A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

**Summary**

A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

**Tested Versions**

Open Automation Software OAS Platform V16.00.0112

**Product URLs**

OAS Platform - https://openautomationsoftware.com/knowledge-base/getting-started-with-oas/

**CVSSv3 Score**

7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

**CWE**

CWE-319 - Cleartext Transmission of Sensitive Information

**Details**

The OAS Platform was built to facilitate the simplified transfer of data between various proprietary devices and applications. It can be used to connect products from multiple different vendors, connect a product to a custom application, and more.

By default all configuration communication with the OAS Platform is sent in cleartext over TCP/58727. Some configuration commands such as SecureTransferFiles require an OAS User account in an authorized OAS Security Group. When a command with this requirement, or any request from a logged-in OAS Configuration Utility, is sent, the username and base64 password hash is included in the message. If an attacker is sniffing the network during this time it would be possible to extract this information and subsequently use it to successfully send additional configuration commands that require credentials.

A SecureTransferFiles message showing these credentials resembles the following:

    0000   00 0c 29 5e b3 62 c4 b3 01 c3 ba c9 08 00 45 00   ..)^.b........E.
    0010   02 b6 00 00 40 00 40 06 a2 4f c0 a8 0a 6a c0 a8   ....@.@..O...j..
    0020   0a 38 c4 ea e5 67 18 9e 24 8a 19 e0 9f df 80 18   .8...g..$.......
    0030   08 0a b5 4d 00 00 01 01 08 0a 36 5a a0 6d d6 19   ...M......6Z.m..
    0040   2e 41 00 00 00 00 00 d0 83 40 00 01 00 00 00 ff   .A.......@......
    0050   ff ff ff 01 00 00 00 00 00 00 00 10 01 00 00 00   ................
    0060   03 00 00 00 08 08 01 00 00 00 06 02 00 00 00 13   ................
    0070   53 65 63 75 72 65 54 72 61 6e 73 66 65 72 46 69   SecureTransferFi
    0080   6c 65 73 09 03 00 00 00 10 03 00 00 00 04 00 00   les.............
    0090   00 08 08 01 00 00 00 06 04 00 00 00 0d 4d 61 6c   .............Mal
    00a0   69 63 69 6f 75 73 55 73 65 72 06 05 00 00 00 20   iciousUser..... 
    00b0   31 4d 5a 4a 32 58 54 65 41 77 69 38 38 2b 61 59   1MZJ2XTeAwi88+aY
    00c0   78 62 55 30 37 76 2b 6b 34 47 57 4a 69 56 50 78   xbU07v+k4GWJiVPx
    00d0   09 06 00 00 00 10 06 00 00 00 01 00 00 00 09 07   ................
    00e0   00 00 00 10 07 00 00 00 04 00 00 00 08 08 01 00   ................
    00f0   00 00 06 08 00 00 00 13 2f 68 6f 6d 65 2f 6f 61   ......../home/oa
    0100   73 75 73 65 72 2f 2e 73 73 68 2f 06 09 00 00 00   suser/.ssh/.....
    

**Mitigation**

The easiest way to mitigate attempts to exploit this vulnerability is to ensure that proper network segmentation is in place such that an attacker has the smallest possible access to the network on which the OAS Platform communicates. Additionally use a dedicated user account to run the OAS Platform, and ensure that user account does not have any more permissions than absolutely necessary.

**Timeline**

2022-03-16 - Vendor Disclosure  
2022-05-22 - Vendor Patch Release  
2022-05-25 - Public Release  

Discovered by Jared Rittle of Cisco Talos.

CVE-2022-26077: TALOS-2022-1490 || Cisco Talos Intelligence Group

New threat hunting and risk identification service provides organizations with an enterprise-wide baseline of their threat landscape and risk exposure.

San Jose, Calif., 24 May 2022 – Forescout Technologies, the leader in automated cybersecurity, today announced the launch of Forescout Frontline, a new threat hunting service utilizing a team of highly-trained cybersecurity analysts to support cybersecurity teams by proactively identifying risks, enabling accelerated incident response, and maturing security posture. Forescout is offering this complimentary service for organizations that lack the internal resources and visibility to defend themselves from cybersecurity attacks, including ransomware and advanced persistent threats (APT).

“Cybersecurity attacks are on the rise. Simultaneously, cybersecurity teams are perennially understaffed and under resourced. This has created a perfect storm,” said Shawn Taylor, vice president of threat defense. “Organizations are under immense pressure to cope with the scale and speed of attacks and the havoc caused by the adversaries. Forescout is launching this new service to help organizations defend against attacks by providing a complete and holistic view of their assets.”

Many organizations use multiple security tools across multiple teams to help identify threats and risks. However, insights may be limited due to siloed views of IT, IoT, IoMT or OT assets. Typically, a variety of these asset types exist across an organization’s digital terrain and are often interconnected, which means cybersecurity risk must be identified and tackled holistically.

Delivered by Forescout Frontline analysts, the Threat Hunting and Risk Identification Service overcomes staffing resources and asset visibility challenges to uncover threats and identify risks that may otherwise remain undiscovered. Forescout Frontline will help organizations:

Discover, validate and prioritize a wide variety of cyber threats and vulnerabilities across all assets, including IT, IoT, IoMT and OT

Analyze the context and risk associated with all findings

Leverage the comprehensive insights to develop effective risk mitigation and remediation strategies

A State of Florida Agency, which supports several key Florida departments, engaged Forescout Frontline to understand each instance of Log4j, a zero-day vulnerability in a popular Java logging framework, across the organization’s 220 sites in 16 diverse divisions. In less than a day and a half, Forescout Frontline delivered insights into thousands of assets with vulnerabilities such as Log4j and Windows-based PrintNightmare. Additionally, hundreds of Critical CVSS-rated vulnerabilities affecting infrastructure devices such as switches and routers were found. Finally, actionable intelligence concerning critical embedded IoT TCP-IP stack-based instances such as NUCLEUS: 13 and RIPPLE 20, insecure communications, and other risks were also discovered. Leveraging this free service shrunk time to mitigation and remediation of these security gaps and improved overall security posture.

“When Log4J broke, we knew it was a critical issue, but we lacked a full picture of the risk within our extended enterprise. The \[Forescout threat hunting\] report was way more thorough than I expected, with in-depth information and actionable intelligence. Not just on Log4j but on other critical vulnerabilities as well, and not just in general terms but exactly where they exist in our environment.” – Information Security Manager, State of Florida Agency

Forescout Frontline levels the cybersecurity playing field by operationalizing the vulnerability research and threat intelligence produced by Forescout’s Vedere Labs and enhancing it with the Forescout Continuum Platform to provide threat hunting services across multiple dimensions. Forescout Frontline analysts include former public sector and private sector threat hunters with training in threat detection and incident response.

To learn more about Forescout Frontline visit here and for further insight into how a State of Florida agency benefitted from this new service visit here.

**About Forescout**

Forescout Technologies, Inc. delivers automated cybersecurity across the digital terrain, maintaining continuous alignment of customers’ security frameworks with their digital realities, including all asset types – IT, OT, IoT, IoMT. The Forescout Continuum Platform provides complete asset visibility, continuous compliance, network segmentation and a strong foundation for Zero Trust. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide automated cybersecurity at scale. Forescout arms customers with data-powered intelligence to accurately detect risks and quickly remediate cyberthreats without disruption of critical business assets.

Managing cyber risk, together.

Forescout Launches Forescout Frontline to Help Organizations Tackle Ransomware and Real Time Threats

Experience Centre features emerging Mastercard products and solutions for securing digital payments on a global scale, including those developed locally in Vancouver.

**MAY 25, 2022**

  
Today, Mastercard unveiled the "Experience Centre” at its _Global Intelligence and Cyber Centre of Excellence_ (“Centre of Excellence”) in Vancouver, BC, where local, national and international tech communities are invited to collaborate on cyber security innovation. The Experience Centre also features emerging Mastercard products and solutions that are already securing digital payments on a global scale, including those developed locally in Vancouver.

“Rapid advancements in digital technology have changed the way we shop, pay, work and interact, but with increased convenience comes increased risk,” said Sasha Krstic, President of Mastercard Canada. “Building on the world-class innovations developed at our Centre of Excellence in Vancouver, this new Experience Centre offers a venue for much-needed industry collaboration to anticipate and neutralize ever-expanding cyber threats to our global digital economy.”

Announced in 2020, Mastercard’s _Global Intelligence and Cyber Centre of Excellence_ is leading innovation in cyber and intelligence (C&I), artificial intelligence (AI) and the Internet of Things (IoT). Research from the Centre is already enhancing Mastercard solutions, combining the Centre’s biometric security algorithms with existing cyber capabilities is creating new approaches to enhance online security. In just two-and-a-half years, the Centre of Excellence is making quick progress against its long-term goals, such as:

*   **filing more than 30 local patents** that will secure cyberspace by building confidence in our connected devices, reducing the presence of malicious bots, bad human actors, and establishing a seamless experience for online interactions; and
*   **creating and maintaining more than 230 quality tech jobs to date,** ranging from software engineers to data scientists to product and program managers, with many more roles to fill.

“We are achieving this unprecedented level of cyber security innovation by attracting top talent from across Canada and the world to work smarter, better and faster in a creative, inclusive environment embedded in Vancouver’s vibrant tech community,” said Sasha Krstic. “Mastercard’s Centre of Excellence is not only making digital payments safer for consumers and businesses everywhere, it’s helping cement Canada’s role as a global powerhouse in cyber security innovation.”

  
Investing in Canadian Innovation

Mastercard has significantly expanded its technology footprint in Canada over the past five years. In 2020, Mastercard announced **a $510 million CAD investment** **to establish the _Global Intelligence and Cyber Centre of Excellence_ in partnership with the Government of Canada** to achieve their shared vision of building a better, more secure digital economy for everyone by leveraging Canadian innovation. This builds on the acquisitions of Vancouver-based NuData Security and Toronto-based Ethoca.

As part of its ongoing commitment to strengthening Canadian innovation, **Mastercard has proudly invested more than $6.3 million in strategic partnerships and knowledge-sharing** across Canada’s entire tech ecosystem through the _Global Intelligence and Cyber Centre of Excellence_ to-date. These investments are designed to:

*   scale C&I research and development (R&D) and bring Canadian innovations to market faster, making the global digital economy more secure;
*   nurture next-gen Canadian talent and expand STEAM opportunities for underrepresented groups, as true cyber security demands that diverse talent drive inclusive innovation; and
*   provide small businesses and entrepreneurs with the same cyber security tools and protection as larger enterprises so Canada’s economy can continue to thrive.

  
Strategic partnerships and community investments announced by Mastercard include:

*   **Digital Main Street:** creating engagement tools that help Canadian “mom and pop” businesses become more cyber aware, as well as 10 post-graduate internship spaces at the Mastercard _Global Intelligence and Cyber Centre of Excellence_ over five years;
*   **Canadian Federation of Independent Business (CFIB):** creating gamified, mobile-first cyber training for small- and medium-sized businesses;
*   **Pow Wow Pitch:** sponsoring a new tech stream in the Indigenous Entrepreneurship Program;
*   **Mitacs:** creating 50 internships at Mastercard’s _Global Intelligence and Cyber Centre of Excellence_ for graduate students across Canada over five years;
*   **University of New Brunswick:** funding the Mastercard Research Chair in IoT and a new Cyber Security Research Lab;
*   **Rogers Cybersecure Catalyst:** accelerating cyber security training and young leader development at Toronto Metropolitan University;
*   **Science World:** developing STEAM training for girls in grades 2 to 9 through the “Tech-Up” program; and
*   **Girls4Tech:** expanding cyber programming for Canadian girls.

  
“Vancouver and Canada more broadly are brimming with talent and expertise in a range of STEM fields, including cyber and intelligence,” said Mansur Mirani, VP of the Mastercard Global Intelligence and Cyber Centre of Excellence in Vancouver. “Investments across our tech ecosystems, especially in diverse communities, unlocks additional potential in our knowledge economy that will keep Canada on the forefront of global cyber security innovation for generations to come.”

Mastercard Launches Cybersecurity “Experience Centre”

Company will detail enhancements to Vulnerability Management, Detection and Response solution next month.

FOSTER CITY, Calif., May 25, 2022 /PRNewswire/ -- Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced it is holding the Qualys Security Conference (QSC) San Francisco in tandem with RSAC on June 7-8.

At the event, Qualys will unveil significant updates to the company's Vulnerability Management, Detection and Response (VMDR) solution. The new enhancements redefine how enterprises manage cybersecurity risk with an unprecedented capability to prioritize and remediate at scale.

Through keynotes, live demonstrations, customer presentations, training sessions and networking, the Qualys customer community will dive into the profound impact of the digital journey and converse on best practices and case studies on risk management and security automation.

The week will feature talks from Qualys experts, customer success stories and a feature keynote at the Cloud Security Alliance CxO Trust Summit:

**Qualys QSC San Francisco Featuring VMDR Live  
**QSC San Francisco will be held in person at the Palace Hotel in San Francisco. To view the full schedule and to register for the event, visit the website.

**Highlights include:**

*   **Sumedh Thakar, President and CEO:** Security Automation for the Digital Journey
*   **Nagi Prabhu, Chief Product Officer:** Bringing the Unified Power of the Qualys Cloud Platform to Address Today's Security Challenges
*   QSC customer presentations from **First American Financial** and others.
*   **VMDR LIVE:** Redefining Cybersecurity Risk Management with VMDR
    *   Introducing VMDR 2.0 with TruRisk
    *   Fireside chat with Brian Penn, **Aflac**
    *   Join VMDR Live virtually at www.qualys.com/vmdr-live.
*   **Qualys Cocktail Reception:** Come network with Qualys experts, customers and industry practitioners on Tuesday, June 7 at 6:00 pm PT at the Palace Hotel.
*   **Training Sessions:** On Wednesday, June 8, Qualys will lead two training courses, including an introduction to Qualys VMDR and How to Manage and Secure Your Container Assets.

**Qualys at RSAC  
**Attendees with RSAC credentials are welcome to join the following RSAC events to network with industry peers and learn more about Qualys:

*   **CxO Trust Summit at RSAC****: Jonathan Trull, CISO at Qualys:** Measuring the Maturity of Your Cloud Security Program. June 6, 8:30 am – 3 pm PT, RSAC – Moscone Center South, level 3
*   **DevOps Connect – DevSecOps @RSAC****:** Connect with the Qualys DevOps team to learn more about VMDR and our cloud-based IT, security and compliance solutions. June 7, 8:30 am – 4 pm PT, RSAC – Moscone Center South

**About Qualys**  
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based Security, Compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.

The Qualys Cloud Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit www.qualys.com.

Qualys to Unveil VMDR 2.0 at Qualys Security Conference in San Francisco

Corelight Investigator aids threat hunting and investigation through intelligent alert aggregation, built-in queries and scalable search

SAN FRANCISCO, May 25, 2022 /PRNewswire/ -- Corelight, the leader in open network detection and response (NDR), today announced Corelight Investigator, a SaaS-based solution that extends the power of open-source driven network evidence to SOC teams everywhere. Investigator delivers advanced capabilities for transforming network and cloud activity into evidence in a fast, intuitive platform that is easy to deploy and use.

Based on insights learned from savvy defenders in the Zeek open source community, Corelight Investigator provides not only advanced analytics and open access to the best network evidence, but the ability to do custom evidence enrichment unique to each environment. With Corelight Investigator, security teams can quickly accelerate threat hunting and investigations by mapping threat activity across the MITRE ATT&CK® framework and reduce alert volume with intelligent alert scoring.

"We believe that evidence is at the heart of cybersecurity for any organization," said Brian Dye, CEO of Corelight. "We have the privilege of working with defenders of critical infrastructure that can afford data lake architectures and in-house analytics teams to execute their evidence-driven cyber strategy. Corelight Investigator brings the design patterns of those elite defenders to the broader enterprise by combining advanced analytics and threat hunting capability with the power of Zeek, the industry de-facto standard for network evidence."

**Full network visibility with next-level analytics  
**Corelight Investigator brings complete visibility of the network, both on-premise and in the cloud, with evidence that spans months and years, not days and weeks. Customers can leverage machine learning, behavioral analysis, threat intelligence and signatures, mapped to the MITRE ATT&CK framework, to enable broad coverage of network-centric threats.

This evidence leads to specialized detections and enables the threat hunting necessary for advanced, persistent, and personalized attacks. In addition, it supports custom enrichment of network evidence - such as asset information, vulnerabilities, or per-asset context - and links threat hunting and incident response through custom alerts, queries, and dashboards.

"Unlike competitive 'closed' solutions, Corelight Investigator brings a new level of openness to the SaaS NDR market that enables customers to fully understand the logic behind machine learning based detections, and freely integrates these alerts with their existing tools for the broadest coverage," said Clint Sand, senior vice president of product for Corelight.

**Powered by open source and novel research  
**"Along with the advanced analytics that Corelight Labs provides, another advantage of Corelight Investigator is its ability to harness the analytical power of the open source Zeek and Suricata communities. That provides broad-based threat coverage including rapid zero-day response capabilities," said Vern Paxson, co-founder and chief scientist for Corelight. "The open-source nature of Zeek helps us illuminate _why_ a detection happened, as well as rich information about its surrounding context."

Corelight Investigator customers can access richly detailed, interlinked Zeek logs including access to DNS responses, file hashes, SSL as well as logs created by Corelight Labs - which continually creates new analytics for evolving threats and vulnerabilities using cross-customer visibility with the speed of SaaS – for both investigating those alerts and enabling threat hunting.

"As attacks continue to evolve and grow in sophistication, security teams need NDR solutions that provide not only timely and accurate detections, but the supporting context to respond quickly and effectively," said John Grady, senior analyst with ESG. "Corelight meets these requirements by bringing rich network evidence from its decades-long open source Zeek heritage, combined with novel analytics from an array of inferences, making it a powerful contender in the space."

**University of Missouri powers network visibility with Corelight Investigator  
**For many organizations, it is not possible to staff a full security or development team dedicated to parsing the expansive volumes of network traffic. This is true for the research and support services team at the University of Missouri that needed a solution that could provide full network visibility without the management overhead and other fine-tuning often required with competing solutions.

"We are a large university and we need to have full network visibility," said Aaron Scantlin, security analyst at University of Missouri. "It was simple to set up, which means the rest of my time is spent doing advanced analysis and other work."

In addition, Corelight Investigator quickly identifies threats on the network so the team can take immediate action as well as provides access to the raw data for additional investigation.

"Corelight Investigator ingests events so that we can query them in a snap," said Scantlin. "It improves our security posture by providing instant access to events we need to act on."

**Pricing and availability  
**Corelight Investigator joins the Corelight Sensor product portfolio and will be generally available in June. Corelight customers and prospects can contact sales directly for pricing information. More information Corelight Investigator can be found on the Corelight website.

**About Corelight  
**Corelight provides security teams with network evidence so they can protect the world's most critical organizations and companies. Corelight's global customers include Fortune 500 companies, major government agencies, and large research universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek®, the widely-used network security technology. For more information, www.corelight.com.

Corelight Announces New SaaS Platform for Threat Hunting

According to the findings, vishing attacks have overtaken business email compromise as the second most reported response-based email threat since Q3 2021.

MINNEAPOLIS, May 23, 2022 /PRNewswire-PRWeb/ -- Vishing (voice phishing) cases have increased almost 550 percent over the last twelve months (Q1 2022 to Q1 2021), according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs, both of which are part of the HelpSystems cybersecurity portfolio.

In Q1 2022, Agari and PhishLabs detected and mitigated hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands. The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape.

According to the findings, vishing attacks have overtaken business email compromise (BEC) as the second most reported response-based email threat since Q3 2021. By the end of the year, more than one in four of every reported response-based threat was a vishing attack, and this makeup continued through Q1 2022.

"Hybrid vishing campaigns continue to generate stunning numbers, representing 26.1% of total share in volume so far in 2022," said John LaCour, principal strategist at HelpSystems. "We are seeing an increase in threat actors moving away from standard voice phishing campaigns to initiating multi-stage malicious email attacks. In these campaigns, actors use a callback number within the body of the email as a lure, then rely on social engineering and impersonation to trick the victim into calling and interacting with a fake representative."

Additional Key Findings

*   Social media impersonation attacks are on the rise. Since Q2 2021, the volume of brand impersonations increased 339% and executive impersonations 273%. According to the findings, brands prove to be convenient targets for threat actors, especially when associated with retail counterfeit operations. However, for some unique attacks, executive accounts are preyed on to make the spoofs seem more realistic.
*   Credential theft email scams continue to be the most common email threat type reported by employees, contributing to nearly 59% of all threat types encountered. Credential theft reports increased 6.9% in volume from Q4 2021.
*   The malware landscape continues to be ever changing. Qbot was once again the payload of choice for threat actors attempting ransomware attacks, but Emotet reemerged in Q1 and was the second leading payload.
*   While nearly half of all phishing sites rely on a free tool or service for staging, Q1 2022 was the first quarter in five consecutive quarters where paid or compromised services (52%) outnumbered free solutions for the use of staging phishing sites.

"As the variety of digital channels organizations use to conduct operations and communicate with consumers expands, bad actors are provided with multiple vectors to exploit their victims," added LaCour. "Most attack campaigns are not built from scratch; they are based on reshaping traditional tactics and incorporating multiple platforms. Therefore, to remain secure, it's no longer effective for organizations to only look within the network perimeter. They must also have visibility into a variety of external channels to proactively gather intelligence and monitor for threats.

"Additionally, security teams should invest in partnerships that will ensure the swift and complete mitigation of attacks before they result in reputational and financial damage."

Additional Resources

To learn more about the report findings, attend the live webinar at 2 PM EST on Tuesday, May 24 or watch on-demand: https://www.phishlabs.com/webinars/details/?commid=541642.

To access the complete Agari and PhishLabs Quarterly Threat Trends & Intelligence Report, visit: https://info.phishlabs.com/quarterly-threat-trends-and-intelligence-may-2022.

About Agari by HelpSystems  
Agari restores trust to your inbox by increasing overall email deliverability and preserving brand integrity. It does this through an identity-centric approach that uniquely learns sender-receiver behavior. This model protects customers, partners, and employees from devastating phishing and socially engineered attacks, such as inbound business email compromise, supply chain fraud and account takeover-based attacks, as well as from outbound email spoofing. Visit http://www.agari.com to learn more.

About PhishLabs by HelpSystems  
PhishLabs by HelpSystems is a cyber threat intelligence company that delivers Digital Risk Protection through curated threat intelligence and complete mitigation. PhishLabs provides brand impersonation, account takeover, data leakage and social media threat protection in one complete solution for the world's leading brands and companies. For more information visit http://www.phishlabs.com.

About HelpSystems  
HelpSystems is a software company focused on helping exceptional organizations secure and automate their operations. Our cybersecurity and automation software protects information and simplifies IT processes to give our customers peace of mind. We know security and IT transformation is a journey, not a destination. Let's move forward. Learn more at http://www.helpsystems.com.

Vishing Attacks Reach All Time High, According to Latest Agari and PhishLabs Report

Purporting to publish leaked emails of pro-Brexit leadership in the UK, a new site's operations have been traced to Russian cyber-threat actors, Google says.

A new website has popped up called Very English Coop d'Etat, publishing what it claims are private emails from pro-Brexit leadership in the UK in an attempt to gin up conspiracy theories around the country's split from the European Union.   

Both UK foreign intelligence and Google's cybersecurity team confirmed that Russian cyberattack group Cold River is behind the campaign, according to Reuters. 

Steve Huntley, with Google's Threat Analysis Group, said that this campaign has "clear technical links" to other Cold River disinformation campaigns, according to the report.

Victims of the leaks include former MI6 spy agency head Richard Dearlove, public Brexit supporter Gisela Stuart, and historian Robert Toombs, according to the report, who say their accounts were breached by Russian government actors. 

Reuters added that this incident is the second time since 2020 that Moscow-backed cyberattackers have stolen and leaked private emails from British national officials. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Brexit Leak Site Linked to Russian Hackers

Implement zero-trust policies for greater control, use BYOD management tools, and take proactive steps such as keeping apps current and training staff to keep sensitive company data safe and employees' devices secure.

Mobile workers are productive and often essential to a business's success, but it puts an immense amount of pressure on IT to protect the company's corporate apps and data while maintaining worker privacy.

Bring your own device, also known as BYOD, challenges corporate security protocols and IT staff to protect their intellectual property and keep hackers at bay.

**BYOD Security Risks  
**When the pandemic first hit, organizations were forced to shift from mainly supporting corporate-owned, fully managed devices to supporting personal devices used for work purposes. This abrupt move to remote work forced companies to quickly shift their networking and security capabilities, creating a large amount of risk to their organization. Without proper security measures in place, these unmanaged BYOD devices grant employees access to company resources and sensitive data, which poses a potential risk for sensitive data to be leaked, inadvertently or on purpose.

With over 58% of employees saying their use of personal devices for work purposes increased during the COVID-19 pandemic, shortcuts were destined to be taken with the quick shift to remote work and BYOD. We saw IT teams prioritizing and investing in network access capabilities rather than remote security. With 84% of survey respondents saying they didn't invest in data protection, it's doubtful their security measures increased during the duration of the pandemic. As employees start to return to the office and regain access to even more company resources and sensitive data, their use of BYOD at work could expose their company to new risks.

Here's a spring-cleaning checklist to keep your employee's devices secure for their return to office and beyond:

**Step 1: Improve your BYOD security policy.** If you don't have a BYOD security policy, create one now! For the 39% of organizations that have a formal policy in place, ask yourself if your company's BYOD security policy is restrictive or too vague and adjust as needed. Consider employee's privacy and productivity concerns when making improvements to the policy.

**Step 2: Implement zero-trust security.** With 72% of organizations around the world that have either adopted or are in the process of planning or adopting zero trust, it has become the new business standard for reliable security in our "work-from-anywhere" world. Whether you're working in the office, checking your email in the airport, or working from home, zero-trust security expands beyond a company's security perimeter. Zero trust prescribes that every resource — including devices — must be assessed for potential risks or policy violations before gaining access to corporate data, giving greater control over a BYOD environment.

**Step 3: Make use of BYOD management tools.** It's difficult for companies to manage a fleet of devices across multiple departmental disciplines and mobile device management (MDM) software can help make it simple and easy. Various core functions of MDM ensure that devices are remotely available for auditing, update over the air, that software runs effectively, and devices are available for remote diagnosis and troubleshooting. According to Markets and Markets, the MDM market is anticipated to grow to $15.7 billion by 2025.

**Step 4: Keep your apps and their components up to date.** Each day, hundreds of vulnerabilities are discovered in the mobile and web space, and patches are released regularly. Developers should incorporate these patches in their applications and encourage their users to regularly update their app and their operating systems. This ensures that hackers who try to exploit these known vulnerabilities will be unsuccessful.

**Step 5: Empower employees with information.** According to Trustlook, more than 50% of employees haven't received formal instructions for how to safely use BYOD in the workplace. One of the biggest things companies can do to make sure BYOD devices are secure is empowering employees with information to understand how their devices can be risky to the company's data and create vulnerabilities. Without understanding the cause and effect of BYOD devices to the company, employees won't value a BYOD security policy.

**Step 6: Mitigate future mobile application security issues.** Don't let the wrong mobile security strategy result in customer data being stolen or misused by a cyber scam. Encourage your employees to scan all their mobile apps whether they're for personal or business use.

**Choosing Your Path  
**Large organizations with distributed and often multinational operations need to ensure employees use the latest technologies without putting corporate data and intellectual property at risk. Hybrid and remote work are here to stay, and the demand for BYOD will continue to increase. Determine which security tools and strategies are right for your organization and start implementing them before they cost you in the long run.

Spring Cleaning Checklist for Keeping Your Devices Safe at Work

In just one month, the ransomware group's activity rose by 2,100%, a new report finds.

While on the whole the ransomware landscape remained fairly stable between March and April, a new analysis shows a sizable hike in attack activity from the CLOP ransomware group.

The NCC Group April Threat Pulse update says that the CLOP ransomware group leapfrogged from dead last to the fourth most active group for the month, a 2,100% increase over March. 

The industrial sector was most targeted in April, suffering 35% of ransomware attacks, followed by consumer cyclicals (19%) and technology (10%), according to NCC. 

CLOP appears to favor targeting the industrial and technology sector, the researchers warn. 

"The increase in CL0P's activity seems to suggest they have returned to the threat landscape," Matt Hull, global lead for strategic threat intelligence at NCC Group, said in a statement about the new ransomware group activity findings. "Organizations within CL0P's most targeted sectors — notably industrials and technology — should consider the threat this ransomware group presents, and be prepared for it." 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

CLOP Ransomware Activity Spiked in April

Illicit trade still flourishing despite recent law enforcement takedowns

Illicit trade still flourishing despite recent law enforcement takedowns

Markets that trade in stolen credit card details have been a staple of the underground scene for years but recent cybercrime busts – along with sanctions stemming from the war in Ukraine – are putting the squeeze on cybercriminals.

Carding shops offer a platform to buy and sell stolen card data, which is often sourced directly from breaches or malware-infected point-of-sale (POS) terminals, as well as from skimming devices attached to POS terminals and ATMs.

Recent law enforcement busts had led to a wave of card shop closures. For example, the at the time largest illicit marketplace for stolen payment card data, Joker’s Stash, closed in February 2021.

In early February this year, Russian law enforcement agencies also seized four major card shops – Trump's Dumps, FERum, SkyFraud, and Ultimate Anonymity Services (UAS).

**Follow the money**

An analysis by Blueliv into the state of underground card shops focused on Brian’s Club and Rescator as currently active shops, comparing them with two inactive shops, FERum and All World Cards. Rescator used to be one of the biggest card shops until 2019, when it went offline and encountered a lengthy hiatus before unexpectedly returning in mid-2021.

“Rescator’s case demonstrates how this landscape can be highly volatile and that inactive card shops are not always permanently gone,” a blog post on by Blueliv, the threat intel division of security vendor Outpost24, notes.

Blueliv concludes that the underground carding market remains febrile.

“The card shop ecosystem is deeply impacted by different actors, events, historical moments, the adoption of security policies, and other factors,” Blueliv said. “Law enforcement agencies have a huge impact on the landscape, but personal reasons might lead criminals to withdraw from the carding scene.”

Blueliv’s research was presented at the recent Botconf 2022 conference in Nantes.

**Eastern front**

Geo-political factors as well as the security policy of e-commerce providers can impact the availability of products for illicit shops, which also impacts the overall landscape.

For example, more countries adopt security chips instead of magnetic stripes in their payment systems, meaning that magnetic strip card data dumps have less utility. Data dumps containing card info plus CVV values however have greater utility because they enable online fraud.

Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows, told The Daily Swig that sanctions against Russia following its invasion of Ukraine in February have impeded the ability of cybercriminals to realize the profits from their illegal activity.

“The ongoing conflict between Russia and Ukraine has resulted in some of the most significant economic sanctions in history being directed against Russia,” Morgan explained.

“This has also coincided with numerous providers shutting down their operations in Russia; Russian users looking to cash out through certain gift cards – for example Amazon or Paypal – may find this more difficult as such services are no longer available in their country of origin.”

Read more of the latest news about cybercrime

Recent changes have made it harder for entry-level cybercriminals to start making money, according to Morgan.

“Due to increasing sophistication of controls and user awareness, carding often requires a greater level of skills,” Morgan explained.

“A user will be required to steal the initial credentials – potentially by using skimmer on point of sale (POS) machines – parse logs from the affected machines for carding info, set up accounts on the relevant criminal marketplaces, and potentially also assist buyers with money laundering services.”

Morgan added: “Often, this necessitates several individuals working as a team, rather than one person who is capable of completing the entire carding attack on their own. This makes entry into the carding space more difficult for amateur cybercriminals who do not have those initial connections in the carding space.”

YOU MAY ALSO LIKE Ransomware scourge increases global data breach woes

Tag

#intel