Cybersecurity News

5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme

Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars. All of the accused parties have been

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. "These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets,"

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers. "They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic. "Criminals can now misuse Google Pay and Apple

NHIs Are the Future of Cybersecurity: Meet NHIDR

The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised. The idea, the tech giant said, is to avoid incidents like that of CrowdStrike's earlier this July, enable more apps and users to be run without admin privileges, add controls surrounding the use of unsafe apps and drivers, and offer

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection. Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild. The flaws are listed below - CVE-2024-44308 (CVSS score: 8.8) - A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content CVE-2024-44309 (CVSS score: 6.1

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. "This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network

Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices

The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. "At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices," the Black Lotus Labs team at

Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts

Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools. The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report shared with The

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

Privileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access—rather than securing the accounts and users entrusted with it. This emphasis is perhaps due to the persistent challenges of Privileged Access Management (PAM) deployments. Yet, as the threat landscape evolves, so must organizational priorities. To

New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information. The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harvest cellphone communications of "high-value intelligence targets." It's not clear what information was taken, if any,

Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation

Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog. It was

New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers

Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza. BabbleLoader is an "extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory," Intezer security

The Problem of Permissions and Non-Human Identities - Why Remediating Credentials Takes Longer Than You Think

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone. One of the more troubling aspects of this report is that over 90% of valid

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)

What do hijacked websites, fake job offers, and sneaky ransomware have in common? They’re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative—using everything from human trust to hidden flaws in

Gmail's New Shielded Email Feature Lets Users Create Aliases for Email Privacy

Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android. The idea is to create unique, single-use email addresses that forward the messages to

Beyond Compliance: The Advantage of Year-Round Network Pen Testing

IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here’s the thing: hackers don’t wait around for compliance schedules. Most companies approach network penetration testing on a set schedule, with the most common frequency being twice a year (29%), followed by three to four times per year (23%) and once per year (20%),

Fake Discount Sites Exploit Black Friday to Hijack Shopper Information

A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season. "The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts. The threat actor used fake discounted products

NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit

Legal documents released as part of an ongoing legal tussle between Meta's WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so. They also show that NSO Group repeatedly found ways to install the invasive surveillance tool on the target's devices as

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released

Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web interface IP addresses

Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials

A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet's FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA,

Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations

Cybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands. Cybersecurity company Check Point has codenamed the malware WezRat, stating it has been detected in the wild since at least September 1, 2023, based on artifacts uploaded to the

Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform

Cybersecurity researchers have disclosed two security flaws in Google's Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud. "By exploiting custom job permissions, we were able to escalate our privileges and gain unauthorized access to all data services in the project," Palo Alto Networks

Live Webinar: Dive Deep into Crypto Agility and Certificate Management

In the fast-paced digital world, trust is everything—but what happens when that trust is disrupted? Certificate revocations, though rare, can send shockwaves through your operations, impacting security, customer confidence, and business continuity. Are you prepared to act swiftly when the unexpected happens? Join DigiCert’s exclusive webinar, "When Shift Happens: Are You Ready for Rapid

Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia

A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer. The malware "targets victims' sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and data from gaming software,"

How AI Is Transforming IAM and Identity Security

In recent years, artificial intelligence (AI) has begun revolutionizing Identity Access Management (IAM), reshaping how cybersecurity is approached in this crucial field. Leveraging AI in IAM is about tapping into its analytical capabilities to monitor access patterns and identify anomalies that could signal a potential security breach. The focus has expanded beyond merely managing human

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8. Environment variables are user-defined values that can allow a program

Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin

Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday. Lichtenstein was charged for his involvement in a money laundering scheme that led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion at current prices) from the crypto exchange.

CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition software have come under active exploitation in the wild. To that end, it has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates

Experts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack Scheme

Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000) have been subsequently

Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes

Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. "Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users," Laurie Richardson, VP and Head of Trust and Safety at Google, said. "The landing

5 BCDR Oversights That Leave You Exposed to Ransomware

Ransomware isn’t just a buzzword; it’s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. Almost all respondents (99.8%) in a recent

TikTok Pixel Privacy Nightmare: A New Case Study

Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations. But one online travel marketplace targeting young holidaymakers with ads on the popular video-sharing platform broke GDPR rules when a third-party partner misconfigured

New RustyAttr Malware Targets macOS Through Extended Attribute Abuse

Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user's NTLMv2 hash. It was patched by Microsoft earlier this

Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel

A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said in an analysis. "The [Israel-Hamas] conflict has not disrupted the WIRTE's

Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims

Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. The decryptor is the result of a comprehensive analysis of ShrinkLocker's inner workings, allowing the researchers to discover a "specific window of opportunity for data recovery immediately after the removal of protectors from BitLocker-encrypted

Comprehensive Guide to Building a Strong Browser Security Program

The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, data leakage, and malicious extensions. As a result, the browser also becomes a vulnerability that

OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution

A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices. "Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and

Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks

The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. "The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said

Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs

Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the

New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by a threat actor named cyberdluffy (aka Cyber D' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub

North Korean Hackers Target macOS Using Flutter-Embedded Malware

Threat actors with ties to the Democratic People's Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built

5 Ways Behavioral Analytics is Revolutionizing Incident Response

Behavioral analytics, long associated with threat detection (i.e. UEBA or UBA), is experiencing a renaissance. Once primarily used to identify suspicious activity, it’s now being reimagined as a powerful post-detection technology that enhances incident response processes. By leveraging behavioral insights during alert triage and investigation, SOCs can transform their workflows to become more

Fintech Giant Finastra Investigating Data Breach

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of a potential breach after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.

An Interview With the Target & Home Depot Hacker

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making schemes.

Microsoft Patch Tuesday, November 2024 Edition

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November's patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.

FBI: Spike in Hacked Police Emails, Fake Subpoenas

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies.

Canadian Man Arrested in Snowflake Data Extortions

A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg first reported Moucka's alleged ties to the Snowflake hacks on Monday. At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories used by some of the world’s largest corporations.

Booking.com Phishers May Leave You With Reservations

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We'll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world's most visited travel website.

Change Healthcare Breach Hits 100M Americans

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information.

The Global Surveillance Free-for-All in Mobile Ad Data

Not long ago, the ability to remotely track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites.

Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being "USDoD," a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI's InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population.

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. One of the brothers is facing life in prison for allegedly seeking to kill people with his attacks.

Steve Bellovin’s Retirement Talk

Steve Bellovin is retiring. Here’s his retirement talk, reflecting on his career and what the cybersecurity field needs next.

Why Italy Sells So Much Spyware

Interesting analysis:

Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of Justice document, as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally be prohibitive.

As a result, thousands of spyware operations have been carried out by Italian authorities in recent years, according to a ...

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Zero-day vulnerabilities are more commonly used, according to the Five Eyes:

Key Findings

In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day.

Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability. The utility of these vulnerabilities declines over time as more systems are patched or replaced. Malicious cyber actors find less utility from zero-day exploits when international cybersecurity efforts reduce the lifespan of zero-day vulnerabilities...

Friday Squid Blogging: Female Gonatus Onyx Squid Carrying Her Eggs

Fantastic video of a female Gonatus onyx squid swimming while carrying her egg sack.

An earlier related post.

Blog moderation policy.

Good Essay on the History of Bad Password Policies

Stuart Schechter makes some good points on the history of bad password policies:

Morris and Thompson’s work brought much-needed data to highlight a problem that lots of people suspected was bad, but that had not been studied scientifically. Their work was a big step forward, if not for two mistakes that would impede future progress in improving passwords for decades.

First, was Morris and Thompson’s confidence that their solution, a password policy, would fix the underlying problem of weak passwords. They incorrectly assumed that if they prevented the specific categories of weakness that they had noted, that the result would be something strong. After implementing a requirement that password have multiple characters sets or more total characters, they wrote:...

New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted.

This is a really good security feature. But various police departments don’t like it, because it makes it harder for them to unlock suspects’ phones.

Mapping License Plate Scanners in the US

DeFlock is a crowd-sourced project to map license plate scanners.

It only records the fixed scanners, of course. The mobile scanners on cars are not mapped.

Criminals Exploiting FBI Emergency Data Requests

I’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too.

Turns out the same thing is true for non-technical backdoors:

The advisory said that the cybercriminals were successful in masquerading as law enforcement by using compromised police accounts to send emails to companies requesting user data. In some cases, the requests cited false threats, like claims of human trafficking and, in one case, that an individual would “suffer greatly or die” unless the company in question returns the requested information...

Friday Squid Blogging: Squid-A-Rama in Des Moines

Squid-A-Rama will be in Des Moines at the end of the month.

Visitors will be able to dissect squid, explore fascinating facts about the species, and witness a live squid release conducted by local divers.

How are they doing a live squid release? Simple: this is Des Moines, Washington; not Des Moines, Iowa.

Blog moderation policy.

AI Industry is Trying to Subvert the Definition of “Open Source AI”

The Open Source Initiative has published (news article here) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training data is the source code—it’s how the model gets programmed—the definition makes no sense.

And it’s confusing; most “open source” AI models—like LLAMA—are open source in name only. But the OSI seems to have been co-opted by industry players that want both corporate secrecy and the “open source” label. (Here’s one ...

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

Twitter Whistleblower Complaint: The TL;DR Version

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Firewall Bug Under Active Attack Triggers CISA Warning

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Fake Reservation Links Prey on Weary Travelers

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Did you play Pokémon Go? You didn't know it, but you were training AI to map the world

If you played this popular mobile game, your location data and photos helped build an AI map.

Threads lets you create your own custom feeds now, just like Bluesky - here's how

With custom feeds, you can add and follow specific accounts and topics that interest you. Here's how it works.

This retro-looking Bose speaker brings the boom (and an immense amount of style)

The Bose SoundLink Home combines a 70s-inspired design with modern audio technologies, offering an enjoyable and stylish Bluetooth speaker for at-home listening. It's also on sale ahead of Black Friday.

This Breville Espresso Machine is $89 off ahead of Black Friday

With Black Friday just over a week away, you can already get this fancy espresso machine on Amazon at a hefty discount.

This HP laptop is $900 off ahead of Black Friday

Black Friday is a week away, and early deals are showing up. Over on B&H Photo Video, the HP Envy has received a big discount, dropping down to $1,100.

This absurdly simple trick turns off AI in your Google Search results

There are several workarounds to avoid Google Search AI summaries, but this may be the easiest.

This Nespresso machine brews barista-quality coffee at home, and it's 30% off ahead of Black Friday

With this machine, you can skip the coffee shop and save hundreds of dollars, and it's $60 off.

8 Bluesky tips every new user should know

Freely available to anyone, Bluesky offers key advantages over X, Threads, and other social networks. Here are 8 ways to achieve social nirvana.

Apple's iPad 9th Gen is $130 off ahead of Black Friday

One of our favorite iPads is on sale for nearly 40% off with this early Black Friday deal at Best Buy.

Apple fans will dig this stylish 3-in-1 charger from Nomad - and now it's $45 off

The Nomad Base One Max can charge up the latest iPhones, Apple Watches, and AirPods while looking fantastic on your tabletop. It's heavily discounted ahead of Black Friday.

The best note-taking apps for iPad of 2024: Expert tested

Ditch your pen and paper. These top note-taking apps for iPad digitize your notes while keeping them all in one place.

One of the best budget smartwatches I've tested provides a ton of health data (and it's on sale)

The Amazfit BIP 5 provides an exhaustive list of health and fitness metrics through Zepp, the same app that much more expensive smartwatches use. Right now, it's on sale for $69.

Save up to 56% on Amazon Fire TV Sticks ahead of Black Friday

Amazon's flagship Fire TV Stick lineup is seeing discounts of up to 56% ahead of Black Friday, including on the newest Fire Stick HD.

These durable bone-conduction headphones sound just as good models twice its price

Although Raycon's bone-conducting headphones aren't the best-sounding devices on the market, they offer solid water resistance, a good battery life, and three EQ settings.

Apple's new M4 MacBook Pro is already $250 off ahead of Black Friday - and I highly recommend it

Apple released the MacBook Pro M4 less than a month ago, but an early Black Friday deal is already live at B&H Photo Video.

Get the Nanoleaf Skylight smart ceiling lights on sale through Black Friday

Nanoleaf's new Skylight panels can get plenty bright and colorful with a tap of a button. Just make sure to set them up properly.

Your Meta Quest 3 is getting a free Windows PC upgrade - and it could change how you work

It seems likely that support for other headsets is also on the way.

This smart floor lamp is one of my favorite smart home accessories and it's 20% off

Aesthetically pleasing and easy to set up, the Govee Floor Lamp Pro brings many new features I didn't know I needed, made even better by this Black Friday deal.

The Sandisk Extreme Pro 2TB Portable SSD is $82 off ahead of Black Friday

Amazon has some sweet storage deals leading up to Black Friday next week. You can get the Sandisk Extreme Pro 2TB SSD or the Sandisk Extreme 2TB SSD, both for under $170.

The Apple Watch Series 10 makes a great gift - and it's $349 for the first time ahead of Black Friday

The newly-released Apple Watch Series 10 has gotten its biggest price drop yet ahead of Black Friday shopping and gifting.

Put your usernames and passwords in your will, advises Japan's government

Digital end of life planning saves your loved ones from a little extra anguish

Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it.…

Five Scattered Spider suspects indicted for phishing spree and crypto heists

DoJ also shutters allleged crimeware and credit card mart PopeyeTools

The US Department of Justice has issued an indictment that names five people accused of stealing millions in cryptocurrency – and we are told they are suspected members of cyber-gang Scattered Spider.…

Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator

Meet Liminal Panda, which prowls telecom networks in South Asia and Africa

A senior US senator has warned that American tech companies’ activities in China represent a national security risk, in a hearing that saw infosec biz CrowdStrike testify it has identified another cyber-espionage crew it believes is backed by Beijing.…

Mega US healthcare payments network restores system 9 months after ransomware attack

Change Healthcare’s $2 billion recovery is still a work in progress

Still reeling from its February ransomware attack, Change Healthcare confirms its clearinghouse services are back up and running, almost exactly nine months since the digital disruption began.…

Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed

OSS-Fuzz is making a strong argument for LLMs in security research

Google's OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities, including a critical flaw in the widely used OpenSSL library.…

D-Link tells users to trash old VPN routers over bug too dangerous to identify

Vendor offers 20% discount on new model, but not patches

Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability.…

Data is the new uranium – incredibly powerful and amazingly dangerous

CISOs are quietly wishing they had less data, because the cost of management sometimes exceeds its value

Column I recently got to play a 'fly on the wall' at a roundtable of chief information security officers. Beyond the expected griping and moaning about funding shortfalls and always-too-gullible users, I began to hear a new note: data has become a problem.…

Healthcare org Equinox notifies 21K patients and staff of data theft

Ransomware scum LockBit claims it did the dirty deed

Equinox, a New York State health and human services organization, has begun notifying over 21 thousand clients and staff that cyber criminals stole their health, financial, and personal information in a "data security incident" nearly seven months ago.…

China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer

No word on when or if the issue will be fixed

Chinese government-linked snoops are exploiting a zero-day bug in Fortinet's Windows VPN client to steal credentials and other information, according to memory forensics outfit Volexity.…

Russian suspected Phobos ransomware admin extradited to US over $16M extortion

This malware is FREE for EVERY crook ($300 decryption keys sold separately)

A Russian citizen has been extradited from South Korea to the United States to face charges related to his alleged role in the Phobos ransomware operation.…

America's drinking water systems have a hard-to-swallow cybersecurity problem

More than 100M rely on gear rife with vulnerabilities, says EPA OIG

Nearly a third of US residents are served by drinking water systems with cybersecurity shortcomings, the Environmental Protection Agency's Office of Inspector General found in a recent study – and the agency lacks its own system to track potential attacks. …

Palo Alto Networks tackles firewall-busting zero-days with critical patches

Amazing that these two bugs got into a production appliance, say researchers

Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week.…

Navigating third-party risks

Strategies for mitigating external access vulnerabilities and safeguarding sensitive data

Webinar As organizations increasingly rely on third-party contractors, vendors, and service providers, the security risks associated with third-party access can become a top priority.…

Crook breaks into AI biz, points $250K wire payment at their own account

Fastidious attacker then tidied up email trail behind them

A Maryland AI company has confirmed to the Securities and Exchange Commission (SEC) that it lost $250,000 to a misdirected wire payment.…

Join in the festive cybersecurity fun

Get hands-on cybersecurity training this seasonal challenge

Sponsored Post Are you ready to pit your wits against the cyber exercises featured in the Holiday Hack Challenge 2024: Snow-maggedon?…

iOS 18 added secret and smart security feature that reboots iThings after three days

Security researcher's reverse engineering effort reveals undocumented reboot timer that will make life harder for attackers

Apple's latest mobile operating system, iOS 18, appears to have added an undocumented security feature that reboots devices if they’re not used for 72 hours.…

Ford 'actively investigating' after employee data allegedly parked on leak site

Plus: Maxar Space Systems confirms employee info stolen in digital intrusion

Updated Ford Motor Company says it is looking into allegations of a data breach after attackers claimed to have stolen an internal database containing 44,000 customer records and dumped the info on a cyber crime souk for anyone to "enjoy."…

Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble

If you didn't fix this a month ago, your to-do list probably needs a reshuffle

Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in attacks after Broadcom’s first attempt to fix the flaws fell short.…

T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears

Un-carrier said to be among those hit by Salt Typhoon, including AT&T, Verizon

updated T-Mobile US said it is "monitoring" an "industry-wide" cyber-espionage campaign against American networks – amid fears Chinese government-backed spies compromised the un-carrier among with various other telecommunications providers.…

Sweden's 'Doomsday Prep for Dummies' guide hits mailboxes today

First in six years is nearly three times the size of the older, pre-NATO version

Residents of Sweden are to receive a handy new guide this week that details how to prepare for various types of crisis situations or wartime should geopolitical events threaten the country.…

Deepen your knowledge of Linux security

Event The security landscape is constantly shifting. If you're running Linux, staying ahead may rely on understanding the challenges - and opportunities - unique to Linux environments.…

Teen serial swatter-for-hire busted, pleads guilty, could face 20 years

PLUS: Cost of Halliburton hack disclosed; Time to dump old D-Link NAS; More UN cybercrime convention concerns; and more

Infosec in brief A teenager has pleaded guilty to calling in more than 375 fake threats to law enforcement, and now faces years in prison.…

Will passkeys ever replace passwords? Can they?

Here's why they really should

Systems Approach I have been playing around with passkeys, or as they are formally known, discoverable credentials.…

Rust haters, unite! Fil-C aims to Make C Great Again

It's memory-safe, with a few caveats

Developers looking to continue working in the C and C++ programming languages amid the global push to promote memory-safe programming now have another option that doesn't involve learning Rust.…

Swiss cheesed off as postal service used to spread malware

QR codes arrive via an age-old delivery system

Switzerland's National Cyber Security Centre (NCSC) has issued an alert about malware being spread via the country's postal service.…

Bloke behind Helix Bitcoin launderette jailed for three years, hands over $400M

Digital money laundering pays, until it doesn't

An Ohio man, who operated the Grams dark-web search engine and the Helix cryptocurrency money-laundering service associated with it, has been sentenced to three years in prison.…

Letting chatbots run robots ends as badly as you'd expect

LLM-controlled droids easily jailbroken to perform mayhem, researchers warn

Science fiction author Isaac Asimov proposed three laws of robotics, and you'd never know it from the behavior of today's robots or those making them.…

Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit

Yank access to management interface, stat

A critical zero-day vulnerability in Palo Alto Networks' firewall management interface that can allow an unauthenticated attacker to remotely execute code is now officially under active exploitation.…

Keyboard robbers steal 171K customers' data from AnnieMac mortgage house

Names and social security numbers of folks looking for the biggest loan of their lives exposed

A major US mortgage lender has told customers looking to make the biggest financial transaction of their lives that an intruder broke into its systems and saw data belonging to 171,000 of them.…

Bitfinex burglar bags 5 years behind bars for Bitcoin heist

A nervous wait for rapper wife who also faces a stint in the clink

The US is sending the main figure behind the 2016 intrusion at crypto exchange Bitfinex to prison for five years after he stole close to 120,000 Bitcoin.…

Microsoft Power Pages misconfigurations exposing sensitive data

NHS supplier that leaked employee info fell victim to fiddly access controls that can leave databases dangling online

Private businesses and public-sector organizations are unwittingly exposing millions of people's sensitive information to the public internet because they misconfigure Microsoft’s Power Pages website creation program.…

Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost

Plus a bonus hard-coded local API key

A now-patched, high-severity bug in Fortinet's FortiClient VPN application potentially allows a low-privilege rogue user or malware on a vulnerable Windows system to gain higher privileges from another user, execute code and possibly take over the box, and delete log files.…

Cybercriminal devoid of boundaries gets 10-year prison sentence

Serial extortionist of medical facilities stooped to cavernous lows in search of small payouts

A rampant cybercrook and repeat attacker of medical facilities in the US is being sentenced to a decade in prison, around seven years after the first of his many crimes.…

Kids' shoemaker Start-Rite trips over security again, spilling customer card info

Full details exposed, putting shoppers at serious risk of fraud

Updated Children's shoemaker Start-Rite is dealing with a nasty "security incident" involving customer payment card details, its second significant lapse during the past eight years.…

NatWest blocks bevy of apps in clampdown on unmonitorable comms

From guidance to firm action... no more WhatsApp, Meta's Messenger, Signal, Telegram and more

The full list of messaging apps officially blocked by Brit banking and insurance giant NatWest Group is more extensive than WhatsApp, Meta's Messenger, and Skype – as first reported.…

Asda security chief replaced, retailer sheds jobs during Walmart tech divorce

British grocer's workers called back to office as clock ticks for contractors

The head of tech security at Asda, the UK's third-largest food retailer, has left amid an ongoing tech divorce from US grocery giant Walmart.…

Five Eyes infosec agencies list 2023's most exploited software flaws

Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns

The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued a list of the 15 most exploited vulnerabilities in 2023, and warned that attacks on zero-day exploits have become more common.…

Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'

Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds

Updated The US government has confirmed there was "a broad and significant cyber espionage campaign" conducted by China-linked snoops against "multiple" American telecommunications providers' networks.…

ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue

Plus: CISA's ScubaGear dives deep to fix M365 misconfigs

Bitdefender has released a free decryption tool that can unlock data encrypted by the ShrinkLocker ransomware.…

Data broker amasses 100M+ records on people – then someone snatches, sells it

We call this lead degeneration

What's claimed to be more than 183 million records of people's contact details and employment info has been stolen or otherwise obtained from a data broker and put up for sale by a miscreant.…

Ransomware fiends boast they've stolen 1.4TB from US pharmacy network

American Associated Pharmacies yet to officially confirm infection

American Associated Pharmacies (AAP) is the latest US healthcare organization to have had its data stolen and encrypted by cyber-crooks, it is feared.…

Microsoft slips Task Manager and processor count fixes into Patch Tuesday

Sore about cores no more

Microsoft has resolved two issues vexing Windows 11 24H2 and Windows Server 2025 users among the many security updates that emerged on Patch Tuesday.…

Admins can give thanks this November for dollops of Microsoft patches

Don't be a turkey – get these fixed

Patch Tuesday Patch Tuesday has swung around again, and Microsoft has released fixes for 89 CVE-listed security flaws in its products – including two under active attack – and reissued three more.…

China's Volt Typhoon crew and its botnet surge back with a vengeance

Ohm, for flux sake

China's Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.…

Air National Guardsman gets 15 years after splashing classified docs on Discord

22-year-old talked of 'culling the weak minded' – hmm!

A former Air National Guard member who stole classified American military secrets, and showed them to his gaming buddies on Discord, has been sentenced to 15 years in prison.…

Here's what we know about the suspected Snowflake data extortionists

A Canadian and an American living in Turkey 'walk into' cloud storage environments…

Two men allegedly compromised what's believed to be multiple organizations' Snowflake-hosted cloud environments, stole sensitive data within, and extorted at least $2.5 million from at least three victims.…

'Cybersecurity issue' at Food Lion parent blamed for US grocery mayhem

Stores still open, but customers report delayed deliveries, invoicing issues, and more at Stop & Shop and others

Retail giant Ahold Delhaize, which owns Food Lion and Stop & Shop, among others, is confirming outages at several of its US grocery stores are being caused by an ongoing "cybersecurity issue."…

HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code

'Once again, we've lost a little more faith in the internet,' researcher says

Researchers are publicizing a proof of concept (PoC) exploit for what they're calling an unauthenticated remote code execution (RCE) vulnerability in Citrix's Virtual Apps and Desktops.…

Managing third-party risks in complex IT environments

Key steps to protect your organization’s data from unauthorized external access

Webinar With increasing reliance on contractors, partners, and vendors, managing third-party access to systems and data is a complex security challenge.…

Amazon confirms employee data exposed in leak linked to MOVEit vulnerability

Over 5 million records from 25 organizations posted to black hat forum

Amazon employees' data is part of a stolen trove posted to a cybercrime forum linked to last year's MOVEit vulnerability.…

Five Charged in Scattered Spider Case

Five men have been indicted in connection with crimes committed by the Scattered Spider group

Five Privilege Escalation Flaws Found in Ubuntu needrestart

Five LPE flaws in Ubuntu’s needrestart utility enable attackers to gain root access in versions prior to 3.8

60% of Emails with QR Codes Classified as Spam or Malicious

60% of QR code emails are spam according findings from Cisco Talos, who also identified attackers using QR code art to bypass security filters

Chinese APT Group Targets Telecom Firms Linked to Belt and Road Initiative

CrowdStrike unveiled a new Chinese-aligned hacking group allegedly spying on telecom providers

Apple Issues Emergency Security Update for Actively Exploited Vulnerabilities

Apple has urged customers to download the security updates, which address vulnerabilities relating to the JavaScriptCore and WebKit frameworks

OWASP Warns of Growing Data Exposure Risk from AI in New Top 10 List for LLMs

OWASP has updated its Top 10 list of risks for LLMs and GenAI, upgrading several areas and introducing new categories

Hackers Hijack Jupyter Servers for Sport Stream Ripping

Aqua Security has observed threat actors using compromised Jupyter servers in a bid to illegally stream sporting events

One Deepfake Digital Identity Attack Strikes Every Five Minutes

Entrust claims deepfakes are driving a surge in digital identity fraud

Cybercriminals Exploit Weekend Lull to Launch Ransomware Attacks

Ransomware groups are targeting weekends and holidays to exploit understaffed security teams in order to get the best chance of a pay day

CISA Chief Jen Easterly Set to Step Down on January 20

Easterly and her Deputy Director Nitin Natarajan are expected to leave office before President-elect Trump names a new leadership

T-Mobile Breached in Major Chinese Cyber-Attack on Telecoms

T-Mobile was hit by Salt Typhoon, a Chinese cyber-espionage group targeting US and global telecom firms

Helldown Ransomware Expands to Target VMware and Linux Systems

Helldown ransomware has expanded its reach to target Linux and VMware systems, exploiting Zyxel firewall vulnerabilities and exfiltrating data

Researchers unearth two previously unknown Linux backdoors

ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood. The goal of the backdoors and tools discovered is cyberespionage that targets sensitive data such as system information, user credentials, and specific files and directories. These tools are designed to maintain persistent access and execute commands stealthily, enabling prolonged intelligence gathering while evading detection. WolfsBane execution chain (Source: ESET) WolfsBane Researchers discovered the WolfsBane samples at VirusTotal, uploaded from Taiwan, … More →

The post Researchers unearth two previously unknown Linux backdoors appeared first on Help Net Security.

Lenovo introduces ThinkShield Firmware Assurance

Lenovo introduced ThinkShield Firmware Assurance as part of its portfolio of enterprise-grade cybersecurity solutions. ThinkShield Firmware Assurance is one of the only computer OEM solutions to enable deep visibility and protection below the operating system (OS) by embracing Zero Trust Architecture (ZTA) component-level visibility to generate more accurate and actionable risk management insights. As a security paradigm, ZTA explicitly identifies users and devices to grant appropriate levels of access so a business can operate with … More →

The post Lenovo introduces ThinkShield Firmware Assurance appeared first on Help Net Security.

Owl Cyber Defense Solutions unveils all-in-one PCIe data diode card

Owl Cyber Defense Solutions announced the latest release of Owl Talon, which includes integration with a new all-in-one PCIe data diode card – Owl Talon One. The new data diode card will enable Federal agencies and critical infrastructure providers to leverage Commercial-off-the-shelf (COTS) PCs or Servers as data diodes. This effectively isolates sensitive systems and eliminates the risk of cyberattacks on vital national assets. The single-card solution – the Owl Talon One – enables up … More →

The post Owl Cyber Defense Solutions unveils all-in-one PCIe data diode card appeared first on Help Net Security.

Vanta announces new products to enhance GRC and trust programs

Vanta announced a number of new and upcoming products enabling customers to build, demonstrate and enhance their GRC and trust programs. The new offerings include Vanta for Marketplaces to strengthen trust across a company’s entire ecosystem; adaptive scoping; AI-powered chat for Trust Centers; developer-first workflows for faster remediation; and expanded reporting capabilities. The announcements coincide with a number of highlights for the company in 2024: Now continuously monitoring over 92 million resources across customers—from laptops … More →

The post Vanta announces new products to enhance GRC and trust programs appeared first on Help Net Security.

Deep Instinct delivers malware and ransomware prevention for cloud data stored in S3 buckets

Deep Instinct launched Deep Instinct DSX for Cloud Amazon S3. As organizations increasingly rely on the cloud to power their digital transformation, businesses are generating and storing record amounts of data in the cloud. Cybercriminals know this and are leveraging generative AI to create sophisticated malware that evades existing security tools and takes advantage of the “assume breach” mindset. DSX for Cloud enables businesses to protect sensitive data across cloud storage environments by preventing and … More →

The post Deep Instinct delivers malware and ransomware prevention for cloud data stored in S3 buckets appeared first on Help Net Security.

Ukrainian cyberwar experience becomes blueprint for TRYZUB cyber training service

The Computer Emergency Response Team of Ukraine (CERT-UA), part of the State Service of Special Communications and Information Protection (SSSCIP), has joined forces with the simulation training platform Cyber Ranges to unveil TRYZUB, a cyber resilience training and capability development service. TRYZUB primarily protects military, government entities, and critical infrastructure sectors such as energy, healthcare, finance, telecommunications, and education. Its training is designed for military units, law enforcement, government agencies, and operators of essential infrastructure … More →

The post Ukrainian cyberwar experience becomes blueprint for TRYZUB cyber training service appeared first on Help Net Security.

Actfore TRACE reduces keystrokes and expedites data extraction

Actfore unveiled TRACE (Targeted Retrieval and Automated Content Extraction), an auto-extraction feature to accelerate and improve the accuracy of data mining processes for breach notification list generation. TRACE will be integrated into all future Actfore deployments, underscoring the company’s commitment to delivering innovative, tech-driven solutions for carriers, counsel, and clients. TRACE represents a significant advancement in the extraction of sensitive data elements, eliminating inefficiencies and minimizing the reliance on manual processes. Developed by Actfore’s Innovation … More →

The post Actfore TRACE reduces keystrokes and expedites data extraction appeared first on Help Net Security.

Zitadel raises $9 million to accelerate product development

Zitadel announced its $9 million Series A funding round led by Nexus Venture Partners with participation from Floodgate. Both firms represent the world’s best experts in open source, developer tools, and identity infrastructure. Zitadel’s developer-first approach and a strong focus on data security and ownership has fueled its growth to more than 150 customers across North America and Europe. This investment will further Zitadel’s vision to lead the identity infrastructure and authentication market. Abhishek Sharma, Managing … More →

The post Zitadel raises $9 million to accelerate product development appeared first on Help Net Security.

AxoSyslog: Open-source scalable security data processor

AxoSyslog is a syslog-ng fork, created and maintained by the original creator of syslog-ng, Balazs Scheidler, and his team. “We first started by making syslog-ng more cloud-ready: we packaged syslog-ng in a container, added helm charts, and made it more suitable for use in cloud-native environments. We’ve also improved the monitoring and operational experience to help AxoSyslog better integrate with modern telemetry pipelines,” Balazs Scheidler, CEO of Axoflow, told Help Net Security. AxoSyslog is not … More →

The post AxoSyslog: Open-source scalable security data processor appeared first on Help Net Security.

Product showcase: Augmenting penetration testing with Plainsea

Human-led penetration testing is an essential practice for any organization seeking to proactively address potential attack vectors. However, this indispensable pentesting method is often limited by several factors: high resource demands, project time constraints, dispersed communication, and lack of continuous visibility into evolving vulnerabilities. Plainsea‘s innovative all-in-one platform addresses these challenges through an augmented penetration testing approach that results in a continuous, streamlined, and collaborative service. Designed for MSSPs and security teams, the platform enables … More →

The post Product showcase: Augmenting penetration testing with Plainsea appeared first on Help Net Security.

Protecting Critical Infrastructure with Zero-Trust and Microsegmentation

Ransomware attacks are increasingly targeting critical infrastructure — essential systems like energy, water, transportation and finance. In 2023 alone, over 40% of attacks hit these sectors, according to the FBI. Meanwhile, agencies like CISA and the UK’s NCSC warn infrastructure companies of mounting threats from state-sponsored adversaries or other malicious actors. The recent American Water..

The post Protecting Critical Infrastructure with Zero-Trust and Microsegmentation appeared first on Security Boulevard.

10 Best Drata Alternatives to Consider for Compliance Management in 2024

If you’re familiar with platforms like Drata, you may appreciate their streamlined compliance processes and integrations. But if you’re ready for something beyond automation and integration (think powerful AI-driven risk management, live visual dashboards, and extensive framework mappings), Centraleyes delivers in ways Drata just can’t match! Let’s take a closer look at both platforms and […]

The post 10 Best Drata Alternatives to Consider for Compliance Management in 2024 appeared first on Centraleyes.

The post 10 Best Drata Alternatives to Consider for Compliance Management in 2024 appeared first on Security Boulevard.

Sentient IAM: Unlocking Success Through Human-Centric Leadership

Discover how servant leadership and a human-centric approach to IAM drive trust, resilience, and impactful results in today’s complex business landscape.

The post Sentient IAM: Unlocking Success Through Human-Centric Leadership first appeared on Identient.

The post Sentient IAM: Unlocking Success Through Human-Centric Leadership appeared first on Security Boulevard.

Respond to Fewer Alerts with Automated Grouping

Smart SOAR’s automated grouping reduces the noise by filtering out irrelevant alerts, enabling a faster and more efficient response.

The post Respond to Fewer Alerts with Automated Grouping appeared first on D3 Security.

The post Respond to Fewer Alerts with Automated Grouping appeared first on Security Boulevard.

SOC 2 Compliance Audit: Safeguarding Your Business’s Data

Are you a service organization seeking an audit to gain customers’ trust? Or maybe you are looking to attract prospective clients by proving how serious you are with customers’ data. If that is the case, you have come to the right place. Introducing the SOC 2 audit – think of it as a thorough check-up […]

The post SOC 2 Compliance Audit: Safeguarding Your Business’s Data appeared first on Security Boulevard.

Build Confidence with Robust Machine Identity Solutions

How Robust Are Your Machine Identity Solutions? As cybersecurity threats and data breaches continue to soar, the question becomes inevitable: how robust are your machine identity solutions? For many organizations, the answer remains shrouded in ambiguity, leaving them vulnerable to data breaches and non-compliance penalties. However, a new frontier of Non-Human Identity (NHI) and Secrets […]

The post Build Confidence with Robust Machine Identity Solutions appeared first on Entro.

The post Build Confidence with Robust Machine Identity Solutions appeared first on Security Boulevard.

DEF CON 32 – A Treasure Trove of Failures: What History’s Greatest Heist Can Teach Us About Defense In Depth

Authors/Presenters: Pete Stegemeyer

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – A Treasure Trove of Failures: What History’s Greatest Heist Can Teach Us About Defense In Depth appeared first on Security Boulevard.

How to Move from Manual to Certificate Automation with ACME

For IT teams, managing certificates can feel like a relentless cycle of tracking expiration dates, renewing certificates, and monitoring CA chains. Without automation, it’s easy to miss renewals, leading to costly outages and downtime. As your organization scales, manually managing hundreds—or even thousands—of certificates quickly becomes unsustainable. With the imminent shortening of certificate validity periods […]

The post How to Move from Manual to Certificate Automation with ACME first appeared on Accutive Security.

The post How to Move from Manual to Certificate Automation with ACME appeared first on Security Boulevard.

How to Motivate Employees and Stakeholders to Encourage a Culture of Cybersecurity

Cybersecurity impacts us all. Third parties process and handle data every day, whether they’re tapping your phone to pay via near-field communication (NFC) or processing a transaction while you pay your utility bill online. The importance of keeping your data private is growing every day: worldwide, cybercrime costs are expected to hit $10.5 trillion annually...

The post How to Motivate Employees and Stakeholders to Encourage a Culture of Cybersecurity appeared first on Hyperproof.

The post How to Motivate Employees and Stakeholders to Encourage a Culture of Cybersecurity appeared first on Security Boulevard.

Microsoft Adds Raft of Zero-Trust Tools and Platforms

platforms, security, tool, tooling, AI coding, tools, tools cybersecurity multi-tool

Microsoft this week launched a raft of cybersecurity initiatives that address everything from making Windows platforms more secure to adding platforms that are more secure by design.

The post Microsoft Adds Raft of Zero-Trust Tools and Platforms appeared first on Security Boulevard.

Cyberattack at French hospital exposes health data of 750,000 patients

A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. [...]

Fintech giant Finastra investigates data breach after SFTP hack

Finastra has confirmed it warned customers of a cybersecurity incident after a threat actor began selling allegedly stolen data on a hacking forum. [...]

MITRE shares 2024's top 25 most dangerous software weaknesses

MITRE has shared this year's top 25 list of the most common and dangerous software weaknesses behind more than 31,000 vulnerabilities disclosed between June 2023 and June 2024. [...]

US charges five linked to Scattered Spider cybercrime gang

The U.S. Justice Department has charged five suspects believed to be part of the financially motivated Scattered Spider cybercrime gang with conspiracy to commit wire fraud. [...]

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root

Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04. [...]

Microsoft confirms game audio issues on Windows 11 24H2 PCs

Microsoft says a Windows 24H2 bug causes game audio to unexpectedly increase to full volume when using USB DAC sound systems. [...]

New Ghost Tap attack abuses NFC mobile payments to steal money

Cybercriminals have devised a novel method to cash out from stolen credit card details linked to mobile payment systems such as Apple Pay and Google Pay, dubbed 'Ghost Tap,' which relays NFC card data to money mules worldwide. [...]

Amazon and Audible flooded with 'forex trading' and warez listings

Amazon, Amazon Music, and Audible, an Amazon-owned online audiobook and podcast service, have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software. [...]

Apple fixes two zero-days used in attacks on Intel-based Macs

Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. [...]

CISA tags Progress Kemp LoadMaster flaw as exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. [...]

Ford rejects breach allegations, says customer data not impacted

Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum. [...]

Oracle warns of Agile PLM file disclosure flaw exploited in attacks

Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. [...]

Fintech giant Finastra confirms it’s investigating a data breach

An incident disclosure shared with Finastra's banking and financial customers confirms a hacker stole files from a company system.

US extradites Russian accused of extorting millions in Phobos ransomware payments

Phobos ransomware has been used to extort at least $16 million from over a thousand victims globally, according to the DOJ

Microsoft beefs up Windows security with new recovery and patching features

In the aftermath of the devastating CrowdStrike outage this July, Microsoft vowed to do better even though it insisted that the event was an aberration. Evidently unwilling to take chances (or risk further hits to its credibility), the company on Tuesday, during Microsoft Ignite 2024, shared how it’s making changes to Windows to prevent similar […]

AI training software firm iLearningEngines says it lost $250,000 in recent cyberattack

The US-based firm said hackers misdirected a $250,000 wire transfer payment that it hasn't been able to recover.

Space tech giant Maxar confirms hacker accessed employees’ personal data

Maxar has 2,600 employees — with more than half having security clearances to work on classified U.S. government projects.

What a second Trump term means for the future of ransomware

The U.S. government has made big strides over the past four years in the ongoing fight against the “scourge of ransomware,” as President Joe Biden described it. At the start of his term, Biden and his administration were quick to declare ransomware a national security threat, unlocking new powers for the military and intelligence agencies. […]

FBI confirms China-backed hackers breached US telecom giants to steal wiretap data

The FBI and CISA say they have uncovered a "broad and significant" China-linked cyber espionage campaign

Hot Topic data breach exposed personal data of 57 million customers

Millions of customers of Hot Topic have been informed that their personal data was compromised during an October data breach at the American retailer. Have I Been Pwned (HIBP), the breach notification service, said this week that it alerted 57 million Hot Topic customers that their data had been compromised. The stolen data includes email […]

Amazon confirms employee data stolen after hacker claims MOVEit breach

Amazon has confirmed that employee data was compromised after a “security event” at a third-party vendor. In a statement given to TechCrunch on Monday, Amazon spokesperson Adam Montgomery confirmed that employee information had been involved in a data breach. “Amazon and AWS systems remain secure, and we have not experienced a security event. We were […]

Symbiotic Security helps developers find bugs as they code

Symbiotic Security, which is announcing a $3 million seed round today, watches over developers as they code and points out potential security issues in real time. Other companies do this, but Symbiotic also emphasizes the next step: teaching developers to avoid these bugs in the first place. Ideally, this means developers will fix security bugs […]

Columbus says ransomware gang stole personal data of 500,000 Ohio residents

Columbus says hackers accessed resident's Social Security numbers and bank account details

2024 looks set to be another record-breaking year for ransomware — and it’s likely going to get worse

This year, 2024, looks set to be the most profitable yet for hackers, with four ransom demands paid in the tens of millions of dollars.

How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware

Prosecutors allege that Redline infected millions of computers around the world since 2020, including several hundred machines at the U.S. Dept. of Defense.

Police operation claims takedown of prolific Redline and Meta password stealers

Authorities have gained 'full access' to the servers used by the two notorious infostealers

Socket lands a fresh $40M to scan software for security flaws

The software supply chain, which comprises the components and processes used to develop software, has become precarious. According to one recent survey, 88% of companies believe poor software supply chain security presents an “enterprise-wide risk” to their organizations. Open source supply chain components are especially fraught, thanks to the logistical hurdles in keeping each component well-maintained. […]

Casio says ‘no prospect of recovery yet’ after ransomware attack

The Japanese electronics giant says some of its systems remain "unusable" almost two weeks after cyberattack.

Casio confirms customer data compromised in ransomware attack

A ransomware and extortion racket called Underground has claimed responsibility for the breach on its dark web leak site, which TechCrunch has seen.

Relyance lands $32M to help companies comply with data regulations

As the demand for AI surges, AI vendors are devoting greater bandwidth to data security issues. Not only are they being compelled to comply with emerging data privacy regulations (e.g., the EU Data Act), but they’re also finding themselves under the microscope of clients skeptical about how their data is being used and processed. The […]

Amazon revamps Ring subscriptions with AI video search

Amazon is introducing new Ring subscription plans, including a tier that'll bring 24/7 recording and AI-powered video search.

Kaspersky says it’s closing down its UK office and laying off dozens

Russian cybersecurity giant Kaspersky is shutting down its office in the United Kingdom and laying off its staff, just three months after the company started closing down its U.S. operations and laying off dozens of workers, TechCrunch has learned. Kaspersky spokesperson Francesco Tius said in an email to TechCrunch that the company “will commence a […]

Recruitment Announcement: B2B Sales Representatives and Business Introducers

To meet growing demand and accelerate our growth, we are launching a new sales team. Weare looking for talented, ambitious, and motivated B2B sales representatives and businessintroducers who share our vision of a safer and more resilient internet. Job Profile:Position: B2B Sales Representatives and Business IntroducersAs a key member of our Sales Team, you will … Continue reading Recruitment Announcement: B2B Sales Representatives and Business Introducers

The post Recruitment Announcement: B2B Sales Representatives and Business Introducers appeared first on KoDDoS Blog.

⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃

The countdown has begun! There are only 3 days left to take advantage of our Halloween special and enjoy 10% off on all our hosting and DDoS protection services. Don’t miss this limited-time offer to secure your website with KoDDoS’s high-performance solutions at a great price! 🎃 Promo Code: HALLOWEEN2024 🎃 Use code HALLOWEEN2024 at … Continue reading ⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃

The post ⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃 appeared first on KoDDoS Blog.

Understanding and Preventing DDoS Attacks with KoDDoS

Distributed Denial of Service (DDoS) attacks represent one of the most formidable threats to modern businesses and organizations whose information systems are connected to the internet. These attacks aim to render a service unavailable by overwhelming the target server’s resources with a massive volume of malicious traffic from multiple sources. In the face of this … Continue reading Understanding and Preventing DDoS Attacks with KoDDoS

The post Understanding and Preventing DDoS Attacks with KoDDoS appeared first on KoDDoS Blog.

Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃

Halloween is just around the corner, and at KoDDoS, we’re celebrating this spooky season with an exclusive offer that will make you smile! To mark the occasion, we’re giving you 10% off all our hosting and DDoS protection services. Whether you’re launching a new project or looking to enhance the security of your existing site, … Continue reading Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃

The post Special Halloween Offer: 10% Off All Hosting and DDoS Protection Services! 🎃 appeared first on KoDDoS Blog.

Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃

🎃 Exclusive Halloween Promo – 10% Off on All Services From October 18, 2024, to October 31, 2024, enjoy our limited-time Halloween offer with the promo code: 👉 HALLOWEEN2024 👈 Simply apply this code at checkout to receive your discount. Whether you’re a small business owner, a content creator, or managing a large e-commerce platform, … Continue reading Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃

The post Celebrate Halloween with an Exclusive 10% Discount from KoDDoS! 🎃 appeared first on KoDDoS Blog.

Discover the Benefits of KoDDoS and Its New Infrastructures in Japan and Sweden

Secure Hosting to Support Your Business KoDDoS, your expert in secure hosting and DDoS protection, continues to innovate by providing its customers with the best hosting solutions worldwide. We are proud to announce the deployment of new ultra-efficient infrastructures in Japan and Sweden. With this strategic expansion, KoDDoS not only strengthens its global reach but … Continue reading Discover the Benefits of KoDDoS and Its New Infrastructures in Japan and Sweden

The post Discover the Benefits of KoDDoS and Its New Infrastructures in Japan and Sweden appeared first on KoDDoS Blog.

The Return of the Internet Archive After a Cyberattack: The Challenge of Cybersecurity

“The Internet Archive, renowned for its vast digital library and its web preservation tool, the Wayback Machine, recently fell victim to a major cyberattack that disrupted its services. On October 9, a combined attack involving a data breach and a distributed denial-of-service (DDoS) attack took the site offline. This incident also led to the theft … Continue reading The Return of the Internet Archive After a Cyberattack: The Challenge of Cybersecurity

The post The Return of the Internet Archive After a Cyberattack: The Challenge of Cybersecurity appeared first on KoDDoS Blog.

Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS

What is a DDoS consultant? Luc M.: A DDoS consultant is an expert specializing in securing digital infrastructures against Distributed Denial of Service (DDoS) attacks. As a DDoS consultant, our mission is among other things to support our clients and partners in implementing effective protection measures to prevent these increasingly frequent and sophisticated threats. at … Continue reading Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS

The post Interview with Luc M. aka “Moussier Network” Senior Consultant and Founder at “Just Do DDoS”: Protecting Businesses Against DDoS appeared first on KoDDoS Blog.

KoDDoS Expands in Sweden: A New Era of Performance, Security, and Proximity for Our Clients

““We are proud and excited to announce an important milestone in this mission with the opening of our new European data center in Sweden. »” At KoDDoS, our mission has been clear from the start: to provide our clients with secure and high-performance hosting solutions while protecting them from cyber threats. Today, we are excited … Continue reading KoDDoS Expands in Sweden: A New Era of Performance, Security, and Proximity for Our Clients

The post KoDDoS Expands in Sweden: A New Era of Performance, Security, and Proximity for Our Clients appeared first on KoDDoS Blog.

Solana Breakpoint 2024: The Must-Attend Blockchain Event in Singapore

A Packed and Diverse Schedule September 19 will be dedicated to registration and badge pick-up, setting the stage for two full days of keynote talks, interactive workshops, and networking sessions. During these two days, participants will dive deep into discussions on the latest blockchain technology advancements, Web3 trends, and the industry’s biggest challenges. Solana Breakpoint … Continue reading Solana Breakpoint 2024: The Must-Attend Blockchain Event in Singapore

The post Solana Breakpoint 2024: The Must-Attend Blockchain Event in Singapore appeared first on KoDDoS Blog.

The Role of Security Configuration Management in Achieving Zero Trust Security Architectures

Zero Trust is a network security model that dictates that no one or no system should be trusted by default and that every attempt to access a network or application is a threat. For those who are naturally trusting of others, this concept is difficult to accept. However, distrusting every entity on a network until it has been verified is imperative today. Security Configuration in Zero Trust When you have a multitude of platforms from a variety of vendors with different asset models, it becomes a challenge to ensure consistency across these assets. Therefore, it is crucial to ensure not only...

CIS Control 12: Network Infrastructure Management

Networks form a critical core for our modern-day society and businesses. These networks are comprised of many types of components that make up the networks’ infrastructure. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are shipped from manufacturers with “default” configuration settings and passwords that, if deployed as-is, can significantly weaken an organization’s network infrastructure. Even if network devices are hardened with non-default configurations and strong...

Essential Security Best Practices for Remote Work

As we continue to embrace remote work, it’s crucial to keep our security practices sharp to protect both company and personal data. With increasing cyber threats, adhering to security best practices helps us safeguard our information and maintain our productivity. Here’s a quick guide to help you stay vigilant and secure while working remotely. Secure Your Home Office Pick a space that is private. Do not allow family or friends to use your work devices. Do not use your work devices for personal use. Lock your device when you must step away. Stay in Communication Stay connected with the company...

BEC Cost Citizens Worldwide Over $55bn in Last 10 Years

Business email compromise (BEC) is a sophisticated type of phishing that uses social engineering and deception to obtain access to sensitive accounts, networks, and data. In these attacks, bad actors pose as organization executives to request funds transfers from other members of the organization. Playing on the trust that employees place in executives, this scam demands that the attacker gather information about the structure of the organization and the individual they plan to impersonate. The FBI’s Internet Crime Complaint Center (IC3) recently published a public service announcement...

The Future of Cybersecurity: Why Vendor Consolidation is the Next Big Trend

The cybersecurity landscape is constantly changing as new technologies and threat trends emerge. Maintaining an effective cybersecurity strategy over time requires updating tools and practices with the evolution of cyberattacks, security capabilities, and business operations. Implementing the best tools for the most pressing issues as they arise has been the predominant tactic for many organizations. However, some cybersecurity leaders believe that this approach is no longer sufficient for addressing modern threats. Vendor sprawl makes for a large and complex attack surface, leading to...

Identity Fraud and the Cost of Living Crisis: New Challenges for 2024

Fraud is a rampant threat to individuals and organizations worldwide and across all sectors. In order to protect against the dangers of fraud in its many forms, it is vital to stay in the loop on the latest fraud trends and the threat landscape. The Fraudscape 2024 report from Cifas, the UK’s Fraud Prevention Community, is an effort to share this information to help prevent fraud. The report is compiled using data from Cifas’ National Fraud Database (NFD), Insider Threat Database (ITD), and intelligence from members, partners, and law enforcement agencies. According to the report...

Cyberbiosecurity: Where Digital Threats Meet Biological Systems

Cyberbiosecurity has emerged as an essential area of interest as the boundaries between the digital and biological sectors continue to blur. With rapid advancements in areas such as artificial intelligence, automation, and synthetic biology, the need for strong cyberbiosecurity protections has grown to safeguard the bioeconomy. As biotechnology evolves, it creates a complex landscape where breaches can have consequences far beyond typical cyber risks. Cyberbiosecurity is about securing the foundation of our biological future. Cyberbiosecurity, also known as Biocybersecurity, is an...

ShrinkLocker Ransomware: What You Need To Know

What is ShrinkLocker? ShrinkLocker is a family of ransomware that encrypts an organisation's data and demands a ransom payment in order to restore access to their files. It was first identified by security researchers in May 2024, after attacks were observed in Mexico, Indonesia, and Jordan. So far, so normal. What makes it noteworthy? The ShrinkLocker ransomware is unusual because it uses VBScript and Microsoft Windows's legitimate security tool BitLocker to assist with the encryption of victims' files. Hang on. You mean BitLocker, the full-disk-encryption feature that's supposed to boost...

Exploring the Security Risks of VR and AR

In an era where innovative technologies are emerging left, right, and center, two of the most influential in recent years are experiencing exponential growth. Virtual Reality (VR) and Augmented Reality (AR) are immersive technologies that have now firmly integrated into numerous industries. As these technologies have become more prevalent in our personal and professional lives, they bring with them security and privacy challenges that are hard to overlook. In addition, recent VR/AR security threats (such as the Quest VR attack on Meta) could certainly diversify and multiply if left unmitigated...

CIS Control 13: Network Monitoring and Defense

Networks form a critical core for our modern-day society and businesses. People, processes, and technologies should be in place for monitoring, detecting, logging, and preventing malicious activities that occur when an enterprise experiences an attack within or against their networks. Key Takeaways for Control 13 Enterprises should understand that their systems and networks are never perfectly immune to a cyberattack. Enterprises can leverage the safeguards provided by Control 13 to guide the evolution and maturity of their security posture. Network monitoring and defense should be viewed as a...

5 Hackers Charged for Attacking Companies via Phishing Text Messages

Federal authorities have unsealed charges against five individuals accused of orchestrating sophisticated phishing schemes that targeted employees of companies across the United States. The alleged hackers reportedly stole confidential company data and millions of dollars in cryptocurrency by exploiting stolen employee credentials. The defendants, ranging in age from 20 to 25, are accused of conspiracy […]

The post 5 Hackers Charged for Attacking Companies via Phishing Text Messages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Two PyPi Malicious Package Mimic ChatGPT & Claude Steals Developers Data

Two malicious Python packages masquerading as tools for interacting with popular AI models ChatGPT and Claude were recently discovered on the Python Package Index (PyPI), the official repository for Python libraries. These packages reportedly remained undetected for over a year, silently compromising developer environments and exfiltrating sensitive data. As reported by a cybersecurity researcher, Leonid […]

The post Two PyPi Malicious Package Mimic ChatGPT & Claude Steals Developers Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Helldown Ransomware Attacking VMware ESXi And Linux Servers

Helldown, a new ransomware group, actively exploits vulnerabilities to breach networks, as since August 2024, they have compromised 28 victims, leaking their data on a dedicated website. The ransomware group IS has updated its data leak site, removing three victims, possibly indicating successful ransom payments by continuing its double extortion tactic, stealing and threatening to […]

The post Helldown Ransomware Attacking VMware ESXi And Linux Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

macOS WorkflowKit Race Vulnerability Allows Malicious Apps to Intercept Shortcuts

A race condition vulnerability in Apple’s WorkflowKit has been identified, allowing malicious applications to intercept and manipulate shortcuts on macOS systems. This vulnerability, cataloged as CVE-2024-27821, affects the shortcut extraction and generation processes within the WorkflowKit framework, which is integral to the Shortcuts app on macOS Sonoma. macOS WorkflowKit Race Vulnerability The vulnerability arises from […]

The post macOS WorkflowKit Race Vulnerability Allows Malicious Apps to Intercept Shortcuts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Wireshark 4.4.2 Released: What’s New!

The Wireshark Foundation has officially announced the release of Wireshark 4.4.2, the latest version of the world’s most popular network protocol analyzer. Wireshark is wide use in troubleshooting, analysis, development, and educational purposes, Wireshark continues to be a vital tool for network professionals and enthusiasts. The nonprofit Wireshark Foundation, which promotes protocol analysis education, emphasizes […]

The post Wireshark 4.4.2 Released: What’s New! appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SquareX Brings Industry’s First Browser Detection Response Solution to AISA Melbourne CyberCon 2024

SquareX, the leading browser security company, will make its Australian debut at Melbourne CyberCon 2024, hosted by AISA (Australian Information Security Association), from 26th to 28th November 2024. SquareX will showcase its groundbreaking Browser Detection and Response (BDR) solution at StartUp Booth 42, addressing the growing risk of browser-based cyber threats targeting employees. With the […]

The post SquareX Brings Industry’s First Browser Detection Response Solution to AISA Melbourne CyberCon 2024 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ANY.RUN Sandbox Automates Interactive Analysis of Complex Cyber Attack Chains

ANY.RUN, a well-known interactive malware analysis platform, has announced Smart Content Analysis, an enhancement to its Automated Interactivity feature. This new mechanism is designed to automatically analyze and detonate complex malware and phishing attacks, providing investigators with quicker and more detailed insights into malicious behavior. Speed Optimization for Investigations: Accelerates the analysis workflow, saving time […]

The post ANY.RUN Sandbox Automates Interactive Analysis of Complex Cyber Attack Chains appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Rekoobe Backdoor In Open Directories Possibly Attacking TradingView Users

APT31, using the Rekoobe backdoor, has been observed targeting TradingView, a popular financial platform, as researchers discovered malicious domains mimicking TradingView, suggesting a potential interest in compromising the platform’s user community. By analyzing shared SSH keys, investigators identified additional infrastructure linked to this campaign and another open directory, highlighting the evolving tactics employed by APT31 […]

The post Rekoobe Backdoor In Open Directories Possibly Attacking TradingView Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Water Barghest Botnet Comprised 20,000+ IoT Devices By Exploiting Vulnerabilities

Water Barghest, a sophisticated botnet, exploits vulnerabilities in IoT devices to enlist them in a residential proxy marketplace by leveraging automated scripts to identify vulnerable devices from public databases like Shodan. When the device is compromised, the Ngioweb malware is installed in a stealthy manner, thereby establishing a connection to command-and-control servers. The infected device […]

The post Water Barghest Botnet Comprised 20,000+ IoT Devices By Exploiting Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

North Korean IT Worker Using Weaponized Video Conference Apps To Attack Job Seakers

North Korean IT workers, operating under the cluster CL-STA-0237, have been implicated in recent phishing attacks leveraging malware-infected video conference apps. The group, likely based in Laos, has demonstrated a sophisticated approach, infiltrating a U.S.-based SMB IT services company to gain access to sensitive information and secure a position at a major tech company. It […]

The post North Korean IT Worker Using Weaponized Video Conference Apps To Attack Job Seakers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISOs can now obtain professional liability insurance

A new business insurance offering can shield CISOs from personal losses in the event of a lawsuit.

The post CISOs can now obtain professional liability insurance appeared first on CyberScoop.

US charges five men linked to ‘Scattered Spider’ with wire fraud

The men have been charged with conspiracy to commit wire fraud.

The post US charges five men linked to ‘Scattered Spider’ with wire fraud appeared first on CyberScoop.

Vulnerability disclosure policy bill for federal contractors clears Senate panel

The Homeland Security and Governmental Affairs Committee on Wednesday also advanced legislation to strengthen the federal IT supply chain.

The post Vulnerability disclosure policy bill for federal contractors clears Senate panel appeared first on CyberScoop.

Sen. Blumenthal wants FCC to get busy on telecom wiretap security rules

The subcommittee chair said the FCC has the ability to act now in response to Salt Typhoon targeting the 2024 presidential campaigns.

The post Sen. Blumenthal wants FCC to get busy on telecom wiretap security rules appeared first on CyberScoop.

Microsoft launches ‘Zero Day Quest’ competition to enhance cloud and AI security

The tech giant is upping the bounties attached to several popular systems.

The post Microsoft launches ‘Zero Day Quest’ competition to enhance cloud and AI security appeared first on CyberScoop.

Bipartisan Senate bill targets supply chain threats from foreign adversaries

The bill would strengthen oversight powers for the body charged with investigating IT products from China and other foes.

The post Bipartisan Senate bill targets supply chain threats from foreign adversaries appeared first on CyberScoop.

Rail and pipeline representatives push to dial back TSA’s cyber mandates

House Republicans during a Tuesday hearing were sympathetic to industry calls for shaving down cyber regulations.

The post Rail and pipeline representatives push to dial back TSA’s cyber mandates appeared first on CyberScoop.

Botnet serving as ‘backbone’ of malicious proxy network taken offline

Lumen Technology’s Black Lotus Labs took the ngioweb botnet and NSOCKS proxy offline Tuesday.

The post Botnet serving as ‘backbone’ of malicious proxy network taken offline appeared first on CyberScoop.

Attackers are hijacking Jupyter notebooks to host illegal Champions League streams

Normally reserved for data analysis, a cybersecurity firm caught online content pirates hosting soccer matches.

The post Attackers are hijacking Jupyter notebooks to host illegal Champions League streams appeared first on CyberScoop.

How to remove the cybersecurity gridlock from the nation’s energy lifelines

A unified approach from both public and private sectors is essential to safeguard our critical infrastructure.

The post How to remove the cybersecurity gridlock from the nation’s energy lifelines appeared first on CyberScoop.

Decade-old local privilege escalation bugs impacts Ubuntu needrestart package

Decade-old flaws in the needrestart package in Ubuntu Server could allow local attackers to gain root privileges without user interaction. The Qualys Threat Research Unit (TRU) discovered five Local Privilege Escalation (LPE) decade-old security vulnerabilities in the needrestart package that could allow a local attacker to gain root privileges without requiring user interaction. The needrestart […]

Ford data breach involved a third-party supplier

Ford investigates a data breach linked to a third-party supplier and pointed out that its systems and customer data were not compromised. Ford investigation investigated a data breach after a threat actors claimed the theft of customer information on the BreachForums cybercrime. On November 17, threat actors IntelBroker and EnergyWeaponUser published a post on BreachForums […]

Hacker obtained documents tied to lawsuit over Matt Gaetz’s sexual misconduct allegations

A hacker allegedly accessed a file containing testimony from a woman claiming she had sex with Matt Gaetz when she was 17, sparking controversy. The New York Times reported that a hacker, who goes online with the name name Altam Beezley, gained access to files containing confidential testimony from a woman who claims she had […]

Apple addressed two actively exploited zero-day vulnerabilities

Apple released security updates for iOS, iPadOS, macOS, visionOS, and Safari browser to address two actively exploited zero-day flaws. Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS, macOS, visionOS, and Safari web browser, which are actively exploited in the wild. The vulnerability CVE-2024-44309 is a cookie management issue […]

Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events

Threat actors exploit misconfigured JupyterLab and Jupyter Notebooks servers to rip sports streams and illegally redistribute them. Researchers from security firm Aqua observed threat actors exploiting misconfigured JupyterLab and Jupyter Notebook servers to hijack environments, deploy streaming tools, and duplicate live sports broadcasts on illegal platforms. “threat actors using misconfigured servers to hijack environments for […]

Russian Phobos ransomware operator faces cybercrime charges

Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges. According to the DoJ, the […]

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Chinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY, DEEPDATA, and DEEPPOST. DEEPDATA is a […]

U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of the above vulnerabilities: CVE-2024-1212 is a Progress Kemp LoadMaster […]

Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals

A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information. On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. The organization launched an investigation into the incident with the help of a cybersecurity firm. The healthcare center discovered that a threat actor […]

Recently disclosed VMware vCenter Server bugs are actively exploited in attacks

Threat actors are actively exploiting two VMware vCenter Server vulnerabilities tracked as CVE-2024-38812 and CVE-2024-38813, Broadcom warns. Broadcom warns that the two VMware vCenter Server vulnerabilities CVE-2024-38812 and CVE-2024-38813 are actively exploited in the wild. “Updated advisory to note that VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813.” […]

Mitigating the Risk of Cybercrime While Traveling Abroad

Global tourism is reaching pre-pandemic records and many people are eager to embark on a new adventure. Yet at the same time, incidents of cybercrimes are increasing at a staggering...

The post Mitigating the Risk of Cybercrime While Traveling Abroad appeared first on Cyber Defense Magazine.

Maintaining File Security While Working Remotely

These days remote workers in home offices using residential WiFi must maintain a similar security posture as a full-on corporation while working with other remote stakeholders, clients, and partners anywhere...

The post Maintaining File Security While Working Remotely appeared first on Cyber Defense Magazine.

Illegal Crypto Mining: How Businesses Can Prevent Themselves From Being ‘Cryptojacked’

The popularity of cryptocurrencies like Ethereum and Bitcoin surged during the pandemic era. What began as a niche, almost novelty form of payment in the 2010s, transformed into a legitimate...

The post Illegal Crypto Mining: How Businesses Can Prevent Themselves From Being ‘Cryptojacked’ appeared first on Cyber Defense Magazine.

How Ransomware Jeopardizes Healthcare Organizations

Security challenges in the healthcare sector continue to grow as connected assets and attack surfaces expand. Organizations in any sector face financial ramifications in the aftermath of a successful attack,...

The post How Ransomware Jeopardizes Healthcare Organizations appeared first on Cyber Defense Magazine.

High Performance Software Defined Receivers

Introduction As cybersecurity challenges grow more complex, the tools we use to protect data and communications are also advancing. Among these tools, high-performance software defined receivers (SDRs) with tuning ranges...

The post High Performance Software Defined Receivers appeared first on Cyber Defense Magazine.

The Future of Cybersecurity: Predictions for 2025 and Beyond

by Gary S. Miliefsky, CISSP, fmDHS As the publisher of Cyber Defense Magazine, I have a great honor and pleasure to meet with many of the market leaders and innovators...

The post The Future of Cybersecurity: Predictions for 2025 and Beyond appeared first on Cyber Defense Magazine.

Guarding the Games: Cybersecurity and the 2024 Summer Olympics

As Paris prepares to host the 2024 Summer Olympic Games, athletes from around the world converge to represent their country. But beyond the cheers and medals lies a digital underworld....

The post Guarding the Games: Cybersecurity and the 2024 Summer Olympics appeared first on Cyber Defense Magazine.

Fortifying the Future: AI Security Is The Cornerstone Of The AI And GenAI Ecosystem

The rapid proliferation of AI technologies is bringing about significant advancements, but it has also introduced a wide range of security challenges. Large language models (LLMs) and computer vision models,...

The post Fortifying the Future: AI Security Is The Cornerstone Of The AI And GenAI Ecosystem appeared first on Cyber Defense Magazine.

Biometrics in the Cyber World

by Victoria Hargrove, Reporter, CDM In today’s society, digital threats are happening at a consistent and concerning rate. Traditional authentication methods no longer stand a chance against preventing these threats....

The post Biometrics in the Cyber World appeared first on Cyber Defense Magazine.

5 Essential Features of an Effective Malware Sandbox

Malware sandboxes offer a safe and controlled environment to analyze potentially harmful software and URLs. However, not all sandboxes incorporate features that are essential for proper analysis. Let’s look at...

The post 5 Essential Features of an Effective Malware Sandbox appeared first on Cyber Defense Magazine.

Cybereason Merges with Trustwave, Enhances MDR and Consulting Services

As the cyber threat landscape grows in complexity, organizations are increasingly turning to their cybersecurity partners for support. From tackling compliance mandates to actively ejecting threat actors from internal systems and helping raise organizational resilience, end-to-end cyber solutions are crucial.

Insourcing versus Outsourcing

One of the quotes often attributed to Albert Einstein is “Insanity is doing the same thing over and over again and expecting different results”. Whilst there’s debate if this was something Einstein actually said, the sentiment definitely rings true.

Unlocking the Potential of AI in Cybersecurity: Embracing the Future and Its Complexities

In today's digital world, the threat of cyber-attacks is ever-present and looms larger than ever before. From large corporations to small businesses, no one is immune to the dangers of cybercrime and the ever-evolving tactics of cybercriminals. As technology advances, so do the methods used by hackers to breach security systems and steal sensitive information. In this high-stakes game of cat and mouse, the use of artificial intelligence (AI) has emerged as a powerful tool in the fight against cyber threats.

Malicious Life Podcast: Operation Snow White, Part 2

Scientology spies were trained in all covert operations techniques: surveillance, recruiting agents, infiltrating enemy lines, and blackmail. However, a suspicious librarian and a determined FBI agent brought the largest single spy operation in US government history to an end.

THREAT ANALYSIS: Beast Ransomware

Cybereason issues Threat Analysis reports to investigate emerging threats and provide practical recommendations for protecting against them. In this Threat Analysis report, Cybereason investigates the Ransomware-as-a-Service (RaaS) known as Beast and how to defend against it through the Cybereason Defense Platform.

CUCKOO SPEAR Part 2: Threat Actor Arsenal

In the previous installment of our Cuckoo Spear series, we introduced the Cuckoo Spear campaign and provided an overview of the APT10 threat actor’s tactics and objectives. If you missed Part 1, you can catch up here.

In this follow-up, we dive deeper into the technical aspects of the NOOPDOOR and NOOPLDR malwares that APT10 employed in the Cuckoo Spear campaign. Our analysis reveals how NOOPDOOR operates and the potential risks it poses to organizations. This breakdown will help cybersecurity professionals better understand and defend against the sophisticated strategies of this persistent adversary.

ARSENAL ANALYSIS

This section will mainly focus on the reverse engineering of the Cuckoo Spear tools : NOOPLDR and NOOPDOOR.

The Silent Epidemic: Uncovering the Dangers of Alert Fatigue and How to Overcome It

In today's digital age, cyberattacks have become a common and constant threat to individuals and organizations alike. From phishing scams to malware attacks, cybercriminals are constantly finding new ways to exploit vulnerabilities and steal sensitive information. Ransomware is increasingly prevalent, with high-profile attacks targeting large organizations, government agencies, and healthcare systems. The consequences of a ransomware attack can be devastating, resulting in financial loss, reputational damage, and even the compromise of sensitive data.

Malicious Life Podcast: Operation Snow White, Part 1

In 1963, the FDA raided the headquarters of a budding new and esoteric religion - The Church of Scientology. In response to this and similar incidents to come, the church's founder - an eccentric science fiction author named L. Ron Hubbard - would go on to lead the single largest known government infiltration operation in United States history.

The Great Debate: On-Premise vs. Cloud based EDR

Technology is rapidly advancing, and in today's fast-paced and ever-changing business world, organizations are under immense pressure to keep up with the latest developments while also meeting market demands.

Malicious Life Podcast: Infighting and Treason in Russia’s Cyber World

On Dec. 5, 2016, two senior Russian Intelligence officers and two civilians were arrested and accused of treason. A few weeks later, when Western journalists were finally able to speak with the men’s lawyers, they learned that the case was based on events that were, oddly enough, already widely known. This made the arrests even more peculiar.

As more details emerged, the picture became clearer, offering Westerners a rare glimpse into the typically secretive world of Russian intelligence.

How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Soon�

Posted by Sean @ 12:52 GMT

Our "construction project" is progressing nicely.

A work in progress

And it should resolve this…

Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.

On 18/08/15 At 12:52 PM

Work In Progress

Posted by Sean @ 13:25 GMT

Regular readers will have noticed it's been slow here of late.

Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.

On 13/08/15 At 01:25 PM

"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT

Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:

iOS 9 Public Beta 2, Install

And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.

iOS 9 Public, Safari Block Alerts

We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.

On 23/07/15 At 09:53 AM

Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT

Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.

seaduke_crossplatform (39k image)
An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.

bastion_z (12k image)
A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.

onedrive_z (7k image)
A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".

decoy_ndi_small (63k image)
Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.

decoy_fax (72k image)
The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP

On 22/07/15 At 11:59 AM

'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT

VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.

The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.

On 20/07/15 At 12:40 PM

IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT

The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:

iosclean.com

Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:

Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.

error1014.com

The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)

On 17/07/15 At 10:15 AM

Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT

After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.

overall_stats (11k image)

Here are the stats for each exploit kit:

ek_stats (27k image)

The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:

weekend_wave_stats (22k image)

Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:

angler_vs_hanjuan_urlpattern (9k image)

We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:

anglerek_ht0d_3 (26k image)

HanJuan Flash Exploit:

hanjuanek_ht0d_3 (23k image)

There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.

On 13/07/15 At 12:29 PM

The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT

When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):

hacking_team_client_list (86k image)

Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:

hacking_team_hack_1 (95k image)

hacking_team_hack_2 (72k image)

Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.

Post by – Su Gim

On 08/07/15 At 02:31 AM

Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT

The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.

Wassenaar Arrangement definitions
(Source)

So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.

On 09/06/15 At 01:25 PM

Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT

I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.

_WalkinWiFi

Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean

On 08/06/15 At 01:27 PM

SMS Exploit Messages

Posted by Sean @ 13:56 GMT

There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.

S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:

Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:

Effective Power Unicode iOS hack vs Twitter

On 28/05/15 At 01:56 PM

Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT

In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:

crypt_email (104k image)

When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:

crypt_email_redirect_italy (187k image)

So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:

crypt_email_mal_italy (302k image)

Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:

crypt_email_redirect_spain (74k image)

If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:

crypt_email_target_spain (57k image)

And then to the malware itself:

crypt_email_mal_spain (313k image)

This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor

On 19/05/15 At 03:17 AM

Mac Hack Demonstration

Posted by Sean @ 12:46 GMT

Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.

Don't worry, it's an authorized hack, she asked her mom for permission.

On 15/05/15 At 12:46 PM

Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

GMX (Global Mail eXchange) Mail is an email service where users may register up to 10 individual email addresses at no cost. As a result, threat actors are leveraging this service to easily spin up new email addresses and effectively delivering phishing attacks that bypass Microsoft o365 and Google Workspace, landing in an organization’s email […]

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries. As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

VMware vCenter Users Risk RCE Attacks. Two Flaws Exploited in the Wild

Hackers are exploiting two VMware vCenter Server flaws, one of which is a critical remote code execution flaw. Both vulnerabilities received security updates in September 2024, but the initial patches didn’t solve the problems completely. Thus, in October, VMware released a new patch to close the RCE vulnerability. Now security researchers warn users that they’ve […]

The post VMware vCenter Users Risk RCE Attacks. Two Flaws Exploited in the Wild appeared first on Heimdal Security Blog.

Application Allowlisting: Definition, Challenges & Best Practices

Imagine the scenario: an employee at your company has innocently decided to install an add-on to their browser to help with time management. Except there’s a catch. The browser extension has been hacked by cybercriminals, who can exploit it as a backdoor into your company’s systems. However, if your organization uses application allowlisting (also known […]

The post Application Allowlisting: Definition, Challenges & Best Practices appeared first on Heimdal Security Blog.

New Glove Stealer Malware Bypasses Google Chrome’s App-Bound to Steal Data

The New Glove Stealer malware has the ability to bypass Google Chrome’s Application-Bound (App-Bound) encryption to steal browser cookies. The threat actors’ attacks employed social engineering techniques akin to those employed in the ClickFix infection chain, in which phony error windows included in HTML files attached to phishing emails deceive potential victims into installing malware. […]

The post New Glove Stealer Malware Bypasses Google Chrome’s App-Bound to Steal Data appeared first on Heimdal Security Blog.

[Free & Downloadable] Cloud Security Policy Template

A well-structured Cloud Security Policy is no longer a luxury—it’s a necessity. To help you stay ahead, we’re offering a free, downloadable Cloud Security Policy Template designed to simplify your cloud security journey. In this article, we’ll explore why a cloud security policy is essential and how this template can help protect your organization from […]

The post [Free & Downloadable] Cloud Security Policy Template appeared first on Heimdal Security Blog.

GoIssue Phishing Tool Reveals Hackers Set Sights on GitHub Users

New phishing tool, GoIssue, takes email addresses from public GitHub profiles and sends mass phishing messages to GitHub users. The tool is specifically designed to target GitHub developers. Researchers warn that compromising developers’ credentials opens the gate for source code stealing, supply chain attacks, and network intrusion. Cyber Luffy, GoIssue’s seller, claims to be a […]

The post GoIssue Phishing Tool Reveals Hackers Set Sights on GitHub Users appeared first on Heimdal Security Blog.

CISA Warns Most 2023 Top Exploited Vulnerabilities Were 0-Days

CISA warns that most of the top routinely exploited vulnerabilities during 2023 were zero-days. The FBI, the NSA, and 5 other cybersecurity authorities, like the UK’s National Cyber Security Centre (NCSC), were also partners in releasing The 2023 Top Routinely Exploited Vulnerabilities. In 2022 less than half of the top exploited flaws were zero-days, but […]

The post CISA Warns Most 2023 Top Exploited Vulnerabilities Were 0-Days appeared first on Heimdal Security Blog.

Top 10 Flexera Competitors and Alternatives for Patch Management

Flexera is a popular choice for gaining visibility across multiple clouds. But you’ll need a few more capabilities to manage all your IT devices and keep software up to date. IT asset management should cover everything from online platforms to on-site devices. Exploring top Flexera alternatives reveals tools that simplify asset management, support scaling, and […]

The post Top 10 Flexera Competitors and Alternatives for Patch Management appeared first on Heimdal Security Blog.

What Is a Privileged Access Workstation?

A Privileged Access Workstation (PAW) is a secure computer built to safeguard sensitive tasks and privileged accounts. IT admins and security teams use PAWs to manage critical systems like the Active Directory. They also use them to access cloud services, deploy software, or patch servers. They serve as a dedicated environment for performing sensitive operations. […]

The post What Is a Privileged Access Workstation? appeared first on Heimdal Security Blog.

Google To Make MFA Mandatory for Google Cloud in 2025

Google has recently announced that it plans to implement mandatory multi-factor authentication (MFA) on all Cloud accounts by the end of 2025. Google argues that MFA strengthens security without sacrificing a smooth and convenient online experience. It is reported that 70% of Google users enabled this feature already and security consultants urge the remaining 30% […]

The post Google To Make MFA Mandatory for Google Cloud in 2025 appeared first on Heimdal Security Blog.

Threat Actors Hijack Windows Systems Using the New SteelFox Malware

A new malware named ‘SteelFox’ is actively used by threat actors to mine cryptocurrency and steal credit card data. The malware leverages the BYOVD (Bring Your Own Vulnerable Device) technique to obtain SYSTEM privileged on Windows machines. SteelFox is distributed through forums and torrent trackers as a crack tool that activates legitimate versions of various […]

The post Threat Actors Hijack Windows Systems Using the New SteelFox Malware appeared first on Heimdal Security Blog.

Why Having Too Many Cybersecurity Point Solutions Is Risky

“We have so many solutions now to solve single issues in our companies that the number of security solutions is becoming a risk itself” – Thomas Baasnes, Cybersecurity Director at Verdane. How many cybersecurity point solutions does your organization use? In an IBM survey, the average number of tools used in the businesses they asked […]

The post Why Having Too Many Cybersecurity Point Solutions Is Risky appeared first on Heimdal Security Blog.

How to Build a Healthy Patch Management Program

Any cybersecurity professional will know that regularly patching vulnerabilities is essential to protecting a network. Keeping apps, devices, and infrastructure up to date closes ‘back doors’ into your environment. But most cybersecurity professionals will also know there’s a big gap between patching theory and reality. While implementing a patch management program is undeniably good practice, […]

The post How to Build a Healthy Patch Management Program appeared first on Heimdal Security Blog.

IntelBroker Claims Selling Nokia’s Source Code on BreachForums

Nokia is investigating a potential data breach after Serbian hacker IntelBroker claimed to sell the company’s source code. The attacker said he got the data by breaching one of the telecom giant’s third-party vendor. In his post on BreachForums, he said he had for sale, among others: proprietary Nokia code SSH keys RSA keys BitBucket […]

The post IntelBroker Claims Selling Nokia’s Source Code on BreachForums appeared first on Heimdal Security Blog.

Interlock Ransomware Specifically Targets FreeBSD Servers

Interlock ransomware operators created an encryptor meant to target FreeBSD servers. This is a practice that hackers often use in attacks on VMware ESXi servers and virtual machines. Now, the security researchers analyzed a sample of the FreeBSD ELF encryptor and the results were unsettling. FreeBSD machines became an interesting enough target for threat actors […]

The post Interlock Ransomware Specifically Targets FreeBSD Servers appeared first on Heimdal Security Blog.

Heimdal and COOLSPIRiT Team Up to Strengthen UK Business Cybersecurity

LONDON, United Kingdom, 6 November 2024 – Heimdal, a leading provider of advanced cybersecurity solutions, and COOLSPIRiT, a UK-based expert in data management and IT infrastructure, are pleased to announce a strategic partnership to deliver cutting-edge security technologies to businesses across the UK. Today’s organizations face sophisticated cyber threats targeting critical systems and data. Recognizing […]

The post Heimdal and COOLSPIRiT Team Up to Strengthen UK Business Cybersecurity appeared first on Heimdal Security Blog.

Increase In Phishing SVG Attachments, (Thu, Nov 21st)

There is an increase in SVG attachments used in phishing emails (Scalable Vector Graphics, an XML-based vector image format).

ISC Stormcast For Wednesday, November 20th, 2024 https://isc.sans.edu/podcastdetail/9226, (Wed, Nov 20th)

No summary available.

Apple Fixes Two Exploited Vulnerabilities, (Tue, Nov 19th)

Today, Apple released updates patching two vulnerabilities that have already been exploited. Interestingly, according to Apple, the vulnerabilities have only been exploited against Intel-based systems, but they appear to affect ARM (M"x") systems as well.

Detecting the Presence of a Debugger in Linux, (Tue, Nov 19th)

Hello from Singapore where&#;x26;#;xc2;&#;x26;#;xa0;I&#;x26;#;39;m&#;x26;#;xc2;&#;x26;#;xa0;with Johannes and Yee!&#;x26;#;xc2;&#;x26;#;xa0;This week, I&#;x26;#;39;m teaching&#;x26;#;xc2;&#;x26;#;xa0;FOR710[1]. I spotted another Python script that looked interesting because, amongst the classic detection of virtualized environments, it also tries to detect the presence of a debugger. The script has been developed to target both environments: Windows &#;x26; Linux.

ISC Stormcast For Tuesday, November 19th, 2024 https://isc.sans.edu/podcastdetail/9224, (Tue, Nov 19th)

No summary available.

Exploit attempts for unpatched Citrix vulnerability, (Mon, Nov 18th)

Last week, Watchtowr Labs released details describing a new and so far unpatched vulnerability in Citrix&#;x26;#;39;s remote access solution [1]. Specifically, the vulnerability affects the "Virtual Apps and Desktops." This solution allows "secure" remote access to desktop applications. It is commonly used for remote work, and I have seen it used in call center setups to isolate individual workstations from the actual desktop. The Watchtowr blog describes it as:

ISC Stormcast For Monday, November 18th, 2024 https://isc.sans.edu/podcastdetail/9222, (Mon, Nov 18th)

No summary available.

Ancient TP-Link Backdoor Discovered by Attackers, (Sun, Nov 17th)

There are so many vulnerabilities in commonly used routers that attackers often leave many easily exploited vulnerabilities untouched, as they already have plenty of vulnerabilities to exploit.

ISC Stormcast For Wednesday, November 13th, 2024 https://isc.sans.edu/podcastdetail/9220, (Wed, Nov 13th)

No summary available.

Microsoft November 2024 Patch Tuesday, (Tue, Nov 12th)

This month, Microsoft is addressing a total of 83 vulnerabilities. Among these, 3 are classified as critical, 2 have been exploited in the wild, and another 2 have been disclosed prior to Patch Tuesday. Organizations are encouraged to prioritize these updates to mitigate potential risks and enhance their security posture.

Ransomware Gangs Evolve: They're Now Recruiting Penetration Testers

Ransomware Gangs Evolve: The Alarming Trend of Recruiting Penetration Testers

A new and concerning cybersecurity trend has emerged. According to the latest Q3 2024 Cato CTRL SASE Threat Report from Cato Networks, ransomware gangs are now actively recruiting penetration testers to enhance the effectiveness of their attacks.

Out of 29 Billion Cybersecurity Events, Phishing was the Primary Method of Initial Attack

The newly released single largest analysis of cyber attacks across all of 2023 show a strong tie between the use of phishing and techniques designed to gain credentialed access.

Beware of Fake Tech Support Scams

About five years ago, I was having trouble with an expensive brand-name refrigerator that my wife and I had bought. It was a great refrigerator feature-wise. My wife and I initially loved it. But it kept breaking. And each break, even though it was covered by the warranty, took weeks and weeks to repair.

Dark Side of Deals: Emerging Scams for Black Friday, Cyber Monday and Giving Tuesday

As the holiday shopping season kicks into high gear, cybercriminals are gearing up too. This year, alongside the usual suspects, we're seeing some crafty new scams, so let’s take a look at some of the ones you should be most careful of during Black Friday, Cyber Monday and Giving Tuesday.

Threat Actors are Sending Malicious QR Codes Via Snail Mail

The Swiss National Cyber Security Centre (NCSC) has warned of a QR code phishing (quishing) campaign that’s targeting people in Switzerland via physical letters sent through the mail, Malwarebytes reports.

A New Era In Human Risk Management:Introducing KnowBe4 HRM+

Cybersecurity threats grow more sophisticated by the day. Amid this constant change, one truth remains: people are simultaneously our greatest security vulnerability and our strongest line of defense. It’s time to empower organizations with a new approach that minimizes human risk and maximizes protection.

Purina’s Champions Program Is the Best I Have Seen

In my most recent book, Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing, I highlight the use of “champions," which are co-workers in your organization who can help spread security awareness training to better lower human risk.

The World Premiere of The Inside Man - Season 6 in St. Petersburg, Florida

The World Premiere of The Inside Man - Season 6 held in St. Petersburg Florida

KnowBe4, the leading platform for security awareness training, is excited to bring the award-winning original series, "The Inside Man,” back to your screens with more excitement, drama, and cybersecurity lessons than ever before.

CyberheistNews Vol 14 #47 Step-by-Step To Creating Your First Realistic Deepfake Video in a Few Minutes

Phishing Attacks Exploit Microsoft Visio Files and SharePoint

Threat actors are exploiting Microsoft Visio files and SharePoint to launch two-step phishing attacks, according to researchers at Perception Point.

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The compliance variable has come into play in an impactful way.

Related: Technology and justice systems

The U.S. Security and Exchange Commission (SEC) recently laid down the hammer charging and fining four prominent cybersecurity vendors for making misleading claims in … (more…)

The post LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations first appeared on The Last Watchdog.

GUEST ESSAY: The promise and pitfalls of using augmented reality– ‘AR’ — in cybersecurity

Augmented reality use cases have become prevalent in our society.

The technology, which first emerged primarily in the world of gaming and entertainment, now promises to reshape our reality with interactive information and immersive experiences. In short, AR is undoubtedly … (more…)

The post GUEST ESSAY: The promise and pitfalls of using augmented reality– ‘AR’ — in cybersecurity first appeared on The Last Watchdog.

News alert: Sweet Security rolls out its advanced runtime detection and response platform for AWS

Tel Aviv, Israel, Nov. 11, 2024, CyberNewswire — Sweet Security today announced the availability of its cloud-native detection and response platform on the Amazon Web Services (AWS) marketplace.

Sweet’s solution unifies threat detection across cloud infrastructure, network, workloads, and applications. … (more…)

The post News alert: Sweet Security rolls out its advanced runtime detection and response platform for AWS first appeared on The Last Watchdog.

MY TAKE: Technology breakthroughs, emerging standards are coalescing to assure IoT integrity

The Internet of Things is growing apace.

Related: The Top 12 IoT protocols

Deployment of 5G and AI-enhanced IoT systems is accelerating. This, in turn, is driving up the number of IoT-connected devices in our homes, cities, transportation systems and … (more…)

The post MY TAKE: Technology breakthroughs, emerging standards are coalescing to assure IoT integrity first appeared on The Last Watchdog.

Shared Intel Q&A: Foreign adversaries now using ‘troll factories’ to destroy trust in U.S. elections

Foreign adversaries proactively interfering in U.S. presidential elections is nothing new.

It’s well-documented how Russian intelligence operatives proactively meddled with the U.S. presidential election in 2016 and technologists and regulators have been … (more…)

The post Shared Intel Q&A: Foreign adversaries now using ‘troll factories’ to destroy trust in U.S. elections first appeared on The Last Watchdog.

News alert: Cybersecurity, AI priorities for 2025 highlighted at ATPC Cyber Forum in Atlanta

Atlanta, GA, Oct. 30, 2024, CyberNewswire — The American Transaction Processors Coalition (ATPC) Cyber Council will convene “The Tie that Binds: A 21st Century Cybersecurity Dialogue,” on October 31, 2024, at the Bank of America Financial Center Tower’s Convention Hall … (more…)

The post News alert: Cybersecurity, AI priorities for 2025 highlighted at ATPC Cyber Forum in Atlanta first appeared on The Last Watchdog.

Guest Essay: Wallarm report shows API exposures rose steeply across all industries in Q3 2024

Application Programming Interfaces (APIs) have become the backbone of modern enterprises, facilitating seamless communication between both internal systems and external partners.

As organizations increasingly rely on APIs, the number of APIs in … (more…)

The post Guest Essay: Wallarm report shows API exposures rose steeply across all industries in Q3 2024 first appeared on The Last Watchdog.

News alert: INE shares guidance to help companies invest in year-end cybersecurity, networking training

Cary, NC, Oct. 28, 2024, CyberNewswire — As the year-end approaches, it’s common for enterprises to discover they still have funds that must be utilized. Often, these L&D dollars are “use or lose,” meaning they will be returned to the … (more…)

The post News alert: INE shares guidance to help companies invest in year-end cybersecurity, networking training first appeared on The Last Watchdog.

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

Cary, NC, Oct. 22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security.

As small businesses increasingly depend on digital technologies to operate and grow, the risks associated with cyber threats also escalate. INE … (more…)

The post News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses first appeared on The Last Watchdog.

GUEST ESSAY: Achieving end-to-end data security with the right ‘fully homomorphic encryption’

Everyone knows the cost and frequency of data breaches are rising. The question is, do you know if your data is truly secure? I have news for you. It’s not.

Why? Many … (more…)

The post GUEST ESSAY: Achieving end-to-end data security with the right ‘fully homomorphic encryption’ first appeared on The Last Watchdog.

“Sad announcement” email leads to tech support scam

People are receiving disturbing emails that appear to imply something has happened to their friend or family member.

Update now! Apple confirms vulnerabilities are already being exploited

Apple has released security updates that look especially important for Intel-based Macs because they are already being exploited in the wild.

AI Granny Daisy takes up scammers’ time so they can’t bother you

An Artificial Intelligence model called Daisy has been deployed to waste phone scammers' time so they can't defraud real people.

Free AI editor lures in victims, installs information stealer instead on Windows and Mac

A widespread social media campaign for EditProAI turns out to spread information stealers for both Windows and MacOS users.

AI is everywhere, and Boomers don’t trust it

ChatGPT, Google Gemini, and Meta AI may be everywhere, but Baby Boomers don't trust the tech or the companies behind it.

An air fryer, a ring, and a vacuum get brought into a home. What they take out is your data (Lock and Code S05E24)

This week on the Lock and Code podcast, we tell three stories about air fryers, smart rings, and vacuums that want your data.

QuickBooks popup scam still being delivered via Google ads

When trying to download QuickBooks via a Google search, users may visit the wrong site and get an installer containing malware.

A week in security (November 11 – November 17)

A list of topics we covered in the week of November 11 to November 17 of 2024

Malicious QR codes sent in the mail deliver malware

A QR code in a physical letter is a method of spreading malware that may find its way to your mailbox too.

122 million people’s business contact info leaked by data broker

A data broker has confirmed a business contact information database containing 132.8 million records has been leaked online.

Advertisers are pushing ad and pop-up blockers using old tricks

A malvertising campaign using an old school trick was found pushing to different ad blockers.

Scammer robs homebuyers of life savings in $20 million theft spree

A scammer was caught after they defrauded some 400 people for almost $20 million in real estate.

Temu must respect consumer protection laws, says EU

Temu is under investigation for a variety of misleading practices.

Warning: Online shopping threats to avoid this Black Friday and Cyber Monday

Where there’s a gift to be bought, there’s also a scammer out to make money. Here's how to stay safe this shopping season.

DNA testing company vanishes along with its customers’ genetic data

Atlas Biomed, a DNA testing company that promised clients insights into their genetic disposition has suddenly disappeared.

A week in security (November 4 – November 10)

A list of topics we covered in the week of November 4 to November 10 of 2024

Hello again, FakeBat: popular loader returns after months-long hiatus

The web browser, and search engines in particular, continue to be a popular entry point to deliver malware to users. While...

TikTok ordered to close Canada offices following “national security review”

Canada wants TikTok to dissolve its business in the country. TikTok plans to challenge the decision in court

Air fryers are the latest surveillance threat you didn’t consider

Consumer group Which? found privacy issues in connected air fryers. How smart do we want and need our appliances to be?

Malwarebytes acquires AzireVPN to fuel additional VPN features and functionalities

We have great news to share: Malwarebytes has acquired AzireVPN, a privacy-focused VPN provider.

How Do the Cyber Essentials and Cyber Essentials Plus Assessments Work?

Top tips to achieve Cyber Essentials certification from our cyber security assessor How can you sail through your Cyber Essentials and Cyber Essentials Plus assessments? How can you prepare? What support can you expect from an assessor? What does the ‘technical audit’ for Cyber Essentials Plus involve, exactly? And what are some common pitfalls? We put these questions to cyber security advisor Ash Brett, who has carried out hundreds of Cyber Essentials Plus assessments. In this interview SAQ (self-assessment questionnaire) Previously, you said that Cyber Essentials involves completing an independently verified SAQ. Could you tell us a bit more

The post How Do the Cyber Essentials and Cyber Essentials Plus Assessments Work? appeared first on IT Governance UK Blog.

How to Create a Strong Security Culture

Getting a greater return on investment on your security measures We all have a responsibility for security. Regardless of role or rank, everyone has their part to play: Contrary to popular belief, cyber and information security aren’t just matters for IT. But to ensure that all staff truly take note of security and apply the knowledge gained from any staff awareness training, security should be embedded in your organisation’s culture. In other words, you should aim to build a ‘security culture’. In this blog What is a security culture? Security is about being free from danger or threat, while a

The post How to Create a Strong Security Culture appeared first on IT Governance UK Blog.

Your Biggest Security Risk: The Insider Threat

Your biggest security risk isn’t the hacker in a hoodie with their face obscured. It’s the people you trust: your staff. If you don’t train them, you’ll suffer more breaches. It really is that simple. This quote from Damian Garcia, our head of GRC consultancy, explains the insider threat in a nutshell. Malicious insiders are part of the insider threat. But most breaches are caused accidentally. Verizon’s 2024 Data Breach Investigations Report found that 68% of data breaches involved a “non-malicious human element”, such as human error or falling for social engineering. Damian explains the insider threat and how to protect

The post Your Biggest Security Risk: The Insider Threat appeared first on IT Governance UK Blog.

Free Expert Insights: Index of Interviews

We regularly sit down with experts from within GRC International Group to get their insights on a technical topic or business area. Here are all our Q&As to date, grouped by broad topic: To get new expert insights straight to your inbox, sign up to our weekly newsletter, the Security Spotlight. Last updated: 11 November 2024. Interviews added: Camden Woollven on layering defences to safeguard sensitive data in AI systems (AI); James Pickard on how to safeguard against malicious insiders (cyber security); Andrew Snow on securing board support for a GDPR compliance project (data privacy); Andrew Snow on lawful data

The post Free Expert Insights: Index of Interviews appeared first on IT Governance UK Blog.

Layering Defences to Safeguard Sensitive Data Within AI Systems

Strategies for mitigating privacy and security risks As artificial intelligence develops relentlessly, organisations face a thorny problem: How can you harness the transformative power of AI tools and systems while ensuring the privacy and security of your sensitive data? We put the question to our head of AI product marketing, Camden Woollven. In this interview What security or privacy challenges do organisations face when using AI tools? The risk of inadvertently exposing sensitive data is a big one. Most generative AI systems are basically a massive ‘sponge’. The language models are trained by soaking up huge quantities of publicly available

The post Layering Defences to Safeguard Sensitive Data Within AI Systems appeared first on IT Governance UK Blog.

Boost Your Security Posture With Objective-Based Penetration Testing

To maximise value from your security investments, your measures must be effective How can you be confident your measures are fit for purpose – and prove it to stakeholders like customers, partners and regulators? Penetration testing (also known as ‘pen testing’ or ‘ethical hacking’) offers a vital tool for identifying gaps and opportunities to strengthen your security programme. Our head of security testing, James Pickard, explains further. In this interview Is your security programme effective? What are key challenges when implementing a security programme? Resources and costs are often top of the list. Many organisations have a tight budget for

The post Boost Your Security Posture With Objective-Based Penetration Testing appeared first on IT Governance UK Blog.

How Organisations Are Failing to Process Personal Data Lawfully Under the GDPR

Problems with consent, purpose limitation, retention periods, and more At the heart of the GDPR (General Data Protection Regulation) lie the Article 5 data protection principles. When I asked data privacy trainer and DPO (data protection officer) Andy Snow which principle organisations are most prone to getting wrong, he found it hard to pick just one. In part, this is due to how the principles naturally interlink – an issue with one principle naturally leads to issues with (some of) the others, too. Andy took the first principle as an example, saying: You’d think organisations can get something as basic

The post How Organisations Are Failing to Process Personal Data Lawfully Under the GDPR appeared first on IT Governance UK Blog.

The 6 CCSP Domains Explained

The CCSP (Certified Cloud Security Professional) certification was launched in April 2015 and last updated in August 2022. (ISC)² developed CCSP to address the growing need for Cloud security professionals and the rapidly escalating use of Cloud services. What are the 6 CCSP domains? CCSP domain Weighting 1. Cloud Concepts, Architecture and Design 17% 2. Cloud Data Security 20% 3. Cloud Platform & Infrastructure Security 17% 4. Cloud Application Security 17% 5. Cloud Security Operations 16% 6. Legal, Risk and Compliance 13% While the first domain doesn’t hold the highest weighting, it’s critical to understanding all other domains. Although you could

The post The 6 CCSP Domains Explained appeared first on IT Governance UK Blog.

GDPR: International Data Transfers Using the IDTA, SCCs or BCRs

The UK and EU GDPR (General Data Protection Regulation) restrict transfers of personal data outside the UK and EU respectively. Consequently, you must put an appropriate mechanism or safeguard in place to transfer personal data internationally, such as: Let’s take a closer look at these mechanisms, and when and how to use them. In this blog What are SCCs and the IDTA? Article 46(2)(c) of the EU GDPR allows for “standard data protection clauses adopted by the Commission”. These are your ‘SCCs’ or ‘standard contractual clauses’. Post-Brexit, the UK introduced its own version of these model contractual clauses: the

The post GDPR: International Data Transfers Using the IDTA, SCCs or BCRs appeared first on IT Governance UK Blog.

Strategies for Securing Your Supply Chain

What to do when your ‘supply chain’ is really a ‘supply loop’ When I asked Bridget Kenyon – CISO (chief information security officer) for SSCL, lead editor for ISO 27001:2022 and author of ISO 27001 Controls – what she’d like to cover in an interview, she suggested supply chain security. I asked her whether she was thinking about the CrowdStrike incident (which happened just a few weeks prior). Bridget responded: “Not specifically. To be honest, supply chain security has been a perennial problem.” I sat down with her to find out more. In this interview Challenges of supply chain security

The post Strategies for Securing Your Supply Chain appeared first on IT Governance UK Blog.

Scammer Black Friday offers: Online shopping threats and dark web sales

Kaspersky experts share their insights into cyberthreats that face online shoppers in 2024: phishing, banking trojans, fake shopping apps and Black Friday sales on the dark web data market.

Сrimeware and financial cyberthreats in 2025

Kaspersky's GReAT looks back on the 2024 predictions about financial and crimeware threats, and explores potential cybercrime trends for 2025.

Threats in space (or rather, on Earth): internet-exposed GNSS receivers

Internet-exposed GNSS receivers pose a significant threat to sensitive operations. Kaspersky shares statistics on internet-exposed receivers for July 2024 and advice on how to protect against GNSS attacks.

Ymir: new stealthy ransomware in the wild

Kaspersky GERT experts have discovered in Colombia new Ymir ransomware, which uses RustyStealer for initial access and the qTox client for communication with its victims.

QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns

Kaspersky shares details on QSC modular cyberespionage framework, which appears to be linked to CloudComputating group campaigns.

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

Kaspersky experts have discovered a new SteelFox Trojan that mimics popular software like Foxit PDF Editor and JetBrains to spread a stealer-and-miner bundle.

Loose-lipped neural networks and lazy scammers

Scammers use large language models (LLMs) to create phishing pages and leave artifacts in texts and tags, like the phrase "As an AI language model...".

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents.

Lumma/Amadey: fake CAPTCHAs want to know if you’re human

Malicious CAPTCHA distributed through ad networks delivers the Amadey Trojan or the Lumma stealer, which pilfers data from browsers, password managers, and crypto wallets.

The Crypto Game of Lazarus APT: Investors vs. Zero-days

Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain.

About This Website

Cybersecurity News

5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

NHIs Are the Future of Cybersecurity: Meet NHIDR

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices

Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation

New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers

The Problem of Permissions and Non-Human Identities - Why Remediating Credentials Takes Longer Than You Think

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)

Gmail's New Shielded Email Feature Lets Users Create Aliases for Email Privacy

Beyond Compliance: The Advantage of Year-Round Network Pen Testing

Fake Discount Sites Exploit Black Friday to Hijack Shopper Information

NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released

Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials

Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations

Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform

Live Webinar: Dive Deep into Crypto Agility and Certificate Management

Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia

How AI Is Transforming IAM and Identity Security

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin

CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed

Experts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack Scheme

Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes

5 BCDR Oversights That Leave You Exposed to Ransomware

TikTok Pixel Privacy Nightmare: A New Case Study

New RustyAttr Malware Targets macOS Through Extended Attribute Abuse

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel

Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims

Comprehensive Guide to Building a Strong Browser Security Program

OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution

Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks

Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns

North Korean Hackers Target macOS Using Flutter-Embedded Malware

5 Ways Behavioral Analytics is Revolutionizing Incident Response

Fintech Giant Finastra Investigating Data Breach

An Interview With the Target & Home Depot Hacker

Microsoft Patch Tuesday, November 2024 Edition

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Canadian Man Arrested in Snowflake Data Extortions

Booking.com Phishers May Leave You With Reservations

Change Healthcare Breach Hits 100M Americans

The Global Surveillance Free-for-All in Mobile Ad Data

Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Steve Bellovin’s Retirement Talk

Why Italy Sells So Much Spyware

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Friday Squid Blogging: Female Gonatus Onyx Squid Carrying Her Eggs

Good Essay on the History of Bad Password Policies

New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

Mapping License Plate Scanners in the US

Criminals Exploiting FBI Emergency Data Requests

Friday Squid Blogging: Squid-A-Rama in Des Moines

AI Industry is Trying to Subvert the Definition of “Open Source AI”

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers