Blog

Sopra Steria hit by the Ryuk ransomware gang

French IT outsourcer Sopra Steria hit by ‘cyberattack’, Ryuk ransomware suspected French IT outsourcer Sopra Steria has been hit by a ransomware attack, while the company did not reveal the family of malware that infected its systems, local media speculate the involvement of the Ryuk ransomware. “A cyber attack was detected on the Sopra Steria […]
The post Sopra Steria hit by the Ryuk ransomware gang appeared first on Security Affairs.




[HEADS UP] Cybercriminal Sells Info on 186 Million U.S. Voters

In a recent report by NBC News, cybersecurity company TrustWave found a bad guy selling voter registration data on 186 million Americans.
This phishing attack shows how vulnerable anyone in the U.S. can be targeted by cybercriminals, along with foreign adversaries. This news comes in lieu of U.S. officials announcing that Iran and Russia obtained voter registration data in hopes of interfering with the 2020 U.S. election. 
TrustWave provided publicly available data, and the fact that so many names, email addresses, phone numbers, and voter registration records were found for sale on the dark web further proves how easy it is for the bad guys to deploy an attack. One current example is when the FBI recently reporting that IRan has tried to send emails designed to intimidate voters. 
“An enormous amount of data about U.S. citizens is available to cyber criminals” and foreign adversaries, said Ziv Mador, Vice President of Security Research at Trustwave. Check out this screenshot of the documented report: 

Photo Credit: Trustwave
“In the wrong hands, this voter and consumer data can easily be used for geotargeted disinformation campaigns over social media, email phishing and text and phone scams,” he added, “before, during and after the election, especially if results are contested.”
As a takeaway, it’s important to be cautious of any potential threat or suspicious email. New-school security awareness training can ensure your users are prepared to report potential social engineering attacks. 
NBC News has the full story. 


Iran-Linked Seedworm APT target orgs in the Middle East

The Iran-linked cyber espionage group tracked as Seedworm started using a new downloader and is conducting destructive attacks. The Iran-linked cyber-espionage group Seedworm (aka MuddyWater MERCURY, and Static Kitten) was observed using a new downloader in a new wave of attacks. Security experts pointed out that the threat actor started conducting destructive attacks. Also referred to […]
The post Iran-Linked Seedworm APT target orgs in the Middle East appeared first on Security Affairs.




Why Observability Is the Next Big Thing in Security

Observability for Application Security Is a Must-have
It’s not easy to tell modern security stories to users of legacy security solutions still attached to squeezing some fading security value from network-based perimeter walls. Organizations and their application security teams still find it hard to justify the obvious need for true operational change in application development and deployment (cloud adoption sits at 46%), even as software — now in the form of complex, high-velocity, and distributed cloud architectures — continues to rapidly become the only known way to effectively grow a modern business.
Still, the fact is software developers and cross-functional teams will not wait and have simply taken application security away from SecOps because a new paradigm of observability for security purposes has emerged as a core requirement for effective protection of modern applications in the cloud. Today’s complex, distributed, and ephemeral challenges brought forward by next-generation cloud adoption are the new critical roadblocks that enterprises must solve to achieve rapid business grow: either adopt a technology stack that delivers observability for security or lack the ability to effectively secure your cloud applications.


Cryptographically secured HTTP lambda invocations

A lambda function invocation is when the caller supplies a piece of code to a function, for then to have the other function execute the code the caller supplied. In the following video, I am illustrating how you can securely transmit code over the web, to another server, for then to have the other server execute your code (securely), and return the result of the invocation back to the client. As an additional bonus, all the traffic is encrypted between both parties.
The whole idea is based upon combining two simple ideas; Cryptographic signatures guaranteeing the invocation originated from some trusted party – And sandbox execution environments, assigning rights on a “per keyword level” to some other party, as long as he can establish the code originated from him or her. As a bonus, everything is encrypted back and forth, preventing a malicious adversary to understand what the clients are communicating about. The whole thing works due to cryptographic signatures, being a lookup into “which sandbox” the client is allowed to play in. Hence, a public cryptography key is associated with elevated rights, associated with a particular client.