November 2022 - Cyber Security Minute

Why the Culture Shift on Privacy and Security Means Today’s Data Looks Different

Issued by: Dark Reading

Over the past 15 years, several events have reshaped how we think about data — what it means from a business perspective and what rights individuals have regarding how their personal information is used. Data security governance undoubtedly will play a large role in the future; however, conversations are still in relatively early stages. In…

Malware & Threats

Killnet Gloats About DDoS Attacks Downing Starlink, White House

Issued by: Dark Reading

Killnet and its band of hacker collaborators are claiming they were able to pull off a trio of symbolic distributed denial-of-service (DDoS) attacks aimed at punishing some of the most critical supporters of Ukraine against the Russian invasion — Elon Musk’s Starlink satellite broadband service and the websites of the White House in the US…

Network Security

The Metaverse Could Become a Top Avenue for Cyberattacks in 2023

Issued by: Dark Reading

A combination of maturing and emerging consumer-facing cyber threats could add to the many challenges that enterprise security teams will need to contend with in 2023. Researchers at Kaspersky, looking at how the cyber threat landscape will likely evolve over the next year, expect that threat actors will expand use of many of their current…

Malware & Threats

Black Basta Gang Deploys Qakbot Malware in Aggressive Cyber Campaign

Issued by: Dark Reading

The Black Basta ransomware group is using Qakbot malware — also known as QBot or Pinkslipbot — to perpetrate an aggressive and widespread campaign using an .IMG file as the initial compromise vector. More than 10 different customers have been targeted by the campaign in the last two weeks, mostly focused on companies based in…

Vulnerabilities

Cyber-Threat Group Targets Critical RCE Vulnerability in ‘Bleed You’ Campaign

Issued by: Dark Reading

The “Bleed You” campaign is trying to take advantage of a known remote code execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions, and more than 1,000 systems are unpatched and vulnerable to compromise. The critical flaw, tracked as CVE-2022-34721, has been under active attack since September, a new report from Cyfirma warns,…

Malware & Threats

Fake subscription invoices lead to corporate data theft and extortion

Issued by: Help Net Security

A threat actor dubbed Luna Moth has been leveraging social engineering and legitimate software to steal sensitive data and extort money from small and medium-size businesses. The group is eschewing the use of ransomware and instead relies on targeted employees calling a phone number manned by the attackers and convincing them to install a remote…

Vulnerabilities

A flaw in ConnectWise Control spurred the company to make life harder for scammers

Issued by: Help Net Security

A vulnerability in popular remote access service/platform ConnectWise Control could have been leveraged by scammers to make compromising targets’ computers easier, Guardio researchers have discovered. By abusing the fully-featured 14-day trial option for that hosted cloud service, scammers are already taking advantage of the platform at no cost, but the vulnerability could have allowed them…

Application Security

California County Says Personal Information Compromised in Data Breach

Issued by: Security Week

The incident, Tehama County says, was identified on April 9, but the investigation into the matter stretched to August 19, when it was determined that personally identifiable information (PII) was compromised. The investigation revealed that an unauthorized third-party had access to the county’s systems between November 18, 2021, and April 9, 2022, and that files…

Malware & Threats

Time to Get Kids Hacking: Our 2022 Holiday Gift Guide

Issued by: Dark Reading

Whether cybersecurity professionals, software developers, hardware tinkerers, or all of the above, hacker parents are some of the best “recruiters” for the future of tomorrow’s cyber workforce. If you’re one such pro seeking out a gift that’s not just fun but also gets your kid thinking like a hacker, we’ve got the gift guide for…