Discuss the latest breaches and security news
- 200 Topics
- 196 Replies
Politely, though!Hi, y’all - Chad here. We thought we’d take a minute today to throw out a question. Every week, we post our Security News Wrap-Up from sources we know and trust, but there’s a lot going on in the CyberWorld and we no doubt could miss stories here and there. While we rely on a few tried and true various publications, the more sources we can well, source, the better! Let us know - unless the “source” you trust is just your friend Shawn down in Florida who “works on computers” - let’s keep this sophisticated. So we’d like to ask: where do you get your security news?
Happy Tuesday, y’all! While we’ve all been busy this week debating the merit of single-possession overtime in organized ball sports (the correct answer is: “it’s stupid; fix it”), quite a few interesting things have been going on in the security world. I guess that’s becoming standard, but there were reports of some pretty newsworthy stories that I didn’t see on either the 7am, 10am, Noon, 4pm, 5pm, 6pm, or 10pm news - and as a middle-aged white dude, I watch them all!So here are a few stories that seemed worthy of mention this week, at least by me:Google Drive now warns you of suspicious phishing, malware docsToday in “Lol, it’s about time”-news...Google has announced that Drive will finally start showing warnings about malicious files that are shared with your account. From the article: "Google will automatically evaluate any files that are shared with you from outside of your organization for phishing or malware. If detected, Google will block your access to the file in order to pro
Happy Tuesday, folks! It’s Tuesday, right? We had a long weekend in recognition of MLK Day here in the states, so I’m a little out of sorts. There are plenty of security stories to talk about this week, from the more-than-mildly-annoying to the downright scary. But we’re focusing on one story this week, because of its ability to be both annoying and terrifying. Yeehaw, Tuesdays! How Brainjacking Became a New Cybersecurity Risk in Health Care How about no, Science!? I know you’re currently screaming internally “What the h*ck is brainjacking anyway!?”, so from the article: “Brainjacking is a kind of cyberattack in which a hacker obtains unauthorized access to neural implants in a human body.” That’s pretty bonkers. And cool. And terrifying. But, research has shown the possibility/feasibility of it, in scientific ways! A recent article titled Brainjacking: Implant Security Issues in Invasive Neuromodulation has such scary initiatives as “...illustrate the potential severity of this risk,
Hi Everyone,Some of my Arctic Wolf customers and colleagues asked me to post here and share our Log4Shell vulnerability detections scripts with the Automox community:GitHub: https://github.com/rtkwlf/wolf-tools/tree/main/log4shell Windows PowerShell: https://github.com/rtkwlf/wolf-tools/blob/main/log4shell/log4shell_deep_scan.ps1 Linux/macOS sh: https://github.com/rtkwlf/wolf-tools/blob/main/log4shell/log4shell_deep_scan.shThe Arctic Wolf Log4Shell Deep Scan is designed to detect Java application packages subject to CVE-2021-44228 and CVE-2021-45046. The scripts search the system for Java applications that contain the Log4J class JndiLookup.class which is the source of the Log4Shell vulnerabilities. If this class is found within an application, the script looks for updates to Log4J that indicate the application has been updated to use Log4J 2.16+ or Log4J 2.12.2+. If the application contains JndiLookup.class but does not appear to have been updated, the application is vulnerable. If yo
Hi, everybody! On this Wednesday after #PatchTuesday, I thought we’d cover a few stories that have been swirling around the weblogosphere this week. Here we are, what - twelve days into 2022 and we’re already seeing warnings from the gov’t, mass outages, and I just finished up Ted Lasso but now….what, I just have to wait for more episodes to get made?? This is not the future I signed up for, y’all. Let’s check out some stories: Europol Ordered to Delete Data of Individuals With No Proven Links to CrimesI think the headline there tells the story, but yup - pretty awesome win for personal privacy in the EU! From the article: “Datasets older than six months that have not undergone this Data Subject Categorisation must be erased," the European Data Protection Supervisor said in a press statement. "This means that Europol will no longer be permitted to retain data about people who have not been linked to a crime or a criminal activity for long periods with no set deadline.” I hope you’re p
Interested in learning more about Apache Log4j and the Log4Shell vulnerability? Automox just posted a video where we review Log4j and how it is used, and the timeline of events of the Log4Shell vulnerability and how it works. We also, of course, provide detailed instructions on how to remediate the vulnerability.Apache Log4j and the Log4Shell Vulnerability
Happy midweek, y’all! I’m just getting back from my first week off in about a decade, and I may have forgotten how to use 2/3 of the apps we use every day here at AX. Has anyone seen my Post-It® full of passwords? Sigh, this is a disaster. Speaking of disasters…Unfortunately, the cybersecurity world didn’t stop being scary in my absence. Rather than try to go back to everything I missed, let’s just talk about a couple of this week’s big stories. The jerk store called... Okay, as offensive as that attack was, I don’t have time to rant about it. Instead:iOS malware can fake iPhone shut downs to snoop on camera, microphoneI’m already pretty paranoid about mobile devices and there are some specific tools that I use on every device I own. That being said, there’s just really no end to the layers required for good cyber-hygiene these days. While you shouldn’t assume your mic and camera aren’t already spying on you, this is a pretty nasty piece of malware. All you iOS users who download apps
Happy Tuesday, folks - Chad here. Yup, I’ll just shut up now, and we can start screaming about Log4j. There are obviously other stories in security news this week, but man...never mind those for today. Let’s get the obvious part for Admins out of the way:Sigh, yup!That pretty much sums up how most of my friends in Security feel this week. So now that we’re all laughing instead of crying, it’s alphabet soup time, I guess: WTAH*eck is Log4j? Well, if you haven’t read by now, here’s a TL;DR: Log4j is an open-source Java library from Apache. It’s been downloaded ~500k times from GitHub and is pretty widely-used for things like event logging in applications. Among other things. It’s already being exploited, and could get pretty wild if not widely remediated ASAFrigginP. @Brittany recently posted a thread that contains a “quick fix” worklet, so be sure to check that out. “10 out of 10” is like, pretty bad, y’all. Even the government has taken quick action. I mean, read that last sentence a
Hi, everybody - Chad here. Happy Wednesday morning! Well, unless you’ve recently been victimized by worldly, ultra-sophisticated cybercriminals. Couple of pretty scary stories in the news this week, especially if you still get all itchy in the scalp when you hear “SolarWinds”. Let’s go see.. SolarWinds Attackers Spotted Using New Tactics, MalwareWell, it’s been a year, so these jerks are back. But this time, they’re getting creative - one newtechnique researchers observed the group using in the attacks is the abuse of repeated MFA push notifications to gain access to corporate accounts, according to the article. Most MFA providers send users a push notification or a phone call where they then enter a code/press a key as a second factor to authenticate access to an account.From the article: “Using a valid username and password combination, the researchers said that the attackers issued multiple MFA requests to an end user’s legitimate device until the target accepted the authentication.
We are into the 2021 Holiday Season. Beginning with Thanksgiving, millions of people take time off from their jobs and schools to spend time with relatives, eat lots of good food, watch "Miracle on 34th Street" on repeat, and shop Black Friday deals.Unfortunately, the holidays have become a magical time for hackers and cybercriminals, too.Be sure to read our blog “Who’s Minding the Store? How to Protect Against Cybersecurity Threats This Holiday Season.” Included is a list of best practices and recommendations for organizations to follow to help address the risk posed by all cyber threats, including ransomware during the holidays.
Want to lean about best practices for managing out-of-band vulnerabilities through cloud-native patch management and endpoint management? Be sure to join Marina Liang, Senior Security Engineer from Automox as she gives you all the details in this informative video. The Best Practices in Out-of-Band Patch Management - YouTube
Fancy graphics with captions!Happy Wednesday, y’all - Chad here. I hope everyone had a good Thanksgiving and enjoyed the break. We’re trying to get back on schedule with our regular posts, so in that vein, here’s your weekly Security Wrap-up. There were too many stories to post this week (yay Holidays!), so here’s a couple to check out. IKEA Hit by Email Reply-Chain CyberattackA Black Friday, indeed! According to the story, “The phishing emails were coming from internal IKEA email addresses, as well as from the systems compromised at the company’s suppliers and partners.” Stop thinking about Liz and Criss failing the IKEA test for just a second and put yourself in their employees’ shoes: valid emails from real coworkers and external contacts were suddenly malicious! I’m not sure how you could ever trust your email again. This one’s frustrating because email’s just such a good invention, you know? I’m sure some of you don’t know a life without it, but I sure do. Here’s a quick selfie o
Happy Friday, y’all - Chad here. As you hopefully saw in our announcement earlier this week, we’re currently migrating the Community and are up to our n*cks in new platform stuff, so we’re only going with a couple of security stories this week. The good news is, they’re both terrifying! 🙂 Costco discloses data breach after finding credit card skimmer Sigh…seriously? A physical skimmer got into a Costco? My card got skimmed at a gas station once, so I guess I’m just a bit sensitive to this one. That’s so annoying. Anyways, as you can imagine, getting your card of any sort skimmed can go real bad. I got lucky and my bank caught it, but man…I could own so many iPhones! “‘If unauthorized parties were able to remove information from the device before it was discovered, they may have acquired the magnetic stripe of your payment card, including your name, card number, card expiration date, and CVV,’ Costco revealed.” Call your bank, Costco customers. A stalker’s wishlist: PhoneSpy mal
honey1000×500 41.5 KB Cybercrime is big business, with cybercrime costs expected to grow by 15% per year over the next 5 years, reaching $10.5 trillion USD annually by 2025. This is up from $3 trillion back in 2015. There are many tools to help detect and deter criminals from gaining access to your IT environment, including the “honeypot,” which is a virtual trap to lure attackers. (Though if you ever want to catch Winnie the Pooh red-handed, a physical honeypot is the way to go.) When discussing cybersecurity, a honeypot is a system, device, or software that is intentionally compromised to expose opportunities for attackers so that they can be studied to improve security policies. And as our software architecture becomes more complex, threat-research has become more difficult, especially within containerization. To that end, Helix Honeypot was created to help solve some of the pain-points when doing threat-research around public-facing Kubernetes deployments. Our team did a very com
Happy Tuesday, everybody - Chad here. I hope your week is off to a trouble-free start. I’ve been informed that it’s officially “the Holidays”, and you know what that means: an uptick in cyber threats, especially things like phishing attempts. Those things can look a lot different on a mobile device or in a text, so keep your ears peeled and stay vigilant out there. Here’s a couple of security stories from this week: Apple macOS Flaw Allows Kernel-Level Compromise This may show my age (and my unfortunate allegiance), but I’ve had an Apple computer since 1987. It’s because of that experience that I always practice my “ABCs” when it comes to macOS releases: Always Be Clickingremindmetomorrowuntiltheyvepatchedtheholes – just, you know…they’re becoming pretty infamous for these kinds of OS exploits so just be patient. The new hotness will still be there after the bugs all get squashed. Signal Now Lets You Report and Block Spam Messages In related news (because I’m also a Signal user)…huzzah
On Tuesday afternoon, Adobe released out-of-band updates to patch 92 vulnerabilities across 14 products. Of the 92 vulnerabilities patched, 61 are regarded as critical remote code execution vulnerabilities by Adobe, and five are critical memory leak issues. Memory leak vulnerabilities are unintentional memory consumption by an application, which can lead to denial of service. If you use any of the products listed in the blog post here, update them ASAP! And most importantly, have a good weekend!
We’re a little late on the game here in the Automox Community, but October is Cybersecurity Awareness Month - a great month to check-in on your organization’s cybersecurity practices and make users more aware of the importance of staying safe. Through this month, you have seen plenty of educational pieces of content or advice about getting into the cybersecurity industry, but I wanted to take a moment to hear from y’all. Do you feel like your organization is well-prepared for any cyberattacks? Is cybersecurity a priority? (PS: if you are interested in reading some advice from cybersecurity experts here at Automox, you can read the blog post here!)
Hi, everybody - Chad here. Happy Monday to all y’all. As you know, October is Cybersecurity Awareness Month, so let’s get to some security news already. Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability In unsurprising facepalm news, a politician doesn’t understand how technology works! It’s mentioned by the story’s author as well, but to me, the worst part of this is how it could discourage other people to report vulnerabilities. I’ve never heard of anything like this before, and I hope it’s a one-off. It’s Windows XP’s 20th birthday and way too many still use it TWENTY YEARS!? It’s fine…I’m fine. Anyways, why would anyone still use a 20yr old operating system you ask? I would ask too, tbh. But the short answer is: Threat Actors Abuse Discord to Push Malware Okay first of all, how dare you!? Second…no, I don’t even need a second thing to rage about. Leave my Discord alone! FWIW, that’s the app that did me the most good during quarantine,
You may be entitled to comp- Wait, wrong intro… Hello! We are looking for some individuals that have been affected by, or know someone who has been affected by, a cyberattack. As cyberattacks grow in number, the effects on people can range from a mild inconvenience to an absolute nightmare, and we want to learn more. If you would be willing to chat with our team about your first-hand experience going through a cyberattack, feel free to reach out through this thread or via PM to discuss the opportunity further. And if you have any friends that might be interested in sharing their thoughts, please share this post. Thanks in advance for your help!
FORGET THE INTRO - OMZJ, TWITCH!! Even in a week when Facebook booted itself off the internet entirely, you likely heard/read/ranted to someone by now about the astoundingly nasty Twitch breach. So let’s talk about Twitch this week. First off, I hope you’ve already changed your password(s). Second, sigh…it’s tough to feel sorry for Twitch after some of their recent heat, but there’s really no hyperbole hyper-enough to get across how terrible this was for them. TL;DR that article - the information stolen/posted contains: The entirety of Twitch’s source code with comment history “going back to its early beginnings” Creator-payout reports from 2019 Mobile, desktop and console Twitch clients Proprietary SDKs and internal AWS services used by Twitch “Every other property that Twitch owns” including IGDB and CurseForge An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios Twitch internal “red-teaming” tools (designed to improve security by having staff pretend to be hac
We are in the process of rolling back some patches now and testing. (Update - Rollback of [KB5005613] fixed our printing problems.) BleepingComputer New Windows security updates break network printing Windows administrators report wide-scale network printing problems after installing this week's September 2021 Patch Tuesday security updates.
Hi, everybody - Chad here. Since we’re still getting to know each other, I’m going to reveal some things about myself this morning. Aside from being a super-professional Technical Community Manager and a bottomless goldmine of accidental comedy, I’m also a long-time writer/blogger/etc. A couple of weeks ago in our Security Wrap-Up post here on AA, I wrote about a single subject for a change: the unsettling uptick in ransomware attacks against the Education sector this time of year. I hope you get through the entire post as it’s got some great info, but if not…TL; DR: This is a damn scary time to be a school Admin, and between remote folks, campus folks, BYOD, yada yada, attackers know that you’re stretched pretty thin…and they’re getting downright nasty. But, I bet some patch automation will help you sleep at night. Well…maybe. I don’t know your life. But I do know network/endpoint security in the Education sector, as I was up to my chins in it for the better part of the last decade. I
Hi, everybody - Chad here. Well, luckily for all of us who live near the swimming pool at my condos, it’s back to school time! And you know what that means: no, not homework and new shoes. Today, I’m focusing solely on the now-annual and still alarming uptick in ransomware attacks in the Education sector this time of year. While it may come as no surprise to those of us in the industry, it’s still shocking to see graphs like this one from a recent Comparitech ransomware report: Screen Shot 2021-08-31 at 1.40.56 PM837×409 18.1 KB As you can clearly see, September kind of sucks - which is a sentence I haven’t had to type on the Internet since season 2 of Fringe. But in general, attackers know that as schools get back into session (especially in our post-Covid world), things will be hectic. This can present them with a window of opportunity, so to speak. If I know that a school district has ~5,000 students coming back onto campus (or worse, learning remotely) at once, then I can assume
Hi, everybody - Chad here. First off, Happy Tuesday! You’ve survived another Monday in 2021, and that’s no small feat! This week’s on time Security Wrap-Up is chock full of frustrating news, simple annoyances, and maybe a couple of things that even angried up my blood…real good! So, let’s get to it: New “Glowworm attack” recovers audio from devices’ power LEDs If you’re like me, you often sit on the balcony of your condo staring to the west - the glorious Red Rocks Amphitheater in the foreground, when it’s got-danged visible - and ponder the world’s seeming lack of evil geniuses. Well then, here’s a story for you. From ArsTechnica: “Researchers at Ben-Gurion University of the Negev have demonstrated a novel way to spy on electronic conversations. A new paper released today outlines a novel passive form of the TEMPEST attack called Glowworm, which converts minute fluctuations in the intensity of power LEDs on speakers and USB hubs back into the audio signals that caused those fluctuatio
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.