Category Archives: Latest Security News

Graboid Cryptojacking Worm Has Struck Over 2K Unsecured Docker Hosts

Researchers discovered a new cryptojacking worm called “Graboid” that has spread to more than 2,000 unsecured Docker hosts. In its research, Palo Alto Networks’ Unit 42 team noted that it’s the first time it’s discovered a cryptojacking worm specifically using containers in the Docker Engine for distribution. (It’s not the first time that cryptojacking malware […]… Read More

The post Graboid Cryptojacking Worm Has Struck Over 2K Unsecured Docker Hosts appeared first on The State of Security.

Scammers Using Hacked Servers, Bogus Links to Target LinkedIn Users

Digital fraudsters are using compromised servers and bogus links in an ongoing effort to target LinkedIn members with scams. The scam began when a Sophos employee received what it appeared to be an unexceptional email from someone they know in real life and with whom they keep in touch on LinkedIn. The body of the […]… Read More

The post Scammers Using Hacked Servers, Bogus Links to Target LinkedIn Users appeared first on The State of Security.

Critical Security Vulnerability Disclosed in iTerm2 App

A critical vulnerability has been discovered in the popular iTerm2 application, an open source terminal emulator program designed to replace the default Apple Terminal in macOS. iTerm2 often finds its way into lists of some of the best software to install on a Mac. It is especially popular with power users as a result of […]… Read More

The post Critical Security Vulnerability Disclosed in iTerm2 App appeared first on The State of Security.

Phishing Attack Possibly Affected 68K Patients of The Methodist Hospitals

The Methodist Hospitals, Inc. revealed that a phishing attack potentially affected the information of approximately 68,000 patients. According to its Notice of Data Incident, the non-profit healthcare system located in Gary, Indiana detected unusual activity involving an employee’s email account back in June 2019. The Methodist Hospitals (‘Methodist’) responded by launching an investigation into what […]… Read More

The post Phishing Attack Possibly Affected 68K Patients of The Methodist Hospitals appeared first on The State of Security.

New Sextortion Scam Uses Alternative Cryptocurrencies to Evade Detection

A new sextortion scam variant is using a wallet for a cryptocurrency other than bitcoin in an attempt to evade detection. On October 8, Cofense revealed it had detected a modified sextortion scam that was using a wallet address for Litecoin instead of bitcoin. The variant thereby differentiated itself from earlier sextortion campaigns detected by […]… Read More

The post New Sextortion Scam Uses Alternative Cryptocurrencies to Evade Detection appeared first on The State of Security.

Instagram Launches New Feature to Help Users Identify Phishing Emails

Instagram announced the release of a new feature that’s designed to help its users identify phishing emails impersonating the social media platform. On October 7, Instagram tweeted out about the new capability and said that users can leverage it to verify whether an email claiming to originate from the social network is legitimate. Heads up: […]… Read More

The post Instagram Launches New Feature to Help Users Identify Phishing Emails appeared first on The State of Security.

Decryption Keys Released by Developer of HildaCrypt Ransomware

The developer of HildaCrypt has released the master decryption keys that would allow potential victims of the ransomware to recover their data for free. On October 4, a security researcher who goes by the name “GrujaRS” posted about the discovery of a new variant of STOP, a well–known ransomware family. New #Stop (Djvu) #Ransomware extension […]… Read More

The post Decryption Keys Released by Developer of HildaCrypt Ransomware appeared first on The State of Security.

Payment Card Security Incidents Disclosed by Three U.S. Restaurant Chains

Three restaurant chains based in the United States have revealed they suffered security incidents that affected customers’ payment card information. On October 2, three subsidiaries of Focus Brands–Moe’s Southwest Grill, McAlister’s Deli and Schlotzsky’s–published near-identical copies of a security incident notice. These statements revealed that the restaurants had nearly finished investigating security incidents of which […]… Read More

The post Payment Card Security Incidents Disclosed by Three U.S. Restaurant Chains appeared first on The State of Security.

Discovery of Geost Botnet Made Possible by Attacker OpSec Fails

A series of operational security (OpSec) failures on the part of attackers enabled researchers to discover the Geost botnet. In mid-2018, Virus Bulletin researchers Sebastian Garcia, María José Erquiaga and Anna Shirokova discovered Geost, one of the largest Android banking botnets known today, while analyzing another malware family called HtBot. The researchers found that HtBot […]… Read More

The post Discovery of Geost Botnet Made Possible by Attacker OpSec Fails appeared first on The State of Security.

Attackers Targeting U.S. Petroleum Companies with Adwind RAT

Digital criminals have launched a new attack campaign that they’re using to target U.S. petroleum companies with the Adwind RAT. Netskope discovered the operation in the beginning of September and found that it was distributing the Adwind RAT from “members[.]westnet[.]com[.]au/~joeven/.” With this URL in mind, it’s likely that the individual responsible for the campaign either […]… Read More

The post Attackers Targeting U.S. Petroleum Companies with Adwind RAT appeared first on The State of Security.

Danish Firm Says Costs of Apparent Ransomware Attack Could Reach $95M

A Danish company revealed that the costs associated with what appears to be a ransomware attack could reach as much as $95 million. Demant, a Danish manufacturer of hearing aids, suffered a “critical incident” that affected its IT infrastructure on 3 September. The company’s IT team responded by shutting down multiple systems across multiple locations […]… Read More

The post Danish Firm Says Costs of Apparent Ransomware Attack Could Reach $95M appeared first on The State of Security.

eGobbler Malvertiser Bypassed Browser Protections Using Obscure Bugs

A malvertising actor known as “eGobbler” used obscure browser bugs to bypass built-in browser protections and expand the scope of its attacks. Confiant observed eGobbler exploiting the first vulnerability back on April 11, 2019. In that particular attack, the threat actor leveraged a Chrome exploit to circumvent the browser’s pop-up blocker built into iOS devices. […]… Read More

The post eGobbler Malvertiser Bypassed Browser Protections Using Obscure Bugs appeared first on The State of Security.

Divergent Malware Using NodeJS, WinDivert in Fileless Attacks

Samples of a new malware family called “Divergent” are using both NodeJS and WinDivert in a series of fileless attack campaigns. Cisco Talos didn’t identify the exact delivery method for Divergent. Even so, its researchers observed that the samples they analyzed staged and stored configuration date on the registry like other fileless malware. They also […]… Read More

The post Divergent Malware Using NodeJS, WinDivert in Fileless Attacks appeared first on The State of Security.

Percentage-Based URL Encoding Used by Phishers to Evade Detection

Digital criminals used percentage-based URL encoding to help their phishing campaign evade detection by secure email gateways. In mid-September, the Cofense Phishing Defense Center came across a phishing email that originated from a compromised email account for a recognizable American brand. The message informed recipients that they had a new invoice awaiting payment. Under that […]… Read More

The post Percentage-Based URL Encoding Used by Phishers to Evade Detection appeared first on The State of Security.

Free Decryptors Released for Two Ransomware Families

Security researchers have released decryption tools which victims of two different ransomware families can use to recover their files for free. On 25 September, Kaspersky Lab unveiled decryptors for both the Yatron and FortuneCrypt crypto-ransomware families. In its analysis of the first threat, the Russian security firm found that Yatron derived much of its code […]… Read More

The post Free Decryptors Released for Two Ransomware Families appeared first on The State of Security.

Attackers Undeterred in Efforts to Target U.S. Utilities with LookBack

Previous coverage of their tactics, techniques and procedures (TTPs) has failed to deter digital attackers in their efforts to target U.S. utilities with LookBack malware. Between 21 August and 29 August 2019, Proofpoint observed several spear phishing emails targeting U.S. utilities. Those messages appeared to originate from globalenergycertification[.]net, an attacker-controlled domain designed to impersonate the […]… Read More

The post Attackers Undeterred in Efforts to Target U.S. Utilities with LookBack appeared first on The State of Security.

Over 12,000 WannaCry Variants Detected in the Wild

Security researchers have determined that over 12,000 variants of the WannaCry ransomware family are preying upon users in the wild. Sophos attributed this rise of variants to threat actors taking the original 2017 WannaCry binary and modifying it to suit their needs. These versions have subsequently produced numerous infection attempts. In August 2019, for instance, […]… Read More

The post Over 12,000 WannaCry Variants Detected in the Wild appeared first on The State of Security.

TFlower Ransomware Targeting Businesses via Exposed RDS

A new crypto-ransomware threat called “TFlower” is targeting corporate environments via exposed Remote Desktop Services (RDS). First discovered in August, the ransomware makes its way onto a corporate network after attackers hack into a machine’s exposed Remote Desktop Services. This attack vector enables bad actors to infect the local machine with TFlower. At that point, […]… Read More

The post TFlower Ransomware Targeting Businesses via Exposed RDS appeared first on The State of Security.

Emotet Botnet Returns After Four-Month Hiatus With New Spam Campaign

The actors responsible for the Emotet botnet returned after a four-month period of inactivity with a new malspam campaign. On 16 September, SpamHaus security researcher Raashid Bhat spotted a spate of new spam emails written in Polish or German that contained malicious attachments or links to malware downloads. Emotet is fully back in action and […]… Read More

The post Emotet Botnet Returns After Four-Month Hiatus With New Spam Campaign appeared first on The State of Security.

Spam Campaign Targeting German Users with Ordinypt Malware

A new spam campaign is attempting to infect German-speaking users with samples of the destructive Ordinypt malware family. According to Bleeping Computer, the campaign sent spam emails masquerading as a job application from someone named Eva Richter. These messages supported this claim by using the subject line “Bewerbung via Arbeitsagentur – Eva Richterwhich,” which translates […]… Read More

The post Spam Campaign Targeting German Users with Ordinypt Malware appeared first on The State of Security.

COBALT DICKENS Launched New Phishing Operation against Universities

The COBALT DICKENS threat group stayed busy over the summer by launching a new global phishing operation targeting universities. In July and August 2019, Secureworks’ Counter Threat Unit (CTU) researchers observed COBALT DICKENS using compromised university resources to send out library-themed phishing emails. These emails differed from those used in the Iranian threat group’s previous […]… Read More

The post COBALT DICKENS Launched New Phishing Operation against Universities appeared first on The State of Security.

BEC Scams Cost Victims $26B over a Three-Year Period, Finds FBI

The Federal Bureau of Investigation (FBI) found that business email compromise (BEC) scams cost victims a combined total of $26 billion in losses over a three-year period. On 10 September, the FBI’s Internet Crime Complaint Center (IC3) published a public service announcement in which it revealed that BEC scams had caused $26,201,775,589 in global losses. […]… Read More

The post BEC Scams Cost Victims $26B over a Three-Year Period, Finds FBI appeared first on The State of Security.

What is the COBIT and why you need to know about it

Business processes today are largely dictated by the technology around them. Cloud computing, big data, and social media are just a few technologies that shape and affect a business as they generate huge amounts of data. This can be used to get ahead of the competition, but it also creates challenges in terms of governance and management. This is where the COBIT comes into play.

Defining Control Objectives for Information and Related Technologies

The Control Objectives for Information and Related Technologies, or more commonly known as the COBIT, was designed to help organizations and businesses implement, monitor, develop, and improve their information management and IT governance.

The COBIT was established by the Information Systems Audit and Control Association, or ISACA. They published this framework together with the IT Governance Institute, or ITGI.

The Evolution of the COBIT

The COBIT was initially published in the mid-1990s. The focus was mainly on doing audits, specifically on helping financial auditors navigate IT frameworks. Today, it has evolved to doing more than just audits. The third version of the COBIT released by ISACA introduced management guidelines.

The fourth version added guidelines on ICT governance. The latest version used today, released in 2014, focused more on information governance, along with risk management.

Core Principles of the COBIT 5

The COBIT 5, the latest in this series, is centered around five core principles:

  1. Meeting the needs of stakeholders.
  2. Having a comprehensive coverage of the organization.
  3. Creating a single unified framework.
  4. Creating a more holistic approach for business.
  5. Making a distinction between management and governance.

The COBIT Framework Goals

The latest release of the COBIT framework puts together the guidelines from the fourth version, along with Val IT 2.0, and the Risk IT Framework. According to ISACA, these updates are meant to:

  • Streamline information sharing within the organization.
  • Use strategy and IT to achieve business goals.
  • Minimize security risks on information and provide more controls.
  • Provide efficient costing for technology and IT.
  • Integrate recent findings into the COBIT framework.

Companies making use of several frameworks like CMI and ITL will find it easier to govern their IT.

Benefits of the COBIT 5

There are several benefits associated with the COBIT 5. First, it allows you to supervise and manage information security in a more efficient manner. It helps ensure compliance and manage vulnerabilities.

When it comes to risk management, the COBIT 5 allows you to improve on the enterprise risk and keep one step ahead of evolving regulatory compliances.

Framework of the COBIT 5

There are several components that make up the COBIT 5, including:

Main Framework

This creates the basic guidelines, foundation, and best practices related to IT governance. They are then integrated with the needs and requirements of the organization. The main goal of the main framework is to allow the organization to align its goals with its IT.

Process Descriptions

This allows the business to have a reference process model, along with a common language used by each member of the organization. The descriptions cover planning, creating, implementing, and monitoring the processes involved in IT. This helps everyone in the organization understand the processes and terminologies.

Control Objectives

This is where the complete list of requirements can be found for effective control of the processes involved in IT. This can actually help improve all IT processes.

Management Guidelines

These guidelines of the COBIT detail people’s responsibilities and what tasks are expected of them. They also show how to measure the organization’s performance with implementing the COBIT 5.

Maturity Models

These models assess the company’s maturity in terms of coping up with growth. This helps plug the gaps, if found.

The COBIT Certifications

The COBIT 5 certification is available from ISACA, which teaches you all about this framework, along with:

  • How to apply the COBIT 5 in essentially any situation.
  • How to use this with other frameworks.
  • How to understand what challenges this framework addresses.

There are two paths to certification:

  1. Implementation path, which focuses more on the application of the COBIT 5 in business models and challenges.
  2. ASSESSOR path, which focuses more on how to review processes that require change.

The COBIT certification is useful for many companies and roles such as IT directors, managers, audit committee members, and more.

Also Read,

NIST Cybersecurity Framework For Organizations To Follow

Importance of Employee Awareness and Training For Cyber Security

The post What is the COBIT and why you need to know about it appeared first on .

District in Rockford Public Schools Confirms Ransomware Attack

A district within the Rockford Public Schools (RPS) system has confirmed it suffered a ransomware attack that affected parts of its network. On 6 September, District 205 of RPS posted a statement on Facebook in which it noted that its Internet, phones and information systems used to track attendance and student records were down. The […]… Read More

The post District in Rockford Public Schools Confirms Ransomware Attack appeared first on The State of Security.

Fake PayPal Website Distributes New Variant of Nemty Ransomware

Digital attackers created a fake PayPal website to distribute samples of a new variant of the Nemty crypto-ransomware family. Security researcher nao_sec uncovered the ransomware variant after they came across a fake PayPal website. This site promised users a return of 3-5 percent for making purchases through its payment system. But its primary purpose was […]… Read More

The post Fake PayPal Website Distributes New Variant of Nemty Ransomware appeared first on The State of Security.

Unalaska Recovers $2.3 Million Following Phishing Attack

The Alaskan city of Unalaska has recovered approximately $2.3 million after digital fraudsters targeted it with a phishing attack. Erin Reinders, city manager of Unalaska, revealed that the municipality had recovered $2,347,544.43 on 22 August. That amount constituted a large part of the $2,985,406.10 total which the City had sent to scammers. Per Reinders’ comments, […]… Read More

The post Unalaska Recovers $2.3 Million Following Phishing Attack appeared first on The State of Security.

Ransomware Attackers Demanded $5.3M from City of New Bedford

Digital criminals demanded $5.3 million in ransom from the City of New Bedford, Massachusetts following a ransomware attack. Jon Mitchell, Mayor of New Bedford, explained in a press briefing that the ransom demand came shortly after the City’s Management Information Systems (MIS) staff detected a ransomware attack in the early morning hours of 5 July […]… Read More

The post Ransomware Attackers Demanded $5.3M from City of New Bedford appeared first on The State of Security.

Phishing Campaign Used SharePoint to Bypass Email Perimeter Tech

Security researchers spotted a phishing campaign that used SharePoint to bypass email gateway and other perimeter technologies. Cofense learned of the campaign after it analyzed an attack email sent from a compromised account @independentlegalassessors.co.uk. The email asked the recipient to review a proposed document by clicking on an embedded URL. In this particular instance, bad […]… Read More

The post Phishing Campaign Used SharePoint to Bypass Email Perimeter Tech appeared first on The State of Security.

Google Expands Scope of One Bug Bounty Program, Launches Another

Google has decided to expand the scope of one of its bug bounty programs as well as launch another security rewards initiative. On 29 August, Android Security & Privacy team members Adam Bacchus, Sebastian Porst, and Patrick Mutchler announced that the Google Play Security Reward Program (GPSRP) will now cover all Google Play apps with […]… Read More

The post Google Expands Scope of One Bug Bounty Program, Launches Another appeared first on The State of Security.