Blog - Cyber Security Informer

Remote Desktop Threats & Remediations

Duo's Security Blog

MARCH 6, 2024

While securing RDP applications with multi-factor authentication (MFA) is an essential first step, we have seen a recent uptick in large-scale RDP attacks that can successfully subvert traditional MFA depending on the account policies and configuration. Summary Basic MFA is a necessary first step in securing RDP applications.

Authentication

Authentication Accountability VPN Passwords

What is Cyber Liability Insurance?

Duo's Security Blog

JUNE 21, 2021

Likewise, cyber liability insurers often look to MFA (multi-factor authentication) as an indicator of security safeguarding and may expect your company to have it set up. Considering 61% of breaches involve credential data, it’s a no-brainer for insurance companies to require something as easy and effective as MFA.

Insurance

Insurance Cyber Insurance Data breaches Social Engineering

Microsoft warns of the rise of cryware targeting hot wallets

Security Affairs

MAY 18, 2022

Apart from sign-in credentials, system information, and keystrokes, many info stealers are now adding hot wallet data to the list of information they search for and exfiltrate. Password and info stealers. ClipBanker trojans. To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Social Engineering Malware Cybercrime

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Almost Half of All Chrome Extensions Are Potentially High-Risk

eSecurity Planet

NOVEMBER 29, 2022

. “Some Chrome extensions have access to virtually everything you do in your browser, including all your keystrokes,” Incogni content manager Federico Morelli wrote in a blog post detailing the findings. Also read: Microsoft Warns of Surge in Token Theft, Bypassing MFA. Developer Risk.

Risk

Risk Adware Data collection Passwords

FoggyWeb, analysis of a Nobelium backdoor

Malwarebytes

SEPTEMBER 28, 2021

DLL search order hijacking method. One of the two files that are initially dropped uses the DLL search order hijacking technique to gain persistence. They all use the same search order to find a DLL. For a much more detailed analysis of the decrypted backdoor we advise reading the full Microsoft blog. Stay safe, everyone!

Malware

Malware Authentication Firewall Risk

GUEST ESSAY: ‘Initial access brokers’ — IABs — specialize in enabling surreptitious access

The Last Watchdog

DECEMBER 19, 2022

They search for weak points and perform the challenging, technically demanding work of breaking past an organization’s security, then offer access to the victim to the highest bidder. These include: •Using multifactor authentication (MFA) on all accounts. IABs on the rise. Mitigating IABs. Monitoring the dark web for IAB listings.

Cybercrime

Cybercrime Digital transformation Ransomware Cybersecurity

General Motors suffers credential stuffing attack

Malwarebytes

MAY 24, 2022

Attackers could have accessed the following Personally Identifiable Information (PII) of a compromised user: First and last name Email address Physical address Username and phone number for registered family members tied to the account Last known and saved favorite location information Search and destination information. Mitigation.

Passwords

Passwords Accountability Password Management Manufacturing

Advanced Phishing 201: How to Prevent Phishing from Impacting Your Users

Duo's Security Blog

MAY 10, 2023

Effectively protecting complex networks against sophisticated phishing attacks involves a comprehensive security stack including multi-factor authentication (MFA) , single sign-on (SSO) , and domain name system (DNS) security. Why is layered security essential against phishing? PCI DSS, HIPAA, etc.) We didn't even need to switch screens.”

Phishing

Phishing DNS Authentication Risk

How to Evaluate the True Costs of Multi-Factor Authentication

Duo's Security Blog

JANUARY 27, 2022

Not all multi-factor authentication (MFA) solutions are equal. With Duo, we were able to bring consistent security controls across all of our apps by streamlining to one MFA and SSO solution at a much lower total cost of ownership…. A multi-functional MFA platform/portfolio player like Duo-Cisco helps you avoid these costs.

Authentication

Authentication Software Mobile Passwords

How to Stop Phishing Attacks with Protective DNS

Security Boulevard

OCTOBER 2, 2023

This blog examines the escalating phishing landscape, shortcomings of common anti-phishing approaches, and why implementing a Protective DNS service as part of a layered defense provides the most effective solution. User education is unreliable when faced with highly-refined psychological manipulation tailored to override caution.

DNS

DNS Phishing Social Engineering Engineering

A Closer Look at the LAPSUS$ Data Extortion Group

Krebs on Security

MARCH 23, 2022

In a blog post published Mar. For a fee, the willing accomplice must provide their credentials and approve the MFA prompt or have the user install AnyDesk or other remote management software on a corporate workstation allowing the actor to take control of an authenticated system.

Social Engineering

Social Engineering Accountability Mobile Passwords

Abusing Slack for Offensive Operations: Part 2

Security Boulevard

NOVEMBER 9, 2023

When I first started diving into offensive Slack access, one of the best public resources I found was a blog post by Cody Thomas from back in 2020 (which I highly recommend giving a read). This BOF simply reads the memory of a remote Office process and searches the returned buffer for JSON web tokens (JWTs) related to Microsoft services.

Passwords

Passwords Social Engineering Encryption Engineering

AvosLocker enters the ransomware scene, asks for partners

Malwarebytes

JULY 23, 2021

This blog post was authored by Hasherezade. In this blog we will take a look at AvosLocker a solid, yet not too fancy new ransomware family that has already claimed several victims. Its authors started searching for affiliates through various underground forums. Example: calling a function just after searching it.

Ransomware

Ransomware Encryption Malware Backups

Digital artists targeted in RedLine infostealer campaign

Security Boulevard

JUNE 14, 2021

This blog post is divided into four parts: Introduction : provides an overview of what happened. Good news: The variant discussed in this blog does not appear to persist : in other words, after a reboot, its process will not be active anymore, at least for the variant discussed in this blog post. Detection. .

Antivirus

Antivirus Accountability Malware Passwords

Consumers have their Say about Protection of Personal Data – Call for More Stringent Controls

Thales Cloud Protection & Licensing

OCTOBER 10, 2022

This information has such value that it has become the currency for service providers such as search engines and social media providers. In this blog post I will discuss just a few of these insights. This includes forcing service providers to utilise encryption and multi factor authentication (MFA).

Data breaches

Data breaches Government Media Retail

Passkeys vs. Passwords: The State of Passkeys on Cloud Platforms

Duo's Security Blog

SEPTEMBER 6, 2023

We have a lot of thoughts on passkeys – some of which we’ve shared in other posts in this passkey blog series – and today we’re going to explore how passkeys stack up against passwords from the perspective of cloud platforms. That’s why many tech companies are turning to passkeys as a more secure and convenient replacement.

Passwords

Passwords Password Management Authentication Threat Detection

Resetting Passwords (and Saving Time and Money) at the IT Help Desk

Duo's Security Blog

SEPTEMBER 21, 2021

Many consider self-service solutions, possibly secured with Duo MFA, to help. Once they’re selected from the search results, we see a number of Quick Verification options, including Duo. So it comes as no surprise that most businesses want to improve the productivity of their IT help desks and address the password reset cost problem.

Passwords

Passwords Social Engineering Authentication Engineering

The Case for Multi-Vendor Security Integrations

Cisco Security

AUGUST 26, 2022

When you pivot into Exabeam and search for an observable in all the log messages, the results of the search are displayed in the Exabeam UI. SecureX orchestration atomic actions for Censys is now available and includes: Basic Search. SecureX orchestration atomic actions for Shodan include: Basic Search. Read more here.

Firewall

Firewall Authentication Passwords Threat Detection

AvosLocker enters the ransomware scene, asks for partners

Malwarebytes

JULY 23, 2021

This blog post was authored by Hasherezade. In this blog we will take a look at AvosLocker a solid, yet not too fancy new ransomware family that has already claimed several victims. Its authors started searching for affiliates through various underground forums. Example: calling a function just after searching it.

Ransomware

Ransomware Encryption Malware Backups

Security Roundup December 2023

BH Consulting

DECEMBER 11, 2023

The report recommends steps to prevent breaches, such as making MFA mandatory, turning on features that make storage buckets private, and discovering any publicly exposed workloads. These practices can lead to account compromise, or enabling unauthorised users to access sensitive data and escalate privileges.

Surveillance

Surveillance Cybersecurity DDOS Data breaches

RESTRICT: LOCKING THE FRONT DOOR (Pt. 3 of “Why Don’t You Go Dox Yourself?”)

Cisco Security

OCTOBER 19, 2022

Weak or reused passwords are most vulnerable to attack, and as you most likely discovered during your HaveIBeenPwned search, the odds are better than not that you found your username or email in at least one previous breach. . Multi-factor authentication is often shortened to MFA and can also be referred to as two-step authentication or 2FA.

Passwords

Passwords Authentication Accountability Password Management

Top 5 Considerations for Single Sign-On (SSO)

Duo's Security Blog

NOVEMBER 16, 2021

Furthermore, the SSO application dashboard for end users should be protected with multi-factor authentication (MFA) to reduce risks of phishing and other identity attacks that could compromise credentials. The administrator should also be able to generate reports and analytics of anomalous user behavior.

Passwords

Passwords Authentication VPN Data breaches

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

” Monahan has been documenting the crypto thefts via Twitter/X since March 2023, frequently expressing frustration in the search for a common cause among the victims. Then on Aug. Perhaps the best answer to this question comes from Wladimir Palant , a security researcher and the original developer behind the Adblock Plus browser plugin.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Selecting the Right Cloud SSO Solution for Your Organization

Thales Cloud Protection & Licensing

JANUARY 7, 2021

This blog will introduce access management evaluation criteria guidelines and discuss what features you should look for and what vendors to consider for your next employee access management solution. To mitigate the risk of these attacks, risk officers and IT managers are searching for Single Sign On or SSO solutions.

Authentication

Authentication VPN Passwords Risk

Top 7 Data Security Practices for the Workplace

Identity IQ

APRIL 12, 2023

In this blog, we cover the top-seven data security practices every workplace should implement to help protect valuable information and more. If you don’t already use multi-factor authentication (MFA) to access your work accounts, you should start. Why is Data Security Important in the Workplace?

Passwords

Passwords Data breaches Antivirus Password Management

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security

MARCH 29, 2022

But there’s no real mechanism defined by most Internet service providers or tech companies to test the validity of a search warrant or subpoena. ” The idea of impersonating law enforcement officers to obtain information typically only available via search warrant or subpoena is hardly new.

Accountability

Accountability Government Hacking Social Engineering

Herjavec Group BlackMatter Ransomware Profile

Herjavec Group

SEPTEMBER 24, 2021

T1083 File and Directory Discovery BlackMatter uses native functions to enumerate files and directories searching for targets to encrypt. . Enable multifactor authentication (MFA) for all user accounts if able. . 6] “BlackMatter Ransomware Analysis; The Dark Side Returns | McAfee Blogs.” Accessed: Aug. Available: [link] . [6]

Ransomware

Ransomware Manufacturing Energy and Utilities Encryption

10 Reasons to Trust Your Enterprise APIs

Cisco Security

AUGUST 30, 2021

Be sure to check out the bonus tip at the end of the blog and share in the comments other ways your organization is successfully securing APIs. Use short-lived access tokens, proper password storage, multi-factor authentication (MFA), and always authenticate your apps. I recommend working the list top down.

Software

Software Authentication Risk Encryption

The Analyst Prompt #05: Russo-Ukrainian Cyberattacks, and Updates on Lapsus$ and Conti Ransomware Operations

Security Boulevard

MARCH 24, 2022

2 ] The threat actor leveraged a set of misconfigured Multi-Factor Authentication (MFA) accounts that enabled it to enroll a new device for MFA and to access the victim network. Kevin Beaumont, “@cyb3rops VirusTotal search if you want ’em [.],” @GossiTheDog, Jan. Like other cyber-criminal operations (e.g., link] (accessed Mar.

Ransomware

Ransomware Malware Government Antivirus

Cyber Threats to the FIFA World Cup Qatar 2022

Digital Shadows

NOVEMBER 10, 2022

These malicious apps constitute a risk for customers and developers alike—and they can be easily found online using the most common search engines. Once in control of a user’s credentials, the attackers can access said account most of the time, unless proper defenses like multi-factor authentication (MFA) were previously put in place.

Cyber threats

Cyber threats Media Social Engineering Mobile

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Last Watchdog

FEBRUARY 28, 2021

A common adware program might redirect a user’s browser searches to look-alike web pages that contain other product promotions. Single Sign-on (SSO) and Multi-factor Authentication (MFA) mechanisms are implemented to protect against keylogging. •In

Cyber threats

Cyber threats Computers and Electronics Adware Spyware

Large-Scale AiTM Attack targeting enterprise users of Microsoft email services

Security Boulevard

AUGUST 2, 2022

In this blog, we describe details of the tactics, techniques and procedures (TTPs) involved in the campaign. Since the campaign is active at the time of blog publication, the list of indicators of compromise (IOCs) included at the end of the blog should not be considered an exhaustive list. Key points.

Phishing

Phishing Energy and Utilities Authentication Accountability

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Cisco Security

MAY 27, 2022

In part one of our Black Hat Asia 2022 NOC blog , we discussed building the network with Meraki: . With SecureX sign-on we can log into all the products only having to type a password one time and approve one Cisco DUO Multi-Factor Authentication (MFA) push. Meraki MR, MS, MX and Systems Manager by Paul Fidler .

Malware

Malware Accountability DNS Technology

Cyber Security Informer

Remote Desktop Threats & Remediations

What is Cyber Liability Insurance?

Webinars

Trending Sources

Microsoft warns of the rise of cryware targeting hot wallets

Webinars

Almost Half of All Chrome Extensions Are Potentially High-Risk

FoggyWeb, analysis of a Nobelium backdoor

GUEST ESSAY: ‘Initial access brokers’ — IABs — specialize in enabling surreptitious access

General Motors suffers credential stuffing attack

Advanced Phishing 201: How to Prevent Phishing from Impacting Your Users

How to Evaluate the True Costs of Multi-Factor Authentication

How to Stop Phishing Attacks with Protective DNS

A Closer Look at the LAPSUS$ Data Extortion Group

Abusing Slack for Offensive Operations: Part 2

AvosLocker enters the ransomware scene, asks for partners

Digital artists targeted in RedLine infostealer campaign

Consumers have their Say about Protection of Personal Data – Call for More Stringent Controls

Passkeys vs. Passwords: The State of Passkeys on Cloud Platforms

Resetting Passwords (and Saving Time and Money) at the IT Help Desk

The Case for Multi-Vendor Security Integrations

AvosLocker enters the ransomware scene, asks for partners

Security Roundup December 2023

RESTRICT: LOCKING THE FRONT DOOR (Pt. 3 of “Why Don’t You Go Dox Yourself?”)

Top 5 Considerations for Single Sign-On (SSO)

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Selecting the Right Cloud SSO Solution for Your Organization

Top 7 Data Security Practices for the Workplace

Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

Herjavec Group BlackMatter Ransomware Profile

10 Reasons to Trust Your Enterprise APIs

The Analyst Prompt #05: Russo-Ukrainian Cyberattacks, and Updates on Lapsus$ and Conti Ransomware Operations

Cyber Threats to the FIFA World Cup Qatar 2022

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

Large-Scale AiTM Attack targeting enterprise users of Microsoft email services

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Stay Connected