Cybercrime

The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?

https://www.computerweekly.com/opinion/Security-Think-Tank-Teens-in-basements-dont-represent-a-positive-security-culture

Business Disruption was the main objective of attackers in the last year, with ransomware, DDOS and malware commonly used.

A man from Nigeria living in Britain, Oluwaseun Ajayi and a woman said to be his lover, Inga Irbe, were on Friday, January 10, jailed following an investigation by the Met’s Central Specialist Crime – Cyber Crime Unit.

https://www.vanguardngr.com/2020/01/nigerian-man-lover-jailed-for-hacking-into-over-700-bank-accounts-in-britain/

IE zero-day connected to last week's Firefox zero-day.

Advice for organisations on implementing multi-factor authentication (or two-factor authentication) to protect against password guessing and theft on online services.

Business disruption was the main objective of attackers in the last year, with ransomware, DDoS and malware commonly used.

https://www.infosecurity-magazine.com/news/business-disruption-attacks/#.XiV92TfeN00.twitter

A man from Nigeria living in Britain, Oluwaseun Ajayi and a woman said to be his lover, Inga Irbe, were on Friday, January 10, jailed following an investigation by the Met’s Central Specialist Crime – Cyber Crime Unit.

https://www.vanguardngr.com/2020/01/nigerian-man-lover-jailed-for-hacking-into-over-700-bank-accounts-in-britain/

Microsoft has published a security advisory today about an Internet Explorer (IE) vulnerability that is currently being exploited in the wild -- a so-called zero-day.

https://www.zdnet.com/article/microsoft-warns-about-internet-explorer-zero-day-but-no-patch-yet/

Advice for organisations on implementing multi-factor authentication (or two-factor authentication) to protect against password guessing and theft on online services.

 https://www.ncsc.gov.uk/guidance/multi-factor-authentication-online-services

Instead of relying on premade and well-known toolkits, the threat actors behind the TrickBot trojan decided to develop a private post-exploitation toolkit called PowerTrick to spread malware laterally throughout a network.

https://www.bleepingcomputer.com/news/security/trickbot-gang-created-a-custom-post-exploitation-framework/#.XiNrKO6SkWg.twitter