Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AT&T Alien Labs™ has observed new activity that has been attributed to the Lazarus adversary group potentially targeting engineering job candidates and/or employees in classified engineering roles within the U.S. and Europe. This assessment is based on malicious documents believed to have been delivered by Lazarus during the last few months (spring 2021). However, historical analysis shows the lures used in this campaign to be in line with others used to target these groups.

When you start scanning your container images, it can be disconcerting to discover that you have large numbers of vulnerabilities. Below is a scan I did last week on a vulnerable node image that I built. While a fairly extreme example, you can see that this image out of the box is showing as having over 800 vulnerabilities in it.

When did you first see a network operations center (NOC)? For me, it was 1983 at BBN in Cambridge. With some whiteboards, a few terminals, and a handful of chairs, it was modest compared to ones I’ve seen since–but it was also the NOC for the whole internet at the time. Even then, that significance made it a pretty cool place.

Ransomware attacks are on a steep upward trend and the gradient isn't softening its progression. In Q3 2020, ransomware attacks have increased globally by 40% to 199.7 million cases. In the U.S. alone, attacks have increased by 139% year-over-year, totaling 145.2 million cases in Q3 2020. The impetus to the sudden recent spike in ransomware attacks, was the dramatic shift from a linear attack model, to an insidious multi-dimensional Ransomware as a Service model.

Data leaks happen once every few months at least. Millions of users can have their phone number, address, and Social Security Number smeared across the internet in a matter of seconds. Your online browsing behavior is also sold legally by tech companies to the highest bidder. Ever seen an ad that is a little too specific? Most major tech companies rely on some form of data harvesting for revenue. As consumers, should we do anything? Can we do anything?

I was recently asked to host a round table discussion on ‘Governance, Risk and Compliance‘ (GRC), and I have to admit I was more than a little excited. Why? Because the other people around the table were leading lights in the world of Cybersecurity, Risk and Resilience, and I was looking forward to exploring how a GRC framework can work across industries and learning some valuable lessons from those around our virtual table.

Google recently released the new Cloud Security Foundations Guide. We’re going to take apart Google’s guide and show you what’s worth looking into. First, an introduction. “This comprehensive guide helps you build security into your Google Cloud deployments.” – Google What’s going on: Google Cloud Services are out there, being deployed in the wild, untamed. This guide is Google’s self-proclaimed “opinionated” view on keeping them safe.

You just started reading this blog post. But are you reading it alone? Or is there a “man in the middle” watching and recording everything you do online? While it may sound like a plot from a Hollywood blockbuster, the reality is far from amusing. A man-in-the-middle (MitM) attack can quickly occur when an unsuspecting victim joins the same public Wi-Fi network as a malicious attacker, for example, at a cafe.

The recent slate of breaches and regulatory actions has prompted many companies who had been doing the minimum in terms of proactive cyber risk management to rethink their approach. In the U.S., new regulations are emerging (for states like Virginia, Colorado, Massachusetts and many others), and existing regulators are increasing their enforcement, as we’ve seen by the NY Dept of Financial Services (NYDFS) and the SEC.

SpecterOps recently released an offensive security research paper that details techniques enabling an adversary to abuse insecure functionality in Active Directory Certificate Service. SpecterOps reports that abusing the legitimate functionality of Active Directory Certificate Service will allow an adversary to forge the elements of a certificate to authenticate as any user or administrator in Active Directory.