New Hacking Group Emerges | 10 Impediments to IT Innovation | A New Way Hackers Can Make Malware Undetectable on Windows
New Hacking Group Emerges
A new hacking group has been uncovered. Operating since 2019, this cyberespionage group has recently been uncovered by ESET researchers and named “FamousSparrow”. They have been targeting hotels, governments, law firms, and private organisations all over the world.
Researchers at ESET have said that the group deals in cyber espionage and telemetry data and used the Microsoft Exchange vulnerabilities known as Proxy logon. This is a remote code execution vulnerability to take over Exchange mail servers worldwide. It is thought that they have been using this flaw since March 3rd, just one day after Microsoft released a security patch to fix this.
Victims so far have been in Brazil, Burkina Faso, South Africa, Canada, Israel, France, Guatemala, Lithuania, Saudi Arabia, Taiwan, Thailand, and here in the UK. Researchers say, “This is another reminder that it is critical to patch internet-facing applications quickly, or, if quick patching is not possible, to not expose them to the internet at all.”
- Source - FamousSparrow - WeLiveSecurity
- Source - FamousSparrow - IT Pro
- Source - FamousSparrow - ThreatPost
10 Impediments to IT Innovation
While many IT leaders say they have become champions of digital transformation within their organisations, there are many impediments that could hinder CIO’s and their teams from delivering on the expectation of innovation. These include the challenges of managing day-to-day operations, enabling cross-functional teams, and moving ideas from lab to operations.
Of course, each organisation will face its own setbacks, but in this article 6 IT innovators share what they see as common roadblocks to innovation and offer advice on how these could be overcome. Full context on each problem and advise on overcoming them can be seen in the full article. For a TL; DR, the ten points are:
- Inefficient IT operations
- Insufficient and ineffective collaboration.
- No structure to support innovation.
- No customer connections.
- An outdated view of CIO success.
- No dedicated time to innovate.
- The inability to scale innovations.
- Failure to upskill at the pace of technology advancements.
- No way to connect talent.
- Pressure to deliver value (too) quickly.
A New Way Hackers Can Make Malware Undetectable on Windows
Google has disclosed a technique used by threat actors to deliberately evade detection with the help of malformed digital signatures of its malware payloads.
Attackers have been creating malformed code signatures which are being recognised and treated as valid by Windows but are not able to be decoded or checked by OpenSSL code – which is used in a number of security scanning products.
Most people who have been targeted by this and fallen victim are users located in the United States who are prone to downloading cracked versions of games and other ‘grey-area software’. The issue has been reported to Microsoft.