Tag Archive for: February

Netography Detection Model Release – February 23, 2023

/in


Netography Detection Model Release – February 23, 2023

 

The Netography Threat Research Team has released its latest detections:

The team creates Netography Detection Models (NDMs) to detect botnets, malware, P2P, data exfiltration, ransomware, phishing, SPAM, DDoS activity and more. These powerful threat and network configuration detection models are included at no additional charge and are continuously refined, with new NDMs being added frequently as threats evolve. There are no packages to download, and no updates to push. All models are completely open, customizable, and transparent to your analysts.  

Netography Detection Model Updates:

social_discourse_detection – This DM detects the use of the social network: “Discourse” on the network. Discourse is modern forum software for businesses and communities. This DM is disabled by default. 

social_instagram_detection – This DM detects the use of the social network: “Instagram” on the network. Instagram is a social media platform that emphasizes photo and video sharing via its mobile app. This DM is disabled by default.

social_linkedin_detection – This DM detects the use of the social network: “LinkedIn” on the network. LinkedIn social media and associated services is a business oriented social media network. This DM is disabled by default.

social_meta_detection — This DM detects the use of the social network: “Meta” on the network. This DM covers Facebook and it’s associated services. This DM is disabled by default.

social_okcupid_detection — This DM detects the use of the social network: “OkCupid” on the network.  OkCupid is an online dating website that uses quizzes and multiple-choice questions to find a match for the user. This DM is disabled by default.

social_reddit_detection — This DM detects the use of the social network: “Reddit” on the network.  Reddit is essentially a web-based bulletin board system that allows posting and commenting on nearly any topic.  This DM is disabled by default.

social_tiktok_detection — This DM detects the use of the social network: “TikTok” on the network. Tiktok social media and associated services are a social media platform primarily…

Source…

Cyber Security Today, Week in Review for Friday, February 17, 2023

/in


Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday, February 17th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

In a few minutes David Shipley of New Brunswick’s Beauceron Security will be here to discuss some recent cybersecurity news. One is that Canadian government and hospital leaders got a shellacking on a webinar for not putting enough funds into healthcare cybersecurity. David will have thoughts on that.

We’ll also talk about the compromise of the GoAnywhere MFT managed file transfer service, whether cyber threat intelligence is used well and why corporate managers and IT security staff don’t communicate better. But first a look back at some of the headlines from the past seven days:

A variant of the Mirai botnet is being used to infect a number of internet-connected devices with old and unpatched vulnerabilities. These include Atlassian’s Confluence collaboration suite, the FreePBX telephony management suite, the Mitel AWC audio conferencing platform, the DrayTek Vigor router, surveillance cameras and more. According to researchers at Palo Alto Networks, infected devices create a new botnet for spreading malware or to launch denial of service attacks. These device are being compromised by brute force credential attacks. IT administrators of any device that connects to the internet must make sure they have secure passwords.

Attackers are still exploiting unpatched versions of Windows Exchange. According to researchers at Morphisec the latest campaign installs cryptomining software on computers. By stealing computing power attackers get to mine for cryptocurrency faster — and slow computers from doing company business. IT departments that for some reason haven’t installed two-year-old patches to close the Exchange vulnerabilities need to scan systems for compromise, then install the patches.

Atlassian is the latest company to be a victim of a successful cyber attack on an outside service provider. According to Cyberscoop, Atlassian initially acknowledged the theft of company data held by a service called Envoy. Envoy is used to co-ordinate…

Source…

Cyber Security Today, Week in Review for Friday, February 10, 2023

/in


Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday, February 10th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

In a few minutes Terry Cutler of Montreal’s Cyology Labs will be here to discuss recent news. But first a look back at some of the headlines from the past seven days:

A security researcher discovered several vulnerabilities in Toyota’s supplier website that gave access to … everything. Terry and I will talk about how this happened.

We’ll delve into the rush to protect servers running unpatched and outdated versions of VMware’s ESXi hypervisor from ransomware, and ask why are companies running old applications.

Lists of some 20 million customers who used two U.S. companies for background checks of employers and individuals are being pedalled by crooks. Terry and I will have something to say about that.

And we’ll look at a suggestion the Canadian government offer tax breaks to encourage small businesses to spend more on cybersecurity.

In other news, IT administrators whose firms use open-source and free versions of certain document management systems were warned of vulnerabilities. Researchers at Rapid7 say the problems are in on-premise versions of OnlyOffice Workspace, OpenKM, Logical-IDOC and Mayan EDMS. At the time of the recording of this podcast the vendors hadn’t patched the holes. So administrators have to take precautions, some of which are outlined in the Rapid7 report.

The U.S. and the United Kingdom have sanctioned seven people who they say are members of the Trickbot cybercrime group. The Trickbot malware is widely distributed through botnets and email campaigns. Sometimes its also used to help deploy ransomware. The U.S. says current members of the gang are associated with Russia’s intelligence service. The sanctions mean the seven can’t access any assets they have in the U.S.

A British member of Parliament says he fell for a phishing scam. Stewart McDonald admitted he opened a message sent to his personal email account with a supposed military update on Ukraine. Clicking on the document opened a form where he filled in…

Source…

Android 13 QPR2 Beta 3.1 brings some bug fixes, February 2023 security patch

/in


What you need to know

  • Google is rolling out the latest Android 13 beta release with a minor update.
  • Android 13 QPR2 Beta 3.1 brings a couple of bug fixes and comes with the February 2023 security patch.
  • The update is available on the Pixel 4a and newer and arrives roughly a month ahead of the March 2023 feature drop.
  • Google also released the first developer preview of Android 14.

While the Android 14 developer preview kicks off, Google still has the Android 13 beta to tend to. The next feature drop arrives in March, so Google is prepping us with the new QPR2 Beta 3.1 build, which is available now for eligible Pixel smartphones.

According to the release notes, the beta is pretty light, which is usually the case for x.1 builds. It does, however, bring Pixel phones up to speed with the February 2023 security patch, which already hit the stable release on Monday.

Source…