Cybersecurity Articles
- EdFinancial and the Oklahoma Student Loan Authority (OSLA) are notifying over 2.5 million loanees that their personal data was exposed in a data breach.
- The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, according to a breach disclosure letter.
- That exposed information included names, home addresses, email addresses, phone numbers and social security numbers for a total of 2,501,324 student loan account holders.
- “With recent news of student loan forgiveness, it’s reasonable to expect the occasion to be used by scammers as a gateway for criminal activity,” Bischoping said.
- Last week, the Biden administration announced a plan to cancel $10,000 of student loan debt for low- and middle-income loanees.
- Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- The threat actor, according to researchers, is believed to be the China-based APT TA423, also known as Red Ladon.
- In lieu of malware, attackers can use ScanBox in conjunction with watering hole attacks.
- Adversaries load the malicious JavaScript onto a compromised website where the ScanBox acts as a keylogger snagging all of a user’s typed activity on the infected watering hole website.
- This allows ScanBox to connect to a set of pre-configured targets,” researchers explain.
- The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.
- “These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organization.”Impacted were 114 US-based firms, with additional victims of sprinkled across 68 additional countries.
- “The 0ktapus campaign has been incredibly successful, and the full scale of it may not be known for some time,” he said.
- What the 0ktapus Hackers WantedThe 0ktapus attackers are believed to have begun their campaign by targeting telecommunications companies in hopes of winning access to potential targets’ phone numbers.
- Those links led to webpages mimicking the Okta authentication page used by the target’s employer.
- Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- After a recent dip, ransomware attacks are back on the rise.
- With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they are released,” researchers have determined that Lockbit was by far the most prolific ransomware gang in July, behind 62 attacks.
- It may well be that the resurgence in ransomware attacks, and the rise of these two particular groups, are intimately connected.
- Why Ransomware Has BouncedResearchers from NCC Group counted 198 successful ransomware campaigns in July – up 47 percent from June.
- New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.
- Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment.
- Last Fall, a command injection flaw in Hikvision cameras was revealed to the world as CVE-2021-36260.
- According to David Maynor, senior director of threat intelligence at Cybrary, Hikvision cameras have been vulnerable for many reasons, and for a while.
- Furthermore, IoT devices might not give users any indication that they’re unsecured or out of date.
- As an Amazon device, the Blink Mini 2 works with Alexa but not Google Home, Matter, or other smart home systems.
- Also: I just tested the new EufyCam, and I'm never going back to grainy night visionI've been testing the Blink Mini 2 for the past week and noticed some big changes over the original Blink Mini, which I've had for almost two years.
- The older Blink Mini has two-way audio, 1080p video resolution, Amazon Alexa integration, and works as a chime for the Blink video doorbell.
- The Blink Mini 2 next to a Wyze Cam v3.
- ZDNET's buying adviceIn my home, the Blink Mini 2 replaced a Wyze Cam v3 in my sunroom.
- Maria Diaz/ZDNETApple has rushed out emergency patches for the iPhone, iPad, and Mac that squash a couple of serious security bugs.
- But flaws that can affect a Mac can sometimes affect an iPhone or iPad.
- To update your iPhone or iPad to the latest 18.1.1 version, head to Settings, select General, and then tap Software Update.
- To update your Mac to MacOS Sequoia 15.1.1, click the Apple menu and select System Settings.
- With the new macOS update, Safari is automatically updated as well.
- Instead of using other nefarious methods, these scams rely on social engineering to get people to download malware themselves.
- The fake update scam, where a site tricks you into downloading software hidden as a necessary update, is on the rise.
- The fake update scam, where a site tricks you into downloading software hidden as a necessary update, is on the rise.
- Unfortunately, scammers are aware that many online aren't savvy about tech problems, so they're creating fake tutorials.
- Unfortunately, scammers are aware that many online aren't savvy about tech problems, so they're creating fake tutorials.
- tupungato/Getty ImagesHackers and security researchers who uncover vulnerabilities in certain Microsoft products could take home part of a $4 million bug bounty.
- Also: Microsoft to tighten Windows security dramatically in 2025 - here's howThe research challenge will start today and run until January 19, 2025.
- Part of Microsoft's AI Bounty Program, this challenge encourages people to hunt for bugs in Microsoft AI, Microsoft Azure, Microsoft Identity, M365, and Microsoft Dynamics 365 and Power Platform.
- "We will also offer researchers direct access to the Microsoft AI engineers focused on developing secure AI solutions, and our AI Red Team.
- This unique opportunity will allow participants to enhance their skills with cutting-edge tools and techniques and work with Microsoft to raise the bar for AI security across the ecosystem."
- New security tools for Windows 11Since the launch of Windows 11 in 2021, Microsoft has touted the new operating system's improved security, much of it attributable to new default settings that enable features that were optional in Windows 10.
- A new round of security features scheduled to appear in Windows 11 over the next year will address more fundamental security concerns.
- Also: How to upgrade an 'incompatible' Windows 10 PC to Windows 11: Two waysThe biggest security issue is that the overwhelming majority of Windows users run using an account with administrator privileges.
- Finally, Hotpatch allows admins to apply critical security updates without requiring a reboot.
- Microsoft claims that using hotpatching with Windows Autopatch settings in Microsoft Intune can reduce the number of system restarts for Windows updates from once a month to just four times per year.
- Elaina St James, an adult content creator who promotes her work on Instagram, said she and other adult content creators are now directly competing with these AI rip-off accounts, many of which use photographs and videos stolen from adult content creators and Instagram models.
- “This is probably one of the reasons my views are going down,” St James told us in an interview.
- “It felt like a possible sign of what social media is going to look like in five years,” Mantzarlis said in an interview.
- “Because this may be coming to other parts of the internet, not just the attractive-people niche on Instagram.
- One of the bigger accounts in the latter category is “Chloe Johnson,” who has a verified account on Instagram and 171,000 followers.
- Nearly every weekday morning, a device leaves a two-story home near Wiesbaden, Germany, and makes a 15-minute commute along a major autobahn.
- By around 7 am, it arrives at Lucius D. Clay Kaserne—the US Army’s European headquarters and a key hub for US intelligence operations.
- Twice in November of last year, it made a 30-minute drive to the Dagger Complex, a former intelligence and NSA signals processing facility.
- We tracked hundreds of thousands of signals from devices inside sensitive US installations in Germany.
- Another device transmitted signals from within a restricted weapons testing facility, revealing its zig-zagging movements across a high-security zone used for tank maneuvers and live munitions drills.
- These initiatives would, he has said, include aggressive operations in areas known as “sanctuary cities” that have laws specifically curtailing local law enforcement collaboration with US Immigration and Customs Enforcement (ICE).
- With these promises looming, a new report from researchers at the Surveillance Technology Oversight Project (STOP), a pro-privacy nonprofit, details the ways that federal/local data-sharing centers known as “fusion centers” already result in cooperation between federal immigration authorities and sanctuary-city law enforcement.
- Run by the US Department of Homeland Security, of which ICE is a part, fusion centers emerged in the wake of the September 11, 2001, attacks as a counterterrorism initiative for integrating intelligence between federal, state, and local law enforcement.
- Fusion centers spent $400 million in 2021, according to public records.
- Fox Cahn adds that the concept of sanctuary cities wasn't always viewed by regional cops as an inconvenience to work around.
- In August 2016, approximately 120,000 bitcoin—at the time worth around $71 million—were stolen in a hack on the Bitfinex cryptocurrency exchange.
- Van den Eynde was reportedly a victim of a hacking campaign that used NSO’s notorious Pegasus spyware against at least 65 Catalans.
- Van den Eynde and Iridia originally sued NSO Group in a Barcelona court in 2022 along with affiliates Osy Technologies and Q Cyber Technologies.
- The campaigns focused on cryptocurrency-related targets and involved infrastructure similar to systems that have been used by North Korea’s notorious Lazarus Group.
- It’s unclear if the activity resulted in actual victim compromise or if it was still in a testing phase.
- For American companies grousing about new cybersecurity rules, spyware firms eager to expand their global business, and hackers trying to break AI systems, Donald Trump’s second term as president will be a breath of fresh air.
- “There will be a national security focus, with a strong emphasis on protecting critical infrastructure, government networks, and key industries from cyber threats,” says Brian Harrell, who served as the Cybersecurity and Infrastructure Security Agency’s assistant director for infrastructure security during Trump’s first term.
- From projects whose days are numbered to areas where Trump will go further than Biden, here is what a second Trump administration will likely mean for US cybersecurity policy.
- Harrell says “more regulation will be dismantled than introduced.” Biden’s presidency was “riddled with new cyber regulation” that sometimes confused and overburdened industry, he adds.
- “I think they’ll eventually recognize that the efforts focused on regulation in cyber are needed to ensure the security of our critical infrastructure.”
- Vanta announced a number of new and upcoming products enabling customers to build, demonstrate and enhance their GRC and trust programs.
- The new offerings include Vanta for Marketplaces to strengthen trust across a company’s entire ecosystem; adaptive scoping; AI-powered chat for Trust Centers; developer-first workflows for faster remediation; and expanded reporting capabilities.
- “Vanta now helps customers go beyond the standard of SOC 2, with continuous controls monitoring, automated evidence collection and tools to proactively demonstrate trust.
- By centralizing more of their program onto Vanta, customers have a single-source of continuous monitoring and automation while maintaining control over what’s visible externally.
- AI-powered chat for Trust CentersToday, Vanta is home to the largest network of public-facing trust centers.
- Deep Instinct launched Deep Instinct DSX for Cloud Amazon S3.
- Now available in the AWS Marketplace, DSX for Cloud – Amazon S3 extends DSX for Cloud’s threat prevention capabilities to data stored within Amazon Simple Storage Service (Amazon S3) buckets, allowing organizations to securely run business applications on Amazon S3 workloads without the constant threat of malware and ransomware impacting their data.
- We built DSX for Cloud – Amazon S3 to rapidly detect malware before it impacts production environments,” said Yariv Fishman, CPO at Deep Instinct.
- Organizations can gain further insight into threats when DSX for Cloud – Amazon S3 is paired with DIANNA, the DSX Companion, for generative AI-powered threat explainability.
- Additional features and benefits of DSX for Cloud – Amazon S3 include the following:
- The Computer Emergency Response Team of Ukraine (CERT-UA), part of the State Service of Special Communications and Information Protection (SSSCIP), has joined forces with the simulation training platform Cyber Ranges to unveil TRYZUB, a cyber resilience training and capability development service.
- Its training is designed for military units, law enforcement, government agencies, and operators of essential infrastructure facing advanced and persistent cyber threats.
- The team has honed its skills in monitoring, response, and countermeasures to safeguard critical infrastructure, military systems, and civilian assets.
- This battlefield experience now powers TRYZUB’s training scenarios, which simulate attacks by threat groups like UAC-0010 (Gamaredon) and UAC-0002 (Sandworm).
- The TRYZUB team has pledged to donate some of its earnings to UNITED24, supporting Ukraine’s broader recovery and resilience efforts.
- Actfore unveiled TRACE (Targeted Retrieval and Automated Content Extraction), an auto-extraction feature to accelerate and improve the accuracy of data mining processes for breach notification list generation.
- TRACE will be integrated into all future Actfore deployments, underscoring the company’s commitment to delivering innovative, tech-driven solutions for carriers, counsel, and clients.
- TRACE represents a significant advancement in the extraction of sensitive data elements, eliminating inefficiencies and minimizing the reliance on manual processes.
- TRACE, like Actfore’s other innovations, combats these challenges by automating workflows and enabling secure, on-shore data analysis.
- TRACE offers a fully customizable solution for Actfore’s analysts to adapt for any data element type desired in a deployment.
- Zitadel announced its $9 million Series A funding round led by Nexus Venture Partners with participation from Floodgate.
- Both firms represent the world’s best experts in open source, developer tools, and identity infrastructure.
- This investment will further Zitadel’s vision to lead the identity infrastructure and authentication market.
- By offering cloud-native identity infrastructure with multi-tenancy capabilities, Zitadel is the only identity infrastructure tailored for the enterprise to tackle authentication and permission management.
- The Series A investment will enable Zitadel to accelerate product development, expand its technical team, and strengthen its position as the leading solution in cloud-native identity security.
- Decade-old local privilege escalation bugs impacts Ubuntu needrestart packagePierluigi Paganini November 21, 2024 November 21, 2024Decade-old flaws in the needrestart package in Ubuntu Server could allow local attackers to gain root privileges without user interaction.
- The Qualys Threat Research Unit (TRU) discovered five Local Privilege Escalation (LPE) decade-old security vulnerabilities in the needrestart package that could allow a local attacker to gain root privileges without requiring user interaction.
- The needrestart package in Ubuntu is a utility designed to ensure system stability after software updates.
- (CVSS score: 7.8) – A vulnerability that allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable.
- CVE-2024-11003 (CVSS score: 7.8) and CVE-2024-10224 (CVSS score: 5.3) – These vulnerabilities allows a local attacker to execute arbitrary shell commands.
- Ford data breach involved a third-party supplierPierluigi Paganini November 20, 2024 November 20, 2024Ford investigates a data breach linked to a third-party supplier and pointed out that its systems and customer data were not compromised.
- Ford investigation investigated a data breach after a threat actors claimed the theft of customer information on the BreachForums cybercrime.
- On November 17, threat actors IntelBroker and EnergyWeaponUser published a post on BreachForums announcing they have stolen 44,000 Ford customer records.
- Compromised user data: Customer Names, Physical Locations, Bought Product”Compromised data include names, physical addresses, and purchase info.
- Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, data breach)
- Hacker obtained documents tied to lawsuit over Matt Gaetz’s sexual misconduct allegationsPierluigi Paganini November 20, 2024 November 20, 2024A hacker allegedly accessed a file containing testimony from a woman claiming she had sex with Matt Gaetz when she was 17, sparking controversy.
- The documents originate from a civil suit filed by Christopher Dorworth, a friend of Matt Gaetz, against Joel Greenberg and a woman alleging defamation.
- “The information was downloaded by a person using the name Altam Beezley at 1:23 p.m. on Monday, according to the person, who was not authorized to speak publicly.
- Altam Beezley had not contacted the lawyers as of Tuesday,The US government could disclose the sealed documents linked to Justice Department and House Ethics Committee investigations into Matt Gaetz soon.
- Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, Matt Gaetz)
- Apple addressed two actively exploited zero-day vulnerabilitiesPierluigi Paganini November 20, 2024 November 20, 2024Apple released security updates for iOS, iPadOS, macOS, visionOS, and Safari browser to address two actively exploited zero-day flaws.
- Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS, macOS, visionOS, and Safari web browser, which are actively exploited in the wild.
- Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.” reads the advisory.
- The company released the following updates to address the two vulnerabilities:iOS 18.1.1 and iPadOS 18.1.1 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
- iOS 17.7.2 and iPadOS 17.7.2 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.
- Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports eventsPierluigi Paganini November 20, 2024 November 20, 2024Threat actors exploit misconfigured JupyterLab and Jupyter Notebooks servers to rip sports streams and illegally redistribute them.
- Researchers from security firm Aqua observed threat actors exploiting misconfigured JupyterLab and Jupyter Notebook servers to hijack environments, deploy streaming tools, and duplicate live sports broadcasts on illegal platforms.
- “threat actors using misconfigured servers to hijack environments for streaming sports events.
- JupyterLab and Jupyter Notebook are widely used interactive tools for data science.
- The threat actors exploited unauthenticated access to Jupyter Lab and Jupyter Notebook to establish initial access and achieve remote code execution.