All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 14, 2022. I’ve also included some comments on these stories.

Most Orgs Would Take Security Bugs Over Ethical Hacking Help

It turns out most organizations would rather seem impervious than be it. A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old “security by obscurity” ways, reports Threatpost.

Samantha Zeigler | Security Researcher at Tripwire

The change in security views has been slow but essential. Change tends to be hard to adapt to and thus the transition to ethical hacking rather than “security by obscurity”. The transition to transparent security provides a much higher level of security for users. Allowing bug bounty programs and ethical hackers to run penetration tests allows companies to fix vulnerabilities before adversaries break in and exploit those same vulnerabilities.

Lapsus$ Ransomware Group is hiring, it announced recruitment of insiders

Lapsus$ Ransomware gang is looking for insiders willing to sell remote access to major technology corporations and ISPs. They are recruiting from within tech giants like Microsoft, Apple, EA Games and IBM. And the best part – “You will be paid if you would like.”

Dylan D’Silva | Security Researcher at Tripwire

Having a ransomware group openly attempt to recruit employees at major technology, software and ISPs is a serious concern for all companies and the industry. Noted in the article, some previously used tactics included receiving messages on LinkedIn or directly to personal emails. The Lapsus$ group is looking to up the ante and openly advertising their need to acquire VPN access directly into companies’ networks in exchange (Read more...)