Cybersecurity Articles
![Student Loan Breach Exposes 2.5M Records](https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2015/02/07005821/data.jpg)
- EdFinancial and the Oklahoma Student Loan Authority (OSLA) are notifying over 2.5 million loanees that their personal data was exposed in a data breach.
- The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, according to a breach disclosure letter.
- That exposed information included names, home addresses, email addresses, phone numbers and social security numbers for a total of 2,501,324 student loan account holders.
- “With recent news of student loan forgiveness, it’s reasonable to expect the occasion to be used by scammers as a gateway for criminal activity,” Bischoping said.
- Last week, the Biden administration announced a plan to cancel $10,000 of student loan debt for low- and middle-income loanees.
![Watering Hole Attacks Push ScanBox Keylogger](https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2020/03/31170116/watering-hole-e1585688492540.jpg)
- Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- The threat actor, according to researchers, is believed to be the China-based APT TA423, also known as Red Ladon.
- In lieu of malware, attackers can use ScanBox in conjunction with watering hole attacks.
- Adversaries load the malicious JavaScript onto a compromised website where the ScanBox acts as a keylogger snagging all of a user’s typed activity on the infected watering hole website.
- This allows ScanBox to connect to a set of pre-configured targets,” researchers explain.
![Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms](https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2020/06/02111030/octopus-e1591110643368.jpg)
- The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.
- “These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organization.”Impacted were 114 US-based firms, with additional victims of sprinkled across 68 additional countries.
- “The 0ktapus campaign has been incredibly successful, and the full scale of it may not be known for some time,” he said.
- What the 0ktapus Hackers WantedThe 0ktapus attackers are believed to have begun their campaign by targeting telecommunications companies in hopes of winning access to potential targets’ phone numbers.
- Those links led to webpages mimicking the Okta authentication page used by the target’s employer.
![Ransomware Attacks are on the Rise](https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2019/12/24125329/Ransomware_700_420.png)
- Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- After a recent dip, ransomware attacks are back on the rise.
- With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they are released,” researchers have determined that Lockbit was by far the most prolific ransomware gang in July, behind 62 attacks.
- It may well be that the resurgence in ransomware attacks, and the rise of these two particular groups, are intimately connected.
- Why Ransomware Has BouncedResearchers from NCC Group counted 198 successful ransomware campaigns in July – up 47 percent from June.
![Cybercriminals Are Selling Access to Chinese Surveillance Cameras](https://media.kasperskycontenthub.com/wp-content/uploads/sites/103/2020/11/19110609/iot.jpg)
- New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.
- Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment.
- Last Fall, a command injection flaw in Hikvision cameras was revealed to the world as CVE-2021-36260.
- According to David Maynor, senior director of threat intelligence at Cybrary, Hikvision cameras have been vulnerable for many reasons, and for a while.
- Furthermore, IoT devices might not give users any indication that they’re unsecured or out of date.
![These transparent earbuds by Nothing made my AirPods look and sound boring](https://www.zdnet.com/a/img/resize/cdd3dc66bc6f15a5268caf1a4b7826245bce57e4/2024/04/16/d728d98d-7090-4914-b557-49e6c2adc422/dsc01727.jpg?auto=webp&fit=crop&height=675&width=1200)
- View at AmazonThe Nothing Ear (a) advances on the specs from the brand's Ear (1) earbuds from 2021.
- Also: The best earbuds of 2024: Expert tested and reviewedNothing plays with solid color and transparent accents and puts the two at the forefront of its product design.
- Also: The best earbuds I've ever listened to are not by Bose or SonyI ran for five hours and worked and commuted with these earbuds for a week straight and still have a battery life of 80%.
- Also: The best earbuds under $100Nothing eliminated this problem for me, as the touch controls are at the bottom of the stem, far away from accidental touches.
- Review: Nothing Ear Stick: Earbuds, but make it fashionWhen it comes to the actual audio quality, however, these earbuds produce a balanced, clear, and bright sound.
![The best Alexa devices of 2024: Expert tested and recommended](https://www.zdnet.com/a/img/resize/efe3103045fdb10a8398b1b8dd20ee9f48a198c4/2023/05/30/dcb8c4ba-7d1f-463f-ae5d-82dc46019e9a/echo-pop.jpg?auto=webp&fit=crop&height=675&width=1200)
- We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites.
- And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
- When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions.
- Neither ZDNET nor the author are compensated for these independent reviews.
- Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards.
![How to calibrate your TV for the best picture quality - 2 easy and simple methods](https://www.zdnet.com/a/img/resize/b8720e12f8ebc7981b84aa80b99c874351ef9450/2024/07/05/f6061332-349e-4f9b-9d89-9b16cdebc5e8/samsung-q80c-98in-05.jpg?auto=webp&fit=crop&height=675&width=1200)
- Also: I changed these 5 TV settings to lower my electric bill.
- I've put together a guide on two approaches for calibrating your TV to get the best possible picture quality.
- There are two terms you should know when it comes to tweaking the colors of your TV: Calibration and setup.
- But with a professional calibration tool, your TV can deliver the best possible picture quality within its capabilities.
- For a perfect and true viewing experience, professional calibration tools and trained agents are an option -- depending on your budget.
![This Asus Copilot+ PC has one of the best displays I](https://www.zdnet.com/a/img/resize/677b933f5fdbba4923954cd8e4c63bf17e562311/2024/07/23/2bccb019-4518-4e52-ba5f-3226deb30b3c/asus-vivobook-s-15-1.jpg?auto=webp&fit=crop&height=675&width=1200)
- Asus' first Copilot+ PC with the Snapdragon X Elite chip is the Vivobook S 15, a sleek and lightweight 15-inch laptop with a gorgeous display and ultra-snappy performance.
- The chassis' minimalist, all-metal design is lightweight and airy, and it feels more premium than last year's Vivobook S 14.
- That being said, the 70Wh battery performance on the Vivobook S 15 is good, but the user must manage it to maximize its efficiency.
- For example, the Vivobook S 15's aforementioned 16:9 resolution OLED screen seems like it would be perfect for editing video.
- Although the Vivobook S 15 looks like something you might want to game on, I wouldn't recommend it as a dedicated gaming laptop.
![One of the best budget Android tablets I](https://www.zdnet.com/a/img/resize/eb353ece63ddd3efb60727173ff5d6d75546113f/2024/07/25/0da64edd-2c97-4453-a2fc-6f7ada1d818f/5.jpg?auto=webp&fit=crop&height=675&width=1200)
- Also: The best digital notebooks you can buy in 2024: Expert tested and reviewedI've been testing the TCL Tab 10 Nxtpaper 5G for three weeks, but it felt like an upgrade almost immediately.
- I had read about TCL Nxtpaper technology but hadn't had a chance to test it until now.
- While the Android experience differs from an iPad, I've encountered a minimal number of bugs and inconveniences during my time using it.
- I can still work and play on the TCL Tab 10 Nxtpaper 5G, use a split screen, and stream videos flawlessly.
- I'm keeping the TCL Tab 10 Nxtpaper, data plan or not, because I use it mainly around the house.
![A North Korean Hacker Tricked a US Security Vendor Into Hiring Him—and Immediately Tried to Hack Them](https://media.wired.com/photos/66a2cd58a827f8f46ba24ad8/191:100/w_1280,c_limit/Hacker%20Tricked%20a%20US%20Security%20Vendor%20Into%20Hiring%20Him.jpg)
- KnowBe4, a US-based security vendor, revealed that it unwittingly hired a North Korean hacker who attempted to load malware into the company's network.
- Person Passed Background Check and Video InterviewsKnowBe4 hired the North Korean hacker through its usual process.
- It turns out this was a fake IT worker from North Korea," Sjouwerman wrote.
- They then VPN in from where they really physically are (North Korea or over the border in China) and work the night shift so that they seem to be working in US daytime.
- The scam is that they are actually doing the work, getting paid well, and give a large amount to North Korea to fund their illegal programs.
![Europe Is Pumping Billions Into New Military Tech](https://media.wired.com/photos/669fbe85bc849f6964196401/191:100/w_1280,c_limit/1241453560)
- The European Commission is pressing the accelerator on investment in weapons and defense technologies.
- This year alone, the European Defense Fund (EDF) has put €1.1 billion on the plate, divided into 34 calls for as many military-related research topics.
- New WeaponsThe European Defense Fund, however, is also hunting for prototypes of new weapons.
- These include Marte, or the Main ARmored Tank of Europe, a program to develop new technologies to be integrated on a tank.
- Leonardo is spearheading a project to develop counter-aircraft systems for military drones, exploiting sensors, disturbances in telecommunications networks, and other technologies.
![At the Olympics, AI Is Watching You](https://media.wired.com/photos/66a0dc7c1b1aeb1c6be1151a/191:100/w_1280,c_limit/GettyImages-2162271384.jpg)
- On the eve of the Olympics opening ceremony, Paris is a city swamped in security.
- This time, it is the least-visible security measures that have emerged as some of the most controversial.
- Security measures in Paris have been turbocharged by a new type of AI, as the city enables controversial algorithms to crawl CCTV footage of transport stations looking for threats.
- “The software is an extension of the police,” says Noémie Levain, a member of the activist group La Quadrature du Net, which opposes AI surveillance.
- City representatives did not reply to WIRED’s questions on whether there are plans to use AI surveillance outside the transport network.
![A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub](https://media.wired.com/photos/66a0c4b6473ac06ecbb29e81/191:100/w_1280,c_limit/GettyImages-2031352512.jpg)
- A secretive network of around 3,000 “ghost” accounts on GitHub has quietly been manipulating pages on the code-hosting website to promote malware and phishing links, according to new research seen by WIRED.
- Since at least June last year, according to researchers at cybersecurity company Check Point, a cybercriminal they dubbed “Stargazer Goblin” has been hosting malicious code repositories on the Microsoft-owned platform.
- As well as uploading malicious repositories, Stargazer Goblin has been boosting the pages by using GitHub’s own community tools.
- The Stargazers Ghost Network, which Check Point named after one of the first accounts they spotted, has been spreading malicious GitHub repositories that offer downloads of social media, gaming, and cryptocurrency tools.
- The researcher says the network could be bigger than he expects, as he has also seen legitimate GitHub accounts being taken over using stolen login details.
![This Machine Exposes Privacy Violations](https://media.wired.com/photos/669993de3020d8055013c44c/191:100/w_1280,c_limit/security_webxray_online_privacy_cookies.jpg)
- Thanks in part to the efforts of privacy researchers like Libert, we know this already, have known we’re being tracked for years—yet we lack knowledge of the specifics, and we lack agency, so this sea of privacy violations becomes another Bad Thing that happens on an internet teeming with them.
- It’s a search engine for rooting out specific privacy violations anywhere on the web.
- Its mission, he says, is simple; “I want to give privacy enforcers equal technology as privacy violators.” To level the playing field.
- Libert knows a thing or two about both search engines and digital privacy.
- He became an outspoken advocate for online privacy, penning op-eds in The New York Times, The Guardian, and The Conversation.
![Ledger Flex: Secure self-custody with E Ink touchscreen display](https://img.helpnetsecurity.com/wp-content/uploads/2023/05/10093706/hns-2023-large_logo.jpg)
- Ledger today launched Ledger Flex, featuring secure E Ink touchscreen displays powered by Ledger’s Secure OS.
- “By launching both Ledger Flex and Ledger Stax this year, we’re redefining the experience of self-custody.
- This begins with a new app for Ledger Stax and Ledger Flex: Ledger Security Key, providing 2FA and Passkey capabilities.
- Tap your Ledger Flex or Ledger Stax to your phone to login to supported services, or connect via USB to your laptop or PC.
- Ledger Stax and Ledger Flex are the secure touchscreens to go with the insecure touchscreen in your pocket.”Ledger Flex is partnered by Ledger Live, the leading omni-chain companion app, which enables users to connect seamlessly with their Ledger device.
![Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)](https://img.helpnetsecurity.com/wp-content/uploads/2024/06/04154556/progress-1500.webp)
- Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible.
- About CVE-2024-6327 (and CVE-2024-6096)Telerik Report Server is an enterprise solution for storing, creating, managing and viewing reports in web and desktop applications.
- Customers have been advised to upgrade to Telerik Reporting 2024 Q2 (v18.1.24.709), as it’s the only way to remove CVE-2024-6096, and to upgrade to Telerik Report Server 2024 Q2 (10.1.24.709) or later to fix CVE-2024-6327.
- If the latter action is not possible, Progress Software notes that users “can temporarily mitigate this issue by changing the user for the Report Server Application Pool to one with limited permissions”.
- And just last month, the Shadowserver Foundation spotted exploitation attempts for CVE-2024-4358, a vulnerability that, when concatenated with CVE-2024-1800, allowed attackers to achieve unauthenticated remote code execution on Progress Telerik Report Servers.
![16% of organizations experience disruptions due to insufficient AI maturity](https://img.helpnetsecurity.com/wp-content/uploads/2023/10/27101944/genai2.jpg)
- While sysadmins recognize AI’s potential, significant gaps in education, cautious organizational adoption, and insufficient AI maturity hinder widespread implementation, leading to mixed results and disruptions in 16% of organizations, according to Action1.
- Down from 73% last year, 60% of sysadmins acknowledge a lack of understanding of leveraging AI practically, indicating a persistent gap in AI literacy.
- “Our findings indicate that, despite some trial and error in AI implementation among sysadmins, organizations generally approach AI cautiously.
- 80% of organizations do not require sysadmins to implement AI in their job roles, slightly down from 82% reported last year.
- The report’s findings reveal that most organizations do not require AI implementation, emphasizing a tentative approach to widespread adoption.
![AI-generated deepfake attacks force companies to reassess cybersecurity](https://img.helpnetsecurity.com/wp-content/uploads/2024/05/18153819/deepfakes-1500.webp)
- As AI-generated deepfake attacks and identity fraud become more prevalent, companies are developing response plans to address these threats, according to GetApp.
- In fact, 73% of US respondents report that their organization has developed a deepfake response plan.
- Companies are developing deepfake response plansAlso, much like phishing attack preparation, it appears that companies are looking to run simulations of attacks to increase preparedness as a majority of respondents work in companies where this is already implemented.
- Awareness and practice of encountering deepfake attacks are both important for getting the workforce prepared to deal with these evolving threats.
- 60% of global IT and security professionals say their companies have developed measures to defend against AI-generated deepfake attacks.
![Most CISOs feel unprepared for new compliance regulations](https://img.helpnetsecurity.com/wp-content/uploads/2024/06/25170731/mind-business-1500.webp)
- With compliance regulations, and the cost of a breach growing year on year, executives realize the importance of saving a cybersecurity seat at the table.
- 67% of CISOs report feeling unprepared for these new compliance regulations, while 52% admit to needing more knowledge on reporting cyber attacks to the government.
- “As cyber threats escalate and regulations impose heavy penalties for non-compliance, it’s imperative for CISOs to reassess and strengthen their security programs in a data-driven way.
- As regulations evolve, many organizations feel that they don’t have adequate guidance, or that certain terms are difficult to understand.
- “Our industry is going through an evolution phase,” said Chris Roberts, Onyxia Cyber CISO Advisor.
![A bug in Chrome Password Manager caused user credentials to disappear](https://securityaffairs.com/wp-content/uploads/2016/03/google-chrome-bounty-program.jpg)
- A bug in Chrome Password Manager caused user credentials to disappearPierluigi Paganini July 26, 2024 July 26, 2024Google addressed a Chrome’s Password Manager bug that caused user credentials to disappear temporarily for more than 18 hours.
- Google has addressed a bug in Chrome’s Password Manager that caused user credentials to disappear temporarily.
- An 18-hour outage impacted Google Chrome’s Password Manager on Wednesday, impacting users who rely on the tool to store and autofill their passwords.
- “Impacted users were unable to find passwords in Chrome’s password manager.
- Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, Password Manager)
![BIND updates fix four high-severity DoS bugs in the DNS software suite](https://securityaffairs.com/wp-content/uploads/2016/10/bind-DNS-Server-Attacks.jpg)
- BIND updates fix four high-severity DoS bugs in the DNS software suitePierluigi Paganini July 26, 2024 July 26, 2024The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS bugs in the DNS software suite.
- The Internet Systems Consortium (ISC) released security updates for BIND that address DoS vulnerabilities that could be remotely exploited.
- ISC addressed four high-severity vulnerabilities (CVSS score of 7.5) tracked as CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, and CVE-2024-4076.
- This issue affects specific versions, including 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
- Impacted BIND 9 versions include 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, and certain 9.11.4-S1, 9.16.8-S1, and 9.18.11-S1 series versions.
![Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and Elections](https://securityaffairs.com/wp-content/uploads/2024/07/1547326077508.png)
- Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and ElectionsPierluigi Paganini July 26, 2024 July 26, 2024Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks.
- This activity was especially notable in Q2 2024, with new resources appearing at the beginning of Q3 2024.
- Resecurity has also observed a spike of illegal content related to educational materials related to explosives spreaded on the Dark Web.
- This may highlight the growing effort to distribute such illegal content before important events.
- Additional information is included in the report published by Resecurity:https://www.resecurity.com/blog/article/terrorist-activity-is-accelerating-in-cyberspace-risk-precursor-to-summer-olympics-and-electionsFollow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, Terrorist Activity)
![Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server](https://securityaffairs.com/wp-content/uploads/2023/09/Progress-Software.png)
- Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report ServerPierluigi Paganini July 25, 2024 July 25, 2024Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server.
- Telerik Report Server is a web-based application designed for creating, managing, and delivering reports in various formats.
- Progress Software addressed a critical remote code execution flaw, tracked as CVE-2024-6327 (CVSS score of 9.9), in the Telerik Report Server that can be exploited to compromise vulnerable devices.
- The flaw impacts Report Server 2024 Q2 (10.1.24.514) and earlier, the version 2024 Q2 (10.1.24.709) addressed the vulnerability.
- Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, Telerik Report Server)
![Critical bug in Docker Engine allowed attackers to bypass authorization plugins](https://securityaffairs.com/wp-content/uploads/2019/04/docker-logo-696x364.png)
- Critical bug in Docker Engine allowed attackers to bypass authorization pluginsPierluigi Paganini July 25, 2024 July 25, 2024A critical flaw in some versions of Docker Engine can be exploited to bypass authorization plugins (AuthZ) under specific circumstances.
- A vulnerability, tracked as CVE-2024-41110 (CVSS score of 10.0), in certain versions of Docker Engine can allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances.
- By default, Docker Desktop does not include AuthZ plugins, limiting privilege escalation to the Docker Desktop VM rather than the underlying host.
- A fixed version of Docker Engine is expected in Docker Desktop v4.33, addressing these security concerns.
- Ensure AuthZ plugins are not used and do not expose the Docker API over TCP without protection.
![Senate Intel chair warns confluence of factors make election threats worse](https://cyberscoop.com/wp-content/uploads/sites/3/2024/07/GettyImages-2160998452.jpg)
- Misinformation and disinformation threats are being exacerbated this election season by artificial intelligence, legal battles, the continued low cost of influence operations and Americans’ increased willingness to believe outlandish things, Senate Intelligence Chairman Mark Warner, D-Va., said Thursday.
- One way they’ve gotten worse, however, is in comparison to the 2016 election cycle when Russian influence operations proliferated, Warner said.
- “Oftentimes, the Russians had to plant the false implication and then elevate it,” he said of the 2016 race.
- AdvertisementSpeaking at the same event, Rep. Brad Wenstrup, D-Ohio, said he didn’t expect election threats to change significantly in the approximately 100 days before Nov. 5.
- And at least one official at the world’s biggest social media platform maintained that users have gotten savvier, not more gullible, over time.
![North Korean hacker used hospital ransomware attacks to fund espionage](https://cyberscoop.com/wp-content/uploads/sites/3/2024/07/GettyImages-2154645916.jpg)
- Federal prosecutors announced the indictment Thursday of a North Korean hacker accused of carrying out ransomware operations that targeted American health care facilities and used the proceeds of those operations to fund espionage efforts against the U.S. military and defense contractors.
- Rim Jong Hyok is accused of using malware developed by North Korea’s military intelligence agency to target at least five American health care providers.
- Those attacks aimed to exfiltrate information of interest to the North Korean regime and sought to obtain material about missile technology, drones and the development of fissile materials.
- AdvertisementThe operations targeting South Korean defense contractors may have netted the North Korean hackers data on an anti-aircraft laser weapon.
- In recognition of the group’s persistent activities, Google on Thursday upgraded the hacking crew to its list of top-tier of threats, dubbing the North Korean entity as APT45.
![Banking, oil and IT industry reps call on Congress to harmonize cyber regulations … again](https://cyberscoop.com/wp-content/uploads/sites/3/2022/07/GettyImages-1241607686.jpg)
- Scores of overlapping and contradictory cyber regulations are overburdening the banking, oil and natural gas, and IT sectors, representatives from those industries told House lawmakers Thursday.
- AdvertisementWitnesses pointed to the recent cyber reporting mandate from the Cybersecurity and Infrastructure Security Agency as a major example of where harmonization fell flat.
- Ensuring that regulations are accepted across the federal board is the quickest way to ease any overlapping burdens, she said.
- Gary Peters, D-Mich., and James Lankford, R-Okla., aimed to address the issue of “overly burdensome” cyber regulations facing industry.
- The Streamlining Federal Cybersecurity Regulations Act would establish an interagency committee to recommend which cyber regulations to pare down or eliminate.
![North Korean hacking group makes waves to gain Mandiant, FBI spotlight](https://cyberscoop.com/wp-content/uploads/sites/3/2024/07/GettyImages-1175406966.jpg)
- Mandiant, a cybersecurity arm of Google Cloud, said in a report it released Thursday that the newly labeled APT45 has broadened its ransomware operations — rare for North Korean groups — to target health care providers, financial institutions and energy companies.
- The FBI is set to follow with an advisory and news conference Thursday about the hackers.
- Mandiant, which previously called the group Andariel or UNC614, says it has been active since at least 2009.
- APT45 supports the interest of the North Korean government, according to Mandiant.
- This isn’t the first time the hacking group has gained U.S. government attention.
![Cyber firm KnowBe4 hired a fake IT worker from North Korea](https://cyberscoop.com/wp-content/uploads/sites/3/2024/07/Screenshot-2024-07-24-at-10.29.25 AM.png)
- A remote worker hired by KnowBe4 as a software engineer on its internal IT team was actually a persona controlled by a North Korean threat actor, the security firm revealed in a blog post Tuesday.
- An internal investigation started when KnowBe4’s InfoSec Security Operations Center team detected “a series of suspicious activities” from the new hire.
- Later that evening, the SOC team had “contained” the fake worker’s systems after he stopped responding to outreach.
- During a roughly 25-minute period, “the attacker performed various actions to manipulate session history files, transfer potentially harmful files, and execute unauthorized software,” Sjouwerman wrote in the post.
- “The scam is that they are actually doing the work, getting paid well, and give a large amount to North Korea to fund their illegal programs,” Sjouwerman wrote.
![Synnovis Restores Systems After Cyber-Attack, But Blood Shortages Remain](https://assets.infosecurity-magazine.com/webpage/og/e52836db-bb5c-40c4-ac0c-e8683ea55910.jpg)
- Pathology services provider Synnovis has rebuilt “substantial parts” of its systems since the ransomware attack on June 3, 2024, restoring critical blood supplies to NHS hospitals.
- Despite this, the NHS issued an alert over blood supply shortages on July 25.
- Synnovis added that blood transfusion services will continue to be stabilized over the summer, with full restoration anticipated by early Autumn.
- In its latest update, Synnovis revealed that a taskforce of external IT experts is continuing to verify the published data.
- On the same day, NHS Blood and Transplant issued an ‘Amber Alert’ to NHS hospitals, asking them to restrict the use of O type blood to essential cases and use substitutions where clinically safe to do so.
![Hacktivists Claim Leak of CrowdStrike Threat Intelligence](https://assets.infosecurity-magazine.com/webpage/og/4046b6a5-3167-41ef-923c-04b47e27a2d3.jpg)
- A hacktivist group has claimed to have leaked CrowdStrike’s entire internal threat actor list, including indicators of compromise (IoC).
- CrowdStrike acknowledged the claims by the USDoD threat actor in a blog post on July 25, 2024.
- The firm noted that USDoD provided a link to download the alleged threat actor list and provided a sample of data fields on the notorious BreachForums cybercrime forum.
- The claims come in the wake of the global IT outage on July 19 caused by a bug in a content update for the CrowdStrike Falcon platform.
- Threat Intel Data ClaimsCrowdStrike said that sample data released by USDoD contained detailed internal intelligence on threat actors.
![Despite Bans, AI Code Tools Widespread in Organizations](https://assets.infosecurity-magazine.com/webpage/og/e8dbd27a-218e-4a11-9cc2-3fa69bbb4b94.jpg)
- Organizations are concerned about security threats stemming from developers using AI, according to a new Checkmarx report.
- The cloud-native application security provider found that 15% of organizations explicitly prohibit the use of AI tools for code generation, however 99% say that AI code-generating tools are being used regardless.
- Meanwhile, just 29% of organizations have established any form of governance for the use of generative AI.
- Read now: 70% of Businesses Prioritize Innovation Over Security in Generative AI ProjectsThese findings are part of the firm’s Seven Steps to Safely Use Generative AI in Application Security report, published on July 25, 2024.
- Many are worried about GenAI attacks like AI hallucinations and 80% are worried about security threats stemming from developers using AI.
![North Korean Hackers Target Critical Infrastructure for Military Gain](https://assets.infosecurity-magazine.com/webpage/og/0c5cb09e-38c6-4325-984d-16c740f80deb.jpg)
- The group acts on behalf of the PyongYang regime, which uses the insights gathered to enhance its military and nuclear programs.
- The group likely identifies vulnerable systems using publicly available internet scanning tools that reveal information such as vulnerabilities in public-facing web servers.
- Following initial access, the group leverages custom tools and malware for discovery and execution.
- Andariel also leverages open source malware tools, such as 3Proxy, AysncRAT and WinRAR.
- Living-off-the-Land TechniquesThe threat actors are well versed in living-off-the-land techniques – using native tools and processes within compromised networks.
![Ransomware and BEC Make Up 60% of Cyber Incidents](https://assets.infosecurity-magazine.com/webpage/og/b30146e3-a980-4dc0-bd48-46ae26c1d0e0.jpg)
- Ransomware and business email compromise (BEC) attacks accounted for 60% of all incidents in the second quarter of 2024, according to a Cisco Talos report.
- The most common initial access method was the use of compromised credentials on valid accounts, making up 60% of attacks.
- BlackSuit : This threat actor gained access with valid credentials through a VPN that was not protected by MFA.
- This threat actor gained access with valid credentials through a VPN that was not protected by MFA.
- BEC TrendsBEC attacks also made up 30% of incidents Cisco Talos engaged with from April to June 2024.
![One year after SEC cyber disclosure ruling, security leaders weigh in](https://www.securitymagazine.com/ext/resources/2024/07/25/Gavel-and-block-UNSPLASH.png?height=635&t=1721916540&width=1200)
- July 26, 2024, marks the one year anniversary since the SEC cyber disclosure ruling.
- Furthermore, they assess the impacts of the cyber disclosure ruling.
- Security leaders weigh inGeorge Gerchow, Faculty at IANS Research and Head of Trust at MongoDB:“We are approaching the anniversary of the SEC’s cybersecurity disclosure rules, and still, not much has changed.
- “As we approach the anniversary of the SEC’s cyber disclosure rules, we reflect on both the initial disclosure requirements and the required filing follow-ups codified by the SEC.
- While we are far from an equilibrium on cyber disclosure and regulatory requirements, we are trending in the right direction.”Scott Kannry, CEO and Co-Founder at Axio:“As we approach the 1-year anniversary of the SEC cyber disclosure rules, there is a lot of uncertainty, especially in light of the recent Chevron ruling.
![12.9 million individuals affected by MediSecure cyber breach](https://www.securitymagazine.com/ext/resources/2024/07/24/Pharmacy-with-customers-UNSPLASH.png?height=635&t=1721834505&width=1200)
- MediSecure, an Australian electronic prescriptions provider, was the target of a recent cyber attack.
- This data breach potentially exposed the personal and health information of many customers, including healthcare provider information and prescription information.
- According to the Australian Department of Home Affairs, approximately 12.9 million individuals were affected.
- Rightly so, the Australian authorities warn about online scams, provide online advice and have even opened a mental health hotline.
- As one of formerly two online e-script providers, MediSecure was an integral part of the country's infrastructure.
![Security leaders share thoughts on Microsoft-Crowdstrike outage](https://www.securitymagazine.com/ext/resources/2024/07/24/bernd-dittrich-zIukDkvw_vw-unsplash.jpg?height=635&t=1721825804&width=1200)
- On July 19, several organizations experienced delays to a Microsoft and Crowdstrike outage that began the night before.
- Security leaders have shared their thoughts about the outage and advice for other organizations to protect themselves.
- Ruban Phukan, First Data Scientist, Yahoo & CoFounder, GoodGist"In the software world, black swan failure events such as the CrowdStrike-Microsoft outage do occur.
- Kory Daniels, CISO, Trustwave"The recent CrowdStrike outage underscores a growing concern: the potential for widespread disasters, either natural or digital, to serve as catalysts for criminal activity.
- To bolster readiness and resilience, organizations must prioritize robust incident response and recovery planning, encompassing scenarios that simulate the unavailability of critical systems and personnel.
![SEC establishes Interagency Securities Council (ISC)](https://www.securitymagazine.com/ext/resources/2024/07/23/Auditorium-with-a-full-audience-UNSPLASH.png?height=635&t=1721744481&width=1200)
- The SEC has established the Interagency Securities Council (ISC) to foster collaboration between federal, state and local agencies.
- Agencies involved in the ISC will meet quarterly to review threat trends and mitigation strategies.
- The expressed objectives of the council are the following:Solidify cohesion between federal, state and local agenciesImprove collaborative efforts on cases to protect investorsOffer insights and perspectives across the ecosystemsEstablish a forum to combat financial fraud as a unified frontThe ISC consists of representatives from more than 100 agencies and departments, such as federal agencies, local police departments, sheriff’s offices, state police and state offices of attorneys general.
![Data breach victims increased by 490% since the first half of 2023](https://www.securitymagazine.com/ext/resources/2024/07/23/Silhouette-of-woman-at-computer-UNSPLASH.png?height=635&t=1721742928&width=1200)
- The Identity Theft Resource Center (ITRC) has released a report analyzing H1 data breach incidents for 2024.
- According to the report, there was a 490% rise in data breach victims in H1 of 2024 compared to H1 of 2023.
- Additionally, more sophisticated attack methods powered by AI are allowing cybercriminals to breach defenses at an accelerated rate.
- While regular security awareness training is important, it’s insufficient alone against sophisticated phishing and social engineering attacks.
- Robust, AI-driven email and messaging security that can detect and block advanced threats in real-time is essential to mitigate large-scale data breach risks.
![Master Cybersecurity With The Complete CompTIA Security+ SY0-701 Certification Kit by IDUNOVA](https://assets.techrepublic.com/uploads/2024/07/tra_20240724-the-comptia-security-sy0-701-certification-kit.jpg)
- TL;DR: The Complete CompTIA Security+ SY0-701 Certification Kit by IDUNOVA is a great resource to prepare for your exams.
- In the dynamic field of cybersecurity, obtaining a CompTIA Security+ certification is a significant milestone.
- The Complete CompTIA Security+ SY0-701 Certification Kit by IDUNOVA is designed to provide you with all the resources and guidance needed to succeed.
- These include concepts in general security, security architecture, security operations, program management and oversight, threats, vulnerabilities, and mitigations.
- The Complete CompTIA Security+ SY0-701 Certification Kit by IDUNOVA is on sale for just $289.99 (reg.
![F5: AI Applications Will Complicate ‘Unsustainable’ Hybrid Multicloud Sprawl in Australia](https://assets.techrepublic.com/uploads/2024/07/tr_20240724-ai-applications-hybrid-multicloud-australia.jpg)
- Adopt an abstraction layer: Leveraging an abstraction pathway could provide better control over diverse IT estates.
- “AI will drive an increasing distribution of applications and data across hybrid, multicloud environments,” she explained.
- Choose an abstraction layer to better manage multicloudEnterprises can achieve greater control through an abstraction layer.
- F5’s abstraction layer is built across the L4-L7 elements of the Open Systems Interconnection model.
- Other companies in the application delivery controller, content delivery network or edge spaces can lack extensions from on premise to cloud environments, or vice versa.
![Summer Olympics: What IT Teams Need to Do Before & During the Event for Their Businesses](https://assets.techrepublic.com/uploads/2024/07/tr_20240724-2024-olympics-cybersecurity-tips-for-business.jpg)
- We’ve gathered some tips for IT teams during the Summer Olympics, with ideas from Microsoft and Trend Micro researchers.
- Urgency on the field and onlineInstead of preying on fears as they might with other major events, threat actors using Olympics-themed attacks prey on excitement.
- And threat actors know that they can leverage those things,” said Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, in an interview with TechRepublic.
- Alert the organization’s IT or security teams (as appropriate) if they see suspicious pop-ups or strange behavior from their work devices.
- “The Olympics are absolutely an event that threat actors are going to take advantage of, one hundred percent,” DeGrippo said.
![CrowdStrike: Buggy Validator Started Massive Outage](https://assets.techrepublic.com/uploads/2024/07/microsoft-4608125_1280.jpg)
- The problem stemmed from a Rapid Response Content update in the Falcon Sensor, CrowdStrike said on July 24.
- The Content Validator is a procedure to “perform validation checks on the content before it is published,” CrowdStrike wrote.
- Rapid Response Content DeploymentImplement a staggered deployment strategy for Rapid Response Content in which updates are gradually deployed to larger portions of the sensor base, starting with a canary deployment.
- Provide customers with greater control over the delivery of Rapid Response Content updates by allowing granular selection of when and where these updates are deployed.
- Provide content update details via release notes, which customers can subscribe to.”This article has been updated as more information became available.
![Private Internet Access (PIA) vs NordVPN: Which VPN Is Better?](https://assets.techrepublic.com/uploads/2024/06/techrepublic-versus_featured_image-5.jpg)
- For more information, read our full NordVPN review or check out our comparisons for NordVPN vs. Surfshark and NordVPN vs. Express VPN.
- PIA VPN vs. NordVPN: Feature comparisonSpeed and performanceOne of PIA VPN’s major drawbacks is its average-to-slow speeds.
- That’s why I recommend testing out PIA VPN vs. NordVPN for yourself to see which one is faster at your home or business.
- PIA VPN pros and consPrivate Internet Access VPN prosCheaper than NordVPN.
- Review methodologyTo compare PIA and NordVPN, I signed up for a free trial of PIA VPN.