Week in review: LastPass breach, GCP data exfiltration, UEFI bootkit


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Google Cloud Platform allows data exfiltration without a (forensic) trace
Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving obvious forensic traces of the malicious activity in GCP’s storage access logs, Mitiga researchers have discovered.

QNAP starts bug bounty program with rewards up to $20,000
QNAP Systems, the Taiwanese manufacturer of popular NAS and other on-premise storage, smart networking and video devices, has launched a bug bounty program.

Microsoft Exchange admins advised to expand antivirus scanning
After having stressed the importance of keeping Exchange servers updated last month, Microsoft is advising administrators to widen the scope of antivirus scanning on those servers.

Foiling intellectual property theft in a digital-first world
In today’s data-driven world, the expectations and demands faced by many organizations worldwide are reaching unseen levels.

DNS abuse: Advice for incident responders
What DNS abuse techniques are employed by cyber adversaries and which organizations can help incident responders and security teams detect, mitigate and prevent them?

5 open source Burp Suite penetration testing extensions you should check out
When it comes to assessing the security of computer systems, penetration testing tools are critical for identifying vulnerabilities that attackers may exploit.

Attackers increasingly using transfer.sh to host malicious code
For many years now, unsecured internet-facing Redis servers have been steadily getting co-opted by criminals to mine cryptocurrency, so the latest cryptojacking campaign spotted by Cado Labs researcher cannot be considered news.

Stay one step ahead: Cybersecurity best practices to prevent breaches
In this Help Net Security video, Caroline Wong, Chief Strategy Officer at Cobalt, offers valuable insight into what leaders can do to instill stronger cybersecurity practices from the bottom up and prevent breaches.

LastPass breach: Hacker accessed corporate vault by compromising senior developer’s home PC
LastPass is, once again, telling customers about a security incident related to the August 2022 breach of its development environment and subsequent unauthorized access to the company’s third-party cloud storage service that hosted backups.

It only takes one over-privileged identity to do major damage to a cloud
While moving to the cloud increases efficiency and business agility, security strategies haven’t been adapted to account for this shift and traditional tools can’t effectively manage the unique associated risks.

Wiper malware goes global, destructive attacks surge
The threat landscape and organizations’ attack surface are constantly transforming, and cybercriminals’ ability to design and adapt their techniques to suit this evolving environment continues to pose significant risk to businesses of all sizes, regardless of industry or geography.

Expert strategies for defending against multilingual email-based attacks
In this Help Net Security video, Crane Hassold, Director of Threat Intelligence at Abnormal Security, provides insight into the impact of multilingual BEC attacks.

Developers can make a great extension of your security team
Historically, the developer-security relationship has been defined by the perception that security tooling adds friction and frustration to the developer workflow.

Resecurity identified the investment scam network Digital Smoke
Resecurity identified one of the largest investment fraud networks by size and volume of operations created to defraud Internet users from Australia, Canada, China, Colombia, European Union, India, Singapore, Malaysia, United Arab Emirates, Saudi Arabia, Mexico, the U.S. and other regions.

A modern-day look at AppSec testing tools
In this Help Net Security video, Frank Catucci, CTO, and Dan Murphy, Distinguished Architect at Invicti Security, break down the different types of application security testing tools, explore the strengths and tradeoffs, and provide you with the information you need to select the AppSec tooling that is right for your organization.

The role of human insight in AI-based cybersecurity
To unleash the power of AI, it’s essential to integrate some human input. The technical term is Reinforcement Learning from Human Feedback (RLHF): a machine-learning technique that uses human feedback to train and improve the accuracy of an AI model.

Covert cyberattacks on the rise as attackers shift tactics for maximum impact
2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall.

Uncovering the most pressing cybersecurity concerns for SMBs
In this Help Net Security video interview, James Edgar, CISO at Fleetcor, discusses what consequences SMBs are most concerned about when it comes to cyberattacks, what technology SMBs are most interested in, and much more.

BlackLotus UEFI bootkit disables Windows security mechanisms
ESET researchers have published the first analysis of a UEFI bootkit capable of circumventing UEFI Secure Boot, a critical platform security feature.

Dormant accounts are a low-hanging fruit for attackers
Successful attacks on systems no longer require zero-day exploits, as attackers now focus on compromising identities through methods such as bypassing MFA, hijacking sessions, or brute-forcing passwords, according to Oort.

Security teams have no control over risky SaaS-to-SaaS connections
Employees are providing hundreds to thousands of third-party apps with access to the two most dominant workspaces, Microsoft 365 and Google Workspace, according to Adaptive Shield.

10 US states that suffered the most devastating data breaches in 2022
Cyber attack risks faced by businesses across states and reported data breaches are relative to the respective state governments’ cybersecurity investment, according to Network Assured.

US government puts cybersecurity at forefront with newly announced National Strategy
The National Cybersecurity Strategy was unveiled by the Biden-Harris Administration. The Strategy recognizes that government must use all tools of national power in a coordinated manner to protect national security, public safety, and economic prosperity.

Visualize change with an out-of-the-box configuration report
Your technology is always changing, and you often end up playing catchup to secure it. This is difficult in the cloud when you share security responsibility with the cloud service providers (CSP).

The power of community participation with Faye Francy, Executive Director, Auto-ISAC
The old phrase “sharing is caring” is something that Faye Francy has seen revolutionize entire industries.

Infosec products of the month: February 2023
Here’s a look at the most interesting products from the past month, featuring releases from: Arkose Labs, Cequence Security, CyberGRX, CyberSaint, Deepwatch, DigiCert, Finite State, FireMon, Hornetsecurity, HYCU, KELA, Lacework, Malwarebytes, Netography, Neustar Security Services, Nudge Security, OPSWAT, SecuriThings, Trulioo, Veeam Software, and Xcitium.

New infosec products of the week: March 3, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Fastly, Forescout, ManageEngine, and Veeam Software.



Source link