Welcome to this week’s edition of the Threat Source newsletter.
I’m fascinated by how things live and die on the internet. Things that are ubiquitous to our daily lives are simply gone the next. LiveJournal and Myspace we hardly knew you. Elon Musk’s purchase

Thursday, November 3, 2022 16:11

Welcome to this week’s edition of the Threat Source newsletter.

I’m fascinated by how things live and die on the internet. Things that are ubiquitous to our daily lives are simply gone the next. LiveJournal and Myspace we hardly knew you. Elon Musk’s purchase of Twitter and the subsequent exodus led me down the nostalgic path of thinking about how times change and platforms change but things largely remain the same. Until now. We’ve grown as an entire internet community and we remember the pain of moving from app to app and site to site. Many top infosec follows have deactivated their accounts while others are weighing when and if they will leave. Several have moved to decentralized solutions like mastodon.social which saw an uptick of more than 70,000 new users in a single day after the purchase was official. In theory Mastadon can’t be controlled by a single person or entity and to me it feels like this is the next step in our path as an internet community. Will it catch on and be the answer to all of our needs? Doubtful. It is a step in the evolution of the internet and I’m very interested to see what the next adaptation brings.

**The one big thing**

Cisco Talos Incident Response recently released their Quarterly Report highlighting the ransomware and pre-ransomware engagements, making up nearly 40 percent of threats this quarter. This quarter saw ongoing Qakbot, Hive, and Vice Society activity as well as the emergence of Black Basta, which first surfaced in April 2022. Adversaries continue to leverage not only LoLBins but a variety of publicly available tools and scripts hosted on GitHub repositories or free to download from third-party websites to support operations across multiple stages of the attack lifecycle. Defenders continue to struggle with MFA rollouts, as lack of MFA remains one of the biggest impediments to enterprise security. Nearly 18 percent of engagements either had no MFA or only had it enabled on a handful of accounts and critical services.

**Why do I care?**

Understanding the current tools and trends used by attackers, as well as understanding the vulnerabilities that are targeted are intrinsic to good security posture. Knowing your environment is step one. Understanding that same environment from the view of the attacker is the next step. Per the report “In nearly 15 percent of engagements this quarter, adversaries identified and/or exploited misconfigured public-facing applications by conducting SQL injection attacks against external websites, exploiting Log4Shell in vulnerable versions of VMware Horizon, and targeting misconfigured and/or publicly exposed servers.”

**So now what?**

Ensuring that you know your environment and are covering the base of the security pyramid well is critical. Patch, self-assess, and follow trusted threat intelligence sources. Talos IR recommends disabling VPN access for all accounts that are not using two-factor authentication and to disable or delete inactive accounts from Active Directory to prevent suspicious activity.

For the OpenSSL vulnerability we strongly recommend users mitigate affected OpenSSL systems as soon as possible by upgrading to version 3.0.7. Talos has released coverage across the device portfolio including Snort Rules: 60790, 300306-300307 to protect against exploitation of CVE-2022-3602 and ClamAV signature, Multios.Exploit.CVE\_2022\_3602-9976476-0, to detect malware artifacts related to this threat.

**Top security headlines of the week**

Security researchers were once again falsely implied by a ransomware gang in an effort to indicate their involvement. This time around Azov implicated BleepingComputer, Hasherazade, MalwareHunterTeam, Michael Gillespie, Lawrence Abrams, and Vitali Kremez, urging infected users to contact them via their accounts on Twitter to recover files.

Dropbox was the target of a recent phishing campaign that led to attackers gaining access to code stored in Github and copying 130 code repositories, including third-party libraries, internal software projects, and a few tools and configuration files maintained by the Dropbox security team. The attackers didn't gain access to any user content, passwords, or payment information. The Dropbox security team released a report detailing how they handled the incident.

**Can't get enough Talos?**

*   https://blog.talosintelligence.com/researcher-spotlight-how-azim-khodjibaev-went-from-hunting-real-world-threats-to-threats-on-the-dark-web/
*   https://blog.talosintelligence.com/quarterly-report-incident-response-trends-in-q3-2022/
*   https://blog.talosintelligence.com/openssl-vulnerability/
*   https://youtu.be/KhG6RUZgMas

**Upcoming events where you can find Talos**

BSides Lisbon (Nov. 10 - 11)  
Cidade Universitária, Lisboa, Portugal

SIS(Security Intelligence Summit), 2022.ON (Nov. 29)  
Josun Palace, Seoul

**Most prevalent malware files from Talos telemetry over the past week**

SHA 256:  
9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
MD5: 2915b3f8b703eb744fc54c81f4a9c67f  
Typical Filename: VID001.exe  
Detection Name: Simple\_Custom\_Detection

  
SHA256:  
d5dc790f6f220cf7e42c6c1c9f5bc6e4443cb52d07bcdef24a6bf457153c1d86  
MD5: 69fbf6849d935432bac8b04bdb00fd68  
Typical Filename: KMSAuto++.exe  
Detection Name: W32.File.MalParent

SHA256:  
e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934  
MD5: 93fefc3e88ffb78abb36365fa5cf857c  
Typical Filename: Wextract  
Claimed Product: Internet Explorer  
Detection Name: PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg

SHA 256:  
125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645  
MD5: 2c8ea737a232fd03ab80db672d50a17a  
Typical Filename: LwssPlayer.scr  
Claimed Product: 梦想之巅幻灯播放器  
Detection Name: Auto.125E12.241442.in02

SHA 256:  
00ab15b194cc1fc8e48e849ca9717c0700ef7ce2265511276f7015d7037d8725  
MD5: d47fa115154927113b05bd3c8a308201  
Typical Filename: outlook.exe  
Claimed Product: MS Outlook  
Detection Name: W32.00AB15B194-95.SBX.TG

Threat Source newsletter (Nov. 3, 2022): Mastadon, evolution, and LiveJournal oh my!

Auth. (subscriber+) Broken Access Control vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemap.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

*   Nonce Security!
*   Generates META tags automatically.
*   Works out-of-the-box. Just install!
*   You can override any title and set any META description and any META keywords you want!
*   Google Analytic 4!
*   Google Webmaster Tools!
*   Bing verification & Yandex verification!
*   Twitter and Facebook customization!
*   Quickedit SEO titles and descriptions!
*   Import Yoast SEO data!
*   Import Rank Math SEO data!
*   Import All In One SEO data!
*   Supports custom post types!

1.  Upload the plugin files to the /wp-content/plugins/cds-simple-seo directory, or install the plugin through the WordPress plugins screen directly.
2.  Activate the plugin through the ‘Plugins’ screen in WordPress.
3.  Use the Settings -> Simple SEO screen to configure the sitemap, the META info for the homepage, Google webmaster tools, Google analytic, etc.

If upgrading, please back up your database first!

Please email dave@coleds.com with any questions.

Q: How does front page title and description work.

A: The default title and description will be used under settings. If the front page, or blog page are used, then those pages meta information will be used.

Keep it up Mr. Cole. Simplicity in chaos is the correct path.

As feedback, We are not pleased with the way the plugin is set, but also with the support provided to properly configuring it. This made us simply unistalled it. Perhaps you guys may need to include more people to help you with this area, while having videos, screenshots and all the information available to configure the plugin easy and efficiently, but also providing a lean and clean way to unistall it if the case arises. At the end all is about service quality and customer experience.

JUST AWESOME & simple. please add redirect url. complete!

Finally after searching through SEO plugins all day I came across this one. Does exactly what I wanted, nothing superfluous. Excellent!

Great SEO plug-in! Puts the control back to the user without all the smoke and mirrors of Yoast, AIOSEO, et. al. Study your SEO manual, install this WordPress plug-in, and you're set.

Finally, a simple plugin just to add custom keyword and meta description like the old days.

Read all 14 reviews

“Simple SEO” is open source software. The following people have contributed to this plugin.

Contributors

*    David Cole

**1.1.0**

*   Added Google webmaster tools and analytic

**1.2.0**

Release Date: August 11th, 2017

*   Enhancements
    
    *   Added Robot NOINDEX and NOFOLLOW
    *   Added a preview sections for how the meta information should show on a search engine page.
    *   Added pre\_get\_document\_title for compatibility
*   Bugfixes
    
    *   Fixes a typo in the readme.txt :-p

**1.2.1**

Release Date: August 24th, 2017

*   Bugfixes
    *   Google Verification fixed/updated.

**1.2.2**

Release Date: August 30th, 2017

*   Bugfixes
    *   Fixed title, description, etc from showing a empty result () if it’s not specified.
    *   Added some simple code to generate default metadata if none is specified.

**1.2.3**

*   Enhancements
    *   Added settings link to plugin page.
    *   Updated the GA script/code.
    *   Various minor changes for future updates.

**1.3.0**

Release Date: April 17th, 2018

*   Enchancments
    
    *   Complete overhaul of Simple SEO presentation when editing pages, posts, etc.
    *   Lots of code optimization.
*   Random
    
    *   Updated the license to: GPLv3

**1.3.1**

Release Date: May 21st, 2018

*   Bugfixes
    *   Fixed a bug which prevented the keywords and description from showing. Thank you Aletta!

**1.3.2**

Release Date: May 28th, 2018

*   Bugfixes
    *   Fixed a bug which displayed Google Analytic even if a code was not added. Thank you Mahendra!

**1.3.3**

Release Date: June 21th, 2018

*   Enchancments
    *   Added meta title and meta description input fields to quick edit and bulk edit.
    *   Added meta titles and meta description to index; where applicable

**1.3.4**

Release Date: July 5th, 2018

*   Bugfixes
    *   Quick edit fix.

**1.4.0**

Release Date: May 19th, 2019

*   Enchancments
    *   Facebook
    *   Twitter
    *   Bing Verification
    *   Baidu Verification
    *   Yandex Verification

**1.4.1**

Release Date: May 22nd, 2019

*   Bugfix
    *   WooCommerce compadability – Thank you Andrew.

**1.4.2**

Release Date: May 23rd, 2019

*   Bugfix
    *   WooCommerce compadability – Thank you Andrew.

**1.4.3**

Release Date: June 13th, 2019

*   Enchancments
    *   Added quick edit for posts
    *   Added the option to import Yoast SEO data into Simple SEO. This can be found under Settings -> Simple SEO at the bottom of the page.

**1.4.4**

Release Date: June 13th, 2019

*   Enchancments
    *   Added post\_name to the columns options

**1.4.5**

Release Date: June 13th, 2019

*   Enchancments
    *   Added taxonomy support
    *   Including WooCommerce taxonomy support!

**1.4.6**

Release Date: June 13th, 2019

*   Bugfix
    *   Taxonomy fix.

**1.4.8**

Release Date: June 14th, 2019

*   Bugfix
    *   WooCommerce compadability issue for those not running woocommerce. Fixed.

**1.4.9**

Release Date: June 14th, 2019

*   Bugfix
    *   d2.roth posted a bug with contact form 7. Fixed.

**1.5**

Release Date: Feb 27th, 2020

*   Enchancments
    *   Quickedit for custom post types
    *   Column sorting

**1.5.1**

Release Date: June 16th, 2020

*   Bugfix
    *   Fix an issues where the default meta data was not showing on the static post front page.

**1.5.2**

Release Date: October 12th, 2020

*   Bugfix
    *   WooCommerce CSS updates.

**1.5.3**

Release Date: October 14th, 2020

*   Bugfix
    *   WooCommerce updates.

**1.5.6**

Release Date: December 4th, 2020

*   Update
    *   Minor updates to code.

**1.6**

Release Date: December 7th, 2020

*   Update
    *   Added sitemap generation.

**1.6.1**

Release Date: December 7th, 2020

*   Update
    *   added htmlspecialchars() to url for sitemap.

**1.6.2**

Release Date: December 8th, 2020

*   Update
    *   updated the date format in sitemap.

**1.6.4**

Release Date: December 9th, 2020

*   Update
    *   Disabled sitemap generation on admin\_init
    *   Removed noindex, nofollow pages (Simple SEO) from sitemap
    *   Added more translation features/options (more coming soon.)
    *   Added action for transition\_post\_status to update sitemap, if sitemap generation is enabled.

**1.6.5**

Release Date: December 9th, 2020

*   Bugfix
    *   Modified the transition\_post\_status

**1.6.6**

Release Date: Jan 1st, 2021

*   Update
    *   Added some more translation capabiltiies
    *   Added the abilty to import infor from All in One SEO and Rank Math. Enjoy!

**1.6.7**

Release Date: Jan 1st, 2021

*   Update
    *   Corrected some typos.

**1.6.8**

Release Date: March 3rd, 2021

*   Update
    *   Corrected some typos.

**1.6.9**

Release Date: July 19th, 2021

*   Update
    *   WordPress 5.8.
    *   Blog page title shows if using a static page
    *   Some other minor fixes.
    *   Added supportt for Google Analytic 4

**1.7**

Release Date: August 11th, 2021

*   Bugfix
    *   Fixed homepage title bug for static page.
    *   Fixed keywords being erased when using quickedit.

**1.7.1**

Release Date: October 19th, 2021

*   New Feature
    *   Added canonical urls.

**1.7.2**

Release Date: Jan 20th, 2022

*   Bugfix
    *   Taxonomy code updates and meta title fixes provides by Daniel Roth. Thanks Daniel!

**1.7.3**

Release Date: March 6th, 2022

*   Bugfix
    *   Search title update. Thanks Daniel Roth!

**1.7.4**

Release Date: March 6th, 2022

*   Bugfix
    *   og and twitter title update.

**1.7.5**

Release Date: March 14th, 2022

*   Bugfix
    *   Category forwardslash issue fix. Thanks Daniel Roth!

**1.7.7**

Release Date: May 8th, 2022

*   Update for WP 6.0

**1.7.8**

Release Date: June 20th, 2022

*   Archive pages titles, descriptions, og data fixed!
*   Sitemaps fixed; for now it will only show pages and posts. Recommend using WordPress built in Sitemap as this sitemap feature will be removed in the future.

**1.7.9**

Release Date: July 10th, 2022

*   Updated sseoGetTitle() for archive pages.

**1.7.91**

Release Date: July 11th, 2022

*   Updated sseoGetTitle() for WooCommerce shop page.

**1.7.96**

Release Date: July 25th, 2022

*   Updates for WordPress compliance.

**1.7.98**

Release Date: July 26th, 2022

*   Update is\_home\_posts\_page()

**1.7.99**

Release Date: August 18th, 2022

*   Update to FB/OG meta data.

**1.8.0**

Release Date: August 18th, 2022

*   Update to FB/OG meta data.

**1.8.1**

Release Date: Sept 4th, 2022

*   Updated default meta titles, descriptions and keywords.
*   More updates coming for default FB, Twitter, and erasing database information on uninstall.

**1.8.12**

Release Date: Sept 7th, 2022

*   Fixed meta description issue.

**1.8.13**

Release Date: October 14th, 2022

*   Removed Baidu.
*   Removed Sitemaps; WordPress has a built in Sitemap, no need for this functionality.

**1.8.14**

Release Date: October 26th, 2022

*   Preping for WordPress 6.1

**1.8.15**

Release Date: October 26th, 2022

*   Preping for WordPress 6.1
*   Added screenshots
*   Removed obsolete code functions

CVE-2022-36404: Simple SEO

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock Convert plugin <= 2.11.0 on WordPress.

*   Details
*   Reviews
*   Support
*   Development

Publique banners no seu blog de maneira rápida e efetiva, e converta visitantes em subscribers, leads ou clientes sem precisar entender código. Esses calls-to-action (CTAs) serão publicados diretamente do seu painel do WordPress e poderão ser monitorados através do Google Analytics.

**Adicione os banners em massa**

Seus posts estão sendo criados, mas você tem problemas quando o assunto é aumentar o número de conversões? Publique seus banners em todos os seus posts sem mexer diretamente no código.

**Organize de acordo com categorias**

Para facilitar, os banners podem ser organizados para serem apresentados de acordo com a categoria dos posts do seu blog. Assim fica fácil manter o controle sobre o que cada conteúdo irá apresentar.

**Personalize e obtenha melhores resultados**

Posicione o CTA dentro dos posts escolhendo entre o topo e o final do conteúdo, programe a data do lançamento e personalize as tags HTML para obter melhores resultados.

**Analise os resultados**

Insira UTMs (as tags de monitoramento padrão do Google) para monitorar os resultados diretamente no Google Analytics.

**Outras funcionalidades**

*   Compatível com SEO.
*   Compatível com qualquer versão do WordPress, sem a necessidade de customização de estilo (CSS).
*   Compatível com AMP.
*   Responsivo (funciona em qualquer dispositivo).
*   Disponível em inglês (en) e português (pt-br).
*   Clique aqui para ver exemplos online.

Avalie o plugin deixando uma classificação ou sugira novas features no fórum de suporte.

Feito com ❤ pelo time da Rock Content no #SanPedroValley.

Rock Convert will definitely save you some hours of manual work through enabling you to scale banner distribution across your blog and converting users to leads. If you download it, you will not regret!

As estatísticas pararam de funcionar. Testei direto no PHP e direto no texto também, mas não contabiliza mais. Utilizo o plugin há tempos e funcionava. Estou usando a versão 2.9.5.

Instalei pois necessitava de uma caixa de captura para newsletter. A caixa é a com o melhor design e a mais fácil de configurar entre todas as opções que vi (testei várias). Porém a mesma não funciona no site versão AMP. Uso o AMP oficial do Wordpress. Entrei em contato com o suporte e infelizmente também não conseguiram resolver. Sá não tirei ainda do meu site, pois os demais plugins de newsletter não me agradaram.

Gostei mas o plugin não está atualizado, só queria adicionar CTA de baixar o conteúdo em páginas e não artigos. Está causando erro quando atualiza a nova versão do WordPress.

Sou desenvolvedor e sempre instalo nos WP que faço. Com ele de maneira muito fácil você consegue colocar e partes estratégicas do site um action para sua LP e assim aumentar o número de leads

Ainda não experimentei pois o WP só permite instalação de plugins no plano pago(pago eu utilizo o Wix). Ou plano de hospedagem profissional, mas a princípio para uma forma de adSense da RockContent.

Read all 20 reviews

“Rock Convert” is open source software. The following people have contributed to this plugin.

Contributors

*    Rock Content

**3.0.0**

*   Revisão completa do plugin
*   Refatorado o código para melhor desempenho e segurança
*   Todas as variáveis e opções foram escapadas a fim de evitar ataques XSS
*   Refatoração baseada no WordPress Coding Standard

**2.11.0**

Correção:  
\* Corrigidos pontos de vulnerabilidade XSS  
\* Melhoria na semântica dos formulários da área administrativa  
\* Corrigida chamada a API Rest

**2.10.2**

Improvements:  
\* Improvements in the plugin security

**2.10.1**

Correção:  
\* Css which affected the theme fixed

**2.10.0**

Correção:  
\* Fix popup front

**2.9.9**

Correção:  
\* Fix query categories and layout admin

**2.9.8**

Correção:  
\* Correção do formulário de popup

**2.9.7**

Correção:  
\* Melhorias no layout do preview

**2.9.6**

Correção:  
\* Correção de chamada de função javascript  
\* Melhorias no layout do preview

**2.9.5**

Correção:  
\* Correção dos endpoints rest

**2.9.4**

Correção:  
\* Correção de css dos titulos do blog

**2.9.3**

Correção:  
\* Correção de versão do arquivo javascript

**2.9.2**

Correção:  
\* Correção de bug no campo de widget

**2.9.1**

Correção:  
\* Correção de bug no layout do admin

**2.9**

Novidades:  
\* Adição de nova funcionalidade de popup exit

**2.8.1**

Melhorias:  
\* Corrigida chamada rest  
\* Corrigida quebra de layout no painel

**2.8**

Novidades:  
\* Adicionado novos campos para o formulário do widget

**2.7.1**

Novidades:  
\* Adicionado painel para visualização das leads

**2.7.0**

Novidades:  
\* Suporte a tags  
\* Possibilidade de escolher regras de exibição mais refinadas

**2.2.0**

Novidades:  
\* Nova funcionalidade: Barra de anúncios no topo do site  
\* Nova funcionalidade: CTA customizavel na barra lateral

Melhorias:  
\* Altera separador ao exportar para arquivo CSV de ; para ,  
\* Permite alterar a mensagem de sucesso do widget Caixa de captura  
\* Permite alterar o titulo e o texto do botão na caixa de download

**2.1.4**

Melhorias:  
\* Adiciona suporte a event tracking para o Google Analytics  
\* Reduz o tamanho do script necessário para utilizar o Rock Convert

**2.1.3**

Correção:  
\* Previne que aconteça o Fatal Error na função get\_rest\_url

Melhorias:  
\* Previne que as visualizações dos CTAs sejam bloqueadas por plugins de cache

**2.1.2**

Melhorias:  
\* Permite cadastrar parametros customizados no link do CTA  
\* Adiciona suporte ao WordPress 5.0  
\* Adiciona formulário na página de configurações para se inscrever na newsletter do Rock Convert

**2.1**

Novas funcionalidades  
\* Adiciona Widget com caixa de captura de e-mails

**2.0.11**

Correção:  
\* Previne que o erro “Undefined index” aconteça ao mostrar banners na página do post

**2.0.0**

Melhorias:  
\* Visibilidade: Agora é possível escolher páginas onde um banner não deve aparecer;  
\* Shortcode: Todo banner tem um shortcode único que pode ser adicionado em qualquer posição de qualquer conteúdo;

Novas funcionalidades:  
\* Analytics: saiba como seus CTAs estão performando diretamente no painel do wordpress;  
\* Captura de leads: Disponibilize seus posts para download no formato PDF e capture os e-mails;  
\* Faça download dos leads no formato CSV

**1.0.0**

*   Permite criar CTAs
*   Permite selecionar as categorias onde o CTA deve aparecer
*   Permite selecionar a imagem do CTA
*   Permite selecionar onde o CTA deve aparecer (início ou fim do post)
*   Permite cadastrar as UTM Tags para o link

CVE-2022-36428: Rock Convert

By Deeba Ahmed
Elusiv protocol offers privacy with compliance to protect Solana users with accessible and compliant privacy.
This is a post from HackRead.com Read the original post: Privacy Protocol Elusiv Raises $3.5 Million in Seed Funding

A zero-knowledge-oriented compliant privacy protocol, Elusiv, has secured $3.5 million in its seed funding round. LongHash and Staking Facilities Ventures led this round. The company stated in its press release that individual freedom relies on financial privacy, but privacy-maintaining technology requires practical compliance.

> “ZK and new decentralized technologies allow us to overcome the notion that privacy and compliance are exclusive and instead enable us to form a new kind of symbiosis between privacy and compliance.”
> 
> Yannik Schrade – Co-founder Elusiv

**Elusiv** is gearing up to become the “backbone of the blockchain financial ecosystem.” The protocol aims to provide users and merchants with privacy while maintaining safety via low-trade-off compliance solutions. Moreover, Elusiv will make standard transactions private while allowing users to choose the transactions to make public.

For your information, the Elusiv protocol boasts full composability, so it can be directly integrated into protocols and wallets and stay functioning even if just one party is using it to maintain privacy. This is definitely a competitive advantage because the existing solutions demand that both parties use the same service.

The proceeds will be used to create Elusiv’s own development team and manage security audits. Additionally, it will bring its **solution to different blockchains**. Some investors include NGC Ventures, Jump Crypto, Anagram, Big Brain Holdings, Cogitent Ventures, Equilibrium, Token Adventures, Marin Ventures, Monke Ventures, Moonrock Capital, SolanaFM, etc. Also included are several angels e.g., the founders of UXD Protocol, Zeta, Solana, Notify, and Solflare.

The General Partner and Chief Operations Officer at **LongHash Ventures**, Wei Shi Khai stated that the company is excited by the strong position taken by Elusiv to address this space via their user-friendly and scalable integrations without compromising upon the practicality of compliance.

> “Moving forward, we see privacy as a key modular layer in our multi-chain infrastructure thesis, especially as more social and identity use cases mature.”
> 
> Wei Shi Khai – LongHash Ventures

Conversely, Staking Facilities Ventures’ Venture Partner Louis Bauer stated that Elusiv had laid the foundation for sensitive transactions to be carried out on-chain. Ensuring privacy with compliance can widen blockchain’s options.

Some key systems introduced by Elusiv for compliance include Zero-Knowledge proofs and advanced **cryptography**. Elusiv allows users to provide insights into their private assets and transactions to third parties by sharing individual transaction viewing keys or adopting the TTP (trusted third parties) to view every transaction. Users can also prove to third parties that their transactions weren’t sent, such as by a known threat actor, with just a button or click.

The best aspect is that Elusiv’s advanced compliance system utilizes a decentralized network of trusted execution environments so bad actors don’t lose ownership of their funds but cannot gain privacy. The system allows disclosing retroactively made truncations of malicious actors to make Elusiv an unfavorable option for them and provide security to other users.

1.  **The Benefits Of Blockchain In The Travel Industry**
2.  **Ankr Launches Chainscanner Blockchain Explorer Tool**
3.  **Blokhaus Launches New Open-Source NFT Tool Minterpress**
4.  **Yield Monitor Integrates DeFiChain Blockchain Into Its Database**

Privacy Protocol Elusiv Raises $3.5 Million in Seed Funding

**TEL AVIV, LONDON and NEW YORK – November 3, 2022 –** Apiiro, the leader in Cloud-Native Application Security, today announced a significant Series B round of $100M led by General Catalyst with participation by Greylock and Kleiner Perkins. The new funding will be used to accelerate the business and advance the company’s mission to empower developers and application security engineers to proactively fix risks before releasing to the cloud with all the context they need in a single solution.

With more companies shifting to agile development and adopting CI/CD practices to release code to the cloud on a daily basis, there is an exponential increase in the number of changes. This creates a massive market opportunity to help CISOs and CIOs effectively and contextually identify, prioritize and eliminate risks in their code and development environments to prevent application and software supply chain threats using one solution.

“In this economy, it’s important to invest in technology that helps companies drive business growth,” said Quentin Clark, Managing Director at General Catalyst. “Idan, Yonatan and the Apiiro team are giving customers a solution to a whole problem – not just a piece of it. They are going beyond providing tools for developers to address potential security issues in the code base and actually delivering an operational platform that workflows those fixes in context of how a company is configuring and deploying software. This approach has driven phenomenal growth to date, which comes from strong execution with the right team at the right time.”

Apiiro has introduced a completely new approach to application security in the cloud by providing complete visibility into code bases, assessing risks from design to code to cloud and proactively fixing actual risks that attackers can exploit before releasing to the cloud. This enables Fortune 500 companies to reduce operational costs and risks at scale with seamless deployment by connecting to their source control managers via API.

There are several isolated and unrelated findings hiding across code, configurations, open source packages and cloud infrastructure that when pulled together with relevant context, creates a “risk story” that is exploitable by attackers. Apiiro’s Risk Graph technology connects these infinite factors with actionable context to offer a completely new way for developers and security teams to fix risks.

_“_The unrelenting demand for next generation application security solutions has allowed us to deploy our product at-scale with leading Fortune 500 customers,” said Idan Plotnik, co-founder and CEO of Apiiro. “Early innovation enabled us to grow faster and more efficiently than the competition, and we are building the company for hyper growth. The combination of our team, business momentum, and support from top-tier investors positions Apiiro to continue to lead a growing industry.”

**Supporting Resources**

*   Apiiro blog
*   Apiiro on LinkedIn
*   Apiiro on Twitter

**About Apiiro**

Apiiro helps security and development teams proactively fix risks before releasing to the cloud. The company is backed by General Catalyst, Greylock, and Kleiner Perkins. apiiro.com.

Apiiro Raises $100M Series B Funding Round to Solidify Position as the Cloud-Native Application Security Leader

Banco de Crédito Cooperativo (BCC) wins the first hyper-realistic cybersecurity competition for the financial industry.

**RESTON, Va. and BOSTON, Nov. 3, 2022 /PRNewswire/ —** FS-ISAC, the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, and Cyberbit, provider of the world's leading cybersecurity skill development and readiness platform, announced today that team "IsNotTheEDR" from Banco de Crédito Cooperativo (BCC) is the winner of the first International Cyber League (ICL) Financial Cup, 2022 – the first hyper-realistic cybersecurity tournament for the financial industry. The first runner-up is team "Suboptimal" from a leading Fortune 500 financial institution, the second runner-up is Team "AskITTeam" from BCC and the third runner up is team "TIAA" from TIAA.

The tournament ran from 6-26 October 2022 and challenged cybersecurity teams from the financial sector to respond to live-fire cyberattack simulations replicating attacks they may encounter in real life. Teams were scored based on typical incident response KPIs including investigation, eradication, and remediation goals, as well as their response times. The BCC team outperformed 55 cyber defense teams from leading financial organizations around the world and scored a perfect 100 in the live-fire challenge. The Cyberbit platform, normally used by enterprises to train and upskill information security teams, as well as for FS-ISAC's monthly cyber range workshops, was repurposed to power the ICL competition. The platform provided a virtual arena that emulated an organizational network and a virtual security operations center (SOC) that simulated the live attacks and automatically scored the teams based on their achievements.

The ICL reinvents cybersecurity competition formats by assessing cyber defense skills in real-world scenarios, allowing teams to predict their performance during an attack. Traditional Capture-the-Flag (CTF) events test offensive skills, but these do not reflect the capabilities that cyber defenders will be required to demonstrate during an attack. The ICL leverages cyber range live-fire scenarios to simulate real threat vectors and malware that assess essential "blue team" skills, including technical skills like malware analysis and SIEM investigation, as well as soft skills like teamwork, critical thinking, and communications.

"We in the financial sector believe that exercising builds muscle memory to ensure smooth and efficient incident response," said **Cameron Dicker, Global Head of Business Resilience at FS-ISAC**. "We run a wide variety of exercises to ensure preparedness throughout all different organizational levels and functions, and we chose this competition format during Cybersecurity Awareness Month to bring a little fun into this critical tool for operational resilience."

"CISA and the NCA aptly named this year's cyber awareness month theme as 'See Yourself in Cyber,' demonstrating that cybersecurity is ultimately, about people," said **Sharon Rosenman, Chief Marketing Officer at Cyberbit**. "The feedback from the ICL teams was overwhelmingly positive and we are proud to collaborate with FS-ISAC in helping the financial industry become better prepared for real-world attacks by assessing and maximizing human performance."

"A Cyber Range is a strategic capability that enables governments and companies to effectively educate and train their professionals, as well as to experiment, test and validate new cybersecurity and cyber defense concepts, technologies, techniques, and tactics. Cyber range competitions such as the ICL Financial Cup help in providing a comparison with the rest of the peers in the sector", said Francisco Navarro García, Chief Information Security Officer, Banco de Crédito Cooperativo (BCC).

Additional teams who reached the top 10 in ICL finals include Loan Depot and Somerset Trust.

"The International Cyber League has been an excellent experience for our teams and a fantastic opportunity for them to test their skills with other elite teams across the financial services sector. We are incredibly proud of their work in keeping our company safe. Their strong performance in this competition is celebrated across Technology and the entire company", said Harold Rivas, Chief Information Officer, Loan Depot.

"Somerset Trust takes the security of our information very seriously, and I have always known that we assembled a good team of security professionals. It's always nice to see a competition like this that hones their skills and proves our dedication to security", said John Ash, Sr. Vice President and Chief Information Officer, Somerset Trust.

**About FS-ISAC**

FS-ISAC is the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, protecting the financial institutions and the people they serve. Founded in 1999, the organization's real-time information sharing network amplifies the intelligence, knowledge, and practices of its members for the financial sector's collective security and defenses. Member financial firms represent $100 trillion in assets in 75 countries.

**About Cyberbit**

Cyberbit provides the global leading attack readiness platform for enabling SOC teams to maximize their performance when responding to cyberattacks. The platform empowers security leaders to make the most of their cybersecurity investment by boosting the impact of the human element in their organization. Cyberbit delivers hyper-realistic attack simulations mirroring real-world scenarios. It enables security leaders to dramatically reduce MTTR, dwell time and cybercrime costs, improve hiring and onboarding, and increase employee retention. Customers include Fortune 500 companies, MSSPs, systems integrators, governments, and leading healthcare providers.

FS-ISAC and Cyberbit Announce Winner of the First Financial Cyber League

TA569 has modified the JavaScript of a legitimate content and advertising engine used by news affiliates, in order to spread the FakeUpdates initial access framework.

The cyber-threat threat actor known as TA569, or SocGholish, has compromised JavaScript code used by a media content provider in order to spread the FakeUpdates malware to major media outlets across the US.

According to a series of tweets from the Proofpoint Threat Research Team posted late Wednesday, the attackers have tampered with the codebase of an application that the unnamed company uses to serve video and advertising to national and regional newspaper websites. The supply chain attack is being used to spread TA569's custom malware, which is typically employed to establish an initial access network for follow-on attacks and ransomware delivery.

Detection might be tricky, the researchers warned: "TA569 historically removed and reinstated these malicious JS injects on a rotating basis," according to one of the tweets. "Therefore the presence of the payload and malicious content can vary from hour to hour and shouldn't be considered a false positive."

More than 250 regional and national newspaper sites have accessed the malicious JavaScript, with impacted media organizations serving cities such as Boston, Chicago, Cincinnati, Miami, New York, Palm Beach, and Washington, DC, according to Proofpoint. However, only the impacted media content company knows the full range of the attack and its impact on affiliate sites, the researchers said.

The tweets cited Proofpoint threat detection analyst Dusty Miller, senior security researcher Kyle Eaton, and senior threat researcher Andrew Northern for the discovery and investigation of the attack.

**Historical Links to Evil Corp**

FakeUpdates is an initial access malware and attack framework in use since at least 2020 (but potentially earlier), that in the past has used drive-by downloads masquerading as software updates to propagate. It previously has been linked to activity by the suspected Russian cybercrime group Evil Corp, which has been formally sanctioned by the US government.

The operators typically host a malicious website that executes a drive-by download mechanism — such as JavaScript code injections or URL redirections — which in turn triggers the download of an archive file that contains malware.

Symantec researchers previously observed Evil Corp using the malware as part of an attack sequence to download WastedLocker, then a new ransomware strain, on target networks back in July 2020.

A surge of drive-by download attacks that used the framework followed toward the end of that year, with the attackers hosting malicious downloads by leveraging iFrames to serve up compromised websites via a legitimate site.

More recently, researchers tied a threat campaign distributing FakeUpdates through existing infections of the Raspberry Robin USB-based worm, a move that signified a link between the Russian cybercriminal group and the worm, which acts as a loader for other malware.

**How to Approach the Supply Chain Threat**

The campaign discovered by Proofpoint is yet another example of attackers using the software supply chain to infect code that's shared across multiple platforms, to broaden the impact of malicious attack without having to work any harder.

Indeed, there already have been numerous examples of the ripple effect these attacks can have, with the now infamous SolarWinds and Log4J scenarios being among the most prominent.

The former started in late December 2020 with a breach in the SolarWinds Orion software and spread deep into the next year, with multiple attacks across various organizations. The latter saga unfolded in early December 2021, with the discovery of a flaw dubbed Log4Shell in a widely used Java logging tool. That spurred multiple exploits and made millions of applications vulnerable to attack, many of which remain unpatched today.

Supply chain attacks have become so prevalent that security administrators are looking for guidance about how to prevent and mitigate them, which both the public and private sector have been happy to offer.

Following an executive order issued by President Biden last year directing government agencies to improve the security and integrity of the software supply chain, the National Institute for Standards and Technology (NIST) earlier this year updated its cybersecurity guidance for addressing software supply chain risk. The publication includes tailored sets of suggested security controls for various stakeholders, such as cybersecurity specialists, risk managers, systems engineers, and procurement officials.

Security professionals also have offered organizations advice on how to better secure the supply chain, recommending that they take a zero-trust approach to security, monitor third-party partners more than any other entity in an environment, and choose one supplier for software needs that offers frequent code updates.

Supply Chain Attack Pushes Out Malware to More than 250 Media Websites

With Microsoft’s announcement on Nov. 2 of its support for Azure AD Certificate-based authentication (CBA) for both iOS and Android devices, Yubico is excited to share that the YubiKey is currently the only external device that supports CBA on Android and iOS. Plus, the YubiKey is the only FIPS certified phishing-resistant solution available for Azure AD on mobile.

Yubico worked closely with Microsoft to ensure CBA on mobile became a reality.

Microsoft’s new support provides users with the same convenient smart card authentication method on mobile devices that they have on their desktops. CBA has been a staple of governments and high security environments for decades, long before the invention of FIDO U2F and FIDO2, mostly due to its reliability and effectiveness in physical environments. With Executive Order 14028 on Improving the Nation's Cybersecurity, the adoption of CBA and other phishing-resistant multi-factor authentication methods are mandated for civilian federal agencies in the US.

CBA is widely deployed across many industries, and remains a favorite amongst security experts. For some organizations, it is the logical choice from the available Azure offerings. With this announcement, customers can now use CBA on their mobile devices using native Azure AD CBA. When using native Azure AD CBA, organizations can reduce their existing infrastructure and move it into the cloud. Azure AD CBA capabilities can also be combined with Conditional Access policies so admins can enforce phishing-resistant sign-in methods.

CBA is currently the only form of phishing-resistant authentication within Azure that is supported on mobile devices, which is an important factor for an organization when deciding which scheme to adopt.

“Yubico has been a driving force in working with our teams to build this solution that allows Microsoft customers to securely log into their Microsoft accounts on their iPhone or Android mobile device. This is a big win for us, Yubico, and most importantly our federal government customers,” said Sue Bohn, Vice President of Product Management for Microsoft’s Identity and Network Access (IDNA) group.

Setting up CBA on Azure requires some basic configuration steps within Azure AD and installation of the Microsoft Authenticator app on Android or iOS/iPadOS. The Yubico Authenticator app is also needed on iOS/iPadOS. The PIV credential must be set up independently from the Azure solution. Your existing YubiKey PIV/smart card issuance process does not need to change.

Also, with the new Conditional Access authentication strength policies, you can enforce CBA as the required sign-in mechanism.

Yubico and Microsoft are globally recognized leaders in cybersecurity assisting public and private organizations on their journey to Zero Trust. Both Yubico and Microsoft are FIDO Alliance members and committed to providing phishing-resistant authentication solutions based on FIDO2 and certificate-based authentication standards.

**Learn more**

Microsoft's mobile certificate-based solution coupled with the YubiKey is a simple, convenient, FIPS certified phishing-resistant MFA methods for organizations, and we’re excited to share additional details and best practices during our upcoming webinar, _New solutions to prevent phishing with Azure AD and YubiKeys_ on November 3rd at 9 am PT, register here to attend.

Certificate-Based Authentication With YubiKeys for Microsoft, Third-Party, and Web Applications Now Available on iOS and Android

"SandStrike," the latest example of espionage-aimed Android malware, relies on elaborate social media efforts and back-end infrastructure.

Adware and other unwanted and potentially risky applications continue to represent the biggest threat that users of mobile devices currently face. But that doesn't mean attackers aren't constantly trying to deploy other sophisticated mobile malware as well.

The latest example is "SandStrike," a booby-trapped VPN application for loading spyware on Android devices. The malware is designed to find and steal call logs, contact lists, and other sensitive data from infected devices; it can also track and monitor targeted users, Kaspersky said in a report this week.

The security vendor said its researchers had observed the operators of SandStrike attempting to deploy the sophisticated spyware on devices belonging to members of Iran's Baha'i community, a persecuted, Persian-speaking minority group. But the vendor did not disclose how many devices the threat actor might have targeted or succeeded in infecting. Kaspersky could not be immediately reached for comment.

**Elaborate Social Media Lures**

To lure users into downloading the weaponized app, the threat actors have established multiple Facebook and Instagram accounts, all of which purport to have more than 1,000 followers. The social media accounts are loaded with what Kaspersky described as attractive, religious-themed graphics designed to grab the attention of members of the targeted faith group. The accounts often also contain a link to a Telegram channel that offers a free VPN app for users wishing to access sites containing banned religious materials.

According to Kaspersky, the threat actors have even set up their own VPN infrastructure to make the app fully functional. But when a user downloads and uses SandStrike, it quietly collects and exfiltrates sensitive data associated with the owner of the infected device.

The campaign is just the latest in a growing list of espionage efforts involving advanced infrastructure and mobile spyware — an arena that includes well-known threats like NSO Group's notorious Pegasus spyware along with emerging problems like Hermit.

**Mobile Malware on the Rise**

The booby-trapped SandStrike VPN app is an example of the growing range of malware tools being deployed on mobile devices. Research that Proofpoint released earlier this year highlighted a 500% increase in mobile malware delivery attempts in Europe in the first quarter of this year. The increase followed a sharp decline in attack volumes toward the end of 2021.

The email security vendor found that many of the new malware tools are capable of a lot more than just credential stealing: "Recent detections have involved malware capable of recording telephone and non-telephone audio and video, tracking location and destroying or wiping content and data."

Google and Apple's official mobile app stores continue to be a popular mobile malware delivery vector. But threat actors are also increasingly using SMS-based phishing campaigns and social engineering scams of the sort seen in the SandStrike campaign to get users to install malware on their mobile devices.

Proofpoint also found that attackers are targeting Android devices far more heavily than iOS devices. One big reason is that iOS doesn't allow users to install an app via an unofficial third-party app store or to download it directly to the device, like Android does, Proofpoint said.

**Different Types of Mobile Malware in Circulation**

Proofpoint identified the most significant mobile malware threats as FluBot, TeaBot, TangleBot, MoqHao, and BRATA. The different capabilities integrated into these malware tools include data and credential theft, stealing funds from online accounts, and general spying and surveillance. One of these threats — FluBot — has been largely quiet since the disruption of its infrastructure in a coordinated law enforcement action in June.

Proofpoint found that mobile malware is not confined to a specific region or language. "Instead, threat actors adapt their campaigns to a variety of languages, regions and devices," the company warned.

Meanwhile, Kaspersky said it blocked some 5.5 million malware, adware, and riskware attacks targeted at mobile devices in Q2 2022. More than 25% of these attacks involved adware, making it the most common mobile threat at the moment. But other notable threats included mobile banking Trojans, mobile ransomware tools, spyware link SandStrike, and malware downloaders. Kaspersky found that creators of some malicious mobile apps have increasingly targeted users from multiple countries at once.

The mobile malware trend poses a growing threat to enterprise organizations, especially those that allow unmanaged and personally owned devices in the workplace. Last year, the US Cybersecurity and Infrastructure Security Agency (CISA) released a checklist of actions that organizations can take to address these threats. Its recommendations include the need for organizations to implement security-focused mobile device management; to ensure that only trusted devices are allowed access to applications and data; to use strong authentication; to disable access to third-party app stores; and to ensure that users use only curated app stores.

Cyber-Threat Actor Uses Booby-Trapped VPN App to Deploy Android Spyware

We can bridge that gap by spreading the word about the opportunities, the requirements, and the many tools available to help applicants break into the field.

Cybercrime seems to be in the headlines every day, as ransomware demands escalate and distributed denial-of-service (DDoS) attacks and other assaults paralyze and damage enterprises of all types and sizes. In 2021, the Federal Bureau of Investigation's Internet Crime Complaint Center (IC3) received 847,376 reports of cyberattacks, up 7% from 2020, with a growing focus on critical infrastructure and the supply chain. The costs of cybercrime are astronomical, approaching $7 billion, according to FBI statistics.

Hoping to remediate, or preferably prevent, such attacks, companies work daily to bolster their cybersecurity measures. The federal Cybersecurity and Infrastructure Security Agency launched its Shields Up campaign this year to encourage proactive defenses against potential cyberattacks prompted by US sanctions placed on Russia. Insurance companies, meanwhile, are raising premiums and limiting coverage for organizations with inadequate cyber protection.

As willing as employers may be to comply, one of the biggest challenges is finding the staff to implement stronger defenses. In the US alone, there are currently more than 700,000 openings in cybersecurity, a 43% increase over last year, according to CyberSeek. Demand isn't confined to the tech industry; it's growing in sectors such as finance, as well. Employers are struggling to fill these critical posts now but can't find enough applicants, never mind being able to meet future demand.

**Misconceptions and Missed Potential**

One of the major reasons for the severe shortage is the common misconception that it's necessary to have a STEM or security-related degree to work in cybersecurity. This is not the case. Self-motivated individuals with some level of technical skill and problem-solving experience are great candidates. The challenge is to communicate the opportunity and actual requirements so we can begin tapping this potential pool of talent.

Obviously, some familiarity with technology is a must, as it would be difficult to bring in someone with no technical background at all. But that background does not need to be specific to cybersecurity, because many job skills are readily transferable. For example, IT system admins accustomed to patching systems and investigating suspicious or unusual events will find their experience useful in cybersecurity. When I was a systems admin, I was often in meetings with the security team. I learned about vulnerabilities, and it was my responsibility to patch them. That kind of experience is invaluable for anyone considering a cybersecurity career.

We need to search out people with the innate ability to recognize what's normal and investigate deviations from that norm. If they've been involved in troubleshooting, that's a plus. Even seemingly unrelated backgrounds can come in handy. For instance, self-taught techies who love to tinker and have figured out how to build their own systems and solve problems in the process could have a future in the cybersecurity field.

**Resources for the Resourceful**

Let's make it clear that a college degree, specifically in cybersecurity, isn't the only way into this field. There are many training resources available for potential candidates who want to improve their qualifications. Self-learners can take free or low-cost online courses in cybersecurity and networking. Completing this type of training will strengthen a candidate's resume and open up more opportunities.

CyberSeek is a terrific organization dedicated to closing the cybersecurity talent gap. It offers information and resources for students, job seekers, employers, educators, and more. Among its offerings is a list of cybersecurity training available at little or no cost.

(ISC)2 is an excellent resource for experienced IT professionals as well as those just starting out in the field. It offers a range of certifications for everyone from students and entry-level candidates without a technical background to those with years of experience who want to expand or update their knowledge. Its high-level certified information systems security professional (CISSP) certification takes commitment but is considered one of the best in the industry.

There are other less demanding options that might be a good starting point, including Pluralsight's boot camps for coding. Security BSides (often called just BSides) is a nonprofit organization that hosts conferences to share knowledge on information security and provide networking opportunities. TryHackMe bills itself as "a fun way" to learn about cybersecurity through interactive, real-world scenarios suitable for all skill levels. Additionally, Amazon, IBM, and Microsoft each have a variety of free courses that prepare candidates for a career in the field.

**Talk About Rewards**

There's ample reason to hope the public will respond to our compelling message. A CISSP earns $131,030 a year, according to (ISC)2. Yet there are benefits beyond a healthy salary and job availability — protecting against cyber threats can be fulfilling in so many more ways.

For example, those with a military or law enforcement background might find cybersecurity particularly rewarding because it gives them the chance to continue performing meaningful work that protects society at large.

It's clear we must do all we can to attract desperately needed talent into the security industry. We can do that by spreading the word about the opportunities, the requirements, and the many tools available to help applicants break into the field.

Tag

#ios