Microsoft Teams Vulnerability Allows Attackers to Deliver Malware to Employees
Article Link: https://www.helpnetsecurity.com/2023/06/23/microsoft-teams-deliver-malware/
- Researchers at Jumpsec have discovered a bug in Microsoft Teams that allows attackers to deliver malware directly to employees. Combined with social engineering, the vulnerability in Teams has a high chance of being exploited by crafty bad actors.
- Microsoft Teams is often configured in a way that allows external personnel to message employees in an organization’s Microsoft 365 tenant. Typically, files can’t be sent, and an “External” banner appears. However, due to a discovered bug, bad actors can switch internal and external recipient IDs to enable the sending of malicious files.
- Until the bug is fixed, several protection recommendations include removing the option of external tenants being able to message employees, change security settings to only allow communication with specific domains, and educating staff on the potential of social engineering on tools, like Teams.
- Link to Jumpsec Report: https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/
Suspicious Smartwatches Mailed to US Army Personnel
Article Link: https://www.darkreading.com/threat-intelligence/suspicious-smartwatches-mailed-us-army-personnel
- The US Army is warning service members to look out for unsolicited smartwatches arriving in the mail, which likely carry risks of malware and may allow unauthorized access to sensitive systems.
- The watches are able to auto-connect to local Wi-Fi networks and cellphones, which can lead to data theft. Neither the sender nor their goals are known. However, it is presumed that the devices are being sent to mirror how hackers drop malicious USBs in public or how some organizations send products to people to write fake reviews on counterfeit items on behalf of the recipients.
- Should someone receive one of these devices, the US Army recommends not turning the device on and reporting the incident to your local counterintelligence agency, security manager, or (for military personnel) the Army’s Criminal Investigation Division (CID).
Ransomware Attacks Pose Communications Dilemmas for Local Governments
Article Link: https://www.csoonline.com/article/3700488/ransomware-attacks-pose-communications-dilemmas-for-local-governments.html
- This article highlights the dilemma that local governments face in regard to informing constituents during and after cyber incidents, such as ransomware attacks.
- While governments need to be transparent, they also have to avoid giving any information out that may be helpful to bad actors leading many to share little to no information.
- In addition to legal and insurance requirements limiting reporting by local governments, it is noted that a reporting structure is limited for municipalities further discouraging incident transparency.
Insurance Companies Neglect Basic Email Security
Article Link: https://www.helpnetsecurity.com/2023/06/23/insurance-companies-basic-email-security/
- Domain-based Message Authentication, Reporting and Conformance (DMARC) has been around for over a decade. Despite this, adoption of the standard has been limited across organizations.
- According to EasyDMARC, who investigated 12,103 Insurance sector domains, only 22% have DMARC enabled and only 3.54% of the total sample fully protect their domains from spoofing and phishing.
- Additionally, of the initial 22% only 52% (1401 domains) didn’t have email impersonation policies enabled, 22% (594 domains) had DMARC configured to send impersonating emails into quarantine, and 26% (699 domains) had a “reject” policy in place.
- Link to EasyMARC’s Report: https://easydmarc.com/blog/ebook/dmarc-adoption-in-insurance/
Security Budget Hikes are Missing the Mark, CISOs Say
Article Link: https://www.csoonline.com/article/3700073/security-budget-hikes-are-missing-the-mark-cisos-say.html
- According to British security firm BSS, who surveyed 150 security leaders, misguided expectations on security spend are causing problems for CISOs despite notable budget increases.
- While budgets appear to be increasing for many organizations, many of these increases are due to knee-jerk reactions from leadership who prioritize addressing issues they hear about in the news instead of addressing security initiatives in a tactical manner.
- Adding to this, security leaders often lack a presence in front of organizational leadership. Likewise, even when they are able to meet with the board of directors, they often have a short period of time, use over-technical language, or don’t present information in an effective manner.
- Link to BSS’ Report: https://www.bss.uk.com/insights/industry-news/new-ciso-research-sets-out-priorities-challenges-and-tips-for-success-in-a-challenging-landscape/
- Link to NCSC’s Introduction to Cybersecurity for Board Members Guide: https://www.ncsc.gov.uk/collection/board-toolkit/introduction-to-cyber-security-for-board-members
Security Tactics: Friction Surveys
Article Link: https://thehackernews.com/2023/06/startup-security-tactics-friction.html
- This article looks at how to reduce friction caused when implementing greater information security controls within organizations.
- A key component of limiting friction is simply declaring the intentions and goals of changes to the impacted personnel. The “why” is just as important as the “what” in many instances.
- The article discusses “hidden friction” or instances where security controls may not be well understood, implemented by personnel outside of the IT/security team, or something similar. The article highlights that hidden friction can be combatted by running friction surveys, which ask employees for their thoughts on various implemented security controls.
- The next, and most important, step is using the survey results to try and transparently take action on areas of concern while still maintaining a robust security posture.
Strengthening the Shield: Procurement’s Partnership with Information Security to Mitigate Cyber Risk
- This article looks at the importance of IT/security personnel working closely with procurement personnel to address issues like supply chain cyber risk, from the perspective of those in procurement.
- The article highlights that both groups can, and should, collaborate on tasks such as assessing new and existing suppliers in a variety of topics, continually monitoring suppliers for events and incidents, and developing playbooks for mitigation and remediation should an incident need to be recovered from.
- With personnel in procurement and security working together, organizations can enhance their cybersecurity profile while also rolling out risk-mitigating processes that allow non-technical procurement teams to understand cybersecurity and move the needle on cyber-related initiatives without being cyber experts.
10 Open-Source Recon Tools Worth Your Time
Article Link: https://www.helpnetsecurity.com/2023/06/20/open-source-recon-tools/
- Recon is the initial stage in the penetration testing process. It’s a vital phase allowing the tester, or bad actor in many instances, to understand their target and strategize their moves.
- This article looks at ten open-source tools that malicious actors and penetration testers alike may use to gain information on your organization. Likewise, usage of these tools may allow you to look at your environment from the outside-looking-in to further improve your security posture.
- The tools highlighted I the article include: Altdns, Amass, Aquatone, Assetfinder, Gobuster, Botator, HTTPX, Naabu. MASSCAN, and WhatWeb.
