Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What’s happened? Law enforcement agencies across the globe say that they have dealt a blow against Emotet, described by Interpol as “the world’s most dangerous malware”, by taking control of its infrastructure. Police have dubbed their action against Emotet “Operation LadyBird.”

In 2017, The Economist announced that the world’s most valuable resource is no longer oil – it’s data. Since the phrase “big data” was coined in the 1990s, data has become increasingly important to virtually every aspect of running a business – not to mention how we conduct our daily lives. It’s no surprise that some of the most valuable companies are also those that capture the most user data. Take Facebook, for instance.

On January 26th, 2021, Qualys reported that many versions of SUDO (1.8.2 to 1.8.31p2 and 1.9.0 to 1.9.5p1) are vulnerable (CVE-2021-3156) to a buffer overflow attack dubbed Baron Samedit that can result in privilege escalations. Qualys was able to use this vulnerability to gain root on at least Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2), some of the most modern and widely used Linux operating systems.

AT&T Alien Labs™ has identified a new tool from the TeamTNT adversary group, which has been previously observed targeting exposed Docker infrastructure for cryptocurrency mining purposes and credential theft. The group is using a new detection evasion tool, copied from open source repositories. The purpose of this blog is to share new technical intelligence and provide detection and analysis options for defenders.

At Bulletproof, we have a fantastic team who power our compliance services, which include GDPR, ISO 27001, Cyber Essentials, training, and act as our all-knowing outsourced Data Protection Officers. Both cyber security and data protection are crucial corporate responsibilities that we believe should be at the heart of any company’s day-to-day operations.

The Data Protection Act was brought in in 2018, and it controls and monitors the way that UK businesses and organizations use your personal data and information, such as credit, payment card, financial information, social security numbers, and any sensitive data. Under the act, it is up to everyone to ensure that they use data wisely and adhere to the data protection principles that are laid down in the act, which are.

In this new series, Security Defender Insights, Detectify is recognizing Security Defenders in our network to bring you actionable insights and inspiration for your security strategies in 2021. We want to encourage open discussions about web security and show appreciation for hard-working security practitioners. So let’s get started with this interview with Roberto Arias Alegria, Information Security Architect at Quandoo.