'
Welcome to our cybersecurity news aggregator! This website gathers news articles from over 60 sources, providing you with a comprehensive and up-to-date overview of the latest happenings in the world of cybersecurity.
We utilize RSS feeds to collect the news, ensuring a streamlined and efficient process. This enables you to stay informed and access a wide variety of perspectives and insights in one convenient location.
Dive into the latest cybersecurity stories and explore the wealth of knowledge available, all in one place.
The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump's Dumps.
Read MoreFor nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state's revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card records from big box retailers like Home Depot and Target in the years that followed.
Read MoreThe U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.
Read MoreThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.
Read MoreOn April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links -- such as fedetwitter[.]com, which is currently rendered as fedex.com in tweets.
Read MoreIf only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month's patch batch -- a record 147 flaws in Windows and related software.
Read MoreA cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.
Read MoreRoughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called "The Manipulaters," a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. But new research suggests that while they have improved the quality of their products and services, these nitwits still fail spectacularly at hiding their illegal activities.
Read MoreThread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient's natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here's the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.
Read MoreSeveral Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds "Allow" or "Don't Allow" to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user's account is under attack and that Apple support needs to "verify" a one-time code.
Read MoreThe web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection.
But all of this is coming to an end. The advent of AI threatens to destroy the complex online ecosystem that allows writers, artists, and other creators to reach human audiences.
To understand why, you must understand publishing. Its core task is to connect writers to an audience. Publishers work as gatekeepers, filtering candidates and then amplifying the chosen ones. Hoping to be selected, writers shape their work in various ways. This article might be written very differently in an academic publication, for example, and publishing it here entailed pitching an editor, revising multiple drafts for style and focus, and so on...
Read MoreLaw professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” His mini-abstract:
Read MoreIn this Article I argue that most of the time, privacy consent is fictitious. Instead of futile efforts to try to turn privacy consent from fiction to fact, the better approach is to lean into the fictions. The law can’t stop privacy consent from being a fairy tale, but the law can ensure that the story ends well. I argue that privacy consent should confer less legitimacy and power and that it be backstopped by a set of duties on organizations that process personal data based on consent...
Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft:
Read MoreGrotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best.
[…]
“The government needs to focus on encouraging and catalyzing competition,” Grotto said. He believes it also needs to publicly scrutinize Microsoft and make sure everyone knows when it messes up...
Interesting social-engineering attack vector:
McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg.
The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and those files will be associated with the project in the URL.
What this means is that someone can upload malware and “attach” it to a legitimate and trusted project.
Read MoreAs the file’s URL contains the name of the repository the comment was created in, and as almost every software company uses GitHub, this flaw can allow threat actors to develop extraordinarily crafty and trustworthy lures...
A new bioadhesive makes it easier to attach trackers to squid.
Note: the article does not discuss squid privacy rights.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Read MoreAfter the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique:
Read MoreThe OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular JavaScript projects to “address any critical vulnerabilities,” yet cited no specifics. The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement. This approach bears strong resemblance to the manner in which “Jia Tan” positioned themselves in the XZ/liblzma backdoor...
Canadian legislators proposed 19,600 amendments—almost certainly AI-generated—to a bill in an attempt to delay its adoption.
I wrote about many different legislative delaying tactics in A Hacker’s Mind, but this is a new one.
Read MoreBrian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain name that ended with “twitter.com,” and (2) it only changed the link’s appearance (anchortext), not the underlying URL. So if you were a clever phisher and registered fedetwitter.com, people would see the link as fedex.com, but it would send people to fedetwitter.com.
Thankfully, the problem has been fixed.
Read MoreA new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems.
A few things to note. One, this paper has not yet been peer reviewed. As this comment points out: “We had already some cases where efficient quantum algorithms for lattice problems were discovered, but they turned out not being correct or only worked for simple special cases.” I expect we’ll learn more about this particular algorithm with time. And, like many of these algorithms, there will be improvements down the road...
Read MoreThis is a current list of where and when I am scheduled to speak:
The list is maintained on this page.
Read More2.5 million people were affected, in a breach that could spell more trouble down the line.
Read MoreResearchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Read MoreOver 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Read MoreLockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
Read MoreTens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
Read MoreTwitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
Read MoreCISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
Read MoreFake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
Read MoreSeparate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
Read MoreAn insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
Read MoreUpdated: A new critical vulnerability impacting Exchange Server is being exploited in the wild.
Read More[UPDATED] What's next, malware-infected dental floss? But seriously: It's a reminder that even the smallest smart home devices can be a threat. Here's how to protect yourself.
Read MoreiPhone and Android users alike are facing more sophisticated surveillance threats than ever before. Suspect you're being tracked? Here's what to do right now.
Read MoreWondering if your information is posted online from a data breach? Here's how to check if your accounts are at risk and what to do next.
Read MoreHere is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.
Read MoreYour Twitter user data may now be out there too, including your phone number. Here's how to check and what you can do about it.
Read MoreOPINION: With every Windows release, Microsoft promises better security. And, sometimes, it makes improvements. But then, well then, we see truly ancient security holes show up yet again.
Read MoreWith Twitter's growing technical problems, you can't rely on it as your single sign-on for other sites.
Read MoreWith travel stressful enough, you don't need the anxiety of wondering if your home is protected.
Read MoreThe critical security vulnerability turned out to be two serious vulnerabilities. Still, they need patching ASAP.
Read MoreEven if location history is enabled, visits to locations considered sensitive will be removed from logs.
Read MoreWorker shortages are the hook for the phoney government's 'offer.'
Read MoreGang may have defrauded 5,000 people with promises of EU support.
Read MoreInvestment fraud scheme defrauded more than 10,000 victims, says Department of Justice.
Read MoreThe hijackers used the accounts to promote cryptocurrency and NFTs.
Read MoreOpinion: The convenience isn't worth the risk.
Read MoreResearchers say that China has 'crossed the line' again with the new online campaign.
Read MoreHermit highlights a wider issue concerning our privacy and freedom.
Read MoreScalpers are snapping up public service appointments and selling them on.
Read MoreFive ransomware strains have been linked to Bronze Starlight activities.
Read MorePredictive attack intelligence and risk protection startup BforeAI has raised $15 million in a Series A funding round led by SYN Ventures.
The post Predictive Security Startup BforeAI Raises $15 Million appeared first on SecurityWeek.
Read MorePalo Alto Networks has shared remediation instructions for organizations whose firewalls have been hacked via CVE-2024-3400.
The post Palo Alto Networks Shares Remediation Advice for Hacked Firewalls appeared first on SecurityWeek.
Read MoreA new phishing campaign abuses compromised email accounts and targets corporate users with PDF files hosted on Autodesk Drive.
The post Autodesk Drive Abused in Phishing Attacks appeared first on SecurityWeek.
Read MoreThe FTC is sending a total of $5.6 million in refunds to over 117,000 Ring customers as result of a 2023 settlement.
The post FTC Sending $5.6 Million in Refunds to Ring Customers Over Security Failures appeared first on SecurityWeek.
Read MoreThe Brocade SANnav management application is affected by multiple vulnerabilities, including a publicly available root password.
The post Vulnerabilities Expose Brocade SAN Appliances, Switches to Hacking appeared first on SecurityWeek.
Read MoreZero trust endpoint security company ThreatLocker has announced a $115 million Series D funding round that brings the total to $240 million.
The post Endpoint Security Firm ThreatLocker Raises $115 Million in Series D Funding appeared first on SecurityWeek.
Read MoreIBM is acquiring HashiCorp for $6.4 billion for its infrastructure lifecycle management and security lifecycle management capabilities.
The post IBM Acquiring HashiCorp for $6.4 Billion appeared first on SecurityWeek.
Read MorePope Francis has called for an international treaty to ensure AI is developed and used ethically, devoting his annual peace message this year to the topic.
The post Cisco Systems Joins Microsoft, IBM in Vatican Pledge to Ensure Ethical Use and Development of AI appeared first on SecurityWeek.
Read MoreCisco warns that nation state-backed hackers are exploiting at least two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and energy sector networks.
The post Cisco Raises Alarm for ‘ArcaneDoor’ Zero-Days Hitting ASA Firewall Platforms appeared first on SecurityWeek.
Read MoreKnowBe4 boasts that the merger will create “the largest, advanced AI-driven cybersecurity platform for managing human risk.”
The post KnowBe4 Plans to Acquire Egress for Email Security Tech appeared first on SecurityWeek.
Read MoreMany Chinese keyboard apps, some from major handset manufacturers, can leak keystrokes to determined snoopers, leaving perhaps three quarters of a billion people at risk according to research from the University of Toronto’s Citizen Lab.…
Read MoreBaltimore police have arrested Dazhon Leslie Darien, the former athletic director of Pikesville High School (PHS), for allegedly impersonating the school's principal using AI software to make it seem as if he made racist and antisemitic remarks.…
Read MoreThe FTC today announced it would be sending refunds totaling $5.6 million to Ring customers, paid from the Amazon subsidiary's coffers.…
Read MoreTwo men alleged to be co-founders of cryptocurrency biz Samourai Wallet face serious charges and potentially decades in US prison over claims they owned a product that facilitated the laundering of over $100 million in criminal cash.…
Read MoreIt may come as a surprise to absolutely nobody that experts say, in revealing the most prevalent and likely tactics to meddle with elections this year, that state-sponsored cybercriminals pose the biggest threat.…
Read MoreThe UK government could be forgiven for wanting to forget March 2024 ever happened.…
Read MoreIndia’s central bank has banned Kotak Mahindra Bank from signing up new customers for accounts or credit cards through its online presence and app.…
Read MoreThe director general of Australia’s lead intelligence agency and the commissioner of its Federal Police yesterday both called for social networks to offer more assistance to help their investigators work on cases involving terrorism, child exploitation, and racist nationalism.…
Read MoreA previously unknown and "sophisticated" nation-state group compromised Cisco firewalls as early as November 2023 for espionage purposes — and possibly attacked network devices made by other vendors including Microsoft, according to warnings from the networking giant and three Western governments.…
Read MoreCollaboration software used by federal government agencies — this includes apps from Microsoft, Zoom, Slack, and Google — will be required to work together and be securely end-to-end encrypted, if legislation proposed by US Senator Ron Wyden (D-OR) passes.…
Read MoreMicrosoft has come under fire for charging for security add-ons despite the company's own patchy record when it comes to vulnerabilities and breaches.…
Read MoreA company contracted to manage an Amarillo, Texas nuclear weapons facility has to pay US government $18.4 million in a settlement over allegations that its atomic technicians fudged their timesheets to collect more money from Uncle Sam.…
Read MoreGoogle's plan to phase out third-party cookies in Chrome is being postponed to 2025 amid wrangling with the UK's Competition and Markets Authority (CMA) and Information Commissioner's Office (ICO).…
Read MoreThe US has charged and sanctioned four Iranian nationals for their alleged roles in various attacks on US companies and government departments, all of whom are claimed to have worked for fake companies linked to Iran's military.…
Read MoreExclusive At least 18 public-sector websites in the UK and US send visitor data in some form to various web advertising brokers – including an ad-tech biz in China involved in past privacy controversies, a security firm claims.…
Read MoreThe average time taken by global organizations to detect cyberattacks has dropped to its lowest-ever level of ten days, Mandiant revealed today.…
Read MoreUnitedHealth Group, the parent of ransomware-struck Change Healthcare, delivered some very unwelcome news for customers today as it continues to recover from the massively expensive side and disruptive digital break-in.…
Read MoreIt's become somewhat cliché in cybersecurity reporting to speculate whether an organization will have the resources to "keep the lights on" after an attack. But the opposite turns out to be true with Leicester City Council following its March ransomware incident.…
Read MoreNeighbourhood Watch (NW) groups across the UK can now rest easy knowing the developers behind a communications platform fixed a web app bug that leaked their data en masse.…
Read MoreA misconfigured cloud server that used a North Korean IP address has led to the discovery that film production studios including the BBC, Amazon, and HBO Max could be inadvertently using workers from the hermit kingdom for animation projects.…
Read MoreRussian spies are exploiting a years-old Windows print spooler vulnerability and using a custom tool called GooseEgg to elevate privileges and steal credentials across compromised networks, according to Microsoft Threat Intelligence.…
Read MoreUS lawmakers on Saturday reauthorized a contentious warrantless surveillance tool for another two years — and added a whole bunch of people and organizations to the list of those who can be compelled to spy for Uncle Sam.…
Read MoreYet another international cop shop has come out swinging against end-to-end encryption - this time it's Europol which is urging an end to implementation of the tech for fear police investigations will be hampered by protected DMs.…
Read MoreGermany has arrested three citizens who allegedly tried to transfer military technology to China, a violation of the country's export rules.…
Read MoreThe Dutch Data Protection Authority (AP) has warned that government organizations should not use Facebook to communicate with the country's citizens unless they can guarantee the privacy of data.…
Read MoreFresh US legislation to force the sale of TikTok locally was passed in Washington over the weekend after an earlier version stalled in the Senate.…
Read MoreGoogle's Privacy Sandbox, which aspires to provide privacy-preserving ad targeting and analytics, still isn't sufficiently private.…
Read MoreWebinar On the face of it, there really isn't much of an upside for the current UK government after MPs described its response to attacks by cyber-espionage group APT31 as 'feeble, derisory and sadly insufficient.'…
Read MoreOpinion It was a bold claim by the richest and most famous tech founder: bold, precise and wrong. Laughably so. Twenty years ago, Bill Gates promised to rid the world of spam by 2006. How's that worked out for you?…
Read MoreWho, Me? It's Monday once again, dear reader, and you know what that means: another dive into the Who, Me? confessional, to share stories of IT gone wrong that Reg readers managed to pretend had gone right.…
Read MoreBLACK HAT ASIA Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files. And, they asserted, the hole could remain exploitable – even after both vendors claim to have patched the problem.…
Read MoreChina last week reorganized its military to create an Information Support Force aimed at ensuring it can fight and win networked wars.…
Read MoreInfosec In Brief In a cautionary tale that no one is immune from attack, the security org MITRE has admitted that it got pwned.…
Read MoreSacramento International Airport (SMF) suffered hours of flight delays yesterday after what appears to be an intentional cutting of an AT&T internet cable serving the facility.…
Read MoreApple has removed four apps from its China-regional app store, including Meta's WhatsApp and Threads, after it was ordered to do so by Beijing for security reasons.…
Read MoreThe World-Check database used by businesses to verify the trustworthiness of users has fallen into the hands of cybercriminals.…
Read MoreBavarian state police have arrested two German-Russian citizens on suspicion of being Russian spies and planning to bomb industrial and military facilities that participate in efforts to assist Ukraine defend itself against Vladimir Putin’s illegal invasion.…
Read MoreUpdated Octapharma Plasma has blamed IT "network issues" for the ongoing closure of its 150-plus centers across the US. It's feared a ransomware infection may be the root cause of the medical firm's ailment.…
Read MoreCrooks are exploiting now-patched OpenMetadata vulnerabilities in Kubernetes environments to mine cryptocurrency using victims' resources, according to Microsoft.…
Read MoreA draft law to restrict the US government's ability to procure data on citizens through data brokers will progress to the Senate after being passed in the House of Representatives.…
Read MoreBlack Hat Asia Speaking at the Black Hat Asia conference on Thursday, a Korean researcher revealed how the discovery of a phishing operation led to the exposure of a criminal operation that used stolen credit cards and second-hand stores to make money by abusing Apple Stores’ practice of letting third parties pick up purchases.…
Read MoreRansomware strikes at yet another US healthcare organization led to the theft of sensitive data belonging to just shy of 185,000 people.…
Read MoreThe EU's Data Protection Board (EDPB) has told large online platforms they should not offer users a binary choice between paying for a service and consenting to their personal data being used to provide targeted advertising.…
Read MoreFeature Cops have brought down a dark-web souk that provided cyber criminals with convincing copies of trusted brands' websites for use in phishing campaigns.…
Read MoreCisco has developed a product called Hypershield that it thinks represents a new way to do network security.…
Read MoreOne of the biggest challenges Singapore faces is the potential for a split between tech stacks developed and used by China and the West, according to the island nation's Cyber Security Administration (CSA) chief executive David Koh.…
Read MoreChinese surveillance camera manufacturer Zhejiang Dahua Technology, which has found itself on the USA’s entity list of banned orgs, has fully sold off its stateside subsidiary for $15 million to Taiwan's Central Motion Picture Corporation, according to the firm's annual report released on Monday.…
Read MoreOn Thursday the US Senate is expected to reauthorize the contentious warrantless surveillance powers conferred by Section 702 of the Foreign Intelligence Surveillance Act (FISA), and may even strengthen them with language that, according to US Senator Ron Wyden (D-OR), "will force a huge range of companies and individuals to spy for the government."…
Read MoreThe Russian military's notorious Sandworm crew was likely behind cyberattacks on US and European water plants that, in at least one case, caused a tank to overflow.…
Read MoreVarious infosec researchers have released proof-of-concept (PoC) exploits for the maximum-severity vulnerability in Palo Alto Networks' PAN-OS used in GlobalProtect gateways.…
Read MoreThe two founders of Samourai Wallet have been charged with money laundering and unlicensed money-transmitting offenses
Read MoreAn advisory from Cisco Talos has highlighted a sophisticated cyber-espionage campaign targeting government networks globally
Read MoreCyber threat intelligence provider Cyble found that DragonForce was using a ransomware binary based on LockBit Black’s builder
Read MoreA new ISC2 study highlights the lack of diversity in cybersecurity with only 4% of teams having a majority of women, while 11% have none at all
Read MoreConsumer rights group Which? has found more security gaps in UK banking sites and apps
Read MoreEmail-borne fraud accounted for more insurance claims than any other category in 2023, says Coalition
Read MoreJake Humphrey and Professor Damian Hughes, the minds behind the High Performance Podcast, share their top non-negotiable behaviours for success in cybersecurity
Read MoreThe bill that could see TikTok banned in the US has been approved by the House of Representatives and the Senate
Read MoreThe US Treasury announced sanctions on two companies and four individuals for cyber campaigns conducted on behalf of the Iranian government
Read MoreThe proximity of organizations’ headquarters, like Asda’s and NHS England’s, prompted BlueVoyant to choose Leeds as the location for its first UK SOC
Read MoreNetacea research found that 93% of security leaders expect to face daily AI-driven attacks by the end of 2024, with 65% predicting that offensive AI will be the norm for cybercriminals
Read MoreOne in five UK organizations have had corporate data exposed via generative AI, says RiverSafe
Read MoreBitwarden surveyed 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to investigate current user password practices. The survey shows that 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit to using personal information in their credentials publicly accessible on social media (60%) platforms and online forums (30%). These practices reveal a significant gap between recommended security practices and actual user behavior, highlighting how weak password habits and password reuse … More
The post Most people still rely on memory or pen and paper for password management appeared first on Help Net Security.
Read MoreLSA Whisperer consists of open-source tools designed to interact with authentication packages through their unique messaging protocols. Support is currently provided for the cloudap, kerberos, msv1_0, negotiate, pku2u, schannel packages and cloudap’s AzureAD plugin. Partial or unstable support is provided for livessp, negoexts, and the security package manager. What LSA Whisperer does “Many authentication packages generally support their internal APIs, known as package calls, and relatively few are documented or used outside of Microsoft. I … More
The post LSA Whisperer: Open-source tools for interacting with authentication packages appeared first on Help Net Security.
Read MoreFollowing the past few years of economic turbulence, merger and acquisition (M&A) activity is on the rise in 2024, with several acquisition deals being announced in the first few months of the year valued at billions of dollars. With the surge of AI adoption, companies must not only reevaluate AI’s role in identifying top prospects but also assess and resolve security risks that may lie hidden within their networks and the companies they are merging … More
The post What AI can tell organizations about their M&A risk appeared first on Help Net Security.
Read MoreHere’s a list of interesting cybersecurity companies that received funding so far in 2024. Aim Security January | $10 million Aim Security raised $10 million in seed funding, led by YL Ventures, with participation from CCL (Cyber Club London), the founders of WIZ and angel investors from Google, Proofpoint and Palo Alto Networks. Aim Security was founded by cybersecurity veterans Matan Getz, CEO and Adir Gruss, CTO who pioneered the use and adoption of AI … More
The post Breaking down the numbers: Cybersecurity funding activity recap appeared first on Help Net Security.
Read MoreHere’s a look at the most interesting products from the past week, featuring releases from Cyberint, Forcepoint, Invicti Security, Netwrix, Trend Micro, Zero Networks, and WhyLabs. Trend Micro launches AI-driven cyber risk management capabilities Trend Micro unveiled AI-driven cyber risk management capabilities across its entire flagship platform, Trend Vision One. This seamlessly integrates more than 10 industry technology categories into one offering, empowering security, cloud and IT operations teams to manage risk proactively. Zero Networks … More
The post New infosec products of the week: April 26, 2024 appeared first on Help Net Security.
Read MoreThe Federal Communications Commission (FCC) today voted to restore a national standard to ensure the internet is fast, open, and fair. Today’s decision to reclassify broadband service as a Title II telecommunications service allows the FCC to protect consumers, defend national security, and advance public safety. Through its actions today, the Commission creates a national standard by which it can ensure that broadband internet service is treated as an essential service. Today’s vote also makes … More
The post Net neutrality has been restored appeared first on Help Net Security.
Read MoreStellar Cyber has revealed a new partnership with Acronis, to deliver an optimized threat detection and response solution enabling MSPs to protect on-premises, cloud, hybrid, and IT/OT environments most cost-effectively and efficiently possible. Through this partnership, Stellar Cyber and Acronis aim to help organizations protect themselves from advanced cyberattacks by removing artificial obstacles that make it difficult for security teams to identify and mitigate threats effectively. Acronis Cyber Protect Cloud enables Managed Service Providers (MSPs) … More
The post Stellar Cyber and Acronis team up to provide optimized threat detection solutions for MSPs appeared first on Help Net Security.
Read MoreEdgio released its Client-Side Protection solution. Designed to monitor scripts and APIs on the browser-side to prevent malicious code from exfiltrating sensitive customer data, Edgio Client-Side Protection allows teams to gain full visibility on client-side vulnerabilities, achieve full control over all first- and third-party resources and maintain the latest compliance requirements. Payment Card Industry (PCI) Data Security Standard (DSS) v4.0 represents the latest global standards for protecting payment data against sophisticated cyber attacks. PCI DSS … More
The post Edgio Client-Side Protection enables organizations to secure critical customer data appeared first on Help Net Security.
Read MoreIBM and HashiCorp have entered into a definitive agreement under which IBM will acquire HashiCorp for $35 per share in cash, representing an enterprise value of $6.4 billion. HashiCorp’s suite of products provides enterprises with extensive Infrastructure Lifecycle Management and Security Lifecycle Management capabilities to enable organizations to automate their hybrid and multi-cloud environments. “Enterprise clients are wrestling with an unprecedented expansion in infrastructure and applications across public and private clouds, as well as on-prem … More
The post IBM to buy HashiCorp in $6.4 billion cash deal, expanding cloud portfolio appeared first on Help Net Security.
Read MoreDropzone AI has raised $16.85 million in Series A funding. Theory Ventures led the round, adding to their cohort of existing investors Decibel Partners, Pioneer Square Ventures, and In-Q-Tel (IQT). Carta CISO Garrett Held, Head of Security at Postman Joshua Scott, and Integreon President and Head of Cyber Solutions Anshu Gupta also joined the Series A round. Theory Ventures Founder Tomasz Tunguz will join the board as part of its investment. Dropzone will use this … More
The post Dropzone AI raises $16.85 million to combat advanced AI attacks appeared first on Help Net Security.
Read MoreThe director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges as well as why he became involved with Starmus.
Read MoreWe spoke to Michel Mayor about the importance of public engagement with science and fostering responsibility among the youth for the preservation of our changing planet
Read MoreDr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and the strong sense of community within the Starmus universe
Read MoreWhat are the risks and consequences of having your health data exposed and what are the steps to take if it happens to you?
Read MoreWhat are some of the most common giveaway signs that the person behind the screen or on the other end of the line isn’t who they claim to be?
Read MoreFrom promoting questionable content to posing security risks, inappropriate ads present multiple dangers for children. Here’s how to help them stay safe.
Read MoreAlmost 400 people in India and Pakistan have fallen victim to an ongoing Android espionage campaign called eXotic Visit
Read MoreHere’s how cybercriminals target cryptocurrencies and how you can keep your bitcoin or other crypto safe
Read MoreShould children’s apps come with ‘warning labels’? Here's how to make sure your children's digital playgrounds are safe places to play and learn.
Read MoreTemu's cash giveaway where people were asked to hand over vast amounts of their personal data to the platform puts the spotlight on the data-slurping practices of online services today
Read MoreMuch has been written about the risks that poorly-secured RDP connections entail, but many organizations continue to leave themselves at risk and get hit by data breaches as a result
Read MoreAnd is that actually the right question to ask? Here’s what else you should consider when it comes to keeping your accounts safe.
Read MoreThere is more to some images than meets the eye – their seemingly innocent façade can mask a sinister threat.
Read MoreThe second half of 2023 saw massive growth in AceCryptor-packed malware spreading in the wild, including courtesy of multiple spam campaigns where AceCryptor packed the Rescoms RAT
Read MorePersonal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Here’s how to avoid being scammed when considering a loan.
Read MoreThis rundown of 10 cyberattacks against the sports industry shows why every team needs to keep its eyes on the ball when it comes to cybersecurity
Read MoreStruggle to know how to help children and teens stay safe in cyberspace? A good ol’ fashioned chat is enough to put them on the right track.
Read MoreGiven the unhealthy data-collection habits of some mHealth apps, you’re well advised to tread carefully when choosing with whom you share some of your most sensitive data
Read MoreHealthcare organizations remain firmly in attackers' crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in the US in 2023
Read MoreWe break down the fundamentals of threat intelligence and its role in anticipating and countering emerging threats
Read MoreInsight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
Read MoreHere are a few tips for secure file transfers and what else to consider when sharing sensitive documents so that your data remains safe
Read MoreEvasive Panda has been spotted targeting Tibetans in several countries and territories with payloads that included a previously undocumented backdoor ESET has named Nightdoor
Read MoreWhat cyberthreats could wreak havoc on elections this year and how worried should we as voters be about the integrity of our voting systems?
Read MoreThe internet can be a wonderful place. But it’s also awash with fraudsters preying on people who are susceptible to fraud.
Read MoreStruggle to part ways with your tech? You’re not alone. Here’s why your devices are your vices.
Read MoreAs the specter of AI-generated disinformation looms large, tech giants vow to crack down on fabricated content that could sway voters and disrupt elections taking place around the world this year
Read MoreESET researchers uncover strategic web compromise and supply-chain attacks targeting Tibetans
Read MoreESET researchers uncovered the eXotic Visit espionage campaign that targets users mainly in India and Pakistan with seemingly innocuous apps
Read MoreAs adversaries increasingly set their sights on vulnerable enterprise VPN software to infiltrate corporate networks, concerns mount about VPNs themselves being a source of cyber risk
Read MoreComing in two waves, the campaign sought to demoralize Ukrainians and Ukrainian speakers abroad with disinformation messages about war-related subjects
Read MoreDo you often take to social media to broadcast details from your life? Here’s why this habit may put your privacy and security at risk.
Read MoreHere's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signals
Read MoreArtificial intelligence is on everybody’s lips these days, but there are also many misconceptions about what AI actually is and isn’t. We unpack AI's basics, applications and broader implications.
Read MoreA mix of PSYOPs, espionage and … fake Canadian pharmacies!
Read MoreUnsuspecting users beware, IP grabbers do not ask for your permission.
Read MoreWhy and how are we subjected to so much disinformation nowadays, and is there a way to spot the fakes?
Read MoreCalled a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous year
Read MoreAs fabricated images, videos and audio clips of real people go mainstream, the prospect of a firehose of AI-powered disinformation is a cause for mounting concern
Read MoreHere's what drives cybercriminals to relentlessly target the personal information of other people – and why you need to guard your data like your life depends on it
Read MoreHere’s how the blue team wards off red teamers and a few open-source tools it may leverage to identify chinks in the corporate armor
Read MoreThe banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windows
Read MoreHeavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses?
Read MoreWith Valentine’s Day almost upon us, here’s some timely advice on how to prevent scammers from stealing more than your heart
Read MoreAn AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes
Read MoreESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimology
Read MoreThe previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK
Read MoreIn today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike
Read MoreESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group
Read MoreBlindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk management
Read MoreThe job of a CISO is becoming increasingly stressful as cybersecurity chiefs face overwhelming workloads and growing concerns over personal liability for security failings
Read MoreAs AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls – and what the future holds for deepfake detection
Read MoreESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood
Read MorePhone fraud takes a frightening twist as fraudsters can tap into AI to cause serious emotional and financial damage to the victims
Read MoreHere are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible deal
Read MoreBy eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk
Read MoreThe cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC's X account right ahead of the much-anticipated decision about Bitcoin ETFs
Read MoreWhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Don’t get taken for a ride.
Read MoreIs AI companionship the future of not-so-human connection – and even the cure for loneliness?
Read MoreWhat are some of the key cybersecurity trends that people and organizations should have on their radars this year?
Read MoreLosing your keys, your wallet – or anything else, really – can be a pain, but there is a wide world of trackers that can help you locate your missing things – with awesome accuracy
Read MoreFrom ChatNPT to Game Boys and space apps, this year’s challenge took us to the Geese Islands for another rollicking romp of fun
Read MoreLearn how the cyber variety of CSI works, from sizing up the crime scene and hunting for clues to piecing together the story that the data has to tell
Read MoreHow wearing a ‘sock puppet’ can aid the collection of open source intelligence while insulating the ‘puppeteer’ from risks
Read MoreHow cybercriminals take advantage of the popularity of ChatGPT and other tools of its ilk to direct people to sketchy sites, plus other interesting findings from ESET's latest Threat Report
Read MoreAs we draw the curtain on another eventful year in cybersecurity, let’s review some of the high-profile cyber-incidents that befell various organizations this year
Read MoreBefore getting rid of your no-longer-needed device, make sure it doesn’t contain any of your personal documents or information
Read MoreUnwrapping a new gadget this holiday season will put a big smile on your face but things may quickly turn sour if the device and data on it aren’t secured properly
Read MoreYour iPhone has just received a new feature called iMessage Contact Key Verification that is designed to help protect your messages from prying eyes
Read MoreA view of the H2 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
Read MoreYou may get more than you bargained for when you buy a budget-friendly smartphone and forgo safeguards baked into Google Play
Read MoreESET researchers discuss the dynamics within and between various groups of scammers who use a Telegram bot called Telekopye to scam people on online marketplaces
Read MoreChatGPT would probably say "Definitely not!", but will we learn any lessons from the rush to regulate IoT in the past?
Read MoreCan DNS protection technology transform consumers’ worries about cybercrime with a trust-based approach?
Read MoreESET Research reveals details about a growth in the number of deceptive loan apps on Android, their origins and modus operandi.
Read MoreLegacy protocols in the healthcare industry present dangers that can make hospitals extremely vulnerable to cyberattacks.
Read MoreA security compromise so stealthy that it doesn’t even require your interaction? Yes, zero-click attacks require no action from you – but this doesn’t mean you’re left vulnerable.
Read MoreESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications
Read MoreThe past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository
Read MoreContactless payments are quickly becoming ubiquitous – but are they more secure than traditional payment methods?
Read MoreYour car probably knows a lot more about you than it lets on – but is the trade-off of privacy for convenience truly justifiable?
Read MoreSeveral cases of children creating indecent images of other children using AI software add to the worries about harmful uses of AI technology
Read MoreESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play
Read MoreThe technology is both widely available and well developed, hence it's also poised to proliferate – especially in the hands of those wishing ill
Read MoreFailing to practice what you preach, especially when you are a juicy target for bad actors, creates a situation fraught with considerable risk
Read MoreESET's research team reveals details about the onboarding process of the Telekopye scam operation and the various methods that the fraudsters use to defraud people online
Read MoreAs personal devices within corporate networks make for a potentially combustible mix, a cavalier approach to BYOD security won’t cut it
Read MoreWhile it may be too late to introduce wholesale changes to your security policies, it doesn’t hurt to take a fresh look at where the biggest threats are and which best practices can help neutralize them
Read MoreThe holiday shopping season may be the time to splurge, but it’s a also favorite time of year for cybercriminals to target shoppers with phony deals, phishing scams and other threats
Read MoreInsight into groups operating Telekopye bots that scam people in online marketplaces
Read MoreAI-driven voice cloning can make things far too easy for scammers – I know because I’ve tested it so that you don’t have to learn about the risks the hard way.
Read MoreWhat happens when problems caused by autonomous vehicles are not the result of errors, but the result of purposeful attacks?
Read MoreAn attack against a port operator that ultimately hobbled some 40 percent of Australia’s import and export capacity highlights the kinds of supply chain shocks that a successful cyberattack can cause
Read MoreTyping with your voice? It should go without saying that you need to take some precautions and avoid spilling your secrets.
Read MoreThe Urdu version of the Hunza News website offers readers the option to download an Android app – little do they know that the app is actually spyware
Read MoreDiscover six games that will provide valuable knowledge while turning learning about digital security into an enjoyable and rewarding adventure
Read MoreThrough engaging hacking challenges and competitions, CTFs offer an excellent opportunity to test and enhance your security and problem-solving skills
Read MoreBy collecting, analyzing and contextualizing information about possible cyberthreats, including the most advanced ones, threat intelligence offers a critical method to identify, assess and mitigate cyber risk
Read MoreESET researchers discovered Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News
Read MoreVarious questions linger following the botnet's sudden and deliberate demise, including: who actually initiated it?
Read MoreWith cyber threats constantly evolving, protecting your network’s security is important. Network pen testing, also known as Network VAPT (Vulnerability Assessment and Penetration Testing), helps you attain this objective. It is a simulated cyber attack carried out by ethical hackers to detect and exploit flaws in your network infrastructure. What is Network Infrastructure? Network infrastructure […]
The post What is Network Pen Testing? appeared first on Kratikal Blogs.
The post What is Network Pen Testing? appeared first on Security Boulevard.
Read MoreThe RSA Conference 2024 will kick off on May 6. Known as the “Oscars of Cybersecurity,” the RSAC Innovation Sandbox has become a benchmark for innovation in the cybersecurity industry. Let’s focus on the new hotspots in cybersecurity and understand the new trends in security development. Today, let’s get to know Harmonic Security. Introduction of […]
The post RSAC 2024 Innovation Sandbox | The Future Frontline: Harmonic Security’s Data Protection in the AI Era appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post RSAC 2024 Innovation Sandbox | The Future Frontline: Harmonic Security’s Data Protection in the AI Era appeared first on Security Boulevard.
Read MoreThe stereotype of the government as a slow-moving behemoth is not ill-fitting, but when it makes adjustments and changes, it does so with deliberation and intent. An excellent example is the ongoing development and evolution of things like security standards. Technology moves much, much faster than the government can respond to or that even most […]
The post How to Migrate from FedRAMP Rev 4 to FedRAMP Rev 5 appeared first on Security Boulevard.
Read MoreOn April 12 (and then updated again on April 20), Palo Alto Networks released an advisory about a vulnerability in the PAN-OS® software that runs Palo Alto Networks® Next-Generation Firewalls (NGFWs).
The post NodeZero: Testing for Exploitability of Palo Alto Networks CVE-2024-3400 appeared first on Horizon3.ai.
The post NodeZero: Testing for Exploitability of Palo Alto Networks CVE-2024-3400 appeared first on Security Boulevard.
Read MoreAuthors/Presenters: *Yafei Wu, Cong Sun, Dongrui Zeng, Gang Tan, Siqi Ma, Peicheng Wang*
Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
The post USENIX Security ’23 – LibScan: Towards More Precise Third-Party Library Identification for Android Applications appeared first on Security Boulevard.
Read MoreNorth American software developers have reasonable confidence that generative AI can be a tool to improve the security of the software they're building. In other regions? Not so much.
The post North American Developers Optimistic About Generative AI and Code Security appeared first on Security Boulevard.
Read MoreIntroduction In coordination with multiple government agencies, Cisco announced yesterday the discovery of a new backdoor targeting their Adaptive Security Appliances (ASA). The threat actor is new, tracked by Cisco as UAT4356 and STORM-1849 by Microsoft, and leveraged two zero-day vulnerabilities in the campaign dubbed ArcaneDoor. The campaign started in November 2023, predating the recent […]
The post Defending Against ArcaneDoor: How Eclypsium Protects Network Devices appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.
The post Defending Against ArcaneDoor: How Eclypsium Protects Network Devices appeared first on Security Boulevard.
Read MoreThe warning underscores the importance of a collaborative approach to AI security involving stakeholders across different domains, including data science and infrastructure.
The post AI Adoption Prompts Security Advisory from NSA appeared first on Security Boulevard.
Read MoreDiscover why AI data poisoning is an emerging threat and how fake data is used to evade AI cybersecurity protections.
The post AI Data Poisoning: How Misleading Data Is Evading Cybersecurity Protections appeared first on Security Boulevard.
Read MoreIn August of last year, @tifkin_, @0xdab0, and I released Nemesis, our offensive data enrichment platform. After lots of feedback, operational testing, hundreds of commits, and another solid dev cycle, we’re proud to finally announce Nemesis’ 1.0.0 release. This post will detail several of the major changes we’re excited about, from host modeling, to a streamlined installation process, dashboard improvements, and more!
Since the beginning of development, one of our visions for Nemesis has been for it to provide guidance to operators agnostic of their C2 tooling. If we want Nemesis to be able to perform analysis like PowerUp’s privilege escalation, we have to build a proper offline data model to handle the analysis we want. Part of this involves the very specific problem of host “uniqueness” when you have data coming in from a number of different C2 sources.
This, however, ended up being a more challenging task than we anticipated. We will be releasing a detailed post diving into all of the nuances of this problem in the next few weeks, but we wanted to at least highlight the problem as we viewed it. We also have a specific temporal issue that we’ll touch on briefly as well.
The host uniqueness problem is a consequence of the variety of ways host data can be ingested into Nemesis. In order to perform host-based analysis, we have to collapse data from potentially multiple ingested sources into a single host abstraction so we don’t miss any details. I.e., consider the situation of having multiple C2 agent types on the same host. C2 agents can report a host’s short name(e.g., NetBIOS name), fully qualified name, or IP addresses. We might be performing an action against a remote host from a C2 agent, i.e., downloading a file from a host that doesn’t have an agent on it, but the connection is being routed through an existing agent. And finally, we might have manual data we’re uploading through the Nemesis interface in case there isn’t an existing connector.
With all of these options, the way to elegantly (well, at least as elegantly as possible) combine data from multiple ingestion sources in a way that we can break sections back apart if there is a mapping mistake was…tricky. We also ran across a “temporal problem” for specific types of data like file or process listings where these data are ephemeral and can be influenced by operator events. For example, if you took a file listing but then uploaded or deleted a file on the host, the ground truth (as far as you know) for the filesystem state has to be built from multiple pieces. This data may also be ingested out of order (e.g., ingesting long-term collection output from a tool running on another host). Luckily, we believe we have a solution for this too!
If you’re as interested in this type of problem as we are (Bueller? Bueller?) keep an eye out for our upcoming modeling deep dive post.
One of the most common pieces of negative, yet legitimate, feedback we received about Nemesis was the complexity of its installation. Previously, setting up Nemesis required a number of prerequisites like Docker, Helm, and Kubernetes via Minikube. In response to this feedback, we’ve now adopted k3s, which can be installed with one command and doesn’t depend on Docker. Our updated quickstart guide outlines the full installation process in just five steps, making it quicker to get up and running.
We’ve significantly improved the deployment process of Nemesis with the transition from Skaffold to Helm. Max worked hard on creating three new Helm charts: quickstart, nemesis, and monitoring. The quickstart chart is designed to configure all the secrets and dependencies necessary for Nemesis, providing an easy setup for most users. Advanced users, who might want to manually manage these settings or integrate with a Kubernetes secrets manager will want to replicate the functionality of the quickstart chart themselves. The nemesis chart sets up all the required Nemesis services like before. The monitoring chart is an optional installation that deploys monitoring services like Fluentd, Grafana, and Prometheus for those who want more insight into logging and performance. Additionally, this change has allowed us to eliminate the need for the janky nemesis-cli.py script!
Additionally, we have builds of Nemesis Docker images pushed to Dockerhub, meaning users no longer have to go through the build process. The entire setup process is described here in the documentation, but involves setting up the prerequisites, running the Nemesis quickstart chart to configure a handful of secrets/configs, and running the Nemesis Helm chart from a local clone or the remote repo. Here’s how the actual core Nemesis deployment looks like from running the local Helm chart:
Another nice side effect of this is that Max was able to get self-signed TLS working, so communication to the Nemesis endpoint is now all over HTTPS. Additionally, the monitoring infrastructure is now optional, which can help save on resources. Big thanks to @M_alphaaa for helping us out with some Helm issues!
And finally, for those who really like Minikube or Docker Desktop, we do have documentation for setting up Nemesis using the new installation procedure. Note that we will only be officially supporting k3s going forward (it’s way easier, we promise!).
The “Summoning RAGnarok With Your Nemesis” post we released in March has complete details on these modifications, but TL;DR we completely redid how text search works under the hood for Nemesis.
In the Document Search page, there are now two tabs. The first, “Full Document Search”, searches for text phrases over the entire text extracted from any compatible document, à la Google:
The main difference here is that we now have search filters that let you include or exclude specific paths, name patterns, or file extensions:
We also collapsed the old “Source Code Search” tab into “Full Document Search”. In order to search indexed source instead of extracted document text, select source_code as the index in the expanded search filter section:
The “Text Snippet Search” tab now replaces the old “Semantic Search” tab and has received a complete overhaul. This tab searches over snippets of text extracted from compatible documents, where each snippet/chunk is ~400–500 words. If you want to know more about why this chunking was used, check out the “Summoning RAGnarok With Your Nemesis” post!
When you type a term or question into this search, the query is passed to the new https://<NEMESIS>/nlp/ endpoint, specifically the /nlp/hybrid_search route. Nemesis calculates the embedding vector for the query and searches the closest vector/text pairs, as well as performing a more classic BM25 “fuzzy” search of the text and the indexed document title. These results are fused together through Reciprocal Rank Fusion and returned reordered to the user:
Note: deselecting “Use Hybrid Vector Search” will remove the embedding vector approach and use just the BM25 “fuzzy” search. “Snippet Search” also has the same include/exclude filters that the “Full Document Search” tab has.
If you want to use a local LLM to chat over text extracted from Nemesis documents, check out RAGnarok!
Nemesis has a very rich backend data model that’s presented in two ways: a semi-structured and easily searchable form in Elasticsearch, and a highly structured form in PostgreSQL. While Kibana/Elastic have been accessible in Nemesis since the beginning, one piece of feedback we commonly heard was there was no way to easily access the structured data. We have had pgAdmin present for basic troubleshooting but nothing programmatically accessible.
Hasura fixes that! Hasura lets us easily construct GraphQL and REST APIs on top of our existing PostgreSQL database. Once it’s deployed, we get an awesome interface where we can play around with query and subscription construction:
This also means we can do some basic scripting to process existing data or new data as it comes in. We have some improved documentation (another 1.0.0 “feature”!) which includes information about scripting with Hasura here:
As the Nemesis /dashboard/ route is the main way operators interact with Nemesis, it’s one of the pieces we received the most feedback on. There are nearly too many quality-of-life changes to count, but we’ll highlight a few of them here:
The File Viewer page was broken out which displays syntax-highlighted text, or raw hex of a binary file. This page is accessible via the i icon on the main files page:
The File Upload was broken out into its own page with values saved in cookies for persistence between runs:
We finally exposed the Custom Cracklist endpoint in the interface. This service keeps a unique list of non-dictionary words extracted from documents and lets you download the X most common:
If there are any Yara rule matches against a downloaded file, the match is displayed in a new sub-tab along with the matching rule text. The appropriate icon on the Files page will link you directly to these results now as well:
The NoseyParker tab was revamped and hyperlinked from the displayed tag bubbles as well:
There were, of course, countless other bug fixes and tweaks as well. We’ll run through a grabbag of them here:
We’ve put a lot of blood, sweat, and tears (mostly at k8s) into Nemesis, and we’re incredibly excited for this official 1.0.0 release! With the quality of life changes and ease of installation with Helm, we’re looking forward to more people getting to play with Nemesis hands on.
If you play around with Nemesis, let us know what works and what doesn’t! Come join us in the #nemesis-chat channel of the BloodHound Slack! We (the main Nemesis devs- @tifkin_, @harmj0y, and @Max Harley) are all active in that channel.
Nemesis 1.0.0 was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.
The post Nemesis 1.0.0 appeared first on Security Boulevard.
Read MoreThe FBI has warned today that using unlicensed cryptocurrency transfer services can result in financial loss if these platforms are taken down by law enforcement. [...]
Read MoreThe L.A. County's Department of Health Services, the second-largest public health care system in the United States, disclosed a data breach after patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. [...]
Read MoreResearchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. [...]
Read MoreReddit is investigating a major outage blocking users worldwide from accessing the social network's websites and mobile apps. [...]
Read MoreOver 1,400 CrushFTP servers exposed online were found vulnerable to attacks currently targeting a critical severity server-side template injection (SSTI) vulnerability previously exploited as a zero-day. [...]
Read MoreHackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. [...]
Read MoreSecurity researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches. [...]
Read MoreKeonne Rodriguez and William Lonergan Hill have been charged by the U.S. Department of Justice for laundering more than $100 million from various criminal enterprises through Samourai, a cryptocurrency mixer service they ran for nearly a decade. [...]
Read MoreProof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility. [...]
Read MoreCisco warned today that a state-backed hacking group has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. [...]
Read MoreGoogle is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls. [...]
Read MoreMicrosoft has enabled Start menu ads in the optional KB5036980 preview cumulative update for Windows 11 22H2 and 23H2. [...]
Read MoreSimbian is a cybersecurity platform that effectively controls other cybersecurity platforms as well as security apps and tooling.
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreApple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that they may have been targeted by mercenary spyware attacks. The company said it sent the alerts to individuals in 92 nations at 12 p.m. Pacific Time Wednesday. The notification, which TechCrunch has seen, did not disclose the attackers’ identities or […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreAt Cloud Next, many of the announcements had to do with Gemini, Google's flagship family of generative AI models.
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreZscaler, a cloud security company with headquarters in San Jose, California, has acquired cybersecurity startup Avalor 26 months after its founding, reportedly for $310 million in cash and equity. In a press release announcing the news, Zscaler founder and CEO Jay Chaudhry said that the deal would expand Zscaler’s platform with capabilities including streamlined reporting of […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreThanks to an uncertain economy, cybersecurity budgets are in a tight spot. According to a 2023 survey from IANS and recruiting firm Artico Search, more than a third of chief information security officers (CISOs) kept their security spending the same — or slightly reduced — in 2023. A separate report from PwC suggests that one […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreCycode is a well-funded startup that offers an end-to-end application security posture management platform — that is, a tool that continuously scans code (and the libraries it relies on) for potential security vulnerabilities throughout the software development life cycle and then helps remediate those issues. Today, the company announced that it has acquired Bearer, a […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreSecurity researchers say a pair of easy-to-exploit flaws in a popular remote-access tool used by more than a million companies around the world are now being mass exploited, with hackers abusing the vulnerabilities to deploy ransomware and steal sensitive data. Cybersecurity giant Mandiant said in a post on Friday that it has “identified mass exploitation” […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreApple announced today it is upgrading iMessage’s security layer to post-quantum cryptography, starting in iOS and iPadOS 17.4, macOS 14.4 and watchOS 10.4. The technology giant said that in the coming years, quantum computers will be able to break today’s cryptography standards. That’s why Apple said it is changing how end-to-end encryption works with iMessage […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read More1Password, the AgileBits-owned password management software developer, today announced that it has acquired Kolide, an endpoint security platform, for an undisclosed amount. According to 1Password CEO Jeff Shiner, Kolide founder and CEO Jason Meller and all of Kolide’s 30 employees will join 1Password “as an intact team.” Meller has taken on the role of VP […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreA misconfigured cloud storage server belonging to automotive giant BMW exposed sensitive company information, including private keys and internal data, TechCrunch has learned. Can Yoleri, a security researcher at threat intelligence company SOCRadar, told TechCrunch that he discovered the exposed BMW cloud storage server while routinely scanning the internet. Yoleri said the exposed Microsoft Azure–hosted […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreKTrust, a Tel Aviv–based security startup, is taking a different approach to Kubernetes security from many of its competitors in the space. Instead of only scanning Kubernetes clusters and their configurations for known vulnerabilities, KTrust is taking a more proactive approach. It deploys an automated system that tries to hack into the system. This allows […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreA user on the Twitter/X alternative Spoutible claims the company deleted their posts after they pushed Spoutible CEO Christopher Bouzy to be more honest about the nature of its recent security issue. The claims, which the company denies, are the latest bizarre twist in the security incident saga taking place over the past week at […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreApple has removed a fake app that was masquerading as password manager LastPass on the App Store. The illegitimate app was listed under an individual developer’s name (Parvati Patel) and copied LastPass’s branding and user interface in an attempt to confuse users. Beyond being published by a different developer that was not LastPass owner LogMeIn, […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreDon’t type anything into Gemini, Google’s family of GenAI apps, that’s incriminating — or that you wouldn’t want someone else to see. That’s the PSA (of sorts) today from Google, which in a new support document outlines the ways in which it collects data from users of its Gemini chatbot apps for the web, Android […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreThe maker of a popular smart ski and bike helmet has fixed a security flaw that allowed the easy real-time location tracking of anyone wearing its helmets. Livall makes internet-connected helmets that allow groups of skiers or bike riders to talk with each other using the helmet’s in-built speaker and microphone, and share their real-time […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreJust two years ago, VC funding to cybersecurity startups was on fire. Indeed, $23 billion flooded the sector, per Crunchbase. But in 2023, cybersecurity upstarts only saw a third of that — the result of the exceptional surge in 2021, bloated valuations and investors wary of market instability. But there are always some winners during […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreThe software supply chain, which comprises the components, libraries and processes companies use to develop and publish software, is under threat. According to one recent survey, 88% of companies believe that software supply chain security presents an “enterprise-wide risk” to their organizations, while nearly two-thirds (65%) believe their organizations’ software supply chain security program isn’t […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreX, formerly Twitter, today announced support for passkeys, a new and more secure login method than traditional passwords, which will become an option for U.S. users on iOS devices. The technology has been adopted by a number of apps as of late, including PayPal, TikTok, WhatsApp, and others. Today we’re excited to launch Passkeys as […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreClerk, a startup creating a suite of embeddable UIs, APIs and admin dashboards that app developers can use to authenticate and manage users, has raised $30 million in a Series B round led by CRV with participation from Stripe, Andreessen Horowitz and Madrona. The proceeds bring Clerk’s total raised to $55.5 million, and co-founder and […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreTorq, a self-described “hyperautomation” cybersecurity startup, today announced that it raised $42 million in an extension to its Series B funding round from investors, including Bessemer Venture Partners, GGV Capital, Insight Partners, Greenfield Partners and Evolution Equity Partners. Bringing the company’s total raised to $120 million, the new cash will be put toward expanding Torq’s […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Read MoreRecently, Prospect Medical Holdings suffered a massive cyberattack that allegedly stole around 500,000 social security numbers. In addition, the hackers also managed to get away with patient records and even some corporate documents. Since then, a ransomware gang called Rhysida has stepped up to claim responsibility for the breach. Details about the attack Researchers believe … Continue reading Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
The post Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings appeared first on KoDDoS Blog.
Read MoreA hacking campaign that went dark earlier this year has resumed operations. According to a new warning issued by Black Lotus Labs researchers, the hackers’ goal is to target US Department of Defense procurement sites and organizations based in Taiwan. Similarities with the March attacks The hacking campaign initially emerged in the spring of 2023. … Continue reading Compromised routers allowed online criminals to target Pentagon contract site
The post Compromised routers allowed online criminals to target Pentagon contract site appeared first on KoDDoS Blog.
Read MoreA recent hacking attack hit PurFoods, which operates in the US under the name of Mom’s Meals. The attack affected over 1.2 million customers and employees alike, stealing their personal data. PurFoods, or Mom’s Meals, is a medical meal delivery service that provides its services to self-paying customers and people eligible for government assistance, according … Continue reading 1.2 million customers of Mom’s Meals were affected after the recent data breach
The post 1.2 million customers of Mom’s Meals were affected after the recent data breach appeared first on KoDDoS Blog.
Read MoreAs our reliance on the internet grows, so does our exposure to a myriad of online threats. Malware, DDoS attacks, DNS spoofing, and Man-In-The-Middle (MITM) attacks are just some of the hacking techniques cybercriminals use to exploit the internet’s vulnerabilities and gain access to our most sensitive data. Hacking has emerged as a prominent threat, … Continue reading How VPNs Can Defend Against the Threat of Hacking
The post How VPNs Can Defend Against the Threat of Hacking appeared first on KoDDoS Blog.
Read MoreThe website of layer one blockchain network Terra has been targeted by a hacking campaign over the weekend. During this hacking campaign, hackers used unauthorized access to run a phishing campaign on visitors to the site. These visitors are usually forced to link their online and hardware wallets to the website, which is compromised. Terra’s … Continue reading Terra Developers Shut Down Website Amid A Phishing Campaign
The post Terra Developers Shut Down Website Amid A Phishing Campaign appeared first on KoDDoS Blog.
Read MoreIntelligence agencies in the United States have warned about foreign spies targeting the US space sector. According to these agencies, hackers have also been launching hacking campaigns against the US space industry, which could significantly affect the US satellite infrastructure. Foreign spies and hackers target the US space industry The National Counterintelligence and Security Center … Continue reading Foreign Spies And Hackers Target The US Space Industry
The post Foreign Spies And Hackers Target The US Space Industry appeared first on KoDDoS Blog.
Read MoreA recent study has detected a high-severity vulnerability with the WinRAR file archiver utility for Windows. Millions of people use WinRAR, which can be deployed to execute commands on a computer whenever a user opens an archive. WinRAR flaw allows hackers to assume control over PCs The flaw in question is tracked as CVE-2023-40477, allowing … Continue reading High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs
The post High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs appeared first on KoDDoS Blog.
Read MoreA Chinese hacker group, Bronze Starlight, has launched a hacking campaign against the Southeast Asian gambling industry. The hacker group has used a valid certificate to launch this malicious campaign while also using the Ivacy Virtual Private Network (VPN). Bronze Starlight hacker group linked to a recent campaign The activities of this hacker group were … Continue reading Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate
The post Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate appeared first on KoDDoS Blog.
Read MoreHackers based in North Korea conducted an unsuccessful campaign to access information on a joint military drill operation by the US and South Korean military forces. The military drills will commence on Monday, explaining why South Korean hackers are trying to obtain access to the activity. North Korean hackers Target US-South Korean Military drills The … Continue reading North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills
The post North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills appeared first on KoDDoS Blog.
Read MoreSuspected Chinese threat actor groups behind an exploit on the State Department also hacked US Representative Don Bacon. The Republican representative from Nebraska also serves on the House Armed Services Committee. Chinese hackers hack GOP Congressman Chinese hackers are believed to be behind a campaign that forged Microsoft customer identities. The hacking campaign infiltrated the … Continue reading Suspected Chinese Hackers Behind Microsoft Cloud Breach Hacked US Rep Emails
The post Suspected Chinese Hackers Behind Microsoft Cloud Breach Hacked US Rep Emails appeared first on KoDDoS Blog.
Read MoreWhat's going on? A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit , Rhysida , and BlackSuit , it still presents a serious threat to organizations. What's "junk gun" ransomware? It's a name coined by Sophos researchers for unsophisticated ransomware that is often sold cheaply as a one-time purchase. "Junk gun" ransomware is appealing to a criminal who wants to operate independently but lacks technical skills. Can you give some examples? Sure. The Kryptina ransomware was made available for sale in December...
Read MoreTech leaders taking cybersecurity seriously is something of a double-edged sword. While it’s undoubtedly good that organizations are waking up to the genuine threat cyberattacks pose, it’s depressing that they must siphon off so many resources to protect themselves rather than using them for growth and innovation. A recent survey of UK technology leaders, run by UK IT Leaders and the Horizon CIO Network, revealed that over half of those surveyed said cybersecurity was their top priority for 2024. Again, this is both a good and bad thing. The cyber threat landscape is about as dangerous as ever...
Read MoreAlexandre Dumas's timeless novel "The Three Musketeers" immortalized the ideal of unyielding solidarity, the enduring motto "All for one and one for all." In the face of ever-evolving threats in the digital realm, the European Union echoes this spirit with its landmark Cyber Solidarity Act . This new legislation recognizes that collective defense is the cornerstone of cybersecurity – in a world where a cyberattack on one nation can have ripple effects across borders, a unified response is no longer an option but a necessity. The stakes are high. Cyberattacks on businesses, government...
Read MoreIn 2023, companies lost about $4.45 million on average because of data breaches. As cyber threats advance, securing endpoints is more important than ever. An advanced Host-based Intrusion Detection System (HIDS) provides a sturdy remedy to improve endpoint security . By monitoring and examining system responses and device status, HIDS identifies and tackles nefarious behaviors that are often overlooked by conventional defenses. The Significance of Advanced HIDS in Endpoint Security An advanced HIDS plays a crucial part in strengthening endpoint security. It is capable of identifying and...
Read MoreBudgetary and resource constraints play a huge role in cyberattacks on smaller organizations. Amidst a strained global economy, many under-resourced organizations like non-profits, local governments, and hospitals struggle to keep their heads above water - they simply don't have the funds to invest in cybersecurity. To make matters worse, cybercriminals see these organizations as easy prey. Although they may not be able to shell out for extortionate ransom demands as big business can, at the end of the day, data is data and is always worth something on the dark web. In many cases, smaller...
Read MoreThe experience of seeing a doctor has transformed dramatically, thanks in part to the emergence of telemedicine. This digital evolution promises convenience and accessibility but brings with it a host of cybersecurity risks that were unimaginable up until a few years ago. The unique cybersecurity challenges facing telemedicine today underscore the importance of adopting stringent security measures to protect the sanctity of this vital service. Advanced Cybersecurity Threats to Telemedicine The stakes are high as the healthcare sector grapples with the dual challenge of expanding digital...
Read MoreAs businesses transition to hybrid and multi-cloud setups, vulnerabilities arising from misconfigurations and security gaps are escalating, attracting attention from bad actors. In response, the US National Security Agency (NSA) issued a set of ten recommended mitigation strategies, published earlier this year (with support from the US Cybersecurity and Infrastructure Security Agency on six of the strategies). The recommendations cover cloud security, identity management, data protection, and network segmentation. Let ' s take a closer look: 1. Uphold the Cloud Shared Responsibility Model...
Read MorePolice have successfully infiltrated and disrupted the fraud platform "LabHost", used by more than 2,000 criminals to defraud victims worldwide. A major international operation, led by the UK's Metropolitan Police, has seized control of LabHost , which has been helping cybercriminals create phishing websites since 2021 to steal sensitive information like passwords, email addresses, and bank details. LabHost has helped criminals create over 40,000 fraudulent websites and steal data from over 70,000 victims in the UK alone. Scammers used the service to steal vast amounts of information...
Read MoreI’m always surprised – and a little disappointed – at how far we have to go before supply chain cybersecurity gets the respect and attention it deserves. I sat down this week with a new client who wanted some help addressing several internal issues surrounding their IT systems. When I asked them about their relationship with the supplier – essentially, how was their supply chain cybersecurity? - their response was not only worrying but, unfortunately, quite typical. "Well, we've used them since we first started the business a couple of years ago, so we've kind of grown up together,” they...
Read MoreCybersecurity has always been a complex field. Its adversarial nature means the margins between failure and success are much finer than in other sectors. As technology evolves, those margins get even finer, with attackers and defenders scrambling to exploit them and gain a competitive edge. This is especially true for AI. In February, the World Economic Forum (WEF) published an article entitled " AI and cybersecurity: How to navigate the risks and opportunities ," highlighting AI's existing and potential impacts on cybersecurity. The bottom line? AI benefits both the good and bad guys, so it's...
Read MoreThe post Russian hacking group claims responsibility for cyberattack on Indiana wastewater plant appeared first on CyberScoop.
Read MoreAttacks on elections have become more multifaceted over the past decade, but fears of a hacked election — real or perceived — remain one of the biggest threats.
The post Campaigns and political parties are in the crosshairs of election meddlers appeared first on CyberScoop.
Read MoreThe program warns organizations running software or hardware with vulnerabilities that are being exploited by ransomware gangs.
The post CISA ransomware warning program has sent out more than 2,000 alerts appeared first on CyberScoop.
Read MoreU.S. agencies want to secure the Border Gateway Protocol, but experts question whether their approach could worsen security.
The post FCC wants rules for ‘most important part of the internet you’ve probably never heard of’ appeared first on CyberScoop.
Read More$10 million rewards offered for information regarding the accused, who are allegedly connected to a pair of IRGC front companies.
The post Iranian nationals charged with hacking U.S. companies, Treasury and State departments appeared first on CyberScoop.
Read MoreSteve Kramer tells CyberScoop he hasn’t seen the lawsuit filed against him over the New Hampshire primary robocall, but it won’t be successful.
The post Democratic operative behind Biden AI robocall says lawsuit won’t ‘get anywhere’ appeared first on CyberScoop.
Read MoreThe revelations from the UnitedHealth Group subsidiary come as the company acknowledges paying a ransom in the case.
The post Stolen Change Healthcare data could contain information on ‘a substantial portion’ of Americans appeared first on CyberScoop.
Read MoreOthers contend that loosening things up could have dangerous consequences, and the administration should go the opposite direction.
The post Proposed data broker regulations draw industry pushback on anonymized data exceptions, bulk thresholds appeared first on CyberScoop.
Read MoreCISA and OMB have just a handful of outstanding tasks to finish as part of the president’s 2021 order.
The post Cybersecurity executive order requirements are nearly complete, GAO says appeared first on CyberScoop.
Read MoreA two-year extension of Section 702 of the Foreign Intelligence Surveillance Act clears the chamber in a 60-34 vote Saturday.
The post FISA reauthorization heads to Biden’s desk after Senate passage appeared first on CyberScoop.
Read MoreCISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Cisco Talos this week warned that the nation-state actor UAT4356 (aka STORM-1849) has been exploiting two zero-day vulnerabilities in Adaptive Security […]
Read MoreU.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Cisa added the flaw to the KEV catalog after Microsoft reported that the Russia-linked APT28 group (aka “Forest Blizzard”, […]
Read MoreThe U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer Samourai. The U.S. Department of Justice (DoJ) has arrested two co-founders of the cryptocurrency mixer Samourai and seized the service. The allegations include claims of facilitating over $2 billion in illicit transactions and laundering more than $100 million in criminal […]
Read MoreGoogle addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine. Google addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The vulnerability CVE-2024-4058 is a Type Confusion issue that resides in the ANGLE graphics layer engine. An attacker can exploit this vulnerability […]
Read MoreNation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Cisco Talos warned that the nation-state actor UAT4356 (aka STORM-1849) has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. […]
Read MoreA malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners. Threat actors employed two different types of backdoors and targeted large corporate networks […]
Read MoreThe Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their role in cyberattacks against the U.S.. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions on four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. OFAC has also sanctioned […]
Read MoreA cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all day and severely impacted the council’s operations The Leicester City Council suffered a cyber attack that severely impacted the authority’s services in March and led to the leak of confidential documents. The ransomware group behind the attack leaked multiple documents, including rent statements and […]
Read MoreThe National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities. The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities to steal defense technology information. North Korea-linked APT groups Lazarus, Andariel, and Kimsuky hacked multiple defense companies in South […]
Read MoreThe U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the commercial spyware business. The US Department of State is imposing visa restrictions on 13 individuals involved in the development and sale of commercial spyware or their immediate family members. The measure aims to counter the misuse of surveillance technology targeting […]
Read MoreThreat actors utilize fraudulent websites hosted on popular legitimate platforms to spread malware and steal data. To evade detection, attackers employ obfuscation methods and checks on referral URLs.
Read MoreThe FTC is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections.
Read MoreThe research identified deficiencies in various PMP components that could be exploited to gain access to plaintext content keys guarded by PlayReady DRM in Windows 10/11 environments.
Read MoreThe hackers, identified as UAT4356 by Cisco Talos and STORM-1849 by Microsoft, began infiltrating vulnerable edge devices in early November 2023 in a cyber-espionage campaign tracked as ArcaneDoor.
Read MoreMost businesses are concerned about AI-enabled cyber-threats, with 93% of security leaders expecting to face daily AI-driven attacks by the end of 2024, according to a new report by Netacea.
Read MoreThe two founders of a cryptocurrency mixing service that allegedly obfuscated the origins of at least $100 million in criminal proceeds have been arrested, the Department of Justice announced Wednesday.
Read MoreFlowon developer Progress Software first alerted about the flaw on April 4, warning that it impacts versions of the product v12.x and v11.x. The company urged system admins to upgrade to the latest releases, v12.3.4 and 11.1.14.
Read MoreOn Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco product vulnerabilities — CVE-2024-20353 and CVE-2024-20359 — as well as one vulnerability affecting popular file transfer tool CrushFTP.
Read MoreGoogle announced it is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls.
Read MoreChinese and Russian hackers have turned their focus to edge devices — like VPN appliances, firewalls, routers and Internet of Things (IoT) tools — amid a startling increase in espionage attacks, according to Google security firm Mandiant.
Read MoreA security researcher discovered vulnerabilities in the popular phone-tracking app iSharing, which has over 35 million users. The bugs allowed a user to access others' precise coordinates, even if the user wasn't actively sharing their location data.
Read MoreResearchers observed a malicious ad campaign targeting Facebook users via Google search. The ad, which appears at the top of Google search results for the keyword "Facebook," redirects users to a scam page.
Read More"SSLoad is designed to stealthily infiltrate systems, gather sensitive information and transmit its findings back to its operators," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News.
Read MoreAn Iranian state-sponsored hacking group successfully infiltrated hundreds of thousands of employee accounts at US companies and government agencies, including the US Treasury and State Department, as part of a five-year cyber espionage campaign.
Read MoreThe vulnerabilities could be exploited to "completely reveal the contents of users' keystrokes in transit," researchers Jeffrey Knockel, Mona Wang, and Zoë Reichert said.
Read MoreSalt Security have announced the release of its new multi-layered OAuth protection package to detect attempts to exploit OAuth and proactively fix vulnerabilities. Salt is enhancing its API protection platform with a comprehensive suite of new OAuth threat detections and posture rules to address the growing challenge of OAuth exploitation. The company is the first […]
The post Salt Security Enhances API Security Platform with OAuth Protection Package first appeared on IT Security Guru.
The post Salt Security Enhances API Security Platform with OAuth Protection Package appeared first on IT Security Guru.
Read MoreTwo formidable female tech leaders have joined forces to launch an innovative new leadership development and mentoring platform for the cyber community – Leading Cyber. Danielle Phillips, Founder and Managing Director of Durham based Inside Out, and Director at CyberNorth has collaborated with Annabel Berry, Founder of The Lamplight, experienced CEO, and Chair of the Strategic Board at CyberNorth, […]
The post Female Tech Duo take Flight to Dubai to Launch the future of Cyber Leadership first appeared on IT Security Guru.
The post Female Tech Duo take Flight to Dubai to Launch the future of Cyber Leadership appeared first on IT Security Guru.
Read MoreLast week, the IT Security Guru team attended Cydea’s Risk Management Platform launch in London. After the event, Robin Oldham, CEO and Founder of Cydea, sat down with the Gurus to answer some questions about risk management and why it’s critical for businesses to take it seriously. Established in 2019, Cydea set out to expel […]
The post Interview: Cydea’s Risk Management Platform, Understanding Not Eliminating Risk first appeared on IT Security Guru.
The post Interview: Cydea’s Risk Management Platform, Understanding Not Eliminating Risk appeared first on IT Security Guru.
Read MoreNetacea, the bot detection and response specialist, today announced new research into the threat of AI-driven cyberattacks. It finds that most businesses see “offensive AI” fast becoming a standard tool for cybercriminals, with 93% of security leaders expecting to face daily AI-driven attacks. The research, Cyber security in the age of offensive AI, surveyed security […]
The post AI-driven cyber attacks to be the norm within a year, say security leaders first appeared on IT Security Guru.
The post AI-driven cyber attacks to be the norm within a year, say security leaders appeared first on IT Security Guru.
Read MoreCoalition, the world’s first Active Insurance provider designed to prevent digital risk before it strikes, today published its 2024 Cyber Claims Report, which details emerging cyber trends and their impact on Coalition policyholders throughout 2023. The report found that more than half (56%) of all 2023 claims were a result of funds transfer fraud (FTF) […]
The post Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox first appeared on IT Security Guru.
The post Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox appeared first on IT Security Guru.
Read MoreAccording to the Department for Science, Innovation and Technology (DSIT), only 17% of the UK cyber sector workforce is female, and this is down from 22% in 2022. To make matters worse, we’re fighting a losing battle against an ever-increasing cyber skills gap. In fact, there’s a shortfall of over 11,000 people to meet the […]
The post Expert Insight: ‘Minding the Gap’: How can we work to make cyber accessible for women? first appeared on IT Security Guru.
The post Expert Insight: ‘Minding the Gap’: How can we work to make cyber accessible for women? appeared first on IT Security Guru.
Read MoreKnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced it has entered into a definitive agreement to acquire Egress, a leader in adaptive and integrated cloud email security. Egress’ Intelligent Email Security suite provides a set of scaled, AI-enabled security tools with adaptive learning capabilities to help prevent, […]
The post KnowBe4 acquires UK’s Egress to create advanced AI-driven platform to manage human risk first appeared on IT Security Guru.
The post KnowBe4 acquires UK’s Egress to create advanced AI-driven platform to manage human risk appeared first on IT Security Guru.
Read MoreSearch giant Google is currently undergoing one of its biggest algorithm updates in its history, sources are told. The online search platform which manages more than 8 billion searches per day is doing a significant update to its internal systems which will impact how search queries will be shown, with attention to parasite websites, improved […]
The post Google’s Core Update is ‘Biggest’ Algorithm Update in History first appeared on IT Security Guru.
The post Google’s Core Update is ‘Biggest’ Algorithm Update in History appeared first on IT Security Guru.
Read MoreCybersecurity is ‘inclusive’ by nature: no one is exempt from the fallout of the expanding cyber threat landscape. The notion, therefore, that some groups of individuals are offered fewer opportunities to join the cyber industry than others is frankly absurd. ISC2’s latest Cybersecurity Workforce Study gives us a snapshot into the supply and demand of […]
The post Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army first appeared on IT Security Guru.
The post Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army appeared first on IT Security Guru.
Read MoreMandiant, part of Google Cloud, today released the findings of its M-Trends 2024 report. Now in its 15th year, this annual report provides expert trend analysis based on Mandiant frontline cyber attack investigations and remediations conducted in 2023. The 2024 report reveals evidence that organizations globally have made meaningful improvements in their defensive capabilities, identifying […]
The post Mandiant’s M-Trends Report Reveals New Insights from Frontline Cyber Investigations first appeared on IT Security Guru.
The post Mandiant’s M-Trends Report Reveals New Insights from Frontline Cyber Investigations appeared first on IT Security Guru.
Read MoreNavigating Access and Security in the Stolen Credentials Landscape By Tom Caliendo, Cybersecurity Reporter, Co-Founder at Brocket Consulting LLC In the last few years, an unprecedented number of stolen login […]
The post Data Breach Search Engines appeared first on Cyber Defense Magazine.
Read MoreIn an alarming revelation, officials from the Minnesota-based UnitedHealth Group disclosed on Monday that the health insurance and services giant fell victim to a cyberattack, resulting in the breach of […]
The post UnitedHealth Group Pays Ransom After Cyberattack: What You Need to Know appeared first on Cyber Defense Magazine.
Read MoreBy Nick France, CTO at Cybersecurity Leader Sectigo Given the fact that bad actors are always on the prowl, 2024 is off to a fast start with numerous cybersecurity incidents […]
The post Cybersecurity Trends and Predictions for 2024 appeared first on Cyber Defense Magazine.
Read MoreThanks to AI, phishing attacks are better than ever. So is our ability to stop them. By Antonio Sanchez, Principal Cybersecurity Evangelist at Fortra AI has always been a lurking […]
The post AI is Revolutionizing Phishing for Both Sides. What will make the Difference? appeared first on Cyber Defense Magazine.
Read MoreBy: Rajat Kohli, Partner at Zinnov There is something to be learned from epic fantasy productions like Harry Potter. That every few years, there will be a gifted wizard who […]
The post Crafting AI’s Future: Decoding the AI Executive Order appeared first on Cyber Defense Magazine.
Read MoreBy Mike Starr, CEO of Trackd It’s often paid lip service to (or worse, intentionally neglected), and rarely appreciated, but there’s an operational cost to be paid for security. Security […]
The post Weighing Down Cyberrisk Options: How to Make Objective Cybersecurity Decisions Without Negatively Impacting the Organization’s IT Teams? appeared first on Cyber Defense Magazine.
Read MoreBy David Lee, Chief Evangelist and Visionary for Tech Diversity As technology rapidly evolves and advances, it can often seem inaccessible and intimidating for the everyday person. For Black Americans […]
The post Connecting Tech to Black America appeared first on Cyber Defense Magazine.
Read MoreBy Rigo Van den Broeck, Executive Vice President, Cyber Security Product Innovation at Mastercard Cybercrime is set to cost $10.3 trillion worldwide by 2025, and it’s growing fast. It’s a […]
The post The Importance of Cyber Hygiene for Businesses appeared first on Cyber Defense Magazine.
Read MoreBy Roger Spears, Schneider Downs Whenever the new year rolls around, resolutions—to achieve a goal, improve a behavior or continue good practices—abound. And, while many resolutions center personal goals such […]
The post 5 Cybersecurity Resolutions for the New Year appeared first on Cyber Defense Magazine.
Read MoreBy Prakash Mana, CEO, Cloudbrink Security will continue to head the list of priorities for CISOs in 2024, but how we secure our enterprises will need rethinking in the face […]
The post Hybrid Working is Changing How We Think About Security appeared first on Cyber Defense Magazine.
Read MoreIn the waning years of the 20th century, amid growing anxieties about the turn of the millennium, one man, Robert Bemer, observed the unfolding drama from his remote home on King Possum Lake. A revered figure in computing, Bemer had early on flagged a significant, looming issue known as the Y2K bug, which threatened to disrupt global systems as calendars rolled over to the year 2000. This episode delves into Bemer's life during this critical period, exploring his predictions, the ensuing global frenzy to avert disaster, and the disparate views on whether the billions spent in prevention were justified or merely a response to a misunderstood threat.
In the 1950s and 60s - even leading into the 1990s - the cost of storage was so high, that using a 2-digit field for dates in a software instead of 4-digits could save an organization between $1.2-$2 Million dollars per GB of data. From this perspective, programming computers in the 1950s to record four-digit years would’ve been outright malpractice. But 40 years later, this shortcut became a ticking time bomb which one man, computer scientist Bob Bemer, was trying to diffuse before it was too late.
Read MoreToday, enterprises are accelerating to invest into digitalization to stay ahead of competition. They are increasingly encountering an evolving threat landscape and complex security challenges - with more workloads in multi clouds, more workforces in hybrid environments, and more intelligent devices connected in mission critical operations. This transformation journey is exacerbated by an exponential increase in compute resources, as well as data volumes and security tooling driving up the cost of storing, managing and analyzing the data for security purposes.
Read MoreCybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.
Read MoreThe 2008 Russo-Georgian War marked a turning point: the first time cyberattacks were used alongside traditional warfare. But what happens when the attackers aren't soldiers, but ordinary citizens? This episode delves into the ethical and legal implications of civilian participation in cyberwarfare, examining real-world examples from Ukraine and beyond.
Read MoreCybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.
Read MoreAs an Ex-Amazonian (AWS) and cloud-native guy by passion, I never thought I would write a blog post like the following. But I'm also a Defender, a cyber security enthusiast and most of all customer obsessed and therefore I recognize that the world is not black and white, instead it's colorful with a wide range of colors and several nuances. So are the requirements from companies. This leads us to the questions:
Read MoreCybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.
Read MoreIf I could have one wish for 2024, it would be that we stop calling ransomware by the same name.
Read MoreIn 1991, Kevin Mitnick was bouncing back from what was probably the lowest point of his life. He began to rebuild his life: he started working out and lost a hundred pounds, and most importantly - he was finally on the path towards ditching his self-destructive obsession of hacking.
But just as he was in the process of turning his life around, his brother introduced him to a hacker named Eric Heinz, who told him about a mysterious piece of equipment he came across while breaking into Pacific Bell: SAS, a testing system that allowed its user to listen in on all the calls going through the telephone network. SAS proved to be too great of a temptation for Mitnick, who desperately wanted to wield the power that the testing system could afford him.
Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.
As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.
Read MoreOur "construction project" is progressing nicely.
And it should resolve this…
Fix mobile usability issues?
Translation: your site doesn't help us sell more Android phones and ads.
But whatever, the "issues" should be fixed soon enough.
On 18/08/15 At 12:52 PM
Read MoreRegular readers will have noticed it's been slow here of late.
Under Construction
We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.
More info coming soon.
In the meantime, you can still catch us on Twitter.
On 13/08/15 At 01:25 PM
Read MoreAsk, and sometimes, you shall receive.
Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.
Apple released iOS 9 Public Beta 2:
And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.
We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.
Kudos Apple! Looking forward to seeing this in iOS 9's general release.
Big hat tip to Rosyna Keller.
On 23/07/15 At 09:53 AM
Read MoreRecent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.
Linux support added with the cross-platform SeaDuke malware
Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.
An example of the cross-platform support found in SeaDuke.
A new set of solutions with the CloudDuke malware toolset
Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:
� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb
The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.
We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.
A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.
Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.
A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.
All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.
CloudDuke spear-phishing campaigns and similarities with CozyDuke
CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".
Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.
Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.
The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.
Increasingly using cloud services to evade detection
CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.
In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.
By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).
Directing limited resources towards evading detection and staying ahead of defenders
Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.
The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.
Research and post by Artturi (@lehtior2)
F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B
Samples:
04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd
Compromised servers used for command and control:
hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php
Compromised websites used to host CloudDuke:
hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP
On 22/07/15 At 11:59 AM
Read MoreVPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.
The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.
On 20/07/15 At 12:40 PM
Read MoreThe Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:
"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."
Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…
First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.
A Google Search returns several live scam sites with this text:
"Due to a third party application in your phone, IOS is crashed."
Here's one of the sites as viewed with iOS Safari on an iPad:
Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.
What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.
Here's the same site as viewed with Google Chrome for Windows:
Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)
Wouldn't be great if all browsers supported this prevention feature?
Yeah, we think so, too.
But it's not just browsers, apps with browser functionality can also be affected.
Here's an example of a JavaScript dialog displayed via Cydia.
The end of the Telegraph's article included the following advice from City of London police:
"Never give your iCloud username and password or your bank details to someone over the phone."
Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.
Hopefully they stay that way. (They won't.)
On 17/07/15 At 10:15 AM
Read MoreAfter Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.
Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.
Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.
Here are the stats for each exploit kit:
The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.
But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:
Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.
As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.
We have verified this after discovering that there was a different URL pattern being detected by Angler:
We looked at the flash exploit used by both kits, and the two are very much identical.
Angler Flash Exploit:
HanJuan Flash Exploit:
There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.
In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:
Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A
UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.
On 13/07/15 At 12:29 PM
Read MoreWhen hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.
The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).
According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.
Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):
Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:
Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.
According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.
Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.
MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.
Post by – Su Gim
On 08/07/15 At 02:31 AM
Read MoreThe Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.
Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.
(Source)
So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.
Why is this interesting?
Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.
And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.
The Paradox
So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.
Unintended Consequences
The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?
The BIS is taking comments until July 20th.
On 09/06/15 At 01:25 PM
Read MoreI visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…
"UK Law states that we must know who is using our Wi-Fi at all times."
Now I'm not a lawyer — but that seems like quite the disingenuous claim.
Mobile number, post code, and date of birth??
I wonder how many people fall for this type of malarkey.
Post by — @Sean
On 08/06/15 At 01:27 PM
Read MoreThere's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.
Crashing a phone with an SMS? That's so 2008.
S60 SMS Exploit Messages
Unlike 2008, this time kids are reportedly using the vulnerability to harass others.
Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.
Updated to add:
Here's the "Effective Power" exploit crashing an iPhone 6:
Effective Power Unicode iOS hack on iPhone 6
And this… is Effective Power crashing the iOS Twitter app:
Effective Power Unicode iOS hack vs Twitter
On 28/05/15 At 01:56 PM
Read MoreIn the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.
The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:
When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:
So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.
Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.
So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:
Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.
The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:
If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:
And then to the malware itself:
This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.
(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)
Post by — Victor
On 19/05/15 At 03:17 AM
Read MoreSecuring your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.
Don't worry, it's an authorized hack, she asked her mom for permission.
On 15/05/15 At 12:46 PM
Read MoreThe post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.
Read MoreThe post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.
Read MoreThe post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.
Read MoreThe post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.
Read MoreThe post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.
Read MoreBad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]
The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.
Read MoreGMX (Global Mail eXchange) Mail is an email service where users may register up to 10 individual email addresses at no cost. As a result, threat actors are leveraging this service to easily spin up new email addresses and effectively delivering phishing attacks that bypass Microsoft o365 and Google Workspace, landing in an organization’s email […]
The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.
Read MoreThe shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]
The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.
Read MoreIn cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]
The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.
Read MoreOur global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries. As a result, the continued strain on the supply chain puts added pressure on businesses as they […]
The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.
Read MoreCrushFTP urges customers to patch servers with new versions due to discovering zero-day. The CrushFTP zero-day vulnerability is tracked tracked CVE-2024-4040 and enables hackers to escape VFS and download system files. Its CVSS is 9.8, which is critical. CrushFTP zero-day explained CrushFTP is vulnerable to a server-side template injection issue that affects versions before 10.7.1 […]
The post Patch Now! CrushFTP Zero-day Lets Attackers Download System Files appeared first on Heimdal Security Blog.
Read MoreMITRE Corporation announced that state-backed hackers used Ivanti zero-day vulnerabilities to breach their system. The attack happened in January 2024 and impacted MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). NERVE is an unclassified collaborative network that researchers use. The two Ivanti vulnerabilities were: authentication bypass CVE-2023-46805 command injection CVE-2024-21887 None of them had an […]
The post MITRE Breached – Hackers Chained 2 Ivanti Zero-days to Compromise VPN appeared first on Heimdal Security Blog.
Read MorePatching is the second most challenging and resource-consuming task of a System Administrator. That’s what Alex Panait told me when I wanted to know his opinion on the benefits and hurdles of patching. Alex has been a System Administrator in Internal IT at Heimdal for the last 8 years. He’s seen the company developing and […]
The post A System Administrator’s Challenges in Patch Management appeared first on Heimdal Security Blog.
Read MoreManaging user accounts and ensuring the security of data and information systems are crucial for any business. To assist organizations in this task, we offer a comprehensive Account Management Policy Template designed to streamline the process of account creation, maintenance, and termination. This template is adaptable and available in three formats—PDF, Word, and Google Docs—to […]
The post Free and Downloadable Account Management Policy Template appeared first on Heimdal Security Blog.
Read MoreChoosing a cybersecurity solution is no easy task. Some solutions specialize in one thing, while others take a broader, unified approach. Finding the right balance for your company depends on many factors such as size, price, support, or complexity. Atera and ConnectWise are some of the most common solutions, and in this article, we’ll compare […]
The post Atera vs. ConnectWise: Head-to-Head Comparison (And Alternative) appeared first on Heimdal Security Blog.
Read MoreIf you run an MSP business, choosing a remote monitoring and management (RMM) platform will be a critical business decision. A quality RMM allows you to oversee your customers’ IT environments, remediate issues, and manage everything from patches to software updates. There are many RMM tools out there, so deciding which one is right for […]
The post NinjaOne vs. Atera: A Deep Comparison Between the Solutions appeared first on Heimdal Security Blog.
Read MoreCybersecurity researchers unveiled a new malvertising campaign that uses malicious Google ads to deliver a backdoor dubbed ‘MadMxShell’. The ads leverage a set of domains to push the backdoor and mimic legitimate IP scanner software. The 45 domains, registered between November 2023 and March 2024 pose as IP scanner software such as: Angry IP Scanner […]
The post Deceptive Google Ads Mimic IP Scanner Software to Push Backdoor appeared first on Heimdal Security Blog.
Read MoreWhen it comes to endpoint detection tools, the cybersecurity market is a pretty crowded place. Finding the right one for your business can be a minefield. Some are designed to do one thing very well; others offer a broader, more unified solution. One product might be perfect for enterprises, but far too expensive and unwieldy […]
The post CrowdStrike vs. SentinelOne: Which One Is Better For Endpoint Security? appeared first on Heimdal Security Blog.
Read MoreResearchers observed a rise in daily infection attempts leveraging old TP-Link Archer Command Injection Vulnerability. Since March 2024, six botnet malware operations showed interest in scanning TP-Link Archer AX21 (AX1800) routers for CVE-2023-1389. The daily number of attempts ranged between 40,000 – 50,000 during the month. Source – Bleeping Computer The vendor released a patch […]
The post Surge in Botnets Exploiting CVE-2023-1389 to Infect TP-Link Archer Routers appeared first on Heimdal Security Blog.
Read MoreResearchers discovered an overlooked vulnerability in Lighttpd web server that is used in Baseboard Management Controllers (BMCs). The flaw impacts hardware vendors that use AMI MegaRAC BMCs, like Intel, Lenovo and Supermicro. Although developers discovered and fixed the Lighttpd flaw back in 2018, the vulnerability didn’t get a CVE. Further on, Lighttpd users, like AMI […]
The post Years-Old Vulnerability in AMI MegaRAC BMCs Impacts Intel and Lenovo Hardware appeared first on Heimdal Security Blog.
Read MorePatch management is one of the most effective, yet overlooked cybersecurity practices to keep your operations safe. And it’s not just me saying it, statistics do too. For example, were you aware that 80% of cyberattacks happen due to unpatched vulnerabilities? With 84% of companies and online businesses reporting suffering at least one cyberattack in […]
The post Your All-In Guide to MSP Patch Management Software in 2024 [Template Included] appeared first on Heimdal Security Blog.
Read MoreEmail serves as a fundamental communication tool in business operations, necessitating stringent security measures to protect sensitive information and maintain corporate integrity. Our email security policy template serves as a comprehensive guide for companies looking to implement robust email security practices. It’s written in three different formats (PDF, Word, Google Docs) to suit all business […]
The post Free and Downloadable Email Security Policy Template appeared first on Heimdal Security Blog.
Read MoreTwo methods that researchers have found might allow attackers to get around audit logs or produce less serious entries when they download data from SharePoint. Due to the sensitivity of SharePoint data, a lot of businesses audit sensitive occurrences, such as data downloads, to set off alarms in security information and event management platforms (SIEMs), […]
The post SharePoint Flaws Could Help Threat Actors Evade Detection Easier When Stealing Files appeared first on Heimdal Security Blog.
Read MoreA new emergency directive from CISA requires U.S. federal agencies to address the risks associated with the Russian hacking group APT29’s compromise of several Microsoft business email accounts. On April 2, Federal Civilian Executive Branch (FCEB) agencies received Emergency Directive 24-02. They must look into potentially impacted emails, reset any compromised passwords, and take precautions […]
The post CISA Issues Emergency Directive and Orders Agencies to Mitigate the Risks of the Microsoft Hack appeared first on Heimdal Security Blog.
Read MoreThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Thursday about a data breach at Sisense, a US business intelligence software. The agency strongly recommended that all Sisense users promptly change their passwords and any other potentially compromised credentials used to access the company’s services. The agency also advised users to be […]
The post CISA Urges Sisense Customers to Reset Credentials and Report Suspicious Activity appeared first on Heimdal Security Blog.
Read MoreNo summary available.
Read MoreNo summary available.
Read MoreI&#;x26;#;39;ve been working on comparing data from different DShield [1] honeypots to understand differences when the honeypots reside on different networks. One point of comparison is malware submitted to the honeypots. During a review of the summarized data, I noticed that one honeypot was an outlier in terms of malware captured.
Read MoreNo summary available.
Read MoreA while back I got an email from Perry, one of our readers who was having a problem using my cvescan script, which I covered in a 3 part story back in 2021:
Read MoreLike many similar frameworks and languages, Struts 2 has a "developer mode" (devmode) offering additional features to aid debugging. Error messages will be more verbose, and the devmode includes an OGNL console. OGNL, the Object-Graph Navigation Language, can interact with Java, but in the end, executing OGNL results in arbitrary code execution. This OGNL console resembles a "web shell" built into devmode.
Read MoreNo summary available.
Read MoreIt has been nearly three years since we last looked at the number of industrial devices (or, rather, devices that communicate with common OT protocols, such as Modbus/TCP, BACnet, etc.) that are accessible from the internet[1]. Back in May of 2021, I wrote a slightly optimistic diary mentioning that there were probably somewhere between 74.2 thousand (according to Censys) and 80.8 thousand (according to Shodan) such systems, and that based on long-term data from Shodan, it appeared as though there was a downward trend in the number of these systems.
Read MoreNo summary available.
Read MoreThe downloadable format of CVE&#;x26;#;39;s from Miter will be changing in June 2024, so if you are using CVE downloads to populate your scanner, SIEM or to feed a SOC process, now would be a good time to look at that. If you are a vendor and use these downloads to populate your own feeds or product database, if you&#;x26;#;39;re not using the new format already you might be behind the eight ball!
Read MoreAccording to the U.S. Chamber of Commerce, the pressure is mounting on small and medium businesses (SMBs), as they must get their cyber preparedness correct or the next cyber attacks could prove disastrous.
Read MoreAttackers are launching phishing campaigns using an open-redirect vulnerability affecting a website belonging to coffee machine company Nespresso, according to researchers at Perception Point.
Read MoreGlobal optics manufacturer Hoya had business operations at its headquarters and several business divisions impacted and is now facing a “No Negotiation / No Discount Policy” $10 million ransom decision to make.
Read MoreWe’re thrilled to announce our newest addition to our ModStore’s already brimming collection of games with a new offering based on our award-winning “The Inside Man” training series!
KnowBe4 is committed to sustainability and helping protect the environment, as evidenced by our initiatives such as our public commitment to sustainability, our planting trees and supporting local bee hives, and even our CEO Stu Sjouwerman’s donation of $2.5M to the Florida Wildlife Corridor.
Read MoreWe released a new game, now available on the KnowBe4 Modstore. I played it myself and this is recommended for all Inside Man fans!
"Mark Shepherd, The Inside Man himself, is recruiting a crack security team to thwart the sinister ‘Handler’. Your mission is to accumulate points in a series of challenges that apply lessons learnt throughout The Inside Man series, to test your expertise in combating phishing, social engineering, password breaches, ransomware and document security. "
This new Game is 10 minutes in duration, available in English (GB), and at Diamond subscription level.
A new survey of physicians details the devastating impact of the Change Healthcare cyber attack on the healthcare sector.
Read MoreCritical infrastructure like electrical, emergency, water, transportation and security systems are vital for public safety but can be taken out with a single cyberattack. How can cybersecurity professionals protect their cities?
In 2021, a lone hacker infiltrated a water treatment … (more…)
Read MoreSan Francisco, Calif. — The amazing digital services we have today wouldn’t have come to fruition without the leading technology and telecom giants investing heavily in R&D.
Related: GenAi empowers business
I had the chance to attend NTT Research’s Upgrade … (more…)
Read MoreSan Francisco and Tokyo, Apr. 11, 2024 – At Upgrade 2024, NTT Corporation (NTT) and NTT DATA announced the successful demonstration of All-Photonics Network (APN)-driven hyper low-latency connections between data centers in the United States and United Kingdom.… (more…)
Read MoreMountain View, Calif. – April 11, 2024 – Simbian today emerged from stealth mode with oversubscribed $10M seed funding to deliver on fully autonomous security.
As a first step towards that goal, the company is introducing the industry’s first GenAI-powered … (more…)
Read MoreCISOs can sometimes be their own worst enemy, especially when it comes to communicating with the board of directors.
Related: The ‘cyber’ case for D&O insurance
Vanessa Pegueros knows this all too well. She serves on the board of several … (more…)
Read MoreIt’s a digital swindle as old as the internet itself, and yet, as the data tells us, the vast majority of security incidents are still rooted in the low-tech art of social engineering.
Related: AI makes scam email look real… (more…)
Read MoreThe technology and best practices for treating cybersecurity as a business enabler, instead of an onerous cost-center, have long been readily available.
Related: Data privacy vs data security
However, this remains a novel concept at most companies. Now comes a … (more…)
Read MoreThe National Institute of Standards and Technology (NIST) has updated their widely used Cybersecurity Framework (CSF) — a free respected landmark guidance document for reducing cybersecurity risk.
Related: More background on CSF
However, it’s important to note that most of … (more…)
Read MoreCongressional bi-partisanship these day seems nigh impossible.
Related: Rising tensions spell need for tighter cybersecurity
Yet by a resounding vote of 352-65, the U.S. House of Representatives recently passed a bill that would ban TikTok unless its China-based owner, ByteDance … (more…)
Read MoreA close friend of mine, Jay Morrow, has just authored a book titled “Hospital Survival.”
Related: Ransomware plagues healthcare
Jay’s book is very personal. He recounts a health crisis he endured that began to manifest at the start of what … (more…)
Read MoreThe FTC is paying Ring customers in the US a totoal of $5.6 million over charges that the company allowed employees to access private videos.
Read MoreThe US Senate has approved a bill that will ban TikTok, unless it finds a new owner, bringing it one step closer to being signed into law.
Read MoreBeware of this malicious ad campaign currently making the rounds. Read our blog for more details and how to protect yourself.
Read MoreUnitedHealth has made an announcement about the stolen data in the ransomware attack on subsidiary Change Healthcare.
Read MoreThis week on the Lock and Code podcast, we speak with Justin Brookman about past consumer wins in the tech world, and how to avoid despair.
Read MoreAn internet scraping platform is offering access to a database filled with over four billion Discord messages and combined user profiles.
Read MoreA list of topics we covered in the week of April 15 to April 21 of 2024
Read MoreA major international law enforcement effort has disrupted the notorious LabHost phishing-as-a-service platform.
Read MoreThe Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data.
Read MoreJuicyFields was an investment scam that urged victims to invest in cannabis production.
Read MoreLocation sharing is popular among couples. But is it something you want in your own relationship?
Read MoreA threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger
Read MoreA list of topics we covered in the week of April 8 to April 14 of 2024
Read MoreWondering whether changing your SSN is an option. Read here what you need to qualify for a new SSN and what you need to get one.
Read MoreApple has sent alerts to people in 92 nations to say it's detected that they may have been a victim of a mercenary attack.
Read MoreWe've made it easy for you to check if your data has been exposed in the AT&T breach.
Read MoreMicrosoft has fixed 149 vulnerabilities, two of which are reportedly being exploited in the wild.
Read MoreDon't wait for an online harassment campaign to unfairly target you or a loved one. Take these proactive steps today to stay safe.
Read MoreFind out what sensitive data of yours is exposed online today with our new, free Digital Footprint Portal.
Read MoreThe Change Healthcare ransomware attack as suffered a third cruel twist.
Read MorePreviously, I had the pleasure of sitting down with Sophie Sayer, our Channel Sales Director, to talk about the IT Governance partner programme and partner event on 9 April 2024. Now that the drinks have been served and awards handed out, I caught up with her again. When I asked her how the event went, she said: The Channel Partner Event and Awards 2024 in Ely was an absolute triumph! The atmosphere was charged with excitement and camaraderie as partners and MSPs gathered under one roof to celebrate excellence in the industry. It was truly heartening to witness the community
The post Looking Back on the Channel Partner Event and Awards 2024 appeared first on IT Governance UK Blog.
Read More16,482,365 known records breached in 241 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight Criminal hackers threaten to leak World-Check screening database A criminal group known as GhostR claims to have stolen 5.3 million records from World-Check, a database used to screen potential customers for links to illegal activity and government
The post The Week in Cyber Security and Data Privacy: 15 – 21 April 2024 appeared first on IT Governance UK Blog.
Read MoreExpert insight from our information security manager What is defence in depth? Why is it important? How does it work? And what are some practical examples of it? We put all these questions and more to information security manager Adam Seamons, who has more than 15 years’ experience working as a systems engineer and in technical support. He also holds CISSP (Certified Information Systems Security Professional) and SSCP (Systems Security Certified Practitioner) certifications. What is defence in depth? In very broad terms, defence in depth contains three layers: You can split these up further – into identify, protect, detect, respond
The post Cyber Defence in Depth: An Expert’s Overview appeared first on IT Governance UK Blog.
Read More7,531,492 known records breached in 124 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Update on last week’s story about the alleged US EPA (Environmental Protection Agency) breach: it appears the data was already publicly available. We’ve therefore removed this entry from our incident log. Publicly disclosed data breaches and cyber attacks: in the spotlight AT&T confirms more than 50 million
The post The Week in Cyber Security and Data Privacy: 8 – 14 April 2024 appeared first on IT Governance UK Blog.
Read More67,273,297 known records breached in 130 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight US Environmental Protection Agency allegedly breached: nearly 8.5 million accounts compromised A threat actor known as ‘USDoD’ claims to have exfiltrated a large database from the US EPA (Environmental Protection Agency). According to a listing on the
The post The Week in Cyber Security and Data Privacy: 1 – 7 April 2024 appeared first on IT Governance UK Blog.
Read More30,578,031,872 known records breached so far in 8,839 publicly disclosed incidents Welcome to our 2024 data breaches and cyber attacks page, where you can find an overview of the year’s top security incidents, the most breached sectors of 2024, month-on-month trends, links to our monthly reports, and much more. Use the links in the ‘On this page’ section below to navigate. To get our latest research delivered straight to your inbox, subscribe to our free weekly newsletter, the Security Spotlight. IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses. We offer
The post Global Data Breaches and Cyber Attacks in 2024 appeared first on IT Governance UK Blog.
Read MoreIT Governance’s research found the following for March 2024: This month saw fewer records breached than in February (a 58% drop), but a staggering 388% rise in incidents. This is largely caused by two outlier events: To minimise data skewing, we’ve accounted for this by providing two Data Breach Dashboards this month: one including and one excluding the above events. Free PDF download: Data Breach Dashboards For quick, one-page overviews of this month’s findings, please use our Data Breach Dashboards: The above Dashboard includes our complete data for the month. To offer a more direct comparison with last month’s data,
The post Global Data Breaches and Cyber Attacks in March 2024 – 299,368,075 Records Breached appeared first on IT Governance UK Blog.
Read MoreA Springboard to Career Success CISM® (Certified Information Security Manager) is a globally recognised qualification that provides a good understanding of IT security with a management flavour. But with so much in the news about AI, Cloud security and other niche areas of cyber security, it’s easy to overlook the importance of such solid, tried-and-tested qualifications in information security. Adesoji ‘Soji’ Ogunjobi is a cyber security specialist and instructor, with nearly two decades of experience as a cyber security professional and IT auditor. He also has an MSc in Information Technology, Computer and Information Systems, as well as CISM, CISSP,
The post An Expert Overview of CISM® appeared first on IT Governance UK Blog.
Read More37,376,751 known records breached in 2,109 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight Researchers find thousands of publicly exposed – and compromised – Ray servers The Oligo Security research team have discovered an attack campaign targeting a critical vulnerability in Ray – an AI framework developed and maintained by Anyscale
The post The Week in Cyber Security and Data Privacy: 25 – 31 March 2024 appeared first on IT Governance UK Blog.
Read More134,503,937 known records breached in 1,091 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight Misconfigured Google Firebase instances expose almost 125 million user records On 10 January, a security researcher known as ‘MrBruh’ reported on vulnerabilities in the AI hiring system Chattr.ai, which is used by many US fast food chains.
The post The Week in Cyber Security and Data Privacy: 18 – 24 March 2024 appeared first on IT Governance UK Blog.
Read MoreIn this article we analyze social engineering aspects of the XZ backdoor incident. Namely pressuring the XZ maintainer to pass on the project to Jia Cheong Tan, and then urging major downstream maintainers to commit the backdoored code to their projects.
Read MoreWe continue to report on the APT group ToddyCat. This time, we’ll talk about traffic tunneling, constant access to a target infrastructure and data extraction from hosts.
Read MoreNew unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go.
Read MoreWe review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection.
Read MoreKaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder.
Read MoreKaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.
Read MoreIn this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.
Read MoreIn this report, we share our latest Android malware findings: the Tambir spyware, Dwphon downloader and Gigabud banking Trojan.
Read MoreKaspersky ICS CERT shares industrial threat statistics for H2 2023: most commonly detected malicious objects, threat sources, threat landscape by industry and region.
Read MoreIn this report, we highlight the key points about a class of recently-patched elevation-of-privilege vulnerabilities affecting Microsoft Windows, and then focus on how to check if any of them have been exploited or if there have been any attempts to exploit them.
Read MoreThis week on the podcast, we cover a Google initiative to kill off session hijacking attacks once and for all. Before that, we give an analysis of CVE-2023-3400, the Palo Alto zero-day vulnerability currently under active exploit. Additionally, we discuss a recent white paper from CISA on securely deploying artificial intelligence systems.
Read More - Ending Session Hijacking
Read MoreThis week on the podcast, we cover a research post that describes a code injection vulnerability caused by the way nearly every high level programming language runs on Windows. We also discuss a series of vulnerabilities in LG televisions that allow remote attackers to root the device before ending with a chat about new adversarial […]
Read More - BatBadBut What?
Read MoreThis week on the podcast, we cover a software supply chain attack years in the making that was days away from a devastating global impact. After that, we cover Facebook’s Project Ghostbusters and its impact on user privacy before ending with another software supply chain attack that successfully compromised developers in the gaming world.
Read More - Bad Month for Software Supply Chains
Read MoreThis week on the podcast we discuss a vulnerability in required commercial truck hardware that could enable an automatically propagating worm across the entire US. Before that, we cover Apple’s “un-patchable” vulnerability in their M-series processors as well as a vulnerability that could let attackers unlock hotel room doors at will.
Read More - Trucking Worms
Read MoreThis week on the podcast, we’re joined by Ryan Estes, a member of WatchGuard’s Zero-Trust Application Service classification team and resident ransomware expert to discuss the wild month in ransomware news. We start the episode with a story about a fake ransomware operator that scammed cybercriminals out of tens of thousands of dollars before discussing […]
Read More - A Wild Month in Ransomware
Read MoreCheck out LockBit 3.0 on our new Ransomware Tracker Beta! Hear more about Operation Cronos on The 443 Podcast. If you’ve followed the ransomware space for the past few years, it’s very likely you’ve heard of LockBit. If you don’t follow the cybersecurity landscape, there’s still a good chance you’ve heard of them or at […]
Read More - Operation Cronos: A Breakdown of the LockBit Disruption
Read MoreThis week on the podcast, we cover an international law enforcement takedown of the LokBit ransomware group’s infrastructure. After that, we cover a novel malware delivery vector involving an IoT “toy.” We end the podcast by covering the latest White House Executive Order addressing cybersecurity in critical infrastructure.
Read More - Locking Up LockBit
Read MoreThis week on the podcast we cover Canada’s attempt to ban the Flipper Zero. Before that, we review a recent research post on a new class of vulnerability on the Ubuntu operating system. We end the episode with a chat bout a the impacts of artificial intelligence on data security. Menlo Report on Business AI […]
Read More - Flipping Out Over Flipper Zero
Read MoreOn February 2nd, remote access software vendor AnyDesk disclosed they had been the victim of a cyberattack where an unknown threat actor obtained access to production systems. AnyDesk appears to have contained the incident before the adversaries were able to leverage their access into a supply chain attack against AnyDesk customers but out of an […]
Read More - AnyDesk Remote Access Vendor Compromise
Read MoreThis week on the podcast, we cover a recent news post about an army of 3 million compromised toothbrushes taking down a Swiss website, causing millions in damages. After that, we discuss the United States DOJ’s latest botnet takedown, this time targeting Volt Typhoon. We end the episode by walking through a CISA joint-publication giving […]
Read More - Could a Toothbrush Botnet Happen?
Read MoreThis week on the podcast, we cover Apple’s recent announcement describing how they will comply with the European Union’s new Digital Markets Act and what that means for the iPhone walled garden. Before that, we cover a databreach at Mercedez-Benze thanks to an alternative authentication method. Additionally, we cover the roundup of vulnerabilities in Ivanti’s […]
Read More - A Door in Apple’s Walled Garden
Read MoreThis week on the podcast, we cover two “Blizzard” threat actors targeting governments and private organizations. We also give an update to the SEC’s compromised Twitter/X Account, and then end with a discussion of an EU program designed to improve their citizen’s privacy while browsing the internet.
Read More - A Blizzard of Threats
Read MoreThis week on the podcast, we review a CISA and FBI joint advisory on the Androxgh0st malware. Before that we cover recent Volt Typhoon activity targeting SMB routers exposed on the internet. We end the episode with a fun research blog post about a series of flaws in an Indian insurance provider.
Read More - Androxgh0st Analysis
Read MoreThis week on the podcast, we review NIST’s new publication that defines a taxonomy for how we talk about Adversarial Machine Learning. Before that, we cover a recent discovery of threat actors retaining access to Google accounts even through a password reset. We round out the episode with an account compromise that lead to a […]
Read More - NIST Tackles Adversarial AI
Read MoreThis week, we cover a password compromise that lead to a mobile telco in Spain losing control of their IP address space. We also give a quick update on the Lapsus$ ringleader’s court case before discussing a recently discovered macOS backdoor malware that evades most endpoint protection. We end the episode by covering Microsoft’s research […]
Read More - RIPE for the Taking
Read MoreThis week on the podcast, we cover a supply chain attack against one of the largest hardware cryptocurrency wallet manufacturers. After that, we discuss the latest Apache Struts vulnerability under active exploit by threat actors. We end the episode with our thoughts on a research blog post about a set of threat actors using an […]
Read More - Hacking the Crypto Supply Chain
Read MoreThis week on the podcast, we cover a new unauthenticated keystroke injection vulnerability in the Bluetooth implementation on nearly every type of device. After that we discuss Logofail, a suite of vulnerabilities in most UEFI boot implementations that could let threat actors easily hide their tracks. We end by covering a recent CISA advisory on […]
Read More - Bluetooth Busted
Read MoreThis week on the podcast we discuss our cybersecurity predictions for 2024. We’ll cover each of the 6 predictions for the coming year including the trends behind them and how to protect your organization if they come true!
Read More - Our 2024 Security Predictions
Read MoreThis week on the podcast, we look back to our 2023 security predictions and grade ourselves on how well we were able to see the future. We’ll go through each of our 6 predictions, explain the trends that fueled them, and then provide either evidence that they came true or discuss reasons why they may […]
Read More - Grading our 2023 Security Predictions
Read MoreThis week on the podcast, we dive in to the EU’s Network and Information Security directive update, aka NIS2. We’ll cover who might be impacted and what to expect in terms of requirements in the coming year. Before that, we give an update to on the latest Scattered Spider threat actor activity followed by an […]
Read More - What to Expect from NIS2
Read MoreThis week on the podcast, we cover an analysis from Mandiant on an attack lead by the Russian state-sponsored threat actor Sandworm that came alongside missiles strikes against Ukraine. Before that, we review Okta’s post mortum from their recent cyber incident. We end the episode by discussing udpated research from Jamf on a North Korean […]
Read More - Combined Cyber and Kinetic Warfare
Read MoreThis week on the podcast we cover an Executive Order from the US White House on the topic of Artificial Intelligence. After that, we discuss the latest CISO that has found themselves in hot water with the law. We then cover an update to the Common Vulnerability Scoring System and end with a researcher claiming […]
Read More - The White House Tackles AI
Read MoreThis week on the podcast, we review a thorough unmasking of Octa Tempest, the threat actor beind the MGM and Caesars Entertainment attacks in September. Before that, we give an update on the Cisco IOS XE vulnerability that head to an implant installed on thousands of exposed devices. We round out the episode with an […]
Read More - The Threat Actor That Hacked MGM
Read MoreThis week on the podcast, we cover CISA’s newly updated whitepaper on guidance for both software manufacturers and customers on the principals of secure-by-design and secure-by-default. Before that, we cover the Cisco IOS XE vulnerability that is under active exploitation in the wild, give an update on the EPA’s efforts to regulate cybersecurity practices in […]
Read More - CISA’s Secure by Design Whitepaper
Read MoreThis week on the podcast, we cover the recent HTTP/2 protocol vulnerability that lead to the largest DDoS attack ever recorded by CloudFlare. After that, we discuss Microsoft’s announcement about the deprecation of VBScript and the impending removal of NTLM. We then cover a collection of data allegedly stolen from the genealogy website 23 and […]
Read More - Microsoft is Killing NTLM
Read MoreThis week on the podcast, we go through the latest Internet Security Report from the WatchGuard Threat Lab. We’ll cover the top malware and network attack trends from Q2 2023 impacting small and mid-market organization globally before ending with defensive tips anyone can take back to their company.
Read More - Q2 2023 Internet Security Report
Read MoreThis week on the podcast, we discuss an alert from CISA on nation state threat actors embedding malware into legacy Cisco router firmware. After that, we cover a research post on malicious advertisements served up via Bing’s ChatGTP integration. We then end with an analysis of North Korea’s Lazarus group’s latest social engineering techniques.
Read More - Bing Chat Malvertising
Read MoreThis week on the podcast, we get up to speed on the MGM and Caesars Entertainment ransomware incidents from the previous week. After that, we take a deep dive into a blog post from Meta’s application security team for their VR headsets. After that, we cover Microsoft’s analysis of an ATP’s pivot from email to […]
Read More - Meta’ One Good Deed
Read MoreThis week on the podcast, we cover Microsoft’s final report on their July incident involving nation-state actors compromising enterprise email accounts. After that, we discuss a zero-day, zero-click vulnerability in iOS being actively exploited in the wild before ending with a chat about an upcoming change to how Android handles CA certificates.
Read More - iPhone’s Latest 0-Day
Read MoreThis week on the podcast, we cover the FBI-lead, multinational takedown of the Qakbot botnet of over 700,000 victim devices. After that, we cover two android malware variants including one targeting victims in southeast Asia and another built by the Russian GRU.
Read More - The Qakbot Takedown
Read MoreThis week on the podcast we cover the latest evolutions of the North Korean threat actor Lazarus before covering an actively-exploited 0day vulnerability in the popular unarchiver WinRAR. We end the episode with an AI-related attack that doesn’t actually use AI.
Read More - Weaponizing WinRAR
Read MoreThis week on the podcast we cover the FCC’s proposal for a security assurance labeling program for IoT devices. Before that, we discuss the latest AI research challenge hosted by DARPA as well as some research into a novel attack against the AI/ML supply chain.
Read More - U.S. Cyber Trust Mark
Read MoreOn this week’s episode, we chat about some of our favorite talks from this year’s Def Con security conference. We’ll cover several topics including artificial intelligence, hacking mobile point of sale devices, and how worried we should or shouldn’t be about cyber warfare.
Read More - Def Con 2023 Recap
Read MoreIn this special end-of-week episode of The 443, we cover some of our favorite talks from this year’s edition of the BlackHat cybersecurity conference in Las Vegas. We’ll discuss the trends we saw and summaries of interesting topics including AI, nation state warfare, and improving cyber defense.
Read More - BlackHat 2023 Recap
Read MoreThis week we look back to an episode that originally aired in May 2021 where we remember a Def Con legend then dive in to two web browsing security acronyms. Keep an eye out later this week as we come to you from this year’s Black Hat and Def Con cybersecurity conferences!
Read More - What Is Same-Origin Policy? Replay
Read MoreThis week on the podcast, we cover the latest evolutions of the decade-old Qakbot malware including changes in how attackers deliver it. After that, we give an update on the SEC’s new rules around mandatory security disclosure. We then end by reviewing CISA’s analysis of Risk and Vulnerability Assessments they completed for their constituents in […]
Read More - Qakbot Qacktivity
Read MoreThis week on the podcast, we give an update on last week’s discussion around a China-based APT targeting government organizations. After that, we cover the latest uses of generative AI like ChatGPT by malicious hackers. Finally, we end with a report from Google on their efforts around Red Teaming Artificial Intelligence systems.
Read More - Red Teaming AI Systems
Read MoreThis week on the podcast we cover two stories that came out of Microsoft’s July Patch Tuesday. The first involves an incident within Microsoft that lead to foreign cybercriminals compromising the email accounts of multiple government agencies. The second story involves an actively exploited 0-day vulnerability in Office that at the time of recording, remains […]
Read More - New Microsoft Office 0-Day
Read MoreThis week on the podcast, we cover WatchGuard Threat Lab’s Internet Security Report for Q1 2023. Throughout the episode, we’ll discuss the key trends for cyber threats impacting small and midsize organizations globally including the top malware and network attach detections as well as a look specifically at the endpoint. We round out the episode […]
Read More - Q1 2023 Internet Security Report
Read MoreOn this week’s podcast we discuss a recent analysis on the risks of GitHub RepoJacking. After that, we dive in to the Barracuda 0-day that China-based threat actors are actively exploiting as well as a novel command and control distribution method for a separate China-based APT.
Read More - RepoJacking
Read MoreOn this week’s episode we discuss the newly named threat actor Cadet Blizzard, including their typical tools, tactics and procedures. We also cover CISA’s newest binding directive to federal agencies. Before that, we give an update on exploited MOVEit Transfer servers and the latest Bitcoin laundering technique.
Read More - A New Russian APT
Read MoreThis week on the podcast we cover a supply chain attack of sorts against Minecraft gamers. After that, we cover a vulnerability in MOVEit Transfer that threat actors are exploiting in the wild to steal data and deploy ransomware. Finally, we wne with our review of the latest Verizon Data Breach Investigations Report (DBIR).
Read More - Minecraft Mod Malware
Read MoreThis week on the podcast, we give a quick update on the latest Volt Typhoon activity before covering a newly for sale EDR bypass tool. After that, we discuss Gigabyte’s decision to rootkit their own motherboards before ending with a new macOS vulnerability.
Read More - How Not to Update Software
Read MoreThis week on the podcast, we cover Microsoft’s latest refresh of naming conventions for advanced persistent threat (APT) actors worldwide, as well as an update on two specific threat actors and their latest tactics. We also cover a ransomware event targeting a biotechnology company with an interesting twist.
Read More - Naming APTs
Read MoreThis week on the podcast, we cover the recent TikTok ban coming from the state of Montana and discuss whether it was justified and what the potential security impact is. Before that, we give an update on two US Supreme Court cases that were poised to potentially strip away Section 230 protections. We also highlight […]
Read More - TikTok is Banned, Kind Of
Read MoreA few days ago, I was scrolling through Twitter and came across a post by the MalwareHunterTeam briefly discussing a new Ransomware group – Rhysida. A lack of results from a Google search shows this is a newer group prepping to start operations. I grabbed a sample and downloaded it, and the executable confirmed that […]
Read More - Scratching the Surface of Rhysida Ransomware
Read MoreThis week on the podcast, Marc kick’s Corey off the podcast and interview’s ChatGPT to learn its thoughts on AI applications in cybersecurity, both on offense and defense.
Read More - An Interview with ChatGPT
Read MoreThis week on the podcast, we cover two new malware research pieces, including the latest evolution of a delivery vehicle as old as time. After that, we cover recent regulations in the healthcare industry that have a chance to push the industry to a more secure future.
Read More - Securing Healthcare Tech
Read MoreThis week on the podcast, we cover a recently discovered macOS malware attack that uses a multi-stage delivery mechanism. Before that, we discuss an actively-exploited vulnerability in the print management software PaperCut, as well as an update on the 3CX supply chain attack.
Read More - Rustbuckets and Papercuts
Read MoreThis week’s podcast comes from the WatchGuard Apogee partner conference for the Americas where we bring on special guests Kevin Willette of Verus Corporation and Neil Holme of Impact Business Technology to discuss the challenges and opportunities MSPs and MSSPs will face in the coming years. This is the first of a multipart series where […]
Read More - MSPs Around the World – Americas
Read MoreThis week on the podcast, we cover two new publications out of CISA. First, we dive into CISA’s guidance to manufacturers and customers on products that are secure-by-design and secure-by-default. Next, we discuss CISA’s latest Zero Trust Maturity Model which any organization can use to gauge how far along they are on the ZTA path […]
Read More - Zero Trust Maturity Model 2.0
Read MoreThis post arrives later than usual, but as they say, “Better late than never.” Researchers and the media have highlighted various unique, interesting, or destructive vulnerabilities in the last few weeks. We decided to pick three of these vulnerabilities and talk about them. One was patched with Microsoft’s Patch Tuesday in March; another affects the […]
Read MoreThis week on the podcast, we discuss another cybercrime marketplace takedown dubbed Operation Cookie Monster. After that, we discuss Microsoft’s attempts to limit the distribution of a popular hacking toolkit. Finally, we discuss a recent analysis by Dr. Ken Tindell of Canis Automotive Labs around how criminals were able to steal his friend’s Toyota Rav4. […]
Read More - Operation Cookie Monster
Read MoreThis week on The 443, we discuss the latest software supply chain attack with a potential blast radius of thousands of organizations. Then we cover a new protocol vulnerability in the Wi-Fi wireless standard before ending with some research into insecure Microsoft Azure applications.
Read More - Another Software Supply Chain Attack
Read More3CX created the desktop phone app 3CXDesktopApp and now finds itself in the middle of a supply chain attack. As a recognized company in the softphone space, 3CX provides services to many large companies including Honda, Coca-Cola, BMW, Holiday Inn among others, according to the testimonials on their website. This week though, they […]
Read More - 3CX Supply Chain Attack
Read MoreThis week we have all the acronyms as we cover a joint publication by CISA and the NSA with Identity and Access Management (IAM) best practices. We then cover some new proposed cybersecurity rules out of the Securities and Exchange Commission (SEC) before ending with an FBI takedown of a popular hacking forum.
Read More - The NSA’s Guidance on Securing Authentication
Read MoreIt’s Monday, and there’s no better way to start a new week than with some cybersecurity-related news. So, if you need an excuse to procrastinate a bit more, allow us to fill that void. For this iteration, we made a few minor improvements, as always. In addition to the table of contents from last time, […]
Read MoreOn this week’s episode we look back to our initial monologue on Section 230 protections that allow the social media and the internet as a whole to function. We cap off the episode replay with a new discussion on a recent supreme court case that has the potential to dramatically impact the internet as […]
Read More - An Update on Section 230
Read MoreOn today’s episode, we cover two new sets of cybersecurity regulations, fresh off the heels of the White House’s National Cybersecurity Strategy publication, targeting different critical infrastructure sectors in the United States. We’ll also cover the latest in nation state activity targeting network connectivity appliances and end with some fun research into an oldie but […]
Read More - Here Come The Regulations
Read MoreThis week’s episode is all about the White House’s recently released National Cybersecurity Strategy. We’ll walk through the strategy from top to bottom and discuss the key elements most likely to impact individuals and organizations as well as our overall thoughts on the direction the US Federal Government is planning to take.
Read More - US National Cybersecurity Strategy
Read MoreA new week, a new month, and a new Cybersecurity News post! This iteration contains a whopping eight (8) stories covering the last two to four weeks. Since cybersecurity is a diverse field of assorted specializations, we attempt to match that with various stories touching on all aspects of cybersecurity. This time we cover a […]
Read MoreThis week on the episode we have a discussion about stress related issues impacting cybersecurity professionals and ways to combat them. Before that, we cover the latest news including new 0click exploit protection from Samsung, the latest update on GoDaddy’s security woes, and Twitters latest erratic move.
Read More - Cybersecurity’s Toll on Mental Health
Read MoreIn today’s episode, we discuss a recent court case resulting in the succesful conviction of a Russian national tied to breaking in to several publicly traded US companies. We also cover the latest details on the ESXiArgs ransomware attacks that have been impacting organizations globally as well as the latest CISA alert on nation-state ransomware […]
Read More - Successfully Prosecuting a Russian Hacker
Read MoreWelcome to another iteration of Cybersecurity News. The fairly new and unorthodox, semi-monthly news article that highlights a handful of noteworthy cybersecurity-related stories and provides extra references and resources to do further research if you desire. We aim to solidify a more concrete release schedule going forward and will release more information once we have […]
Read More - Cybersecurity News: Automated Ransomware Attacks, U.S. No Fly List Leaked, and A.I. Detecting A.I.
Read MoreOn this week’s very special episode of the podcast, we sit down with Matt Lee, Calvin Engen, and Scott Williamson, three MSP security and business experts for a Q&A panel in front of a live audience! We’ll cover everything from how MSPs and MSSPs should address the cyber threat landscape to what vendors can do […]
Read More - Live Audience MSP Q&A Panel
Read MoreShortly after Putin launched his “special military operation” in Ukraine on February 24th, 2022, researchers from ESET published information about two novel destructive malware families – HermeticWiper and ISAACWiper. HermeticWiper was part of a three-pronged campaign that included a worm and pseudo-ransomware component known as HermeticWizard and HermeticRansom, respectively. HermeticWiper is the data-wiping component. ISAACWiper, […]
Read More - A Technical Analysis of ISAACWiper
Read MoreThis week on the podcast we cover the Common Vulnerability Scoring System (CVSS) including how it works and some of its limitations. Before that though, we discuss a recent survey on the risks of ChatGPT’s usage in cyberattacks and the latest activity from Lazarus, the North Korean government hacking operation.
Read More - What is CVSS?
Read MoreOn today’s episode, we cover a recent Department of Justice operation that resulted in taking down a major ransomware organization. After that, we cover two recent publications from CISA, the first on malicious use of legitimate RRM software and the second giving guidance to K-12 on how to address cybersecurity concerns.
Read More - CISA Warns of Weaponized RMM Software
Read MoreSifting through the most recent cybersecurity-related news may seem daunting, and keeping up with the latest developments is arduous. However, the WatchGuard Threat Lab is happy to filter through the latest cybersecurity news and highlight some stories we believe are important, noteworthy, or interesting. The goal is to focus on a few recent cybersecurity-related stories, […]
Read More - Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
Read MoreIn a sudden, stunning announcement today, the United States Department of Justice, the FBI, and federal agencies from 13 countries from Europol, announced the seizure of the transnational Hive ransomware operation. The seizure was part of a months-long operation that began in late July 2022 when the FBI infiltrated the Hive network. Deputy Attorney General […]
Read More - Law Enforcement Infiltrate and Seize Hive Ransomware Operation
Read MoreThis week on the podcast, we cover key findings from three individual reports published last week. In the first report we’ll dive into the world of blockchain analysis looking for illicit transactions. In the second report, we’ll cover the state of SMB security. The final report includes a discussion of overall financial crime involving stolen […]
Read More - Report Roundup
Read MoreRegarding malware, breaches, and the overall threat landscape, 2023 is off to a dynamic start. Malvertising (malicious advertising) continues to be a successful attack vector for hackers, especially from sponsored ads via Google searches. Jon DiMaggio released his long-awaited Ransomware Diary series beginning with the first iteration of the LockBit ransomware group. Also, a new […]
Read More - Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
Read MoreThis week on the podcast we cover a recently-disclosed vulnerability in the popular JavaScript library JsonWebToken. After that, we give an update to weaponizing ChatGPT, the currently free Artificial Intelligence chat bot that has made waves since it’s release in November. We round out the episode with a wave farewell to Windows 7 and Windows […]
Read More - The RCE Vulnerability That Wasn’t
Read MoreRecently, researchers have observed threat actors using a website previously associated with the popular AR game, PokemonGo to distribute a remote access trojan (RAT). The method of delivery is a cleverly disguised game installer that includes a copy of the commonly used NetSupport Manager application, which on its own is technically a trusted application. The […]
Read More - When Trying to Catch ‘Em All, Leave This RAT Alone
Read MoreThis week on the podcast we cover a recent analysis by Mandiant on a Russia-based APT using a decade old botnet to deliver new attacks. Before that, we cover an update from LastPass about their most recent breach as well as the 200 million Twitter accounts leaked last week.
Read More - Reviving a Dead Botnet
Read MoreThis week on the podcast we discuss key findings from the WatchGuard Threat Lab’s Q3 2022 Internet Security Report. We’ll cover everything from the top malware threats to the latest network attack trends targeting small and midsize enterprises globally and give practical defensive tips that anyone can use to keep their organizations safe. [PowerPress]
Read More - Q3 2022 Internet Security Report
Read MoreIt’s that time of year for us to discuss the WatchGuard Threat Lab’s 2023 cyber security predictions! On this episode, we will cover the six predictions plus another two that didn’t make the cut as well as some defensive strategies to try and help stop them from coming true.
Read More - 2023 Security Predictions
Read MoreThis week on the podcast, we cover Apple’s latest announcement of expanded privacy and security features for their users. Before that, we cover a major breach in the Android ecosystem followed by a new Internet Explorer (yes, that still exists) 0-day vulnerability.
Read More - Apple’s New Privacy Expansion
Read MoreOn this week’s episode, we cover the latest in car hacking, this time involving a vulnerability that could have given remote attackers full control over certain Hyundai models’ doors, lights and engine. After that, we discuss the latest breach impacting a major password management app and how it’s different from previous ones we’ve seen. We […]
Read More - Hacking Hyundai
Read MoreOn today’s episode we cover a pair of alerts from the Cybersecurity Infrastructure and Security Agency (CISA), one detailing the tools, tactics and procedures from a prolific ransomware organization and another walking through a recent incident response engagement CISA completed with a federal agency. Before that though, we learn about what happens when you use […]
Read More - CISA Incident Response Learnings
Read MoreThis week on the podcast we dive into the world of attack surface management. We discuss what your attack surface is made up of including some areas you may not have thought of and then cover the best ways to reduce and ultimately protect it.
Read More - Attack Surface Management
Read MoreThe WatchGuard Security Team spends a lot of time chasing ransomware extortion groups throughout the dark web. So, it only fits that one of the newer ransomware extortion groups is named Endurance Ransomware. It appears this “group” is one individual known as IntelBroker, who has allegedly breached several entities of the US government and two […]
Read More - Endurance Ransomware Claims Breach of US Federal Government
Read MoreThis week on the podcast we take a look back at our 2022 cybersecurity predictions and give ourselves a grading on how well we did. From cyber insurance to space hacks, we’ll cover each of the 6 predictions we made last December and discuss why we think they did or did not come to fruition. […]
Read More - 2022 Cybersecurity Predictions Recap
Read MoreOn this episode we cover the much anticipated OpenSSL vulnerabilities that were disclosed and patched on November 1st and why the 6 year streak of no critical issues continues. After that, we dive back in to election security and the hacking activity that could have the most impact. We end with an update from Apple […]
Read More - Why OpenSSL Downgraded Their Vulnerability
Read MoreThis week on the podcast we cover CISA’s freshly-released Cybersecurity Performance Goals (CPGs) designed to help smaller organizations bridge the gap between frameworks and practical implementation. After that, we discuss a new bill working its way through the US Senate designed to address open source software security risks. Finally, we end with a research post […]
Read More - CISA’s Cybersecurity Performance Goals
Read MoreThis week on the podcast, we cover another remote code execution vulnerability that looks extremely concerning on the surface but might be less serious in reality. After that, we cover two research articles by Microsoft on ransomware campaigns including defensive takeaways for all organizations.
Read More - Ransomware TTPs Deep Dive
Read MoreThis week on the podcast we cover a proposed program from the White House to create an Energy Star-like label for cybersecurity in consumer products. Before that, we cover two other updates from the federal government including a new open source tool from CISA and the latest reincarnation of Privacy Shield.
Read More - Cyber Energy Star
Read MoreThis week on the podcast, we focus on highlighting WatchGuard’s Q2 Internet Security Report, covering the latest threat trends and what you can do to avoid them. However, we also pack in our security news segment, with an Optus breach update from an Australian IT and security expert and WatchGuard Partner, the latest on the […]
Read More - Q2 Threats and Guilty CSOs
Read MoreThis week on the podcast, we cover an Optus data breach that could affect over 10 million Australian customers, and what they should do to protect themselves. We highlight a new malware-as-a-service (MaaS) information stealer that lowers the cost and technical bar for cybercriminals. Finally, we end with some good news about how the FBI […]
Read More - Optus Opts Out of PII Protection
Read MoreUpdate 10/6/2022 : Microsoft has released several updates since their post on the “ProxyNotShell” Exchange vulnerabilities. If you followed their initial mitigation steps, they are not sufficient to block this threat and your Exchange server may remain vulnerable. Security researchers began poking at the initial mitigation recommendations and found ways to bypass their initial detection […]
Read More - Two Microsoft Exchange Server Zero-Day Vulnerabilities (aka ProxyNotShell)
Read MoreThis week on the podcast, we cover Uber’s most recent security incident and the alleged individual behind it. After that, we dive into the world of gas station operational technology and potential security weaknesses in one tool. Finally, we end with a chat about the FBI CISO Academy and how the FBI as a whole […]
Read More - An Uber Hack
Read MoreThis week on the podcast we cover a court case that is attempting to hold the ex-CISO of a popular tech company accountable for their actions involving a data breach dating back to 2016. Before that though, we dive in to a novel command and control (C2) method as well as the latest commoditization of […]
Read More - Are CISOs Legally Accountable for Security?
Read MoreThis week on the podcast we sit down with Ryan Estes, a malware analyst on the WatchGauard Threat Lab team, to discuss what it takes to rapidly differentiate malware from goodware. In this interview, we discuss what it takes to get in to malware analytics, popular tools to help with the task, and resources anyone […]
Read More - A Day in the Life of a Malware Analyst
Read MoreThis week on the podcast, we cover the big whistleblower complaint against Twitter including our hot takes on who to believe. We then cover an FBI alert on evasion techniques cyber criminals are deploying in their authentication attacks before finishing with a highlight of a very convincing phish.
Read More - The Twitter Thing
Read MoreThis week on the podcast we review our time at this year’s Black Hat and Def Con cybersecurity conferences in Las Vegas. We’ll cover how the WatchGuard CTF contest went this year and discuss takeaways from a few of the briefings we attended.
Read More - 2022 Black Hat and Def Con Recap
Read MoreThis week on the podcast, we give our preview of the Black Hat and Def Con cybersecurity conferences, aka Hacker Summer Camp. Throughout the episode, we’ll discuss the briefings and panels we’re most excited to see and what we hope to get out of them. If you’re not able to attend either conference in person […]
Read More - Hacker Summer Camp 2022
Read MoreThis week on the podcast we discuss the shifting landscape of phishing attacks in the wake of Microsoft’s efforts to block malicious Office macros. We then cover a private organization that has been found not just selling exploit tools but also participating in offensive cyber operations. We end the episode with a review of IBM […]
Read More - Private Sector Offensive Actors
Read MoreThis week on the podcast, we discuss the current cyber skills gab and a federal program designed to help combat it. After that, we dive in to the American Data Privacy protection Act and what it potentially means if passed by US Congress. We end this week with a quick update on Microsoft’s attempts to […]
Read More - USA’s Answer to GDPR
Read MoreThis week on the podcast we cover the latest in car hacking research, this time targeting vulnerabilities in remote keyless entry. We then dive in to Microsoft’s latest research on Adversary in the Middle (AitM) attacks and end with key findings from the latest WatchGuard Threat Lab quarterly Internet Security Report.
Read More - Rolling PWN
Read MoreThis past week, a hacker by the name of ChinaDan allegedly breached the Shanghai National Police (SHGA) database and has put the nearly 23 TB of data up for sale for 10 bitcoin (BTC), or a little over $200k USD as of this writing. ChinaDan claims the data contains “information on 1 Billion Chinese national […]
Read More - Over a Billion Records Leaked in Shanghai National Police Database Hack
Read MoreThe LockBit ransomware group has unveiled a new website – LockBit 3.0 – to host their ransom extortions and data leaks. The website includes several new features, including an unprecedented bug bounty program to assist the group in securing their site; acceptance of the privacy cryptocurrency, Zcash; and the addition of receiving payments from users […]
Read More - LockBit Ransomware Group Introduces Bug Bounties and More
Read MoreThis week on the podcast, we discuss two recent security reports, one on the topic of open source software and the other on “insecure by design” in the Operational Technology (OT) space. We go through the key findings from each report and what our thoughts are on their accuracy within the real world. We end […]
Read More - Grading Gartner’s Guesses
Read MoreIn celebration of our 200th episode, this week on the podcast we take a look back at the last few years and revisit some of our favorite episodes. Along the way, we’ll give updates on a few of our cybersecurity predictions from years past that took just a little bit longer than anticipated to come […]
Read More - 200th Episode Extravaganza
Read MoreThis week on the podcast we cover the latest and most bizarre ransomware extortion demand we’ve seen in recent memory. Before that though, we cover the latest updates on nation state hacking activity including threats of escalating attacks leading to physical retaliation.
Read More - Robux Ransomware
Read MoreThis week on the podcast we cover two fresh 0-day vulnerabilities, one in Windows and another in Atlassian’s Confluence, both under active exploitation in the wild. Additionally, we cover Costa Rica’s no good, terrible month in Cybersecurity.
Read More - 0-Days for Days
Read MoreThis week on the podcast, we discuss the line between ethical security research and malicious activity thanks to a compromised open source software package. After that we cover the latest industry to fall victim to Ransomware and end by highlighting a 0-click vulnerability in Zoom’s message system discovered by Google Project Zero.
Read More - Package Hijacking
Read MoreWatchGuard’s Product Security Incident Response Team (PSIRT) has launched our public PSIRT page to provide a consolidated resource where network administrators can find advisories and information about security vulnerabilities in WatchGuard products, as well as WatchGuard’s investigations into industry-wide security issues that may impact our products or services. Our PSIRT page also provides information for […]
Read More - WatchGuard Launches PSIRT Page
Read MoreThis week on the podcast we sit down for a chat with Matt Lee, Sr. Director of Security and Compliance at Pax8 and well-known cyber security educator, to discuss security strategies for MSPs and midsize enterprises in the face of a dynamic threat landscape. We cover everything from picking a framework to getting buy in […]
Read More - Building Security Strategies with Matt Lee
Read MoreThis week on the podcast we walk through CISA alert AA222-131A which gives bulleted guidance to MSPs and customers of MSPs on how to navigate their relationship security as threats targeting service providers continue to grow. We’ll walk through the list and hit each recommendation and give our own guidance on top of them for […]
Read More - CISA Guidance for MSPs
Read MoreThis week on the podcast we discuss the latest rumblings around the return of the prolific ransomware-as-a-service organization REvil. Before that though, we dive in to the latest tools, tactics and procedures of the Lazarous nation state hacking group as well as a recently discovered form of fileless malware evasion.
Read More - The REturn of REvil?
Read MoreThis week on the podcast, we dive into CISA’s list of the 15 most exploited vulnerabilities in 2021. We’ll walk through each flaw and give a refresher on their history and how attackers have exploited them. After that, we cover the latest ransomware-as-a-service threat that has victimized over 60 organizations worldwide before ending with a […]
Read More - Most Exploited Vulnerabilities of 2021
Read MoreThis week on the podcast we cover a critical and easily-exploited vulnerability in how some recent versions of Java handle cryptography. We also discuss the latest in a series of alerts from CISA and international intelligence organizations on cyber threats to critical infrastructure. Finally, we end with a condensed overview of the latest internet security […]
Read More - Psychic Signatures
Read MoreThis week on the podcast, we cover the latest evasion and persistence techniques from the state-sponsored threat actors known as Hafnium. Then, we dive into the world of ICS and SCADA devices to discuss the latest joint-agency alert from the US Government. We then round out the episode by highlighting some recent research into spoofing […]
Read More - Hidden Hafnium
Read MoreThis week on the podcast we discuss one of the most rampant yet easily resolved risks facing many organizations today, not installing vendor-supplied security fixes. We’ll cover some of the reasons why organizations might fall behind on patching as well as the potentially serious consequences. After that, we cover the latest 0-day Chromium vulnerability before […]
Read More - Patch Management Lag
Read MoreWhen talking to IT and Security professionals, everyone seems to know they shouldn’t overly-expose management portals. And yet, every year we learn some new statistic showing tens of thousands of devices or software products with management portals exposed on the Internet. In hopes of changing this trend, this article talks about why management portals sometimes […]
Read More - For the Love of InfoSec, Don’t Over-Expose Administrative Management Portals
Read MoreThis week on the podcast we cover the hacking organization Lapsus$ including their tactics, targets, and how they ended up with several members arrested last week. After that, we cover the cyber cold war and threats of Russian revenge attacks against the US energy sector that prompted classified meetings with potentially targeted organizations.
Read More - The Rise and Fall of Lapsus$
Read MoreAt WatchGuard, we understand the importance of sharing threat intelligence with the information security (infosec) community when safe and appropriate. Not only does this information sharing help to directly defend against known threats, but it also helps the community at large learn from the attacks found in the wild, and appropriately adjust detection and defense […]
Read More - Sharing Cyclops Blink Threat Intelligence with the Community
Read MoreThis week on the podcast, we cover a CISA alert on securing satellite communications (SATCOM) in the wake of several recent incidents involving providers and networks in eastern Europe. After that, we check in on the TSA’s cybersecurity rules for pipeline distribution networks and how adoption is going so far in the industry.
Read More - SATCOM Security
Read MoreThis week on the podcast, we cover last week’s Executive Order from the White House that lays the foundation for a United States Central Bank Digital Currency, or CBDC, and what it means for the future of Cryptocurrency. We also discuss recent research from Mandiant on APT41, a Chinese threat actor that has recently turned […]
Read More - US-Backed Cryptocurrency
Read MoreThis week on the podcast we cover the recent leaks highlighting the inner workings of the Conti ransomware group that started with chat logs and grew to entire source code dumps. We then round out the episode by discussing the recent Nvidea breach and how some of the stolen information might fuel future attacks.
Read More - Conti Leaks
Read More5G didn’t put malware on these Mazda’s entertainment systems but many Seattle Mazda drivers couldn’t change their radio station after turning it to the local NPR station, KUOW. As one reddit user put it, “the whole audio system and Bluetooth just keeps trying to reboot.” Some users also reported they couldn’t use their backup cameras. […]
Read More - 5G Didn’t Break Your Car
Read MoreThis week on the podcast we dig back into our archives for an episode that originally aired back in July 2020 where we discussed one of our analysts first-hand research into facial recognition biases.
Read More - Rewind: Can We Trust Facial Recognition
Read MoreMicrosoft’s monthly Patch Tuesday already occurred this month, so you know what that means – more disclosed vulnerabilities. This iteration of patches included fixes for a combined 70 vulnerabilities, including one zero-day. Thankfully, none of these fall into Microsoft’s “critical” category. However, there are four Elevation of Privilege vulnerabilities targeting the Windows Print Spooler service […]
Read More - SpoolFool: Windows Print Spooler Fooled Again
Read MoreThis week on the podcast we cover a cryptocurrency heist that abused the backbone of the internet to steal millions of dollars of coins. In related news, we also cover the FBI’s new Virtual Asset Exploitation Team and their focus on tracking cryptocurrency-related cybercrime as well as a recent alert on business email compromise from […]
Read More - BGP-Powered Crypto Theft
Read MoreThis week on the podcast we cover Russia’s latest crackdown on cybercriminals within their borders and try to answer the “why now?” question. We also discuss a multi-billion dollar cryptocurrency recovery by the US Justice Department including the arrest of two New Yorkers allegedly responsible for the 2016 Bitfinex hack.
Read More - Russia, Fighters of Cybercrime?
Read MoreIn early 2020, during the emergence of the COVID-19 pandemic, researchers discovered a novel malware named Oski Stealer, capable of stealing browser data such as cookies, history, payment information, and autofill information, as well as cryptocurrency wallets, login credentials of applications, and Authy 2FA information. It can also take screenshots of your desktop and perform […]
Read More - New Oski Stealer Variant, “Mars Stealer”, Targets Credentials, Crypto, and 2FA
Read MoreThe US IRS has plans to use a 3rd party identification system to prevent tax-related identity theft. The IRS plans to contract with ID.me to identify people using, among other factors, face recognition. James Hendler, professor of Computer, Web and Cognitive Sciences, wrote about some issues with the IRS’s plan. How will the data be […]
Read More - Face Recognition and Privacy Concerns Works Its Way Into Taxes
Read MoreThis week on the podcast, we cover the heist of $322 million in cryptocurrency from the distributed exchange Wormhole, including a long discussion on the why it feels like cryptocurrency is still the wild west of technology. After that, give an update on our brief mention in last week’s episode about North Korea’s internet seemingly […]
Read More - Hacking Back at North Korea
Read MoreThis week on the podcast, we cover Pwnkit, a privilege escalation vulnerability impacting almost every modern Linux release worldwide. We also dive in to the world of macOS malware with DazzleSpy, a remote a remote access trojan targeting Hong Kong pro-democracy advocates. Finally, we end with an update on North Korea’s Lazarus APT and their […]
Read More - The Pwnkit Problem
Read MoreThis week on the podcast we discuss the latest Internet Security Report from the WatchGuard Threat Lab. Built with threat intelligence gathered from tens of thousands of Firebox UTM appliances that have opted-in to sharing data, the quarterly report lets us talk about the latest malware and attack trends targeting organizations globally. On this episode, […]
Read More - Q3 2021 Internet Security Report
Read MoreLog4Shell attacks have spread throughout the Internet due to the ease with which attackers can perform them. The WatchGuard Threat Lab sees a sample of these attacks from our customers’ perspectives when they opt to provide anonymized threat intelligence data from their Fireboxes. This limited data, along with our analysis, gives us a unique opportunity […]
Read More - Log4j Becomes The Highest Detected Vulnerability Days After Release
Read MoreThis week on the podcast we give a quick update to the Log4Shell saga after the researchers detected the first significant campaign that uses the critical vulnerability. After that, we dive in to the world of carding marketplaces where cybercriminals buy and sell stolen credit card information and discuss possible reasons for why these marketplaces […]
Read More - The Death of the Carding Marketplace
Read MoreThis week on the podcast we give an update on log4j2 and it’s most recently-disclosed vulnerabilities before covering a recent report on credential stuffing by the New York Attorney General. Then, we discuss this recent article in DarkReading on whether or not cybersecurity jobs should be considered professional or vocational.
Read More - Is Cybersecurity Vocational?
Read MoreIranian researchers at Amnpardaz security firm have discovered rootkits in HPs iLO (Integrated Lights-Out) management modules. These optional chips are added to servers for remote management and grant full high-level access to the system. This includes the ability to turn the server on and off, configure hardware and firmware settings, and additional administrator functions. The […]
Read More - HP iLO and the Newly Discovered iLOBleed Rootkit
Read MoreThe internet came by storm. Yes, for years it wasn’t accessible to the major populace, but over time it found its way into the office, school, home, and now more specifically into the living room. With the evolution of the internet came few rules. In came the market makers who began to define basic expectations […]
Read More - Post-Purchase Monetization of the TV and Your Diminishing Privacy
Read MoreEvery so often, there is a phish that stands out because of its brazenness. Today, we came across a bank phish that requested a few verification details: Username and Password Social Security Number Email address and email password used for 2-Step verification Security Questions: What was your dream job as a child? Who is your […]
Read More - Give Us Your SSN, Your Email Password, and Your Dream Job
Read MoreMuch of what we see exploiting the log4j2 vulnerability, CVE-2021-44228, appears like a scan for the vulnerability, not necessarily exploitation. However, our own honey pot https://github.com/WatchGuard-Threat-Lab/log4shell-iocs has seen activity from this exploit to install coin miners. In one of the first targeted cases for this vulnerability, a ransomware gang have exploited VMware vCenter with Conti […]
Read More - Active Compromises of vCenter Using The Log4J Vulnerability
Read MoreThis week we take a deep dive into CVE-2021-44228, better known as Log4Shell, a critical vulnerability in the massively popular log4j2 logging library for Java applications. We discuss how the flaw came about, how it works, and why this specific issue has the potential to cause lasting headaches for the security industry for years to […]
Read More - Log4Shell Deep Dive
Read MorePolitico published a short piece about Kamala Harris’s hesitancy with Bluetooth devices. They considered this a bit amusing, perhaps considering her paranoid based on their tone. While the article’s content was light, it did discuss some important security concerns that any Jane Doe might care about. Besides Kamala Harris opting for wired headphones instead of […]
Read More - Bluetooth Is Safe Enough For You
Read MoreAs we move in to the end of the year it’s time for us to discuss WatchGuard Threat Lab’s 2022 cybersecurity predictions. While many of our predictions tend to come off as extreme, they’re all grounded in the trends that we’ve been following and what we expect to see continue into the coming year. If […]
Read More - Our 2022 Security Predictions
Read More[Updated 13-12-2021: Additional information for WatchGuard customers] On Thursday, security researchers disclosed a critical, unauthenticated remote code execution (RCE) vulnerability in log4j2, a popular and widely used logging library for java applications. CVE-2021-44228 is a full 10.0 on the CVSS vulnerability scoring system due to a combination of how trivial the exploit is and damaging […]
Read More - Critical RCE Vulnerability in Log4J2
Read MoreIts getting to be the end of the year which means its time to take a look back at WatchGuard Threat Lab’s 2021 security predictions and give ourselves a grading on how well we did! On this episode, we’ll go through our 8 predictions for 2021, recap the trends that fueled them, and discuss either […]
Read More - 2021 Security Predictions Grading
Read MoreWe have seen interpolation in the news concerning a recent court case. Here we cover what interpolation does to an image, not only because of the recent news but also because face recognition uses interpolation to better recognize a face – something we have covered in the past. Interpolation means to take pixels in an image and calculate what their […]
Read More - Dangers of Bicubic Interpolation In Pictures
Read MoreThis week on the podcast we discuss how a recent CISA alert on specific threat actor activity tipped off a separate adversary, leading to a new wave of attacks against vulnerable systems across multiple industries. We also cover the latest US and international law enforcement crackdowns on ransomware operators as well as a breakthrough on […]
Read More - CISA Alert Tips Off Adversaries
Read MorePhishing is a type of social engineering attack where threat actors attempt to trick users into providing sensitive information via email. Typically, this involves creating a phishing campaign where threat actors will send the same phishing email to a large batch of recipients in an attempt to trick at least a small subset of these […]
Read More - The Evolution of Phishing: A WatchGuard Real-World Example
Read MoreOn this week’s episode of the podcast, we cover a newly discovered method for hiding malicious source code in plain sight, CISA’s new Known Exploited Vulnerabilities Catalog, and action from the US Department of Commerce on the Pegasus spyware manufacturer NSO Group.
Read More - Trojan Source
Read MoreFacebook’s face recognition has one of the largest training databases in the world, built from photos that users have uploaded since Facebook’s inception, but that database’s time may be coming to an end. In a blog post on Facebook they recently announced that they are going to remove the controversial face recognition technology from Facebook. “We’re shutting down the Face Recognition system […]
Read More - Face Recognition Removed from Facebook But Added to Metaverse
Read MoreThe NRA has found itself in the middle of a potential breach and ransomware attack. This happened last week after the Russian hacking group Greif reportedly gained access. Greif has close ties to Evil Corp (another advanced hacking group currently sanctioned by the US) or may even just be the same group rebranded. Grief posted […]
Read More - The Security Conscious NRA Breached by Russian Hacking Group
Read MoreThis week on the podcast, we cover a heist of over $130 million worth of cryptocurrency from a distributed financial (DeFi) organization and have an in depth discussion on why cryptocurrency-related platforms continue to suffer substantial breaches. Before that though, we cover an apparent ransomware attack against the National Rifle Association and an FBI raid […]
Read More - Stealing Make-believe Money
Read MoreThe Microsoft Threat Intelligence Center (MSTIC) detected attacks by the Nobelium group targeting IT services providers. The intent was to “gain access to downstream customers” such as Cloud Service Providers (CSP) and Managed Service Providers (MSP). If the Nobelium name sounds familiar, it’s because they were the threat actor behind the 2020 SolarWinds compromise. MSTIC […]
Read More - Nobelium Threat Group Sets Sights on IT Providers
Read MoreMany cellular network protocols don’t have clear documentation explaining them, especially when it comes to the proprietary protocols used by 4G and 5G networks. This makes them difficult to understand by the average person, but also potentially vulnerable to anyone willing to take the time to research them and find issues. We haven’t yet seen attacks […]
Read More - China Linked Hacking Group Compromises 13 Telcos
Read MoreThis week on the podcast, we cover the latest news on REvil, the ransomware-as-a-service organization responsible for the Kaseya attack earlier this year among many others. After that, we cover an update from the US Commerce Department on new export rules around selling hacking tools outside of the United States, nearly 6 years after the […]
Read More - Schrödinger’s REvil
Read MoreExploit Broker Zerodium Increasing Focus on VPNs The exploit broker Zerodium announced they are seeking exploits for ExpressVPN, NordVPN, and Surfshark VPNs. VPNs are becoming a more lucrative target. Zerodium’s announcement has brought attention to that. Many use VPNs because they believe it protects their privacy. However, it also puts the responsibility of that […]
Read More - InfoSec News From Last Week October 25th, 2021
Read MoreThe US Department of Commerce announced export controls on hacking tools used for surveillance. The aim is to curb access to authoritarian governments who have been identified for human rights violations and abuses. Any companies who intend to sell their wares abroad will need to acquire a License Exception Authorized Cybersecurity Exports (ACE). An additional […]
Read More - US Government Sets Rules for Hacking Tool Exports
Read MoreAzure, BitBucket, GitHub, and GitLab revoke SSH Keys After GitKraken Vulnerability Git software client GitKraken disclosed an SSH key generation flaw in a post this past Monday. The flaw was discovered in versions 7.6.x, 7.7.x, and 8.0.0 for releases available between mid-May to late-June this year. GitKraken uses the library keypair to generate SSH keys […]
Read More - InfoSec News From Last Week October 18th, 2021
Read MoreThis week on the podcast we cover VirusTotal’s first ever global ransomware report which analyzes ransomware trends over the last year from the unique position of the world’s largest malware intelligence platform. Before that though, we cover another APT group with a ridiculous name found exploiting a zero-day vulnerability in Windows.
Read More - VirusTotal Global Ransomware Report
Read MoreBy now you have probably heard of Missouri governor Mike Parson tweet threatening to prosecute a journalist for responsibly disclosing a data breach. If you missed it though, according to the tweet and the governor’s ensuing press conference, a journalist from the St. Louis Post-Dispatch found teachers’ SSNs embedded in a public web page […]
Read More - HTML Basics That We Often Miss
Read MoreThis week on the podcast we discuss a breach that lasted over 5 years involving a company responsible for routing SMS messages for 95 of the top 100 mobile carriers in the world. Before that though, we’ll cover the recent Facebook downtime incident as well as the seemingly total compromise of the video game streaming […]
Read More - The SMS Breach You Didn’t Hear About
Read MoreSMS Routing Company Syniverse Discloses Breach Spanning 5 Years Syniverse claims to be “the world’s most connected company” serving so many large telecommunication companies that it should be assumed that your provider is one of their customers. Their reach is significant, acting as the intermediary for text messages between carriers and routing calls between networks. […]
Read More - InfoSec News Weekly Wrap-Up October 8th, 2021
Read MoreU.S. Agencies have been making headlines recently for a lot of their new cyber related regulations. The following are several noteworthy of examples of what they have been up to. The Federal Communications Commission (FCC) and Robocalls The FCC expects phone carriers to block illegal robocalls from providers not yet registered with the Robocall Mitigation […]
Read More - US Agencies Have Been Busy
Read MoreA recent survey of 700 SMBs (small and medium businesses) by Untangle shows an increase in cybersecurity budgets and awareness. While some companies still have users working remotely, 50% of respondents have moved back into the office or at least some form of hybrid work environment. Most companies – 64% – see breaches as the […]
Read More - How SMBs Deal With An Uptick in Breaches
Read MoreUpdate 1: Twitch believes login credentials have not been exposed (October 7th, 2021): Twitch posted a statement on their blog that, “At this time, we have no indication that login credentials have been exposed.” Additionally, as credit card details are not stored by Twitch, they have ruled out exposure. We recommend changing your password […]
Read More - Twitch Affected by Large Data Leak
Read MoreOctober is Cybersecurity (or, for the less civilized, ‘cyber security’) Awareness Month. Every October, CISA hosts security awareness presentations. Additionally, Cybersecurity Awareness month means an increase in jaded by posts by InfoSec professionals on Twitter and emails from corporate reiterating security basics. There are plenty of positives to be found. Individuals are increasingly familiar with […]
Read More - To Not Share is To Care
Read MoreThis week on the podcast we cover the latest quarterly Internet Security Report from the WatchGuard Threat Lab. We’ll go over the latest attack trends and key findings from Q2 2021 as well as defensive tips for keeping your systems safe from the latest threat landscape.
Read More - Q2 2021 Internet Security Report
Read MoreEarlier this year Kaseya, who provides IT management software to service providers that support tens of thousands of organizations from schools to hospitals, was involved in a ransomware attack fueled by a compromise of their VSA Remote Monitoring and Management (RMM) software. While the ransomware only impacted a small percentage of their customer base, thousands […]
Read More - FBIs Botched Plan to Catch REvil Cost Victims Millions
Read MoreWe often write about passwords and password policies from the IT/security administrator side, usually after a password becomes compromised. We recently found a survey that looked at compromised passwords from the user’s side to better understand how users feel about them. The survey shows a few key points that shed light on the social […]
Read More - Half of Respondents Admitted to Sharing Their Passwords
Read MoreThis week on the podcast we discuss the recently disclosed identify of the”Trusted Third Party” that Kaseya acquired the REvil ransomware master decryption key from, as well as the morals around a decision to hold on to the decryption key for multiple weeks before handing it off to Kaseya. We then cover a new APT […]
Read More - Kaseya’s Trusted Third Party
Read MoreThis week on the podcast we discuss the recently patched zero-click vulnerability in iOS, macOS and WatchOS that researchers at TheCitizen Lab discovered while investigating NSO Group’s Pegasus spyware. After that, we cover a vulnerability in the OMI Agent that comes automatically installed on all Azure Linux virtual machines. We finish by covering Microsoft’s latest […]
Read More - OMIGOD!
Read MoreThis week on the podcast we discuss the first update to the OWASP Top 10 since 2017. OWASP servers as an excellent resource for improving web application security so we’re excited to run through the latest refresh of their top security weaknesses. We also discuss phishing attacks that abuse Internationalized Domain Names (IDNs) in emails […]
Read More - OWASP Update
Read MoreUpdate 1: OMI agent is not installed on Azure FireboxV/Cloud instances (September 17th, 2021): We reviewed our FireboxV/Cloud instance for Azure and confirmed that the OMI agent cannot be installed on the image. We recommend reviewing the additional guidance Microsoft published on September 16th, 2021 for securing the OMI affected resources/tools. Original Post (September 16th, […]
Read More - Azure Linux VMs Vulnerable Due to Pre-Installed Agents
Read MoreThis week on the podcast we cover ProxyWare, a form of malware that monetizes your internet access for the benefit of the attacker. After that, we discuss ChaosDB, a vulnerability that could have enabled any Azure user to gain full access to any other user’s CosmosDB instance. Finally, we end with a discussion of location […]
Read More - ProxyWare
Read MoreThis week on the podcast we dig back in the archives to 2019 where we discussed how web servers manage to track users across sites using browser fingerprinting methods. Even though some improvements like removing third-party cookies have been made to limit tracking, plenty of additional fingerprinting options still remain.
Read More - Stop Following Me – Rewind
Read MoreThis week on the podcast we cover one of the largest cryptocurrency heists in history, with a surprising twist of an ending! Before that we’ll chat about the latest T-Mobile data breach and what we can learn about protecting user identity. We end the episode with a discussion about one of the latest episodes of […]
Read More - PolyNetwork Heist
Read MoreOver the last week we saw 70 million AT&T customers and 53 million T-Mobile customers have their personal data leaked to hackers. While we didn’t find any connections between these two breaches the timing of the incidents is strange. AT&T has so far denied the breach involving their customers. While we don’t have confirmation from […]
Read More - Mobile Carriers Leak 123 million Customer Records in One Week
Read MoreThis week on the podcast we chat about a few of our favorite presentations from the 2021 edition of the DEF CON security conference out of Las Vegas. If haven’t checked them out yourself, visit the DEF CON YouTube channel or media.defcon.org to view this year’s and all previous year’s content.
Read More - DEF CON 29 Recap
Read MoreDavid Dworken, a Google security researcher, presented a recent Defcon talk about how he found over 30 vulnerabilities in various Integrated Development Environments (IDEs) over the course of a few months of research. Many believe that source code on its own is benign as long as you don’t compile and run it, but as Dworken proved, simply loading code into an IDE can cause infections. A popular example of this comes from […]
Read More - Supply Chain Attacks Through an IDE
Read MoreWith the 2021 editions of the BlackHat and DEF CON security conferences all wrapped up, one of the presentation that made the biggest waves was the latest research from Orange Tsai of Devcore Security Consulting. Tsai was the researcher responsible for identifying and disclosing CVE-2021-26855, better known as ProxyLogon, to Microsoft back in January 2021, […]
Read More - ProxyShell, Exchange Servers Under Attack Again
Read MoreThis week on the podcast, we chat about a recent report from Qrator that highlights some of the massive weaknesses in the backbone of the internet. After that, we discuss a recent research blog post from Yan (@bcrypt) showing her work in finding a CSRF flaw in OK Cupid that bypassed Cross-Origin Resource Sharing (CORS) […]
Read More - Bad BGP
Read MoreA recent Defcon talk by Tom Van Goethem and Mathy Vanhoef, “Timeless Timing Attacks” made significant progress on ways to create timing attacks over a network. Timing attacks work by extracting data form devices based on how long it takes to respond. To successfully run a timing attack, the attacker usually must be directly […]
Read More - Defcon Talk Timeless-Timing-Attacks
Read MoreThis week on the podcast we talk Zero-Trust. What is it? How do you implement it? And why should all IT professionals work towards updating their networks to this security architecture? We’ll answer all that and more after a quick Kaseya update and a security memorandum from the White House.
Read More - What Is Zero-Trust Security?
Read MoreYesterday, the Biden Administration unveiled a new initiative to help improve the cybersecurity stance of the industrial control systems (ICS) that manage the nation’s critical infrastructure. As recent events (like the Colonial Pipeline ransomware incident) have shown, disruptions to critical infrastructure can have serious, potentially even fatal consequences. In short, this is a very real need and […]
Read More - What to Make of the Biden Administration’s New ICS Cybersecurity Initiative
Read MoreThis week on the podcast we cover the latest Microsoft Windows privilege escalation vulnerability, SeriousSAM aka HaveNightmare. Before that, we discuss NSO Group and their spyware software known as Pegasus and whether private organizations should be allowed to market and sell spyware to government agencies.
Read More - Why So SeriousSAM
Read MoreWith the White House announcing this month that it plans to investigate potential changes to Section 230, the safe harbor laws that enable websites to moderate content without risk of liability for content they fail to remove, we wanted to bring back an episode from last year where we discuss exactly what these laws are […]
Read More - Section 230 – Rewind
Read MoreMany of the recent high-profile ransomware attacks like those against Acer, JBS and more recently, customers of Kaseya, have been the work of the ransomware as a service group REvil. After the most recent attack that exploited multiple zero-day vulnerabilities in Kaseya’s VSA software and left thousands of organizations encrypted, REvil appears to have gone […]
Read More - REvil Hasn’t Gone Anywhere (Probably)
Read MoreUpdate 1: Third PrintNightmare CVE published (July 16th, 2021): Microsoft published CVE-2021-34481 on July 15th for a local privilege escalation vulnerability. The third Print Spooler service vulnerability is considered separate from PrintNightmare (CVE-2021-34527), but it is still within a similar sphere of printer driver vulnerabilities. Gentilkiwi, the author of the Mimikatz utility, posted a […]
Read More - The PrintNightmare Saga Continues to Frustrate System Administrators
Read MoreThis week on the podcast we cover the Kaseya mass ransomware incident from July 7. While the event is still ongoing, we already have evidence for how the attack occurred and exactly what the threat actors did on affected endpoints. In this episode we dive in to the details around the incident and defensive tips […]
Read More - Kaseya & PrintNightmare
Read MoreWe recorded this episode before news of the massive attack against Kasaye users broke on Friday. Suffice to say, next week’s episode will give a full debrief of the incident including how it happened, who it affected, and what all MSPs can learn from it. In the meantime, check out Corey’s post on the Kaseya […]
Read More - A Market for Lemons?
Read MoreManaged Service Providers (MSPs), especially ones using Kaseya VSA, should read this and take action as soon as possible. High-level Summary: On Friday, July 2, some MSPs using the on-premises version of Kaseya VSA suffered ransomware attacks that trickled down to their customers. Kaseya says around 1500 companies (so far), many customers of MSPs, have […]
Read More - Breaking Alert: MSP Targeted Ransomware Attack (Kaseya Supply Chain Attack)
Read MoreIts that time of year again! This week on the podcast, we cover the latest internet security report from the WatchGuard Threat Lab. We’ll go over the latest trends in malware and network attacks targeting WatchGaurd customer networks through the first quarter of the year, as well as defensive tips for all organizations.
Read More - Q1 2021 Internet Security Report
Read MoreWhat is malware? Its goal is to bypass computer defenses, infect a target, and often remain on the system if possible. A variety of evasion techniques depend on a mix between the skill of the author and the defenses of the intended victim. One of the most widely used tactics in malware is obfuscation. Obfuscation […]
Read More - AutoIt Malware: To obfuscate, or not to obfuscate
Read MoreWe normally think of malware and threats coming from executables, packages, and scripts. Researchers recently found a supply chain attack using a different method. Programs use Python scripts to manage and run services. You especially see this in Unix-based operating systems. When it comes to security many professionals use Python to automate tasks. Because […]
Read More - Python Modules: Not As Safe As You Think
Read MoreIt has been 11 years since the Google Doodle Pac-Man game was published. Many of us may remember this Google Doodle as it was the first interactive Google Doodle made. Unfortunately, like many fun things, there are those who see opportunity and take advantage of that. We recently noticed DNSWatch traffic blocking googlepacman[.]net. After some […]
Read More - Domain Parking, PUPs, and Annoying Push Notifications
Read MoreThis week on the podcast we discuss an often overlooked item for sale on underground forums, authentication cookies. Before that though, we’ll cover a few surprising stats from a recent ransomware study by Cybereason and an update from NATO on cyber warfare.
Read More - Dark Web Bake Sale
Read MoreThis week on the podcast, we discuss operation Trojan Shield, a multi-year program where the FBI in partnership with international law enforcement agencies developed and distributed an encrypted communications application on the underground that gave them full access into criminal messages. We’ll also cover the latest news from the recent Colonial Pipeline and JBS ransomware […]
Read More - Anom
Read MoreIn an operation headed by the US Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP), international law enforcement agencies managed to gather 27 million encrypted messages used for criminal communications, through an elaborate operation that involved development and distribution of a custom communications application for modified phones. Unsurprisingly, organized crime groups take extraordinary […]
Read More - Law Enforcement Agencies Went the Extra Mile with An0m
Read MoreA KickAss hacking group member (not the Torrent group) who goes by Leakbook claims to have the full FIFA 21 source code, which they have listed for sale on a popular hacking forum. In addition to the FIFA 21 source code they also claim to have access to the matchmaking servers, Frostbite source code, private […]
Read More - FIFA 21 Source Code Leak From Member of Reemerging Hacking Group
Read MoreThis week on the podcast, we take a look at how soldiers unknowingly leaked highly-sensitive information about the United States’ foreign nuclear arsenal and discuss how we can reprogram humans to not make similar mistakes. We also cover the latest major ransomware incident targeting manufacturing and industrial control, a damning privacy admission from Google’s own […]
Read More - Atomic Flashcards
Read MoreA large cyber attack has caused chaos in the New Zealand healthcare system over the past few weeks. Multiple hospitals in New Zealand became crippled due to locked phone lines and computers from a large ransomware attack. Though the ransom note didn’t contain a dollar amount the note indicates a “ransomware event” according to the […]
Read More - “The Biggest Cyber Attack In New Zealand’s History”
Read MoreA few years ago, in 2017, researchers Mathy Vanhoef and Frank Piessens published a whitepaper showcasing serious vulnerabilities within practically all modern protected Wi-Fi networks. The vulnerabilities lie within the Wi-Fi standard itself and are exploited using Key Reinstallation Attacks (KRACKs). These attacks primarily target the 4-way handshake of the WPA2 protocol – the current […]
Read More - WiFi FragAttacks
Read MoreThis week on the podcast we cover an epic battle between a video game giant and a tech behemoth that has the potential to change mobile security forever. After that, we cover updates to several recent security events including the SolarWinds breach, the attempted poisoning of the Oldsmar, FL water supply, and the ransomware attack […]
Read More - An Epic Battle
Read More