Project Hyphae
Search

Information Security News 12-5-2022

Share This Post

A Year Later, Log4Shell Still Lingers

Article Link: https://www.helpnetsecurity.com/2022/12/01/log4shell-2022/

  • According to Tenable’s latest telemetry study based on data from over 500 million tests, 72% of organizations still remain vulnerable to the Log4Shell vulnerability as of October 1, 2022.
  • Despite a significant amount of time and energy directed towards remediating Log4Shell issues a year ago, Tenable noted that nearly one third (29%) of organizations’ assets had recurrences of Log4Shell after full remediation was achieved.
  • The article highlights improvements in addressing Log4Shell issues, but also reveals the remediation challenges when addressing legacy vulnerabilities.
  • Link to Tenable’s findings: https://www.tenable.com/press-releases/tenable-research-finds-72-of-organizations-remain-vulnerable-to-nightmare-log4j

Crafty Threat Actor Uses “Aged” Domains to Evade Security Platforms

Article Link: https://www.bleepingcomputer.com/news/security/crafty-threat-actor-uses-aged-domains-to-evade-security-platforms/

  • A threat actor named “CashRewindo” has been using “aged” domains in global, targeted malvertising campaigns that lead to investment scam sites. These sites are customized with the appropriate languages and currencies to appear legitimate to local audiences.
  • Domain aging is when bad actors register domains and wait to use them, hoping to bypass security platforms. This technique works as old domains that haven’t been involved in malicious activity for a long time earn trust on the Internet, making them unlikely to be flagged as suspicious.
  • Each campaign targets a particular audience by checking the time zone, device platform, and language used on visitors’ systems. Users who aren’t part of the targeted audience but click the “Click Here” button on the campaign websites are fed to a safe website; however, clickers in the target audiences are redirected to malicious cryptocurrency scam websites.

What the CISA Reporting Rule Means for Your IT Security Protocol

Article Link: https://thehackernews.com/2022/12/what-cisa-reporting-rule-means-for-your.html

  • The relatively new Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) signed into law in March requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than 24 months from the enactment of CIRCIA (March 2024 at the latest).
  • At the surface, critical infrastructure organizations must file cyber incident reports with CISA within 72 hours of an incident and must report ransom payments for ransomware attacks within 24 hours. Likewise, the Director of CISA can subpoena noncompliant organizations to determine if a cyber incident has occurred. Data from the reports will be shared with other critical infrastructure organizations to enhance cyber security across the board.
  • While the rules aren’t currently in effect, it’s important to continue cyber security prioritization initiatives, such as improving password hygiene, in preparation.
  • Link to the full law: https://www.congress.gov/bill/117th-congress/house-bill/2471/text

Federal Defense Contractors are not Properly Securing Military Secrets

Article Link: https://www.helpnetsecurity.com/2022/12/01/defense-contractors-national-security/

  • Defense contractors hold information that’s vital to national security and will soon be required to meet Cybersecurity Maturity Model Certification (CMMC) compliance to keep those secrets safe. A new report from Merrill Research suggests that contractors are struggling to adequately secure the confidential data they possess while hackers continue to actively and specifically target contractors with sophisticated cyberattack campaigns.
  • Since 2017, government contractors have been required to achieve a Supplier Performance Risk System (SPRS) score of 110 to be compliant with DFARS government regulations. However, according to Merrill, who surveyed 300 US-based DoD contractors, 87% of surveyed contractors have a sub-70 SPRS score.
  • Further data suggested that about 80% of the defense industrial base (DIB) doesn’t monitor their systems 24/7/365. Likewise, many lack a vulnerability management solution, EDR solution, a SIEM, and don’t employ comprehensive MFA.
  • In addition to being largely non-compliant, 82% of contractors find it “moderately to extremely difficult to understand the governmental regulations on cybersecurity.”

Hackers Using Trending TikTok “Invisible Challenge” to Spread Malware

Article Link: https://thehackernews.com/2022/11/hackers-using-trending-invisible.html

  • Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware. The trend, called the “Invisible Challenge,” involves applying a filter known as Invisible Body that just leaves behind a silhouette of the person who is recording’s body. Victims end up downloading software that they think will unblur the silhouette with the goal of victims seeing what is actually behind the blur.
  • The malicious actors would post videos showing how to unblur the Invisible Challenge posts, as well as provide a link to a Discord server to download the code off of a GitHub repository. New Discord server members were urged to “star” the project, leading to the repository to be on GitHub’s “Trending” list.
  • The malicious videos, Discord server, and repository have all been deleted by the respective services that hosted each. However, it was noted by the security company Checkmarx that the level of manipulation used by software supply chain attackers is increasing as attackers become increasingly clever. Likewise, this shows hackers are shifting to the open-source package ecosystem.

Tips for Gamifying Your Cybersecurity Awareness Training Program

Article Link: https://securityaffairs.co/wordpress/139073/security/gamifying-cybersecurity-awareness-training.html

  • In today’s technological world, educating people about cybersecurity awareness is an absolute necessity. One report suggests that 82% of data breaches involved a human element of some kind. As such, it’s important that security is “not only top of mind, but a fluent language.”
  • Cybersecurity awareness training is often seen as a necessary evil. While it is necessary, it doesn’t have to be an evil at all. Gamification is a highly effective tactic to make sure that employees understand and internalize important information, and possibly look forward to their training sessions.
  • The article highlights 5 tips for gamifying security awareness training. These include utilizing (engaging) visual aids, offering performance-based rewards, having quizzes that breed competition, running simulations and drills, and leading team exercises.

7 Cyber Security Tips for SMBs

Article Link: https://thehackernews.com/2022/11/7-cyber-security-tips-for-smbs.html

  • When the headlines focus on breaches of large enterprises, it’s easy for smaller businesses to think they’re not a target for hackers. Unfortunately, when it comes to cyber security, size doesn’t matter.
  • According to Verizon, the number of smaller businesses being hit has climbed steadily in the last few years – 46% of cyber breaches in 2021 impacted businesses with fewer than 1,000 employees. Making matters worse, many smaller organizations truly lack the resources to combat cyberattacks at a comparable level to large organizations. That said, securing any business (big or small) doesn’t need to be complex or come with a hefty price tag.
  • This article discusses 7 key tips for SMBs, and truly any organization of any size. These tips include installing anti-virus software everywhere, continuously monitor your perimeter, minimizing your attack surface, keeping software up to date, backing up your data, keeping your staff security aware, and protecting yourself relative to your organization’s risk.


Reach out to our incident response team for help

More To Explore

Information Security News 3-25-2024

Developer Sues Minnesota Contractor After $735K Payment Disappears Article Link: https://www.constructiondive.com/news/beck-sues-ryan-fsa-title-cybercrime/710708/ Truck-to-Truck Worm Could Infect and Disrupt Entire US Commercial Fleet Article Link: https://www.theregister.com/2024/03/22/boffins_tucktotruck_worm/ NIST’s

Information Security News 3-18-2024

Threat Actors Leaked 70 Million Records Allegedly Stolen From AT&T Article Link: https://securityaffairs.com/160627/data-breach/70m-att-records-leaked.html Former Telecom Manager Admits to Doing SIM Swaps for $1,000 Article Link:

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.