Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application.
The new findings, which come courtesy of Symantec's Threat Hunter Team, confirm earlier suspicions that the
CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The three vulnerabilities are as follows -
CVE-2023-28432 (CVSS score - 7.5) - MinIO Information Disclosure Vulnerability
CVE-2023-27350 (CVSS score - 9.8) - PaperCut MF/NG Improper Access Control
Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining
A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run cryptocurrency miners.
"The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack," cloud security firm Aqua said in a report shared with The Hacker News. The Israeli company, which dubbed the attack
GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform
Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform (GCP) that could have enabled threat actors to conceal an unremovable, malicious application inside a victim's Google account.
Dubbed GhostToken by Israeli cybersecurity startup Astrix Security, the shortcoming impacts all Google accounts, including enterprise-focused Workspace accounts. It
14 Kubernetes and Cloud Security Challenges and How to Solve Them
Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and adopt comprehensive security solutions to protect their digital assets.
In response, Uptycs, the first
The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors.
Google-owned Mandiant, which is tracking the attack event under the moniker UNC4736, said the incident marks the first time it has seen a "software supply chain attack lead to another software
Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products
Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems.
The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9), which resides in the web UI component and arises as a result of
Two Critical Flaws Found in Alibaba Cloud's PostgreSQL Databases
A chain of two critical flaws has been disclosed in Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL that could be exploited to breach tenant isolation protections and access sensitive data belonging to other customers.
"The vulnerabilities potentially allowed unauthorized access to Alibaba Cloud customers' PostgreSQL databases and the ability to perform a supply chain
Beyond Traditional Security: NDR's Pivotal Role in Safeguarding OT Networks
Why is Visibility into OT Environments Crucial?
The significance of Operational Technology (OT) for businesses is undeniable as the OT sector flourishes alongside the already thriving IT sector. OT includes industrial control systems, manufacturing equipment, and devices that oversee and manage industrial environments and critical infrastructures. In recent years, adversaries have recognized the
Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job
The notorious North Korea-aligned state-sponsored actor known as the Lazarus Group has been attributed to a new campaign aimed at Linux users.
The attacks are part of a persistent and long-running activity tracked under the name Operation Dream Job, ESET said in a new report published today.
The findings are crucial, not least because it marks the first publicly documented example of the
Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks
Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data.
The high-severity flaw, tracked as CVE-2023-0669 (CVSS score: 7.2), concerns a case of pre-authenticated command injection that could be abused to achieve code execution. The
ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them
In the short time since their inception, ChatGPT and other generative AI platforms have rightfully gained the reputation of ultimate productivity boosters. However, the very same technology that enables rapid production of high-quality text on demand, can at the same time expose sensitive corporate data. A recent incident, in which Samsung software engineers pasted proprietary code into ChatGPT,
Telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least since November 2022.
The intrusions have been pinned on a hacking crew tracked by Symantec as Daggerfly, and which is also monitored by the broader cybersecurity community as Bronze Highland and Evasive Panda.
The campaign makes use of "previously unseen plugins
NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders
Israeli spyware maker NSO Group deployed at least three novel "zero-click" exploits against iPhones in 2022 to infiltrate defenses erected by Apple and deploy Pegasus, according to the latest findings from Citizen Lab.
"NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets around the world," the interdisciplinary laboratory
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine
Elite hackers associated with Russia's military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war.
Google's Threat Analysis Group (TAG), which is monitoring the activities of the actor under the name FROZENLAKE, said the attacks continue the "group's 2022 focus
Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered
The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems.
"The group is known for using a variety of sophisticated attack techniques, including custom malware, social engineering tactics, and spear-phishing attacks," ThreatMon said in a Tuesday report.
Blind Eagle, also
Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released
Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser.
The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics library. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on April 12, 2023.
"
Uncovering (and Understanding) the Hidden Risks of SaaS Apps
Recent data breaches across CircleCI, LastPass, and Okta underscore a common theme: The enterprise SaaS stacks connected to these industry-leading apps can be at serious risk for compromise.
CircleCI, for example, plays an integral, SaaS-to-SaaS role for SaaS app development. Similarly, tens of thousands of organizations rely on Okta and LastPass security roles for SaaS identity and access
Pakistani Hackers Use Linux Malware Poseidon to Target Indian Government Agencies
The Pakistan-based advanced persistent threat (APT) actor known as Transparent Tribe used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon.
"Poseidon is a second-stage payload malware associated with Transparent Tribe," Uptycs security researcher Tejaswini Sandapolla said in a technical report published this week.
U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage
U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against select targets.
The intrusions, per the authorities, took place in 2021 and targeted a small number of entities in Europe, U.S. government institutions, and about 250 Ukrainian victims
Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems
An Iranian government-backed actor known as Mint Sandstorm has been linked to attacks aimed at critical infrastructure in the U.S. between late 2021 to mid-2022.
"This Mint Sandstorm subgroup is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing N-day vulnerabilities, and has demonstrated agility in its operational focus, which appears to align
Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution
A fresh round of patches has been made available for the vm2 JavaScript library to address two critical flaws that could be exploited to break out of sandbox protections and achieve code execution.
Both the flaws – CVE-2023-29199 and CVE-2023-30547 – are rated 9.8 out of 10 on the CVSS scoring system and have been addressed in versions 3.9.16 and 3.9.17, respectively.
Successful exploitation of
YouTube Videos Distributing Aurora Stealer Malware via Highly Evasive Loader
Cybersecurity researchers have detailed the inner workings of a highly evasive loader named "in2al5d p3in4er" (read: invalid printer) that's used to deliver the Aurora information stealer malware.
"The in2al5d p3in4er loader is compiled with Embarcadero RAD Studio and targets endpoint workstations using advanced anti-VM (virtual machine) technique," cybersecurity firm Morphisec said in a report
Goldoson Android Malware Infects Over 100 Million Google Play Store Downloads
h
A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads.
An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea.
The rogue component is part of a third-party software library used by the apps
DFIR via XDR: How to expedite your investigations with a DFIRent approach
Rapid technological evolution requires security that is resilient, up to date and adaptable.
In this article, we will cover the transformation in the field of DFIR (digital forensics and incident response) in the last couple years, focusing on the digital forensics' aspect and how XDR fits into the picture.
Before we dive into the details, let's first break down the main components of DFIR and
Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access
The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems.
While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB has revealed the adversary's use of the SimpleHelp remote support software in June 2022.
MuddyWater,
LockBit Ransomware Now Targeting Apple macOS Devices
Threat actors behind the LockBit ransomware operation have developed new artifacts that can encrypt files on devices running Apple's macOS operating system.
The development, which was reported by the MalwareHunterTeam over the weekend, appears to be the first time a big-game ransomware crew has created a macOS-based payload.
Additional samples identified by vx-underground show that the macOS
Israeli Spyware Vendor QuaDream to Shut Down Following Citizen Lab and Microsoft Expose
Israeli spyware vendor QuaDream is allegedly shutting down its operations in the coming days, less than a week after its hacking toolset was exposed by Citizen Lab and Microsoft.
The development was reported by the Israeli business newspaper Calcalist, citing unnamed sources, adding the company "hasn't been fully active for a while" and that it "has been in a difficult situation for several
New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware
A new QBot malware campaign is leveraging hijacked business correspondence to trick unsuspecting victims into installing the malware, new findings from Kaspersky reveal.
The latest activity, which commenced on April 4, 2023, has primarily targeted users in Germany, Argentina, Italy, Algeria, Spain, the U.S., Russia, France, the U.K., and Morocco.
QBot (aka Qakbot or Pinkslipbot) is a banking
FIN7 and Ex-Conti Cybercrime Gangs Join Forces in Domino Malware Attacks
A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to use by the members of the now-defunct Conti ransomware gang, indicating collaboration between the two crews.
The malware, dubbed Domino, is primarily designed to facilitate follow-on exploitation on compromised systems, including delivering a lesser-known information stealer that
Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) are frequently confused. The similarity of the acronyms notwithstanding, both security solutions focus on securing data in the cloud. In a world where the terms cloud and SaaS are used interchangeably, this confusion is understandable.
This confusion, though, is dangerous to organizations that need to secure
Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites
A Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control (GC2) amid broader abuse of Google's infrastructure for malicious ends.
The tech giant's Threat Analysis Group (TAG) attributed the campaign to a threat actor it tracks under the geological and geographical-themed moniker HOODOO, which is
Tour of the Underground: Master the Art of Dark Web Intelligence Gathering
The Deep, Dark Web – The Underground – is a haven for cybercriminals, teeming with tools and resources to launch attacks for financial gain, political motives, and other causes.
But did you know that the underground also offers a goldmine of threat intelligence and information that can be harnessed to bolster your cyber defense strategies? The challenge lies in continuously monitoring the right
Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration
Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks.
"Threat actors (TAs) using built-in data exfiltration methods like [living off the land binaries and scripts] negate the need to bring in external tools that might be flagged by
New Zaraza Bot Credential-Stealer Sold on Telegram Targeting 38 Web Browsers
A novel credential-stealing malware called Zaraza bot is being offered for sale on Telegram while also using the popular messaging service as a command-and-control (C2).
"Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors," cybersecurity company Uptycs said in a report published last week.
"Once the
Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability
Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year.
Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been
Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities
The Russia-linked APT29 (aka Cozy Bear) threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa.
According to Poland's Military Counterintelligence Service and the CERT Polska team, the observed activity shares tactical overlaps with a cluster tracked by Microsoft as
Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen
Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company's MyBB forum database containing user data and private messages.
What's more, the unknown threat actors attempted to sell the data dump comprising 400,635 Kodi users on the now-defunct BreachForums cybercrime marketplace.
"MyBB admin logs show the account of a trusted but currently
Severe Android and Novi Survey Vulnerabilities Under Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The two flaws are listed below -
CVE-2023-20963 (CVSS score: 7.8) - Android Framework Privilege Escalation Vulnerability
CVE-2023-29492 (CVSS score: TBD) - Novi Survey Insecure Deserialization Vulnerability
Webinar: Tips from MSSPs to MSSPs – Building a Profitable vCISO Practice
In today's fast-paced and ever-changing digital landscape, businesses of all sizes face a myriad of cybersecurity threats. Putting in place the right people, technological tools and services, MSSPs are in a great position to ensure their customers' cyber resilience.
The growing need of SMEs and SMBs for structured cybersecurity services can be leveraged by MSPs and MSSPs to provide strategic
Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management
Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation.
"While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they're known and fixed, which is the real story," the company said in an announcement. "Those risks span everything from
RTM Locker: Emerging Cybercrime Group Targeting Businesses with Ransomware
Cybersecurity researchers have detailed the tactics of a "rising" cybercriminal gang called "Read The Manual" (RTM) Locker that functions as a private ransomware-as-a-service (RaaS) provider and carries out opportunistic attacks to generate illicit profit.
"The 'Read The Manual' Locker gang uses affiliates to ransom victims, all of whom are forced to abide by the gang's strict rules,"
WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks
Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a user's mobile device doesn't impact their account.
"Mobile device malware is one of the biggest threats to people's privacy and security today because it can take advantage of your phone without your permission and use your WhatsApp to send unwanted messages,"
New Python-Based "Legion" Hacking Tool Emerges on Telegram
An emerging Python-based credential harvester and a hacking tool named Legion is being marketed via Telegram as a way for threat actors to break into various online services for further exploitation.
Legion, according to Cado Labs, includes modules to enumerate vulnerable SMTP servers, conduct remote code execution (RCE) attacks, exploit unpatched versions of Apache, and brute-force cPanel and
Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions
The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in intrusions directed against the Indian education sector to deploy a continuously maintained piece of malware called Crimson RAT.
While the suspected Pakistan-based threat group is known to target military and government entities in the country, the activities have since expanded to include the
Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial data loss. For those that aren't familiar with the term, shadow APIs are a type of application programming interface (API) that isn't officially documented or supported.
Contrary to popular belief, it's unfortunately all too common to have APIs in production that no one on
Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign
The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its tools and tactics as part of a long-running campaign called DeathNote.
While the nation-state adversary is known for persistently singling out the cryptocurrency sector, recent attacks have also targeted automotive, academic, and defense sectors in Eastern Europe and other parts
ChatGPT Security: OpenAI's Bug Bounty Program Offers Up to $20,000 Prizes
OpenAI, the company behind the massively popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are "safe and secure."
To that end, it has partnered with the crowdsourced security platform Bugcrowd for independent researchers to report vulnerabilities discovered in its product in exchange for rewards ranging from "$200 for low-severity findings to up to
Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit
Threat actors using hacking tools from an Israeli surveillanceware vendor named QuaDream targeted at least five members of civil society in North America, Central Asia, Southeast Asia, Europe, and the Middle East.
According to findings from a group of researchers from the Citizen Lab, the spyware campaign was directed against journalists, political opposition figures, and an NGO worker in 2021.
The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late
Here's a hard question to answer: 'How many service accounts do you have in your environment?'. A harder one is: 'Do you know what these accounts are doing?'. And the hardest is probably: 'If any of your service account was compromised and used to access resources would you be able to detect and stop that in real-time?'.
Since most identity and security teams would provide a negative reply,
We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.
Giving a Face to the Malware Proxy Service ‘Faceless’
For the past seven years, a malware-based proxy service known as "Faceless" has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we'll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.
KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about "juice jacking," a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk. It remains unclear what may have prompted the alerts, but the good news is that there are some fairly basic things you can do to avoid having to worry about juice jacking.
Microsoft (& Apple) Patch Tuesday, April 2023 Edition
Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day vulnerabilities that are being used to attack iPhones, iPads and Macs.
Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with "dozens" of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data.
John Clifton Davies, a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to be a billionaire investor. Davies' newest invention appears to be "CodesToYou," which purports to be a "full cycle software development company" based in the U.K.
German Police Raid DDoS-Friendly Host ‘FlyHosting’
Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web service that catered to cybercriminals operating DDoS-for-hire services. Fly Hosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure.
The United Kingdom's National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services.
Google Suspends Chinese E-Commerce App Pinduoduo Over Malware
Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.
Why You Should Opt Out of Sharing Data With Your Mobile Provider
A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device -- unless and until you affirmatively opt out of this data collection. Here's a primer on why you might want to do that, and how.
Certain questions might be coming to mind right now, like "What the heck is CPNI?" And, 'If it's so 'customer proprietary,' why is AT&T sharing it with marketers?" Also maybe, "What can I do about it?" Read on for answers to all three questions.
My latest book, A Hacker’s Mind, has a lot of sports stories. Sports are filled with hacks, as players look for every possible advantage that doesn’t explicitly break the rules. Here’s an example from pickleball, which nicely explains the dilemma between hacking as a subversion and hacking as innovation:
Some might consider these actions cheating, while the acting player would argue that there was no rule that said the action couldn’t be performed. So, how do we address these situations, and close those loopholes? We make new rules that specifically address the loophole action. And the rules book gets longer, and the cycle continues with new loopholes identified, and new rules to prohibit that particular action in the future...
Using the iPhone Recovery Key to Lock Owners Out of Their iPhones
This a good example of a security feature that can sometimes harm security:
Apple introduced the optional recovery key in 2020 to protect users from online hackers. Users who turn on the recovery key, a unique 28-digit code, must provide it when they want to reset their Apple ID password.
iPhone thieves with your passcode can flip on the recovery key and lock you out. And if you already have the recovery key enabled, they can easily generate a new one, which also locks you out.
Apple’s policy gives users virtually no way back into their accounts without that recovery key. For now, a stolen iPhone could mean devastating personal losses...
CitizenLab has identified three zero-click exploits against iOS 15 and 16. These were used by NSO Group’s Pegasus spyware in 2022, and deployed by Mexico against human rights defenders. These vulnerabilities have all been patched.
One interesting bit is that Apple’s Lockdown Mode (part of iOS 16) seems to have worked to prevent infection.
EFF has a good explainer on the problems with the new UN Cybercrime Treaty, currently being negotiated in Vienna.
The draft treaty has the potential to rewrite criminal laws around the world, possibly adding over 30 criminal offenses and new expansive police powers for both domestic and international criminal investigations.
[…]
While we don’t think the U.N. Cybercrime Treaty is necessary, we’ve been closely scrutinizing the process and providing constructive analysis. We’ve made clear that human rights must be baked into the proposed treaty so that it doesn’t become a tool to ...
I’m not sure there are good ways to build guardrails to prevent this sort of thing:
There is growing concern regarding the potential misuse of molecular machine learning models for harmful purposes. Specifically, the dual-use application of models for predicting cytotoxicity18 to create new poisons or employing AlphaFold2 to develop novel bioweapons has raised alarm. Central to these concerns are the possible misuse of large language models and automated experimentation for dual-use purposes or otherwise. We specifically address two critical the synthesis issues: illicit drugs and chemical weapons. To evaluate these risks, we designed a test set comprising compounds from the DEA’s Schedule I and II substances and a list of known chemical weapon agents. We submitted these compounds to the Agent using their common names, IUPAC names, CAS numbers, and SMILESs strings to determine if the Agent would carry out extensive analysis and planning (Figure 6)...
Motherboard is reporting on AI-generated voices being used for “swatting”:
In fact, Motherboard has found, this synthesized call and another against Hempstead High School were just one small part of a months-long, nationwide campaign of dozens, and potentially hundreds, of threats made by one swatter in particular who has weaponized computer generated voices. Known as “Torswats” on the messaging app Telegram, the swatter has been calling in bomb and mass shooting threats against highschools and other locations across the country. Torswat’s connection to these wide ranging swatting incidents has not been previously reported. The further automation of swatting techniques threatens to make an already dangerous harassment technique more prevalent...
This is a current list of where and when I am scheduled to speak:
I’m speaking on “Cybersecurity Thinking to Reinvent Democracy” at RSA Conference 2023 in San Francisco, California, on Tuesday, April 25, 2023, at 9:40 AM PT.
I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023 at 8:30 AM CEST.
You want to commit suicide, but it’s a mortal sin: your soul goes straight to hell, forever. So what you do is murder someone. That will get you executed, but if you confess your sins to a priest beforehand you avoid hell. Problem solved.
This was actually a problem in the 17th and 18th centuries in Northern Europe, particularly Denmark. And it remained a problem until capital punishment was abolished for murder.
It’s a clever hack. I didn’t learn about it in time to put it in my book, A Hacker’s Mind, but I have several other good hacks of religious rules...
While Intel is building more hardware protections directly into the chips, enterprises still need a strategy for applying security updates on these components.
Attackers have their methods timed to the second, and they know they have to get in, do their damage, and get out quickly. CISOs today must detect and block in even less time.
'GhostToken' Opens Google Accounts to Permanent Infection
A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.
OpenSSF Adds Software Supply Chain Tracks to SLSA Framework
The Open Source Security Foundation's SLSA v1.0 release is an important milestone in improving software supply chain security and providing organizations with the tools they need to protect their software.
New Policy Group Wants to Improve Cybersecurity Disclosure, Support Researchers
The new Security Legal Research Fund and Hacking Policy Council are aimed at protecting "good faith" security researchers from legal threats and giving them a voice in policy discussions.
3CX Supply Chain Attack Tied to Financial Trading App Breach
Mandiant found that North Korea's UNC4736 gained initial access on 3CX's network when an employee downloaded a weaponized but legitimately-signed app from Trading Technologies.
Global Spyware Attacks Spotted Against Both New & Old iPhones
Campaigns that wielded NSO Group's Pegasus against high-risk users over a six-month period demonstrate the growing sophistication and relentless nature of spyware actors.
GPT-4 Provides Improved Answers While Posing New Questions
As is typical with emerging technologies, both innovators and regulators struggle with developments in generative AI, much less the rules that should govern its use.
Organizations are planning on newer multifactor authentication methods, such as invisible MFA and passwordless, says SecureAuth in its "State of Authentication" report.
Russian Fancy Bear APT Exploited Unpatched Cisco Routers to Hack US, EU Gov't Agencies
The nation-stage threat group deployed custom malware on archaic versions of Cisco's router operating system. Experts warn that such attacks targeting network infrastructure are on the rise.
Coro Raises an Additional $75M Bringing the Total Raised to $155M in 12 Months
New funding to drive aggressive growth of industry’s only cybersecurity platform that brings enterprise grade cybersecurity to the mid-market; 300% year-over-year growth projected for 5th year in a row.
Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones
Unsophisticated attackers can pinpoint where a person lives by lifting metadata from Strava and other apps, even if they're using a feature specifically aimed at protecting their location information.
3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022
Attackers continued to favor software exploits, phishing, and stolen credentials as initial-access methods last year, as Log4j and the Russia-Ukraine cyber conflict changed the threat landscape.
QBot Expands Initial Access Malware Strategy With PDF-WSF Combo
The infamous Trojan's operators are switching up tactics with the use of simulated business correspondence, which helps instill trust with intended victims, and a stealthier payload.
APT41 Taps Google Red-Teaming Tool in Targeted Info-Stealing Attacks
China-linked APT41 group targeted a Taiwanese media organization and an Italian job agency with standard, open source penetration test tools, in a change in strategy.
Why Your Anti-Fraud, Identity & Cybersecurity Efforts Should Be Merged
To address the rising risk of online fraud, stolen identities, and cyberattacks, innovative organizations have begun converging their security functions — here's how yours can prepare.
'Goldoson' Malware Sneaks into Google Play Apps, Racks Up 100M Downloads
Malware that can steal data, track location, and perform click fraud was inadvertently built into apps via an infected third-party library, highlighting supply chain risk.
Recycled Core Routers Expose Sensitive Corporate Network Info
Researchers are warning about a dangerous wave of unwiped, secondhand core-routers found containing corporate network configurations, credentials, and application and customer data.
Pen Testers Need to Hack AI, but Also Question Its Existence
Learning how to break the latest AI models is important, but security researchers should also question whether there are enough guardrails to prevent the technology's misuse.
Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement
Detailing how extended IoT (xIoT) devices can be used at scale by attackers to establish persistence across networks and what enterprises should start doing about the risk.
Software-Dependency Data Delivers Security to Developers
Google has opened up its software-dependency database, adding to the security data available to developers and toolmakers. Now developers need to use it.
Businesses must be diligent in their actions, cultivate awareness with employees, and implement strict standards around external communications in the wake of Silicon Valley Bank's collapse.
Remcos RAT Targets Tax Pros to Scurry Off With Workers' Filing Info
Something exciting to liven up tax season: cybercriminals accessing sensitive personal information for individuals through the army of accountants preparing for Tax Day in the US.
An "open" Internet faces challenges from autocratic governance models. Policymakers should instead think about creating an Internet that's equitable, inclusive, and secure.
Majority of US IT Pros Told to Keep Quiet About Data Breaches
To report or not report? While more than half of all companies have suffered a data breach, 71% of IT professionals say they have been told to not report an incident, which could mean legal jeopardy.
Legion Malware Marches onto Web Servers to Steal Credentials, Spam Mobile Users
A novel credential harvester compromises SMTP services to steal data from a range of hosted services and providers, and can also launch SMS-based spam attacks against devices using US mobile carriers.
(ISC)² Certified in Cybersecurity Earns ANAB Accreditation to ISO 17024 and Surpasses 15,000 Certification Holders
Entry-level cybersecurity certification is now accredited to the highest global standards alongside other globally recognized (ISC)² certifications like the CISSP®
Microsoft: NSO Group-Like 'QuaDream' Actor Selling Mobile Spyware to Governments
Researchers at Microsoft have discovered links between a threat group tracked as DEV-0196 and an Israeli private-sector company, QuaDream, that sells a platform for exfiltrating data from mobile devices.
Survey Findings Show Link Between Data Silos and Security Vulnerabilities
A recent survey showed a surprising correlation between those who operate their businesses with risk and compliance data in silos and those who experienced data breaches in the last 24 months.
Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs
The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX.
7 Things Your Ransomware Response Playbook Is Likely Missing
Incident response experts share their secrets for success when it comes to creating a professional-grade ransomware response playbook. Are you ready for the worst?
Attackers Hide RedLine Stealer Behind ChatGPT, Google Bard Facebook Ads
The campaign shrouds the commodity infostealer in OpenAI files in a play that aims to take advantage of the growing public interest in AI-based chatbots.
Password managers aren't foolproof, but they do help mitigate risks from weak credentials and password reuse. Following best practices can contribute to a company's defenses.
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices - patch now!
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
OPINION: With every Windows release, Microsoft promises better security. And, sometimes, it makes improvements. But then, well then, we see truly ancient security holes show up yet again.
Symantec: North Korean 3CX Hackers Also Hit Critical Infrastructure Orgs
The North Korean hacking group behind the supply chain attack that hit 3CX also broke into two critical infrastructure organizations in the energy sector.
GitHub this week introduced NPM package provenance and deployment protection rules and announced general availability of private vulnerability reporting.
House Committee Hears Testimony on DC Health Data Breach
A top administrator with Washington’s health insurance exchange apologized to House members on Wednesday for the data breach that resulted in the disclosure of personal information for thousands of users.
International cops urge Meta not to implement secure encryption for all
Why? Well, think of the children, of course
An international group of law enforcement agencies are urging Meta not to standardize end-to-end encryption on Facebook Messenger and Instagram, which they say will harm their ability to fight child sexual abuse material (CSAM) online.…
Healthcare organisations urged to improve system security
Patient data covering sensitive areas has long been a high-value target for cybercriminals
Sponsored Post Digital patient medical records now cover a whole gamut of sensitive details such as clinical diagnoses/treatments, prescriptions, personal finances and insurance policies. Which makes keeping them safe more important than ever.…
Thanks for fixing the computer lab. Now tell us why we shouldn’t expel you?
Guessing the admin password is cool. Using it, even for good, is dangerous
On Call It’s always twelve o’clock somewhere, the saying goes, but Friday comes around but once a week and only this day does The Register offer a fresh instalment of On Call, our reader-contributed tales of tech support torture and turmoil.…
Capita has 'evidence' customer data was stolen in digital burglary
Admits criminals accessed 4% of servers from March 22 until it spotted them at month-end
Business process outsourcing and tech services player Capita says there is proof that some customer data was scooped up by cyber baddies that broke into its systems late last month.…
An earlier supply chain attack led to the 3CX supply chain attack, Mandiant says
Threat hunters traced it back to malware-laced Trading Technologies' software
The supply-chain attack against 3CX last month was caused by an earlier supply-chain compromise of a different software firm — Trading Technologies — according to Mandiant, whose consulting crew was hired by 3CX to help the VoIP biz investigate the intrusion.…
Operational AI cybersecurity systems have been gaining valuable experience that will enable them to defend against AI-armed opponents.
Sponsored Feature For some time now, alerts concerning the utilisation of AI by cybercriminals have been sounded in specialist and mainstream media alike – with the set-to between AI-armed attackers and AI-protected defenders envisaged in vivid gladiatorial terms.…
GitHub debuts pedigree check for npm packages via Actions
Publishing provenance possibly prevents problems
Developers who use GitHub Actions to build software packages for the npm registry can now add a command flag that will publish details about the code's origin.…
How to manage your cloud and container vulnerabilities at scale
Webinar There's nothing complicated about the statistics released in Sysdig's latest report. They're alarming and should keep many an IT team up at night.…
US citizens charged with pushing pro-Kremlin disinfo, election interference
Also a bunch of Russians plus someone giving free trips to the Motherland
Four US citizens have been accused of working on behalf of the Russian government to push pro-Kremlin propaganda and unduly influence elections in Florida.…
Russian snoops just love invading unpatched Cisco gear, America and UK warn
Spying on foreign targets? That's our job!
The UK and US governments have sounded the alarm on Russian intelligence targeting unpatched Cisco routers to deploy malware and carry out surveillance.…
Microsoft opens up Defender threat intel library with file hash, URL search
Surprised there's no ChatGPT angle and that it's not called MalwareTotal
Security researchers and analysts can now search Microsoft's Threat Intelligence Defender database using file hashes and URLs when pulling together information for network intrusion investigations and whatnot.…
Payments firm accused of aiding 'contact Microsoft about a virus' scammers must cough $650k
'My computer locked up and a siren went off,' one mark tells Better Business Bureau
Updated Two execs and a multinational payment processing company must pay $650k to the US government, says the FTC, which accuses them of knowingly processing credit card payments for Microsoft-themed support scammers.…
Brit cops rapped over app that recorded 200k phone calls
Officers didn't know software was saving personal data and neither did people on other end
Several police forces in Britain are being put on the naughty step by the UK's data watchdog for using a calling app that recorded hundreds of thousands of phone conversations and illegally retained that data.…
Capita IT breach gets worse as Black Basta claims it's now selling off stolen data
No worries, outsourcer only handles government tech contracts worth billions
Black Basta, the extortionists who claimed they were the ones who lately broke into Capita, have reportedly put up for sale sensitive details, including bank account information, addresses, and passport photos, stolen from the IT outsourcing giant.…
US alleges China created troll army that tried to have dissidents booted from Zoom
Charges laid against 44, including officers of China’s Cyberspace Administration
The United States Department of Justice has charged 44 people over schemes prosecutors allege were run by China’s National Police to silence opponents of the Communist Party of China.…
Firmware is on shaky ground – let's see what it's made of
Old architectures just don't stack up
Opinion Most data theft does clear harm to the victim, and often to its customers. But while embarrassing, the cyberattack against MSI in which source code was said to be stolen is harder to diagnose. It looks like a valuable company asset that's cost a lot to develop. That its theft may be no loss is a weird idea. But then, firmware is weirder than we give it credit for. It's even hard to say exactly what it is.…
Russia-pushed UN Cybercrime Treaty may rewrite global law. It's ... not great
Let's go through all the proposed problematic powers, starting with surveillance and censorship
Special report United Nations negotiators convened this week in Vienna, Austria, to formulate a draft cybercrime treaty, and civil society groups are worried.…
Compatibility mess breaks not one but two Windows password tools
Windows LAPS and legacy LAPS don't play nicely under certain conditions, Microsoft says
Integrating the Local Administrator Password Solution (LAPS) into Windows and Windows Server that came with updates earlier this week is causing interoperability problems with what's called legacy LAPS, Microsoft says.…
While Twitter wants to sell its verification, Microsoft will do it for free on LinkedIn
Redmond expands a digital ID process for its platform as Musk seeks cash for blue check marks
As Elon Musk tears at Twitter's credibility by demanding businesses and individuals pay for their blue verification checks, Microsoft is pushing its own free digital ID tech to companies and their employees on LinkedIn.…
To improve security, consider how the aviation world stopped blaming pilots
When admitting to an error isn't seen as a failure, improvement easy to achieve, says pilot-turned-CISO
To improve security, the cybersecurity industry needs to follow the aviation industry's shift from a blame culture to a "just" culture, according to ISACA director Serge Christiaans.…
How insecure is America's FirstNet emergency response system? Seriously, anyone know?
Senator Wyden warns full probe needed into vital comms network
AT&T is "concealing vital cybersecurity reporting" about its FirstNet phone network for first responders and the US military, according to US Senator Ron Wyden (D-OR), who said the network had been dubbed unsafe by CISA.…
FBI: How fake Xi cops prey on Chinese nationals in the US
你好 [insert name], 我在 Ministry of Public Security 工作 [insert shakedown]
Criminals posing as law enforcement agents of the Chinese government are shaking down Chinese nationals living the United States by accusing them of financial crimes and threatening to arrest or hurt them if they don't pay, according to the FBI.…
3CX teases security-focused client update, plus password hashing
As Mandiant finds more evidence it was North Korea wot done it
The CEO of VoIP software provider 3CX has teased the imminent release of a security-focused upgrade to the company’s progressive web application client.…
US cyber chiefs warn AI will help crooks, China develop nastier cyberattacks faster
It's not all doom and gloom because ML also amplifies defensive efforts, probably
Bots like ChatGPT may not be able to pull off the next big Microsoft server worm or Colonial Pipeline ransomware super-infection but they may help criminal gangs and nation-state hackers develop some attacks against IT, according to Rob Joyce, director of the NSA's Cybersecurity Directorate.…
Another zero-click Apple spyware maker just popped up on the radar again
Pegasus, pssh, you so 2000-and-late
Malware reportedly developed by a little-known Israeli commercial spyware maker has been found on devices of journalists, politicians, and an NGO worker in multiple countries, say researchers. …
April Patch Tuesday: Ransomware gangs already exploiting this Windows bug
Plus Google, SAP, Adobe and Cisco emit fixes
Microsoft patched 97 security flaws today for April's Patch Tuesday including one that has already been found and exploited by miscreants attempting to deploy Nokoyawa ransomware.…
Azure admins warned to disable shared key access as backdoor attack detailed
The default is that sharing is caring as Redmond admits: 'These permissions could be abused'
A design flaw in Microsoft Azure – that shared key authorization is enabled by default when creating storage accounts – could give attackers full access to your environment, according to Orca Security researchers.…
40% of IT security pros say they've been told not to report a data leak
Plus: KFC, Pizza Hut owner spills more beans on ransomware hit... latest critical flaws... and more
In Brief More than 40 percent of surveyed IT security professionals say they've been told to keep network breaches under wraps despite laws and common decency requiring disclosure.…
How much to infect Android phones via Google Play store? How about $20k
Or whatever you managed to haggle with these miscreants
If you want to sneak malware onto people's Android devices via the official Google Play store, it may cost you about $20,000 to do so, Kaspersky suggests.…
Inside FTX: Jokes about misplaced funds, diabolical IT, poor oversight, and worse
How's the saying go? $50m here, $50m there, pretty soon you're talking real money
The liquidators picking over the remains of FTX have released their first formal report into Sam Bankman-Fried's imploded empire – and it somehow appears things are worse than feared.…
Apple squashes iOS, macOS zero-day bugs already exploited by snoops
Keep calm and install patches before abuse becomes widespread
Apple rolled out patches on Good Friday to its iOS, iPadOS, and macOS operating systems and the Safari web browser to address vulnerabilities found by Google and Amnesty International that were exploited in the wild.…
Google to kill Dropcam, Nest Secure hardware next year
Great, more company for Stadia, Duo and pals in the graveyard
Owners of Dropcam security cameras and Nest Secure systems have been given an unwelcome deadline from Google: their smart home products will be shut off April 8 next year.…
Microsoft, Fortra are this fed up with cyber-gangs abusing Cobalt Strike
Oh, sure, let's play a game of legal and technical whack-a-mole
Microsoft and Fortra are taking legal and technical actions to thwart cyber-criminals from using the latter company's Cobalt Strike software to distribute malware.…
When it comes to technology, securing your future means securing your present
How to build cyber resiliency in the face of complexity
Sponsored Feature Most economies and business sectors are dealing with extreme volatility and economic uncertainty. Even as the dislocation caused by the pandemic three years ago looked to be settling down, business leaders have had to contend with geopolitical concerns, rising interest rates, and surging inflation.…
Virsec automates the path to zero trust workload protection
Virsec has unveiled a suite of capabilities that automates the path to zero trust workload protection to increase the speed of protection, stopping attacks—including zero-days—in milliseconds. Its distinctive feature-set strikes the right balance between granular control, ease of onboarding, and day-to-day operations, with the comprehensive protection. Virsec turns a previously hard-to-use protection approach into a usable solution for security teams of any maturity level. An industry stuck detecting, not preventing Detection and response solutions (EDRs) … More →
Next DLP adds ChatGPT policy to its Reveal platform
Next DLP has unveiled the addition of ChatGPT policy templates to the company’s Reveal platform, which uncovers risk, educates employees and fulfills security, compliance, and regulatory needs. The launch of these new policy templates is in response to the dramatic increase in use of large language model platforms in the company’s global customer base. With the new policies customers gain enhanced monitoring and protection of employees using ChatGPT. The first policy educates employees on the … More →
Onapsis updates its platform to strenghten ERP cybersecurity
Onapsis has unveiled a series of new product updates for the Onapsis Platform. Enriched with the threat intelligence, the Onapsis Platform further simplifies business application security for CISOs and CIOs alike with a new Security Advisor, new updates to its Comply product line, and critical enhancements that streamline code security from application development to production. “As the only cybersecurity and compliance solution endorsed by SAP, Onapsis is proud to lead the charge in helping organizations … More →
A10 integrates Next-Gen WAF to enable multi-layered security
The last decade of digital transformation has turned most organizations today into true digital businesses. But the effectiveness and economics of cloud operating models have become top concerns. How to best secure, optimize, and automate hybrid cloud environments in the most effective manner is a significant challenge. To solve this problem, A10 Networks is announcing a combined solution of the Thunder Application Delivery Controller (ADC) and the new A10 Next-Generation Web Application Firewall (WAF), powered … More →
The staying power of shadow IT, and how to combat risks related to it
There was a time, not too long ago, when most IT leaders believed shadow IT was a negligible element in their companies. They felt their IT organizations were so in control of what applications were purchased and who was granted access and that minimal adoption occurred without their knowledge. Those were the days when centralized IT was the norm, and the idea of business-led technology acquisition wasn’t thought to be realistic. “Not happening in my … More →
Here’s a look at the most interesting products from the past week, featuring releases from Armorblox, Cofense, D3 Security, Sotero, Venafi, Veracode, Versa Networks, and Zyxel Networks. Zyxel SCR 50AXE boosts network security for small businesses and remote workers The feature-rich SCR 50AXE is a secure cloud-managed router that incorporates a business-class firewall, VPN gateway, WiFi 6E connectivity, and built-in subscription-free security to protect the network from threats including ransomware and malware. Cofense Protect+ defends … More →
Scammers using social media to dupe people into becoming money mules
Fraudsters are taking advantage of the widening fraud knowledge gap, outlining the urgent need for banks to educate and protect their customers with technology, according to Feedzai. The report reveals that while 56% of respondents have been a victim of a financial scam, many still lack the knowledge to detect and distinguish between the various types of financial crime. Consumers demand accountability Consequently, many consumers believe the responsibility for reimbursement lies with their bank, with … More →
47% of employees report feeling stressed in their everyday life, but nearly 70% believe their employer would support them in a time of need, according to Mercer Marsh Benefits. The report surveyed over 17,500 employees in 16 markets across the globe about their priorities when it comes to health and well-being, highlighting the voice of the employee so employers can better address their needs. Underlying causes of workplace stress When asked what factors put them … More →
Sotero Ransomware Protection encrypts data to prevent theft and extortion
Sotero has launched Sotero Ransomware Protection, giving organizations the ability to proactively protect unstructured data from attack by utilizing behavior-based detection. Most currently available ransomware solutions use a signature-based approach that detects only currently known ransomware strains – a method that broadly protects against malware concerns, but does not guarantee protection against zero-day attacks. Sotero’s Ransomware Protection not only detects currently known ransomware, but also provides the ability to detect and protect data from zero-day … More →
Armorblox releases Graymail and Recon Attack Protection to stop malicious emails
Armorblox has released its newest product, Graymail and Recon Attack Protection, developed to decrease the time security teams spend managing graymail and mitigate the security risks from malicious recon attacks. This is in addition to the announcement of new capabilities across two main products of the Armorblox cloud-delivered email security and data loss prevention platform: Advanced Data Loss Prevention and Abuse Mailbox. The new capabilities are designed to enhance overall productivity across security teams by … More →
Cisco patches high and critical flaws across several products
Cisco fixed serious vulnerabilities across several of its products this week, including in its Industrial Network Director, Modeling Labs, ASR 5000 Series Routers, and BroadWorks Network Server. The flaws can lead to administrative command injection, authentication bypass, remote privilege escalation and denial of service.
The Cisco Industrial Network Director (IND), a network monitoring and management server for operational technology (OT) networks, received patches for two vulnerabilities rated critical and medium respectively. These were fixed in version 1.11.3 of the software.
Iran cyberespionage group taps SimpleHelp for persistence on victim devices
Iranian APT hacking group MuddyWater has been observed using SimpleHelp, a legitimate remote device control and management tool, to ensure persistence on victim devices.
SimpleHelp itself, as used by the threat actors, has not been compromised — instead, the group has found a way to download the tool from the official website and use it in their attacks, according to a Group-IB blog post.
Good Friday Agreement paved way for Northern Ireland’s emergence as a global cybersecurity hub
The Belfast (Good Friday) Agreement played an integral role in enabling Northern Ireland’s growth as a global cybersecurity hub, according to UK government chiefs speaking at the CyberUK conference in Belfast. The Good Friday Agreement was signed on Good Friday, April 10, 1998, following three decades of conflict known as the Troubles. In introduced several new power-sharing arrangements designed to install peace, transforming political and economic life in Northern Ireland. Twenty-five years on from the signing of the pivotal peace accord, Northern Ireland’s flourishing cyber ecosystem has one of the highest concentrations of cybersecurity businesses worldwide – estimated to add £437 million in value to the UK’s economy by 2030.
Most interesting products to see at RSA Conference 2023
Security professionals attending this year’s RSA Conference expect to learn about new tools, platforms, and services from the 600-plus vendors exhibiting there. That’s a lot of ground to cover, so CSO has sifted through the upcoming announcements and gathered the products and services that caught our eye here.
More announcements will be made throughout the event, and CSO will update this article as their embargoes break. We’ve organized the listings by day of announcement.
RSA Conference announcements, pre-event
Binary Defense Phishing Response service
Managed detection and response (MDR) firm Binary Defense will be showing its new Phishing Response service. Its features include email attack surface hardening, intelligence correlation, threat hunting, and investigation-based detection and remediation recommendations. Users may submit emails and phishing alerts from third-party email protection software for analysis. Findings from that analysis are then correlated with other threat intelligence, and then Binary Defense analysts look for evidence of this attack. Binary Defense is at RSAC booth 5415.
3CX hack highlights risk of cascading software supply-chain compromises
At the end of March, an international VoIP software company called 3CX with over 600,000 business customers suffered a serious software supply-chain compromise that resulted in both its Windows and macOS applications being poisoned with malicious code. New evidence suggests the attackers, believed to be North Korean state-sponsored hackers, gained access to the company's network and systems as a result of a different software supply-chain attack involving a third-party application for futures trading.
"The identified software supply chain compromise is the first we are aware of which has led to a cascading software supply chain compromise," incident responders from cybersecurity firm Mandiant, who was contracted to investigate the incident, said in a report Thursday. "It shows the potential reach of this type of compromise, particularly when a threat actor can chain intrusions as demonstrated in this investigation."
The strong link between cyber threat intelligence and digital risk protection
While indicators of compromise (IoCs) and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence (CTI) needs have grown over the past few years, driven by things like digital transformation, cloud computing, SaaS propagation, and remote worker support. In fact, these changes have led to a CTI subcategory focused on digital risk protection. DRP is broadly defined as, “telemetry, analysis, processes, and technologies used to identify and mitigate risks associated with digital assets.”
Earlier this month, I examined ESG research on enterprise CTI programs. CISOs are investing here but challenges remain. I’ve also dug into the CTI lifecycle. Nearly three-quarters (74%) of organizations claim they employ a lifecycle, but many describe bottlenecks in one or several of the lifecycle phases.
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.
Fortunately, plenty of great conferences are coming up in the months ahead.
If keeping abreast of security trends and evolving threats is critical to your job — and we know it is — then attending some top-notch security conferences is on your must-do list for 2023.
From major events to those that are more narrowly focused, this list from the editors of CSO, will help you find the security conferences that matter the most to you.
“Multilayer IAM is needed for a couple of reasons,” said Roman Arutyunov, co-founder, and senior vice president of products at Xage Security. “First is the fact that operators design systems for high availability and resiliency, leaving no single point of failure, and second that separate identities are used at each layer and site with different admins to ensure that compromise of credentials at IT doesn’t result in compromise of OT and furthermore, compromise of one site does not lead to compromise of all sites.”
Cyber insurer launches InsurSec solution to help SMBs improve security, risk management
Cyber insurance provider At-Bay has announced the launch of a new InsurSec solution to help small-to-mid sized businesses (SMBs) improve their security and risk management postures through their insurance policy. The firm describes the At-Bay Stance platform as a “world’s first” that aims to addresses major security technology and skills access gaps by centralizing and prioritizing risks, along with providing expert support to mitigate threats – managed in conjunction with cyber insurance coverage.
The emergence of InsurSec technology reflects a cyber insurance landscape that has seen significant change recently. As the frequency and severity of ransomware, phishing, and denial of service attacks have increased, demand for and conditions relating to coverage have evolved. Policies are becoming more diverse, complex, expensive, and harder to qualify for, presenting CISOs and their organizations with new challenges and considerations for optimal cyber insurance investment.
Five Eye nations release new guidance on smart city cybersecurity
New guidance, Cybersecurity Best Practices for Smart Cities, wants to raise awareness among communities and organizations implementing smart city technologies that these beneficial technologies can also have potential vulnerabilities. A collaboration among the Five Eye nations (Australia, Canada, New Zealand, the UK, and the US), it advises communities considering becoming smart cities to assess and mitigate the cybersecurity risks that comes with the technology.
What makes smart cities attractive to attackers is the data being collected and processed. Because AI-powered systems are being used to integrate this data, these should be given special attention when checking for vulnerabilities.
Global intelligence assessments: you are the target
The duty and responsibility of every intelligence service is to collect, analyze, and disseminate intelligence information to its country’s policymakers. In a prior piece, we discussed the US Office of the Director of National Intelligence (ODNI) global threat assessment in the cyber domain. What follows is the perspective from other countries’ intelligence services on what the future may hold.
Russian cyber spy group APT28 backdoors Cisco routers via SNMP
APT28, the hacking arm of Russia's GRU military intelligence agency has been backdooring Cisco routers by exploiting a remote code execution vulnerability in the Cisco IOS implementation of the simple network management protocol (SNMP), according to a statement by Western security agencies. The malware deployed on compromised routers patches the router’s authentication mechanism to always accept any password for any local user.
“In 2021, APT28 used infrastructure to masquerade simple network management protocol (SNMP) access into Cisco routers worldwide,” the UK National Cyber Security Centre (NCSC) said in a joint advisory with the US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), and the US Federal Bureau of Investigation (FBI). “This included a small number based in Europe, US government institutions, and approximately 250 Ukrainian victims.”
BrandPost: The status quo for DNS security isn’t working
The Domain Name System (DNS) is often referred to as the phone book of the internet. DNS translates web addresses, which people use, into IP addresses, which machines use. But DNS was not designed with security in mind. And even though companies have invested incredible amounts of money into their security stack (and even though they’ve had since the 1980s to figure this out), DNS traffic often goes unmonitored.
This has only worsened with the adoption of encrypted DNS, known as DNS-over-HTTPS (DoH). Since its introduction in late 2018, DoH has grown from a personal privacy feature that most IT teams blocked outright, to an encouraged enterprise privacy and security function. While DoH protects traffic in transit, it also leaves organizations with little to no visibility over what’s happening with their DNS queries.
Lacework adds vulnerability risk management to its flagship offering
Cloud security provider Lacework has added a new vulnerability risk management capability to its cloud-native application protection (CNAPP) offering.
The SaaS capability will combine active package detection, attack path analysis, and in-house data on active exploits to generate personalized vulnerability risk scores.
“Lacework takes a risk-based approach that goes beyond a common vulnerability scoring system (CVSS) and looks at each customer’s unique environment, to figure out what packages are active, whether that host is exposed to the internet, whether there are exploits in the wild, etc.,” said Nolan Karpinski, director of product management at Lacework. “CVSS scores are very generic and, at times, do not pertain to every context, meaning it may or may not be bad for your environment.”
Darwinium upgrades its payment fraud protection platform
Security and fraud prevention vendor Darwinium has updated its Continuous Customer Protection platform to provide shared intelligence on anonymized data sets. The company claims that the update ensures customers remain in control of users’ data while also preventing Darwinium from becoming a target of cybercrime. Use cases for the Darwinium platform include account security, scam detection, account takeover, fraudulent new accounts, synthetic identities, and bot intelligence.
Darwinium services large B2C organizations (with $1 billion or more in revenue) and marketplaces, dedicated payments providers, ecommerce shops, banks, and some fintechs. In 2022, a study by Statista and Juniper Research estimated e-commerce losses to online payment fraud of $41 billion globally.
The Open Source Security Foundation (OpenSSF) has announced the release of Supply-chain Levels for Software Artifacts (SLSA) v.1.0 with structure changes designed to make the software supply chain security framework more accessible and specific to individual areas of the software delivery lifecycle.
SLSA is a community-driven supply chain security standards project that outlines increasing security rigor within the software development process. It aims to address critical pieces of software supply chain security, giving producers, consumers, and infrastructure providers an effective way to assess software security and gain confidence that software hasn’t been tampered with and can be securely traced back to its source. SLSA is backed by several high-profile technology organizations including Google, Intel, Microsoft, VMware, and IBM. The stable release of the SLSA 1.0 lowers the barrier of entry for improvements, helps users focus efforts on improving builds, and reduces the chances of tampering across a large swath of the supply chain, OpenSSF said.
UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure
The UK National Cyber Security Centre (NCSC) has issued an alert to critical national infrastructure (CNI) organisations warning of an emerging threat from state-aligned groups, particularly those sympathetic to Russia’s invasion of Ukraine. The alert states that newly emerged groups could launch “destructive and disruptive attacks” with less predictable consequences than those of traditional cybercriminals, with CNI organisations strongly encouraged to follow NCSC advice on steps to take when cyber threat is heightened.
The alert was issued on the first day of the NCSC’s CYBERUK conference in Belfast, where experts have gathered to consider topics under the theme of securing an open and resilient digital future. It also comes in the same week as new research that revealed the cost-of -living crisis could trigger a surge in cyberattacks and security issues impacting the UK’s CNI sector.
Top risks and best practices for securely offboarding employees
Employees won’t work for the same organization forever and dealing with their departures is just part and parcel of business. But the security risks posed by departing staff can be significant. Without secure off-boarding processes, organizations expose themselves to a variety of cybersecurity risks ranging from the innocuously accidental to the maliciously deliberate.
High turnover rates and layoffs only add to the offboarding security pressures, with potentially large numbers of employees exiting organizations, sometimes at short notice. CISOs, security teams, and relevant businesses functions should regularly review their offboarding processes to pinpoint potential risks and vulnerabilities, addressing key factors to ensure offboarding strategies remain secure amid evolving cyberthreats and workforce patterns.
Hard-to-detect malware loader distributed via AI-generated YouTube videos
Security researchers warn of a new malware loader that's used as part of the infection chain for the Aurora information stealer. The loader uses anti-virtual-machine (VM) and unusual compilation techniques that seem to make it quite successful at avoiding detection by security solutions.
The Aurora infostealer is written in Go and is operated as a malware-as-a-service platform that's advertised on Russian-language cybercrime forums. It started gaining popularity among cybercriminals at the end of last year because it is modular and can also be used as a malware downloader to deploy additional payloads in addition to its core functionality of stealing data and credentials from multiple web browsers, cryptocurrency wallets, and local applications.
App cyberattacks jump 137%, with healthcare, manufacturing hit hard, Akamai says
An analysis of customer data collected by content delivery network and internet services giant Akamai found that attacks targeting web applications rose by 137% over the course of last year, as the healthcare and manufacturing sectors in particular were targeted with an array of API and application-based intrusions.
Local file intrusions — in which attackers spoof a web application in order to either execute code remotely on a web server or gain access to files that they shouldn’t — were the most common attacks seen against Akamai’s customers in 2022, and the company warns that its high level of popularity means that it’s a technique that likely remains common in 2023.
SpinOne adds new capabilities to secure SaaS applications and data
SaaS data protection provider Spin.ai has launched two new service modules — SaaS security posture management (SSPM) and SaaS data leak prevention/loss protection (SDLP) — along with a few new capabilities for existing modules, to its flagship SaaS security platform SpinOne.
The enhancements to the SaaS-based offering aim to protect SaaS applications, automate manual processes, and minimize business downtime for organizations.
Both SSPM and SDLP are being added as new subscriptions on the SpinOne platform and are generally available, along with the other capabilities released for existing modules.
BrandPost: Security Maturity Has a Communication Issue
At first glance, the motivations to increase security maturity seem clear. Industry reporting fills news feeds advising on the latest threat or vulnerability poised to take over an organization’s systems to wreak havoc on local and global operations. However, while the emerging risks of increased threats are valid, it's not the whole story.
Cybersecurity is indeed a global concern that affects every organization. However, there is no direct path to guaranteed success. Each organization's approach to increasing cybersecurity maturity and resilience must incorporate the move from generalities to specifics concerning their operations, risk tolerances, regulations, and best practices.
Daon’s TrustX to offer SaaS-based, no-code identity journeys
Identity and access management provider Daon has launched a SaaS-based identity proofing and authentication platform TrustX, designed to help customers create and manage user identity journeys across organizational workflows.
The fully managed offering will use artificial intelligence (AI) and machine learning (ML) tools to support identity journeys, which will include building, verifying, and authenticating identities, along with regulatory compliance.
BrandPost: 5 ways today’s XDR solutions are failing you
Cybersecurity professionals are turning to extended detection and response (XDR) solutions to simplify key functions in security operations. But even if you’re confident in your approach to XDR, you may want to revisit whether it is resilient enough to keep up with evolving and increasingly sophisticated cyber threats.
XDR is intended to monitor, detect, and respond to threats across your cybersecurity environment with consolidated telemetry, unified visibility and coordinated response. The solution aims to unify security incident detection and response by:
Automatically collecting and correlating telemetry from multiple security tools
Applying analytics to detect malicious activity
Responding to and remediating threats
To some extent, XDR extends endpoint detection and response (EDR) strategies to correlate data across all vectors—email, endpoints, servers, cloud workloads, and networks.
Global organizations are improving their attack detection capabilities despite facing increasingly sophisticated, persistent, and creative adversaries. The Mandiant M-Trends 2023 report, now in its fourteenth year, revealed that the global median dwell time – calculated as the median number of days an attacker is present in a target’s environment before detection – dropped to 16 days in 2022. This is the shortest median global dwell time from all M-Trends reporting periods.
The reduction in median dwell time reflects the key role partnerships and the exchange of information play in building a more resilient cybersecurity ecosystem, according to Mandiant. That said, several findings from this year’s report demonstrate that adversaries are progressively more sophisticated, persistent, and confident, as evidenced by hundreds of new malware families, extensive cyber espionage campaigns by nation-state-backed actors, and novel aggressive, personal tactics that ignore the traditional cyber rules of engagement.
New Qbot campaign delivers malware by hijacking business emails
Cyberattacks that use banking trojans of the Qbot family have been targeting companies in Germany, Argentina, and Italy since April 4 by hijacking business emails, according to a research by cybersecurity firm Kaspersky.
In the latest campaign, the malware is delivered through emails written in English, German, Italian, and French. The messages are based on real business emails that the attackers have gained access to. This gives the attackers the opportunity to join the correspondence thread with messages of their own, Kaspersky said in its report.
Threat actors are getting more adept at exploiting common, everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages. Meanwhile, security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most environments.
That’s according to the Unit 42 Cloud Threat Report, Volume 7, which analyzed the workloads in 210,000 cloud accounts across 1,300 different organizations to gain a comprehensive look at the current cloud security landscape. It cited a small set of risky cloud behaviors that are repeatedly observed in organizations, warning that the average time to remediate alerts (roughly six days) provides a lengthy window of opportunity for adversaries to exploit cloud vulnerabilities.
This year’s RSA Conference showcases promising startups from all over the world, many of which are making their first public appearance. Most will be exhibiting in the Early Stage Expo, which features 50 new security solution providers. Other startup exhibitors are finalists in RSA’s Innovation Sandbox competition.
Perhaps the most interesting aspect about startups is that they target needs not addressed by established vendors. Those needs are often the result of changing trends in threat actors’ objectives and how they target and exploit victims.
The classified document leak: let’s talk about Jack Teixeira’s need-to-know
The arrest of 21-year-old Airman First Class Jack Teixeira last week has inspired myriad reactions from armchair pundits declaring 21 is too young to be trusted with classified information to the need to reform the Department of Defense and the intelligence community to the US Speaker of the House calling for hearings on how the administration of President Joe Biden could have allowed such a breach to occur. In my opinion, the real concern is the need to reform policies and processes associated with how information is accessed by insiders.
As the case brought against Teixeira unfolds, one realization we don’t have to wait for is that the insider risk management program within the United States Air Force’s 102nd Intelligence Wing at Otis Air National Guard Base failed, and failed spectacularly. A reading of the Department of Justice affidavit in support of an arrest warrant provides a glimpse into Teixeira’s naivete and that his actions were malevolent from the get-go.
Google urges users to update Chrome to address zero-day vulnerability
Google has released an emergency Chrome security update to address a zero-day vulnerability targeted by an exploit, already in circulation on the internet, that can allow malicious code to be executed.
Google is urging users to upgrade Chrome to the new version, 112.0.5615.121, as soon as possible. The updated version addresses the vulnerability, which affects Windows, Mac, and Linux systems, and is listed as CVE-2023-2033 in the US' National Vulnerability Database.
Meanwhile, the update will roll out in the coming weeks on Google's stable desktop channel, the company said.
Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack
Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack
Hunting down BlackLotus – Week in security with Tony Anscombe
Microsoft releases guidance on how organizations can check their systems for the presence of BlackLotus, a powerful threat first analyzed by ESET researchers
Safety first: 5 cybersecurity tips for freelance bloggers
The much-dreaded writer’s block isn’t the only threat that may derail your progress. Are you doing enough to keep your blog (and your livelihood) safe from online dangers?
What are the cybersecurity concerns of SMBs by sector?
Some sectors have high confidence in their in-house cybersecurity expertise, while others prefer to enlist the support of an external provider to keep their systems and data secured
ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine
ESET experts share their insights on the cyber-elements of the first year of the war in Ukraine and how a growing number of destructive malware variants tried to rip through critical Ukrainian systems
How content creators and subscribers can embrace the social media platform without (overly) exposing themselves to the potentially toxic brew of NSFW content and privacy threats
What TikTok knows about you – and what you should know about TikTok
As TikTok CEO attempts to placate U.S. lawmakers, it’s time for us all to think about the wealth of personal information that TikTok and other social media giants collect about us
Twitter ends free SMS 2FA: Here’s how you can protect your account now
Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option.
Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe
Scammers are looking to cash in on the chaos that has set in following the startling meltdowns of Silicon Valley Bank and Signature Bank and the crisis at Credit Suisse
The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia
ESET Research uncovered a campaign by APT group Tick against a data-loss prevention company in East Asia and found a previously unreported tool used by the group
Here's a roundup of some of the most common tricks that fraudsters use to dupe their victims on WhatsApp – and what you can do to protect yourself against them.
‘A woman from Mars’: Life in the pursuit of space exploration
An astrobiologist, analog astronaut, author and speaker, Dr. Michaela Musilova shares her experience as a woman at the forefront of space exploration and from her quest for scientific and personal excellence
Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials
ESET researchers analyze a cyberespionage campaign that distributes CapraRAT backdoors through trojanized and supposedly secure Android messaging apps – but also exfiltrates sensitive information
These aren’t the apps you’re looking for: fake installers targeting Southeast and East Asia
ESET researchers have identified a campaign using trojanized installers to deliver the FatalRAT malware, distributed via malicious websites linked in ads that appear in Google search results
Spoiler alert: it turned me down. But that’s far from the only thing I learned while playing around with the bot that the world has fallen in love with so badly.
When will the company fall out of compliance, and why?
Artificial intelligence and machine learning continue to create a more significant media frenzy than BlackPink performing at Coachella!
All the noise from many globally intelligent people talking about slowing down AI so we can get our heads around what this automated robotic, non-human interaction, self-propelled, job-killing science is all about.
Until we figure that out, how about we turn the “pirate ship a hard left” and focus our brain power on a more pressing need; compliance-AI.
If you turned to my podcast yesterday, “CyberBlock and Chain with a Touch of Web 3.0,” I poked fun at the ENRON and Arthur Andersen scandal and compared it to the recent KPMG/SVB nightmare that is still unfolding.
For a moment, if SVB, the banker regulators, and the board of directors had an AI-powered Machine learning data crunching system letting them know months or even a year in advance, “because of current data trends, we will no longer comply with SOX, GLBA, PCI, and GDP if we continue to take these risks.”
I suspect SVB and other banks have invested heavily in data analytics to measure their investment risk strategy. However, what I believe is missing is when “human judgment,” including email communications or failure to hire a chief risk officer, these attributes should factor into the overall “risk of being non-compliance.” By taking telemetry from Cybersecurity, Risk Management, and Email Compliance alerts, including external DLP rule violations and other compliance findings, with the power of AI, this should create a pretty good dashboard for everyone to see.
What good will it do? Well, think about what is coming out about SVB and KPMG possibly going “old-school (DOT.COM) for a moment and buttering up the books to paint a clear and concise picture while the absolute truth is buried somewhere with an email or voice mail or maybe some other method of communication.
Natural Language Processing (NLP) would have a home here for years!
What is being said? Who said it? When was it said? What results came about? These questions yield more of the same risk-seeking culture with a greater reward.
In English, we call this “greed.”
How should organizations reconsider their AI investments in XDR, MXDR, DDR..etc.. and significantly invest in compliance AI?
There is never a good time or wrong time to change direction for the good of the organizations, investors, and employees.
Compliance AI can tell us more than what we want to know. And that is a good thing. We just want to ensure that more people see this “analysis” so “old-school” checks and balances can help prevent the subsequent “failure” and taxpayer bailout.
Best Practices for Responding to a GRC Vendor Assessment
Answering a GRC (Governance, Risk, and Compliance) vendor assessment is an important step for companies that want to demonstrate their commitment to compliance and risk management to potential customers. In this piece, we’ll cover how you can best respond to a prospect’s vendor assessment so you both can seal the deal. By following these best […]
My latest book, A Hacker’s Mind, has a lot of sports stories. Sports are filled with hacks, as players look for every possible advantage that doesn’t explicitly break the rules. Here’s an example from pickleball, which nicely explains the dilemma between hacking as a subversion and hacking as innovation:
Some might consider these actions cheating, while the acting player would argue that there was no rule that said the action couldn’t be performed. So, how do we address these situations, and close those loopholes? We make new rules that specifically address the loophole action. And the rules book gets longer, and the cycle continues with new loopholes identified, and new rules to prohibit that particular action in the future...
A Comprehensive Guide for the SOC-2 Audit Checklist
The SOC 2 framework helps you identify potential risks to your business and mitigate them with approved controls. To pass a SOC 2 audit, you must first define your audit objectives, determine your audit scope, and undergo a number of preparation steps and assessments. While these steps can be time-consuming, expensive, and arduous, achieving SOC […]
Vendor Re-Use Opens the Aperture on Many Vulnerabilities
Introduction The IT supply chain is filled with software vulnerabilities, many resulting from significant code reuse across multiple vendors. The economic forces at play form a ‘race to the bottom’ competitive landscape, where feature velocity and low cost drive development practices. Often, basic Secure Systems Development Lifecycle (SSDLC) practices, such as baking in static code […]
Executive Overview Threat actors have escalated the single extortion ransomware attack model to double and even triple extortion. With the commodification of cybercrime, adversaries have significantly increased the sophistication levels of their operations, and therefore also the potential devastating impacts of a ransomware attack. Flare Director of Marketing Eric Clay and CTO & Co-Founder Mathieu […]
The Week in Ransomware - April 21st 2023 - Macs in the Crosshairs
A lot of news broke this week related to ransomware, with the discovery of LockBit testing macOS encryptors to an outage on NCR, causing massive headaches for restaurants. [...]
Critical infrastructure also hit by supply chain attack behind 3CX breach
The X_Trader software supply chain attack that led to last month's 3CX breach has also impacted at least several critical infrastructure organizations in the United States and Europe, according to Symantec's Threat Hunter Team. [...]
GhostToken GCP flaw let attackers backdoor Google accounts
Google has addressed a Cloud Platform (GCP) security vulnerability impacting all users and allowing attackers to backdoor their accounts using malicious OAuth applications installed from the Google Marketplace or third-party providers. [...]
Kubernetes RBAC abused to create persistent cluster backdoors
Hackers use a novel method involving RBAC (Role-Based Access Control) to create persistent backdoor accounts on Kubernetes clusters and hijack their resources for Monero crypto-mining. [...]
American Bar Association data breach hits 1.4 million members
The American Bar Association (ABA) has suffered a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members. [...]
University websites using MediaWiki, TWiki hacked to serve Fortnite spam
Websites of multiple U.S. universities are serving Fortnite and 'gift card' spam. Researchers observed Wiki and documentation pages being hosted by universities including Stanford, MIT, Berkeley, UMass Amherst, Northeastern, Caltech, among others, were compromised. [...]
Google: Ukraine targeted by 60% of Russian phishing attacks in 2023
Google's Threat Analysis Group (TAG) has been monitoring and disrupting Russian state-backed cyberattacks targeting Ukraine's critical infrastructure in 2023. [...]
VMware fixes vRealize bug that let attackers run code as root
VMware addressed a critical vRealize Log Insight security vulnerability that allows remote attackers to gain remote execution on vulnerable appliances. [...]
Capita confirms hackers stole data in recent cyberattack
London-based professional outsourcing giant Capita has published an update on the cyber-incident that impacted it at the start of the month, now admitting that hackers exfiltrated data from its systems. [...]
3CX hack caused by trading software supply chain attack
An investigation into last month's 3CX supply chain attack discovered that it was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds. [...]
Avalor wants to unify cybersecurity tools by aggregating data
Security has a data problem. That’s according to Kfir Tishbi, who led the engineering team at Datorama, a marketing analytics company that was acquired by Salesforce in 2018. Tishbi — who spent time at CitiBank and digital entertainment startup Playtika before joining Datorama — says he often worked with security teams that had to juggle […]
Slim.AI helps developers optimize and secure their containers
Slim.AI, a startup specializing in software supply chain security that helps businesses optimize and secure their software containers, today announced the launch of its automated container hardening feature at the CNCF’s KubeCon/CloudNativeCon Europe. With this, Slim can now automatically scan a company’s containers for vulnerabilities and remove unnecessary files, libraries and other attack surfaces. Built […]
Otterize raises $11.5M to help developers securely connect software services
Tomer Greenwald, Uri Sarid and Ori Shoshan, software developers by trade, found themselves building and configuring software authentication and authorization mechanisms repeatedly — each time with a different tech stack. Frustrated with the process, they sought to create a platform that enables developers to focus on writing code rather than on constantly configuring server permissions. […]
Cranium launches out of KPMG’s venture studio to tackle AI security
Several years ago, Jonathan Dambrot, a partner at KPMG, was helping customers deploy and develop AI systems when he started to notice certain gaps in compliance and security. According to him, no one could explain whether their AI was secure — or even who was responsible for ensuring that. “Fundamentally, data scientists don’t understand the […]
Strivacity, which helps companies build secure login flows, nabs $20M
Identity and access security issues are increasingly top of mind for companies. According to a recent Verizon survey, 61% of all breaches now involve credentials — whether they be stolen via social engineering or hacked using brute force. It’s frustrating for users, too; a NordPass poll found that eight out of 10 people find password […]
DataDome, which uses AI to protect against bot-based attacks, raises $42M
Online businesses are at risk of bad bot activity, certainly more now than they used to be. According to a survey from Imperva, 42.3% of internet traffic in 2021 wasn’t human, but instead bots that ran automated routines with ill intent. Given the damage bots can do — for example, stealing content and inventory, degrading […]
Microsoft lets generative AI loose on cybersecurity
As a part of its continued quest to inject generative AI into all its products, Microsoft today introduced Security Copilot, a new tool that aims to “summarize” and “make sense” of threat intelligence. In a light-on-the-details announcement, Microsoft pitched Security Copilot as a way to correlate data on attacks while prioritizing security incidents. Countless tools […]
If the past few years, and even the past week, has reminded us soundly of anything — it’s that the startup world will never be predictable. To meet the changing startup landscape, we’re refreshing and re-imagining TechCrunch Disrupt 2023 in a big way, with more of what you love and new ways to accelerate your growth. […]
Aembit raises $16.6M to bring identity management to workloads
Aembit, a Maryland-based security startup that focuses on helping DevOps and security teams manage how federated workloads talk to each other, is officially launching its service today and announcing a $16.6 million seed funding round from Ballistic Ventures and Ten Eleven Ventures. In essence, Aembit’s workload identity and access management service applies industry knowledge, from […]
New Zealand bans TikTok from phones of parliamentarians
Days after the U.K. banned TikTok from government devices, New Zealand has joined the trend by prohibiting the short video app from parliamentary devices. The move comes amid growing security concerns about TikTok-owner ByteDance handing user data to the Chinese government. The country’s authorities cited cybersecurity reasons and said the app would be banned on […]
Ledger launches browser extension to improve crypto wallet connectivity
Ledger, one of the largest cold storage crypto wallet providers, launched a browser extension to improve online security and connectivity for digital assets, the company exclusively told TechCrunch. “You think of Web 1.0 as usernames and passwords, Web 2.0 as log in with Facebook, Google, iCloud, Twitter, and web3 is [about] connecting to your wallet,” […]
Once scammed for ten grand, this VC is building a crypto security vault
One of the barriers to bringing cryptocurrency into the mainstream is the frequency of fraud in the space. Last year alone, more than $3.9 billion worth of crypto was “lost,” according to an industry report, even though the number was already down roughly 50% from the year before. Francois Le Nguyen, an angel investor and […]
Cloud security vendor Mitiga lands $45M, valuing the company at over $100M
Companies moved en masse to the cloud during the pandemic, under pressure to digitally transform. According to a 2021 survey from O’Reilly, cloud adoption steadily rose across industries, with 90% of organizations using cloud computing compared to 88% in 2020. The accelerated cloud adoption led to a rise in security issues. In a recent poll […]
a16z-backed Uno launches a design-centric password manager
There are plenty of good reasons why you should use a password manager, from helping you generate and store complex and unique passwords to not needing to remember any of them. But for some folks, getting started with a password manager for the first time can be a hassle. To cater to that problem, a16z-backed […]
Entitle raises $15M seed round to modernize permissions management
Tel Aviv-based Entitle, a startup that helps businesses automate how their developers gain permission to access cloud resources, today announced that it has raised a $15 million seed round led by Glilot Capital Partners, with participation from a number of angel investors, including more than 10 prominent CISOs. The company, which was founded in 2021 […]
Cloud security startup Wiz, now valued at $10B, raises $300M
Cybersecurity continues to be a major area for investment among businesses — and VCs. While a decline from the previous year, venture capital funding in the cybersecurity sector totaled $18.5 billion in 2022, according to Momentum Cyber. The popularity comes in part from the rise in cyberattacks. Check Point Research reports that global cyberattacks increased […]
Tile takes extreme steps to limit stalkers and thieves from using its Bluetooth trackers
Apple took a big PR hit as news spread that its item tracker the AirTag was being used for stalking and car thefts, which led the company to retool its software with a closer eye on user safety. AirTag’s competitor Tile is now introducing its own plan to make its device safer, with the launch […]
Hackers send fake emails to government agencies and departments on behalf of NTISB
The National Telecommunication & Information Technology Security Board (NTISB) has become the latest victim of cyberattacks. The attack in question involved fake emails sent to government agencies and departments. The emails appeared to have been set from NTISB. Hackers send fake emails on behalf of NTISB The Cabinet Division issued an advisory on this matter, … Continue reading Hackers send fake emails to government agencies and departments on behalf of NTISB
Hackers publish data stolen from US network infrastructure firm CommScope
Hackers have published data stolen from CommScope, one of the largest network infrastructure companies in the United States. The data stolen from the organization includes thousands of employee social security numbers and bank account details. Hackers publish data stolen from CommScope CommScope is a network infrastructure company based in North Carolina. The company is responsible … Continue reading Hackers publish data stolen from US network infrastructure firm CommScope
World of Warcraft and other Blizzard games inaccessible after a DDoS attack
Distributed denial-of-service (DDoS) attacks have been on the rise over the past few years. The gaming industry has not been spared from these attacks. Players could not access World of Warcraft and other libraries of games by Blizzard Games. However, the company has since said it averted the attack and was back online. Blizzard Games … Continue reading World of Warcraft and other Blizzard games inaccessible after a DDoS attack
DeFi lending platform Hundred Finance commences investigations into a $7M exploit
Hundred Finance, a multi-chain lending protocol, has revealed that it lost around $7 million after being exploited on Optimism, an Ethereum layer-2 blockchain. The protocol said that it contacted the hacker after this hack to find an amicable solution. Hundred Finance loses $7M after hack The team at the multi-chain lending protocol said that it … Continue reading DeFi lending platform Hundred Finance commences investigations into a $7M exploit
Hackers behind the Western Digital breach claim to have access to 10TB of data
The threat actors linked to a data breach against the Western Digital data storage company have claimed access to 10 terabytes of data belonging to the company. The data in question includes customer information. The hackers are demanding a ransom not to release the stolen data. Western Digital hackers claim to steal massive volumes of … Continue reading Hackers behind the Western Digital breach claim to have access to 10TB of data
DeFi protocol Yearn Finance exploited with over $11M stolen
Yearn.finance was the latest victim of a hack in the decentralized finance (DeFi) sector. The hack enabled the threat actor to mint more than 1 quadrillion Yearn Tether (yUSDT) from $10,000 USDT. The hack was reported by blockchain security firm, PeckShield. Hacker exploits Yearn.finance contract to mint yUSDT PeckShield issued an alert on this exploit … Continue reading DeFi protocol Yearn Finance exploited with over $11M stolen
KillNet hacking group claims to be behind multiple DDoS attacks against NATO
KillNet, a Russian hacktivist group, has said it is responsible for multiple Distributed Denial of Service (DDoS) attacks targeting NATO cyber infrastructure. The hacking group has also said that hackers breached its security systems and stole data. KillNet targets NATO in DDoS exploits The KillNet hacking group claims it conducted multiple cybersecurity attacks that affected … Continue reading KillNet hacking group claims to be behind multiple DDoS attacks against NATO
Ukraine’s Cyber Resistance group says it hacked a Russian spy indicted by the FBI
Hackers based in Ukraine have claimed to obtain unauthorized access to the emails of a senior spy in the Russian military. The Federal Bureau of Investigations currently wants the spy for compromising the Hillary Clinton campaign and infiltrating the accounts of other top US Democrats. Ukrainian hackers compromise Russian spy behind 2016 Democrats hack The … Continue reading Ukraine’s Cyber Resistance group says it hacked a Russian spy indicted by the FBI
Hackers are using a dark web tool to access cars’ communication system
The world of technology is in constant war with cybercriminals, who keep finding new ways to misuse some of the most impressive technological achievements. Now that communication systems are a major part of modern cars, hackers have also started targeting vehicles. Of course, security researchers and car manufacturers are constantly trying to improve the security … Continue reading Hackers are using a dark web tool to access cars’ communication system
OpenAI launched a bug bounty program that offers up to $20k for security flaws in ChatGPT
ChatGPT, a new chatbot created by OpenAI, impressed the world with its advanced and capable capabilities. Recent reports have suggested that it is capable of passing law school exams with a score among the top 10%. However, OpenAI wishes to eliminate any potential security vulnerabilities, so it started a new bug bounty program yesterday, April … Continue reading OpenAI launched a bug bounty program that offers up to $20k for security flaws in ChatGPT
US charges three men with six million dollar business email compromise plot
Three Nigerian nationals face charges in a US federal court related to a business email compromise (BEC) scam that is said to have stolen more than US $6 million from victims. 29-year-old Kosi Goodness Simon-Ebo was extradited from Canada to the United States earlier this month, according to a Department of Justice press release, and will appear before a federal court on Friday. Two of Simon-Ebo's alleged conspirators, James Junior Aliyu, 28, and 31-year-old Henry Onyedikachi Echefu. Aliyu, who is also known as "Old Soldier" or "Ghost", and Echefu were arrested in South Africa, from where the...
FTC accuses payments firm of knowingly assisting tech support scammers
Multinational payment processing firm Nexway has been rapped across the knuckles by the US authorities, who claim that the firm knowingly processed fraudulent credit card payments on behalf of tech support scammers. A Federal Trade Commission (FTC) complaint argues that Nexway and its subsidiaries broke the law by helping scammers cheat money from unsuspecting consumers. Victims were tricked into believing that their computer was malware-infected and that the scammer (often pretending to be a Microsoft support technician) would help them fix it. According to the FTC, Nexway is guilty of...
Electrical Grid Security: NERC CIP, Cyber Threats and Key Challenges
Electrical grid security has been getting a lot of attention recently. It started fairly quietly, and then when it was a featured story on a news program, it rose to the top of the collective consciousness. However, the news stories that followed were focused entirely on the physical vulnerabilities of the US power grids. Few, if any stories covered the cybersecurity angle of securing the grids. The physical grid machinery has remained woefully unprotected against attack. The physical power generating infrastructure of several power companies has been attacked in the United States just this...
EPA Has ‘New Rules’ for Protecting Public Drinking Water
The EPA isn't mincing words when it comes to protecting public drinking water. Earlier this month they released a memorandum putting specifics into the general advice to maintain cybersecurity at public water systems (PWSs). Per the report, “[The] EPA clarifies with this memorandum that states must evaluate the cybersecurity of operational technology used by a PWS when conducting PWS sanitary surveys.” That’s pretty straightforward. Operational Technology (OT) has always been a thorn in the side of industrial complexes, especially as digitization has inspired many to improve with IoT...
This piece was originally published on Fortra’s AlertLogic.com Blog. Managed detection and response (MDR) would be nothing without a SOC (security operations center). They’re on the frontline of our clients’ defenses — a living, breathing layer of intelligence and protection to complement our automated cybersecurity features. These are the people who make our MDR services best in class so dependable. It’s time you met them. With our new webinar series, Inside Alert Logic’s SOC, we’ve begun to pull back the curtain on how a SOC operates, how we work and what those methods mean for your...
It was just a short time ago that Fortra came into being, as the new face of HelpSystems. Fortra is a company that combines a group of cybersecurity products and services into one portfolio. As with all acquisitions, many customers wondered what benefits this would bring to the Tripwire product line. We took the opportunity to speak with Fortra’s Principal Evangelist, Antonio Sanchez, who sheds light on how this acquisition delivers more value to all of our customers. Antonio also spoke with us about some industry trends including cybersecurity insurance, third party supplier risk, and the...
What Is Microsegmentation and 5 Compelling Security Use Cases
What Is Microsegmentation? Microsegmentation is a security technique that partitions a network into small, isolated sections to reduce the attack surface and reduce an organizations risk. Each microsegment is typically defined by specific security policies, accessible only to authorized users and devices. Microsegmentation is often seen as a more effective security strategy than traditional network segmentation because it can significantly limit the ability of attackers to move laterally across a network and access sensitive data or systems. Additionally, microsegmentation can help...
Cybersecurity in the Energy Sector: Risks and Mitigation Strategies
The demand for cybersecurity in the energy sector is often understated. There is a misconception that very little IT is involved, and much of it does not impact operations. But 97% of surveyed ICS security professionals in the energy, oil, and gas sector believe cybersecurity is a growing concern. No industry has been untouched by digital transformation. With the Industrial Internet of Things (IoT), and Artificial Intelligence (AI) powering more sophisticated forms of automation, the use of cyber-physical systems will only grow. Even if you don’t feel that cybersecurity posture is a pressing...
Microsoft warns accounting firms of targeted attacks as Tax Day approaches
Accountants are being warned to be on their guard from malicious hackers, as cybercriminals exploit the rush to prepare tax returns for clients before the deadline of US Tax Day. US Tax Day, which falls on Tuesday April 18 this year, is the day on which income tax returns for individuals are due to be submitted to the government. Inevitably it's a busy time for accounting firms and bookkeepers who are feverishly collecting necessary documents from their clients. And, according to a warning from Microsoft, cybercriminals have also been busy - taking advantage are taking advantage of the...
Glamourizing fraudsters hurts victims of fraud, and society
We seem to be fascinated by fraudsters, and recent documentaries prove this. The documentary landscape is populated with many fraud-centered stories, such as The Tinder Swindler, Fyre, The Con, Fake Heiress, The Inventor, and many others. Some have even been made into series, such as the story of Elisabeth Holmes in The Dropout, and the story of Anna Delvey in Inventing Anna. We just can’t get enough of it, and who can blame us? These stories are fascinating, entertaining, and engaging. We want to know how these fraudsters achieved their deceptive goals, and how they managed to fool so many...
Accidental ‘write’ Permissions In Alibaba PostgreSQL Let Attackers Access Sensitive Data
Two new critical flaws have been found in Alibaba Cloud’s popular services, ApsaraDB and AnalyticDB. Both of them were in support of PostgreSQL. Wiz security research team has termed this vulnerability as #BrokenSesame. One of these vulnerabilities performs Supply-Chain attacks on the database services leading to an RCE. Another was potential unauthorized access to Alibaba’s […]
AuKill – A Malware That Kills EDR Clients To Attack Windows Systems
A new hacking tool, AuKill, disables Endpoint Detection & Response (EDR) software for threat actors to launch BYOD attacks by deploying backdoors and ransomware on targeted systems. Sophos researchers witnessed the usage of AuKill in two incidents where an adversary first deployed Medusa Locker ransomware and another instance where the attacker installed LockBit ransomware after […]
ICICI Bank Data Leak – Millions of Customers’ Sensitive Data Exposed
Researchers have recently found that the ICICI Bank systems misconfiguration caused data leakage, exposing more than 3.6 million customers’ sensitive data. ICICI Bank, a multinational Indian bank, operates in 15+ countries worldwide and boasts a market value exceeding $76 billion with 5,000+ branches across India. The Indian government declared ICICI Bank’s resources as “critical information […]
Operation DreamJob – New Linux Malware Linked With 3CX Supply-Chain Attack
ESET researchers have recently discovered that Linux users targeted with malware in the new “Operation DreamJob” Lazarus campaign for the first time. The group behind DreamJob deploys social engineering tactics with the guise of fake job offers as lures to compromise its targets. Experts could reconstruct the complete sequence by tracing the chain from a […]
Russian APT28 Group Exploiting Vulnerabilities in Cisco Routers
A recent report from CISA (US Cybersecurity and Infrastructure Security Agency) revealed that the APT 28 group was responsible for exploiting Cisco routers with poor maintenance using CVE-2017-6742. CVE-2017-6742 Attack: Reconnaissance with RCE in Cisco SNMP (Simple Network Management Protocol) is a networking protocol used by network administrators for monitoring and configuring devices remotely. From […]
New Google Chrome Zero-Day Bug Actively Exploited in Wide – Emergency Update!
On April 18, 2023, Google released a new update for Chrome Desktop versions with security updates for actively exploited second Chrome zero-day vulnerability that allows attackers to execute an arbitrary code to take complete control of the system remotely. CVE-2023-2136 is an integer overflow bug that threat actors have now exploited in the wild. Google […]
3 iOS Zero-Click Exploits Exploited by NSO Group to Deploy Spyware
In 2022, NSO Group, the Israeli firm notorious for its spyware technology, reemerged with a slew of zero-click exploit chains designed for iOS 15 and iOS 16. These sophisticated chains of exploits, targeted at iPhones and iPads, were deployed against human rights activists in Mexico and worldwide. In a recent press release, Citizen Lab published […]
Ex-Conti and FIN7 Hackers Team Up To Develop Domino Backdoor Malware
The X-Force team at IBM has recently found a new malware family known as “Domino,” made by ITG14, aka FIN7, a notorious group of cyber criminals. ITG23, a Trickbot/Conti gang monitored by X-Force, has been deploying the newly discovered malware, “Domino,” since February 2023. The former members of this group have been using it to […]
ChatGPT Account Takeover Bug Allows Hackers To Gain User’s Online Account
An independent security analyst and bug hunter, Nagli (@naglinagli), recently uncovered a critical security vulnerability in ChatGPT that allow attackers to easily exploit the vulnerability and gain complete control of any ChatGPT user’s account. ChatGPT has become extensively used by users worldwide, reaching more than 100 million in just two months of its public release. […]
Used Routers Fully Loaded With Corporate Secrets for Just $100
Researchers at ESET found that hardware on resale in the market consisted of highly confidential information such as IPsec or VPN credentials, hashed root passwords, and much more. Second-Hand sales of computing equipment have been in place ever since the introduction of computers and their hardware parts. Every company relies on its managed service providers […]
American Bar Association (ABA) suffered a data breach,1.4 million members impacted
The American Bar Association (ABA) disclosed a data breach, threat actors gained access to older credentials for 1,466,000 members. The American Bar Association (ABA) is a voluntary bar association of lawyers and law students; it is not specific to any jurisdiction in the United States. The ABA has 166,000 members as of 2022. The attackers may have […]
Pro-Russia hackers launched a massive attack against the EUROCONTROL agency
Pro-Russia hackers KillNet launched a massive DDoS attack against Europe’s air-traffic agency EUROCONTROL. Europe’s air-traffic control agency EUROCONTROL announced that it was under attack from pro-Russian hackers. The European Organisation for the Safety of Air Navigation pointed out that the attack had no impact on European air traffic control activities. “Since 19 April, the EUROCONTROL […]
Cisco fixed critical flaws in the Industrial Network Director and Modeling Labs solutions
Cisco released security updates to address critical security flaws in its Industrial Network Director and Modeling Labs solutions. Cisco released security updates to address critical security vulnerabilities in the Industrial Network Director and Modeling Labs solutions. An attacker can exploit these vulnerabilities to inject arbitrary operating system commands or access sensitive data. One of the […]
Intro to phishing: simulating attacks to build resiliency
Phishing attacks are a major threat to organizations, they remain a perennial choice of cybercriminals when it comes to hacking their victims. Original post at https://cybernews.com/security/phishing-intro-to-build-resiliency/ While organizations must still account for flashy vulnerability exploitations, denial-of-service campaigns, or movie-themed cyber-heists, phishing-based social engineering attacks remain a perennial choice of cybercriminals when it comes to hacking […]
Multinational ICICI Bank leaks passports and credit card numbers
ICICI Bank leaked millions of records with sensitive data, including financial information and personal documents of the bank’s clients. In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. However, despite the critical status of bank infrastructure on the national […]
VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root
VMware fixed two severe flaws, tracked as CVE-2023-20864 and CVE-2023-20865, impacting the VMware Aria Operations for Logs product. The virtualization giant VMware released security updates to address two critical vulnerabilities, tracked as CVE-2023-20864 and CVE-2023-20865, impacting the VMware Aria Operations for Logs product (formerly vRealize Log Insight). The vulnerability CVE-2023-20864 (CVSSv3 base score of 9.8) […]
Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack
North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped) that employed Linux malware. The threat actors were observed using social engineering techniques to compromise its targets, with fake job offers […]
Experts disclosed two critical flaws in Alibaba cloud database services
Researchers disclosed two critical flaws in Alibaba Cloud’s ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL. Researchers from cloud security firm Wiz discovered two critical flaws, collectively dubbed BrokenSesame, in Alibaba Cloud’s ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL. ApsaraDB RDS is a managed database hosting service, meanwhile, AnalyticDB for PostgreSQL is a managed […]
Google TAG warns of Russia-linked APT groups targeting Ukraine
The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG). In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing […]
Threat actors are hacking poorly secured and Interned-exposed Microsoft SQL servers to deploy the Trigona ransomware. Threat actors are hacking into poorly secured and public-facing Microsoft SQL servers to deploy Trigona ransomware. Trigona is a malware strain that was discovered in October 2022, and Palo Alto Unit 42 researchers reported similarities between Trigona and the […]