CYBER THIS WEEK – OCTOBER 23, 2022

Third-Party Risk Management: Is Your Organization Reaping the Rewards or Simply Ticking a Box?

If we are going to reap the rewards of third-party relationships, then we must also identify, manage and mitigate the risks. A rigorous TPRM program is key to achieving just that, which means effective third-party oversight is more important than ever.

Third-Party Risk Management: Is Your Organization Reaping the Rewards or Simply Ticking a Box? – CPO Magazine

How to Remediate Keys and Certificates after a Data Breach

Did you know that over 65% of Global 2000 organizations take one or more days to respond to a trust-based attack that has infiltrated the enterprise network? When it comes to remediation of any attack on the enterprise, the longer it takes to remediate the breach, the more time cybercriminals will have to implement backdoors and to steal more data, which means the damage will be even worse!

Remediate Keys and Certificates After a Data Breach | Venafi

The Dangerous Flaws of Web3 Security, According To a Former Hacker

Web3 is the future of computing, and as it is more widely adopted, it becomes a more attractive attack vector for cyber criminals. They will break in; they always find a way to thwart security. It’s now up to organizations to recognize that Web3’s security is not foolproof and that protecting data needs attention before it is too late.

The Dangerous Flaws of Web3 Security, According To a Former Hacker (securityintelligence.com)

Details on the Largest B2B Leak: BlueBleed

The ongoing discussion on the scope and significance of the BlueBleed Leak and Microsoft’s claims about SOCRadar on its blog about the incident, SOCRadar provides more details and answer questions from different channels. They hope that the explanations will make the incident and our intentions clearer.

Details On The Largest B2B Leak: BlueBleed (socradar.io)

Investigation Regarding Misconfigured Microsoft Storage Location – Microsoft Security Response Center

These are the top passwords hackers use against remote access. Time to change yours?

Researchers at Rapid7 have looked at the security of admin passwords used to protect the two main protocols for remotely accessing corporate networks – and the results aren’t great.  

The two protocols – Remote Desktop Protocol (RDP) and Secure Shell (SSH) – are widely used for managing virtual machines in the cloud. With the growing popularity of both cloud deployments and remote work, the researchers said it’s important to know how opportunistic attackers are targeting these systems.

These are the top passwords hackers use against remote access. Time to change yours? | ZDNET

Ransomware vulnerabilities soar as attackers look for easy targets

Ransomware continues to grow fast, increasing by 466% in three years. In addition, 57 vulnerabilities exist today with an entire kill chain mapped — from initial access to exfiltration using the MITRE ATT&CK techniques, tactics and procedures (TTPs) — according to Ivanti’s latest research.

Ransomware vulnerabilities soar as attackers look for easy targets | VentureBeat

Defenders beware: A case for post-ransomware investigations

In this blog, Microsoft Detection and Response Team (DART) detail a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code. Cobalt Strike was used for persistence on the network with NT AUTHORITY/SYSTEM (local SYSTEM) privileges to maintain access to the network after password resets of compromised accounts.

This incident highlights an attacker’s ability to have a longstanding dwell time on a network before deploying ransomware. DART Team will also discuss the various techniques used as well as the recommended detections and defense techniques that customers can use to increase protection against these types of attacks.

Defenders beware: A case for post-ransomware investigations – Microsoft Security Blog

BlackLotus, the new UEFI rootkit that makes security researchers worry

A new powerful UEFI rootkit is reportedly up for sale on underground forums, offering advanced attack features that were previously available only to intelligence agencies and state-backed threat groups. BlackLotus, as the unknown seller has named the malware, is a firmware rootkit that can bypass Windows protections to run malicious code at the lowest level of the x86 architecture protection rings.

BlackLotus, the new UEFI rootkit that makes security researchers worry | TechSpot

Using Identity for Access Is a Huge Cybersecurity Risk

FIDO hopes to reduce the reliance on passwords and give users a way of keeping their credentials to hand, as they move between devices. However, this overriding regard for convenience above security could potentially be leaving vital data vulnerable to threat actors.

Using Identity for Access Is a Huge Cybersecurity Risk – Cyber Defense Magazine

The benefits of taking an intent-based approach to detecting Business Email Compromise 

Intent-based approach to detect BEC provides an inherent advantage. The method will detect BEC exploitation irrespective if the threat actor is impersonating a C-Level executive or any other employee in an organization. Classification of BEC into the type of scam will aid in identifying which segment of the company is targeted.

Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: The benefits of taking an intent-based approach to detecting Business Email Compromise

Share: