2015, Information Security and Security Intelligence

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Daniel Miessler

NOVEMBER 6, 2020

I think there are four main trends that will play out in the field of information security in the next 20 years. I wrote my first big piece on it in August of 2015, and I still think it’s the future. The best example of the need for this is national level security intelligence, reconnaisance, and vulnerability assessment.

InfoSec

InfoSec Insurance Artificial Intelligence Cybersecurity

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

— Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. Don’t waste time, patch your system now! Pierluigi Paganini.

Security Intelligence

Security Intelligence Authentication Advertising Passwords

Recorded Future to Provide Free Access to Elite Intelligence Through New Browser Extension

Security Affairs

MAY 5, 2020

Level up Your Security Program With the Same Security Intelligence Used by the World’s Largest Governments and Many of the Fortune 1000. Recorded Future real-time security intelligence helps users instantly understand which vulnerabilities pose the most risk, so they can patch those first. Pierluigi Paganini.

Security Intelligence

Security Intelligence Risk Advertising Malware

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

— Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. Microsoft 365 Defender customers can also refer to these detections: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 5, 2020.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs

MAY 27, 2020

pic.twitter.com/Q3BMs7fSvx — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020. Learn how to build organizational security hygiene to prevent human-operated attacks: [link] — Microsoft Security Intelligence (@MsftSecIntel) May 27, 2020. Pierluigi Paganini.

Ransomware

Ransomware Security Intelligence Encryption Advertising

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Security Affairs

MAY 4, 2020

pic.twitter.com/EbI8kxICQG — Microsoft Security Intelligence (@MsftSecIntel) May 4, 2020. The attachment is a ZIP archive containing the familiar ISO file carrying a malicious SCR file with misleading icon pic.twitter.com/o1FbMUbTBs — Microsoft Security Intelligence (@MsftSecIntel) May 4, 2020.

Small Business

Small Business Malware Manufacturing Security Intelligence

Coronavirus-themed attacks May 17 ? May 23, 2020

Security Affairs

MAY 24, 2020

Experts from the Microsoft Security Intelligence team provided some details on a new “massive campaign” using COVID-19 themed emails. Security experts observed a spike in the use of the GuLoader since March 2020 while investigating COVID-19-themed malspam campaigns. Pierluigi Paganini. SecurityAffairs – COVID-19, hacking).

Advertising

Advertising Security Intelligence Hacking Information Security

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Security Affairs

JUNE 24, 2019

pic.twitter.com/PQ2g7rvDQm — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019. — Microsoft Security Intelligence (@MsftSecIntel) June 21, 2019. The final payload is the remote access Trojan FlawedAmmyy,” reads a Tweet published by Microsoft Security Intelligence. Pierluigi Paganini.

Security Intelligence

Security Intelligence Advertising Malware Banking

Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection

Security Affairs

OCTOBER 28, 2021

Get details: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 28, 2021. System Integrity Protection (also referred to as rootless) is a macOS security feature introduced in OS X El Capitan (2015) (OS X 10.11).

Security Intelligence

Security Intelligence Hacking Technology Software

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. pic.twitter.com/1qnx3NmwiB — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Security Intelligence Banking Phishing

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. CISA and MS-ISAC recommend admins and users to use antimalware solutions to block suspicious attachments and to block suspicious IPs addresses.

Government

Government Banking Advertising Malware

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Security Affairs

JUNE 10, 2019

pic.twitter.com/Ac6dYG9vvw — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019. — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. AD and the payload as Trojan:MSIL/Cretasker. Pierluigi Paganini.

Security Intelligence

Security Intelligence Advertising Malware Information Security

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. Security experts pointed out that Emotet gang also sells access to these infected networks to other cybercrime organizations, such as ransomware operators. Pierluigi Paganini. SecurityAffairs – hacking, Emotet).

Malware

Malware Passwords Advertising Ransomware

Canadian intelligence agencies CSE and CSIS are divided on Huawei 5G ban

Security Affairs

NOVEMBER 14, 2019

The Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE) are divided over the ban of Huawei 5G technology. The Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE) agencies are divided over the ban of Huawei 5G technology.

Government

Government Telecommunications Wireless Security Intelligence

Iran-linked APT is exploiting the Zerologon flaw in attacks

Security Affairs

OCTOBER 6, 2020

Microsoft 365 Defender customers can also refer to these detections: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 5, 2020. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. We strongly recommend patching. ” reads the analysis published by Microsoft. Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Cyber Attacks

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

Researchers at Microsoft Security Intelligence team published a series of tweets to warn of a new wave of attacks aimed at distributing the Clop ransomware and linked it to the financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7 ).

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

A new Astaroth Trojan Campaign uncovered by Microsoft

Security Affairs

JULY 9, 2019

See how #MicrosoftDefenderATP next-gen protection defeated the #fileless attack: [link] — Microsoft Security Intelligence (@MsftSecIntel) July 8, 2019. The malware is able to log the users’ keystrokes, collect information through hooking, access clipboard content, and monitor the keystate. Pierluigi Paganini.

Antivirus

Antivirus Malware Advertising Security Intelligence

Iran-linked Phosphorous APT hacked emails of security conference attendees

Security Affairs

OCTOBER 29, 2020

.” Microsoft Threat Intelligence Information Center (MSTIC) has uncovered activity by the threat actor PHOSPHOROUS, which has been masquerading as conference organizers and sending spoofed invitations by email to high-profile individuals. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Security Intelligence Advertising Accountability

New Echobot Botnet targets Oracle, VMware Apps and includes 26 Exploits

Security Affairs

JUNE 16, 2019

The popular expert Larry Cashdollar, from Akamai’s Security Intelligence Response Team (SIRT), spotted a new version of the Echobot botnet that counts 26 different exploits. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – Echobot botnet, IoT).

IoT

IoT Advertising Malware Wireless

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

link] — Microsoft Security Intelligence (@MsftSecIntel) October 12, 2020. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. ” reads the post published by Microsoft.

Malware

Malware Banking Advertising Financial Services

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Security Affairs

OCTOBER 30, 2020

About the Author: David Bisson is an information security writer and security junkie. He’s a contributing editor to IBM’s Security Intelligence, Tripwire’s The State of Security Blog, and a contributing writer to Bora.

Advertising

Advertising Internet Internet Backups

The number of exploits in the Echobot botnet reached 59

Security Affairs

AUGUST 7, 2019

At the time of its discovery, operators added 8 new exploits, but a few weeks later the popular expert Larry Cashdollar from Akamai’s Security Intelligence Response Team (SIRT) discovered a variant that included a total of 26 exploits. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Wireless

Wireless IoT Advertising Surveillance

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

A deeper analysis of some of these samples revealed that they were compiled in 2014 and used in the wild between 2014 and 2015. These malware strains did not present any similarities with malware associated with other APT groups.

Malware

Malware Hacking Government Telecommunications

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

Security Affairs

NOVEMBER 11, 2019

Read our latest blog w/ assist from @GossiTheDog & @MalwareTechBlog [link] — Microsoft Security Intelligence (@MsftSecIntel) November 7, 2019. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Locate and patch exposed RDP services now. Pierluigi Paganini.

Small Business

Small Business Malware Cryptocurrency Advertising

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

Security Affairs

NOVEMBER 8, 2019

Read our latest blog w/ assist from @GossiTheDog & @MalwareTechBlog [link] — Microsoft Security Intelligence (@MsftSecIntel) November 7, 2019. It also provides worldwide impact information, mitigation recommendations, and detection information. Locate and patch exposed RDP services now. Pierluigi Paganini.

Malware

Malware Penetration Testing Advertising Spyware

Emotet operators are running Halloween-themed campaigns

Security Affairs

OCTOBER 31, 2020

Researchers from Microsoft Security Intelligence are also warning of the ongoing Halloween-themed Emotet campaign. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Enable Edition template mostly used. TT [link] [link] — Cryptolaemus (@Cryptolaemus1) November 1, 2019. Source Bleeping Computer.

Banking

Banking Malware Security Intelligence Advertising

Cyber Security Informer

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Hackers are using Zerologon exploits in attacks in the wild

Trending Sources

Recorded Future to Provide Free Access to Elite Intelligence Through New Browser Extension

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Microsoft warns about ongoing PonyFinal ransomware attacks

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Coronavirus-themed attacks May 17 ? May 23, 2020

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection

Microsoft warns TA505 changed tactic in an ongoing malware campaign

CISA alert warns of Emotet attacks on US govt entities

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Canadian intelligence agencies CSE and CSIS are divided on Huawei 5G ban

Iran-linked APT is exploiting the Zerologon flaw in attacks

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

A new Astaroth Trojan Campaign uncovered by Microsoft

Iran-linked Phosphorous APT hacked emails of security conference attendees

New Echobot Botnet targets Oracle, VMware Apps and includes 26 Exploits

Microsoft partnered with other security firms to takedown TrickBot botnet

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

The number of exploits in the Echobot botnet reached 59

Purple Lambert, a new malware of CIA-linked Lambert APT group

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

Emotet operators are running Halloween-themed campaigns

Stay Connected