Select Page
Protecting Your Company’s Digital Footprint

Protecting Your Company’s Digital Footprint

Managing your digital footprint—the data trail left behind by employees’ or a company’s online activity—is key to preserving your brand’s reputation and security. Only 5% of companies’ folders properly protected, so we created a guide to help businesses understand what’s in a digital footprint and what steps to take to secure it. 

The guide breaks down the digital assets that make up a digital footprint and the security threats that forgotten digital breadcrumbs can pose, like identity theft and social engineering attacks. It also covers actionable steps businesses can take to map their own digital footprints and ensure their data is secure.

View the full visual by clicking the button below.

images from Panda Security

Both Sides in Russia-Ukraine War Heavily Using Telegram for Disinformation and Hacktivism

Both Sides in Russia-Ukraine War Heavily Using Telegram for Disinformation and Hacktivism

Cyber criminals and hacktivist groups are increasingly using the Telegram messaging app to coordinate their activities, leak data, and spread disinformation, as the Russia-Ukraine conflict enters its eighth day.

A new analysis by Israeli cybersecurity company Check Point Research has found that “user volume grew a hundred folds daily on Telegram related groups, peaking at 200,000 per group.”

Prominent among the groups are anti-Russian cyber attack groups, including the Ukraine government-backed IT Army, which has urged its more 270,000 members to conduct distributed denial-of-service (DDoS) attacks against Russian entities.

Other hacktivist-oriented Telegram groups used to coordinate the attacks on Russian targets via DDoS, SMS or call-based attacks are Anna_ and Mark_, Check Point researchers noted.

That said, there may be more to these attacks than meets the eye. “It seems that many of the hacktivist groups are more focused on building self-reputation and receiving credit for supporting Ukraine or Russia, than to cause real damage to the countries,” the researchers said.

Furthermore, cyber criminals are looking to capitalize on the conflict through Telegram groups containing tens of thousands of users that aim to “raise funds for Ukraine” and broadcast unverified news reports in an attempt to circumvent mainstream media.

Telegram, for its part, said it may potentially consider partially or fully restricting certain channels so as to prevent malicious actors from abusing the platform to “deepen conflicts.”

The messaging app, which has over 500 million active users, has been used for black market activities in the past. In September 2021, more than 10,000 vendors were uncovered selling counterfeit COVID-19 vaccine certificates pertaining to over 25 countries for anywhere between $85 and $200, with some Telegram groups peaking at a follower size as large as 300,000.

images from Hacker News

New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances

New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances

Researchers have disclosed details of a new security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information.

Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all versions starting from 14.4 and prior to 14.8.

Credited with discovering and reporting the flaw is Jake Baines, a senior security researcher at Rapid7. Following responsible disclosure on November 18, 2021, patches were released for self-managed servers as part of GitLab critical security releases 14.8.2, 14.7.4, and 14.6.5 shipped on February 25, 2022.

“The vulnerability is the result of a missing authentication check when executing certain GitLab GraphQL API queries,” Baines said in a report published Thursday. “A remote, unauthenticated attacker can use this vulnerability to collect registered GitLab usernames, names, and email addresses.”

images from Hacker News

Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks

Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks

As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service (DDoS) attacks aimed at its domestic infrastructure.

Some of the noticeable domains in the listing released by Russia’s National Coordination Center for Computer Incidents (NCCCI) included the U.S. Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA), and websites of several media publications such as the USA Today, 24News.ge, megatv.ge, and Ukraine’s Korrespondent magazine.

As part of its recommendations to counter the DDoS attacks, the agency is urging organizations to ringfence network devices, enable logging, change passwords associated with key infrastructure elements, turn off automatic software updates, disable third-party plugins on websites, enforce data backups, and watch out for phishing attacks.

“Use Russian DNS servers. Use the corporate DNS servers and/or the DNS servers of your telecom operator in order to prevent the organization’s users from being redirected to malicious resources or other malicious activity,” the NCCCI added.

“If your organization’s DNS zone [is] serviced by a foreign telecom operator, transfer it to the information space of the Russian Federation.”

The development comes as the ground war has been complemented by a barrage of cyber attacks in the digital domain, with hacktivist groups and other vigilante actors backing the two countries to strike websites of government and commercial entities and leak troves of personal data.

According to global internet access watchdog NetBlocks, Russia is said to have placed extensive restrictions on Facebook access within the country, even as widespread internet outages have been reported in different parts of Ukraine such as Mariupol and Sumy.

That’s not all. Ukraine, which managed to amass a volunteer “IT Army” of civilian hackers from around the world, put out a new set of targets that includes the Belarusian railway network, Russia’s homegrown satellite-based global navigation system GLONASS, and telecom operators like MTS and Beeline.

images from Hacker News

Iran’s MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks

Iran’s MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks

Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat (APT) group in attacks targeting government and commercial networks worldwide.

“MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors,” the agencies said.

The joint advisory comes courtesy of the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the U.K.’s National Cyber Security Centre (NCSC).

The cyberespionage actor was outed this year as conducting malicious operations as part of Iran’s Ministry of Intelligence and Security (MOIS) targeting a wide range of government and private-sector organizations, including telecommunications, defense, local government, and oil and natural gas sectors, in Asia, Africa, Europe, and North America.

MuddyWater is also tracked by the wider cybersecurity community under the names Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros, with the group known for cyber offensives in support of MOIS objectives since roughly 2018.

Besides exploiting publicly reported vulnerabilities, the hacking collective has been historically observed employing open-source tools to gain access to sensitive data, deploy ransomware, and achieve persistence on victim networks.

A follow-on investigation by Cisco Talos late last month also uncovered a previously undocumented malware campaign aimed at Turkish private organizations and governmental institutions with the goal of deploying a PowerShell-based backdoor.

The new activities unmasked by the intelligence authorities are no different in that they make use of obfuscated PowerShell scripts to conceal the most damaging parts of the attacks, including command-and-control (C2) functions.

The intrusions are facilitated via a spear-phishing campaign that attempts to coax its targets into downloading suspicious ZIP archives that either contain an Excel file with a malicious macro that communicates with the actor’s C2 server or a PDF file that drops a malicious payload to the infected system.

“Additionally, the group uses multiple malware sets — including PowGoop, Small Sieve, Canopy/Starwhale, Mori, and POWERSTATS — for loading malware, backdoor access, persistence, and exfiltration,” FBI, CISA, CNMF, and NCSC said.

images from Hacker News