Cybersecurity News

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Who’s Behind the 8Base Ransomware Website?

The victim shaming website operated by the cybercriminals behind 8Base -- currently one of the more active ransomware groups -- was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website's code was written by a 36-year-old programmer residing in the capital city of Moldova.

FBI Hacker Dropped Stolen Airbus Data on 9/11

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle "USDoD" had infiltrated the FBI's vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying all InfraGard members and by seizing the cybercrime forum where the data was being sold. But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while promising to visit the same treatment on top U.S. defense contractors.

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.

Why is .US Being Used to Phish So Many of Us?

Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States.

U.S. Hacks QakBot, Quietly Removes Botnet Infections

The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet's online infrastructure, and quietly removing the Qakbot malware from tens of thousands of infected Microsoft Windows computer systems.

Kroll Employee SIM-Swapped for Crypto Investor Data

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks. Cryptocurrency lender BlockFi and the now-collapsed crypto trading platform FTX each disclosed data breaches this week thanks to a recent SIM-swapping attack targeting an employee of Kroll -- the company handling both firms' bankruptcy restructuring.

Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

In large metropolitan areas, tourists are often easy to spot because they're far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior.

Karma Catches Up to Global Phishing Service 16Shop

You've probably never heard of "16Shop," but there's a good chance someone using it has tried to phish you. Last week, the international police organization INTERPOL said it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. INTERPOL said authorities in Indonesia arrested the 21-year-old proprietor and one of his alleged facilitators, and that a third suspect was apprehended in Japan.

Friday Squid Blogging: New Squid Species

An ancient squid:

New research on fossils has revealed that a vampire-like ancient squid haunted Earth’s oceans 165 million years ago. The study, published in June edition of the journal Papers in Palaeontology, says the creature had a bullet-shaped body with luminous organs, eight arms and sucker attachments. The discovery was made by scientists in France, who used modern imaging technique to analyse the previously discovered fossils. The ancient squid has been named Vampyrofugiens atramentum, which stands for the “fleeing vampire”. The researchers said that these features have never been recorded before...

New Revelations from the Snowden Documents

Jake Appelbaum’s PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden. Nothing major, but a few more tidbits.

Kind of amazing that that all happened ten years ago. At this point, those documents are more historical than anything else.

And it’s unclear who has those archives anymore. According to Appelbaum, The Intercept destroyed their copy.

I recently published an essay about my experiences ten years ago.

On the Cybersecurity Jobs Shortage

In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage:

Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5 million in 2023, with more than 750,000 of those positions in the U.S. Industry efforts to source new talent and tackle burnout continues, but we predict that the disparity between demand and supply will remain through at least 2025.

The numbers never made sense to me, and Ben Rothke has dug in and ...

Detecting AI-Generated Text

There are no reliable ways to distinguish text written by a human from text written by an large language model. OpenAI writes:

Do AI detectors work?

In short, no. While some (including OpenAI) have released tools that purport to detect AI-generated content, none of these have proven to reliably distinguish between AI-generated and human-generated content.
Additionally, ChatGPT has no “knowledge” of what content could be AI-generated. It will sometimes make up responses to questions like “did you write this [essay]?” or “could this have been written by AI?” These responses are random and have no basis in fact. ...

Using Hacked LastPass Keys to Steal Cryptocurrency

Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users?

Well, they’re now using that data break into crypto wallets and drain them: $35 million and counting, all going into a single wallet.

That’s a really profitable hack. (It’s also bad opsec. The hackers need to move and launder all that money quickly.)

Look, I know that online password databases are more convenient. But they’re also risky. This is why my Password Safe...

Friday Squid Blogging: Cleaning Squid

Two links on how to properly clean squid.

I learned a few years ago, in Spain, and got pretty good at it.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

LLM Summary of My Book Beyond Fear

Claude (Anthropic’s LLM) was given this prompt: Please summarize the themes and arguments of Bruce Schneier’s book Beyond Fear. I’m particularly interested in a taxonomy of his ethical arguments—please expand on that. Then lay out the most salient criticisms of the book.

Claude’s reply:

Here’s a brief summary of the key themes and arguments made in security expert Bruce Schneier’s book Beyond Fear: Thinking Sensibly About Security in an Uncertain World:

Central Themes:

Effective security requires realistic risk assessment, not fear-driven responses. We need to rationally determine actual threats versus perceived ones. ...

On Technologies for Automatic Facial Recognition

Interesting article on technologies that will automatically identify people:

With technology like that on Mr. Leyvand’s head, Facebook could prevent users from ever forgetting a colleague’s name, give a reminder at a cocktail party that an acquaintance had kids to ask about or help find someone at a crowded conference. However, six years later, the company now known as Meta has not released a version of that product and Mr. Leyvand has departed for Apple to work on its Vision Pro augmented reality glasses.

The technology is here. Maybe the implementation is still dorky, but that will change. The social implications will be enormous...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak:

I’m speaking at swampUP 2023 in San Jose, California, on September 13, 2023 at 11:35 AM PT.

The list is maintained on this page.

Fake Signal and Telegram Apps in the Google Play Store

Google removed fake Signal and Telegram apps from its Play store.

An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also available in the Samsung app store and on signalplus[.]org, a dedicated website mimicking the official Signal.org. An app calling itself FlyGram, meanwhile, was created by the same threat actor and was available through the same three channels. Google removed it from Play in 2021. Both apps remain available in the Samsung store...

Xenomorph Android Malware Targets Customers of 30 US Banks

The Trojan had mainly been infecting banks in Europe since it first surfaced more than one year ago.

MOVEit Flaw Leads to 900 University Data Breaches

National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.

UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack

The cyberattackers are using the "Deadglyph" custom spyware, whose full capabilities have not yet been uncovered.

The Hot Seat: CISO Accountability in a New Era of SEC Regulation

Updated cybersecurity regulations herald a new era of transparency and accountability in the face of escalating industry vulnerabilities.

Cyber Hygiene: A First Line of Defense Against Evolving Cyberattacks

Back to basics is a good start, but too often security teams don't handle their deployment correctly. Here's how to avoid the common pitfalls.

Don't Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection

Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.

ASPM Is Good, but It's Not a Cure-All for App Security

What application security posture management does, it does well. But you'll still need to fill in some holes, especially concerning API security.

Recast Software Acquires Liquit, Consolidating the Endpoint and Application Management Markets

ClassLink Provides Cybersecurity Training Course to Help Schools Protect Public Directory Data

Wing Security Launches Compliance-Grade SaaS Security Solution for Just $1.5K

Latest Acquisition Powers AI-based Network Detection and Response and Open XDR Capabilities for WatchGuard

TikTok API Rules Stymie User Data Analysis

Terms of service for API access give TikTok publication review over findings and limit access to critical data on the platform's impact on US users, researchers say.

Hackers Let Loose on Voting Gear Ahead of US Election Season

Ethical hackers were given voluntary access to digital scanners, ballot markers, and electronic pollbooks, all in the name of making the voting process more resilient to cyber threats.

Akira Ransomware Mutates to Target Linux Systems

The newly emerged ransomware actively targets both Windows and Linux systems with a double-extortion approach.

NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII

The league is working with more than 100 partners to workshop responses to a host of hypothetical cyberattacks on the upcoming Big Game in Las Vegas.

Apple Fixes 3 More Zero-Day Vulnerabilities

All of the security bugs are under active attacks, but the extent of their exploitation is unknown.

MGM, Caesars Cyberattack Responses Required Brutal Choices

Tens of millions in losses later, the MGM and Caesars systems are back online following dual cyberattacks by the same threat actor — here's what experts say about their incident responses.

Bot Swarm: Attacks From Middle East & Africa Are Notably Up

Most automated attacks from the regions were against e-commerce and telecommunications organizations.

Do CISOs Have to Report Security Flaws to the SEC?

The new SEC rules make it seem that there is no need to report the presence of security vulnerabilities, but that doesn't quite tell the full story.

Guardians of the Cyberverse: Building a Resilient Security Culture

Whether achieved through AI-enabled automation, proactive identification and resolution of issues, or the equitable distribution of risk management responsibilities, the goal must be resilience.

Cisco Moves Into SIEM With $28B Deal to Acquire Splunk

Cisco's surprise agreement could reshape secure information and event management (SIEM) and extended detection and response (XDR) markets.

Mysterious 'Sandman' APT Targets Telecom Sector With Novel Backdoor

The Sandman group's main malware is among the very few that use the Lua scripting language and its just-in-time compiler.

What Does Socrates Have to Do With CPM?

It's time to focus on the "P" in cybersecurity performance management.

Salvador Technologies Wins Funding for $2.2M Cybersecurity Project From BIRD Foundation

'Gold Melody' Access Broker Plays on Unpatched Servers' Strings

A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics.

OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats

T-Mobile Racks Up Third Consumer Data Exposure of 2023

The mobile company states that the issue was due to a glitch that occurred in an update.

Secure Browser Tech Is Having a Moment

Cloud adoption is driving secure browsers' moment in the sun as rumors fly that Palo Alto Networks is looking to snap up Talon.

MGM Restores Casino Operations 10 Days After Cyberattack

The lost revenue due to downtime for gaming and hotel bookings is difficult to ballpark.

Mastering Defense-in-Depth and Data Security in the Cloud Era

Though widely used in many organizations, the concept still requires adaptation when aimed at protecting against new types of attacks.

Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns

A working group is rolling out in developing parts of the world, in response to concerns about the amount of technology being rolled out and across Africa by Chinese companies.

BBTok Banking Trojan Impersonates 40+ Banks to Hijack Victim Accounts

Attackers use convincing fake website interfaces and sophisticated geo-fencing to target users exclusively in Mexico and Brazil with a new variant of the malware.

Hikvision Intercoms Allow Snooping on Neighbors

The intercoms are used in thousands of apartments and offices across the world, and they can be used to spy on targets through the other devices they connect to.

Understanding the Differences Between On-Premises and Cloud Cybersecurity

The nature of cloud environments means security and technical teams need a different mindset to understand and manage their new attack surface.

Will Generative AI Kill the Nigerian Prince Scam?

A linguist analyzes whether GPT will improve the notoriously agrammatical scam — or finally render it a thing of the past.

GitLab Users Advised to Update Against Critical Flaw Immediately

The bug has a CVSS score of 9.6 and allows unauthorized users to compromise private repositories.

Yubico Goes Public

The Swedish maker of Yubikeys has merged with special purpose acquisition company ACQ Bure.

Fake WinRAR PoC Exploit Conceals VenomRAT Malware

A supposed exploit for a notable RCE vulnerability in the popular Windows file-archiving utility delivers a big sting for unwitting researchers and cybercriminals.

FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service

The group's use of malware that forces Windows computers to reboot into Safe Mode before encrypting files is noteworthy, advisory says.

Dig Security Enhances DSPM Platform to Secure Enterprise Data in On-Prem, File-Share Environments

OneLayer Expands Its Private Cellular Network Security Solutions to Operations and Asset Management

83% of IT Security Professionals Say Burnout Causes Data Breaches

Bishop Fox Expands Leadership With First CISO and CTO

International Criminal Court Suffers Cyberattack

The ICC did not reveal details on the cyber breach.

How Choosing Authentication Is a Business-Critical Decision

MFA may go a long way in improving password security, but it's not foolproof.

'Culturestreak' Malware Lurks Inside GitLab Python Package

The GitLab code hijacks computer resources to mine Dero cryptocurrency as part of a larger cryptomining operation.

Changing Role of the CISO: A Holistic Approach Drives the Future

The CISO's role has grown far beyond supervising Patch Tuesday to focus on prevention and response and to cover people, processes, and technology.

Pro-Iranian Attackers Claim to Target Israeli Railroad Network

The veracity of claims by the group known as "Cyber Avengers" has been called into question, as it continues to take credit for hits on various Israeli services.

How to Interpret the 2023 MITRE ATT&CK Evaluation Results

Unpack MITRE's methodology, understand the results, and learn top takeaways from Cynet's evaluation of MITRE's annual security vendor tests.

Companies Rely on Multiple Methods to Secure Generative AI Tools

To protect their own and their customers' data, organizations are exploring different approaches to guard against the unwanted effects of using AI.

China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign

"SprySOCKS" melds features from multiple previously known badware and adds to the threat actor's growing malware arsenal, Trend Micro says.

Trend Micro Patches Zero-Day Endpoint Vulnerability

The critical vulnerability involves uninstalling third-party security products and has been used in cyberattacks.

MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents

MGM and Caesars are putting new SEC incident disclosure regulations to a real-world test in the aftermath of twin cyberattacks on the casinos, as class-action lawsuits loom.

Qatar Cyber Chiefs Warn on Mozilla RCE Bugs

The WebP vulnerability affects multiple browsers besides Firefox and Thunderbird, with active exploitation ongoing.

Name That Toon: Somewhere in Sleepy Hollow

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Clorox Sees Product Shortages Amid Cyberattack Cleanup

Everyone's favorite pandemic-era brand is experiencing store shortages in the wake of a cyberattack that impacted its global production lines — and there's no timeline for normal operations to resume.

CapraRAT Impersonates YouTube to Hijack Android Devices

Pakistani threat group Transparent Tribe targets military and diplomatic personnel in India and Pakistan with romance-themed lures in the latest spyware campaign.

Engineering-Grade OT Protection

The worst-case consequences of cyberattacks are sharply, qualitatively different on IT versus OT networks.

Welcome to the Resilience Revolution, Where Defenders Act More Like Attackers

Dark Reading News Desk interviewed Kelly Shortridge about the role of infrastructure-as-code in helping security teams become more nimble in responding to cyber threats.

'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks

The threat cluster hasn't been seen before, but its custom Windows server backdoors have researchers intrigued thanks to their extremely effective stealth mechanisms.

Niagara Networks and Scope Middle East Announce Strategic VAD Partnership

Omdia Research Finds Risk-Based Vulnerability Management Set to Encompass the Vulnerability Management Market by 2027

Payment Card-Skimming Campaign Now Targeting Websites in North America

"Silent Skimmer" is a technically complex campaign that has successfully targeted online businesses in the Asia Pacific region for over a year.

Microsoft Azure Data Leak Exposes Dangers of File-Sharing Links

Shared Access Signature (SAS) link exposed a storage bucket with 38TB of private data, including passwords, Teams messages, and the backups of two Microsoft AI research employees' workstations.

Security Conferences Keep Us Honest

Conferences are where vendors and security researchers meet face to face to address problems and discuss solutions — despite the risks associated with public disclosure.

LockBit Is Using RMMs to Spread Its Ransomware

The LockBit group is using native IT management software to live off the land, planting and then spreading itself before deploying its ransomware.

Companies Explore Ways to Safeguard Data in the Age of LLMs

Generative AI models are forcing companies to become creative about how they keep employees from giving away sensitive data.

How to Get Your Board on Board With Cybersecurity

CISOs can refine their soft skills to help get their cybersecurity best-practices message across. Steps include increasing staff incident-response training and staying current with the threat landscape.

Dragos Raises $74M in Latest Funding Round

The funds will be used to expand its global presence beyond Europe and the US.

A Playbook for Bridging Africa's Cybersecurity Skills Shortage

A pledge to solve the skills and talent shortage by the US government has seen one Nigerian company join the effort and aid Africa.

Supporting Africa's Cybersecurity Talent Makes the World Safer

The global infosec community needs to help African nations defend against growing threats.

Evaluating New Partners and Vendors From an Identity Security Perspective

Before working with new vendors, it's important to understand the potential risks they may pose to your digital environments.

AI in Software Development: The Good, the Bad, and the Dangerous

Just like with using open source, organizations need to be diligent about testing AI components and understanding where and how it is used in their software.

DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage

Escalating incursions into military base infrastructure, telecom networks, utilities, and more signal that Beijing is laying the groundwork for mass disruption.

Microsoft Flushes Out 'Ncurses' Gremlins

The maintainers of the widely used library recently patched multiple memory corruption vulnerabilities that attackers could have abused to, ahem, curse targets with malicious code and escalate privileges.

Enea Qosmos Threat Detection SDK Launched to Boost the Performance of Network-Based Cybersecurity

CISO Global Deepens Capabilities With Integrated Threat Intelligence Feed

Armis Launches Armis Centrix™, the AI-powered Cyber Exposure Management Platform

Why Shared Fate is a Better Way to Manage Cloud Risk

The shared responsibility model was good enough to cover the first years of the cloud revolution, but the model is showing its limitations. Shared fate is a more mature model for the future of cloud security.

Okta Agent Involved in MGM Resorts Breach, Attackers Claim

ALPHV/BlackCat ransomware operators have used their leak site to "set the record straight" about the MGM Resorts cyberattack. Meanwhile, more attacks abusing Okta could be likely.

Greater Manchester Police Hack Follows Third-Party Supplier Fumble

This incident bears notable resemblance to an attack that occurred just last month affecting London's Metropolitan Police, raising concerns over UK cybersecurity safeguards for public safety.

Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs

For months, the Iran-backed APT has carried out waves of password spray attacks attempting to authenticate to thousands of environments across multiple targets worldwide.

NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware

Ransomware becoming less of a factor as threat actors extort businesses with payment options that are less than regulatory fines.

How to Mitigate Cybersecurity Risks From Misguided Trust

Trust is the crucial bridge between security and people, but excessive or misguided trust can pose serious security risks.

Why Identity Management Is the Key to Stopping APT Cyberattacks

Dark Reading News Desk: CrowdStrike's Adam Meyers talks China, Iran, Russia, and more in this expert dive into the current APT threat actor landscape.

Microsoft Teams Hacks Are Back, as Storm-0324 Embraces TeamsPhisher

Collaboration apps are a boost to business productivity, but also a uniquely attractive target for cyberattackers.

Zero-Click iPhone Exploit Drops Pegasus Spyware on Exiled Russian Journalist

The exploit is one of many that government and intelligence agencies have to infect target devices with the notorious surveillance tool.

MGM, Caesars File SEC Disclosures on Cybersecurity Incidents

Pursuant to new regulation, both gaming companies reported recent cyber incidents to the SEC.

Cybercriminals Use Webex Brand to Target Corporate Users

The false advertisement has been left up for days, flying under the radar by managing to adhere to Google Ads' policies.

Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor

The Russian-speaking ransomware gang continues to update its tactics while managing to steal highly sensitive information from its victims.

Stealer Thugs Behind RedLine & Vidar Pivot to Ransomware

In a notable shift in strategy, the threat actors are abusing code-signing certificates to spread a double whammy of infostealers and ransomware payloads.

How to Transform Security Awareness Into Security Culture

Leverage the human layer as a crucial cog in building cyber resilience within the organization.

Mideast Retailers Dogged by Scam Facebook Pages Offering 'Investment' Opportunities

Around 900 pages were identified as using Arabic language and familiar brand names to snare users and steal their money and personal details — presenting big brand protection issues for retailers.

Cybersecurity and Compliance in the Age of AI

It takes a diverse village of experts to enact effective cybersecurity guidelines, practices, and processes.

Professional Sports: The Next Frontier of Cybersecurity?

Sports teams, major leagues, global sporting associations, and entertainment venues are all home to valuable personal and business data. Here's how to keep them safe.

'Scattered Spider' Behind MGM Cyberattack, Targets Casinos

The ransomware group is a collection of young adults who also recently breached Caesars Entertainment and made a ransom score in the tens of millions.

Claroty Unveils Vulnerability & Risk Management Capabilities to Elevate Risk Reduction for Cyber-Physical Systems

NordVPN Launches Sonar to Prevent Phishing Attacks

Rail Cybersecurity Is a Complex Environment

CISOs in the rail industry must protect an older, more complex infrastructure than most industries. Here are some of the unique, high-stakes challenges.

Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns

All Windows endpoints within a vulnerable Kubernetes cluster are open to command injection attacks, new research finds.

Mom’s Meals issues “Notice of Data Event”: What to know and what to do

It took six months for notifications to start, and we still don't know exactly what went down... but here's our advice on what to do.

S3 Ep149: How many cryptographers does it take to change a light bulb?

Latest episode - listen now! Full transcript inside...

Using WinRAR? Be sure to patch against these code execution bugs…

Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead...

Smart light bulbs could give away your password secrets

Cryptography isn't just about secrecy. You need to take care of authenticity (no imposters!) and integrity (no tampering!) as well.

“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

WYSIWYG is short for "what you see is what you get". Except when it isn't...

S3 Ep148: Remembering crypto heroes

Celebrating the true crypto bros. Listen now (full transcript available).

FBI warns about scams that lure you in as a mobile beta-tester

Apps on your iPhone must come from the App Store. Except when they don't... we explain what to look out for.

“Grab hold and give it a wiggle” – ATM card skimming is still a thing

The rise of tap-to-pay and chip-and-PIN hasn't rid the world of ATM card skimming criminals...

Crimeware server used by NetWalker ransomware seized and shut down

The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back...

S3 Ep147: What if you type in your password during a meeting?

Latest episode - listen now! (Full transcript inside.)

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

Twitter Whistleblower Complaint: The TL;DR Version

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Firewall Bug Under Active Attack Triggers CISA Warning

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Fake Reservation Links Prey on Weary Travelers

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Were you caught up in the latest data breach? Here's how to find out

Wondering if your information is posted online from a data breach? Here's how to check if your accounts are at risk and what to do next.

How to delete yourself from internet search results and hide your identity online

Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.

How to find and remove spyware from your phone

Surveillance software is becoming more advanced. Here's what to do if you think you're being tracked.

Hacked! My Twitter user data is out on the dark web -- now what?

Your Twitter user data may now be out there too, including your phone number. Here's how to check and what you can do about it.

Windows: Still insecure after all these years

OPINION: With every Windows release, Microsoft promises better security. And, sometimes, it makes improvements. But then, well then, we see truly ancient security holes show up yet again.

Stop using Twitter to log in to other websites

With Twitter's growing technical problems, you can't rely on it as your single sign-on for other sites.

How to keep your home secure when you travel

With travel stressful enough, you don't need the anxiety of wondering if your home is protected.

OpenSSL dodges a security bullet

The critical security vulnerability turned out to be two serious vulnerabilities. Still, they need patching ASAP.

Here are the top phone security threats in 2022 and how to avoid them

Your handset is always at risk of being exploited. Here's what to look out for.

Google to wipe user location history for visits to healthcare clinics, domestic violence shelters

Even if location history is enabled, visits to locations considered sensitive will be removed from logs.

This WhatsApp scam promises big, but just sends you into a spiral

Worker shortages are the hook for the phoney government's 'offer.'

Ukrainian police takes down phishing gang behind payments scam

Gang may have defrauded 5,000 people with promises of EU support.

Virtual-world tech company owner arrested over alleged $45m investment fraud scheme

Investment fraud scheme defrauded more than 10,000 victims, says Department of Justice.

The British Army is investigating after its Twitter and YouTube accounts were hijacked

The hijackers used the accounts to promote cryptocurrency and NFTs.

Period tracking apps are no longer safe. Delete them

Opinion: The convenience isn't worth the risk.

Dragonbridge influencers targets rare earth miners, encourages protests to disrupt production

Researchers say that China has 'crossed the line' again with the new online campaign.

Google details commercial spyware that targets both Android and iOS devices

Hermit highlights a wider issue concerning our privacy and freedom.

Scalper bots are snapping up appointments for government services in Israel

Scalpers are snapping up public service appointments and selling them on.

These hackers are spreading ransomware as a distraction - to hide their cyber spying

Five ransomware strains have been linked to Bronze Starlight activities.

Ukrainian organizations warned of hacking attempts using CredoMap malware, Cobalt Strike beacons

Russian hackers continue their attempts to break into the systems of Ukrainian organisations, this time with phishing and fake emails.

Stealthy APT Gelsemium Seen Targeting Southeast Asian Government

A stealthy APT known as Gelsemium has been observed targeting a government entity in Southeast Asia for persistence and intelligence collection.

The post Stealthy APT Gelsemium Seen Targeting Southeast Asian Government appeared first on SecurityWeek.

Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role

Kosi Goodness Simon-Ebo, a Nigerian national, pleaded guilty in a US court to his involvement in a million-dollar BEC fraud scheme.

The post Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role appeared first on SecurityWeek.

900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse

Nearly 900 US schools are impacted by the MOVEit hack at the educational nonprofit National Student Clearinghouse.

The post 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse appeared first on SecurityWeek.

City of Dallas Details Ransomware Attack Impact, Costs

City of Dallas has approved an $8.5 million budget to restore systems following a Royal ransomware attack in May 2023.

The post City of Dallas Details Ransomware Attack Impact, Costs appeared first on SecurityWeek.

In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover

A critical vulnerability in the TeamCity CI/CD server could allow unauthenticated attackers to execute code and take over vulnerable servers.

The post In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover appeared first on SecurityWeek.

Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks

Predator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks.

The post Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks appeared first on SecurityWeek.

Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware

Egyptian opposition politician Ahmed Altantawy was targeted with spyware after announcing a presidential bid, security researchers reported

The post Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware appeared first on SecurityWeek.

In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking

Noteworthy stories that might have slipped under the radar: Snowden file analysis, Yubico starts trading, election hacking event.

The post In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking appeared first on SecurityWeek.

China’s Offensive Cyber Operations in Africa Support Soft Power Efforts

Chinese state-sponsored threat groups have targeted telecoms, financial and government organizations in Africa as part of soft power efforts.

The post China’s Offensive Cyber Operations in Africa Support Soft Power Efforts appeared first on SecurityWeek.

Air Canada Says Employee Information Accessed in Cyberattack

Canada’s largest airline says the personal information of some employees was accessed in a recent cyberattack.

The post Air Canada Says Employee Information Accessed in Cyberattack appeared first on SecurityWeek.

Mixin suspends deposits and withdrawals after $200m cryptocurrency heist

Cloud provider blamed for loss of 20% of exchange's capital

Mixin Network confirmd on Monday that it has "temporarily suspended" all deposit and withdrawal services after hackers broke into a database and stole about $200 million in funds from the Hong-Kong based cryptocurrency firm. …

T-Mobile US exposes some customer data – but don't call it a breach

PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns

Infosec in brief T-Mobile US has had another bad week on the infosec front – this time stemming from a system glitch that exposed customer account data, followed by allegations of another breach the carrier denied.…

Apple squashes security bugs after iPhone flaws exploited by Predator spyware

Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab

Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware.…

ESA gets the job of building Europe's secure satcomms network

IRIS² oversight deal signed as constellation’s schedule slips, and Ariane 6 hits another snag

The European Space Agency has signed up to build and launch the European Union's Infrastructure for Resilience, Interconnectivity and Security by Satellite constellation.…

US govt IT help desk techie 'leaked top secrets' to foreign nation

National defense files can earn you $55K … and espionage charges

A US government worker has been arrested and charged with spying for Ethiopia, according to court documents unsealed Thursday.…

TransUnion reckons big dump of stolen customer data came from someone else

Prolific info-thief strikes again

Updated Days after a miscreant boasted leaking a 3GB-plus database from TransUnion containing financial information on 58,505 people, the credit-checking agency has claimed the info was actually swiped from a third party.…

Cisco spends $28B on data cruncher Splunk in cybersecurity push

$157/share cash deal is the largest acquisition in networking titan's history

Cisco is making its most expensive acquisition ever – by far - with an announcement it's buying data crunching software firm Splunk for $157 per share, or approximately $28 billion (£22.8b).…

Menacing marketeers fined by ICO for 1.9M cold calls

Five businesses facing half a million in collective penalties for illegally phoning folk registered with TPS

The UK data watchdog has penalized five businesses it says collectively made 1.9 million cold calls to members of the public, illegally, as those people had opted out of being menaced at home by marketeers.…

India's biggest tech centers named as cyber crime hotspots

Global tech companies' Bharat offices attract the wrong sort of interest

India is grappling with a three-and-a-half year surge in cyber crime, with analysis suggesting cities like Bengaluru and Gurugram – centers of India's tech development – are hubs of this activity.…

Data breach reveals distressing info: People who order pineapple on pizza

Pizza Hut Australia says 190,000 customers' info – including order history – has been accessed

Pizza Hut's Australian outpost has suffered a data breach.…

Feds raise alarm over Snatch ransomware as extortion crew brags of Veterans Affairs hit

Invasion of the data snatchers

The Snatch ransomware crew has listed on its dark-web site the Florida Department of Veterans Affairs as one of its latest victims – as the Feds warn organizations to be on the lookout for indicators of compromise linked to the extortionist gang.…

Signal adopts new alphabet jumble to protect chats from quantum computers

X3DH readied for retirement as PQXDH is rolled out

Signal has adopted a new key agreement protocol in an effort to keep encrypted Signal chat messages protected from any future quantum computers.…

International Criminal Court hit in cyber-attack amid Russia war crimes probe

Right as judges issued warrants against Putin

The International Criminal Court said crooks breached its IT systems last week, and that attack isn't over yet, with the ICC saying the "cybersecurity incident" is still ongoing.…

Pot calls the kettle hack as China claims Uncle Sam did digital sneak peek first

Beijing accuses US of breaking into Huawei servers in 2009

The ongoing face-off between Washington and Beijing over technology and security issues has taken a new twist, with China accusing the US of hacking into the servers of Huawei in 2009 and conducting other cyber-attacks to steal critical data.…

Robocall scammers sentenced in US after netting $1.2M via India-based call centers

Part of network of crims who used 'trickery and threats' to target elderly, says US Attorney

Two Indian nationals each received 41-month prison sentences for their involvement in $1.2 million worth of robocall scams targeting the elderly, according to the district of New Jersey’s attorney's office on Tuesday.…

Sysadmin and spouse admit to part in 'massive' pirated Avaya licenses scam

Could spend 20 years in prison after selling $88M in ADI software keys

A sysadmin and his partner pleaded guilty this week to being part of a "massive" international ring that sold software licenses worth $88 million for "significantly below the wholesale price."…

Broaden your cyber security knowhow at CyberThreat 2023

November’s two day conference sees experts from the cyber security community share their insight and knowledge

Sponsored Post Cyber security remains a top three priority for most, if not all, organisations. The risks associated with failure to implement adequate defences were once again highlighted by the ransomware incident which impacted several hospital computer systems across the US last month.…

Singapore may split liability for phishing losses between banks and victims

Won't someone please think of the banks?

Singapore officials announced on Monday that next month they will deliver a consultation paper detailing a split liability scheme that will mean both consumers and banks are on the hook for financial losses flowing from scams.…

Marvell disputes claim Cavium backdoored chips for Uncle Sam

Allegations date back a decade to leaked Snowden docs

Cavium, a maker of semiconductors acquired in 2018 by Marvell, was allegedly identified in documents leaked in 2013 by Edward Snowden as a vendor of semiconductors backdoored for US intelligence. Marvell denies it or Cavium placed backdoors in products at the behest of the US government.…

Russian allegedly smuggled US weapons electronics to Moscow

Feds claim sniper scope displays sold in sanctions-busting move

A Russian national helped smuggle, via shell companies in Hong Kong, more than $1.6 million in microelectronics to Moscow potentially to support its war against Ukraine, it is claimed.…

The Clorox Company admits cyberattack causing 'widescale disruption'

Back to 'manual' order processing for $7B household cleaning biz, financial impact will be 'material'

The Clorox Company, makers of bleach and other household cleaning products, doesn't expect operations to return to normal until near month end as it combs over "widescale disruption to operations" caused by cyber baddies.…

Australia to build six 'cyber shields' to defend its shores

Local corporate regulator warns boards that cyber is totally a directorial duty

Australia will build "six cyber shields around our nation" declared home affairs minister Clare O'Neill yesterday, as part of a national cyber security strategy.…

Thousands of Juniper Junos firewalls still open to hijacks, exploit code available to all

Unauthenticated and remote code execution possible without dropping a file on disk

About 79 percent of public-facing Juniper SRX firewalls remain vulnerable to a single security flaw can allow an unauthenticated attacker to remotely execute code on the devices, according to threat intelligence platform provider VulnCheck.…

Former CIO accuses Penn State of faking cybersecurity compliance

Now-NASA boffin not impressed

Last October, Pennsylvania State University (Penn State) was sued by a former chief information officer for allegedly falsifying government security compliance reports.…

Microsoft worker accidentally exposes 38TB of sensitive data in GitHub blunder

Included secrets, private keys, passwords, 30,000+ internal Teams messages

A Microsoft employee accidentally exposed 38 terabytes of private data while publishing a bucket of open-source AI training data on GitHub, according to Wiz security researchers who spotted the leaky account and reported it to the Windows giant.…

California passes bill to set up one-stop data deletion shop

Also, LockBit gets a new second stringer, AirTag owners find yet another illicit use, and this week's critical vulns

Infosec in brief Californians may be on their way to the nation's first "do not broker" list with the passage of a bill that would create a one-stop service for residents of the Golden State who want to opt out of being tracked by data brokers. …

Cryptojackers spread their nets to capture more than just EC2

AMBERSQUID operation takes AWS's paths less travelled in search of compute

As cloud native computing continues to gain popularity, so does the risk posed by criminals seeking to exploit the unwary. One newly spotted method targets services on the AWS platform, but not necessarily the ones you might think.…

Probe reveals previously secret Israeli spyware that infects targets via ads

Oh s#!t, Sherlock

Israeli software maker Insanet has reportedly developed a commercial product called Sherlock that can infect devices via online adverts to snoop on targets and collect data about them for the biz's clients.…

Scattered Spider traps 100+ victims in its web as it moves into ransomware

Mandiant warns casino raiders are doubling down on 'monetization strategies'

Scattered Spider, the crew behind at least one of the recent Las Vegas casino IT security breaches, has already hit some 100 organizations during its so-far brief tenure in the cybercrime scene, according to Mandiant.…

Google throws California $93M to make location tracking lawsuit disappear

Half a percent of last quarter's net income? That'll teach 'em

Google has been hit with another lawsuit alleging it deceived users about its collection, storage, and use of their location data, this time from the state of California. Yet it's over before it really began.…

Greater Manchester Police ransomware attack another classic demo of supply chain challenges

Are you the weakest link?

The UK's Greater Manchester Police (GMP) has admitted that crooks have got their mitts on some of its data after a third-party supplier responsible for ID badges was attacked.…

US-Canada water org confirms 'cybersecurity incident' after ransomware crew threatens leak

NoEscape promises 'colossal wave of problems' if IJC doesn't pay up

The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB of data from the organization.…

Caesars says cyber-crooks stole customer data as MGM casino outage drags on

Zero-days are so 2022. Why not just social engineer the help desk?

Updated Casino giant Caesars Entertainment has confirmed miscreants stole a database containing customer info, including driver license and social security numbers for a "significant number" of its loyalty program members, in a social engineering attack earlier this month.…

Rollbar might be good at tracking bugs, uninvited guests not so much

Company noticed data warehouse break-in via compromised account a month later

Cloud-based bug tracking and monitoring platform Rollbar has warned users that attackers have rifled through their data.…

Watchdog urges change of HART: Late, expensive US biometric ID under fire

Homeland Security told to mind costs, fix up privacy controls

Twice delayed and over budget, the US Department of Homeland Security (DHS) has been told by the Government Accountability Office (GAO) that it needs to correct shortcomings in its biometric identification program.…

Uncle Sam warns deepfakes are coming for your brand and bank account

No, your CEO is not on Teams asking you to transfer money

Deepfakes are coming for your brand, bank accounts, and corporate IP, according to a warning from US law enforcement and cyber agencies.…

Airbus suffers data leak turbulence to cybercrooks' delight

Ransomware group nicked info from employee of airline, say researchers

Aerospace giant Airbus has fallen victim to a data breach, thanks in part to the inattention of a third party.…

Used cars? Try used car accounts: 15,000 up for grabs online at just $2 a pop

Cut and shut is so last century, now it's copy and clone

Researchers have found almost 15,000 automotive accounts for sale online and pointed at a credential-stuffing attack that targeted car makers.…

How to snoop on passwords with this one weird trick (involving public Wi-Fi signals)

Fun technique – but how practical is it?

Some smart cookies at institutions in China and Singapore have devised a technique for reading keystrokes and pilfering passwords or passcodes from Wi-Fi-connected mobile devices on public networks, without any hardware hacking.…

Capita class action: 2,000 folks affected by data theft sign up

Pensioners, employees and medical pros among those aiming to be compensated for data exposure

The number of claimants signing up to a collective action against Capita over the infamous March cyber security break-in and subsequent data exposure keeps going up, according to the lawyer overseeing the case.…

Ransomware attack hits Sri Lanka government, causing data loss

Running unsupported and unpatched versions of Exchange Server will do that to a country

Sri Lanka's Computer Emergency Readiness Team (CERT) is currently investigating a ransomware attack on the government's cloud infrastructure that affected around 5,000 email accounts, it revealed on Tuesday.…

China caught – again – with its malware in another nation's power grid

'Obtaining a disruptive capability could be one possible motivation behind this surge in attacks'

Espionage-ware thought to have been developed by China has once again been spotted within the power grid of a neighboring nation.…

Grab those updates: Microsoft flings out fixes for already-exploited bugs

Plus: Adobe and Android also tackle abused-in-the-wild flaws

Patch Tuesday It's every Windows admin's favorite day of the month: Patch Tuesday. Microsoft emitted 59 patches for its September update batch, including two for bugs that have already been exploited.…

OpenSSL 1.1.1 reaches end of life for all but the well-heeled

$50k to breathe new life into its corpse. The rest of us must move on to OpenSSL 3.0

OpenSSL 1.1.1 has reached the end of its life, making a move to a later version essential for all, bar those with extremely deep pockets.…

Chrome, Firefox and more caught with their WebP down, offer hasty patch-up

Exploit observed in the wild against codec lib in browsers, apps

Updated Google and Mozilla have rushed out a fix for a vulnerability within their browsers – Chrome and Firefox, respectively – noting an exploit already exists in the wild.…

Save the Children hit by ransomware, 7TB stolen

A new low, even for these lowlifes

Updated Cybercrime crew BianLian says it has broken into the IT systems of a top nonprofit and stolen a ton of files, including what the miscreants claim is financial, health, and medical data.…

MGM Resorts shuts down website, computer systems after 'cybersecurity incident'

Ransomware? Some would be willing to bet on that

MGM Resorts has shut down some of its IT systems following a "cybersecurity incident" that the casino-and-hotel giant says is currently under investigation.…

Huge DDoS attack against US financial institution thwarted

Akamai reckons traffic flood peaked at 55.1 million packets per second

Akamai says it thwarted a major distributed denial-of-service (DDoS) attack aimed at a US bank that peaked at 55.1 million packets per second earlier this month.…

Google warns infoseccers: Beware of North Korean spies sliding into your DMs

ALSO: Verizon turns self in for reduced fine, malvertising comes to macOS, and this week's critical vulnerabilities

Infosec in brief Watch out, cyber security researchers: Suspected North Korean-backed hackers are targeting members of the infosec community again, according to Google's Threat Analysis Group (TAG).…

Apple races to patch the latest zero-day iPhone exploit

No user interaction needed for this one as Pegasus turns up via iMessage

Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild.…

Sophisticated APT Clusters Target Southeast Asia

Unit 42 uncovered three separate threat actor clusters: Stately Taurus, Alloy Taurus and Gelsemium

China-Linked EvilBamboo Targets Mobiles

This extensive operation is directed at Tibetan, Uyghur and Taiwanese individuals and organizations

Voting Equipment Giants Team Up For Security

The move aims to combat the rampant spread of misinformation among American voters

Web3 Platform Mixin Network Hit by $200m Crypto Hack

The decentralized finance network has suspended deposits and withdrawals after what could be one of the biggest cyber-attacks on cryptocurrency projects

BEC Scammer Pleads Guilty to Part in $6m Scheme

Nigerian was extradited to the US from Canada

Researchers Spot Novel “Deadglyph” Backdoor

Malware is linked to UAE-backed spies

Almost 900 US Schools Breached Via MOVEit

National Student Clearinghouse reveals more details of incident

CISA and NFL Collaborate to Secure Super Bowl LVIII

Tabletop exercise assessed the cybersecurity response capabilities, plans and procedures for the event

Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023

Kaspersky said these services range from $20 per day to $10,000 a month

Elusive Sandman APT Targets Telecom Giants With LuaJIT Toolkit

SentinelLabs said the group’s tactics focus on stealthy lateral movements and minimal interactions

#mWISE: Why Zero Days Are Set for Highest Year on Record

Experts at the mWISE conference discussed who is behind the surge in zero-day exploits

US Government IT Staffer Arrested on Espionage Charges

Maryland resident faces possible death penalty

Zyxel announces WiFi 6-enabled security firewalls for small- and medium-sized business networks

Zyxel Networks announced the addition of WiFi 6-enabled security firewalls to its ZyWALL USG FLEX 100 firewall series. Zyxel’s new USG FLEX 100AX Firewall supports WiFi 6 (802.11ax) to provide wired and wireless solutions that deliver holistic security and protection for small- and medium-sized business networks. Compatible with Zyxel’s scalable Nebula Cloud Networking Solution, the flexible USG FLEX 100AX firewall enables users to provide a centrally-provisioned security policy to the remote workforce, and manage all … More →

The post Zyxel announces WiFi 6-enabled security firewalls for small- and medium-sized business networks appeared first on Help Net Security.

Amazon collaborates with Anthropic to advance generative AI

Amazon and Anthropic announced a strategic collaboration that will bring together their respective technology and expertise in safer generative AI to accelerate the development of Anthropic’s future foundation models and make them widely accessible to AWS customers. As part of the expanded collaboration: Anthropic will use AWS Trainium and Inferentia chips to build, train, and deploy its future foundation models, benefitting from the price, performance, scale, and security of AWS. The two companies will also … More →

The post Amazon collaborates with Anthropic to advance generative AI appeared first on Help Net Security.

Allegro Packets boosts analysis performance with new features and enhancements

Allegro Packets is providing network professionals with enhanced functionality with its new Release 4.1. More than 100 new features, improvements and bug fixes are included in the update, which is now available to all customers. “With Release 4.1, we continue our commitment to improving network analysis. With the new features and enhancements, we offer our customers extended capabilities to analyze their network data. We also implemented features to more easily comply with any privacy policies,” … More →

The post Allegro Packets boosts analysis performance with new features and enhancements appeared first on Help Net Security.

National Student Clearinghouse MOVEit breach impacts nearly 900 schools

US educational nonprofit organization National Student Clearinghouse (NSC) has revealed that the breach of its MOVEit server ended up affecting almost 900 colleges and universities, and resulted in the theft of personal information of their students. The National Student Clearinghouse MOVEit breach notice NSC provides educational reporting, data exchange, verification, and research services to around 3,600 North American colleges and universities and 22,000 high schools. NSC has filed a breach notification letter with the California … More →

The post National Student Clearinghouse MOVEit breach impacts nearly 900 schools appeared first on Help Net Security.

Thunder Shield Security introduces Custos to help organizations identify critical vulnerabilities

Thunder Shield Security announced Custos, its next-generation scanning platform equipped with artificial intelligence and machine learning to proactively combat cyber threats and safeguard organizations. Custos streamlines cybersecurity with a comprehensive toolkit, including a URL fuzzer, website, network, TCP, UDP, SSL, WordPress and Drupal scanners, and Custos Strike, TSS’s proprietary automatic penetration testing tool. This unified platform is tailored for effortless implementation, catering to businesses of all sizes with diverse cybersecurity requirements. Comprehensive cybersecurity platform: Custos … More →

The post Thunder Shield Security introduces Custos to help organizations identify critical vulnerabilities appeared first on Help Net Security.

BinDiff: Open-source comparison tool for binary files

BinDiff is a binary file comparison tool to find differences and similarities in disassembled code quickly. It was made open source today. With BinDiff, you can identify and isolate fixes for vulnerabilities in vendor-supplied patches. You can also port symbols and comments between disassemblies of multiple versions of the same binary or use BinDiff to gather evidence for code theft or patent infringement. Use cases Compare binary files for x86, MIPS, ARM, PowerPC, and other … More →

The post BinDiff: Open-source comparison tool for binary files appeared first on Help Net Security.

Hands-on threat simulations: Empower cybersecurity teams to confidently combat threats

Security processes are increasingly automated which has led some businesses to deprioritize developing their security teams’ defense skills. While antivirus and non-human generated threat detections efficiently identify vulnerabilities, they cannot detect every single threat. With the rising number of cyber-attacks, organizations must make sure they are ready to defend themselves. That means equipping cybersecurity teams with sufficient skills to identify and effectively stop an attack in its tracks. Worryingly, only 17% of tech workers are … More →

The post Hands-on threat simulations: Empower cybersecurity teams to confidently combat threats appeared first on Help Net Security.

How global enterprises navigate the complex world of data privacy

In this Help Net Security interview, Evelyn de Souza, Head of Privacy Compliance, Oracle SaaS Cloud, talks about the constant efforts required to keep up with privacy laws in each country, and ensuring compliance across the entire organization. She also discusses the main challenges in implementing consistent privacy policies across various departments and regions and how to address them. The views and ideas expressed within the content are solely the author’s and not of any … More →

The post How global enterprises navigate the complex world of data privacy appeared first on Help Net Security.

Balancing cybersecurity with convenience and progress

Changing approaches to cybersecurity have led to slow but steady progress in defense and protection. Still, competing interests create a growing challenge for cybersecurity decision makers and practitioners, according to CompTIA. The state of cybersecurity Most business and technology professionals feel that cybersecurity is improving, both generally and within their organizations. They also acknowledge that the stakes have grown dramatically, with the number of cybercriminals and threats skyrocketing. At the same time, companies are capturing … More →

The post Balancing cybersecurity with convenience and progress appeared first on Help Net Security.

Current ransomware defensive efforts are not working

Despite some positive developments, the impact of ransomware attacks remains high, according to SpyCloud. Infostealer infections preceded 22% of ransomware events for North American and European ransomware victim companies in 2023 – with common infostealers such as Raccoon, Vidar, and Redline increasing the probability even further. SpyCloud’s analysis shows that 76% of infections that preceded these ransomware events involved Raccoon infostealer malware. Ransomware is a malware problem at its core Despite shifting priorities to better … More →

The post Current ransomware defensive efforts are not working appeared first on Help Net Security.

ESET's cutting-edge threat research at LABScon – Week in security with Tony Anscombe

Two ESET malware researchers took to the LABScon stage this year to deconstruct sophisticated attacks conducted by two well-known APT groups

Ballistic Bobcat's Sponsor backdoor – Week in security with Tony Anscombe

Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States

10 tips to ace your cybersecurity job interview

Once you’ve made it past the initial screening process and secured that all-important interview, it’s time to seal the deal. These 10 tips will put you on the right track.

Stealth Falcon preying over Middle Eastern skies with Deadglyph

ESET researchers have discovered Deadglyph, a sophisticated backdoor used by the infamous Stealth Falcon group for espionage in the Middle East

OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes

ESET researchers document OilRig’s Outer Space and Juicy Mix campaigns, targeting Israeli organizations in 2021 and 2022

Read it right! How to spot scams on Reddit

Do you know what types of scams and other fakery you should look out for when using a platform that once billed itself as “the front page of the Internet”?

Will you give X your biometric data? – Week in security with Tony Anscombe

The update to X's privacy policy has sparked some questions among privacy and security folks, including how long X will retain users' biometric information and how the data will be stored and secured

ESET Research Podcast: Sextortion, digital usury and SQL brute-force

Closing intrusion vectors force cybercriminals to revisit old attack avenues, but also to look for new ways to attack their victims

Staying ahead of threats: 5 cybercrime trends to watch

New reports from Europol and the UK’s National Crime Agency (NCA) shed a light on how the battle against cybercrime is being fought

Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor

ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor

Fake Signal and Telegram apps – Week in security with Tony Anscombe

ESET research uncovers active campaigns targeting Android users and spreading espionage code through the Google Play store, Samsung Galaxy Store and dedicated websites

Getting off the hook: 10 steps to take after clicking on a phishing link

Phishing emails are a weapon of choice for criminals intent on stealing people’s personal data and planting malware on their devices. The healing process does not end with antivirus scanning.

ESET Research Podcast: Unmasking MoustachedBouncer

Listen as ESET's Director of Threat Research Jean-Ian Boutin unravels the tactics, techniques and procedures of MoustachedBouncer, an APT group taking aim at foreign embassies in Belarus

How a Telegram bot helps scammers target victims – Week in security with Tony Anscombe

ESET researchers uncover a Telegram bot that enables even less tech-savvy scammers to defraud people out of their money

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps

ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs

What you need to know about iCloud Private Relay

If you want to try to enter the world of VPNs with a small dip, then iCloud Private Relay is your friend — but is it a true VPN service? The devil is in the details.

Recovering from a supply-chain attack: What are the lessons to learn from the 3CX hack?

The campaign started with a trojanized version of unsupported financial software

Scarabs colon-izing vulnerable servers

Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle

Evacuation of 30,000 hackers – Week in security with Tony Anscombe

DEF CON, the annual hacker convention in Las Vegas, was interrupted on Saturday evening when authorities evacuated the event's venue due to a bomb threat

DEF CON 31: US DoD urges hackers to go and hack ‘AI’

The limits of current AI need to be tested before we can rely on their output

DEF CON 31: Robot vacuums may be doing more than they claim

When it comes to privacy, it remains complicated and near impossible for a consumer to make an informed decision.

20k security folks in the desert – Week in security with Tony Anscombe

Unsurprisingly, artificial intelligence took the center stage at this year's edition of Black Hat, one of the world's largest gatherings of cybersecurity professionals

Black Hat 2023: How AI changes the monetization of search

Search engines, AI, and monetization in the new era

Black Hat 2023: Hacking the police (at least their radios)

Hiding behind a black box and hoping no one will hack it has been routinely proven to be unwise and less secure.

A Bard’s Tale – how fake AI bots try to install malware

The AI race is on! It’s easy to lose track of the latest developments and possibilities, and yet everyone wants to see firsthand what the hype is about. Heydays for cybercriminals!

Black Hat 2023: ‘Teenage’ AI not enough for cyberthreat intelligence

Current LLMs are just not mature enough for high-level tasks

Black Hat 2023: AI gets big defender prize money

Black Hat is big on AI this year, and for a good reason

Black Hat 2023: Cyberwar fire-and-forget-me-not

What happens to cyberweapons after a cyberwar?

Mass-spreading campaign targeting Zimbra users

ESET researchers have observed a new phishing campaign targeting users of the Zimbra Collaboration email server.

Telekopye: Hunting Mammoths using Telegram bot

Analysis of Telegram bot that helps cybercriminals scam people on online marketplaces

Check cybersecurity pre-invest – Week in security with Tony Anscombe

When you invest in a company, do you check its cybersecurity? The U.S. Securities and Exchange Commission has adopted new cybersecurity rules.

MoustachedBouncer: Espionage against foreign diplomats in Belarus

Long-term espionage against diplomats, leveraging email-based C&C protocols, C++ modular backdoors, and adversary-in-the-middle (AitM) attacks… Sounds like the infamous Turla? Think again!

Time is money, and online game scammers have lots of it

Gamers and cybersecurity professionals have something in common – the ever-terrible presence of hacking, scams, and data theft – but how and why would anyone want to target gamers?

Is backdoor access oppressive? – Week in security with Tony Anscombe

Bills granting access to end-to-end encrypted systems, opportunity for cybercriminals, abuse by authority, human rights, and tech companies leaving the UK?

The grand theft of Jake Moore’s voice: The concept of a virtual kidnap

With powerful AI, it doesn’t take much to fake a person virtually, and while there are some limitations, voice-cloning can have some dangerous consequences.

Fingerprints all over: Can browser fingerprinting increase website security?

Browser fingerprinting is supposedly a more privacy-conscious tracking method, replacing personal information with more general data. But is it a valid promise?

Quantum computing: Will it break crypto security within a few years?

Current cryptographic security methods watch out - quantum computing is coming for your lunch.

Gathering dust and data: How robotic vacuums can spy on you

Mitigate the risk of data leaks with a careful review of the product and the proper settings.

Dear all, What are some common subject lines in phishing emails?

Scammers exploit current ongoing events, account notifications, corporate communication, and a sense of urgency.

What happens if AI is wrong? – Week in security with Tony Anscombe

Responses generated by ChatGPT about individual people could be misleading or harmful or spill their personal information. What are the takeaways for you as a ChatGPT user?

8 common work-from-home scams to avoid

That ‘employer’ you’re speaking to may in reality be after your personal information, your money or your help with their illegal activities

Protect yourself from ticketing scams ahead of the Premier League Summer Series USA Tour

There is a significant secondary marketplace where tickets can sell for several times their original value, opening the opportunity for scammers and fraud

Child identity theft: how do I keep my kids’ personal data safe?

Why is kids’ personal information in high demand, how do criminals steal it, and what can parents do to help prevent child identity theft?

Key findings from ESET Threat Report H1 2023 – Week in security with Tony Anscombe

Here's how cybercriminals have adjusted their tactics in response to Microsoft's stricter security policies, plus other interesting findings from ESET's new Threat Report

The danger within: 5 steps you can take to combat insider threats

Some threats may be closer than you think. Are security risks that originate from your own trusted employees on your radar?

ESET Research Podcast: Finding the mythical BlackLotus bootkit

Here's a story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat

ESET Threat Report H1 2023

A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Emotet: sold or on vacation? – Week in security with Tony Anscombe

Originally a banking trojan, Emotet later evolved into a full-blown botnet and went on to become one of the most dangerous cyberthreats worldwide

What’s up with Emotet?

A brief summary of what happened with Emotet since its comeback in November 2021

Deepfaking it: What to know about deepfake-driven sextortion schemes

Criminals increasingly create deepfake nudes from people’s benign public photos in order to extort money from them, the FBI warns

Verizon 2023 DBIR: What’s new this year and top takeaways for SMBs

Here are some of the key insights on the evolving data breach landscape as revealed by Verizon’s analysis of more than 16,000 incidents

The good, the bad and the ugly of AI – Week in security with Tony Anscombe

The growing use of synthetic media and the difficulties in distinguishing between real and fake content raise a slew of legal and ethical questions

Employee monitoring: Is ‘bossware’ right for your company?

While employee monitoring software may boost productivity, it may also be a potential privacy minefield and it can affect your relationship with your employees

School’s out for summer, but it’s not time to let your cyber guard down

The beginning of the summer break is the perfect time for parents to remind their children about the importance of safe online habits

What to know about the MOVEit hack – Week in security with Tony Anscombe

The US government has now announced a bounty of $10 million for intel linking the Cl0p ransomware gang to a foreign government

Maltego: Check how exposed you are online

A primer on how to use this powerful tool for uncovering and connecting information from publicly available sources

Going on vacation soon? Stay one step ahead of travel scams

From bogus free trips to fake rental homes, here are some of the most common online threats you should look out for both before and during your travels

Passwords out, passkeys in: are you ready to make the switch?

With passkeys poised for prime time, passwords seem passé. What are the main benefits of ditching one in favor of the other?

Is a RAT stealing your files? – Week in security with Tony Anscombe

Could your Android phone be home to a remote access tool (RAT) that steals WhatsApp backups or performs other shenanigans?

Stop Cyberbullying Day: Prevention is everyone's responsibility

Strategies for stopping and responding to cyberbullying require a concerted, community-wide effort involving parents, educators and children themselves

Android GravityRAT goes after WhatsApp backups

ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files

Cyber insurance: What is it and does my company need it?

While not a 'get out of jail free card' for your business, cyber insurance can help insulate it from the financial impact of a cyber-incident

Mixing cybercrime and cyberespionage – Week in security with Tony Anscombe

A crimeware group that usually targets individuals and SMBs in North America and Europe adds cyberespionage to its activities

Asylum Ambuscade: crimeware or cyberespionage?

A curious case of a threat actor at the border between crimeware and cyberespionage

Hear no evil: Ultrasound attacks on voice assistants

How your voice assistant could do the bidding of a hacker – without you ever hearing a thing

7 tips for spotting a fake mobile app

Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future

API security in the spotlight – Week in security with Tony Anscombe

Given the reliance of today's digital world on APIs and the fact that attacks targeting them continue to rise sharply, API security cannot be an afterthought.

All eyes on APIs: Top 3 API security risks and how to mitigate them

As APIs are a favorite target for threat actors, the challenge of securing the glue that holds various software elements together is taking on increasing urgency

5 free OSINT tools for social media

A roundup of some of the handiest tools for the collection and analysis of publicly available data from Twitter, Facebook and other social media platforms

Tricks of the trade: How a cybercrime ring operated a multi-level fraud scheme

A peek under the hood of a cybercrime operation and what you can do to avoid being an easy target for similar ploys

How an innocuous app morphed into a trojan – Week in security with Tony Anscombe

ESET research uncovers an Android app that initially had no harmful features but months later turned into a spying tool

Shedding light on AceCryptor and its operation

ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families

Digital security for the self-employed: Staying safe without an IT team to help

Nobody wants to spend their time dealing with the fallout of a security incident instead of building up their business

Android app breaking bad: From legitimate screen recording to file exfiltration within a year

ESET researchers discover AhRat – a new Android RAT based on AhMyth – that exfiltrates files and records audio

The real cost of a free lunch – Week in security with Tony Anscombe

Don't download software from non-reputable websites and sketchy links – you might be in for more than you bargained for

Top 5 search engines for internet-connected devices and services

A roundup of some of the handiest tools that security professionals can use to search for and monitor devices that are accessible from the internet

Meet “AI”, your new colleague: could it expose your company's secrets?

Before rushing to embrace the LLM-powered hire, make sure your organization has safeguards in place to avoid putting its business and customer data at risk

You may not care where you download software from, but malware does

Why do people still download files from sketchy places and get compromised as a result?

Key findings from ESET's new APT Activity Report – Week in security with Tony Anscombe

What have some of the world's most infamous advanced threat actors been up to and what might be the implications of their activities for your business?

Why you need parental control software – and 5 features to look for

Strike a balance between making the internet a safer place for your children and giving them the freedom to explore, learn and socialize

Turning on stealth mode: 5 simple strategies for staying under the radar online

Have your cake and eat it too – enjoy some of what the online world has to offer without always giving out your contact details

ESET APT Activity Report Q4 2022–Q1 2023

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2022 and Q1 2023

How the war in Ukraine has been a catalyst in private-public collaborations

As the war shows no signs of ending and cyber-activity by states and criminal groups remains high, conversations around the cyber-resilience of critical infrastructure have never been more vital

APTs target MSP access to customer networks – Week in security with Tony Anscombe

The recent compromise of the networks of several companies via the abuse of a remote access tool used by MSPs exemplifies why state-aligned threat actors should be on the radars of IT service providers

Creating strong, yet user-friendly passwords: Tips for your business password policy

Don’t torture people with exceedingly complex password composition rules but do blacklist commonly used passwords, plus other ways to help people help themselves – and your entire organization

Using Discord? Don’t play down its privacy and security risks

It’s all fun and games until someone gets hacked – here’s what to know about, and how to avoid, threats lurking on the social media juggernaut

APT groups muddying the waters for MSPs

A quick dive into the murky world of cyberespionage and other growing threats facing managed service providers – and their customers

What was hot at RSA Conference 2023? – Week in security with Tony Anscombe

The importance of understanding – and prioritizing – the privacy and security implications of large language models like ChatGPT cannot be overstated

RSA Conference 2023 – How AI will infiltrate the world

As all things (wrongly called) AI take the world’s biggest security event by storm, we round up of some of their most-touted use cases and applications

Evasive Panda APT group delivers malware via updates for popular Chinese software

ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software

Did you mistakenly sell your network access? – Week in security with Tony Anscombe

Many routers that are offered for resale contain sensitive corporate information and allow third-party connections to corporate networks

Linux malware strengthens links between Lazarus and the 3CX supply-chain attack

Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack

The EU's Cyber Solidarity Act: Security Operations Centers to the rescue!

The legislation aims to bolster the Union’s cyber-resilience and enhance its capabilities to prepare for, detect and respond to incidents

PC running slow? 10 ways you can speed it up

Before you rush to buy new hardware, try these simple tricks to get your machine up to speed again – and keep it that way.

Discarded, not destroyed: Old routers reveal corporate secrets

When decommissioning their old hardware, many companies 'throw the baby out with the bathwater'

Hunting down BlackLotus – Week in security with Tony Anscombe

Microsoft releases guidance on how organizations can check their systems for the presence of BlackLotus, a powerful threat first analyzed by ESET researchers

Safety first: 5 cybersecurity tips for freelance bloggers

The much-dreaded writer’s block isn’t the only threat that may derail your progress. Are you doing enough to keep your blog (and your livelihood) safe from online dangers?

What are the cybersecurity concerns of SMBs by sector?

Some sectors have high confidence in their in-house cybersecurity expertise, while others prefer to enlist the support of an external provider to keep their systems and data secured

10 things to look out for when buying a password manager

Here's how to choose the right password vault for you and what exactly to consider when weighing your options

Steer clear of tax scams – Week in security with Tony Anscombe

In a rush to file your taxes? Watch out for cybercriminals preying on stressed taxpayers as Tax Day looms large on the horizon.

Cyber Week 2023 & The Israel National Cyber Directorate Presents – Watch Live: Cyber – Week 2023 – Main Plenary, Day 2

Many thanks to Israel’s Tel Aviv University for publishing their presenter’s tremendous Cyber Week 2023 security content on the Tel Aviv University’s TAUVOD YouTube channel.

Permalink

The post Cyber Week 2023 & The Israel National Cyber Directorate Presents – Watch Live: Cyber – Week 2023 – Main Plenary, Day 2 appeared first on Security Boulevard.

Data Breaches from MOVEit Zero-Day Still Piling Up

Cybercrime groups exploiting the zero-day flaw in the MOVEit managed file transfer software linked to the Cl0p ransomware gang continue to rack up victims, with the National Student Clearinghouse non-profit group and the BORN Ontario perinatal and child register in Canada both claiming data breaches linked to the widely abused vulnerability. Clearinghouse, in a breach..

The post Data Breaches from MOVEit Zero-Day Still Piling Up appeared first on Security Boulevard.

Unlock Cyber Security as a Service: 2023 Insights!

Introduction In today’s rapidly evolving digital world, the significance of robust cybersecurity mechanisms cannot be overstated. This is especially true for small businesses that are increasingly finding themselves in the crosshairs of cyber threats. We have had previous posts on cybersecurity risks and endpoint protection. These articles highlight the urgent need for small businesses to …

Unlock Cyber Security as a Service: 2023 Insights! Read More »

The post Unlock Cyber Security as a Service: 2023 Insights! appeared first on Endpoint Security.

The post Unlock Cyber Security as a Service: 2023 Insights! appeared first on Security Boulevard.

More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator

Apple Scrambled to Fix 3 More CVEs: Egyptian opposition presidential candidate Ahmed Eltantawy targeted “by the government.

The post More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator appeared first on Security Boulevard.

Randall Munroe’s XKCD ‘Urban Planning Opinion Progression’

***via*** ***the comic artistry and dry wit of*** ***Randall Munroe**, maker of*** ***XKCD***!

Permalink

The post Randall Munroe’s XKCD ‘Urban Planning Opinion Progression’ appeared first on Security Boulevard.

Takeaways for Businesses in the Rapidly Evolving Data Security and Privacy Landscape

Data breaches are on the rise, but so are customer expectations. Learn how to safeguard your business and build trust.

The post Takeaways for Businesses in the Rapidly Evolving Data Security and Privacy Landscape appeared first on Security Boulevard.

What is digital trust, and why is it at risk

Digital trust is the confidence that individuals and organizations have in the security, privacy, and ethical practices of digital technologies.

The post What is digital trust, and why is it at risk appeared first on Sift Blog.

The post What is digital trust, and why is it at risk appeared first on Security Boulevard.

Cyber Week 2023 & The Israel National Cyber Directorate Presents – Securing the ICT Supply Chain from Cybersecurity Threats

Many thanks to Israel’s Tel Aviv University for publishing their presenter’s tremendous Cyber Week 2023 security content on the Tel Aviv University’s TAUVOD YouTube channel.

Permalink

The post Cyber Week 2023 & The Israel National Cyber Directorate Presents – Securing the ICT Supply Chain from Cybersecurity Threats appeared first on Security Boulevard.

The ROI of Microsegmentation

The ROI of microsegmentation is undeniable for optimal business security investment The complexity, frequency, and eventual costs of cybersecurity threats are growing exponentially. For businesses, prioritizing robust security strategies such as microsegmentation is not just about thwarting potential attacks but also achieving substantial returns on their investment. Microsegmentation offers impressive ROI, and is worth serious...

The post The ROI of Microsegmentation appeared first on TrueFort.

The post The ROI of Microsegmentation appeared first on Security Boulevard.

SCCM Hierarchy Takeover

One Site to Rule Them All

tl;dr:

There is no security boundary between sites in the same hierarchy.

When an administrative user is granted a security role in SCCM, such as Full Administrator or Infrastructure Administrator, in any primary site, the underlying database changes propagate upward to the central administration site (CAS) and then to other primary sites in the hierarchy.

This means that if an attacker gains control of any primary site, they gain control of the entire SCCM hierarchy.

Skip ahead to Mitigation or Detection!

I Have the Best Words

First, there are a few SCCM-specific terms we need to be familiar with to better understand the problem. Feel free to skip ahead if you already know your site systems from your site servers.

SCCM: A client-server solution commonly used to deploy software and updates to Windows systems, currently named Microsoft Configuration Manager (ConfigMgr, Config Man, or MCM), but formerly:
- Microsoft Endpoint Configuration Manager (MECM)
- Microsoft Endpoint Manager Configuration Manager (MEMCM)
- System Center Configuration Manager (SCCM)
- Systems Management Server (SMS)
I’ll stop calling it SCCM when they change the name of the subreddit. It’s easier than trying to keep up with Microsoft’s branding.
Hierarchy: all of the sites in one instance of SCCM
Site: an environment that provides services to a scope of clients (primary and secondary sites) and/or admins (central administration site and primary sites), represented by a three-character site code
Site system role: a role installed on a site system to host functionality for a site (e.g., site server, site database, distribution point)
Site system: a server that hosts a site system role (also unfortunately referred to as site system servers, but we will just call them site systems to avoid confusion with site servers)
Site server: the required site system where the site is installed that handles data processing and interacts with the site database
Client: a device where the SCCM client software is installed that is joined to a primary site
Primary site: the only type of site that client devices can be assigned to
Primary site server: the system that handles processing of all client data in a primary site, also referred to as just the “site server”
Central administration site: an optional top-level site that can be used to manage multiple primary sites
Site database: a required site system role for central administration sites, primary sites, and secondary sites that stores and processes data
Site database server: hosts the site database for a site, can be colocated on the site server or hosted on a remote system
Secondary site: a child of a primary site used to distribute content to clients in remote locations with low bandwidth connections
ConfigMgr console: The software that administrators use to manage a site
SMS Provider: a site system role that provides an interface for the ConfigMgr console to interact with the site database
Security role: a set of permissions applied to admin users to control access to SCCM objects (e.g., sites, device collections) and actions (e.g., read, modify, deploy)
Security scope: a container of objects to which a security role can be granted access (e.g., an admin is granted the permissions in security role A to the objects added to security scope B)

Here is a diagram of what an example SCCM hierarchy might look like:

Confused yet? Sorry — I didn’t make these names up, but these are the names we were given. This will be a good reference to come back to as we will use these terms throughout the rest of this post.

The Problem

It really surprised me to observe this behavior in my lab as I was researching another technique for hierarchy takeover that required a handful of extra steps and no longer seems important. I always assumed that role-based access control in SCCM was defined on a per-site basis.

Apparently I’m just late to the party and this is well-known to SCCM admins, because allowing hierarchy-wide access to SCCM administrators by default was a design decision that is well-documented by Microsoft:

Sites aren’t used as administrative boundaries. In other words, don’t expand a standalone primary site to a hierarchy with a central administration site to separate administrative users.

All security assignments are replicated and available throughout the hierarchy. Role-based administration configurations replicate to each site in the hierarchy as global data, and then are applied to all administrative connections.

Sure enough, when I granted a brand new Active Directory user the Full Administrator security role in an SCCM primary site, that user appeared as a Full Administrator in the CAS and other primary sites in the hierarchy.

But wait, isn’t it possible to create custom security roles and scopes in the ConfigMgr console to limit the permissions granted to a given administrative user (e.g., admin X can only read/write to Y objects in site Z)?

Yes, but attackers with administrative access to any site database in any primary site can grant themselves Full Administrator access to the All security scope for the All Systems collection and the change will be replicated throughout the hierarchy. If they are sneaky, they could even add themselves to a custom security role with the exact permissions for the exact security scope needed to meet their objectives.

With write access to the site database in any primary site, you can do anything.

In other words, there is no way to configure SCCM role-based access control to prevent hierarchy takeover from any child primary site.

Here are just a few of the ways an attacker could make these changes to a site database (where the site server is required to have admin privileges):

As any authenticated domain user, coerce NTLM authentication via SMB from a site server and relay it to that site’s remote site database, SMS Provider, or passive site server
As an administrator of any primary site, push install the SCCM client software on the site server, site database, SMS Provider, or passive site server to gain access to an account with db_owner database privileges
Gain access to a site database via less predictable but common methods such as kerberoasting the database service account, misconfigured SQL links, database administrator (DBA) account compromise, etc.

Hierarchy takeover can then be executed using the following SQL statements, which can be combined into a single ntlmrelayx command:

# Switch to site database
USE CM_<SITE_CODE>;

# Grant "Full Administrator" security role
INSERT INTO RBAC_Admins
(AdminSID,LogonName,IsGroup,IsDeleted,CreatedBy,CreatedDate,ModifiedBy,ModifiedDate,SourceSite)
VALUES (<USER_HEX_AD_SID>,'<DOMAIN_SHORTNAME>\<USERNAME>',0,0,'','','','','<SITE_CODE>');

# Grant "All Objects" scope
INSERT INTO RBAC_ExtendedPermissions (AdminID,RoleID,ScopeID,ScopeTypeID)
VALUES ((SELECT AdminID FROM RBAC_Admins WHERE LogonName = '<DOMAIN_SHORTNAME>\<USERNAME>'),'SMS0001R','SMS00ALL','29');
    
# Grant "All Systems" scope
INSERT INTO RBAC_ExtendedPermissions (AdminID,RoleID,ScopeID,ScopeTypeID)
VALUES ((SELECT AdminID FROM RBAC_Admins WHERE LogonName = '<DOMAIN_SHORTNAME>\<USERNAME>'),'SMS0001R','SMS00001','1');

# Grant "All Users and User Groups" scope
INSERT INTO RBAC_ExtendedPermissions (AdminID,RoleID,ScopeID,ScopeTypeID)
VALUES ((SELECT AdminID FROM RBAC_Admins WHERE LogonName = '<DOMAIN_SHORTNAME>\<USERNAME>'),'SMS0001R','SMS00004','1');"

Any account with local admin or database write privileges on any primary site database server or with derivative/transitive access to these privileges could make these changes and compromise the entire hierarchy as well.

Why This Matters

This massively increases the blast radius of any primary site in a hierarchy being compromised, for example using the techniques documented in Garrett Foster’s and my previous research on this topic. These attacks are extremely easy to execute and common across many organizations we have seen and heard about, the simplest path only requiring that:

any site server is reachable via SMB to coerce NTLM authentication (or authentication can be coerced another way, such as automatic client push installation);
any site database or SMS Provider for that site is hosted remotely from the site server, or there is a passive site server;
that remote site database (or site server in a high availability pair with a local site database) is reachable via MSSQL, that remote SMS Provider is reachable via HTTPS, or that site server, remote site database, or remote SMS Provider is reachable via SMB;
NTLM relay protections (e.g., NTLM disabled, SMB Signing, EPA, MFA) are not required; and
firewall rules between the attacker and the site server, site database, SMS Provider, or passive site server aren’t restricted to necessary sources (although this requirement can be bypassed in some cases — keep an eye out for more on this in a future post).

If the conditions above are met, an attacker can use PetitPotam or SpoolSample to coerce NTLM authentication from the site server, relay it to the database, and grant themselves administrative permissions.

There are also other possible paths that don’t involve relaying NTLM authentication from the site server, such as those involving other accounts with direct or derivative/transitive write access to the site database.

This gets particularly spicy when systems from different Active Directory forests are joined to sites in the same hierarchy, allowing compromise of one primary site to result in crossing of forest security boundaries.

If you or a loved one have been separating tier-zero or other assets of a higher security classification (e.g., domain controllers) into a separate primary site to help secure them, those assets are at risk of compromise from other primary sites that may not get the same attention from the security team.

Mitigation

So what can we do about this?

If you have the convenience of building a new SCCM environment, follow some great advice from a long-time SCCM admin and friend and “just say no to CAS”. Use a standalone primary site instead. A CAS is only needed for environments that exceed 150,000 Windows clients.

In existing SCCM hierarchies containing any site with tier-zero assets, treat all administrative users, site servers, site databases, DBAs, SMS Providers, passive site servers, and possibly other site system roles with NTLM relay protocol connectivity to those systems (spoiler alert: there are tons) as tier-zero themselves.

Alternatively, assign tier-zero systems to a separate hierarchy or standalone primary site specific to tier-zero assets if they need to be managed using SCCM.

Help prevent relayed site server NTLM authentication from being used to take over sites by requiring:

the site database and SMS Provider roles to be hosted on site servers
SMB signing on site databases, SMS Providers, and site servers
Extended Protection for Authentication (EPA) on site databases and Active Directory Certificate Services (AD CS) servers
LDAP signing or channel binding on domain controllers
Multifactor authentication for SMS Provider calls
firewall rules that prevent unnecessary sources from connecting to:
- SMB and MSSQL on site database servers
- SMB and HTTPS on SMS Providers
- SMB on primary and central administration site servers

Or you can just disable NTLM for the domain or these systems, but that is very difficult for most organizations in reality.

Detection

There are a few things we can look out for, such as a site system domain computer account authenticating from an IP address that doesn’t belong to it or a new user being granted a security role, for example Full Administrator.

Unfortunately, SCCM logs are intended for troubleshooting, not security, so we likely need to rely on Windows event logs or write something custom. While an audit status message is created when adding an administrative user via the console, adding an admin using direct database modifications is not logged.

I may just be missing it, but the only default SCCM log I could find after adding a new account to the Full Administrator role via MSSQL didn’t include much detail:

PS C:\Program Files\Microsoft Configuration Manager\Logs> Get-ChildItem | Select-String -Pattern “lowpriv”

hman.log:1155:INFO: AddAIUsersToAIToolsDBRole, User [MAYYHEM\lowpriv] is added to role SMSDBROLE_AITOOL. $$<SMS_HIERARCHY_MANAGER><09–17–2023 17:26:15.614+420><thread=7064 (0x1B98)>

I did not find any other logs or status messages for adding an admin, whether added via the console or directly to the database. It may be more effective to monitor for impactful actions new admins could take, such as deploying applications, which are logged in status messages:

Status filter rules can be created to take action when a certain status message occurs and/or to send them to the Windows event log.

Alternatively, you can monitor Windows event logs for additions to the local SMS Admins group on site servers, which is updated when admins are added.

If you have any detections for SCCM abuses that you have found useful, please consider sharing them to help the rest of our community!

I keep an up-to-date list of defensive recommendations for SCCM in the SharpSCCM wiki as I learn more that may be helpful as well.

Random Thoughts

Changes to the copy of the site database on secondary site servers do not seem to replicate up to their parent sites. I haven’t found a way to abuse this (…yet).

It does not seem possible to exclude the tables related to this escalation path from replicating up from primary sites to the central administration site and then to other primary sites. Even if it was possible, this change would definitely not be supported by Microsoft and could have unintended consequences.

I’ve only tested this in my lab, and I very well could have made some incorrect assumptions or conclusions. If you notice any mistakes or missing information in this post, I’d love to chat with you about how I can correct it.

Coming Soon

My coworker Garrett Foster (@garrfoster, author of sccmhunter) and I have been collaborating on new approaches to site takeover, which we now know equates to hierarchy takeover, resulting in some very interesting attack paths we suspect many organizations are vulnerable to.

We will be authoring several more upcoming posts to provide offensive and defensive guidance for SCCM site and hierarchy takeovers and are working on a ton of new content for reproducing, mitigating, and detecting attacks involving SCCM.

We love researching this stuff. If you love it too and want to collaborate, have any questions, need some help, or are just starting your journey down this rabbit hole, hit us up in the #sccm channel in the BloodHoundGang Slack!

SCCM Hierarchy Takeover was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post SCCM Hierarchy Takeover appeared first on Security Boulevard.

BORN Ontario child registry data breach affects 3.4 million people

The Better Outcomes Registry & Network (BORN), a healthcare organization funded by the government of Ontario, has announced that it is among the victims of Clop ransomware's MOVEit hacking spree. [...]

Google is retiring its Gmail Basic HTML view in January 2024

Google is notifying Gmail users that the webmail's Basic HTML view will be deprecated in January 2024, and users will require modern browsers to continue using the service. [...]

Xenomorph Android malware now targets U.S. banks and crypto wallets

Security researchers discovered a new campaign that distributes a new version of the Xenomorph malware to Android users in the United States, Canada, Spain, Italy, Portugal, and Belgium. [...]

Mixin Network suspends operations following $200 million hack

Mixin Network, an open-source, peer-to-peer transactional network for digital assets, has announced today on Twitter that deposits and withdrawals are suspended effective immediately due to a $200 million hack the platform suffered on Saturday. [...]

Fake celebrity photo leak videos flood TikTok with Temu referral codes

TikTok is flooded with videos promoting fake nude celebrity photo leaks used to push referral rewards for the Temu online megastore. [...]

New stealthy and modular Deadglyph malware used in govt attacks

A novel and sophisticated backdoor malware named 'Deadglyph' was seen used in a cyberespionage attack against a government agency in the Middle East. [...]

Evasive Gelsemium hackers spotted in attack against Asian govt

A stealthy advanced persistent threat (APT) tracked as Gelsemium was observed in attacks targeting a Southeast Asian government that spanned six months between 2022 and 2023. [...]

National Student Clearinghouse data breach impacts 890 schools

U.S. educational nonprofit National Student Clearinghouse has disclosed a data breach affecting 890 schools using its services across the United States. [...]

Air Canada discloses data breach of employee and 'certain records'

Air Canada, the flag carrier and the largest airline of Canada, disclosed a cyber security incident this week in which hackers "briefly" obtained limited access to its internal systems. The incident resulted in the theft of a limited amount of personal information of some of its employees and "certain records." [...]

Dallas says Royal ransomware breached its network using stolen account

The City of Dallas, Texas, said this week that the Royal ransomware attack that forced it to shut down all IT systems in May started with a stolen account. [...]

Nigerian man pleads guilty to attempted $6 million BEC email heist

Kosi Goodness Simon-Ebo, a 29-year-old Nigerian national extradited from Canada to the United States last April, pleaded guilty to wire fraud and money laundering through business email compromise (BEC). [...]

Recently patched Apple, Chrome zero-days exploited in spyware attacks

Security researchers with the Citizen Lab and Google's Threat Analysis Group (TAG) revealed today that three zero-days patched by Apple on Thursday were abused as part of an exploit chain to install Cytrox's Predator spyware. [...]

Legit Security lands $40M to lock down apps and dev environments

Legit Security, a cybersecurity company developing a platform to identify app vulnerabilities from code, has raised $40 million in a Series B funding round led by CRV with participation from Cyberstarts, Bessemer Venture Partners and TCV. Co-founder and CEO Roni Fuchs says that the funds, which bring Legit’s total raised to $77 million, will be […]

Dragos raises $74M to secure industrial control systems from threats

Dragos, a company building software to secure the control systems for manufacturing and industrial equipment, has raised $74 million in a Series D round extension led by WestCap. The round, which brings Dragos’ total raised to $440 million, leaves the startup’s post-money valuation unchanged for the second year at $1.7 billion. Dragos CEO Robert Lee […]

Digital forensics firm Binalyze raises $19M to investigate cyber threats

Binalyze, a London-based startup building a toolset for digital forensics and incident response, this week announced that it raised $19 million in a Series A round led by Molten Ventures with participation from Cisco Investments, Citibank Ventures and Deutsche Bank Ventures. Founder and CEO Emre Tinaztepe says that the tranche, which brings Binalyze’s total raised […]

AuthMind raises seed funding for its identity SecOps platform

AuthMind, a Maryland-based startup that aims to help businesses protect themselves from identity-related cyberattacks, today announced that it has raised an $8.5 million seed round led by Ballistic Ventures, with strategic participation from IBM Ventures. The company was co-founded by CEO Shlomi Yanai and CTO Ankur Panchbudhe. Both previously founded (and sold) a number of […]

0xPass raises $1.8M from Balaji Srinivasan and others to build secure login systems for web3

0xPass is among the many startups trying to make crypto wallets secure and convenient for mass adoption. Specifically, it’s solving the login piece of user experience, which, at the moment, is cumbersome and requires users to have a decent level of technical know-how. Incubated at the Stanford Blockchain Club, 0xPass allows developers to build multiple […]

Lidl recalls Paw Patrol snacks after website on packaging displayed porn

Supermarket giant Lidl has issued a recall of Paw Patrol snacks after the website listed on the products’ packaging began displaying explicit content unsuitable for children. Lidl, which operates more than 12,000 stores globally, is urging shoppers in the United Kingdom to return the snacks for a full refund. Affected products include Paw Patrol Yummy […]

Cypago, which aims to automate compliance and governance for companies, raises $13M

There are a growing number of cybersecurity regulations designed to keep business and customer data protected. In 2022 alone, more than 40 U.S. states introduced 250 bills focused on cybersecurity, according to the National Conference of State Legislatures. And more are on the way. The trend’s a clear win for consumers. But some firms are […]

Cerby lands $17M to manage access to ‘nonstandard’ enterprise apps

Bel Lepe, a former Google software engineer, tells me that it always seemed risky to him that there were apps that business users needed and used but that IT and security teams were unwilling to approve them because of their lack of support for identity standards. It’s a legitimate issue. According to a Ponemon Institute […]

ProjectDiscovery raises $25M to launch a cloud version of its threat-scanning platform

ProjectDiscovery, a platform that detects new, exploitable vulnerabilities in codebases, today announced that it raised $25 million in a Series A funding round led by CRV with participation from Point72, SignalFire, Rain Capital, Mango Capital, Accel and Lightspeed. ProjectDiscovery began as a collaboration between four security engineers — Rishiraj Sharma, Sandeep Singh, Nizamul Rana and […]

Identity management platform Veza secures $15M from Capital One and ServiceNow

Veza, a platform that helps to secure identity access across apps, data systems and cloud infrastructure, today announced that it raised $15 million in a funding round led by Capital One Ventures and ServiceNow — valuing the company at $415 million. Bringing Veza’s total raised to $125 million, co-founder and CEO Tarun Thakur says that […]

Spearbit raises $7M to improve security audits in crypto through its open marketplace

Security is paramount in crypto, but as regular coverage of hacks and other exploits make plain, it is not taken seriously enough. Spearbit wants to change that, and it just raised a new round to accelerate its efforts. The startup raised $7 million in a funding round led by Framework Ventures with Nascent, 1kx, Volt […]

Horizon3 secures $40M to expand its pen testing platform

Cybersecurity funding is falling after enjoying impressive heights in the last few years. According to Crunchbase, VC financing for security declined to just over $1.6 billion in Q2 2023, marking a 63% drop compared to the same quarter last year — when startups landed nearly $4.3 billion. But that’s not to suggest deals have dried […]

Endor Labs, which helps companies secure their open source packages, raises $70M

Endor Labs, which offers a platform developers can use to manage and secure their open source dependencies, today closed a $70 million Series A round led by Lightspeed Venture Partners with participation from Coatue, Dell Technologies Capital, Section 32 and a number of angel investors. The new financing — quite large for a Series A, […]

There’s no reason to panic over WormGPT

As tools for building AI systems, particularly large language models (LLMs), get easier and cheaper, some are using them for unsavory purposes, like generating malicious code or phishing campaigns. But the threat of AI-accelerated hackers isn’t quite as dire as some headlines would suggest. The dark web creators of LLMs like “WormGPT” and “FraudGPT” advertise […]

Socket lands $20M investment to help companies secure open source software

Socket, a startup that provides a scanning tool to detect security vulnerabilities in open source code, today announced that it raised $20 million in a Series A round led by Andreessen Horowitz (a16z). The tranche had participation from Abstract Ventures, Wndrco, Unusual Ventures and an impressively high-profile list of angel investors, including the co-founders of […]

Wormhole digs out of its hole with new security measures to move on from $320M hack

Many projects and companies would simply give up if they’d been hacked and had hundreds of millions stolen from their ecosystem partners, but it appears Wormhole isn’t one of them.

Cloud camera security startup Solink raises $60M

Solink, a company that provides physical security systems for businesses, including closed-circuit camera analytics, today announced that it raised $60 million in a Series C round led by Goldman Sachs with participation from Omers Ventures and BDC IT Ventures. Co-founder and CEO Michael Matta said the cash will be put toward growing Solink’s client base […]

As Egnyte continues to grow steadily, an IPO seems like the inevitable conclusion

Egnyte is like the little engine that could. It just keeps chugging along with slow but steady growth as it marches towards an IPO.

Cybersecurity firm Netcraft lands $100M investment

After years of growth, funding for cybersecurity startups is beginning to slow down, a symptom of the broader economic malaise and — perhaps — market oversaturation. According to a recent note from Pinpoint Search Group, cybersecurity funding dipped 55% in Q2 2023 compared to Q2 2022 — a steep decline by any measure. At the […]

Secure Code Warrior lands $50M to educate developers on best cyber practices

In 2015, Pieter Danhieux and Matias Madou, both cybersecurity analysts, came to the realization that they wanted to provide a way to make software more secure by empowering developers with the skills and tools to enhance their speed of delivery. They struggled with how to accomplish this, initially. But Danhieux and Madou eventually decided to […]

Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings

Recently, Prospect Medical Holdings suffered a massive cyberattack that allegedly stole around 500,000 social security numbers. In addition, the hackers also managed to get away with patient records and even some corporate documents. Since then, a ransomware gang called Rhysida has stepped up to claim responsibility for the breach. Details about the attack Researchers believe … Continue reading Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings

The post Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings appeared first on KoDDoS Blog.

Compromised routers allowed online criminals to target Pentagon contract site

A hacking campaign that went dark earlier this year has resumed operations. According to a new warning issued by Black Lotus Labs researchers, the hackers’ goal is to target US Department of Defense procurement sites and organizations based in Taiwan. Similarities with the March attacks The hacking campaign initially emerged in the spring of 2023. … Continue reading Compromised routers allowed online criminals to target Pentagon contract site

The post Compromised routers allowed online criminals to target Pentagon contract site appeared first on KoDDoS Blog.

1.2 million customers of Mom’s Meals were affected after the recent data breach

A recent hacking attack hit PurFoods, which operates in the US under the name of Mom’s Meals. The attack affected over 1.2 million customers and employees alike, stealing their personal data. PurFoods, or Mom’s Meals, is a medical meal delivery service that provides its services to self-paying customers and people eligible for government assistance, according … Continue reading 1.2 million customers of Mom’s Meals were affected after the recent data breach

The post 1.2 million customers of Mom’s Meals were affected after the recent data breach appeared first on KoDDoS Blog.

How VPNs Can Defend Against the Threat of Hacking

As our reliance on the internet grows, so does our exposure to a myriad of online threats. Malware, DDoS attacks, DNS spoofing, and Man-In-The-Middle (MITM) attacks are just some of the hacking techniques cybercriminals use to exploit the internet’s vulnerabilities and gain access to our most sensitive data. Hacking has emerged as a prominent threat, … Continue reading How VPNs Can Defend Against the Threat of Hacking

The post How VPNs Can Defend Against the Threat of Hacking appeared first on KoDDoS Blog.

Terra Developers Shut Down Website Amid A Phishing Campaign

The website of layer one blockchain network Terra has been targeted by a hacking campaign over the weekend. During this hacking campaign, hackers used unauthorized access to run a phishing campaign on visitors to the site. These visitors are usually forced to link their online and hardware wallets to the website, which is compromised. Terra’s … Continue reading Terra Developers Shut Down Website Amid A Phishing Campaign

The post Terra Developers Shut Down Website Amid A Phishing Campaign appeared first on KoDDoS Blog.

Foreign Spies And Hackers Target The US Space Industry

Intelligence agencies in the United States have warned about foreign spies targeting the US space sector. According to these agencies, hackers have also been launching hacking campaigns against the US space industry, which could significantly affect the US satellite infrastructure. Foreign spies and hackers target the US space industry The National Counterintelligence and Security Center … Continue reading Foreign Spies And Hackers Target The US Space Industry

The post Foreign Spies And Hackers Target The US Space Industry appeared first on KoDDoS Blog.

High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs

A recent study has detected a high-severity vulnerability with the WinRAR file archiver utility for Windows. Millions of people use WinRAR, which can be deployed to execute commands on a computer whenever a user opens an archive. WinRAR flaw allows hackers to assume control over PCs The flaw in question is tracked as CVE-2023-40477, allowing … Continue reading High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs

The post High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs appeared first on KoDDoS Blog.

Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate

A Chinese hacker group, Bronze Starlight, has launched a hacking campaign against the Southeast Asian gambling industry. The hacker group has used a valid certificate to launch this malicious campaign while also using the Ivacy Virtual Private Network (VPN). Bronze Starlight hacker group linked to a recent campaign The activities of this hacker group were … Continue reading Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate

The post Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate appeared first on KoDDoS Blog.

North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills

Hackers based in North Korea conducted an unsuccessful campaign to access information on a joint military drill operation by the US and South Korean military forces. The military drills will commence on Monday, explaining why South Korean hackers are trying to obtain access to the activity. North Korean hackers Target US-South Korean Military drills The … Continue reading North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills

The post North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills appeared first on KoDDoS Blog.

Suspected Chinese Hackers Behind Microsoft Cloud Breach Hacked US Rep Emails

Suspected Chinese threat actor groups behind an exploit on the State Department also hacked US Representative Don Bacon. The Republican representative from Nebraska also serves on the House Armed Services Committee. Chinese hackers hack GOP Congressman Chinese hackers are believed to be behind a campaign that forged Microsoft customer identities. The hacking campaign infiltrated the … Continue reading Suspected Chinese Hackers Behind Microsoft Cloud Breach Hacked US Rep Emails

The post Suspected Chinese Hackers Behind Microsoft Cloud Breach Hacked US Rep Emails appeared first on KoDDoS Blog.

Defending against DDoS Attacks: What you need to know

Patience is one of those time-dependent, and often situational circumstances we experience. Few things define relativity better than patience. Think of the impatience of people who have to wait ten minutes in a line at a gas station, yet the thought of waiting ten minutes for a perfectly brewed cup of coffee seems entirely reasonable. It can’t be about the cost, since even the smallest cup of coffee is equal to, if not more expensive than a gallon of gasoline. It’s all about the time you are willing to wait. Impatience with technology is legendary. We have all grown frustrated if a piece of...

8 of the Best Cybersecurity Conferences

In the rapidly evolving realm of digital security, staying ahead of cyber threats requires continuous learning and collaboration. Cybersecurity conferences stand as beacons of knowledge, drawing experts and enthusiasts from across the globe. We’ve curated a list of the top eight cybersecurity conferences, each a melting pot of insights, innovations, and networking opportunities . From the renowned DEFCON to the insightful Gartner Security & Risk Management Summit, read on to learn more about these pivotal gatherings that shape the future of online defense. 1. InfoSec World: Where Knowledge...

Snatch ransomware - what you need to know

What's happened? The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning organisations about a ransomware-as-a-service operation called "Snatch." Snatch? As in the movie from twenty odd years ago? I'm not sure I've heard of Snatch before... Maybe you haven't. They don't have as high a profile as some of the other more notorious ransomware organisations out there, but if the FBI and CISA think it's worth issuing a warning about the group then maybe it makes sense to sit up and listen. And yes, judging by their logo - they appear to fans of Guy...

Understanding Malicious Package Attacks and Defense Strategies for Robust Cybersecurity

Malicious packages consist of software embedded with code that is capable of causing harm to an entire system or network . This is a rapidly growing threat affecting open-source software and the software supply chain. This attack method has seen a nearly 12,000% increase from 2022 to 2023, as reported by Synk . Some reasons include its technical feasibility, the potential for high returns, and the widespread distribution of open-source offerings, Common types of malicious packages encompass: Windows .exe application installation files that install malware instead of the intended application....

FBI's Most Wanted Cybercriminals in 2023

In an increasingly digitized world, the threat of cybercrime looms larger than ever. The FBI's relentless pursuit of cybercriminals remains a critical defense against this growing menace. We’re well into 2023, and the FBI's Most Wanted Cybercriminals list takes center stage, highlighting the individuals who pose significant threats to our digital security. Join us in exploring their profiles and understanding our vital role in safeguarding the cyber realm. The Evolving Landscape of Cybercrime Cybercrime is on an alarming rise, with a staggering increase in incidents worldwide. Hacking...

Increasing Your Business’ Cyber Maturity with Fortra

When building a tower, it helps to start with a sturdy foundation. Cyber maturity is the tower, and there are three levels that build it: Foundational IT/OT & Security Control Processes Fundamental Security Control Capabilities Advanced Security Control Capabilities Fortra occupies a unique space in the industry because of the sheer size of the security portfolio. It’s one thing to advocate for “single-vendor solutions,” but it’s another when that can pigeonhole you into simply a single solution. Fortra has one of the widest solutions catalogs in the industry, resulting in being pioneers in...

General Data Protection Regulation (GDPR) – The Story So Far

Do you remember where you were on 25th May 2018? Perhaps you were enjoying a Friday night drink with friends. Perhaps you were with family, relaxing after a busy week at work. I was actually having a GDPR Birthday party with friends and colleagues because 25th May 2018 was a landmark day for the world of Data Protection (yes, seriously, we had a party!). But the funny thing about the effective date of the then-new General Data Protection Regulation ( GDPR ) was that many saw it as a date to dread. During the year prior to it officially replacing the Data Protection Act 1998 , I had almost...

The Consequences of Non-Compliance in Cybersecurity: Risks and Penalties

Non-compliance in cybersecurity marks a grave oversight. It involves neglecting established security protocols, leaving organizations vulnerable to malicious actors. Read on as we examine the potential risks of non-compliance, including heightened susceptibility to cyberattacks, the specter of data breaches, and the erosion of a company's hard-earned reputation. Risks of Non-Compliance Non-compliance with cybersecurity standards introduces a host of perilous risks. By creating security gaps, negligent practices offer malicious hackers an entry point for cyber-attacks, yielding financial losses...

How to Protect Your Facebook Account from Cybercriminals

The social media landscape has undergone dramatic change in recent years. Elon Musk bought Twitter and changed its name to "X." Mark Zuckerberg bought Instagram and WhatsApp before launching Threads to capitalize on Twitter's recent PR disasters. TikTok came out of nowhere to become the platform of choice for Gen Z. One thing, however, has stayed the same. Facebook remains, somewhat surprisingly, the most popular social media platform. Zuckerberg's flagship boasts nearly 3 billion users a month, roughly 37% of the world's population. More interesting still, Facebook has almost 800 million more...

How to Build an Effective ICS Security Program

How to Build an Effective ICS Security Program Of all the different areas of cybersecurity, not many are as important, or have as far-reaching consequences as industrial control systems (ICS) security. While most relevant organizations would agree that ICS security is a significant concern for their operations, it is easier said than done. Many find it difficult to put into practice the measures and solutions necessary for sufficient ICS security. As noted in the Kaspersky State of Industrial Security report , there are many hurdles and setbacks for organizations to overcome in order to...

BIND DNS System Flaws Let Attackers Launch DoS Attacks

In a recent disclosure, BIND 9, a widely-used DNS (Domain Name System) server software, has been found vulnerable to two critical security flaws, labeled CVE-2023-4236 and CVE-2023-3341. These vulnerabilities, if exploited, could have serious consequences, making it imperative for users to take swift action. CVE-2023-4236: DNS-over-TLS Query Load Vulnerability This vulnerability arises from a flaw […]

The post BIND DNS System Flaws Let Attackers Launch DoS Attacks appeared first on GBHackers - Latest Cyber Security News | Hacker News.

OilRig: Never-seen C#/.NET Backdoor to Attack Wide Range of Industries

OilRig (APT34) is an Iranian cyberespionage group active since 2014, targeting Middle Eastern governments and various industries like:- OilRig launched DNSpionage in 2018-2019 against Lebanon and the UAE, followed by the 2019-2020 HardPass campaign using LinkedIn for energy and government sector targets. Recently, the cybersecurity researchers at ESET have identified and analyzed two OilRig APT […]

The post OilRig: Never-seen C#/.NET Backdoor to Attack Wide Range of Industries appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Most Important Network Penetration Testing Checklist

Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering Open ports, troubleshooting live systems, and services, and grabbing system banners. The pen-testing helps the administrator to close unused ports, additional services, Hide or customize banners, troubleshoot services, and to calibrate firewall rules. You should test in all ways to guarantee there is no […]

The post Most Important Network Penetration Testing Checklist appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Cryptojacking Campaign Infected Online Thesaurus With Over 5 Million Visitors

Students, authors, and anybody else wishing to improve their vocabulary and language abilities frequently utilize Thesaurus, one of the well-known platforms with 5 million monthly visitors. Cybersecurity analysts at Group-IB recently found a cryptojacking scheme on a popular Thesaurus site, infecting visitors with malware to mine cryptocurrency and potentially deploy more harmful software. Group-IB’s 24/7 […]

The post Cryptojacking Campaign Infected Online Thesaurus With Over 5 Million Visitors appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Gold Melody Attacking Organizations With Burp Extension, Mimikatz, and Other Tools

The financially motivated GOLD MELODY threat group has been active at least since 2017, attacking organizations by taking advantage of flaws in unpatched internet-facing servers. A threat group serves as an initial access broker (IAB) by selling access to organizations that have been compromised to other cybercriminals for their gain. “The victimology suggests opportunistic attacks […]

The post Gold Melody Attacking Organizations With Burp Extension, Mimikatz, and Other Tools appeared first on GBHackers - Latest Cyber Security News | Hacker News.

MOVEit Transfer SQL Injection Let the Attacker Gain Unauthorized Access to the Database

MOVEit transfer service pack has been discovered with three vulnerabilities associated with SQL injections (2) and a Reflected Cross-Site Scripted (XSS). The severity for these vulnerabilities ranges between 6.1 (Medium) and 8.8 (High). Progress-owned MOVEit transfer was popularly exploited by threat actors who attacked several organizations as part of a ransomware campaign. The organizations previously […]

The post MOVEit Transfer SQL Injection Let the Attacker Gain Unauthorized Access to the Database appeared first on GBHackers - Latest Cyber Security News | Hacker News.

LUCR-3 Attacking Fortune 2000 Companies Using Victims’ Own Tools & Apps

A new financially motivated threat group named “LUCR-3” has been discovered targeting organizations to steal intellectual property for extortion. This threat actor surpasses Scatter Spider, Oktapus, UNC3944, and Storm-0875. LUCR-3 is targeting Fortune 2000 companies in various sectors, which include Software, Retail, Hospitality, Manufacturing, and Telecoms. The threat actor uses existing identities for initial access […]

The post LUCR-3 Attacking Fortune 2000 Companies Using Victims’ Own Tools & Apps appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Is QakBot Malware Officially Dead?

Only a few malware families can claim to have persisted for nearly twenty years, and QakBot (also referred to as QBot) stands among them as one of the most enduring. Since its first appearance in 2008, it has been deployed in numerous attacks, causing significant financial losses of hundreds of millions of dollars. However, it […]

The post Is QakBot Malware Officially Dead? appeared first on GBHackers - Latest Cyber Security News | Hacker News.

System Admin Pleads Guilty for Selling Pirated Business Phone Software Licenses

For taking part in a large international scheme to earn millions of dollars by selling pirated business telephone system software licenses, a computer system admin and his spouse pled guilty. Software licenses with a retail value of over $88 million are said to have been sold as a result of the whole operation. The U.S. Department […]

The post System Admin Pleads Guilty for Selling Pirated Business Phone Software Licenses appeared first on GBHackers - Latest Cyber Security News | Hacker News.

Trend Micro Zero-day Vulnerability Let Attackers Run Arbitrary Code

If you use Trend Micro Apex One, you should know that the third-party Antivirus uninstaller feature may have a security hole. This flaw could make it possible for random code to be run. Even though the National Vulnerability Database (NVD) hasn’t proven how bad the problem is yet, you should be careful and take the […]

The post Trend Micro Zero-day Vulnerability Let Attackers Run Arbitrary Code appeared first on GBHackers - Latest Cyber Security News | Hacker News.

How the Cult of the Dead Cow plans to save the internet

The "original hacking supergroup" is trying to design tools to rebuild the internet from the ground up.

The post How the Cult of the Dead Cow plans to save the internet appeared first on CyberScoop.

Youth hacking ring at the center of cybercrime spree

An online community known as "the Com" linked to a string of prominent breaches is radicalizing young people into a life of online crime.

The post Youth hacking ring at the center of cybercrime spree appeared first on CyberScoop.

New threat intel effort to study ‘undermonitered’ regions

Cyber operations in Africa and Latin America need more attention from the threat intelligence industry, the organizers of the effort argue.

The post New threat intel effort to study ‘undermonitered’ regions appeared first on CyberScoop.

US, UK strike data transfer agreement

The European Commission approved a similar data transfer agreement with the United States in July.

The post US, UK strike data transfer agreement appeared first on CyberScoop.

FTC nominees urge Congress to pass federal data privacy law

Members of Congress also asked nominees for their thoughts on how the FTC should tackle AI.

The post FTC nominees urge Congress to pass federal data privacy law appeared first on CyberScoop.

DHS council seeks to simplify cyber incident reporting rules

The Biden administration is looking to simplify the dizzying reporting requirements faced by critical infrastructure entities.

The post DHS council seeks to simplify cyber incident reporting rules appeared first on CyberScoop.

Solarium Commission wants action on stalled cybersecurity recommendations

The influential commission has seen around 70% of its initial recommendations to improve cybersecurity implemented.

The post Solarium Commission wants action on stalled cybersecurity recommendations appeared first on CyberScoop.

Microsoft AI researchers exposed sensitive signing keys, internal messages

The 38 TB of data available via GitHub included 30,000 Teams messages and would've allowed an attacker to inject malicious code in AI models.

The post Microsoft AI researchers exposed sensitive signing keys, internal messages appeared first on CyberScoop.

White House grapples with harmonizing thicket of cybersecurity rules

The regulatory road to harmonizing regulations for 16 critical infrastructure sectors is long and treacherous one.

The post White House grapples with harmonizing thicket of cybersecurity rules appeared first on CyberScoop.

California passes first-in-the-nation data broker deletion tool

Lawmakers in California are continuing to speed ahead of the federal government in writing legislation to address privacy concerns.

The post California passes first-in-the-nation data broker deletion tool appeared first on CyberScoop.

Crooks stole $200 million worth of assets from Mixin Network

Crooks stole $200 million from Mixin Network, a free, lightning fast and decentralized network for transferring digital assets. Mixin Network, the Hong Kong-based crypto firm behind a free, lightning fast and decentralized network for transferring digital assets announced it has suffered a $200 million cyber heist. The company suspended deposits and withdrawals immediately after the […]

The post Crooks stole $200 million worth of assets from Mixin Network appeared first on Security Affairs.

A phishing campaign targets Ukrainian military entities with drone manual lures

A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. The campaign, codenamed STARK#VORTEX by Securonix, targets Ukrainian military entities and CERT-UA attributed it […]

The post A phishing campaign targets Ukrainian military entities with drone manual lures appeared first on Security Affairs.

Alert! Patch your TeamCity instance to avoid server hack

Experts warn of a critical vulnerability in the TeamCity CI/CD server that can be exploited to take over a vulnerable server. JetBrains TeamCity is a popular and highly extensible Continuous Integration (CI) and Continuous Delivery (CD) server developed by JetBrains, a software development company known for its developer tools. TeamCity is designed to automate various […]

The post Alert! Patch your TeamCity instance to avoid server hack appeared first on Security Affairs.

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. The experts tracked the cluster as CL-STA-0046, the malicious activity spanned over six months between 2022-2023. The activity was characterized by the […]

The post Is Gelsemium APT behind a targeted attack in Southeast Asian Government? appeared first on Security Affairs.

Nigerian National pleads guilty to participating in a millionaire BEC scheme

A Nigerian national pleaded guilty to wire fraud and money laundering through business email compromise (BEC). The Nigerian national Kosi Goodness Simon-Ebo (29), who is residing in South Africa, pleaded guilty to conspiracy to commit wire fraud and conspiracy to commit money laundering through business email compromise (BEC). According to the US authorities, fraudulent activities […]

The post Nigerian National pleads guilty to participating in a millionaire BEC scheme appeared first on Security Affairs.

New variant of BBTok Trojan targets users of +40 banks in LATAM

A new variant of a banking trojan, called BBTok, targets users of over 40 banks in Latin America, particularly Brazil and Mexico. Check Point researchers warn of a new variant of a banking trojan, called BBTok, that is targeting users of over 40 banks in Latin America. The new malware campaign relies on new infection chains and […]

The post New variant of BBTok Trojan targets users of +40 banks in LATAM appeared first on Security Affairs.

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Researchers discovered a previously undocumented sophisticated backdoor, named Deadglyph, used by the Stealth Falcon group for espionage in the Middle East ESET researchers discovered a very sophisticated and unknown backdoor, named Deadglyph, employed by the Stealth Falcon group for espionage in the Middle East. Stealth Falcon is a nation-state actor active since at least 2012, […]

The post Deadglyph, a very sophisticated and unknown backdoor targets the Middle East appeared first on Security Affairs.

Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

The Alphv ransomware group claims to have hacked Clarion, the global manufacturer of audio and video equipment for cars and other vehicles. The Alphv ransomware group added Clarion, the global manufacturer of audio and video equipment for cars and other vehicles, to the list of victims on its Tor leak site. Clarion Japan is the Japanese subsidiary […]

The post Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars appeared first on Security Affairs.

Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Government of Bermuda blames Russian threat actors for the cyber attack City of Dallas has set […]

The post Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition appeared first on Security Affairs.

National Student Clearinghouse data breach impacted approximately 900 US schools

U.S. educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. The National Student Clearinghouse (NSC) is a nonprofit organization based in the United States that provides educational verification and reporting services to educational institutions, employers, and other organizations The organization has disclosed a data breach that impacted approximately […]

The post National Student Clearinghouse data breach impacted approximately 900 US schools appeared first on Security Affairs.

WatchGuard Announces its Acquisition of CyGlass

The acquisition will offer WatchGuard's partners and customers access to cutting-edge security solutions, improved XDR insights, and simplified compliance with regulatory and cyber-insurance requirements.

Personal Data of 25,000 Hongkongers at Risk After Cyberattack Against Consumer Council

The council has restored its computer systems but anticipates delays in addressing complaints, and is taking extra precautions by notifying individuals who may have been affected by the data leak.

For Security to Benefit From AI, Companies Need to Shore up Their Data

CISOs and cybersecurity practitioners should focus on addressing the challenges of data structure, management, and curation to fully leverage the benefits of AI for cyber defense.

Fake Celebrity Photo Leak Videos Flood TikTok With Temu Referral Codes

Scammers have started creating videos implying leaked sensitive photos of celebrities and urging viewers to download the Temu app and enter their referral number to view the content. These scams have been targeting multiple celebrities.

Average Insider Cyberthreat Cost Spikes 40% in Four Years: Report

Containment and remediation after an insider incident are the most expensive areas, with an average cost of $179,209 and $125,221 per incident respectively, and the average time to contain an incident has increased to 86 days.

Incomplete Disclosures by Apple and Google Create “Huge Blindspot” for Zero-Day Hunters

Google's limited disclosure and the separate CVE designations for the vulnerability by Apple, Google, and Citizen Lab have hindered the detection and patching of the critical vulnerability in other software relying on libwebp.

Hong Kong-Based Cryptocurrency Firm Mixin Says Hackers Stole $200 Million in Assets

The incident follows a recent trend of cryptocurrency hacks, with North Korean hackers being suspected in multiple attacks, highlighting the growing threat posed by cybercriminals targeting the industry.

Nigerian Man Pleads Guilty to Attempted $6 Million BEC Email Heist

Kosi Goodness Simon-Ebo, a Nigerian national, pleaded guilty to wire fraud and money laundering through business email compromise (BEC) schemes, resulting in millions of dollars in losses.

Xenomorph Malware Returns to Strike Customers of Over 30 American Banks

The Xenomorph malware family, known for its advanced capabilities and distribution campaigns, has resurfaced with new overlays targeting institutions and crypto wallets in the United States and Portugal.

SANS Survey Shows Drop in 2023 ICS/OT Security Budgets

The budgets allocated for the security of industrial control systems (ICS) and operational technology (OT) have decreased in 2023 compared to the previous year, with over 21% of organizations reporting not having a cybersecurity budget at all.

Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals

Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin.

New Modular Deadglyph Backdoor Used in a Government Attack

Security researchers have identified a highly advanced modular backdoor, named Deadglyph, believed to be linked to the Stealth Falcon cyber espionage group. It was discovered during an investigation into a cyberespionage incident in the Middle East. Organizations are advised to leverage the IOCs associated with the malware to protect endpoints or networks vulnerable to attacks.

CISA and NFL Collaborate to Secure Super Bowl LVIII

The US Cybersecurity and Infrastructure Security Agency (CISA) and the NFL conducted a cybersecurity tabletop exercise to assess and improve response capabilities for potential cyber-attacks during Super Bowl LVIII.

Python Malware Targets Tatar-Language Users: TA866 Threat Actor Strikes Again

The threat actor behind this campaign is the TA866 group, known for targeting Tatar language speakers. The attackers use phishing emails with a malicious RAR file that contains a video file and a Python-based executable disguised as an image file.

Cyber Insurance Claims Spiked in First Half of 2023 as Ransomware Attacks Surged: Report

Large companies with over $100 million in revenues have been particularly targeted, experiencing a rise in both the frequency and severity of cyber incidents. Funds transfer fraud has also become a prevalent issue.

Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence

Adarma has announced the appointment of James Todd as Chief Technology Officer. This strategic appointment builds on the company’s continued commitment to improving security operations outcomes for enterprise and upper mid-market organisations and follows Adarma’s recent investments in people and talent, its SOCKET Threat Management Platform, and in enhancing and expanding its service offerings. With […]

The post Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence appeared first on IT Security Guru.

Nurturing Our Cyber Talent

The IT Security Guru caught up with Tarnveer Singh a CISO and finalist in the Security Serious Unsung Heroes Awards 2023 for his thoughts on how to get more professionals involved in the cybersecurity industry: There are many ways we can inspire new cybersecurity professionals to join our industry. One way is to increase […]

The post Nurturing Our Cyber Talent appeared first on IT Security Guru.

The Journey to Secure Access Service Edge (SASE)

“The wise adapt themselves to circumstances, as water moulds itself to the pitcher.” – Chinese Proverb. The way we work, socialise, and consume information has changed exponentially over the last few years. This has been driven owing to global macro and micro events, such as world health emergencies or the continued march of technological innovation. […]

The post The Journey to Secure Access Service Edge (SASE) appeared first on IT Security Guru.

WatchGuard acquires CyGlass for AI-powered network anomaly detection

WatchGuard® Technologies, provider of unified cybersecurity, today announced the acquisition of CyGlass Technology Services, a provider of cloud and network-centric threat detection and response solutions that help organisations see risks, stop threats, and prove compliance. CyGlass’s cloud-native platform utilises advanced artificial intelligence (AI) and machine learning (ML) capabilities to deliver enterprise-class cyber defence across hybrid […]

The post WatchGuard acquires CyGlass for AI-powered network anomaly detection appeared first on IT Security Guru.

SME Cyber Security – Time for a New Approach?

The UK is home to around 5.5 million Small and Medium-sized Enterprises (SMEs). They collectively account for 99.9% of businesses, generating three fifths of employment, and with a combined turnover of £2.3 trillion. As such, they represent a vital element of the economy and a significant national asset, which in turn, highlights a need to […]

The post SME Cyber Security – Time for a New Approach? appeared first on IT Security Guru.

Keeper Security Named a Market Leader in Privileged Access Management (PAM) by Enterprise Management Associates

This week, Keeper Security announced that it has been identified as a leading privileged access management (PAM) provider for its product strength and cost-efficiency. The recognition comes from analyst firm Enterprise Management Associates® (EMA™) in its latest research report: EMA Radar™ for Privileged Access Management. EMA provides an unbiased view of the market landscape, ensuring organisations […]

The post Keeper Security Named a Market Leader in Privileged Access Management (PAM) by Enterprise Management Associates appeared first on IT Security Guru.

Synopsys Recognised as a Leader in Static Application Security Testing by Independent Research Firm

Synopsys has announced it has been recognised as a leader in The Forrester Wave™: Static Application Security Testing, Q3 2023. The report identifies the 11 most significant vendors in the static application security testing (SAST) market and evaluates them against 26 criteria grouped into three high-level categories: Current offering, Strategy, and Market presence. Synopsys’ Coverity® SAST solution received the second […]

The post Synopsys Recognised as a Leader in Static Application Security Testing by Independent Research Firm appeared first on IT Security Guru.

Cato Networks Raises $238M in Equity Investment at Over $3B Valuation

Cato’s largest financing round to date brings total funding to $773M, underscoring investor confidence in the company’s leadership in the fast-growing single-vendor SASE market. Cato Networks, provider of the world’s leading single-vendor SASE platform, announced it raised $238M in equity investment, bringing total funding to $773M. The largest financing round to date was led by LightSpeed […]

The post Cato Networks Raises $238M in Equity Investment at Over $3B Valuation appeared first on IT Security Guru.

Specops Software Launches Continuous Scanning Capabilities for Breached Password Protection

Today, Specops Software, an Outpost24 company, has announced the launch of its new continuous scanning capabilities within Specops Breached Password Protection. The feature will now enable security administrators to continuously monitor Active Directory for compromised passwords or those exposed on the Dark Web and prevent password reuse within the enterprise in real-time. The feature is […]

The post Specops Software Launches Continuous Scanning Capabilities for Breached Password Protection appeared first on IT Security Guru.

Salt Security Strengthens CrowdStrike Partnership with New Integration

Today, Salt Security announced that it has expanded its partnership with CrowdStrike by integrating the Salt Security API Protection Platform with the industry-leading CrowdStrike Falcon® Platform. With this new integration, customers now can get a 360-degree view of API security risks with unique insights into the application-layer attack surface. Available on the CrowdStrike Marketplace, the […]

The post Salt Security Strengthens CrowdStrike Partnership with New Integration appeared first on IT Security Guru.

Six Tips to Ensure a Strong Patch Management Strategy

By Ashley Leonard, CEO and Founder, Syxsense The proliferation of software applications and updates across the market today has put pressure on enterprise security teams to implement strong patch management […]

The post Six Tips to Ensure a Strong Patch Management Strategy appeared first on Cyber Defense Magazine.

Three Ways to Protect the Data Powering Summer Vacations

By Amit Shaked, CEO and Co-Founder, Laminar The travel industry is in the midst of rapid recovery following the COVID-19 pandemic. In 2022, there were over 747 million passengers who […]

The post Three Ways to Protect the Data Powering Summer Vacations appeared first on Cyber Defense Magazine.

Triple Tactics

How APIs are being Targeted with Trinity Attacks By Andy Mills, VP EMEA, Cequence Security Application Programming Interfaces (APIs) are growing twice as fast as traditional web traffic but their […]

The post Triple Tactics appeared first on Cyber Defense Magazine.

Publishers Spotlight: Nisos: Your Managed Intelligence Partner

Nisos is the Managed Intelligence™ team you need to consider working with to solve your most complex security challenges. They deliver smarter defense and more effective responses against advanced cyber […]

The post Publishers Spotlight: Nisos: Your Managed Intelligence Partner appeared first on Cyber Defense Magazine.

Criminals are Bypassing Authentication with Stolen Session Cookies

By Trevor Hilligoss, Director of Security Research, SpyCloud The last 12 months revealed a concerning trend in credential exposure. According to SpyCloud’s 2023 Identity Exposure Report, nearly half of the 721.5 […]

The post Criminals are Bypassing Authentication with Stolen Session Cookies appeared first on Cyber Defense Magazine.

Cyber Attacks on Municipalities

What attracts cyber criminals to municipalities and how they can be prevented. By Veronika (Nikki) Jack, Student Majoring in Information Technology-Cybersecurity, George Mason University Cyber-attacks on municipalities have been increasing […]

The post Cyber Attacks on Municipalities appeared first on Cyber Defense Magazine.

How to interpret the 2023 MITRE ATT&CK Evaluation results

Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the […]

The post How to interpret the 2023 MITRE ATT&CK Evaluation results appeared first on Cyber Defense Magazine.

Publishers Spotlight: Omdia Research Risk-based Vulnerability Management Findings

Omdia research finds risk-based vulnerability management set to encompass the vulnerability management market by 2027 The first comparative research into the evolution of the vulnerability management market authored by Omdia […]

The post Publishers Spotlight: Omdia Research Risk-based Vulnerability Management Findings appeared first on Cyber Defense Magazine.

Publishers Spotlight: CyTwist: Defend Forward – Stop Your Attacks without IOCs

CyTwist has launched its Preemptive Cyber Attack Management Platform (PCAM) to enable defenders to expose attacks early and accurately while creating efficiencies in the SOC. They are building a platform […]

The post Publishers Spotlight: CyTwist: Defend Forward – Stop Your Attacks without IOCs appeared first on Cyber Defense Magazine.

How Ai Can Be Used as A Tool to Help Monitor for Cybercrimes and Keep Kids Safe From Cyberbullying And Scams

By Ron Kerbs, CEO of Kidas Machine learning (ML) and classifiers have been used as cybersecurity tools for years. Starting in the 1990s, machine learning techniques began detecting known attacks […]

The post How Ai Can Be Used as A Tool to Help Monitor for Cybercrimes and Keep Kids Safe From Cyberbullying And Scams appeared first on Cyber Defense Magazine.

What’s New in CSF 2.0?

The National Institute of Standards and Technology (NIST) has always been at the forefront of cybersecurity guidance. With the Cybersecurity Framework (CSF) 2.0 release, NIST has addressed the evolving challenges of modern cybersecurity. This article discusses some of the bigger changes in the recently released CSF 2.0, spotlighting governance and supply chain security while emphasizing […]

The post What’s New in CSF 2.0? appeared first on Continuum GRC.

What Is ISO 9001

ISO 9001 is a universally recognized standard that provides a framework for organizations to establish, implement, and refine their quality management systems. Rooted in principles that prioritize customer satisfaction, leadership involvement, and a continuous improvement ethos, ISO 9001 offers a structured approach to achieving excellence in operational processes. This article delves into the intricacies of […]

The post What Is ISO 9001 appeared first on Continuum GRC.

CCPA and CPRA Attestations and Audits

The California Consumer Privacy Act (CCPA) is a strict set of rules for companies in California, defining what these organizations must do to protect consumer privacy. Although the CCPA does not require formal audits, the upcoming CPRA expansion will call for these practices, particularly in consumer protection and privacy areas. As concerns about data privacy […]

The post CCPA and CPRA Attestations and Audits appeared first on Continuum GRC.

What Is ISO 17021 and Certification of Management Systems?

The ISO/IEC 17021-1:2015 is a global guideline designed to shape how organizations that perform audits and certifications for management systems should operate. Released by the International Organization for Standardization and the International Electrotechnical Commission, this standard aims to improve the reliability and uniformity of these audits and certifications by outlining the essential requirements these organizations […]

The post What Is ISO 17021 and Certification of Management Systems? appeared first on Continuum GRC.

What Is Passwordless Authentication?

Passwords are our oldest form of digital security… and, in most cases, one of the weakest links in identity management and authentication. Phishing, database breaches, and poor digital hygiene have made authentication challenging for security and compliance. They have become the quintessential keys to our online kingdoms. As cyberattacks grow more sophisticated, there’s a mounting […]

The post What Is Passwordless Authentication? appeared first on Continuum GRC.

How to Determine Cybersecurity Impact Level Using FIPS 199

The Federal Information Processing Standard (FIPS) 199 provides organizations and individuals with the necessary guidance to determine a cybersecurity threat’s impact level accurately. These impact levels define the level of security a system should have to protect the data contained therein adequately. This article will take you through an overview of FIPS 199 and how […]

The post How to Determine Cybersecurity Impact Level Using FIPS 199 appeared first on Continuum GRC.

Understanding the Difference Between HIPAA and HITRUST

Within the world of healthcare compliance and information security, there’s been increasing confusion around some terms and organizations. We’ve heard a bit about some of this confusion, specifically around HITRUST and HIPAA. Both are connected to the preservation of health information, yet they fulfill separate functions and are founded on differing principles. This article clarifies […]

The post Understanding the Difference Between HIPAA and HITRUST appeared first on Continuum GRC.

What Are the Evaluation Criteria for JAB Prioritization?

The Federal Risk and Authorization Management Program (FedRAMP) plays a pivotal role in safeguarding the security of cloud services within the U.S. federal government. An essential element of this program is the Joint Authorization Board (JAB), which is responsible for prioritizing and authorizing cloud offerings offered by cloud providers. The JAB prioritization process is a […]

The post What Are the Evaluation Criteria for JAB Prioritization? appeared first on Continuum GRC.

What Are Digital Signatures and How Do They Work?

In traditional document management, we have several ways to authenticate the legitimacy of information–a signature, a watermark, etc. In digital spaces, we don’t readily have these tools to use. That fact, along with the reality that any piece of information can be copied ad infinitum, made authentication a challenge that security experts needed to solve. […]

The post What Are Digital Signatures and How Do They Work? appeared first on Continuum GRC.

What is an Authorization Boundary for FedRAMP and StateRAMP?

Assessments for both StateRAMP and FedRAMP rely on the 3PAO’s understanding of the systems and people that will interact with a specific government agency. With this knowledge, it’s easier to determine where particular requirements begin and where they end. Across both of these frameworks, this concept is known as the “authorization boundary.” The authorization boundary […]

The post What is an Authorization Boundary for FedRAMP and StateRAMP? appeared first on Continuum GRC.

TikTok Receives €345 Million GDPR Fine in Years-Old Children’s Privacy Case

A children's privacy complaint that dates back to 2021 has resulted in a major GDPR fine for TikTok. The issue largely centers on the "Family Pairing" feature introduced in 2020 which had no real verification process ensuring that the linked parent account actually belonged to a parent.

$70 Million Loss After Data Breach of CoinEx Crypto Exchange, Services Temporarily Suspended

Hack of crypto exchange CoinEx's hot wallets has led to a loss of about $70 million in assorted asset types. The data breach was reportedly caused by compromised private keys suspected to be stolen by North Korea's Lazarus group.

Embracing Privacy by Design as a Corporate Responsibility

A shift from data protection as a burdensome obligation to a framework of privacy by design delivers three big results: less costs to adapt to new legislation, growth in consumer confidence and trust, and it runs less risks for a business in case of inevitable mishaps.

Why Europe Needs to Prioritize the Switch to Quantum-Safe Encryption

Quantum machines will soon crack the encryption algorithms we use today to protect everything from national critical infrastructure to online banking. Europe, while a historic leader in quantum science, seems to be struggling to implement a meaningful and unified security response.

Greater Manchester Police Investigating a Third-Party Data Breach From a Ransomware Attack

A third-party data breach has exposed the personal data of UK’s Greater Manchester Police (GMP) officers and staff. Company that produces GMP’s staff ID cards was affected by a ransomware attack.

Iranian Hackers Use Password Spray Attacks to Compromise Defense Organizations, Pharmaceutical Firms

A recent campaign by Iranian hackers has been very successful in using password spray attacks to breach high-value targets, with a particular focus on defense organizations and satellites as well as pharmaceutical company research.

Airbus Data Breach from a Partner Airline’s Compromised Account Leaks Confidential Information

Airbus has confirmed a data breach that exposed confidential business information via a partner airline’s compromised account. Threat actors compromised a Turkish Airlines employee account using the Redline info-stealer malware in August 2023.

Investigation Finds Elon Musk May Have Violated FTC Order With Failure to Conduct Required Privacy and Security Review for “Twitter Blue”

A government investigation of Elon Musk's tenure as leader of Twitter has determined that there may be violations of a 2022 FTC order that required certain privacy and security measures be implemented.

Rethinking Cybersecurity: The Power of the Hacker Mindset

For organizations to stand a chance against cybercriminals, adopting a hacker mindset is crucial. Understanding their tactics, regularly updating skills, and proactively seeking vulnerabilities are the keys to outpacing cybercriminals.

Facebook Messenger Phishing Campaign Targets Millions of Business Accounts Locking Out Owners

Facebook Messenger phishing campaign targeted millions of business accounts using fake and hijacked personal accounts to trick business owners into installing an infostealer that harvests passwords and cookies before locking them out.

Mozilla: Connected Cars Perform Dismally on Privacy Tests, Every Brand Collecting Excessive Personal Information

Privacy tests have found that every connected car brand collects more personal data than it needs to, and employs it for non-essential purposes. The vast majority are sharing or selling customer data.

Caesars Entertainment Discloses Cyber Attack, Ransom Payment Made Weeks Before MGM Heist

Caesars Entertainment quietly disclosed its own recent cyber attack in a SEC filing. Unlike MGM, Caesars appears to have skated through their own incident by making a $15 million ransom payment to the hackers.

New Pegasus Spyware Zero-Click Patched Out by Apple in Ongoing Battle Against Commercial Zero-Days

Citizen Lab reports that the new Pegasus spyware zero-click zero-day impacts the most recent version of iOS (16.6) and likely prior versions dating back to the iPhone 8. As with the prior Pegasus attack vector, victims only need to receive a iMessage to be compromised; they do not need to open the message or interact with it.

Two Major Dutch Consumer Groups Bring Privacy Lawsuit Against Google

Two Dutch consumer groups, the Privacy Protection Foundation and Consumentenbond, have filed suit against Google over its targeted advertising auctions. The suit is seeking the equivalent of $804 for each Google user harmed by its "constant surveillance" and sharing of personal data.

SSE vs SASE: What You Need to Know

For IT leaders that only require a subset of Secure Access Service Edge (SASE) capabilities, preferring to focus mainly on the security aspects and leaving out the networking components, Security Service Edge (SSE), an emerging new cloud-native security framework, is potentially a better fit.

Okta: Sophisticated Social Engineering Attacks Are Targeting Super Administrators

Okta has warned about social engineering attacks by sophisticated actors targeting super administrators by tricking service desk staff into resetting multi-factor authentication for privileged users.

Privacy Advocates Celebrate Death of UK Online Safety Bill Clause as Government Admits Encrypted Messaging Can’t Be Scanned Without Breaking It

The most controversial portion of UK's Online Safety Bill appears to be dead in the water, as Ofcom has publicly admitted that the technology to create backdoors into encrypted messaging without breaking it does not exist.

Attackers Aren’t Just Getting Bolder – They’re Getting More Persistent

When targeted by an Advanced Persistent Threat (APT), an organization needs to be ready to defend from a variety of different attacks coming from different directions, sometimes all at once, and sometimes over a period of time.

Healthcare IT Service Provider IBM Data Breach Impacts Johnson & Johnson Customers

Johnson & Johnson’s IT service provider IBM has notified over 1 million Janssen CarePath customers of a data breach that leaked personal and medical information.

“Cybersecurity Issue” at MGM Brings Vegas Strip Properties to a Standstill

MGM, one of the two largest casino-hotel chains on the Strip, has not yet confirmed the nature of the attack, calling it a 'cybersecurity issue.' The properties remain open, but operations such as front desk check-ins and payouts for casino games have had to shift to entirely manual operations.

US and UK Authorities Have Sanctioned Conti Ransomware and TrickBot Cybercrime Gangs

The US Department of Treasury and the UK’s Foreign Office have sanctioned 11 Russian nationals for their role in Conti ransomware and TrickBot cybercrime gangs.

New SEC Disclosure Rule: Do the Benefits Outweigh the Concerns?

SEC's new rule for public companies to report data breaches within four days is a significant step towards transparency, cybersecurity preparedness, and standardizing reporting practices. Since news of the law broke, many security professionals have however expressed conflicting opinions.

TikTok’s New Data Center in Dublin Goes Live as Part of “Project Clover” EU Privacy Program

The opening of the Irish data center is part of the final stage of a EU privacy plan TikTok kicked off in mid-2021, seeking to address user data security concerns and the legal status of its international data transfers.

New X Privacy Policy Promises No Non-Public Personal Data Use in AI Models, Requires Consent for Biometric Info

Elon Musk followed the privacy policy update with a statement affirming that X's machine learning and AI models would not be trained with private and confidential information, such as direct messages.

Microsoft Releases Details of Theft of Signing Key by Chinese Hackers

Microsoft has traced the signing key theft back to a "crash dump" error. A breach of a Microsoft engineer's work account by the Chinese hackers then yielded access to the crash dump and the embedded signing key.

As Supply Chain Attacks Accelerate, SMBs Can Benefit From Multi-Layered Integrations

For SMBs, one breach that compromises the larger entities of their supply chain is enough to jeopardize business-critical revenue streams. With supply chain attacks an ongoing reality, now is the time for SMBs to think proactively about how to maximize the value of their security stack.

Security Service Edge (SSE) Gives Enterprises a Sophisticated Defense Against Cyberattack

Security Service Edge (SSE) converges multiple cybersecurity capabilities within a single, cloud-native software stack, and is designed to protect all enterprise edges – sites, users and applications, including the IoT-connected points — even as the contours of those edges shift.

Staggering Data Breach Exposed 47,000 London Met Police Officers and Staff

The UK Met Police is on high alert after a massive data breach exposed the identities and photographs of officers, including undercover cops and counter-terrorism agents.

Data Breach of Security Fencing Contractor Impacts UK Military Bases, Files Confirmed Stolen

UK military contractor confirmed that some information about military bases was stolen in the data breach, but insists that none of it was confidential or highly sensitive. Attackers apparently compromised a computer running manufacturing machine software that was still outfitted with Windows 7.

Data Breach at Apparel Giant Forever 21 Impacts Over 500,000 Individuals

Forever 21 has confirmed a data breach that impacted over 500,000 current and former employees. The company has however assured victims that hackers have deleted the stolen personal information, which included Social Security Numbers.

Consents and Their Management Under India’s Digital Personal Data Protection Act

India has enacted its long-awaited privacy legislation, the Digital Personal Data Protection Act on August 12. While there are various aspects of this Act which distinguish it from other privacy laws in the world, one that is particularly interesting is its approach towards user consent.

OpenAI Complaint Filed With Polish DPA Alleges Multiple GDPR Violations

A complaint in Poland alleges GDPR violations by ChatGPT in the areas of lawful basis for data processing, data access, fairness, transparency and personal privacy.

Barracuda ESG Zero-Day Attacks by Chinese Hackers Compromised Numerous U.S. Government Email Severs

Barracuda ESG zero-day attacks by Chinese state-sponsored threat actors compromised multiple U.S. state, local, and tribal government email servers. Over 200,000 private and government organizations worldwide depend on Barracuda email security gateway (ESG) appliances.

Delinea 2023 State of Cyber Insurance Report: Exclusions Increasing as Costs, Reasons for Denial of Coverage Going Up

Report shows cyber insurance coverage continues to become harder to obtain even as demand and prices continue to increase. For some small businesses, even a meaningful level of partial coverage might be out of reach at this point.

Schrems Continuing International Data Transfer Crusade With GDPR Complaint Against Fitbit

GDPR complaint points out that Fitbit forces EU users to accept international data transfers as a requirement to use the service, something that may not meet regulatory standards for free and informed consent.

Security Breach at Japan’s Cyber Security Agency May Have Been the Work of Chinese Hackers

A long-term breach of Japan's national cyber security agency may be the work of state-backed Chinese hackers. The security breach occurred in October 2022 and was disclosed in August of this year.

Revisiting the SolarWinds Incident With the Final SEC Cybersecurity Disclosure Rules

The SEC has been clear that proper risk management and timely cyber incident disclosures protect investors and other stakeholders. The regulators may make an example out of SolarWinds and its leadership at the time of the Orion incident to set the tone for the importance of software supply chain security.

Major Malware Botnet Offline After US-Led International Effort Takes Down Qakbot

The infrastructure for the Qakbot malware botnet that has been a plague since 2007 has been dismantled by an FBI-led law enforcement action. The botnet was composed of over 700,000 infected computers, and is responsible for hundreds of millions of dollars in damages worldwide during its run.

The Death of Authenticity: Generative AI and Large Language Models

We live in an age that values authenticity: being true to who you are and what you value. It is ironic, then, that one of the more recent innovations of the past few years—Large Language Models, or Generative AI—is in the process of undermining authenticity itself.

Over 2.6 Million Duolingo User Records Obtained via Data Scraping Published on Hacking Forum

Account information of over 2.6 million Duolingo users was obtained via data scraping of an exposed API, and recently leaked on an underground hacking forum.

Crypto Exchange Creditors Hit by SIM Swap Attack, Customer Information From FTX and Other Insolvent Companies Exposed in Data Breach

Kroll reports that the data breach was traced to a SIM swap attack on the phone of one of its employees, and that "limited" and "non-sensitive" claimant data was exposed. FTX account holders are already receiving phishing emails.

Despite Fines and Major Platform Changes, YouTube Still Violating Child Privacy by Serving Targeted Ads

A new report from ad evaluation firm Adalytics finds that some of YouTube’s targeted ads are still slipping through the cracks, and potentially violating federal child privacy law. The revelation has prompted two US Senators to write a letter to the FTC.

Navigating Your Path to a Career in Cyber Security: Practical Steps and Insights

Landing a job in cyber security may require persistence and continuous learning, so it's important to keep refining your skills, networking, and seeking new opportunities.

BlackCat/AlphaV Ransomware Gang Claims Seiko Data Breach, Starts Leaking Stolen Information

Japanese watchmaker Seiko has suffered a data breach that leaked sensitive information, with the Russian ransomware gang BlackCat/AlphaV claiming responsibility for the attack.

Ransomware Attack on Danish Hosting Providers Causes Almost Complete Data Loss for Customers

Two web hosting providers in Denmark are teetering on the brink after a devastating ransomware attack that wiped out most customer data. Given the ongoing difficulty of recovery, the companies are recommending that customers move to other hosting providers.

Tesla’s Data Breach That Exposed Over 75,000 Employees Was an Inside Job

Tesla has disclosed that the data breach impacting over 75,000 employees was an inside job. The electric automaker said two employees copied and shared confidential data with the German newspaper Handelsblatt.

US Consumer Finance Watchdog Proposes New Restrictions on Data Brokers

US consumer finance watchdog appears to have data brokers in its crosshairs, announcing that it is developing a new rules proposal for the industry. CFPB specifically noted a focus on the impact of AI and announced that an outline of proposals will be released sometime in September.

China Blames US Intelligence Agencies for Cyber Attack on Wuhan Emergency System, Claims Spies Were Probing for Underground Facilities

The attribution of the Wuhan cyber attack was followed by an announcement from Chinese authorities that a "highly secretive global reconnaissance system" run by US intelligence agencies would be exposed.

ChatGPT – IP and Privacy Considerations

Copying of protected works is generally a no-no. But, training of AI tools such as ChatGPT requires copying enormous amounts of data. The two positions appear potentially irreconcilable. This is where the “text and data mining” (TDM) exception to copyright and database rights comes in.

Rapattoni Cyber Attack Disrupts The Real Estate Industry

Real estate professionals lost access to property data and resorted to manual systems after a Californian multiple listing service (MLS) Rapattoni Corporation suffered a cyber attack.

Possible Multi-Billion Dollar Lawsuit Aimed at Google’s “Incognito Mode” Ruled a Triable Issue Due to Consumer Privacy Concerns

Google's bid to get rid of a class action lawsuit involving its "Incognito Mode" took a serious blow in a California court, as a judge denied the company's request for a summary judgment and said that the consumer privacy concerns raised by the company's data handling were fit for trial.

What the SEC’s Investigation of SolarWinds Means for CISOs and Cybersecurity Disclosures

This appears to be the first time that the SEC has sent a Wells Notice to a CISO. While novel, this Wells Notice furthers the SEC’s recent enforcement and rulemaking focus on meaningful and timely cybersecurity-related disclosures, as well as holding individual liable for their roles in company violations.

Tesla: Company Is in Compliance With Chinese Data Security Laws, “Sentry Mode” Is No Threat

A recent airport ban seems to have prompted a Weibo post by the company offering reassurances on its data security. The post reiterated that Tesla staff cannot access customer video remotely.

Data Leak of Identifying Information of Northern Ireland Police Officers Amidst a Backdrop of Increased Tensions

Data leak occurred when a sensitive document was mistakenly shared in connection to a freedom of information request, and takes place amidst a backdrop of increased tensions and fears of terrorism that have been growing since early 2023.

CSRB Exposes Lapsus$ Hacker Group’s Cyber Extortion Activities and Systemic Failures Enabling Them

The US Cyber Safety Review Board (CSRB) has published a comprehensive analysis of the Lapsus$ hacker group’s cyber extortion activities. The report highlighted simple but effective tactics the Lapsus$ hackers used to compromise organizations and the existing security gaps enabling them.

Companies Storing Personal Data Subject to New Compliance Audits in China in 2024

Any business in China with more than one million records of personal data, or those with just 10,000 records of sensitive personal data, are looking at new annual compliance audit requirements by the Cyberspace Administration of China (CAC).

It’s a Process, Not a Product: A Proven Approach to Zero Trust

The true essence of Zero Trust lies in embracing a process-centric approach rather than relying solely on products. CISA has established a set of maturity pillars that guide organizations in their journey toward zero trust. Understanding these pillars is essential for CISOs and CPOs looking to build a robust security framework.

4 Million Impacted in Colorado Department of Health Care IBM MOVEit Data Breach

Threat actors accessed personal and protected health information from the Colorado Department of Health Care after third-party vendor IBM suffered a MOVEit data breach.

DHS Subjecting Cloud Services to Security Reviews After Repeated Microsoft Security Issues

Though Microsoft is hardly alone in terms of cloud services experiencing serious security breaches, a string of Redmond mishaps appears to have prompted new security reviews by the Cyber Safety Review Board (CSRB).

The Strange Evolution of Data Loss Prevention (DLP)

DLP still ‘lives on’ in the capabilities of its successors and in the re-vamped versions hardline DLP providers have developed today. Let’s take a look at where this all came from, why the pivot, and where DLP is going in the future (which is, we can say, today).

Worldcoin’s Targeting of Developing Countries in Biometric Data Collection Raises Privacy Concerns

Under a month into the project, privacy concerns have already caused Worldcoin to be banned by some countries and targeted for regulation in others. The central issue is its collection of biometric data, as it promises "free money" in return for capturing iris scans.

EvilProxy Phishing Campaign Targets Over 120,000 Microsoft 365 Users

Security researchers have discovered an EvilProxy phishing campaign targeting 120,000 Microsoft 365 users with a focus on business executives with access to financial assets or sensitive information.

How to Stop Leaky Forms From Putting Ecommerce Customer Data at Risk

Some ecommerce sites may be unwittingly placing customer data at risk of exposure through forms that unintentionally collect PII without user consent. Here’s what retail security teams need to know about “leaky forms” and how to implement security policies that can protect customer data from this hazard.

Telegram Ban in Iraq Due to “National Security Concerns” Lifted

Telegram was suspended in Iraq at the ISP level for about a week by order of the Ministry of Communications. The cited reason was "national security concerns" and the leaking of private personal data of citizens.

Beating MFA Fatigue: Why Hackers Have Resorted to Prompt Bombing

One of the most significant barriers for cybercriminals when trying to compromise a user account is Multi-Factor Authentication (MFA). But what happens when users are overrun by notifications? Enter MFA bombing attacks to exploit MFA fatigue.

Dentons Quit Operations in China Due to Incoming Data Regulations

With fines and penalties (such as potential shutdown of company operations) looming in November of this year, some companies are opting to bail out of China rather than even attempt to comply with the slew of new data regulations.

China’s Draft Rules Would Force User Consent for Facial Recognition Technology, With Expected Government Exceptions

China’s new rules for facial recognition technology require companies to protect personal information, and to demonstrate a "specific purpose" and "sufficient necessity" when collecting biometric data of this nature.

Colorado Department of Higher Education Data Breach Leaks Personal Information Spanning Over 13 Years

Colorado Department of Higher Education (CDHE) has suffered a massive data breach leaking sensitive personal information of current and former students and educators spanning over a decade.

Blizzard of EU Regulation Triggers Changes at Meta, Company Will Now Obtain User Consent Before Serving Targeted Ads

Since the GDPR went into effect in 2018, Meta has done nearly everything possible to claim legitimate interest to avoid user consent for collecting personal information for targeted ads. The company appears to have finally reached the end of its rope in this area, though a recently announced changeover to a consent basis.

Your Company (And Your Teams) Are Using AI Whether You Know It or Not; Here Are Four Steps to Lay a Foundation for Better Policies

Setting up the right AI governance is a crucial foundation in these early days of AI. Companies that get governance right will be able to move faster, more confidently in the space – likely outperforming companies that lack the right safeguards to mobilize AI effectively.

How Privilege Solutions Dominate the World of Cybersecurity

Privilege solutions wield a transformative influence on the realm of cybersecurity, with two essential components, Privileged Identity Management (PIM) and Privileged Endpoint Management (PEM), taking center stage.

How to Choose the Right Identity Security Solution for Your Business

In the context of identity security, assessing your business needs and risk profile entails a thorough examination of your organization's particular requirements and weaknesses.

How to Educate Your Employees on Identity Authorization and Authentication

Identity authorization and authentication are fundamental aspects of cybersecurity that ensure only authorized users gain access to systems and data.

How to Protect Your Identity Online: 10 Best Practices for Cybersecurity

You may dramatically lower your risk of falling victim to cyber dangers and safeguard your privacy and security online by putting these 10 best practices into effect. Remain alert, knowledgeable, and safe.

How Zero Trust Architecture Can Enhance Your Identity Security

In a rapidly evolving digital landscape where traditional security paradigms fall short, the concept of Zero Trust Security has emerged as a proactive and comprehensive approach to safeguarding sensitive data and digital assets.

Identity Security vs Identity Management: What’s the Difference and Why It Matters

In the realm of digital identification, identity security and identity management stand as two distinct yet interconnected realms. Identity security takes center stage, driven by its core objective of safeguarding sensitive data and preserving the authenticity of an individual's identity.

The Benefits of Authentication Tools for Identity Security

Privileged Access Management (PAM) plays a crucial role in cyber security by providing granular control over identities and accounts, particularly those with elevated access privileges within an organization.

The Future of Identity Security: Biometrics, Blockchain, and Beyond

Blockchain allows the concept of self-sovereign identification in the field of identity management, where individuals have complete control over their personal information and how it is shared.

The Rise of Synthetic Identity Fraud: How to Detect and Prevent It

Synthetic identity fraud, which takes advantage of flaws in conventional identity verification systems, has emerged as a major threat to cybersecurity. It is challenging to identify this kind of fraud using traditional techniques since it includes the construction of fictional identities using a combination of true and made-up information.

The Role of Cross-Domain and Webauthn Cybersecurity Tools

As individuals and companies interact with increasingly different online platforms, apps, and services, the demand for a consistent approach to data and information security has expanded enormously across cybersecurity technologies that address the problem of managing security across domains by providing integrated solutions that traverse conventional boundaries.

The Top 5 Identity Security Threats in 2023 and How to Avoid Them

With the emergence of identity assaults driven by AI in 2023, the cybersecurity environment has undergone a worrying metamorphosis. Traditional security solutions are ineffective against these dynamic attacks because AI gives attackers the tools to automate and customize their tactics.

UK Voter Data Breach Leaked the Personal Information of 40 Million Individuals

Massive UK Electoral Commission data breach leaked voter data of 40 million individuals who registered to vote between 2014 and 2022. The electoral body said it first detected suspicious activity on its network in October 2022 and discovered that threat actors had accessed the systems 14 months prior.

Former Military Officials: Chinese Hackers Penetrated Japanese Military Networks in 2020, Maintained Presence Into 2021

Official sources say that Chinese hackers combed Japan's military networks over an extended period between 2020 and 2021 in search of military plans, documentation of capabilities, and assessments of vulnerabilities.

Zoom AI Data Collection Catching Users by Surprise, May Face Regulatory Action in EU

Zoom's plan for AI data collection is apparently to scrape it from internal customer activity. The March TOS update changed the platform terms to announce that Zoom reserved the right to use platform video, audio and chat content to train AI models.

Data Flowing From Connected Vehicles May Cause Manufacturers to Run Afoul of California Privacy Law

Under the new terms of the California Privacy Rights Act (CPRA), the California Privacy Protection Agency (CPPA) will be examining a broad range of data collected by car manufacturers, including what the vehicle cameras capture and what is passing through their apps.

Navigating the Ethical Landscape of AI in Cybersecurity

With its ability to analyze vast amounts of data quickly and accurately, AI can augment human capabilities and improve overall cybersecurity measures. However, there are also concerns surrounding its development and implementation. One of the biggest concerns is the question of control.

The FBI, CISA, NSA and the Five Eyes Published the Top Most Exploited Vulnerabilities of 2022

Cybersecurity agencies from the Five Eyes Alliance published the list of the 12 most exploited vulnerabilities of 2022, revealing that hackers prefer older unpatched software bugs, with one dating back to 2018.

CISA Issues New Strategic Plan Outlining Alignment With National Cybersecurity Strategy Through FY 2026

To a great degree the strategic plan builds on the previously published CISA Strategic Intent and formalizes a number of cybersecurity strategy initiatives the agency is already well underway with.

How Preemptive Action Can Mitigate Supply Chain Cyberattacks

Each partner in the software supply chain must understand their role in maintaining the security of the process. Transitioning from a blame-game to a proactive stance allows organizations to implement a well-defined, adaptable, and optimized strategy that helps mitigate risks and protect the supply chain.

Resurgent Hacktivist Group Executes Over 750 DDoS Attacks Targeting India, Israel, the Netherlands, and Others

A politically and religiously motivated hacktivist group has executed over 750 DDoS attacks and dozens of website defacements against India, Israel, the Netherlands, and others.

Emerging Market of Cybercrime Tools Driven by Generative AI Offers Automated Assistance With Fraud, Malware Creation

Generative AI models in the style of ChatGPT are being sold that promise to help create malware, write phishing emails, set up attack sites, scan for vulnerabilities, and more. The latest DarkBART and DarkBERT projects have been trained on dark web sites.

Personal Data Protection Bill Introduced in Indian Parliament, but Opposition Parties Are Already Pushing for Delays

India has now been seeking to establish a single national-level personal data protection bill for about six years. The newest development in this saga is the Digital Personal Data Protection Bill, the first attempt introduced to Parliament since the previous effort was withdrawn in 2022.

Why We Need a Completely New Type of Laws and Regulations in the Era of AI

The laws and regulations of the future will increasingly be read, analyzed and implemented by AI or by lawyers augmented with AI, and also by technology and business people, especially for SMEs who cannot afford lawyers.

Rough Week for DeFi Projects With Attacks on Finance Pools, Rug Pulls Creating Massive Losses

DeFi projects continue to be a popular target of attack for advanced hackers, as a number of finance pools associated with Curve were hit on July 31 for a total loss of about $61 million. The attack appears to have been the result of a vulnerability found in certain versions of the Vyper programming language.

Cyber Attack Crippled Hospital Systems Disrupting Healthcare Services Across Several U.S. States

Leading U.S. healthcare provider shut down central hospital systems after experiencing a cyber attack, disrupting primary care services across several U.S. states. Healthcare facilities were forced to halt operations, reschedule appointments, and divert ambulances.

Apple Developers Subject to New API Requirements in Bid to Eliminate User Fingerprinting

Apple developers that want to use certain APIs will have to submit an explanation of why they are necessary for program function, as part of a new effort to combat user fingerprinting.

U.S. Military Systems Infected by Chinese Malware: How Deep Does It Run?

Anonymous officials from the Biden administration have told the New York Times that Chinese malware has been planted in the networks that control the critical infrastructure of military bases. The "ticking time bomb" could potentially cripple military systems in the event of a conflict between the two countries.

Once The Domain of Pirated Games, “Info Stealers” Have Racked Up Hundreds of Thousands of Employee Logins

Info stealers are increasingly finding their way into corporate environments, possibly as a result of increased blurring of personal and work devices. Report finds that some 400,000 employee logins are available for sale on dark web sites and illicit Telegram channels.

The Importance of Threat Exposure Management during the M&A Process

During a M&A process, the scope of the organization’s attack surface is stretched to new limits. Every company, from Fortune 500s to smaller enterprises, has digital baggage that can dramatically increase potential security risks, from multiple generations of technologies, various IT stacks, and new and unknown risks in their environments.

Crypto Sleuth Attributes the Alphopo Crypto Theft to North Korean Hackers, Raises the Amount Stolen to $60 Million

On-chain investigator links North Korean hackers to the Alphopo crypto theft and discovers an additional $37 million, raising the amount stolen to $60 million.

Cybersecurity for Law Firms

Cybersecurity for law firms is more important than ever, regardless of the size of the firm. As cyber threats increase and become more advanced, law firms need to make cybersecurity a top priority. Clients entrust law firms with their confidential information, and any breach of this trust can lead to substantial reputation damage and financial […]

The post Cybersecurity for Law Firms appeared first on CyberDB.

Cyber Security Trends to Look Out for in 2023 and Beyond

As many technological advancements are taking place, cyber security has become a major concern for most organizations. The past few years have brought a revolution in technology as more people understand technology and rely on it in many ways. To ensure the safety and security of online activities Internet Service Providers use various technologies such […]

The post Cyber Security Trends to Look Out for in 2023 and Beyond appeared first on CyberDB.

Why is secure cloud storage necessary for your business?

Business optimization is an essential condition for its profitability. In this aspect, cloud storage helps to eliminate additional costs and organize work properly. How reliable is cloud storage? One of the principles of the providers’ work is to maintain strict confidentiality. A secure cloud is designed to store and protect user information in a high-quality […]

The post Why is secure cloud storage necessary for your business? appeared first on CyberDB.

DevOps Security Metrics and KPIs: A Comprehensive Guide

In the ever-evolving landscape of software development, the integration of security measures into the DevOps process is paramount. DevOps, a cultural and technical movement aimed at breaking down the silos between development and operations teams, has revolutionized how software is delivered. However, ensuring that this rapid delivery doesn’t compromise security requires a robust set of […]

The post DevOps Security Metrics and KPIs: A Comprehensive Guide appeared first on CyberDB.

Data Safety in Digital Gambling: Ensuring Your Bitcoin Casino’s Security

Since the inception of the Internet, our world has increasingly become digitized in nearly every aspect. For example, advances in technology have genuinely revolutionized the gaming industry and, in particular, the world of gambling. Nowadays, many gamblers have transitioned to online platforms where they can play their favorite games in their comfort zones. In this […]

The post Data Safety in Digital Gambling: Ensuring Your Bitcoin Casino’s Security appeared first on CyberDB.

How to Choose a Secured Online Gambling Site in India

In recent years, online gambling has witnessed explosive growth in India. With a burgeoning number of online casinos and betting platforms, it’s crucial to know how to separate the wheat from the chaff when choosing a secured online gambling site. In this article, we’ll guide you through the essential factors to consider to ensure a […]

The post How to Choose a Secured Online Gambling Site in India appeared first on CyberDB.

Tips for Training Your Staff on the Best Cybersecurity Practices

Implementing a cybersecurity strategy is important for any business owner. A data breach can lead to expensive fines, a negative company reputation, and a loss of income. While you can learn everything you need to know about the best cybersecurity strategies, your information is only as secure as your weakest employee. Every employee, partner, and […]

The post Tips for Training Your Staff on the Best Cybersecurity Practices appeared first on CyberDB.

Secure Your Business Systems: Top Tips for Protection

Business systems are the backbone of any successful company. They allow for efficient operations, streamlined communication, and effective management. However, with the increasing reliance on technology, the need for strong cybersecurity measures has become more important than ever. In today’s world, cyber threats are not a matter of if, but when. Therefore, it is crucial […]

The post Secure Your Business Systems: Top Tips for Protection appeared first on CyberDB.

Unconventional Security Measures for Your Business You Haven’t Considered

Business owners often think that they have all the necessary security measures in place to protect their company and its assets. However, there are several security measures that many businesses overlook and fail to implement. These overlooked measures can leave a business vulnerable to cyber attacks, theft, and other security breaches. One often-overlooked security measure […]

The post Unconventional Security Measures for Your Business You Haven’t Considered appeared first on CyberDB.

Cybersecurity and Usenet: Unveiling the Advantages

In today’s fast-paced digital era, where cyber threats are ever-present and online privacy is a concern, prioritizing cybersecurity has become essential for individuals and organizations. Surprisingly, many people are unaware of the significant advantages that Usenet offers in strengthening their security measures. As the oldest yet enduringly popular discussion platform out there, Usenet provides an […]

The post Cybersecurity and Usenet: Unveiling the Advantages appeared first on CyberDB.

Cybereason Sets the New Industry Standard in 2023 MITRE ATT&CK Evaluations: Enterprise

Fresh off the press: the results of the 2023 MITRE Engenuity ATT&CK^® Evaluations: Enterprise have been published, putting 30 security solutions to the test in real world scenarios that mimic the Turla threat actor.

The Cybersecurity Capability the Industry Nearly Forgot

When I started in cybersecurity back in the early 90’s, entire cyber security capabilities were just a couple of MB in size and would fit on a couple of floppy disks. Today, many cyber security capabilities are so big and complex that they rely on cloud computing, either for processing speed or the ability to leverage large data sets used in for example with Machine Learning as part of the detection and response capabilities.

Malicious Life Podcast: Is Generative AI Dangerous?

Every so often, the entire landscape of cybersecurity shifts, all at once: The latest seismic shift in the field occurred just last year. So in this episode of Malicious Life we’re going to take a look into the future of cybersecurity: at how generative AI like ChatGPT will change cyberspace, through the eyes of five research teams breaking ground in the field. We’ll start off simple, and gradually build to increasingly more complex, more futuristic examples of how this technology might well turn against us, forcing us to solve problems we’d never considered before. – check it out...

THREAT ANALYSIS: Assemble LockBit 3.0

Cybereason issues Threat Analysis reports to investigate emerging threats and provide practical recommendations for protecting against them.

Extend Cloud Detection and Response with Sysdig and Cybereason

Open XDR integration enriches Sysdig CDR signals to correlate and identify Malicious Operations across the broader enterprise.

Malicious Life Podcast: Why aren't there more bug bounty programs?

On the face of it, there's an obvious economic incentive for both vendors and security researchers to collaborate on disclosing vulnerabilities safely and privately. Yet bug bounty programs have gained prominence only in the past decade or so, and even today only a relatively small portion of vendors have such programs at place. Why is that? – check it out...

Malicious Life Podcast: The Voynich Manuscript

The constant battle between those who wish to encrypt data and those who wish to break these ciphers has made modern encryption schemes extremely powerful. Subsequently, the tools and methods to break them became equivalently sophisticated. Yet, could it be that someone in the 15th century created a cipher that even today’s most brilliant codebreakers and most sophisticated and advanced tools - cannot break?...

Malicious Life Podcast: Roman Seleznev: Did the Punishment Fit the Crime?

In 2019, Roman Seleznev, a 34 years-old Russian national, was sentenced to 27 years in prison: A sentence that’d make any criminal quiver. Seleznev's deeds had a horrendous effect on the 2.9 million individuals whose credit cards he stole and sold to cyber criminals for identity theft and financial crimes. On one hand, it’s hard to imagine any nonviolent computer crime worth 27 years in prison. But then what is an appropriate sentence for such a man as Seleznev? – check it out...

Cybereason's New Unified MalOp Dashboard

cybereason defense platform Unified Malop Dashboard

Cybereason is excited to announce a new unified Malop Dashboard

As cyber threats continue to evolve, Security Operations Center (SOC) teams face immense challenges in protecting their organizations. To be successful SOC needs not only the right technology but effective leverage of people and processes. To help SOC teams stay ahead of the curve, Cybereason introduces a unified dashboard designed to provide additional insights into emerging threats, operational metrics and provide insights to continuously improve SOC processes and procedures.

Malicious Life Podcast: Sony BMG's Rootkit Fiasco

"We made a mistake and Sony paid a terrible price.” A terrible price indeed: an arrogant and ill-advised decision to include a rootkit in its music CDs cost Sony BMG a lot of money - and painted it as a self-centered, self-serving company that cares more about its bottom line than its customers. Why did Sony BMG make such a poor decision? – check it out...

How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Soon�

Posted by Sean @ 12:52 GMT

Our "construction project" is progressing nicely.

A work in progress

And it should resolve this…

Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.

On 18/08/15 At 12:52 PM

Work In Progress

Posted by Sean @ 13:25 GMT

Regular readers will have noticed it's been slow here of late.

Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.

On 13/08/15 At 01:25 PM

"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT

Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:

iOS 9 Public Beta 2, Install

And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.

iOS 9 Public, Safari Block Alerts

We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.

On 23/07/15 At 09:53 AM

Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT

Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.

seaduke_crossplatform (39k image)
An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.

bastion_z (12k image)
A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.

onedrive_z (7k image)
A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".

decoy_ndi_small (63k image)
Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.

decoy_fax (72k image)
The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP

On 22/07/15 At 11:59 AM

'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT

VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.

The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.

On 20/07/15 At 12:40 PM

IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT

The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:

iosclean.com

Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:

Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.

error1014.com

The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)

On 17/07/15 At 10:15 AM

Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT

After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.

overall_stats (11k image)

Here are the stats for each exploit kit:

ek_stats (27k image)

The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:

weekend_wave_stats (22k image)

Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:

angler_vs_hanjuan_urlpattern (9k image)

We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:

anglerek_ht0d_3 (26k image)

HanJuan Flash Exploit:

hanjuanek_ht0d_3 (23k image)

There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.

On 13/07/15 At 12:29 PM

The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT

When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):

hacking_team_client_list (86k image)

Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:

hacking_team_hack_1 (95k image)

hacking_team_hack_2 (72k image)

Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.

Post by – Su Gim

On 08/07/15 At 02:31 AM

Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT

The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.

Wassenaar Arrangement definitions
(Source)

So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.

On 09/06/15 At 01:25 PM

Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT

I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.

_WalkinWiFi

Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean

On 08/06/15 At 01:27 PM

SMS Exploit Messages

Posted by Sean @ 13:56 GMT

There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.

S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:

Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:

Effective Power Unicode iOS hack vs Twitter

On 28/05/15 At 01:56 PM

Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT

In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:

crypt_email (104k image)

When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:

crypt_email_redirect_italy (187k image)

So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:

crypt_email_mal_italy (302k image)

Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:

crypt_email_redirect_spain (74k image)

If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:

crypt_email_target_spain (57k image)

And then to the malware itself:

crypt_email_mal_spain (313k image)

This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor

On 19/05/15 At 03:17 AM

Mac Hack Demonstration

Posted by Sean @ 12:46 GMT

Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.

Don't worry, it's an authorized hack, she asked her mom for permission.

On 15/05/15 At 12:46 PM

Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

GMX (Global Mail eXchange) Mail is an email service where users may register up to 10 individual email addresses at no cost. As a result, threat actors are leveraging this service to easily spin up new email addresses and effectively delivering phishing attacks that bypass Microsoft o365 and Google Workspace, landing in an organization’s email […]

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries. As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

7 Best Sophos Alternatives & Competitors in 2023 [Features, Pricing & Reviews]

In the ever-evolving cybersecurity landscape, businesses constantly seek robust security solutions to protect their digital assets. Sophos, a well-known name in the cybersecurity industry, has been a trusted choice for many organizations. However, with the market continuously expanding and new threats emerging, exploring alternatives and competitors is essential to ensure your cybersecurity needs are met. […]

The post 7 Best Sophos Alternatives & Competitors in 2023 [Features, Pricing & Reviews] appeared first on Heimdal Security Blog.

Apple Fixes 3 New Actively Exploited Zero-Day Vulnerabilities

Apple released an emergency security update to patch three newly identified zero-days exploited actively by threat actors. The vulnerabilities affected iPhone and Mac users, and with this, the total zero-days fixed by Apple this year rose to 16. What Do We Know About the Vulnerabilities? Two of the vulnerabilities were found in the WebKit browser […]

The post Apple Fixes 3 New Actively Exploited Zero-Day Vulnerabilities appeared first on Heimdal Security Blog.

New Threat Group: Sandman Targets Telecommunication Companies Across the World With Infostealers

A previously unknown threat group known as “Sandman” is making its presence felt. The group uses a modular information-stealing malware called “LuaDream” to target telecommunication service providers in the Middle East, Western Europe, and South Asia. Sandman: How This New Threat Operates In order to maximize its cyberespionage operations, Sandman adopts a low profile to […]

The post New Threat Group: Sandman Targets Telecommunication Companies Across the World With Infostealers appeared first on Heimdal Security Blog.

Computer Security Incident Response Team (CSIRT): How to Build One

According to the World Economic Forum, “widespread cybercrime and cyber insecurity” is rated as one of the greatest worldwide dangers for the following two and ten years. This means that your organization needs to constantly improve its cybersecurity posture. A known way of doing this is through a Computer Security Incident Response Team (CSIRT). This […]

The post Computer Security Incident Response Team (CSIRT): How to Build One appeared first on Heimdal Security Blog.

International Criminal Court Reveals System Breach and Plans to Bolster Security

The International Criminal Court (ICC) announced on September 19th that hackers breached their computer systems. ICC storages highly sensitive information about war crimes and is thus one of the world`s most important public institutions. What We Know About the ICC System Breach Tuesday afternoon ICC disclosed that last week they detected anomalous activity on their […]

The post International Criminal Court Reveals System Breach and Plans to Bolster Security appeared first on Heimdal Security Blog.

Critical GitLab Pipeline Vulnerability Revealed. Users are urged to patch immediately

GitLab disclosed critical vulnerability that enables hackers to run pipelines as other users by leveraging scheduled security scan policies. The platform issued an advisory and urged users to apply available updates as soon as possible. The GitLab pipeline vulnerability was dubbed CVE-2023-4998 and received a 9.6 CVSS risk score. More About the GitLab Pipeline Vulnerability […]

The post Critical GitLab Pipeline Vulnerability Revealed. Users are urged to patch immediately appeared first on Heimdal Security Blog.

Improper Usage of SAS Token Leads to Massive Microsoft Data Leakage

Microsoft researchers leaked 38TB of sensitive data to a public GitHub repository while training open-source AI learning models. The Microsoft data leakage occurred starting July 2020 and white hat hackers only discovered and reported it on June 22nd, 2023. Consequently, Microsoft issued an advisory claiming that: No customer data was exposed, and no other Microsoft […]

The post Improper Usage of SAS Token Leads to Massive Microsoft Data Leakage appeared first on Heimdal Security Blog.

What Is Nmap and How to Use It to Enhance Network Security

Nmap is short for Network Mapper, an open-source tool used for port and IP scanning and app detection. Network and system administrators use it for network inventory, managing service upgrade schedules, and monitoring service uptime. At first, it was developed as a Linux tool but is now available also for Windows and MacOS. Users can […]

The post What Is Nmap and How to Use It to Enhance Network Security appeared first on Heimdal Security Blog.

Cryptocurrency Scams to Heavily Target TikTok Users

Cybercriminals heavily target TikTok users with cryptocurrency giveaway scams. The vast majority of the posts impersonate Elon Musk and relate to Tesla or SpaceX. These types of posts have been on other social media platforms – Instagram and Twitter – for years. But now the scammers have moved to the video-sharing platform. Cryptocurrency Scams on […]

The post Cryptocurrency Scams to Heavily Target TikTok Users appeared first on Heimdal Security Blog.

EDR for Banking: 6 Ways EDR Can Help Financial Organizations

There are financial advantages to investing in cybersecurity, especially in Endpoint Detection and Response (EDR) solutions. Breaching one financial institution can bring threat actors access to a variety of companies’ assets. That is because banks store money and data for clients in the business sector. This means that a breach of a financial organization can […]

The post EDR for Banking: 6 Ways EDR Can Help Financial Organizations appeared first on Heimdal Security Blog.

Best Practices for Endpoint Security in Healthcare Institutions

While achieving compliance with industry standards is the minimum, it’s not enough to prevent insider threats, supply chain attacks, DDoS, or sophisticated cyberattacks such as double-extortion ransomware, phishing, business email compromise (BEC), info-stealing malware or attacks that leverage the domain name system (DNS). That is simply because being compliant does not necessarily imply being cyber […]

The post Best Practices for Endpoint Security in Healthcare Institutions appeared first on Heimdal Security Blog.

How DNS Layer Security Stops Ransomware and Other Cyberattacks

DNS-Layer Security protects users from threats that arise from inbound and outbound traffic. It refers to monitoring communications between endpoints and the internet at a DNS-layer level. Imagine the DNS layer security as a gatekeeper who makes sure that all potentially malicious visitors remain at the gate. But that`s not all. The gatekeeper keeps an […]

The post How DNS Layer Security Stops Ransomware and Other Cyberattacks appeared first on Heimdal Security Blog.

Top 10 Healthcare Data Breaches [2022-2023]

In recent years, healthcare institutions have become prime targets for cyberattacks. The year 2022 witnessed an alarming increase in the number of incidents where hospitals and other healthcare facilities were hacked, resulting in data breaches, system shutdowns, and compromised patient care. In 2022 alone, the United States Department of Health and Human Services (HSS) reported […]

The post Top 10 Healthcare Data Breaches [2022-2023] appeared first on Heimdal Security Blog.

Two New York Hospitals Breached by the LockBit Ransomware Group

The notorious LockBit ransomware group claims to have breached two major hospitals from upstate New York, the Carthage Area Hospital and Claxton-Hepburn Medical Center. The two hospitals serve hundreds of thousands of patients. Details on the Attack: The Hospitals Are Struggling The two hospitals have been suffering greatly as a result of the cyberattack that […]

The post Two New York Hospitals Breached by the LockBit Ransomware Group appeared first on Heimdal Security Blog.

What Effect Does Firm Size Have on Ransomware Threats?

In an increasingly digital world, the threat of ransomware looms large over organizations of all sizes. However, the impact of ransomware attacks can vary significantly depending on the size of the targeted firm. This article delves into the effects of firm size on ransomware threats, examining how different sizes of organizations experience distinct impacts when […]

The post What Effect Does Firm Size Have on Ransomware Threats? appeared first on Heimdal Security Blog.

ISC Stormcast For Monday, September 25th, 2023 https://isc.sans.edu/podcastdetail/8672, (Mon, Sep 25th)

No summary available.

YARA Support for .LNK Files, (Sun, Sep 24th)

The upcoming version of YARA 4.4.0 will include a new module for .lnk files.

Scanning for Laravel - a PHP Framework for Web Artisants, (Sat, Sep 23rd)

Today while reviewing my honeypot logs, I noticed an HTTP request for a directory this week I had not noticed before that included Laravel:

ISC Stormcast For Friday, September 22nd, 2023 https://isc.sans.edu/podcastdetail/8670, (Fri, Sep 22nd)

No summary available.

Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS, (Thu, Sep 21st)

This update patches three already exploited vulnerabilities:

ISC Stormcast For Thursday, September 21st, 2023 https://isc.sans.edu/podcastdetail/8668, (Thu, Sep 21st)

No summary available.

What's Normal? DNS TTL Values, (Wed, Sep 20th)

I am trying to start a series of brief diaries about "what&#;x26;#;39;s normal." Analysts often only look at the network when they suspect something is wrong. But to find the anomaly, someone must first know what&#;x26;#;39;s normal. So, I am trying to collect data from my home network to show what to consider. The values I am presenting here are normal for my home network and will likely differ for your network. So, instead of just copying/pasting, run the experiment yourself :)

ISC Stormcast For Wednesday, September 20th, 2023 https://isc.sans.edu/podcastdetail/8666, (Wed, Sep 20th)

No summary available.

Obfuscated Scans for Older Adobe Experience Manager Vulnerabilities, (Tue, Sep 19th)

Adobe Experience Manager (AEM) is a complex enterprise-level content management system built around open-source products like Apache Sling, Jackrabbit/Oak, and Felix. Just last week, Adobe patched another XSS vulnerability in AEM. But the scans we see now target older vulnerabilities, likely a vulnerability 2-3 years old.

ISC Stormcast For Tuesday, September 19th, 2023 https://isc.sans.edu/podcastdetail/8664, (Tue, Sep 19th)

No summary available.

New Wave of Hospitality Phishing Attacks: Compromise User Credentials, Then Go Phish

First Compromise Credentials, and Then Go Phish

The hospitality sector is seeing a new wave of phishing attacks.

These new attacks are more plausible because they begin with compromised credentials and move to fraudulent emails sent from within a trusted network. The compromised systems are legitimate booking sites; the victims are the guests.

Organizations Starting to Understand the Impact of Ransomware, But Their Efforts Not Enough to Overcome Infostealer Malware

Organizations are Starting to Understand the Impact of Ransomware - But Their Efforts are Still Not Enough to Defeat Infostealer Malware

Recent findings in a SpyCloud report shows companies are starting to recognize and shift their priorities to defend against ransomware attacks, but the use of infostealer malware still has a high success rate for cybercriminals.

[NEW RELEASE]: Unleash the Power of Cybersecurity Education with KnowBe4’s 'Hack-A-Cat' on Roblox

What do cheese, fish and cybersecurity training have in common?

Each of these comes together to help keep kids informed about cyber threats and cybersecurity best practices with KnowBe4’s first ever entry into the Roblox gaming platform: Hack-A-Cat!

Cybercriminals Use Google Looker Studio to Host Crypto Scam to Steal Money and Credentials

Cybercriminals Use Google Looker Studio to Host Crypto Scam Intent on Stealing Money and Credentials

Security researchers at Check Point have discovered yet another attack that leverages legitimate web applications to host attacks in order to bypass security scanners.

Tools From Cybercrime Software Vendor W3LL Found to be Behind the Compromise of 56K Microsoft 365 Accounts

A new report uncovers the scope and sophistication found in just one cybercrime vendor’s business that has aided credential harvesting and impersonation attacks for the last 6 years.

MFA Defenses Fall Victim to New Phishing-As-A-Service Offerings

ZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication.

[YIKES] AI Now Enables Subliminal Image "Inception"

Seen Christopher Nolan's movie Inception? If you haven't, it's about a thief who is given the task of planting an idea into the mind of a CEO. The technology of implanting ideas is nothing new. Communist regimes were the very early countries developing mind control technologies. American psychologists have experimented with subliminal messaging including in advertising.

Chinese Spies Infected Dozens of Networks With Thumb Drive Malware

WIRED just published an article that made me both disappointed and surprised at the same time. Security researchers found USB-based Sogu espionage malware spreading within African operations of European and US firms.

New SEC Rules Add Challenges in Uncertain Cyber Insurance Market

[BUDGET AMMO] Jeremy King is a partner at Olshan Frome Wolosky. He wrote an article for Bloomberg where he analyzed cyber risk management issues that companies should prioritize in response to new SEC reporting requirements for cybersecurity incidents and threats.

Vanishing Act: The Secret Weapon Cybercriminals Use in Your Inbox

Researchers at Barracuda describe how attackers use legitimate email inbox rules to control compromised accounts and evade detection.

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority.

Related: SMBs too often pay ransom

Small businesses, including nonprofit … (more…)

GUEST ESSAY: Caring criminals — why some ransomware gangs now avoid targeting hospitals

Ransomware is a significant threat to businesses worldwide. There are many gangs that work together to orchestrate increasingly damaging attacks. However, some of these groups follow codes of conduct that prevent them from purposefully targeting hospitals.

Related: How Putin has … (more…)

Black Hat Fireside Chat: Flexxon introduces hardened SSD drives as a last line defense

Creating ever smarter security software to defend embattled company networks pretty much sums up the cybersecurity industry.

Cutting against the grain, Flexxon, a Singapore-based supplier of NAND memory drives and storage devices, arrived … (more…)

News alert: Omdia finds risk-based vulnerability management set to encompass the VM market

LONDON, Sept. 18, 2023 – The first comparative research into the evolution of the vulnerability management market authored by Omdia has found risk-based vulnerability management (RVBM) is set to encompass the entire vulnerability management market by 2027.

Omdia’s comprehensive market … (more…)

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

In today’s digital age, trust has become a cornerstone of building a better Internet.

Preserving privacy for a greater good

The Internet was designed as a platform for peer research, not for the vast scale and diverse uses we see … (more…)

Black Hat Fireside Chat: The impactful role crowdsourced security intelligence must play

From Kickstarter to Wikipedia, crowdsourcing has become a part of everyday life.

Sharing intel for a greater good

Now one distinctive type of crowdsourcing — ethical hacking – is positioned to become a much more impactful component of securing modern … (more…)

News Alert: Traceable AI report exposes true scale of API-related data breaches, top challenges

San Francisco, Calif. —Traceable AI, the industry’s leading API security company, today released its comprehensive research report – the 2023 State of API Security: A Global Study on the Reality of API Risk.

Despite APIs being critical to the … (more…)

GUEST ESSAY: Robust data management can prevent theft, guard intellectual property

In an era of global economic uncertainty, fraud levels tend to surge, bringing to light the critical issue of intellectual property (IP) theft.

Related: Neutralizing insider threats

This pervasive problem extends beyond traditional notions of fraud, encompassing both insider threats … (more…)

GUEST ESSAY: Securing your cryptocurrency — best practices for Bitcoin wallet security

Over time, Bitcoin has become the most widely used cryptocurrency in the world. Strong security measures become increasingly important as more people use this digital currency.

Preserving privacy for a greater good

For managing and keeping your Bitcoin assets, you … (more…)

News Alert: Reflectiz declares war on Magecart web-skimming attacks as holidays approach

Tel Aviv, Israel, Sept. 5, 2023 — Reflectiz, a cybersecurity company specializing in continuous web threat management offers an exclusive, fully remote solution to battle Magecart web-skimming attacks, a popular type of cyberattacks involving injecting malicious code into the … (more…)

Emergency update! Apple patches three zero-days

Categories: Exploits and vulnerabilities

Categories: News

Tags: Apple

Tags: emergency

Tags: update

Tags: CVE-2023-41991

Tags: CVE-2023-41992

Tags: CVE-2023-41993

Apple has released patches for three zero-day vulnerabilities that may have been actively exploited.

(Read more...)

The post Emergency update! Apple patches three zero-days appeared first on Malwarebytes Labs.

T-Mobile spills billing information to other customers

Categories: News

Categories: Personal

Tags: T-Mobile

Tags: billing details

Tags: data breach

Tags: glitch

T-Mobile customers recently found other subscribers' information on their online dashboards.

Involved in a data breach? Here’s what you need to know

Categories: News

Categories: Personal

If you've received a message from a company saying your data has been caught up in a breach, you might be unsure what to do next. Well, we have some tips for you...

Steer clear of cryptocurrency recovery phrase scams

Categories: Personal

Tags: cryptocurrency

Tags: mark cuban

Tags: scam

Tags: phish

Tags: phishing

Tags: wallet

Tags: hot

Tags: cold

Tags: metamask

Tags: extension

Tags: browser

Tags: mobile

Tags: android

Tags: search engine

We take a look at a common cryptocurrency scam which focuses on your recovery phrase.

DoppelPaymer ransomware group suspects identified

Categories: News

Categories: Ransomware

More DoppelPaymer ransomware group suspects have been identified by blockchain investigations and had search warrants executed against them.

(Read more...)

The post DoppelPaymer ransomware group suspects identified appeared first on Malwarebytes Labs.

The privacy perils of the Metaverse

Categories: Personal

Tags: metaverse

Tags: meta

Tags: Facebook

Tags: VR

Tags: AR

Tags: XR

Tags: reality

Tags: virtual reality

Tags: privacy

Tags: safety

We take a look at the privacy implications of the Metaverse.

(Read more...)

The post The privacy perils of the Metaverse appeared first on Malwarebytes Labs.

The mystery of the CVEs that are not vulnerabilities

Categories: Business

Categories: Exploits and vulnerabilities

Categories: News

Tags: CVE

Tags: NVD

Tags: vulnerabilities

Tags: CVE-2020-19909

Researchers have raised the alarm about a large set of CVE for older bugs that never were vulnerabilities.

Microsoft AI researchers accidentally exposed terabytes of sensitive data

Categories: Business

Categories: News

Tags: blob

Tags: SAS

Tags: Microsoft

Tags: Wiz

Tags: secrets

Microsoft AI researchers posted a long-living, overly permissive, SAS token on GitHub, exposing 38 TB of data.

Compromised Free Download Manager website was delivering malware for years

Categories: News

Tags: Free Download Manager

Tags: Linux

Tags: Debian

Tags: crond

Tags: reverse shell

After three years of delivering malware to selected visitors, Free Download Manager was alerted to the fact that its website had been compromised.

Malwarebytes named leader across six endpoint security categories, marking its ease of use, in G2 Fall 2023 results

Categories: Business

Malwarebytes is the only vendor recognized as “Easiest to Use” with the “Easiest Admin” for its EDR and MDR solutions in the recent G2 Fall 2023 results.

ThemeBleed exploit is another reason to patch Windows quickly

Categories: Exploits and vulnerabilities

Categories: News

Tags: theme

Tags: themepack

Tags: Microsoft

Tags: cve-2023-38146

Tags: msstyles

An exploit has been released for a vulnerability in .themes that was patched in the September 2023 Patch Tuesday update.

Ransomware group steps up, issues statement over MGM Resorts compromise

Categories: Business

Tags: MGM Resorts

Tags: hotel

Tags: casino

Tags: ransomware

Tags: blackcap

Tags: ALPHV

We take a look at a ransomware group's claims that they were the ones responsible for the MGM Resorts attack.

A week in security (September 11 - September 17)

Categories: News

Tags: week

Tags: security

Tags: September

Tags: 2023

Tags: iPhone

Tags:

A list of topics we covered in the week of September 11 to September 17 of 2023

(Read more...)

The post A week in security (September 11 - September 17) appeared first on Malwarebytes Labs.

Europol lifts the lid on cybercrime tactics

Categories: News

Categories: Ransomware

Tags: Europol

Tags: Phishing

Tags: RDP

Tags: VPN

Tags: Exchange

Tags: LOTL

Tags: BEC

Tags: ransomware

Tags: IAB

Tags: crypter

Tags: Flubot

A Europol report discusses developments in cyberattacks, new methodologies, and threats as observed by Europol’s operational analysts.

(Read more...)

The post Europol lifts the lid on cybercrime tactics appeared first on Malwarebytes Labs.

Malwarebytes wins every Q2 MRG Effitas award & scores 100% on new phishing test

Categories: Business

Dive into where we prevented more than the rest and how we were able to do it.

Watch out, this LastPass email with "Important information about your account" is a phish

Categories: News

Categories: Scams

We caught a nasty phish yesterday, likely looking to feed on victims of last year's LastPass breach.

iPhone 15 launch: Wonderlust scammers rear their heads

Categories: Personal

Tags: apple

Tags: wanderlust

Tags: cryptocurrency

Tags: event

Tags: BTC

Tags: ETH

Tags: fake

We take a look at a cryptocurrency scam riding on the coat tails of the Apple Wonderlust event.

Upgrading your iPhone? Read this first

Categories: Apple

Categories: News

Tags: Wonderlust

Tags: iPhone

Tags: iCloud

Tags: backup

Tags: 2FA

Tags: Apple D

Tags: trusted device

Has the launch of the iPhone 15 triggered a yearning to upgrade to a new model? Here are some tips to consider during transfer.

(Read more...)

The post Upgrading your iPhone? Read this first appeared first on Malwarebytes Labs.

3 reasons why your endpoint security is not enough

Categories: Business

Watch our recent webinar and learn about weaknesses in your current endpoint security setup and how to address them.

(Read more...)

The post 3 reasons why your endpoint security is not enough appeared first on Malwarebytes Labs.

Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days

Categories: Business

Categories: Exploits and vulnerabilities

Categories: News

Tags: Microsoft

Tags: Adobe

Tags: Android

Tags: Apple

Tags: Chrome

Tags: SAP

Tags: Exchange

Tags: Visual Studio

Tags: CVE-2023-36761

Tags: CVE-2023-36802

Tags: CVE-2023-29332

Tags: Azure

Microsoft's September 2023 Patch Tuesday is another important one. It patches two vulnerabilities which are known to be actively exploited.

IT Governance Podcast 22.09.23: MGM Resorts, Microsoft Azure, International Criminal Court

This week, we discuss a cyber attack on MGM Resorts that has allegedly cost the company millions of dollars in revenue even before it began its remediation efforts, the leak of 38 terabytes of Microsoft data and a cyber attack on the International Criminal Court in The Hague.

The post IT Governance Podcast 22.09.23: MGM Resorts, Microsoft Azure, International Criminal Court appeared first on IT Governance UK Blog.

MGM Resorts suffers ransomware infection following social engineering attack

The gaming giant MGM Resorts has shut down large parts of its systems following a ransomware attack, causing widespread disruption across its hotels and casinos. TechCrunch reports that many of MGM’s casinos are “out of action” and staff have had to resort to using pen and paper. The story was first reported by the malware repository vx-underground on 13 September. It claimed that the perpetrators were an associate of the ALPHV/BlackCat ransomware-as-a-service group identified as Scattered Spider. An admin for ALPHV/BlackCat later confirmed this to BleepingComputer. Scattered Spider is known for its social engineering attacks, such as impersonating help desk

The post MGM Resorts suffers ransomware infection following social engineering attack appeared first on IT Governance UK Blog.

Catches of the Month: Phishing Scams for September 2023

Welcome to our September 2023 catches of the month feature, which examines recent phishing scams and the tactics criminals use to trick people into compromising their data. Following last month’s news that Microsoft was the most impersonated brand in phishing scams in Q2 2023 – which is hardly surprising given its popularity – this month we discuss three more Microsoft-based scams: two involving Teams and one exploiting Word. Storm-0324 malware distributor targets victims via Teams Microsoft reports that a threat actor identified as Storm-0324, who has been associated with email phishing campaigns since at least 2016, has been sending phishing

The post Catches of the Month: Phishing Scams for September 2023 appeared first on IT Governance UK Blog.

IT Governance Podcast 08.09.23: Electoral Commission (again), Meta, Pôle emploi

This week, we discuss security issues at the Electoral Commission, Meta’s appeal against daily GDPR fines, and a breach affecting 10 million users of the French unemployment agency Pôle emploi. Also available on Spotify, Amazon Music, Apple Podcasts and SoundCloud. Transcript: Hello and welcome to the IT Governance podcast for Friday, 8 September 2023. Here’s the news: As discussed in our 11 August podcast, the Electoral Commission issued a public notification of what it called a “complex cyber-attack” on 8 August, in which “hostile actors” gained access to the UK’s electoral registers, which contain somewhere in the region of 46 million people’s personal information. According to the

The post IT Governance Podcast 08.09.23: Electoral Commission (again), Meta, Pôle emploi appeared first on IT Governance UK Blog.

List of Data Breaches and Cyber Attacks in 2023

Welcome back to our new-look list of data breaches and cyber attacks. On this page, you’ll find a comprehensive analysis of recent data breaches. According to our research, there were 73 publicly disclosed security incidents in August 2023, and they accounted for 79,729,271 compromised records. You can find a link to the full list below, where you can also find more detail about the biggest cyber attacks of August, as well as the year so far. Each month, we’ll update this page with the latest figures and links, so be sure to bookmark it to keep an eye out for

The post List of Data Breaches and Cyber Attacks in 2023 appeared first on IT Governance UK Blog.

List of Data Breaches and Cyber Attacks in August 2023 – 79,729,271 Records Breached

IT Governance found 73 publicly disclosed security incidents in August 2023, accounting for 79,729,271 breached records. You can find the full list below, divided into four categories: cyber attacks, ransomware, data breaches, and malicious insiders and miscellaneous incidents. For more details about the year’s incidents, check out our new page, which provides a complete list of known data breaches and cyber attacks in 2023. It also breaks down each month’s cyber security incidents and provides more information about the biggest and most notable breaches of the month. Cyber attacks Ransomware Data breaches Malicious insiders and miscellaneous incidents

The post List of Data Breaches and Cyber Attacks in August 2023 – 79,729,271 Records Breached appeared first on IT Governance UK Blog.

IT Governance Podcast 25.8.23: Tesla, Duolingo, Lapsus$ trial

This week, we discuss “insider wrongdoing” at Tesla, a data breach affecting 2.6 million Duolingo users and the conclusion of a two-month court case against members of the Lapsus$ gang. Also available on Spotify, Amazon Music, Apple Podcasts and SoundCloud. Transcript: Hello and welcome to the IT Governance podcast for Friday, 25 August 2023. Here’s the news: A data breach at Tesla, which affected 75,735 people and saw sensitive company data compromised, was caused by two former employees, the electric car maker has said. In a data breach notice filed with Maine’s attorney general, Tesla’s data privacy officer, Steven Elentukh, said its investigation into the

The post IT Governance Podcast 25.8.23: Tesla, Duolingo, Lapsus$ trial appeared first on IT Governance UK Blog.

IT Governance Podcast 11.8.23: Electoral Commission, PSNI, Capita

This week, we discuss data breaches affecting the Electoral Commission and the Police Service of Northern Ireland, and the financial repercussions of Capita’s March ransomware incident. Also available on Spotify, Amazon Music, Apple Podcasts and SoundCloud.

The post IT Governance Podcast 11.8.23: Electoral Commission, PSNI, Capita appeared first on IT Governance UK Blog.

A Guide to the GDPR and CCTV in the Workplace

You might be surprised to learn that CCTV footage is subject to the GDPR (General Data Protection Regulation). Its rules don’t only cover written details, like names and addresses; it applies to any information that can identify someone. That includes pictures and videos, which is why you should be careful about the way you use CCTV. In this article, we look at the relationship between the GDPR and CCTV footage, and provide our tips to ensure that your video surveillance methods are GDPR-compliant. 1. Make sure people know they’re being recorded Transparency is a core principle of the GDPR. You must tell people

The post A Guide to the GDPR and CCTV in the Workplace appeared first on IT Governance UK Blog.

Catches of the Month: Phishing Scams for August 2023

Welcome to our August 2023 catches of the month feature, in which we explore the latest phishing scams and the tactics that cyber criminals use to trick people into handing over personal data. This month, we have a pair of stories about Microsoft. The first looks at an alarming rise in phishing scams that impersonate the tech firm, while the second discusses a new security feature that’s designed to protect users from password compromise. Microsoft becomes the most mimicked phishing brand Phishing scams involving Microsoft have soared in the past three months, according to research from the security firm Check Point.

The post Catches of the Month: Phishing Scams for August 2023 appeared first on IT Governance UK Blog.

Overview of IoT threats in 2023

IoT threats: how devices get hacked, what malware is uploaded, and what services are on offer on the dark web in 2023.

Threat landscape for industrial automation systems. Statistics for H1 2023

In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%.

Free Download Manager backdoored – a possible supply chain attack on Linux machines

Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.

From Caribbean shores to your devices: analyzing Cuba ransomware

The article analyzes the malicious tactics, techniques and procedures (TTP) used by the operator of the Cuba ransomware, and details a Cuba attack incident.

Evil Telegram doppelganger attacks Chinese users

Spyware Telegram mod in Uighur and Chinese spreads through Google Play stealing messages and other user data.

IT threat evolution in Q2 2023. Non-mobile statistics

PC malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices.

IT threat evolution in Q2 2023. Mobile statistics

The smartphone malware statistics for Q2 2023 includes data for Android malware, adware, banking Trojans and ransomware.

IT threat evolution in Q2 2023

Q2 2023 overview: targeted attacks such as Operation Triangulation, CloudWizard and Lazarus activity, Nokoyawa ransomware, and others.

Lockbit leak, research opportunities on tools leaked from TAs

In September of 2022, multiple security news professionals wrote about and confirmed the leakage of a builder for Lockbit 3 ransomware. In this post we provide the analysis of the builder and recently discovered builds.

Phishing with hacked sites

Scammers are hacking websites powered by WordPress and placing phishing pages inside hidden directories. We share some statistics and tips on recognizing a hacked site.

Meta’ One Good Deed

This week on the podcast, we get up to speed on the MGM and Caesars Entertainment ransomware incidents from the previous week. After that, we take a deep dive into a blog post from Meta’s application security team for their VR headsets. After that, we cover Microsoft’s analysis of an ATP’s pivot from email to […]

iPhone’s Latest 0-Day

This week on the podcast, we cover Microsoft’s final report on their July incident involving nation-state actors compromising enterprise email accounts. After that, we discuss a zero-day, zero-click vulnerability in iOS being actively exploited in the wild before ending with a chat about an upcoming change to how Android handles CA certificates.

The Qakbot Takedown

This week on the podcast, we cover the FBI-lead, multinational takedown of the Qakbot botnet of over 700,000 victim devices. After that, we cover two android malware variants including one targeting victims in southeast Asia and another built by the Russian GRU.

Weaponizing WinRAR

This week on the podcast we cover the latest evolutions of the North Korean threat actor Lazarus before covering an actively-exploited 0day vulnerability in the popular unarchiver WinRAR. We end the episode with an AI-related attack that doesn’t actually use AI.

U.S. Cyber Trust Mark

This week on the podcast we cover the FCC’s proposal for a security assurance labeling program for IoT devices. Before that, we discuss the latest AI research challenge hosted by DARPA as well as some research into a novel attack against the AI/ML supply chain.

Def Con 2023 Recap

On this week’s episode, we chat about some of our favorite talks from this year’s Def Con security conference. We’ll cover several topics including artificial intelligence, hacking mobile point of sale devices, and how worried we should or shouldn’t be about cyber warfare.

BlackHat 2023 Recap

In this special end-of-week episode of The 443, we cover some of our favorite talks from this year’s edition of the BlackHat cybersecurity conference in Las Vegas. We’ll discuss the trends we saw and summaries of interesting topics including AI, nation state warfare, and improving cyber defense.

What Is Same-Origin Policy? Replay

This week we look back to an episode that originally aired in May 2021 where we remember a Def Con legend then dive in to two web browsing security acronyms. Keep an eye out later this week as we come to you from this year’s Black Hat and Def Con cybersecurity conferences!

Qakbot Qacktivity

This week on the podcast, we cover the latest evolutions of the decade-old Qakbot malware including changes in how attackers deliver it. After that, we give an update on the SEC’s new rules around mandatory security disclosure. We then end by reviewing CISA’s analysis of Risk and Vulnerability Assessments they completed for their constituents in […]

Red Teaming AI Systems

This week on the podcast, we give an update on last week’s discussion around a China-based APT targeting government organizations. After that, we cover the latest uses of generative AI like ChatGPT by malicious hackers. Finally, we end with a report from Google on their efforts around Red Teaming Artificial Intelligence systems.

New Microsoft Office 0-Day

This week on the podcast we cover two stories that came out of Microsoft’s July Patch Tuesday. The first involves an incident within Microsoft that lead to foreign cybercriminals compromising the email accounts of multiple government agencies. The second story involves an actively exploited 0-day vulnerability in Office that at the time of recording, remains […]

Q1 2023 Internet Security Report

This week on the podcast, we cover WatchGuard Threat Lab’s Internet Security Report for Q1 2023. Throughout the episode, we’ll discuss the key trends for cyber threats impacting small and midsize organizations globally including the top malware and network attach detections as well as a look specifically at the endpoint. We round out the episode […]

RepoJacking

On this week’s podcast we discuss a recent analysis on the risks of GitHub RepoJacking. After that, we dive in to the Barracuda 0-day that China-based threat actors are actively exploiting as well as a novel command and control distribution method for a separate China-based APT.

A New Russian APT

On this week’s episode we discuss the newly named threat actor Cadet Blizzard, including their typical tools, tactics and procedures. We also cover CISA’s newest binding directive to federal agencies. Before that, we give an update on exploited MOVEit Transfer servers and the latest Bitcoin laundering technique.

Minecraft Mod Malware

This week on the podcast we cover a supply chain attack of sorts against Minecraft gamers. After that, we cover a vulnerability in MOVEit Transfer that threat actors are exploiting in the wild to steal data and deploy ransomware. Finally, we wne with our review of the latest Verizon Data Breach Investigations Report (DBIR).

How Not to Update Software

This week on the podcast, we give a quick update on the latest Volt Typhoon activity before covering a newly for sale EDR bypass tool. After that, we discuss Gigabyte’s decision to rootkit their own motherboards before ending with a new macOS vulnerability.

Naming APTs

This week on the podcast, we cover Microsoft’s latest refresh of naming conventions for advanced persistent threat (APT) actors worldwide, as well as an update on two specific threat actors and their latest tactics. We also cover a ransomware event targeting a biotechnology company with an interesting twist.

TikTok is Banned, Kind Of

This week on the podcast, we cover the recent TikTok ban coming from the state of Montana and discuss whether it was justified and what the potential security impact is. Before that, we give an update on two US Supreme Court cases that were poised to potentially strip away Section 230 protections. We also highlight […]

Scratching the Surface of Rhysida Ransomware

A few days ago, I was scrolling through Twitter and came across a post by the MalwareHunterTeam briefly discussing a new Ransomware group – Rhysida. A lack of results from a Google search shows this is a newer group prepping to start operations. I grabbed a sample and downloaded it, and the executable confirmed that […]

An Interview with ChatGPT

This week on the podcast, Marc kick’s Corey off the podcast and interview’s ChatGPT to learn its thoughts on AI applications in cybersecurity, both on offense and defense.

Securing Healthcare Tech

This week on the podcast, we cover two new malware research pieces, including the latest evolution of a delivery vehicle as old as time. After that, we cover recent regulations in the healthcare industry that have a chance to push the industry to a more secure future.

Rustbuckets and Papercuts

This week on the podcast, we cover a recently discovered macOS malware attack that uses a multi-stage delivery mechanism. Before that, we discuss an actively-exploited vulnerability in the print management software PaperCut, as well as an update on the 3CX supply chain attack.

MSPs Around the World – Americas

This week’s podcast comes from the WatchGuard Apogee partner conference for the Americas where we bring on special guests Kevin Willette of Verus Corporation and Neil Holme of Impact Business Technology to discuss the challenges and opportunities MSPs and MSSPs will face in the coming years. This is the first of a multipart series where […]

Zero Trust Maturity Model 2.0

This week on the podcast, we cover two new publications out of CISA. First, we dive into CISA’s guidance to manufacturers and customers on products that are secure-by-design and secure-by-default. Next, we discuss CISA’s latest Zero Trust Maturity Model which any organization can use to gauge how far along they are on the ZTA path […]

Cybersecurity News: A Trio of Vulnerabilities, BreachForums Admin Arrested, Hundreds of Ransomware Victims, and The Rise of AI

This post arrives later than usual, but as they say, “Better late than never.” Researchers and the media have highlighted various unique, interesting, or destructive vulnerabilities in the last few weeks. We decided to pick three of these vulnerabilities and talk about them. One was patched with Microsoft’s Patch Tuesday in March; another affects the […]

Operation Cookie Monster

This week on the podcast, we discuss another cybercrime marketplace takedown dubbed Operation Cookie Monster. After that, we discuss Microsoft’s attempts to limit the distribution of a popular hacking toolkit. Finally, we discuss a recent analysis by Dr. Ken Tindell of Canis Automotive Labs around how criminals were able to steal his friend’s Toyota Rav4. […]

Another Software Supply Chain Attack

This week on The 443, we discuss the latest software supply chain attack with a potential blast radius of thousands of organizations. Then we cover a new protocol vulnerability in the Wi-Fi wireless standard before ending with some research into insecure Microsoft Azure applications.

3CX Supply Chain Attack

3CX created the desktop phone app 3CXDesktopApp and now finds itself in the middle of a supply chain attack. As a recognized company in the softphone space, 3CX provides services to many large companies including Honda, Coca-Cola, BMW, Holiday Inn among others, according to the testimonials on their website. This week though, they […]

The NSA’s Guidance on Securing Authentication

This week we have all the acronyms as we cover a joint publication by CISA and the NSA with Identity and Access Management (IAM) best practices. We then cover some new proposed cybersecurity rules out of the Securities and Exchange Commission (SEC) before ending with an FBI takedown of a popular hacking forum.

Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches

It’s Monday, and there’s no better way to start a new week than with some cybersecurity-related news. So, if you need an excuse to procrastinate a bit more, allow us to fill that void. For this iteration, we made a few minor improvements, as always. In addition to the table of contents from last time, […]

An Update on Section 230

On this week’s episode we look back to our initial monologue on Section 230 protections that allow the social media and the internet as a whole to function. We cap off the episode replay with a new discussion on a recent supreme court case that has the potential to dramatically impact the internet as […]

Here Come The Regulations

On today’s episode, we cover two new sets of cybersecurity regulations, fresh off the heels of the White House’s National Cybersecurity Strategy publication, targeting different critical infrastructure sectors in the United States. We’ll also cover the latest in nation state activity targeting network connectivity appliances and end with some fun research into an oldie but […]

US National Cybersecurity Strategy

This week’s episode is all about the White House’s recently released National Cybersecurity Strategy. We’ll walk through the strategy from top to bottom and discuss the key elements most likely to impact individuals and organizations as well as our overall thoughts on the direction the US Federal Government is planning to take.

Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!

A new week, a new month, and a new Cybersecurity News post! This iteration contains a whopping eight (8) stories covering the last two to four weeks. Since cybersecurity is a diverse field of assorted specializations, we attempt to match that with various stories touching on all aspects of cybersecurity. This time we cover a […]

Cybersecurity’s Toll on Mental Health

This week on the episode we have a discussion about stress related issues impacting cybersecurity professionals and ways to combat them. Before that, we cover the latest news including new 0click exploit protection from Samsung, the latest update on GoDaddy’s security woes, and Twitters latest erratic move.

Successfully Prosecuting a Russian Hacker

In today’s episode, we discuss a recent court case resulting in the succesful conviction of a Russian national tied to breaking in to several publicly traded US companies. We also cover the latest details on the ESXiArgs ransomware attacks that have been impacting organizations globally as well as the latest CISA alert on nation-state ransomware […]

Cybersecurity News: Automated Ransomware Attacks, U.S. No Fly List Leaked, and A.I. Detecting A.I.

Welcome to another iteration of Cybersecurity News. The fairly new and unorthodox, semi-monthly news article that highlights a handful of noteworthy cybersecurity-related stories and provides extra references and resources to do further research if you desire. We aim to solidify a more concrete release schedule going forward and will release more information once we have […]

Live Audience MSP Q&A Panel

On this week’s very special episode of the podcast, we sit down with Matt Lee, Calvin Engen, and Scott Williamson, three MSP security and business experts for a Q&A panel in front of a live audience! We’ll cover everything from how MSPs and MSSPs should address the cyber threat landscape to what vendors can do […]

A Technical Analysis of ISAACWiper

Shortly after Putin launched his “special military operation” in Ukraine on February 24th, 2022, researchers from ESET published information about two novel destructive malware families – HermeticWiper and ISAACWiper. HermeticWiper was part of a three-pronged campaign that included a worm and pseudo-ransomware component known as HermeticWizard and HermeticRansom, respectively. HermeticWiper is the data-wiping component. ISAACWiper, […]

What is CVSS?

This week on the podcast we cover the Common Vulnerability Scoring System (CVSS) including how it works and some of its limitations. Before that though, we discuss a recent survey on the risks of ChatGPT’s usage in cyberattacks and the latest activity from Lazarus, the North Korean government hacking operation.

CISA Warns of Weaponized RMM Software

On today’s episode, we cover a recent Department of Justice operation that resulted in taking down a major ransomware organization. After that, we cover two recent publications from CISA, the first on malicious use of legitimate RRM software and the second giving guidance to K-12 on how to address cybersecurity concerns.

Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Sifting through the most recent cybersecurity-related news may seem daunting, and keeping up with the latest developments is arduous. However, the WatchGuard Threat Lab is happy to filter through the latest cybersecurity news and highlight some stories we believe are important, noteworthy, or interesting. The goal is to focus on a few recent cybersecurity-related stories, […]

Law Enforcement Infiltrate and Seize Hive Ransomware Operation

In a sudden, stunning announcement today, the United States Department of Justice, the FBI, and federal agencies from 13 countries from Europol, announced the seizure of the transnational Hive ransomware operation. The seizure was part of a months-long operation that began in late July 2022 when the FBI infiltrated the Hive network. Deputy Attorney General […]

Report Roundup

This week on the podcast, we cover key findings from three individual reports published last week. In the first report we’ll dive into the world of blockchain analysis looking for illicit transactions. In the second report, we’ll cover the state of SMB security. The final report includes a discussion of overall financial crime involving stolen […]

Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach

Regarding malware, breaches, and the overall threat landscape, 2023 is off to a dynamic start. Malvertising (malicious advertising) continues to be a successful attack vector for hackers, especially from sponsored ads via Google searches. Jon DiMaggio released his long-awaited Ransomware Diary series beginning with the first iteration of the LockBit ransomware group. Also, a new […]

The RCE Vulnerability That Wasn’t

This week on the podcast we cover a recently-disclosed vulnerability in the popular JavaScript library JsonWebToken. After that, we give an update to weaponizing ChatGPT, the currently free Artificial Intelligence chat bot that has made waves since it’s release in November. We round out the episode with a wave farewell to Windows 7 and Windows […]

When Trying to Catch ‘Em All, Leave This RAT Alone

Recently, researchers have observed threat actors using a website previously associated with the popular AR game, PokemonGo to distribute a remote access trojan (RAT). The method of delivery is a cleverly disguised game installer that includes a copy of the commonly used NetSupport Manager application, which on its own is technically a trusted application. The […]

Reviving a Dead Botnet

This week on the podcast we cover a recent analysis by Mandiant on a Russia-based APT using a decade old botnet to deliver new attacks. Before that, we cover an update from LastPass about their most recent breach as well as the 200 million Twitter accounts leaked last week.

Q3 2022 Internet Security Report

This week on the podcast we discuss key findings from the WatchGuard Threat Lab’s Q3 2022 Internet Security Report. We’ll cover everything from the top malware threats to the latest network attack trends targeting small and midsize enterprises globally and give practical defensive tips that anyone can use to keep their organizations safe. [PowerPress]

2023 Security Predictions

It’s that time of year for us to discuss the WatchGuard Threat Lab’s 2023 cyber security predictions! On this episode, we will cover the six predictions plus another two that didn’t make the cut as well as some defensive strategies to try and help stop them from coming true.

Apple’s New Privacy Expansion

This week on the podcast, we cover Apple’s latest announcement of expanded privacy and security features for their users. Before that, we cover a major breach in the Android ecosystem followed by a new Internet Explorer (yes, that still exists) 0-day vulnerability.

Hacking Hyundai

On this week’s episode, we cover the latest in car hacking, this time involving a vulnerability that could have given remote attackers full control over certain Hyundai models’ doors, lights and engine. After that, we discuss the latest breach impacting a major password management app and how it’s different from previous ones we’ve seen. We […]

CISA Incident Response Learnings

On today’s episode we cover a pair of alerts from the Cybersecurity Infrastructure and Security Agency (CISA), one detailing the tools, tactics and procedures from a prolific ransomware organization and another walking through a recent incident response engagement CISA completed with a federal agency. Before that though, we learn about what happens when you use […]

Attack Surface Management

This week on the podcast we dive into the world of attack surface management. We discuss what your attack surface is made up of including some areas you may not have thought of and then cover the best ways to reduce and ultimately protect it.

Endurance Ransomware Claims Breach of US Federal Government

The WatchGuard Security Team spends a lot of time chasing ransomware extortion groups throughout the dark web. So, it only fits that one of the newer ransomware extortion groups is named Endurance Ransomware. It appears this “group” is one individual known as IntelBroker, who has allegedly breached several entities of the US government and two […]

2022 Cybersecurity Predictions Recap

This week on the podcast we take a look back at our 2022 cybersecurity predictions and give ourselves a grading on how well we did. From cyber insurance to space hacks, we’ll cover each of the 6 predictions we made last December and discuss why we think they did or did not come to fruition. […]

Why OpenSSL Downgraded Their Vulnerability

On this episode we cover the much anticipated OpenSSL vulnerabilities that were disclosed and patched on November 1st and why the 6 year streak of no critical issues continues. After that, we dive back in to election security and the hacking activity that could have the most impact. We end with an update from Apple […]

CISA’s Cybersecurity Performance Goals

This week on the podcast we cover CISA’s freshly-released Cybersecurity Performance Goals (CPGs) designed to help smaller organizations bridge the gap between frameworks and practical implementation. After that, we discuss a new bill working its way through the US Senate designed to address open source software security risks. Finally, we end with a research post […]

Ransomware TTPs Deep Dive

This week on the podcast, we cover another remote code execution vulnerability that looks extremely concerning on the surface but might be less serious in reality. After that, we cover two research articles by Microsoft on ransomware campaigns including defensive takeaways for all organizations.

Cyber Energy Star

This week on the podcast we cover a proposed program from the White House to create an Energy Star-like label for cybersecurity in consumer products. Before that, we cover two other updates from the federal government including a new open source tool from CISA and the latest reincarnation of Privacy Shield.

Q2 Threats and Guilty CSOs

This week on the podcast, we focus on highlighting WatchGuard’s Q2 Internet Security Report, covering the latest threat trends and what you can do to avoid them. However, we also pack in our security news segment, with an Optus breach update from an Australian IT and security expert and WatchGuard Partner, the latest on the […]

Optus Opts Out of PII Protection

This week on the podcast, we cover an Optus data breach that could affect over 10 million Australian customers, and what they should do to protect themselves. We highlight a new malware-as-a-service (MaaS) information stealer that lowers the cost and technical bar for cybercriminals. Finally, we end with some good news about how the FBI […]

Two Microsoft Exchange Server Zero-Day Vulnerabilities (aka ProxyNotShell)

Update 10/6/2022 : Microsoft has released several updates since their post on the “ProxyNotShell” Exchange vulnerabilities. If you followed their initial mitigation steps, they are not sufficient to block this threat and your Exchange server may remain vulnerable. Security researchers began poking at the initial mitigation recommendations and found ways to bypass their initial detection […]

An Uber Hack

The 443 Podcast -An Uber Hack

This week on the podcast, we cover Uber’s most recent security incident and the alleged individual behind it. After that, we dive into the world of gas station operational technology and potential security weaknesses in one tool. Finally, we end with a chat about the FBI CISO Academy and how the FBI as a whole […]

Are CISOs Legally Accountable for Security?

This week on the podcast we cover a court case that is attempting to hold the ex-CISO of a popular tech company accountable for their actions involving a data breach dating back to 2016. Before that though, we dive in to a novel command and control (C2) method as well as the latest commoditization of […]

A Day in the Life of a Malware Analyst

This week on the podcast we sit down with Ryan Estes, a malware analyst on the WatchGauard Threat Lab team, to discuss what it takes to rapidly differentiate malware from goodware. In this interview, we discuss what it takes to get in to malware analytics, popular tools to help with the task, and resources anyone […]

The Twitter Thing

This week on the podcast, we cover the big whistleblower complaint against Twitter including our hot takes on who to believe. We then cover an FBI alert on evasion techniques cyber criminals are deploying in their authentication attacks before finishing with a highlight of a very convincing phish.

2022 Black Hat and Def Con Recap

This week on the podcast we review our time at this year’s Black Hat and Def Con cybersecurity conferences in Las Vegas. We’ll cover how the WatchGuard CTF contest went this year and discuss takeaways from a few of the briefings we attended.

Hacker Summer Camp 2022

This week on the podcast, we give our preview of the Black Hat and Def Con cybersecurity conferences, aka Hacker Summer Camp. Throughout the episode, we’ll discuss the briefings and panels we’re most excited to see and what we hope to get out of them. If you’re not able to attend either conference in person […]

Private Sector Offensive Actors

This week on the podcast we discuss the shifting landscape of phishing attacks in the wake of Microsoft’s efforts to block malicious Office macros. We then cover a private organization that has been found not just selling exploit tools but also participating in offensive cyber operations. We end the episode with a review of IBM […]

USA’s Answer to GDPR

This week on the podcast, we discuss the current cyber skills gab and a federal program designed to help combat it. After that, we dive in to the American Data Privacy protection Act and what it potentially means if passed by US Congress. We end this week with a quick update on Microsoft’s attempts to […]

Rolling PWN

This week on the podcast we cover the latest in car hacking research, this time targeting vulnerabilities in remote keyless entry. We then dive in to Microsoft’s latest research on Adversary in the Middle (AitM) attacks and end with key findings from the latest WatchGuard Threat Lab quarterly Internet Security Report.

Over a Billion Records Leaked in Shanghai National Police Database Hack

This past week, a hacker by the name of ChinaDan allegedly breached the Shanghai National Police (SHGA) database and has put the nearly 23 TB of data up for sale for 10 bitcoin (BTC), or a little over $200k USD as of this writing. ChinaDan claims the data contains “information on 1 Billion Chinese national […]

LockBit Ransomware Group Introduces Bug Bounties and More

The LockBit ransomware group has unveiled a new website – LockBit 3.0 – to host their ransom extortions and data leaks. The website includes several new features, including an unprecedented bug bounty program to assist the group in securing their site; acceptance of the privacy cryptocurrency, Zcash; and the addition of receiving payments from users […]

Grading Gartner’s Guesses

This week on the podcast, we discuss two recent security reports, one on the topic of open source software and the other on “insecure by design” in the Operational Technology (OT) space. We go through the key findings from each report and what our thoughts are on their accuracy within the real world. We end […]

200th Episode Extravaganza

In celebration of our 200th episode, this week on the podcast we take a look back at the last few years and revisit some of our favorite episodes. Along the way, we’ll give updates on a few of our cybersecurity predictions from years past that took just a little bit longer than anticipated to come […]

Robux Ransomware

This week on the podcast we cover the latest and most bizarre ransomware extortion demand we’ve seen in recent memory. Before that though, we cover the latest updates on nation state hacking activity including threats of escalating attacks leading to physical retaliation.

0-Days for Days

This week on the podcast we cover two fresh 0-day vulnerabilities, one in Windows and another in Atlassian’s Confluence, both under active exploitation in the wild. Additionally, we cover Costa Rica’s no good, terrible month in Cybersecurity.

Package Hijacking

This week on the podcast, we discuss the line between ethical security research and malicious activity thanks to a compromised open source software package. After that we cover the latest industry to fall victim to Ransomware and end by highlighting a 0-click vulnerability in Zoom’s message system discovered by Google Project Zero.

WatchGuard Launches PSIRT Page

WatchGuard’s Product Security Incident Response Team (PSIRT) has launched our public PSIRT page to provide a consolidated resource where network administrators can find advisories and information about security vulnerabilities in WatchGuard products, as well as WatchGuard’s investigations into industry-wide security issues that may impact our products or services. Our PSIRT page also provides information for […]

Building Security Strategies with Matt Lee

This week on the podcast we sit down for a chat with Matt Lee, Sr. Director of Security and Compliance at Pax8 and well-known cyber security educator, to discuss security strategies for MSPs and midsize enterprises in the face of a dynamic threat landscape. We cover everything from picking a framework to getting buy in […]

CISA Guidance for MSPs

195

This week on the podcast we walk through CISA alert AA222-131A which gives bulleted guidance to MSPs and customers of MSPs on how to navigate their relationship security as threats targeting service providers continue to grow. We’ll walk through the list and hit each recommendation and give our own guidance on top of them for […]

The REturn of REvil?

This week on the podcast we discuss the latest rumblings around the return of the prolific ransomware-as-a-service organization REvil. Before that though, we dive in to the latest tools, tactics and procedures of the Lazarous nation state hacking group as well as a recently discovered form of fileless malware evasion.

Most Exploited Vulnerabilities of 2021

This week on the podcast, we dive into CISA’s list of the 15 most exploited vulnerabilities in 2021. We’ll walk through each flaw and give a refresher on their history and how attackers have exploited them. After that, we cover the latest ransomware-as-a-service threat that has victimized over 60 organizations worldwide before ending with a […]

Psychic Signatures

This week on the podcast we cover a critical and easily-exploited vulnerability in how some recent versions of Java handle cryptography. We also discuss the latest in a series of alerts from CISA and international intelligence organizations on cyber threats to critical infrastructure. Finally, we end with a condensed overview of the latest internet security […]

Hidden Hafnium

This week on the podcast, we cover the latest evasion and persistence techniques from the state-sponsored threat actors known as Hafnium. Then, we dive into the world of ICS and SCADA devices to discuss the latest joint-agency alert from the US Government. We then round out the episode by highlighting some recent research into spoofing […]

Patch Management Lag

This week on the podcast we discuss one of the most rampant yet easily resolved risks facing many organizations today, not installing vendor-supplied security fixes. We’ll cover some of the reasons why organizations might fall behind on patching as well as the potentially serious consequences. After that, we cover the latest 0-day Chromium vulnerability before […]

For the Love of InfoSec, Don’t Over-Expose Administrative Management Portals

When talking to IT and Security professionals, everyone seems to know they shouldn’t overly-expose management portals. And yet, every year we learn some new statistic showing tens of thousands of devices or software products with management portals exposed on the Internet. In hopes of changing this trend, this article talks about why management portals sometimes […]

The Rise and Fall of Lapsus$

This week on the podcast we cover the hacking organization Lapsus$ including their tactics, targets, and how they ended up with several members arrested last week. After that, we cover the cyber cold war and threats of Russian revenge attacks against the US energy sector that prompted classified meetings with potentially targeted organizations.

Sharing Cyclops Blink Threat Intelligence with the Community

At WatchGuard, we understand the importance of sharing threat intelligence with the information security (infosec) community when safe and appropriate. Not only does this information sharing help to directly defend against known threats, but it also helps the community at large learn from the attacks found in the wild, and appropriately adjust detection and defense […]

SATCOM Security

This week on the podcast, we cover a CISA alert on securing satellite communications (SATCOM) in the wake of several recent incidents involving providers and networks in eastern Europe. After that, we check in on the TSA’s cybersecurity rules for pipeline distribution networks and how adoption is going so far in the industry.

US-Backed Cryptocurrency

This week on the podcast, we cover last week’s Executive Order from the White House that lays the foundation for a United States Central Bank Digital Currency, or CBDC, and what it means for the future of Cryptocurrency. We also discuss recent research from Mandiant on APT41, a Chinese threat actor that has recently turned […]

Conti Leaks

This week on the podcast we cover the recent leaks highlighting the inner workings of the Conti ransomware group that started with chat logs and grew to entire source code dumps. We then round out the episode by discussing the recent Nvidea breach and how some of the stolen information might fuel future attacks.

5G Didn’t Break Your Car

5G didn’t put malware on these Mazda’s entertainment systems but many Seattle Mazda drivers couldn’t change their radio station after turning it to the local NPR station, KUOW. As one reddit user put it, “the whole audio system and Bluetooth just keeps trying to reboot.” Some users also reported they couldn’t use their backup cameras. […]

Rewind: Can We Trust Facial Recognition

This week on the podcast we dig back into our archives for an episode that originally aired back in July 2020 where we discussed one of our analysts first-hand research into facial recognition biases.

SpoolFool: Windows Print Spooler Fooled Again

Microsoft’s monthly Patch Tuesday already occurred this month, so you know what that means – more disclosed vulnerabilities. This iteration of patches included fixes for a combined 70 vulnerabilities, including one zero-day. Thankfully, none of these fall into Microsoft’s “critical” category. However, there are four Elevation of Privilege vulnerabilities targeting the Windows Print Spooler service […]

BGP-Powered Crypto Theft

This week on the podcast we cover a cryptocurrency heist that abused the backbone of the internet to steal millions of dollars of coins. In related news, we also cover the FBI’s new Virtual Asset Exploitation Team and their focus on tracking cryptocurrency-related cybercrime as well as a recent alert on business email compromise from […]

Russia, Fighters of Cybercrime?

This week on the podcast we cover Russia’s latest crackdown on cybercriminals within their borders and try to answer the “why now?” question. We also discuss a multi-billion dollar cryptocurrency recovery by the US Justice Department including the arrest of two New Yorkers allegedly responsible for the 2016 Bitfinex hack.

New Oski Stealer Variant, “Mars Stealer”, Targets Credentials, Crypto, and 2FA

In early 2020, during the emergence of the COVID-19 pandemic, researchers discovered a novel malware named Oski Stealer, capable of stealing browser data such as cookies, history, payment information, and autofill information, as well as cryptocurrency wallets, login credentials of applications, and Authy 2FA information. It can also take screenshots of your desktop and perform […]

Face Recognition and Privacy Concerns Works Its Way Into Taxes

taxes paperwork

The US IRS has plans to use a 3rd party identification system to prevent tax-related identity theft. The IRS plans to contract with ID.me to identify people using, among other factors, face recognition. James Hendler, professor of Computer, Web and Cognitive Sciences, wrote about some issues with the IRS’s plan. How will the data be […]

Hacking Back at North Korea

This week on the podcast, we cover the heist of $322 million in cryptocurrency from the distributed exchange Wormhole, including a long discussion on the why it feels like cryptocurrency is still the wild west of technology. After that, give an update on our brief mention in last week’s episode about North Korea’s internet seemingly […]

The Pwnkit Problem

This week on the podcast, we cover Pwnkit, a privilege escalation vulnerability impacting almost every modern Linux release worldwide. We also dive in to the world of macOS malware with DazzleSpy, a remote a remote access trojan targeting Hong Kong pro-democracy advocates. Finally, we end with an update on North Korea’s Lazarus APT and their […]

Q3 2021 Internet Security Report

This week on the podcast we discuss the latest Internet Security Report from the WatchGuard Threat Lab. Built with threat intelligence gathered from tens of thousands of Firebox UTM appliances that have opted-in to sharing data, the quarterly report lets us talk about the latest malware and attack trends targeting organizations globally. On this episode, […]

Log4j Becomes The Highest Detected Vulnerability Days After Release

Log4Shell attacks have spread throughout the Internet due to the ease with which attackers can perform them. The WatchGuard Threat Lab sees a sample of these attacks from our customers’ perspectives when they opt to provide anonymized threat intelligence data from their Fireboxes. This limited data, along with our analysis, gives us a unique opportunity […]

The Death of the Carding Marketplace

This week on the podcast we give a quick update to the Log4Shell saga after the researchers detected the first significant campaign that uses the critical vulnerability. After that, we dive in to the world of carding marketplaces where cybercriminals buy and sell stolen credit card information and discuss possible reasons for why these marketplaces […]

Is Cybersecurity Vocational?

This week on the podcast we give an update on log4j2 and it’s most recently-disclosed vulnerabilities before covering a recent report on credential stuffing by the New York Attorney General. Then, we discuss this recent article in DarkReading on whether or not cybersecurity jobs should be considered professional or vocational.

HP iLO and the Newly Discovered iLOBleed Rootkit

Iranian researchers at Amnpardaz security firm have discovered rootkits in HPs iLO (Integrated Lights-Out) management modules. These optional chips are added to servers for remote management and grant full high-level access to the system. This includes the ability to turn the server on and off, configure hardware and firmware settings, and additional administrator functions. The […]

Post-Purchase Monetization of the TV and Your Diminishing Privacy

The internet came by storm. Yes, for years it wasn’t accessible to the major populace, but over time it found its way into the office, school, home, and now more specifically into the living room. With the evolution of the internet came few rules. In came the market makers who began to define basic expectations […]

Give Us Your SSN, Your Email Password, and Your Dream Job

Every so often, there is a phish that stands out because of its brazenness. Today, we came across a bank phish that requested a few verification details: Username and Password Social Security Number Email address and email password used for 2-Step verification Security Questions: What was your dream job as a child? Who is your […]

Active Compromises of vCenter Using The Log4J Vulnerability

Much of what we see exploiting the log4j2 vulnerability, CVE-2021-44228, appears like a scan for the vulnerability, not necessarily exploitation. However, our own honey pot https://github.com/WatchGuard-Threat-Lab/log4shell-iocs has seen activity from this exploit to install coin miners. In one of the first targeted cases for this vulnerability, a ransomware gang have exploited VMware vCenter with Conti […]

Log4Shell Deep Dive

This week we take a deep dive into CVE-2021-44228, better known as Log4Shell, a critical vulnerability in the massively popular log4j2 logging library for Java applications. We discuss how the flaw came about, how it works, and why this specific issue has the potential to cause lasting headaches for the security industry for years to […]

Bluetooth Is Safe Enough For You

Politico published a short piece about Kamala Harris’s hesitancy with Bluetooth devices. They considered this a bit amusing, perhaps considering her paranoid based on their tone. While the article’s content was light, it did discuss some important security concerns that any Jane Doe might care about. Besides Kamala Harris opting for wired headphones instead of […]

Our 2022 Security Predictions

As we move in to the end of the year it’s time for us to discuss WatchGuard Threat Lab’s 2022 cybersecurity predictions. While many of our predictions tend to come off as extreme, they’re all grounded in the trends that we’ve been following and what we expect to see continue into the coming year. If […]

Critical RCE Vulnerability in Log4J2

[Updated 13-12-2021: Additional information for WatchGuard customers] On Thursday, security researchers disclosed a critical, unauthenticated remote code execution (RCE) vulnerability in log4j2, a popular and widely used logging library for java applications. CVE-2021-44228 is a full 10.0 on the CVSS vulnerability scoring system due to a combination of how trivial the exploit is and damaging […]

2021 Security Predictions Grading

Its getting to be the end of the year which means its time to take a look back at WatchGuard Threat Lab’s 2021 security predictions and give ourselves a grading on how well we did! On this episode, we’ll go through our 8 predictions for 2021, recap the trends that fueled them, and discuss either […]

Dangers of Bicubic Interpolation In Pictures

We have seen interpolation in the news concerning a recent court case. Here we cover what interpolation does to an image, not only because of the recent news but also because face recognition uses interpolation to better recognize a face – something we have covered in the past. Interpolation means to take pixels in an image and calculate what their […]

CISA Alert Tips Off Adversaries

This week on the podcast we discuss how a recent CISA alert on specific threat actor activity tipped off a separate adversary, leading to a new wave of attacks against vulnerable systems across multiple industries. We also cover the latest US and international law enforcement crackdowns on ransomware operators as well as a breakthrough on […]

The Evolution of Phishing: A WatchGuard Real-World Example

Phishing is a type of social engineering attack where threat actors attempt to trick users into providing sensitive information via email. Typically, this involves creating a phishing campaign where threat actors will send the same phishing email to a large batch of recipients in an attempt to trick at least a small subset of these […]

Trojan Source

On this week’s episode of the podcast, we cover a newly discovered method for hiding malicious source code in plain sight, CISA’s new Known Exploited Vulnerabilities Catalog, and action from the US Department of Commerce on the Pegasus spyware manufacturer NSO Group.

Face Recognition Removed from Facebook But Added to Metaverse

Facebook’s face recognition has one of the largest training databases in the world, built from photos that users have uploaded since Facebook’s inception, but that database’s time may be coming to an end. In a blog post on Facebook they recently announced that they are going to remove the controversial face recognition technology from Facebook. “We’re shutting down the Face Recognition system […]

The Security Conscious NRA Breached by Russian Hacking Group

The NRA has found itself in the middle of a potential breach and ransomware attack. This happened last week after the Russian hacking group Greif reportedly gained access. Greif has close ties to Evil Corp (another advanced hacking group currently sanctioned by the US) or may even just be the same group rebranded. Grief posted […]

Stealing Make-believe Money

This week on the podcast, we cover a heist of over $130 million worth of cryptocurrency from a distributed financial (DeFi) organization and have an in depth discussion on why cryptocurrency-related platforms continue to suffer substantial breaches. Before that though, we cover an apparent ransomware attack against the National Rifle Association and an FBI raid […]

Nobelium Threat Group Sets Sights on IT Providers

The Microsoft Threat Intelligence Center (MSTIC) detected attacks by the Nobelium group targeting IT services providers. The intent was to “gain access to downstream customers” such as Cloud Service Providers (CSP) and Managed Service Providers (MSP). If the Nobelium name sounds familiar, it’s because they were the threat actor behind the 2020 SolarWinds compromise. MSTIC […]

China Linked Hacking Group Compromises 13 Telcos

Many cellular network protocols don’t have clear documentation explaining them, especially when it comes to the proprietary protocols used by 4G and 5G networks. This makes them difficult to understand by the average person, but also potentially vulnerable to anyone willing to take the time to research them and find issues. We haven’t yet seen attacks […]

Schrödinger’s REvil

171

This week on the podcast, we cover the latest news on REvil, the ransomware-as-a-service organization responsible for the Kaseya attack earlier this year among many others. After that, we cover an update from the US Commerce Department on new export rules around selling hacking tools outside of the United States, nearly 6 years after the […]

InfoSec News From Last Week October 25th, 2021

Exploit Broker Zerodium Increasing Focus on VPNs The exploit broker Zerodium announced they are seeking exploits for ExpressVPN, NordVPN, and Surfshark VPNs. VPNs are becoming a more lucrative target. Zerodium’s announcement has brought attention to that. Many use VPNs because they believe it protects their privacy. However, it also puts the responsibility of that […]

US Government Sets Rules for Hacking Tool Exports

The US Department of Commerce announced export controls on hacking tools used for surveillance. The aim is to curb access to authoritarian governments who have been identified for human rights violations and abuses. Any companies who intend to sell their wares abroad will need to acquire a License Exception Authorized Cybersecurity Exports (ACE). An additional […]

InfoSec News From Last Week October 18th, 2021

Azure, BitBucket, GitHub, and GitLab revoke SSH Keys After GitKraken Vulnerability Git software client GitKraken disclosed an SSH key generation flaw in a post this past Monday. The flaw was discovered in versions 7.6.x, 7.7.x, and 8.0.0 for releases available between mid-May to late-June this year. GitKraken uses the library keypair to generate SSH keys […]

VirusTotal Global Ransomware Report

This week on the podcast we cover VirusTotal’s first ever global ransomware report which analyzes ransomware trends over the last year from the unique position of the world’s largest malware intelligence platform. Before that though, we cover another APT group with a ridiculous name found exploiting a zero-day vulnerability in Windows.

HTML Basics That We Often Miss

By now you have probably heard of Missouri governor Mike Parson tweet threatening to prosecute a journalist for responsibly disclosing a data breach. If you missed it though, according to the tweet and the governor’s ensuing press conference, a journalist from the St. Louis Post-Dispatch found teachers’ SSNs embedded in a public web page […]

The SMS Breach You Didn’t Hear About

This week on the podcast we discuss a breach that lasted over 5 years involving a company responsible for routing SMS messages for 95 of the top 100 mobile carriers in the world. Before that though, we’ll cover the recent Facebook downtime incident as well as the seemingly total compromise of the video game streaming […]

InfoSec News Weekly Wrap-Up October 8th, 2021

SMS Routing Company Syniverse Discloses Breach Spanning 5 Years Syniverse claims to be “the world’s most connected company” serving so many large telecommunication companies that it should be assumed that your provider is one of their customers. Their reach is significant, acting as the intermediary for text messages between carriers and routing calls between networks. […]

US Agencies Have Been Busy

U.S. Agencies have been making headlines recently for a lot of their new cyber related regulations. The following are several noteworthy of examples of what they have been up to. The Federal Communications Commission (FCC) and Robocalls The FCC expects phone carriers to block illegal robocalls from providers not yet registered with the Robocall Mitigation […]

How SMBs Deal With An Uptick in Breaches

A recent survey of 700 SMBs (small and medium businesses) by Untangle shows an increase in cybersecurity budgets and awareness. While some companies still have users working remotely, 50% of respondents have moved back into the office or at least some form of hybrid work environment. Most companies – 64% – see breaches as the […]

Twitch Affected by Large Data Leak

Update 1: Twitch believes login credentials have not been exposed (October 7th, 2021): Twitch posted a statement on their blog that, “At this time, we have no indication that login credentials have been exposed.” Additionally, as credit card details are not stored by Twitch, they have ruled out exposure. We recommend changing your password […]

To Not Share is To Care

October is Cybersecurity (or, for the less civilized, ‘cyber security’) Awareness Month. Every October, CISA hosts security awareness presentations. Additionally, Cybersecurity Awareness month means an increase in jaded by posts by InfoSec professionals on Twitter and emails from corporate reiterating security basics. There are plenty of positives to be found. Individuals are increasingly familiar with […]

Q2 2021 Internet Security Report

This week on the podcast we cover the latest quarterly Internet Security Report from the WatchGuard Threat Lab. We’ll go over the latest attack trends and key findings from Q2 2021 as well as defensive tips for keeping your systems safe from the latest threat landscape.

FBIs Botched Plan to Catch REvil Cost Victims Millions

Earlier this year Kaseya, who provides IT management software to service providers that support tens of thousands of organizations from schools to hospitals, was involved in a ransomware attack fueled by a compromise of their VSA Remote Monitoring and Management (RMM) software. While the ransomware only impacted a small percentage of their customer base, thousands […]

Half of Respondents Admitted to Sharing Their Passwords

We often write about passwords and password policies from the IT/security administrator side, usually after a password becomes compromised. We recently found a survey that looked at compromised passwords from the user’s side to better understand how users feel about them. The survey shows a few key points that shed light on the social […]

Kaseya’s Trusted Third Party

This week on the podcast we discuss the recently disclosed identify of the”Trusted Third Party” that Kaseya acquired the REvil ransomware master decryption key from, as well as the morals around a decision to hold on to the decryption key for multiple weeks before handing it off to Kaseya. We then cover a new APT […]

OMIGOD!

This week on the podcast we discuss the recently patched zero-click vulnerability in iOS, macOS and WatchOS that researchers at TheCitizen Lab discovered while investigating NSO Group’s Pegasus spyware. After that, we cover a vulnerability in the OMI Agent that comes automatically installed on all Azure Linux virtual machines. We finish by covering Microsoft’s latest […]

OWASP Update

This week on the podcast we discuss the first update to the OWASP Top 10 since 2017. OWASP servers as an excellent resource for improving web application security so we’re excited to run through the latest refresh of their top security weaknesses. We also discuss phishing attacks that abuse Internationalized Domain Names (IDNs) in emails […]

Azure Linux VMs Vulnerable Due to Pre-Installed Agents

Update 1: OMI agent is not installed on Azure FireboxV/Cloud instances (September 17th, 2021): We reviewed our FireboxV/Cloud instance for Azure and confirmed that the OMI agent cannot be installed on the image. We recommend reviewing the additional guidance Microsoft published on September 16th, 2021 for securing the OMI affected resources/tools. Original Post (September 16th, […]

ProxyWare

This week on the podcast we cover ProxyWare, a form of malware that monetizes your internet access for the benefit of the attacker. After that, we discuss ChaosDB, a vulnerability that could have enabled any Azure user to gain full access to any other user’s CosmosDB instance. Finally, we end with a discussion of location […]

Stop Following Me – Rewind

163

This week on the podcast we dig back in the archives to 2019 where we discussed how web servers manage to track users across sites using browser fingerprinting methods. Even though some improvements like removing third-party cookies have been made to limit tracking, plenty of additional fingerprinting options still remain.

Read More - Stop Following Me – Rewind

PolyNetwork Heist

162 PolyNetwork

This week on the podcast we cover one of the largest cryptocurrency heists in history, with a surprising twist of an ending! Before that we’ll chat about the latest T-Mobile data breach and what we can learn about protecting user identity. We end the episode with a discussion about one of the latest episodes of […]

Mobile Carriers Leak 123 million Customer Records in One Week

Over the last week we saw 70 million AT&T customers and 53 million T-Mobile customers have their personal data leaked to hackers. While we didn’t find any connections between these two breaches the timing of the incidents is strange. AT&T has so far denied the breach involving their customers. While we don’t have confirmation from […]

DEF CON 29 Recap

This week on the podcast we chat about a few of our favorite presentations from the 2021 edition of the DEF CON security conference out of Las Vegas. If haven’t checked them out yourself, visit the DEF CON YouTube channel or media.defcon.org to view this year’s and all previous year’s content.

Supply Chain Attacks Through an IDE

David Dworken, a Google security researcher, presented a recent Defcon talk about how he found over 30 vulnerabilities in various Integrated Development Environments (IDEs) over the course of a few months of research. Many believe that source code on its own is benign as long as you don’t compile and run it, but as Dworken proved, simply loading code into an IDE can cause infections. A popular example of this comes from […]

ProxyShell, Exchange Servers Under Attack Again

With the 2021 editions of the BlackHat and DEF CON security conferences all wrapped up, one of the presentation that made the biggest waves was the latest research from Orange Tsai of Devcore Security Consulting. Tsai was the researcher responsible for identifying and disclosing CVE-2021-26855, better known as ProxyLogon, to Microsoft back in January 2021, […]

Bad BGP

160 bad bgp

This week on the podcast, we chat about a recent report from Qrator that highlights some of the massive weaknesses in the backbone of the internet. After that, we discuss a recent research blog post from Yan (@bcrypt) showing her work in finding a CSRF flaw in OK Cupid that bypassed Cross-Origin Resource Sharing (CORS) […]

Defcon Talk Timeless-Timing-Attacks

Cyber security breach concept

A recent Defcon talk by Tom Van Goethem and Mathy Vanhoef, “Timeless Timing Attacks” made significant progress on ways to create timing attacks over a network. Timing attacks work by extracting data form devices based on how long it takes to respond. To successfully run a timing attack, the attacker usually must be directly […]

What Is Zero-Trust Security?

159 zero trust

This week on the podcast we talk Zero-Trust. What is it? How do you implement it? And why should all IT professionals work towards updating their networks to this security architecture? We’ll answer all that and more after a quick Kaseya update and a security memorandum from the White House.

What to Make of the Biden Administration’s New ICS Cybersecurity Initiative

Yesterday, the Biden Administration unveiled a new initiative to help improve the cybersecurity stance of the industrial control systems (ICS) that manage the nation’s critical infrastructure. As recent events (like the Colonial Pipeline ransomware incident) have shown, disruptions to critical infrastructure can have serious, potentially even fatal consequences. In short, this is a very real need and […]

Why So SeriousSAM

158 Serious SAM

This week on the podcast we cover the latest Microsoft Windows privilege escalation vulnerability, SeriousSAM aka HaveNightmare. Before that, we discuss NSO Group and their spyware software known as Pegasus and whether private organizations should be allowed to market and sell spyware to government agencies.

Section 230 – Rewind

157 section 230 rewind

With the White House announcing this month that it plans to investigate potential changes to Section 230, the safe harbor laws that enable websites to moderate content without risk of liability for content they fail to remove, we wanted to bring back an episode from last year where we discuss exactly what these laws are […]

REvil Hasn’t Gone Anywhere (Probably)

Many of the recent high-profile ransomware attacks like those against Acer, JBS and more recently, customers of Kaseya, have been the work of the ransomware as a service group REvil. After the most recent attack that exploited multiple zero-day vulnerabilities in Kaseya’s VSA software and left thousands of organizations encrypted, REvil appears to have gone […]

The PrintNightmare Saga Continues to Frustrate System Administrators

Nightmare

Update 1: Third PrintNightmare CVE published (July 16th, 2021): Microsoft published CVE-2021-34481 on July 15th for a local privilege escalation vulnerability. The third Print Spooler service vulnerability is considered separate from PrintNightmare (CVE-2021-34527), but it is still within a similar sphere of printer driver vulnerabilities. Gentilkiwi, the author of the Mimikatz utility, posted a […]

Kaseya & PrintNightmare

156 Print Nightmare

This week on the podcast we cover the Kaseya mass ransomware incident from July 7. While the event is still ongoing, we already have evidence for how the attack occurred and exactly what the threat actors did on affected endpoints. In this episode we dive in to the details around the incident and defensive tips […]

A Market for Lemons?

155 market for lemons

We recorded this episode before news of the massive attack against Kasaye users broke on Friday. Suffice to say, next week’s episode will give a full debrief of the incident including how it happened, who it affected, and what all MSPs can learn from it. In the meantime, check out Corey’s post on the Kaseya […]

Breaking Alert: MSP Targeted Ransomware Attack (Kaseya Supply Chain Attack)

Managed Service Providers (MSPs), especially ones using Kaseya VSA, should read this and take action as soon as possible. High-level Summary: On Friday, July 2, some MSPs using the on-premises version of Kaseya VSA suffered ransomware attacks that trickled down to their customers. Kaseya says around 1500 companies (so far), many customers of MSPs, have […]

Q1 2021 Internet Security Report

Its that time of year again! This week on the podcast, we cover the latest internet security report from the WatchGuard Threat Lab. We’ll go over the latest trends in malware and network attacks targeting WatchGaurd customer networks through the first quarter of the year, as well as defensive tips for all organizations.

AutoIt Malware: To obfuscate, or not to obfuscate

What is malware? Its goal is to bypass computer defenses, infect a target, and often remain on the system if possible. A variety of evasion techniques depend on a mix between the skill of the author and the defenses of the intended victim. One of the most widely used tactics in malware is obfuscation. Obfuscation […]

Python Modules: Not As Safe As You Think

We normally think of malware and threats coming from executables, packages, and scripts. Researchers recently found a supply chain attack using a different method. Programs use Python scripts to manage and run services. You especially see this in Unix-based operating systems. When it comes to security many professionals use Python to automate tasks. Because […]

Domain Parking, PUPs, and Annoying Push Notifications

It has been 11 years since the Google Doodle Pac-Man game was published. Many of us may remember this Google Doodle as it was the first interactive Google Doodle made. Unfortunately, like many fun things, there are those who see opportunity and take advantage of that. We recently noticed DNSWatch traffic blocking googlepacman[.]net. After some […]

Dark Web Bake Sale

This week on the podcast we discuss an often overlooked item for sale on underground forums, authentication cookies. Before that though, we’ll cover a few surprising stats from a recent ransomware study by Cybereason and an update from NATO on cyber warfare.

Anom

This week on the podcast, we discuss operation Trojan Shield, a multi-year program where the FBI in partnership with international law enforcement agencies developed and distributed an encrypted communications application on the underground that gave them full access into criminal messages. We’ll also cover the latest news from the recent Colonial Pipeline and JBS ransomware […]

Law Enforcement Agencies Went the Extra Mile with An0m

In an operation headed by the US Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP), international law enforcement agencies managed to gather 27 million encrypted messages used for criminal communications, through an elaborate operation that involved development and distribution of a custom communications application for modified phones. Unsurprisingly, organized crime groups take extraordinary […]

FIFA 21 Source Code Leak From Member of Reemerging Hacking Group

A KickAss hacking group member (not the Torrent group) who goes by Leakbook claims to have the full FIFA 21 source code, which they have listed for sale on a popular hacking forum. In addition to the FIFA 21 source code they also claim to have access to the matchmaking servers, Frostbite source code, private […]

Atomic Flashcards

151 atomic flashcards

This week on the podcast, we take a look at how soldiers unknowingly leaked highly-sensitive information about the United States’ foreign nuclear arsenal and discuss how we can reprogram humans to not make similar mistakes. We also cover the latest major ransomware incident targeting manufacturing and industrial control, a damning privacy admission from Google’s own […]

“The Biggest Cyber Attack In New Zealand’s History”

A large cyber attack has caused chaos in the New Zealand healthcare system over the past few weeks. Multiple hospitals in New Zealand became crippled due to locked phone lines and computers from a large ransomware attack. Though the ransom note didn’t contain a dollar amount the note indicates a “ransomware event” according to the […]

WiFi FragAttacks

WiFi Lock

A few years ago, in 2017, researchers Mathy Vanhoef and Frank Piessens published a whitepaper showcasing serious vulnerabilities within practically all modern protected Wi-Fi networks. The vulnerabilities lie within the Wi-Fi standard itself and are exploited using Key Reinstallation Attacks (KRACKs). These attacks primarily target the 4-way handshake of the WPA2 protocol – the current […]

About This Website

Cybersecurity News

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Who’s Behind the 8Base Ransomware Website?

FBI Hacker Dropped Stolen Airbus Data on 9/11

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Why is .US Being Used to Phish So Many of Us?

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Kroll Employee SIM-Swapped for Crypto Investor Data

Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

Karma Catches Up to Global Phishing Service 16Shop

Friday Squid Blogging: New Squid Species

New Revelations from the Snowden Documents

On the Cybersecurity Jobs Shortage

Detecting AI-Generated Text

Using Hacked LastPass Keys to Steal Cryptocurrency

Friday Squid Blogging: Cleaning Squid

LLM Summary of My Book Beyond Fear

On Technologies for Automatic Facial Recognition

Upcoming Speaking Engagements

Fake Signal and Telegram Apps in the Google Play Store

Xenomorph Android Malware Targets Customers of 30 US Banks

MOVEit Flaw Leads to 900 University Data Breaches

UAE-Linked 'Stealth Falcon' APT Mimics Microsoft in Homoglyph Attack

The Hot Seat: CISO Accountability in a New Era of SEC Regulation

Cyber Hygiene: A First Line of Defense Against Evolving Cyberattacks

Don't Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection

ASPM Is Good, but It's Not a Cure-All for App Security

Recast Software Acquires Liquit, Consolidating the Endpoint and Application Management Markets

ClassLink Provides Cybersecurity Training Course to Help Schools Protect Public Directory Data

Wing Security Launches Compliance-Grade SaaS Security Solution for Just $1.5K

Latest Acquisition Powers AI-based Network Detection and Response and Open XDR Capabilities for WatchGuard

TikTok API Rules Stymie User Data Analysis

Hackers Let Loose on Voting Gear Ahead of US Election Season

Akira Ransomware Mutates to Target Linux Systems

NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII

Apple Fixes 3 More Zero-Day Vulnerabilities

MGM, Caesars Cyberattack Responses Required Brutal Choices

Bot Swarm: Attacks From Middle East & Africa Are Notably Up

Do CISOs Have to Report Security Flaws to the SEC?

Guardians of the Cyberverse: Building a Resilient Security Culture

Cisco Moves Into SIEM With $28B Deal to Acquire Splunk

Mysterious 'Sandman' APT Targets Telecom Sector With Novel Backdoor

What Does Socrates Have to Do With CPM?

Salvador Technologies Wins Funding for $2.2M Cybersecurity Project From BIRD Foundation

'Gold Melody' Access Broker Plays on Unpatched Servers' Strings

OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats

T-Mobile Racks Up Third Consumer Data Exposure of 2023

Secure Browser Tech Is Having a Moment

MGM Restores Casino Operations 10 Days After Cyberattack

Mastering Defense-in-Depth and Data Security in the Cloud Era

Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns

BBTok Banking Trojan Impersonates 40+ Banks to Hijack Victim Accounts

Hikvision Intercoms Allow Snooping on Neighbors

Understanding the Differences Between On-Premises and Cloud Cybersecurity

Will Generative AI Kill the Nigerian Prince Scam?

GitLab Users Advised to Update Against Critical Flaw Immediately

Yubico Goes Public

Fake WinRAR PoC Exploit Conceals VenomRAT Malware

FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service

Dig Security Enhances DSPM Platform to Secure Enterprise Data in On-Prem, File-Share Environments

OneLayer Expands Its Private Cellular Network Security Solutions to Operations and Asset Management

83% of IT Security Professionals Say Burnout Causes Data Breaches

Bishop Fox Expands Leadership With First CISO and CTO

International Criminal Court Suffers Cyberattack

How Choosing Authentication Is a Business-Critical Decision

'Culturestreak' Malware Lurks Inside GitLab Python Package

Changing Role of the CISO: A Holistic Approach Drives the Future

Pro-Iranian Attackers Claim to Target Israeli Railroad Network

How to Interpret the 2023 MITRE ATT&CK Evaluation Results

Companies Rely on Multiple Methods to Secure Generative AI Tools

China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign

Trend Micro Patches Zero-Day Endpoint Vulnerability

MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents

Qatar Cyber Chiefs Warn on Mozilla RCE Bugs

Name That Toon: Somewhere in Sleepy Hollow

Clorox Sees Product Shortages Amid Cyberattack Cleanup

CapraRAT Impersonates YouTube to Hijack Android Devices

Engineering-Grade OT Protection