September 25, 2022 by cyberthisweek No CommentsUncategorized

CYBER THIS WEEK – SEPTEMBER 25, 2022

Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices

Masquerading as a banking rewards app, this new version has additional remote access trojan (RAT) capabilities, is more obfuscated, and is currently being used to target customers of Indian banks. The SMS campaign sends out messages containing a link that points to the info-stealing Android malware.

Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices – Microsoft Security Blog

Sunsetting legacy Cybersecurity Process for Better Optimization and Security Modernization

The idea of “if it isn’t broken, don’t fix it” should not apply to cybersecurity. Most organizations develop three to five-year phasing plans for most IT and cyber products to align with the manufacturer’s end-of-development, end-of-support, and end-of-life product life cycles and keep up with the latest security risks. What if the process or product is not up to date or aligned with the current threat landscape and security breaches?

Sunsetting legacy Cybersecurity Process for Better Optimization and Security Modernization | by John P. Gormally, SR | Sep, 2022 | Medium

CISA and NSA Publish Joint Cybersecurity Advisory on Control System Defense

CISA and the National Security Agency (NSA) have published a joint cybersecurity advisory about control system defense for operational technology (OT) and industrial control systems (ICSs). Control System Defense: Know the Opponent is intended to provide critical infrastructure owners and operators with an understanding of the tactics, techniques, and procedures (TTPs) used by malicious cyber actors.

CSA_ICS_Know_the_Opponent_.PDF (defense.gov)

AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes

Before it was patched, #AttachMe could have allowed attackers to access and modify any other users’ OCI storage volumes without authorization, thereby violating cloud isolation. Upon disclosure, the vulnerability was fixed within hours by Oracle. No customer action was required.

AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes | Wiz Blog

Insider Threats: Your employees are being used against you

There are two broad categories of insider threats: the malicious insider and the unwitting asset. Both present unique challenges in detection and prevention for defenders and organizations’ IT admins.

Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Insider Threats: Your employees are being used against you

“Left and Right of Boom” – Having a Winning Strategy

Reality is that we can never eliminate cyber risk entirely, but we can manage it more effectively with “Left and Right of Boom” processes and procedures, creating a winning strategy by splitting an organization’s cybersecurity investments between strategic preparedness, prevention, and incident response.

“Left and Right of Boom” – Having a Winning Strategy | SecurityWeek.Com

Malicious OAuth applications abuse cloud email services to spread spam

This blog presents the technical analysis of this attack vector and the succeeding spam campaign attempted by the threat actor. It also provides guidance for defenders on protecting organizations from this threat, and how Microsoft security technologies detect it.

Malicious OAuth applications abuse cloud email services to spread spam – Microsoft Security Blog

5 Ways to Improve Fraud Detection and User Experience

If we know a user is legitimate, then why would we want to make their user experience more challenging?

5 Ways to Improve Fraud Detection and User Experience (darkreading.com)

Domain shadowing becoming more popular among cybercriminals

Domain shadowing is a subcategory of DNS hijacking, where threat actors compromise the DNS of a legitimate domain to host their own subdomains for use in malicious activity but do not modify the legitimate DNS entries that already exist.

Domain shadowing becoming more popular among cybercriminals (bleepingcomputer.com)

How we Abused Repository Webhooks to Access Internal CI Systems at Scale

CI systems are some of the most critical and sensitive assets in the organization given the data that they store and the workloads that they run. Given this, Organizations take multiple measures to protect and limit access to self-hosted CI systems, with the IP restriction of the SaaS SCM vendors’ webhook services being one of these measures.

In this blog post, the authors dive into the potential security pitfalls of this control, and explain why it provides organizations with a false sense of security.

How we Abused Repository Webhooks to Access Internal CI Systems at Scale – Cider Security Site

Comments are closed.