“The Security Service of Ukraine has identified and detained a hacker known as Sanix. Early last year, it caught the attention of global cybersecurity experts by posting on one of the forums the sale of a database with 773 million e-mail addresses and 21 million unique passwords.” reads a press release published by the SSU.
“SBU cyber specialists recorded the sale of databases with logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, information about computers hacked for further use in botnets and for organizing DDoS attacks”
There is also a clear divide between CEOs and CISOs in how they identify the right cybersecurity path forward for their business. CEOs prefer to be proactive and risk-focused (58%), prioritizing maintenance of business stability above all.While more than half of CISOs (54%) embrace a more reactive, incident-driven approach to mitigating today’s dynamic cybersecurity threat landscape.The research also found that, despite claiming vendor fatigue, enterprises use more than 50 security vendors on average with 62% reporting they want even more.
"Trend Micro simply designed the driver to provide a significant amount of functionality to privileged callers in user-mode, allowing attackers to misuse the driver in several ways. The problem is that Trend Micro's driver is insecure by design, making it a perfect candidate for abuse by malicious actors around the world."
Crucially, a function named
MysteriousCheck()
in the kernel-level driver code caught Demirkapi's eye. Digging in further, he said he made a startling discovery.MysteriousCheck()
appears to detect whether or not a specific Microsoft test suite – the driver verifier – is running on the computer.This test suite is designed to ensure drivers meet Microsoft's Windows Hardware Quality Labs (WHQL) requirements. If a driver meets this standard, it can be digitally signed by Microsoft, is trusted by Windows, and potentially can be distributed via Windows Update and similar mechanisms.
In the data it had collected since 2018, IBM X-Force found that digital attacks targeting industrial control systems (ICSes) and operational technology increased by over 2000%. Many of those attacks involved a combination of exploiting known vulnerabilities in supervisory control and data acquisition (SCADA) and ICS hardware components along with password spraying attacks leveraging brute force login techniques.
Greater spending on cybersecurity products hasn’t entailed a better organizational security posture. Despite the millions of dollars spent by organizations year on year, the average cost of a cyberattack jumped by 50 percent between 2018 to 2019, hitting $4.6 million per incident.
On May 1, the Trump Administration issued an Executive Order on Securing the United States Bulk-Power System. According to the order, the administration found that “foreign adversaries are increasingly creating and exploiting vulnerabilities in the United States bulk-power system, which provides the electricity that supports our national defense, vital emergency services, critical infrastructure, economy, and way of life.”...One electric utility security expert, Joe Weiss, believes that the prime motivator for the executive order is a real cyberattack on the US bulk power system. This attack took the form of a “hardware backdoor” that was discovered when a Chinese transformer was delivered to a US utility. Although Weiss is almost completely mum on the details of this situation, the backdoor is capable of causing a highly damaging event, he tells CSO.
Weiss contends that the utility found the backdoor when it was installing the transformer and was "finding things that should not have been in there.” He also believes there are multiple such transformers with hardware backdoors installed throughout the bulk power grid.
...
Cai said that DOE contacted JSHP to cancel the transportation from the Port of Houston, told JSHP not to install the transformer, and rejected the warranty for the hardware, something no other customer has ever done. Cai said that he called DOE to follow up later and that the department never returned his phone calls. In an email exchange with DOE’s press office, CSO asked the department to confirm or deny Cai’s account and received no response.
No comments:
Post a Comment