Feed aggregator

Hakerzy z Korei Północnej w trakcie fałszywej rekrutacji do Amazona, proszą o ściągnięcie zbackdoorowanej wersji klienta Putty

Sekurak.pl - Fri, 09/16/2022 - 06:23

Według opublikowanego raportu Mandiant, za ten wektor ataku odpowiedzialna jest grupa UNC4034 operująca głównie z Korei Północnej. Atak tak naprawdę jest kampanią phishingową polegającą na kontaktowaniu się za pośrednictwem e-mail z osobami poszukującymi prace i oferowaniu im wysokiego wynagrodzenia w Amazon. Na etapie rekrutacji, rekruter za pośrednictwem komunikatora WhatsApp prosi...

Artykuł Hakerzy z Korei Północnej w trakcie fałszywej rekrutacji do Amazona, proszą o ściągnięcie zbackdoorowanej wersji klienta Putty pochodzi z serwisu Sekurak.

Jak włamano się do Ubera i dlaczego najwyraźniej nie było to trudne

ZaufanaTrzeciaStrona.pl - Fri, 09/16/2022 - 06:20

W ostatnich godzinach doszło do poważnego ataku na infrastrukturę Ubera. Włamywacz uzyskał szeroki dostęp do wewnętrznych narzędzi firmy i jej środowisk chmurowych, po czym… ogłosił to w internecie. Kto mógł stać za atakiem i dlaczego tak dobrze mu poszło?

Poranny przegląd Twittera przyniósł dzisiaj ciekawe wpisy.… Czytaj dalej

The post Jak włamano się do Ubera i dlaczego najwyraźniej nie było to trudne first appeared on Zaufana Trzecia Strona.

Uber został zhackowany! Uzyskali m.in. dostęp do aktualnych raportów podatności

Sekurak.pl - Fri, 09/16/2022 - 06:14

Uber – czyli firma zajmująca się logistyką związaną z usługą zamawiania transportu samochodowego, została zhackowana. Przynajmniej tak twierdzi haker, który uzyskał dostęp do wewnętrznych systemów z prawami administratora takich jak: G-Suite, konsola AWS, vSphere, domena, serwer komunikatora Slack, a nawet panel HackerOne z dostępem do wewnętrznych raportów podatności.   Przeglądając zrzuty...

Artykuł Uber został zhackowany! Uzyskali m.in. dostęp do aktualnych raportów podatności pochodzi z serwisu Sekurak.

Błędy OPSEC spowodowały ujawnienie tożsamości członków irańskiej grupy APT

Sekurak.pl - Fri, 09/16/2022 - 05:19

Pomimo, że w badacze z CTU publicznie ujawnili taktyki, techniki i wewnętrzne procedury grupy jeszcze w maju 2022 r. to do dzisiaj wykazują oni wiele powtarzalnych zachowań. Rys. 1. Ujawniona aktywność grupy COBALT MIRAGE, źródło. Przestępcy jednak próbowali usunąć ślady swoich działań poprzez likwidację webshelli, logów oraz narzędzi. Jednak kilka...

Artykuł Błędy OPSEC spowodowały ujawnienie tożsamości członków irańskiej grupy APT pochodzi z serwisu Sekurak.

Dyrektor Projektu Cyber w PKP Informatyka, Artur Ślubowski, gościem Rozmowy Kontrolowanej w niedzielę o 21

ZaufanaTrzeciaStrona.pl - Fri, 09/16/2022 - 05:11

Po długiej przerwie wakacyjnej Rozmowa Kontrolowana powraca na swoje zwyczajowe tory. Jesień zaczynamy od spotkania z człowiekiem, który sporą część swojego życia poświęcił zabezpieczaniu informastruktury krytycznej. Poznajcie Artura.

Artur Ślubowski przeszedł dość popularną wśród gości naszego programu ścieżkę – od administratora do bezpiecznika.… Czytaj dalej

The post Dyrektor Projektu Cyber w PKP Informatyka, Artur Ślubowski, gościem Rozmowy Kontrolowanej w niedzielę o 21 first appeared on Zaufana Trzecia Strona.

Uber zhackowany!

Niebezpiecznik.pl - Fri, 09/16/2022 - 03:23
Ktoś przejął infrastrukturę Ubera. Do sieci wyciekły screeny z wewnętrznych systemów firmy. Atakujący wypowiadał się też korzystając z oficjalnych kont spółki. Wciąż nie wiadomo, jakie dane klientów pozyskano. Włamanie do Ubera Wygląda na to, że dziś ziściły się sny wielu taksiarzy: Uber, firma która pokazała jak od strony softwarowej powinna funkcjonować współczesna korporacja taksówkarska, została zhackowana. Bo […]

Uber hacked, internal systems and confidential documents were allegedly compromised

Security Affairs - Fri, 09/16/2022 - 03:22
Uber on Thursday disclosed a security breach, threat actors gained access to its network, and stole internal documents.

Uber on Thursday suffered a cyberattack, the attackers were able to penetrate its internal network and access internal documents, including vulnerability reports.

We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.

— Uber Comms (@Uber_Comms) September 16, 2022

According to the New York Times, the threat actors hacked an employee’s Slack account and used it to inform internal personnel that the company had “suffered a data breach” and provided a list of allegedly hacked internal databases.

“I announce I am a hacker and Uber has suffered a data breach.” states the message.

The company was forced to take its internal communications and engineering systems offline to mitigate the attack and investigate the intrusion.

The attackers allegedly compromised several internal systems and provided images of email, cloud storage and code repositories to The New York Times and some cyber security researchers.

“They pretty much have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. “This is a total compromise, from what it looks like.”

The attackers also had access to the company’s HackerOne bug bounty program, which means that they had access to every bug report submitted to the company by white hat hackers. This information is very important, threat actors could use it to launch further attacks. At this time is not possible to exclude that the reports include technical details about some flaws that have yet to be fixed by the company.

HackerOne has immediately disabled the Uber bug bounty program blocking any access to the list of the reported issues.

Someone hacked an Uber employees HackerOne account and is commenting on all of the tickets. They likely have access to all of the Uber HackerOne reports. pic.twitter.com/00j8V3kcoE

— Sam Curry (@samwcyo) September 16, 2022

Update: A Threat Actor claims to have completely compromised Uber – they have posted screenshots of their AWS instance, HackerOne administration panel, and more.

They are openly taunting and mocking @Uber. pic.twitter.com/Q3PzzBLsQY

— vx-underground (@vxunderground) September 16, 2022

Uber notified law enforcement and started an internal investigation into the incident, a company spokesman confirmed.

“We don’t have an estimate right now as to when full access to tools will be restored, so thank you for bearing with us,” Latha Maripuri, Uber’s chief information security officer, told NYT via email.

Employees were instructed not to use the internal messaging service Slack and some of them, speaking on a condition of anonymity, told the NYT that other internal systems were inaccessible.

The hacker claims to be 18 years old and added that Uber had weak security, in the message sent via Slack he also said Uber drivers should receive higher pay.

This is not the first time that the company suffered a security breach. In 2017, the news of another data breach that took place in 2016 made the headlines.

In November 2017, Uber CEO Dara Khosrowshahi announced that hackers broke into the company database and accessed the personal data (names, email addresses, and cell phone numbers) of 57 million of its users, the disconcerting revelation was that the company covered up the hack for more than a year.

The attackers accessed also the names and driver’s license numbers of roughly 600,000 of its drivers in the United States.

The hack happened in 2016, it was easy for hackers that according to a report published by Bloomberg, obtained credentials from a private GitHub site used by the company’s development team. The hackers tried to blackmail Uber and demanded $100,000 from the company in exchange for avoiding publishing the stolen data.

Rather than notify the data breach to customers and law enforcement, as is required by California’s data security breach notification law, the chief of information security Joe Sullivan ordered to pay the ransom and to cover the story destroying any evidence. The payout was disguised as a bug bounty prize complete with non-disclosure agreements signed

Follow me on Twitter: @securityaffairs and Facebook

try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {} try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – hacking, Uber)

The post Uber hacked, internal systems and confidential documents were allegedly compromised appeared first on Security Affairs.

Categories: Cyber Security News

Ostatni dzwonek, czyli czego polskie firmy chcą nauczyć swoich pracowników

ZaufanaTrzeciaStrona.pl - Fri, 09/16/2022 - 02:30

Tylko do poniedziałku można zgłaszać się po darmowe filmy edukacyjne z obszaru bezpieczeństwa. Zobacz, jakie tematy były najczęściej wybierane przez te 200 firm, które już skorzystały z propozycji i otrzymały swoje nagrania.

Na początku miesiąca ogłosiliśmy, że rozdajemy filmy edukacyjne z obszaru bezpieczeństwa.… Czytaj dalej

The post Ostatni dzwonek, czyli czego polskie firmy chcą nauczyć swoich pracowników first appeared on Zaufana Trzecia Strona.

Uber Says It's Investigating a Potential Breach of Its Computer Systems

The Hacker News - Thu, 09/15/2022 - 23:08
Ride hailing giant Uber disclosed Thursday it's responding to a cybersecurity incident involving a breach of its network and that it's in touch with law enforcement authorities. The New York Times first reported the incident.  The company pointed to its tweeted statement when asked for comment on the matter. The hack is said to have forced the company to take its internal
Categories: Cyber Security News

Akamai mitigated a new record-breaking DDoS attack against a Europen customer

Security Affairs - Thu, 09/15/2022 - 17:32
Akamai announced to have recently blocked a new record-breaking distributed denial-of-service (DDoS) attack.

On Monday, September 12, 2022, Akamai mitigated the largest DDoS attack ever that hit one of its European customers. The malicious traffic peaked at 704.8 Mpps and appears to originate from the same threat actor behind the previous record that Akamai blocked in July and that hit the same customer.

The following table compared the two massive DDoS attacks, it is possible to verify that while in July the number of cumulative attacks was 75, in September it jumped up to 201.

 July AttackSeptember AttackPeak pps659.6 Mpps704.8 MppsCumulative Attacks75201IPs Targeted5121813VectorUDPUDPDistribution1 location6 locationsDate of AttackJuly 21, 2022September 12, 2022Top Scrubbing LocationsHKG, LON, TYOHKG, TYO, LON

Unlike the July attack, this time the attackers launched the attack against six data center locations from Europe to North America.

“On Monday, September 12, 2022, Akamai successfully detected and mitigated the now-largest DDoS attack ever launched against a European customer on the Prolexic platform, with attack traffic abruptly spiking to 704.8 Mpps in an aggressive attempt to cripple the organization’s business operations.” reads the analysis published by Akamai. “The attackers’ command and control system had no delay in activating the multidestination attack, which escalated in 60 seconds from 100 to 1,813 IPs active per minute. Those IPs were spread across eight distinct subnets in six distinct locations.”

Akamai applauded the approach adopted by its customer to mitigate DDoS attacks, after the July attack it had secured all of its 12 data centers.

“Having a proven DDoS mitigation strategy and platform in place is imperative for shielding your business from downtime and disruption” concludes the security firm.

Follow me on Twitter: @securityaffairs and Facebook

try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {} try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – hacking, hacking)

The post Akamai mitigated a new record-breaking DDoS attack against a Europen customer appeared first on Security Affairs.

Categories: Cyber Security News

⚠️ Problem z kartami mBanku

Niebezpiecznik.pl - Thu, 09/15/2022 - 12:26
Typ incydentu: błąd mBanku Zagrożenie: niezręczność przy kasie Dotyczy klientów: mBank Klienci mBanku zgłaszają nam problemy z widocznością kart płatniczych w aplikacji i serwisie internetowym. Nie panikuj, jeśli nie widzisz swojej karty płatniczej z mBanku w ustawieniach w serwisie transakcyjnym lub aplikacji mobilnej. Na skutek błędu części klientom karty zniknęły i nie da się zmienić im parametrów […]

Experts warn of self-spreading malware targeting gamers looking for cheats on YouTube

Security Affairs - Thu, 09/15/2022 - 11:32
Threat actors target gamers looking for cheats on YouTube with the RedLine Stealer information-stealing malware and crypto miners

Researchers from Kaspersky have spotted a self-extracting archive, served to gamers looking for cheats on YouTube, that was employed to deliver the RedLine Stealer information-stealing malware and crypto miners.

The RedLine malware allows operators to steal several pieces of information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. The malicious code can also act as first-stage malware.

Stolen data are stored in an archive (logs) before being uploaded to a server under the control of the attackers.

The videos were crafted to share links to malicious password-protected archive files designed to install the above malware families on infected machines.

“The videos advertise cheats and cracks and provide instructions on hacking popular games and software.” reads the report published by Kaspersky.

“The original bundle is a self-extracting RAR archive containing a number of malicious files, clean utilities and a script to automatically run the unpacked contents”

Some of the games for which the threat actors published videos are are APB Reloaded, CrossFire, DayZ, Farming Simulator, Farthest Frontier, FIFA 22, Final Fantasy XIV, Forza, Lego Star Wars, Sniper Elite, and Spider-Man, among others.

Upon executing the self-extracting archive, three executable files are run: 

  • cool.exe, which is the RedLine stealer;
  • ***.exe, which is a cryptominer;
  • The third executable file copies itself to the %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup directory to maintain persistence and runs the first of the batch files included in the archive.

The batch files run three other malicious files: MakiseKurisu.exedownload.exe and upload.exe, these are used to self-distribute the bundle. One of the batch files runs the nir.exe utility that is used to run the executable files without displaying any windows or taskbar icons.

MakiseKurisu.exe is a password stealer written in C# that was customized by the creators of the malicious bundle.

The info stealer is capable of extracting cookies from browsers, and using them to access to the victim’s YouTube account to upload a video with a link to the malicious archive.

Once the video is successfully uploaded to YouTube, upload.exe sends a message to Discord with a link to the video uploaded by the threat actors.

“Cybercriminals actively hunt for gaming accounts and gaming computer resources. As we noted in our overview of gaming-related cyberthreats, stealer-type malware is often distributed under the guise of game hacks, cheats and cracks.” concludes the report. “The self-spreading bundle with RedLine is a prime example of this: cybercriminals lure victims with ads for cracks and cheats, as well as instructions on how to hack games. At the same time, the self-propagation functionality is implemented using relatively unsophisticated software, such as a customized open-source stealer. All this is further proof, if any were needed, that illegal software should be treated with extreme caution.”

Follow me on Twitter: @securityaffairs and Facebook

try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {} try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – hacking, YouTube)

The post Experts warn of self-spreading malware targeting gamers looking for cheats on YouTube appeared first on Security Affairs.

Categories: Cyber Security News

Researchers Warn of Self-Spreading Malware Targeting Gamers via YouTube

The Hacker News - Thu, 09/15/2022 - 10:30
Gamers looking for cheats on YouTube are being targeted with links to malicious password-protected archive files designed to install the RedLine Stealer malware and crypto miners on compromised machines. "The videos advertise cheats and cracks and provide instructions on hacking popular games and software," Kaspersky security researcher Oleg Kupreev said in a new report published today.
Categories: Cyber Security News

Russia-linked Gamaredon APT target Ukraine with a new info-stealer

Security Affairs - Thu, 09/15/2022 - 09:43
Russia-linked Gamaredon APT targets employees of the Ukrainian government, defense, and law enforcement agencies with a custom information-stealing malware.

Russia-linked Gamaredon APT group (aka ShuckwormActiniumArmageddonPrimitive Bear, and Trident Ursa) is targeting employees of the Ukrainian government, defense, and law enforcement agencies with a piece of a custom-made information stealer implant.

The malicious code was designed to exfiltrate files and deploy additional payloads, threat actors are using phishing documents containing lures related to the Russian invasion of Ukraine.

The threat actors relied on LNK files, PowerShell and VBScript to achieve initial access to the target systems, then deployed malicious payloads in the post-infection phase.

“Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives. The campaign, part of an ongoing espionage operation observed as recently as August 2022, aims to deliver information-stealing malware to Ukrainian victim machines and makes heavy use of multiple modular PowerShell and VBScript (VBS) scripts as part of the infection chain.” reads the analysis published by Talos. “The infostealer is a dual-purpose malware that includes capabilities for exfiltrating specific file types and deploying additional binary and script-based payloads on an infected endpoint.”

The nation-state actors are using weaponized Microsoft Office documents containing remote templates with malicious VBScript macros. The macros download and open RAR archives containing LNK files that download and activate the next-stage malware.

The Talos’s attribution of the attacks to Gamaredon is based on a significant overlap between the tactics, techniques and procedures (TTPs) used in this campaign and those used in previous attacks against Ukraine Computer Emergency Response Team (CERT-UA) and attributed to Gamaredon.

The experts observed threat actors using a PowerShell script used to deploy an information stealer used to exfiltrate files of specific extensions including .doc, .docx, .xls, .rtf, .odt, .txt, .jpg, .jpeg, .pdf, .ps1, .rar, .zip, .7z and .mdb. Experts pointed out that this infostealer was not involved in previous campaigns attributed to Gamaredon. The researchers speculate it may be a component of Gamaredon’s “Giddome” backdoor family, but at the time of this report, they have no evidence.

“Once started, the malware scans all attached storage devices looking for files with the aforementioned extensions. For each one, the malware makes a POST request with metadata about the exfiltrated file and its content.” concludes the analysis that also includes Indicators of Compromise (IoCs).

Follow me on Twitter: @securityaffairs and Facebook

try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {} try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – hacking, Gamaredon)

The post Russia-linked Gamaredon APT target Ukraine with a new info-stealer appeared first on Security Affairs.

Categories: Cyber Security News

Russian Gamaredon Hackers Target Ukrainian Government Using Info-Stealing Malware

The Hacker News - Thu, 09/15/2022 - 08:25
An ongoing espionage campaign operated by the Russia-linked Gamaredon group is targeting employees of Ukrainian government, defense, and law enforcement agencies with a piece of custom-made information stealing malware. "The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine," Cisco Talos researchers Asheer Malhotra and Guilherme Venere said in a
Categories: Cyber Security News

5 Ways to Mitigate Your New Insider Threats in the Great Resignation

The Hacker News - Thu, 09/15/2022 - 07:30
Companies are in the midst of an employee "turnover tsunami" with no signs of a slowdown. According to Fortune Magazine, 40% of the U.S. is considering quitting their jobs. This trend – coined the great resignation - creates instability in organizations. High employee turnover increases security risks, and companies are more vulnerable to attacks from human factors worldwide.  At Davos 2022,
Categories: Cyber Security News

Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks

The Hacker News - Thu, 09/15/2022 - 06:14
A threat actor tracked under the moniker Webworm has been linked to bespoke Windows-based remote access trojans, some of which are said to be in pre-deployment or testing phases. "The group has developed customized versions of three older remote access trojans (RATs), including Trochilus RAT, Gh0st RAT, and 9002 RAT," the Symantec Threat Hunter team, part of Broadcom Software, said in a report
Categories: Cyber Security News

Meta wprowadza dynamiczne identyfikatory użytkowników Facebooka – jak to wpłynie na OSINT?

Sekurak.pl - Thu, 09/15/2022 - 05:52

8 września 2022 roku w newsroomie firmy Meta, czyli właściciela m.in. Facebooka i Instagrama, ukazała się informacja o wprowadzeniu nowego rozwiązania, mającego chronić prywatność i poprawić bezpieczeństwo użytkowników Facebooka. Chodzi o stworzenie dynamicznych identyfikatorów FBID w miejsce dotychczasowych – niezmiennych. Identyfikatory użytkowników Facebooka są nadawane przy zakładaniu konta i umożliwiają...

Artykuł Meta wprowadza dynamiczne identyfikatory użytkowników Facebooka – jak to wpłynie na OSINT? pochodzi z serwisu Sekurak.

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

Security Affairs - Thu, 09/15/2022 - 04:48
The FBI has issued an alert about threat actors targeting healthcare payment processors in an attempt to hijack the payments.

The Federal Bureau of Investigation (FBI) has issued an alert about cyber attacks against healthcare payment processors to redirect victim payments.

Threat actors used employees’ publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to files, healthcare portals, payment information, and websites.

The FBI also reported one attack in which the threat actors changed victims’ direct deposit information to a bank account under their control and redirected $3.1 million payments.

“Cyber criminals are compromising user login credentials of healthcare payment processors and diverting payments to accounts controlled by the cyber criminals. Recent reporting indicates cyber criminals will continue targeting healthcare payment processors through a variety of techniques, such as phishing campaigns and social engineering, to spoof support centers and obtain user access.” reads the alert.

Below are some cases included in the alert:

  • April 2022: Threat actors posing as an employee of a healthcare company with more than 175 medical providers changed Automated Clearing House (ACH) instructions of one of their payment processing vendors to redirect the payments. The crooks stole approximately $840,000 dollars over two transactions prior to the discovery.
  • February 2022: an attacker obtained credentials from a major healthcare company and changed direct deposit banking information from a hospital to a consumer checking account under the control of the cyber-criminal. The attacker stole $3.1 million with this attack.
  • February 2022: in a separate incident a different threat actor used the same technique to steal approximately $700,000.
  • From June 2018 to January 2019: cyber criminals targeted and accessed at least 65 healthcare payment processors throughout the United States to replace legitimate customer banking and contact information with accounts under their control. In one case, the victim reported having lost approximately $1.5 million. In this case, the attackers used both publicly available PII and data gained through phishing attacks aimed at gaining access to customer accounts.

The alert also reported potential indicators of malicious activities against user accounts, including phishing emails targeting financial departments of healthcare payment processors, suspected social engineering attempts to obtain access to internal files and payment portals, unwarranted changes in email exchange server configuration and the settings of custom rules for specific accounts, requests for employees to reset both passwords and 2FA phone numbers within a short timeframe, and employees reporting they are locked out of payment processor accounts due to failed password recovery attempts.

Below is the list of mitigations recommended by the FBI:

  • Ensure anti-virus and anti-malware is enabled and security protocols are updated regularly and in a timely manner. Well-maintained anti-virus and anti-malware software may prevent commonly used attacker tools.
  • Conduct regular network security assessments to stay up to date on compliance standards and regulations. These should include performing penetration tests and vulnerability scans to ensure the knowledge and level of current system and security protocols.
  • Implement training for employees on how to identify and report phishing, social engineering, and spoofing attempts. As budget constraints allow, consider options in authentication or barrier layers to decrease or eliminate the viability of phishing.
  • Advise all employees to exercise caution while revealing sensitive information such as login credentials through phone or web communications. Employees should conduct requests for sensitive information through approved secondary channels.
  • Use multi-factor authentication for all accounts and login credentials to the extent possible. Viable choices such as hard tokens allow access to software and verifies identity with a physical device instead of authentication codes or passwords.
  • Update or draft an incident response plan, in accordance with Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules.
  • Mitigate vulnerabilities related to third-party vendors. Outside communication exchanges should contain email banners to alert employees of communications originating outside of the organization. Review and understand the vendor’s risk threshold and what comprises a breach of service.
  • Verify and modify as needed contract renewals to include the inability to change both credentials and 2FA within the same timeframe to reduce further vulnerability exploitations.
  • Ensure company policies include verification of any changes to existing invoices, bank deposits, and contact information for interactions with third-party vendors and organizational collaborations. Any direct request for account actions needs to be verified through the appropriate, previously established channels before a request is sanctioned.
  • Create protocols for employees to report suspicious emails, changes to email exchange server configurations, denied password recovery attempts, and password resets including 2FA phone numbers within a short timeframe to IT and security departments for investigation.
  • Require all accounts with password logins (e.g., service account, admin accounts, and domain admin accounts) to have strong, unique passphrases. Passphrases should not be reused across multiple accounts or stored on the system where an adversary may have access. (Note: Devices with local administrative accounts should implement a password policy that requires strong, unique passwords for each administrative account.)
  • If there is evidence of system or network compromise, implement mandatory passphrase changes for all affected accounts.
  • Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats.

Follow me on Twitter: @securityaffairs and Facebook

try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {} try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag("816788371", "300x250", "816788371"); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – hacking, healthcare)

The post FBI: Millions in Losses resulted from attacks against Healthcare payment processors appeared first on Security Affairs.

Categories: Cyber Security News

U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks

The Hacker News - Thu, 09/15/2022 - 02:49
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020. The agency said the cyber activity mounted by the individuals is partially attributable to intrusion sets tracked
Categories: Cyber Security News

Pages