Tag Archive for: Deliver

Attackers bypass Microsoft patch to deliver Formbook malware

/in


Sophos Labs researchers have detected the use of a novel exploit able to bypass a patch for a critical vulnerability (CVE-2021-40444) affecting the Microsoft Office file format.

The attackers took a publicly available proof-of-concept Office exploit and weaponized it to deliver Formbook malware. The attackers then distributed it through spam emails for approximately 36 hours before it disappeared.

From CAB to “CAB-less” exploit to bypass the patch for CVE-2021-40444

The CVE-2021-40444 vulnerability is a critical remote code execution (RCE) vulnerability that attackers can exploit to execute any code or commands on a target machine without the owner’s knowledge. Microsoft released an urgent mitigation followed by a patch in September. A few days later, the company shared how attackers have been exploiting the flaw to deliver custom Cobalt Strike payloads.

Sophos researchers found the 36 hours-campaign featuring the new exploit in late October. They discovered that attackers have reworked the original exploit by placing the malicious Word document inside a specially crafted RAR archive. The newer, “CAB-less” form of the exploit successfully evades the original patch.

CVE-2021-40444 patch bypass

Sophos data shows that the amended exploit was used in the wild for around 36 hours. According to the researchers, the limited lifespan of the updated attack could mean it was a “dry run” experiment that might return in future incidents.

“In theory, this attack approach shouldn’t have worked, but it did,” said Andrew Brandt, principal threat researcher at Sophos.

“The pre-patch versions of the attack involved malicious code packaged into a Microsoft Cabinet file. When Microsoft’s patch closed that loophole, attackers discovered a proof-of-concept that showed how you could bundle the malware into a different compressed file format, a RAR archive. RAR archives have been used before to distribute malicious code, but the process used here was unusually complicated. It likely succeeded only because the patch’s remit was very narrowly defined and because the WinRAR program that users need to open the RAR is very fault tolerant and doesn’t appear to mind if the archive is malformed, for…

Source…

Deliver Amazing: Top 10 Questions Every App Security RFP Should Answer

/in


Cybercriminals are hot on the money trail—and the path is leading straight to unprotected mobile applications in the fintech and banking industries. According to Verizon’s Mobile Security Index 2020 Report, 39 percent of organizations surveyed experienced a security compromise involving a mobile security device in 2020, up from 33 percent in 2019 and 27 percent the previous year.

And it’s not just financial services at risk. Nearly all market sectors are witnessing a rise in cyber attacks, from ecommerce and telehealth to manufacturing and automotive. And applications are increasingly becoming the preferred threat gateway for hackers. Why the global surge? Nearly every organization today is an app company, whether they identify as one or not, because so many of today’s leading businesses are powered by apps. Combine that with the rising value of pilfered app data and we have a recipe for a crisis. Several cybersecurity researchers are quoted as saying that a single PHI record is 10 times more valuable on the dark web than a stolen credit card credential.

With traditional perimeter security ineffective in keeping mobile apps used outside the firewall safe, organizations are turning to solutions that protect the app, rather than the network. These app security solutions can be added to mobile apps to safeguard the data stored in mobile devices and to comply with consumer data privacy regulations, such as GDPR, NY Shield, or CCPA. They also prevent breached applications from becoming a vector to attack resources within the broader corporate infrastructure.

Why App Security Solutions Work

App security solutions work by precluding attackers from reverse engineering mobile apps to find vulnerabilities in the code and exploit them to steal data or access the wider corporate network. They provide protection at three levels:

Code obfuscation prevents static analysis of how the code is structured. 

Environmental checks ensure code is running within a secure and trustworthy environment, blocking attempts to dynamically analyze the way the code operates.

Anti-tamper technology prevents attackers from modifying code within the app to perform malicious activities.

While app security…

Source…

Credence Security Signs Partnership Agreement with Infosec Ventures to Deliver Human-Centric Security Solutions to the Middle East

/in


Regional Value-added Distributor, Credence Security will drive the reach and engagement for Infosec Ventures’ HumanFireWall solutions and support the vendor’s regional growth

DUBAI, UAE, Aug. 24, 2021 /PRNewswire/ — Credence Security, a leading regional specialized value-added distributor for cybersecurity, forensics, governance, risk and compliance solutions, today announced that it has signed a partnership agreement with Infosec Ventures’ HumanFirewall, a leader in human cyber risk mitigation and management.

Photo Caption: (L) Garreth Scott, Managing Director, Credence Security and Ankush Johar, Director, Infosec Ventures and Marie Ah-Choon, Channel Executive, Credence Security and Moe Bux, Sales Director, Credence Security (R) (PRNewsfoto/Credence Security)

Photo Caption: (L) Garreth Scott, Managing Director, Credence Security and Ankush Johar, Director, Infosec Ventures and Marie Ah-Choon, Channel Executive, Credence Security and Moe Bux, Sales Director, Credence Security (R) (PRNewsfoto/Credence Security)

Under the agreement, Credence Security will be responsible for promoting and delivering Infosec Ventures’ HumanFirewall® platform across its robust channel network in the Middle East. Infosec Ventures’ offerings are available entirely on-premises or in a local cloud, in line with compliance and data sovereignty regulations, specifically for mission critical organizations in the government as well as large enterprises.

Hackers are increasingly preying on the human element of cybersecurity, as a primary attack vector. According to the Verizon 2021 Data Breach & Incident Report (DBIR), over 85% of data breaches involved human error. In the Middle East, a 2020 study by the Ponemon Institute and IBM Security, revealed that the average cost of a data breach per company in the region is $6.53 million, which is higher than the global average of $3.86 million per incident. The report also identified human error among the most common root causes of data breaches in the UAE and Saudi Arabia. Additionally, similar industry studies have indicated that more than 90% of successful cyber-attacks begin with an email. These figures highlight a significant need for solutions that will not only safeguard business-critical systems but will also transform employees into an organization’s best cybersecurity asset.

HumanFirewall® transforms employees from an organization’s weakest link into their strongest line of defence. It is a world-first…

Source…

Verizon Business and RingCentral deliver cloud-based enterprise solutions

/in


What you need to know:

  • Verizon Business announced a new strategic partnership with RingCentral, Inc., which will bring cloud-based enterprise communication solutions with integrated team messaging, video meetings, and a cloud phone system to enterprise businesses.

  • The two companies will develop an innovative co-branded service, RingCentral with Verizon, a seamlessly integrated unified communications as a service (UCaaS) solution for enterprise businesses.

  • The RingCentral with Verizon offer is a key component of the Verizon Business network-as-a-service strategy, which includes 5G, mobile edge computing, SD WAN, and security, and is combined with RingCentral’s cloud communications platform including Message Video Phone™ (MVP™).

BASKING RIDGE, N.J. – Today, Verizon Business announced a new strategic partnership with RingCentral, Inc. (NYSE: RNG), which will bring cloud-based enterprise communication solutions with integrated team messaging, video meetings, and a cloud phone system to enterprise businesses, setting the foundation for a new workplace experience and giving employees the ability to work and collaborate from anywhere. The solution developed through this partnership adds to Verizon’s robust unified communications and collaboration (UCC) portfolio, complementing other services and offerings already in-market.

“The ‘work from anywhere’ model will continue to be a major factor for businesses, and we’ve seen the importance of cloud communications growing stronger for enterprises in the past year,” said Tami Erwin, CEO at Verizon Business. “Through this partnership, we’re leveraging our best-in-class network with RingCentral’s expertise in cloud collaboration to deliver game-changing cloud-based solutions that meet the needs of enterprises today and future proof how they operate moving forward.”

Together Verizon Business and RingCentral will develop a new innovative co-branded service, RingCentral with Verizon, a seamlessly integrated UCaaS solution for enterprise businesses. Enterprises will now have one solution, relationship, contract, support center, and implementation team for their deployments. Integrated with Verizon’s leading network solutions,…

Source…