyberattacks, according to a study.
- Hackers have stolen millions of dollars from the citizens of New Zealand through fraud in just the last three months.
- The Czech Presidency of the EU Council has presented its changes to The Cyber Resilience Act. This legislation is considered the most impactful cybersecurity bill in recent EU history.
- The credit card numbers and overall private information of over 80,000 citizens in Australia have been stolen after hackers hit the charity organization "The Smith Family" with a cyberattack.
*This is sponsored content.
| |
Upcoming events at Inside:
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |
Laika is a unified compliance platform that automates workflows for audits, infosec monitoring, and vendor due diligence in a single, collaborative space. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2022 Inside.com | |
| |
