5 Top Pieces Of Advice For CISOs

The cyber security market is overwhelmed by buzzwords. Artificial intelligence, machine learning, blockchain – all this attacks CISOs from every possible angle, from webinars and conferences to the media. Most vendors fall into the trends, forgetting about customer needs for the sake of a technology race. Unfortunately, the main problems for CISOs still lie within the borders of security basics.

Olympic Destroyer widens sphere of interest

It appears that Olympic Destroyer, an advanced threat actor that was trying to sabotage the 2018 Winter Olympic Games, in South Korea, has returned. Our experts recently found traces of activity similar to Olympic Destroyer, but this time they are targeting financial organizations in Russia, and biological and chemical threat prevention laboratories in the Netherlands, Germany, France, Switzerland, and Ukraine.

Wall Street Journal: Cryptocurrency Exchange Bithumb Loses More Than $30 Million in Hack

– Mostly Bitcoin

Wednesday, June 20, 2018

Wall Street Journal: Cryptocurrency Exchange Bithumb Loses More Than $30 Million in Hack by Eun-Young Jeong

The South Korean cryptocurrency exchange said it had temporarily halted withdrawal and deposit services after the cyber attack. Bitcoin fell about 2% immediately after the disclosure. Read more at Wall Street Journal »

Magento Credit Card Stealer Reinfector

In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit cards, logins, and PayPal credentials. That is why we have reported on a credit card stealer reinfector of Magento websites in one of our recent Labs Notes.

In this post, we describe one of the methods hackers use to ensure that their malicious code is added back to a website after it has been removed.

Here’s a code we found on /includes/config.php.

This code is a prime candidate for infections once it is included right on the main index.php, loading at every page.

A default config.php file should not be changed by the site owner directly. All the code is added by Magento itself. That is why seeing this code on the file already triggers a warning.

On the first block, we have a function called “patch” that writes content into a file (patching it). This function is then called to write externally obtained content into specific files related to the payment process or user control:

/app/code/core/Mage/Payment/Model/Method/Cc.php /app/code/core/Mage/Payment/Model/Method/Abstract.php /app/code/core/Mage/Customer/controllers/AccountController.php /app/code/core/Mage/Customer/controllers/AddressController.php /app/code/core/Mage/Admin/Model/Session.php /app/code/core/Mage/Admin/Model/Config.php /app/code/core/Mage/Checkout/Model/Type/Onepage.php /app/code/core/Mage/Checkout/Model/Type/Abstract.php

Why You Shouldn’t Wait to Implement Threat Intelligence

Key Takeaways

  • Threat intelligence is often perceived as “out of reach,” but in reality has practical applications for organizations of all sizes.
  • Operational security teams can save time and improve effectiveness using real-time insights from threat intelligence.
  • Making risk-based decisions without external context is functionally impossible. Threat intelligence puts internal data into the context of the wider threat landscape.
  • Waiting until “you’re ready” will only make your current problems worse. Threat intelligence informs better decision making at every stage of the security lifecycle.

Threat intelligence is often perceived as being “out of reach” for the typical organization.

Winning the Cyber Arms Race with Machine Learning

Despite advances in cybersecurity technology, the number of days to detect a breach has increased from an average of 201 days in 2016 to an average of 206 days just a year later, according to the 2017 Ponemon Cost of Data Breach Study. While organizations are getting increasingly better at discovering data breaches on their own, 53 percent of breaches were discovered by an external source in 2017, meaning organizations had no idea their data had been compromised. Part of the problem is that there is no easy way for many organizations to automatically correlate and analyze all of the data being collected by the various security solutions that have been deployed across the network. That problem is compounded by the fact that many of these tools operate in isolation. The result is that IT teams have to hand correlate data collected from different sources looking for a needle in the haystack. The opportunity for human error is high and log files simply scroll by too quickly for anyone to be able to gather actionable information from them.

ZeroFont Technique Lets Phishing Emails Bypass Office 365 Security Filters

Cyber-criminals are currently using a trick that allows them to bypass Microsoft’s security filters and deliver spam and phishing emails to Office 365 email accounts.

Called ZeroFont, the technique is not new, being known for decades, and relies on interposing zero-width font characters inside normal text.

While a human reader will not see the zero-width characters, the entire text, including the hidden characters, will be visible to email security software.

The goal is to trick the email security system into thinking this is a giant block of rambling text, but show human recipients the “lure” of the phishing emails.

< span style="FONT-SIZE: 0px" >This is how you hide text with the ZeroFont technique < /span >

Learn how to take on cybercriminals as a certified ethical hacker

The cybersecurity landscape is changing, and now one of the most effective ways to counter hacking threats is to employ another hacker against them. Commonly referred to as ethical hackers, these professionals use a cybercriminal’s tools against them, checking networks for vulnerabilities and patching them up before they can be exploited. The Certified Ethical Hacker Bootcamp Bundle can help you join their ranks and make a living by neutralizing hacking threats for $39.