Cyber Defense Advisors

Month: October 2022

Kolide, endpoint security for teams that want to meet SOC 2 compliance goals without sacrificing privacy

Graham Cluley Security News is sponsored this week by the folks at Kolide. Thanks to the great team there for their support! In 2021, our company went through the SOC 2 Type 1 audit, and we found out just how challenging it can be to prove compliance to a third-party auditor. We also learned firsthand […]

Cyber News, Cyber Threat Trends
  • by
  • October 17, 2022

User-Specific Secrets on AWS: Separation of Duties

ACM.83 Leveraging Resource Policies vs IAM Policies to prevent unintended access to secrets in Cloud Environments This is a continuation of my series of posts on Automating Cybersecurity Metrics. Note that I started working on this diagram but I amend it in a later post for greater accuracy and alignment with our policy objectives. In […]

Cyber News, Cyber Threat Trends
  • by
  • October 17, 2022

New Prestige Ransomware Targeting Polish and Ukrainian Organizations

A new ransomware campaign targeted the transportation and logistics sectors in Ukraine and Poland on October 11 with a previously unknown payload dubbed Prestige. “The activity shares victimology with recent Russian state-aligned activity, specifically on affected geographies and countries, and overlaps with previous victims of the FoxBlade malware (also known as HermeticWiper),” the Microsoft

Cyber News, Cyber Threat Trends
  • by
  • October 17, 2022

Why Crypto Winter is No Excuse to Let Your Cyber Defenses Falter

Don’t let the ongoing “crypto winter” lull you into a false sense of cybersecurity. Even as cryptocurrencies lose value — and some crypto companies file for bankruptcy — cryptojacking still poses an urgent threat to enterprises across industries, from financial services to healthcare to industry 4.0 and beyond.  Broadly speaking, cryptojacking is defined as the unauthorized and illegitimate use

Cyber News, Cyber Threat Trends
  • by
  • October 17, 2022

Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages

New research has disclosed what’s being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. “The [Office 365 Message Encryption] messages are encrypted in insecure Electronic Codebook (ECB) mode of operation,” Finnish cybersecurity company WithSecure said in a report published last week. […]

Cyber News, Cyber Threat Trends

Making Merger and Acquisition Cybersecurity More Manageable

Dan Burke is the director of strategy, risk, and compliance for AppDynamics, a company acquired by Cisco in 2017. Burke and his team are a vital part of the Cisco acquisition process in helping acquired companies adhere to a higher level of cybersecurity. This blog is the fourth in a series focused on M&A cybersecurity, […]

Cyber News, Cyber Threat Trends
  • by
  • October 17, 2022

Black Basta Ransomware Hackers Infiltrates Networks via Qakbot to Deploy Brute Ratel C4

The threat actors behind the Black Basta ransomware family have been observed using the Qakbot trojan to deploy the Brute Ratel C4 framework as a second-stage payload in recent attacks. The development marks the first time the nascent adversary simulation software is being delivered via a Qakbot infection, cybersecurity firm Trend Micro said in a technical analysis released last week. The

Cyber News, Cyber Threat Trends
  • by
  • October 17, 2022

Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite

Zimbra has released patches to contain an actively exploited security flaw in its enterprise collaboration suite that could be leveraged to upload arbitrary files to vulnerable instances. Tracked as CVE-2022-41352 (CVSS score: 9.8), the issue affects a component of the Zimbra suite called Amavis, an open source content filter, and more specifically, the cpio utility it uses to scan and […]

Cyber News, Cyber Threat Trends

Stories from the SOC:  Feeling so foolish – SocGholish drive by compromise

Executive summary: SocGholish, also known as FakeUpdate, is a JavaScript framework leveraged in social engineering drive by compromises that has been a thorn in cybersecurity professionals’ and organizations’ sides for at least 5 years now. Upon visiting a compromised website, users are redirected to a page for a browser update and a zip archive file […]

Cyber News, Cyber Threat Trends