БЛОГ

Archive for the ‘cybercrime/malcode’ category: Page 76

Jul 26, 2022

Windows enables default account lockout policy for RDP (Remote Desktop Protocol) to reduce ransomware attacks based on brute forcing RDP

Posted by in categories: cybercrime/malcode, policy

Microsoft has chosen to add specific security measures against brute force attacks against RDP (Remote Desktop Protocol). These security improvements have been introduced in the most recent builds of Windows 11. Given the evolution of this type of attack abusing RDP, Microsoft decided to add the security measure in the latest Insider Preview22528.1000. This system automatically locks accounts for 10 minutes after 10 invalid login attempts. The news was broken by David Weston (VP of OS & Enterprise Security) on Twitter last week.

These kinds of attacks against RDP are quite common in human operated ransomware. With this relatively simple measure, it is possible to complicate brute force attacks, being quite effective in discouraging them. However, it was already possible to activate this measure in Windows 10, so the novelty is really enabling it by default.

Continue reading “Windows enables default account lockout policy for RDP (Remote Desktop Protocol) to reduce ransomware attacks based on brute forcing RDP” »

Jul 26, 2022

New Android malware apps installed 10 million times from Google Play

Posted by in categories: cybercrime/malcode, mobile phones

A new batch of malicious Android apps filled with adware and malware was found on the Google Play Store that have been installed close to 10 million times on mobile devices.

The apps pose as image-editing tools, virtual keyboards, system optimizers, wallpaper changers, and more. However, their underlying functionality is to push intrusive ads, subscribe users to premium services, and steal victims’ social media accounts.

The discovery of these malicious apps comes from the Dr. Web antivirus team, who highlighted the new threats in a report published today.

Jul 26, 2022

Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11

Posted by in categories: cybercrime/malcode, policy

Microsoft is now taking steps to prevent Remote Desktop Protocol (RDP) brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape.

To that end, the default policy for Windows 11 builds – particularly, Insider Preview builds 22528.1000 and newer – will automatically lock accounts for 10 minutes after 10 invalid sign-in attempts.

“Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute-force password vectors,” David Weston, Microsoft’s vice president for OS security and enterprise, said in a series of tweets last week. “This technique is very commonly used in Human Operated Ransomware and other attacks — this control will make brute forcing much harder which is awesome!”

Jul 24, 2022

Alarming Cyber Statistics For Mid-Year 2022 That You Need To Know

Posted by in categories: cybercrime/malcode, government

A couple of times per year, I take a deep dive on writing about the newly reported cybersecurity statistics and trends that are impacting the digital landscape. Unfortunately, despite global efforts, every subsequent year the numbers get worse and show that we are far from being able to mitigate and contain the numerous cyber-threats targeting both industry and government.

Below is a synopsis with links on some of the recent cyber developments and threats that CISOs need to key a close watch on (and that you need to know) for the remaining part of 2022 and beyond.

While many of the statistics seem dire, there is some positive aspect on the trends side as the cybersecurity community has been taking several initiatives to create both cyber awareness and action. And for those attending the 2022 RSA Conference in San Francisco, hopefully the backdrop of the following statistics and trends from mid-year 2022 can also be useful to analyze and match with product and services roadmaps for cybersecurity.

Jul 24, 2022

Smart chip senses, stores, computes and secures data in one low-power platform

Posted by in categories: cybercrime/malcode, mobile phones

Digital information is everywhere in the era of smart technology, where data is continuously generated by and communicated among cell phones, smart watches, cameras, smart speakers and other devices. Securing digital data on handheld devices requires massive amounts of energy, according to an interdisciplinary group of Penn State researchers, who warn that securing these devices from bad actors is becoming a greater concern than ever before.

Led by Saptarshi Das, Penn State associate professor of engineering science and mechanics, researchers developed a smart hardware platform, or chip, to mitigate while adding a layer of security. The researchers published their results on June 23 in Nature Communications.

“Information from our devices is currently stored in one location, the cloud, which is shared and stored in large servers,” said Das, who also is affiliated with the Penn State School of Electrical Engineering and Computer Science, the Materials Research Institute and the College of Earth and Mineral Sciences’ Department of Materials Science and Engineering. “The security strategies employed to store this information are extremely energy inefficient and are vulnerable to data breaches and hacking.”

Jul 23, 2022

Waterloo Region District School Board hit by cyberattack

Posted by in categories: cybercrime/malcode, futurism

The Waterloo Region District School Board says it’s working to restore its IT system and safeguard personal information of staff, students and families after it was the target of a cyberattack.

“We intend to do whatever is within our ability to resolve this issue,” said a statement from the board’s communications officer, Estefania Brandenstein.

Staff, students and their families have been informed of the cyberattack, the statement said. Future information about it will be shared directly with people who were impacted.

Jul 22, 2022

Microsoft Resumes Blocking Office VBA Macros

Posted by in category: cybercrime/malcode

shoppingmode Microsoft has officially resumed blocking Visual Basic for Applications (VBA) macros by default across Office apps, weeks after temporarily announcing plans to roll back the change.

“Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios,” the company said in an update on July 20.

Earlier this February, Microsoft publicized its plans to disable macros by default in Office applications such as Access, Excel, PowerPoint, Visio, and Word as a way to prevent threat actors from abusing the feature to deliver malware.

Jul 21, 2022

U.S. government recovers nearly $500,000 from North Korean hack on Kansas medical facility

Posted by in categories: biotech/medical, blockchains, cryptocurrencies, cybercrime/malcode, government

The U.S. Department of Justice seized roughly $500,000 in ransom payments that a medical center in Kansas paid to North Korean hackers last year, along with cryptocurrency used to launder the payments, Deputy Attorney General Lisa Monaco said Tuesday.

The hospital quickly paid the attackers, but also notified the FBI, “which was the right thing to do for both themselves and for future victims,” Monaco said in a speech at the International Conference on Cyber Security at Fordham University in New York City.

The notification enabled the FBI to trace the payment through the blockchain, an immutable public record of cryptocurrency transactions.

Jul 21, 2022

EU warns of Russian cyberattack spillover, escalation risks

Posted by in category: cybercrime/malcode

The Council of the European Union (EU) said today that Russian hackers and hacker groups increasingly attacking “essential” organizations worldwide could lead to spillover risks and potential escalation.

“This increase in malicious cyber activities, in the context of the war against Ukraine, creates unacceptable risks of spillover effects, misinterpretation and possible escalation,” the High Representative on behalf of the EU said Tuesday.

“The latest distributed denial-of-service (DDoS) attacks against several EU Member States and partners claimed by pro-Russian hacker groups are yet another example of the heightened and tense cyber threat landscape that EU and its Member States have observed.”

Jul 20, 2022

Russian hackers use fake DDoS app to infect pro-Ukrainian activists

Posted by in categories: cybercrime/malcode, mobile phones

Google’s Threat Analysis Group (TAG), whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations.

In a report regarding recent cyber activity in Eastern Europe, Google TAG security engineer Billy Leonard revealed that hackers part of the Turla Russian APT group have also been spotted deploying their first Android malware.

They camouflaged it as a DDoS attack tool and hosted it on cyberazov[.]com, a domain spoofing the Ukrainian Azov Regiment.

Page 76 of 216First7374757677787980Last