Cybersecurity News

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme

The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump's Dumps.

Who Stole 3.6M Tax Records from South Carolina?

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state's revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card records from big box retailers like Home Depot and Target in the years that followed.

Crickets from Chirp Systems in Smart Lock Key Leak

The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.

Why CISA is Warning CISOs About a Breach at Sisense

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.

Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links -- such as fedetwitter[.]com, which is currently rendered as fedex.com in tweets.

April’s Patch Tuesday Brings Record Number of Fixes

If only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month's patch batch -- a record 147 flaws in Windows and related software.

Fake Lawsuit Threat Exposes Privnote Phishing Sites

A cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called "The Manipulaters," a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. But new research suggests that while they have improved the quality of their products and services, these nitwits still fail spectacularly at hiding their illegal activities.

Thread Hijacking: Phishes That Prey on Your Curiosity

Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient's natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here's the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds "Allow" or "Don't Allow" to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user's account is under attack and that Apple support needs to "verify" a one-time code.

The Rise of Large-Language-Model Optimization

The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection.

But all of this is coming to an end. The advent of AI threatens to destroy the complex online ecosystem that allows writers, artists, and other creators to reach human audiences.

To understand why, you must understand publishing. Its core task is to connect writers to an audience. Publishers work as gatekeepers, filtering candidates and then amplifying the chosen ones. Hoping to be selected, writers shape their work in various ways. This article might be written very differently in an academic publication, for example, and publishing it here entailed pitching an editor, revising multiple drafts for style and focus, and so on...

Dan Solove on Privacy Regulation

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” His mini-abstract:

In this Article I argue that most of the time, privacy consent is fictitious. Instead of futile efforts to try to turn privacy consent from fiction to fact, the better approach is to lean into the fictions. The law can’t stop privacy consent from being a fairy tale, but the law can ensure that the story ends well. I argue that privacy consent should confer less legitimacy and power and that it be backstopped by a set of duties on organizations that process personal data based on consent...

Microsoft and Security Incentives

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft:

Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best.

[…]

“The government needs to focus on encouraging and catalyzing competition,” Grotto said. He believes it also needs to publicly scrutinize Microsoft and make sure everyone knows when it messes up...

Using Legitimate GitHub URLs for Malware

Interesting social-engineering attack vector:

McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg.

The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and those files will be associated with the project in the URL.

What this means is that someone can upload malware and “attach” it to a legitimate and trusted project.

As the file’s URL contains the name of the repository the comment was created in, and as almost every software company uses GitHub, this flaw can allow threat actors to develop extraordinarily crafty and trustworthy lures...

Friday Squid Blogging: Squid Trackers

A new bioadhesive makes it easier to attach trackers to squid.

Note: the article does not discuss squid privacy rights.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Other Attempts to Take Over Open Source Projects

After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique:

The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular JavaScript projects to “address any critical vulnerabilities,” yet cited no specifics. The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement. This approach bears strong resemblance to the manner in which “Jia Tan” positioned themselves in the XZ/liblzma backdoor...

Using AI-Generated Legislative Amendments as a Delaying Technique

Canadian legislators proposed 19,600 amendments—almost certainly AI-generated—to a bill in an attempt to delay its adoption.

I wrote about many different legislative delaying tactics in A Hacker’s Mind, but this is a new one.

X.com Automatically Changing Link Text but Not URLs

Brian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain name that ended with “twitter.com,” and (2) it only changed the link’s appearance (anchortext), not the underlying URL. So if you were a clever phisher and registered fedetwitter.com, people would see the link as fedex.com, but it would send people to fedetwitter.com.

Thankfully, the problem has been fixed.

New Lattice Cryptanalytic Technique

A new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems. This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems.

A few things to note. One, this paper has not yet been peer reviewed. As this comment points out: “We had already some cases where efficient quantum algorithms for lattice problems were discovered, but they turned out not being correct or only worked for simple special cases.” I expect we’ll learn more about this particular algorithm with time. And, like many of these algorithms, there will be improvements down the road...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak:

• I’m speaking twice at RSA Conference 2024 in San Francisco. I’ll be on a panel on software liability on May 6, 2024 at 8:30 AM, and I’m giving a keynote on AI and democracy on May 7, 2024 at 2:25 PM.

The list is maintained on this page.

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

Twitter Whistleblower Complaint: The TL;DR Version

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Firewall Bug Under Active Attack Triggers CISA Warning

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Fake Reservation Links Prey on Weary Travelers

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Everything you need to know about the Microsoft Exchange Server hack

Updated: A new critical vulnerability impacting Exchange Server is being exploited in the wild.

3 million smart toothbrushes were not used in a DDoS attack after all, but it could happen

[UPDATED] What's next, malware-infected dental floss? But seriously: It's a reminder that even the smallest smart home devices can be a threat. Here's how to protect yourself.

How to find and remove spyware from your phone

iPhone and Android users alike are facing more sophisticated surveillance threats than ever before. Suspect you're being tracked? Here's what to do right now.

Were you caught up in the latest data breach? Here's how to find out

Wondering if your information is posted online from a data breach? Here's how to check if your accounts are at risk and what to do next.

How to delete yourself from internet search results and hide your identity online

Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.

Hacked! My Twitter user data is out on the dark web -- now what?

Your Twitter user data may now be out there too, including your phone number. Here's how to check and what you can do about it.

Windows: Still insecure after all these years

OPINION: With every Windows release, Microsoft promises better security. And, sometimes, it makes improvements. But then, well then, we see truly ancient security holes show up yet again.

Stop using Twitter to log in to other websites

With Twitter's growing technical problems, you can't rely on it as your single sign-on for other sites.

How to keep your home secure when you travel

With travel stressful enough, you don't need the anxiety of wondering if your home is protected.

OpenSSL dodges a security bullet

The critical security vulnerability turned out to be two serious vulnerabilities. Still, they need patching ASAP.

Google to wipe user location history for visits to healthcare clinics, domestic violence shelters

Even if location history is enabled, visits to locations considered sensitive will be removed from logs.

This WhatsApp scam promises big, but just sends you into a spiral

Worker shortages are the hook for the phoney government's 'offer.'

Ukrainian police takes down phishing gang behind payments scam

Gang may have defrauded 5,000 people with promises of EU support.

Virtual-world tech company owner arrested over alleged $45m investment fraud scheme

Investment fraud scheme defrauded more than 10,000 victims, says Department of Justice.

The British Army is investigating after its Twitter and YouTube accounts were hijacked

The hijackers used the accounts to promote cryptocurrency and NFTs.

Period tracking apps are no longer safe. Delete them

Opinion: The convenience isn't worth the risk.

Dragonbridge influencers targets rare earth miners, encourages protests to disrupt production

Researchers say that China has 'crossed the line' again with the new online campaign.

Google details commercial spyware that targets both Android and iOS devices

Hermit highlights a wider issue concerning our privacy and freedom.

Scalper bots are snapping up appointments for government services in Israel

Scalpers are snapping up public service appointments and selling them on.

These hackers are spreading ransomware as a distraction - to hide their cyber spying

Five ransomware strains have been linked to Bronze Starlight activities.

Predictive Security Startup BforeAI Raises $15 Million

Predictive attack intelligence and risk protection startup BforeAI has raised $15 million in a Series A funding round led by SYN Ventures.

The post Predictive Security Startup BforeAI Raises $15 Million appeared first on SecurityWeek.

Palo Alto Networks Shares Remediation Advice for Hacked Firewalls

Palo Alto Networks has shared remediation instructions for organizations whose firewalls have been hacked via CVE-2024-3400.

The post Palo Alto Networks Shares Remediation Advice for Hacked Firewalls appeared first on SecurityWeek.

Autodesk Drive Abused in Phishing Attacks

A new phishing campaign abuses compromised email accounts and targets corporate users with PDF files hosted on Autodesk Drive.

The post Autodesk Drive Abused in Phishing Attacks  appeared first on SecurityWeek.

FTC Sending $5.6 Million in Refunds to Ring Customers Over Security Failures

The FTC is sending a total of $5.6 million in refunds to over 117,000 Ring customers as result of a 2023 settlement.

The post FTC Sending $5.6 Million in Refunds to Ring Customers Over Security Failures appeared first on SecurityWeek.

Vulnerabilities Expose Brocade SAN Appliances, Switches to Hacking

The Brocade SANnav management application is affected by multiple vulnerabilities, including a publicly available root password.

The post Vulnerabilities Expose Brocade SAN Appliances, Switches to Hacking appeared first on SecurityWeek.

Endpoint Security Firm ThreatLocker Raises $115 Million in Series D Funding

Zero trust endpoint security company ThreatLocker has announced a $115 million Series D funding round that brings the total to $240 million. 

The post Endpoint Security Firm ThreatLocker Raises $115 Million in Series D Funding appeared first on SecurityWeek.

IBM Acquiring HashiCorp for $6.4 Billion

IBM is acquiring HashiCorp for $6.4 billion for its infrastructure lifecycle management and security lifecycle management capabilities.

The post IBM Acquiring HashiCorp for $6.4 Billion appeared first on SecurityWeek.

Cisco Systems Joins Microsoft, IBM in Vatican Pledge to Ensure Ethical Use and Development of AI

Pope Francis has called for an international treaty to ensure AI is developed and used ethically, devoting his annual peace message this year to the topic.

The post Cisco Systems Joins Microsoft, IBM in Vatican Pledge to Ensure Ethical Use and Development of AI appeared first on SecurityWeek.

Cisco Raises Alarm for ‘ArcaneDoor’ Zero-Days Hitting ASA Firewall Platforms

Cisco warns that nation state-backed hackers are exploiting at least two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and energy sector networks.

The post Cisco Raises Alarm for ‘ArcaneDoor’ Zero-Days Hitting ASA Firewall Platforms appeared first on SecurityWeek.

KnowBe4 Plans to Acquire Egress for Email Security Tech

KnowBe4 boasts that the merger will create “the largest, advanced AI-driven cybersecurity platform for managing human risk.”

The post KnowBe4 Plans to Acquire Egress for Email Security Tech appeared first on SecurityWeek.

Flaws in Chinese keyboard apps leave 750 million users open to snooping, researchers claim

Huawei is OK, but Xiaomi, OPPO, and Samsung are in strife. And Honor isn't living its name

Many Chinese keyboard apps, some from major handset manufacturers, can leak keystrokes to determined snoopers, leaving perhaps three quarters of a billion people at risk according to research from the University of Toronto’s Citizen Lab.…

Cops cuff man for allegedly framing colleague with AI-generated hate speech clip

Athletics boss accused of deep-faking Baltimore school principal

Baltimore police have arrested Dazhon Leslie Darien, the former athletic director of Pikesville High School (PHS), for allegedly impersonating the school's principal using AI software to make it seem as if he made racist and antisemitic remarks.…

Ring dinged for $5.6M after, among other claims, rogue insider spied on 'pretty girls'

Cash to go out as refunds to punters

The FTC today announced it would be sending refunds totaling $5.6 million to Ring customers, paid from the Amazon subsidiary's coffers.…

Two cuffed in Samourai Wallet crypto dirty money sting

Suspects in Portugal and the US said to have laundered over $100M

Two men alleged to be co-founders of cryptocurrency biz Samourai Wallet face serious charges and potentially decades in US prison over claims they owned a product that facilitated the laundering of over $100 million in criminal cash.…

Russia, Iran pose most aggressive threat to 2024 elections, say infoseccers

Google security crew reveal ‘the four Ds’ to be on the watch for

It may come as a surprise to absolutely nobody that experts say, in revealing the most prevalent and likely tactics to meddle with elections this year, that state-sponsored cybercriminals pose the biggest threat.…

What to do in the age of the critical breach

Why the triple threat of ransomware, data breaches, and extortion is a cybersecurity crisis

The UK government could be forgiven for wanting to forget March 2024 ever happened.…

Indian bank’s IT is so shabby it’s been banned from opening new accounts

After two years of warnings, and outages, regulators ran out of patience with Kotak Mahindra Bank

India’s central bank has banned Kotak Mahindra Bank from signing up new customers for accounts or credit cards through its online presence and app.…

Australia’s spies and cops want ‘accountable encryption’ - aka access to backdoors

And warn that AI is already being used by extremists to plot attacks

The director general of Australia’s lead intelligence agency and the commissioner of its Federal Police yesterday both called for social networks to offer more assistance to help their investigators work on cases involving terrorism, child exploitation, and racist nationalism.…

Governments issue alerts after 'sophisticated' state-backed actor found exploiting flaws in Cisco security boxes

Don't get too comfortable: 'Line Dancer' malware may be targeting other vendors, too

A previously unknown and "sophisticated" nation-state group compromised Cisco firewalls as early as November 2023 for espionage purposes — and possibly attacked network devices made by other vendors including Microsoft, according to warnings from the networking giant and three Western governments.…

Shouldn't Teams, Zoom, Slack all interoperate securely for the Feds? Wyden is asking

Doctorow: 'The most amazing part is that this isn't already the way it's done'

Collaboration software used by federal government agencies — this includes apps from Microsoft, Zoom, Slack, and Google — will be required to work together and be securely end-to-end encrypted, if legislation proposed by US Senator Ron Wyden (D-OR) passes.…

Microsoft cannot keep its own security in order, so what hope for its add-ons customers?

Secure-by-default... if your pockets are deep enough

Microsoft has come under fire for charging for security add-ons despite the company's own patchy record when it comes to vulnerabilities and breaches.…

Management company settles for $18.4M after nuclear weapons plant staff fudged their timesheets

The firm 'fessed up to staff misconduct and avoided criminal liability

A company contracted to manage an Amarillo, Texas nuclear weapons facility has to pay US government $18.4 million in a settlement over allegations that its atomic technicians fudged their timesheets to collect more money from Uncle Sam.…

Google cools on cookie phase-out while regulators chew on plans

Privacy Sandbox slips into 2025 after challenges from UK authorities

Google's plan to phase out third-party cookies in Chrome is being postponed to 2025 amid wrangling with the UK's Competition and Markets Authority (CMA) and Information Commissioner's Office (ICO).…

US charges Iranians with cyber snooping on government, companies

Their holiday options are now far more restricted

The US has charged and sanctioned four Iranian nationals for their alleged roles in various attacks on US companies and government departments, all of whom are claimed to have worked for fake companies linked to Iran's military.…

If Britain is so bothered by China, why do these .gov.uk sites use Chinese ad brokers?

One wonders why are there adverts on public-sector portals at all

Exclusive  At least 18 public-sector websites in the UK and US send visitor data in some form to various web advertising brokers – including an ad-tech biz in China involved in past privacy controversies, a security firm claims.…

Mandiant: Orgs are detecting cybercriminals faster than ever

The 'big victory for the good guys' shouldn't be celebrated too much, though

The average time taken by global organizations to detect cyberattacks has dropped to its lowest-ever level of ten days, Mandiant revealed today.…

UnitedHealth admits IT security breach could 'cover substantial proportion of people in America'

That said, good ol' American healthcare system so elaborately costly, some are forced to avoid altogether

UnitedHealth Group, the parent of ransomware-struck Change Healthcare, delivered some very unwelcome news for customers today as it continues to recover from the massively expensive side and disruptive digital break-in.…

Leicester streetlights take ransomware attack personally, shine on 24/7

City council says it lost control after shutting down systems

It's become somewhat cliché in cybersecurity reporting to speculate whether an organization will have the resources to "keep the lights on" after an attack. But the opposite turns out to be true with Leicester City Council following its March ransomware incident.…

Over a million Neighbourhood Watch members exposed through web app bug

Unverified users could scoop up data on high-value individuals without any form of verification process

Neighbourhood Watch (NW) groups across the UK can now rest easy knowing the developers behind a communications platform fixed a web app bug that leaked their data en masse.…

Misconfigured cloud server leaked clues of North Korean animation scam

Outsourcers outsourced work for the BBC, Amazon, and HBO Max to the hermit kingdom

A misconfigured cloud server that used a North Korean IP address has led to the discovery that film production studios including the BBC, Amazon, and HBO Max could be inadvertently using workers from the hermit kingdom for animation projects.…

Old Windows print spooler bug is latest target of Russia's Fancy Bear gang

Putin's pals use 'GooseEgg' malware to launch attacks you can defeat with patches or deletion

Russian spies are exploiting a years-old Windows print spooler vulnerability and using a custom tool called GooseEgg to elevate privileges and steal credentials across compromised networks, according to Microsoft Threat Intelligence.…

FBI and friends get two more years of warrantless FISA Section 702 snooping

Senate kills reform amendments, Biden swiftly signs bill into law

US lawmakers on Saturday reauthorized a contentious warrantless surveillance tool for another two years — and added a whole bunch of people and organizations to the list of those who can be compelled to spy for Uncle Sam.…

Europol now latest cops to beg Big Tech to ditch E2EE

Don't bore us, get to the chorus: You need less privacy so we can protect the children

Yet another international cop shop has come out swinging against end-to-end encryption - this time it's Europol which is urging an end to implementation of the tech for fear police investigations will be hampered by protected DMs.…

Germany arrests trio accused of trying to smuggle naval military tech to China

Prosecutors believe one frikkin' laser did make its way to Beijing

Germany has arrested three citizens who allegedly tried to transfer military technology to China, a violation of the country's export rules.…

Watchdog tells Dutch govt: 'Do not use Facebook if there is uncertainty about privacy'

Meta insists it's just misunderstood and it's safe to talk to citizens over FB

The Dutch Data Protection Authority (AP) has warned that government organizations should not use Facebook to communicate with the country's citizens unless they can guarantee the privacy of data.…

US House passes fresh TikTok ban proposal to Senate

Sadly no push to end stupid TikTok dances, but ByteDance would have year to offload app stateside

Fresh US legislation to force the sale of TikTok locally was passed in Washington over the weekend after an earlier version stalled in the Senate.…

UK data watchdog questions how private Google's Privacy Sandbox is

Leaked draft report says stated goals still come up short

Google's Privacy Sandbox, which aspires to provide privacy-preserving ad targeting and analytics, still isn't sufficiently private.…

Has the ever-present cyber danger just got worse?

Facing down the triple threat of ransomware, data breaches and criminal extortion

Webinar  On the face of it, there really isn't much of an upside for the current UK government after MPs described its response to attacks by cyber-espionage group APT31 as 'feeble, derisory and sadly insufficient.'…

Google all at sea over rising tide of robo-spam

What if it's not AI but the algorithm to blame?

Opinion  It was a bold claim by the richest and most famous tech founder: bold, precise and wrong. Laughably so. Twenty years ago, Bill Gates promised to rid the world of spam by 2006. How's that worked out for you?…

Rarest, strangest, form of Windows saved techie from moment of security madness

For once, Redmond's finest saved the day - by being rubbish in unexpectedly useful ways

Who, Me?  It's Monday once again, dear reader, and you know what that means: another dive into the Who, Me? confessional, to share stories of IT gone wrong that Reg readers managed to pretend had gone right.…

Researchers claim Windows Defender can be fooled into deleting databases

Two rounds of reports and patches may not have completely closed this hole

BLACK HAT ASIA  Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files. And, they asserted, the hole could remain exploitable – even after both vendors claim to have patched the problem.…

China creates 'Information Support Force' to improve networked defence capabilities

A day after FBI boss warns Beijing is poised to strike against US infrastructure

China last week reorganized its military to create an Information Support Force aimed at ensuring it can fight and win networked wars.…

MITRE admits 'nation state' attackers touched its NERVE R&D operation

PLUS: Akira ransomware resurgent; Telehealth outfit fined for data-sharing; This week's nastiest vulns

Infosec In Brief  In a cautionary tale that no one is immune from attack, the security org MITRE has admitted that it got pwned.…

Sacramento airport goes no-fly after AT&T internet cable snipped

Police say this appears to be a 'deliberate act.'

Sacramento International Airport (SMF) suffered hours of flight delays yesterday after what appears to be an intentional cutting of an AT&T internet cable serving the facility.…

WhatsApp, Threads, more banished from Apple App Store in China

Still available in Hong Kong and Macau, for now

Apple has removed four apps from its China-regional app store, including Meta's WhatsApp and Threads, after it was ordered to do so by Beijing for security reasons.…

Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals

It’s the second time the World-Check list has fallen into the wrong hands

The World-Check database used by businesses to verify the trustworthiness of users has fallen into the hands of cybercriminals.…

Germany cuffs alleged Russian spies over plot to bomb industrial and military targets

Apparently an attempt to damage Ukraine's war effort

Bavarian state police have arrested two German-Russian citizens on suspicion of being Russian spies and planning to bomb industrial and military facilities that participate in efforts to assist Ukraine defend itself against Vladimir Putin’s illegal invasion.…

Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers

Source blames BlackSuit infection – as separately ISP Frontier confirms cyberattack

Updated  Octapharma Plasma has blamed IT "network issues" for the ongoing closure of its 150-plus centers across the US. It's feared a ransomware infection may be the root cause of the medical firm's ailment.…

Crooks exploit OpenMetadata holes to mine crypto – and leave a sob story for victims

'I want to buy a car. That's all'

Crooks are exploiting now-patched OpenMetadata vulnerabilities in Kubernetes environments to mine cryptocurrency using victims' resources, according to Microsoft.…

House passes bill banning Uncle Sam from snooping on citizens via data brokers

Vote met strong opposition from Biden's office

A draft law to restrict the US government's ability to procure data on citizens through data brokers will progress to the Senate after being passed in the House of Representatives.…

Fraudsters abused Apple Stores' third-party pickup policy to phish for profits

Scam prevalent across Korea and Japan actually had some winners

Black Hat Asia  Speaking at the Black Hat Asia conference on Thursday, a Korean researcher revealed how the discovery of a phishing operation led to the exposure of a criminal operation that used stolen credit cards and second-hand stores to make money by abusing Apple Stores’ practice of letting third parties pick up purchases.…

185K people's sensitive data in the pits after ransomware raid on Cherry Health

Extent of information seized will be a concern for those affected

Ransomware strikes at yet another US healthcare organization led to the theft of sensitive data belonging to just shy of 185,000 people.…

EU tells Meta it can't paywall privacy

Platforms should not confront users with 'binary choice' over personal data use

The EU's Data Protection Board (EDPB) has told large online platforms they should not offer users a binary choice between paying for a service and consenting to their personal data being used to provide targeted advertising.…

Prolific phishing-made-easy emporium LabHost knocked offline in cyber-cop op

Police emit Spotify Wrapped-style videos to let crims know they're being hunted

Feature  Cops have brought down a dark-web souk that provided cyber criminals with convincing copies of trusted brands' websites for use in phishing campaigns.…

Cisco creates architecture to improve security and sell you new switches

Hypershield detects bad behavior and automagically reconfigures networks to snuff out threats

Cisco has developed a product called Hypershield that it thinks represents a new way to do network security.…

Singapore infosec boss warns China/West tech split will be bad for interoperability

When you decide not to trust a big chunk of the supply chain, tech (and trade) get harder

One of the biggest challenges Singapore faces is the potential for a split between tech stacks developed and used by China and the West, according to the island nation's Cyber Security Administration (CSA) chief executive David Koh.…

Taiwanese film studio snaps up Chinese surveillance camera specialist Dahua

Stymied by sanctions, it had to go … but where?

Chinese surveillance camera manufacturer Zhejiang Dahua Technology, which has found itself on the USA’s entity list of banned orgs, has fully sold off its stateside subsidiary for $15 million to Taiwan's Central Motion Picture Corporation, according to the firm's annual report released on Monday.…

Hugely expanded Section 702 surveillance powers set for US Senate vote

Opponents warn almost anyone could be asked to share info with Uncle Sam

On Thursday the US Senate is expected to reauthorize the contentious warrantless surveillance powers conferred by Section 702 of the Foreign Intelligence Surveillance Act (FISA), and may even strengthen them with language that, according to US Senator Ron Wyden (D-OR), "will force a huge range of companies and individuals to spy for the government."…

Kremlin's Sandworm blamed for cyberattacks on US, European water utilities

Water tank overflowed during one system malfunction, says Mandiant

The Russian military's notorious Sandworm crew was likely behind cyberattacks on US and European water plants that, in at least one case, caused a tank to overflow.…

Exploit code for Palo Alto Networks zero-day now public

Race on to patch as researchers warn of mass exploitation of directory traversal bug

Various infosec researchers have released proof-of-concept (PoC) exploits for the maximum-severity vulnerability in Palo Alto Networks' PAN-OS used in GlobalProtect gateways.…

US Takes Down Illegal Cryptocurrency Mixing Service Samourai Wallet

The two founders of Samourai Wallet have been charged with money laundering and unlicensed money-transmitting offenses

State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities

An advisory from Cisco Talos has highlighted a sophisticated cyber-espionage campaign targeting government networks globally

DragonForce Ransomware Group Uses LockBit's Leaked Builder

Cyber threat intelligence provider Cyble found that DragonForce was using a ransomware binary based on LockBit Black’s builder

11% of Cybersecurity Teams Have Zero Women

A new ISC2 study highlights the lack of diversity in cybersecurity with only 4% of teams having a majority of women, while 11% have none at all

Online Banking Security Still Not Up to Par, Says Which?

Consumer rights group Which? has found more security gaps in UK banking sites and apps

BEC and Fund Transfer Fraud Top Insurance Claims

Email-borne fraud accounted for more insurance claims than any other category in 2023, says Coalition

High Performance Podcast Duo to Unveil Secrets of Success at Infosecurity Europe 2024

Jake Humphrey and Professor Damian Hughes, the minds behind the High Performance Podcast, share their top non-negotiable behaviours for success in cybersecurity

US Congress Passes Bill to Ban TikTok

The bill that could see TikTok banned in the US has been approved by the House of Representatives and the Senate

US Sanctions Iranian "Fronts" for Cyber-Attacks on American Entities

The US Treasury announced sanctions on two companies and four individuals for cyber campaigns conducted on behalf of the Iranian government

Leeds Talent Pool Attracts BlueVoyant's First UK Security Operations Center

The proximity of organizations’ headquarters, like Asda’s and NHS England’s, prompted BlueVoyant to choose Leeds as the location for its first UK SOC

Security Leaders Braced for Daily AI-Driven Attacks by Year-End

Netacea research found that 93% of security leaders expect to face daily AI-driven attacks by the end of 2024, with 65% predicting that offensive AI will be the norm for cybercriminals

Fifth of CISOs Admit Staff Leaked Data Via GenAI

One in five UK organizations have had corporate data exposed via generative AI, says RiverSafe

Most people still rely on memory or pen and paper for password management

Bitwarden surveyed 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to investigate current user password practices. The survey shows that 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit to using personal information in their credentials publicly accessible on social media (60%) platforms and online forums (30%). These practices reveal a significant gap between recommended security practices and actual user behavior, highlighting how weak password habits and password reuse … More →

The post Most people still rely on memory or pen and paper for password management appeared first on Help Net Security.

LSA Whisperer: Open-source tools for interacting with authentication packages

LSA Whisperer consists of open-source tools designed to interact with authentication packages through their unique messaging protocols. Support is currently provided for the cloudap, kerberos, msv1_0, negotiate, pku2u, schannel packages and cloudap’s AzureAD plugin. Partial or unstable support is provided for livessp, negoexts, and the security package manager. What LSA Whisperer does “Many authentication packages generally support their internal APIs, known as package calls, and relatively few are documented or used outside of Microsoft. I … More →

The post LSA Whisperer: Open-source tools for interacting with authentication packages appeared first on Help Net Security.

What AI can tell organizations about their M&A risk

Following the past few years of economic turbulence, merger and acquisition (M&A) activity is on the rise in 2024, with several acquisition deals being announced in the first few months of the year valued at billions of dollars. With the surge of AI adoption, companies must not only reevaluate AI’s role in identifying top prospects but also assess and resolve security risks that may lie hidden within their networks and the companies they are merging … More →

The post What AI can tell organizations about their M&A risk appeared first on Help Net Security.

Breaking down the numbers: Cybersecurity funding activity recap

Here’s a list of interesting cybersecurity companies that received funding so far in 2024. Aim Security January | $10 million Aim Security raised $10 million in seed funding, led by YL Ventures, with participation from CCL (Cyber Club London), the founders of WIZ and angel investors from Google, Proofpoint and Palo Alto Networks. Aim Security was founded by cybersecurity veterans Matan Getz, CEO and Adir Gruss, CTO who pioneered the use and adoption of AI … More →

The post Breaking down the numbers: Cybersecurity funding activity recap appeared first on Help Net Security.

New infosec products of the week: April 26, 2024

Here’s a look at the most interesting products from the past week, featuring releases from Cyberint, Forcepoint, Invicti Security, Netwrix, Trend Micro, Zero Networks, and WhyLabs. Trend Micro launches AI-driven cyber risk management capabilities Trend Micro unveiled AI-driven cyber risk management capabilities across its entire flagship platform, Trend Vision One. This seamlessly integrates more than 10 industry technology categories into one offering, empowering security, cloud and IT operations teams to manage risk proactively. Zero Networks … More →

The post New infosec products of the week: April 26, 2024 appeared first on Help Net Security.

Net neutrality has been restored

The Federal Communications Commission (FCC) today voted to restore a national standard to ensure the internet is fast, open, and fair. Today’s decision to reclassify broadband service as a Title II telecommunications service allows the FCC to protect consumers, defend national security, and advance public safety. Through its actions today, the Commission creates a national standard by which it can ensure that broadband internet service is treated as an essential service. Today’s vote also makes … More →

The post Net neutrality has been restored appeared first on Help Net Security.

Stellar Cyber and Acronis team up to provide optimized threat detection solutions for MSPs

Stellar Cyber has revealed a new partnership with Acronis, to deliver an optimized threat detection and response solution enabling MSPs to protect on-premises, cloud, hybrid, and IT/OT environments most cost-effectively and efficiently possible. Through this partnership, Stellar Cyber and Acronis aim to help organizations protect themselves from advanced cyberattacks by removing artificial obstacles that make it difficult for security teams to identify and mitigate threats effectively. Acronis Cyber Protect Cloud enables Managed Service Providers (MSPs) … More →

The post Stellar Cyber and Acronis team up to provide optimized threat detection solutions for MSPs appeared first on Help Net Security.

Edgio Client-Side Protection enables organizations to secure critical customer data

Edgio released its Client-Side Protection solution. Designed to monitor scripts and APIs on the browser-side to prevent malicious code from exfiltrating sensitive customer data, Edgio Client-Side Protection allows teams to gain full visibility on client-side vulnerabilities, achieve full control over all first- and third-party resources and maintain the latest compliance requirements. Payment Card Industry (PCI) Data Security Standard (DSS) v4.0 represents the latest global standards for protecting payment data against sophisticated cyber attacks. PCI DSS … More →

The post Edgio Client-Side Protection enables organizations to secure critical customer data appeared first on Help Net Security.

IBM to buy HashiCorp in $6.4 billion cash deal, expanding cloud portfolio

IBM and HashiCorp have entered into a definitive agreement under which IBM will acquire HashiCorp for $35 per share in cash, representing an enterprise value of $6.4 billion. HashiCorp’s suite of products provides enterprises with extensive Infrastructure Lifecycle Management and Security Lifecycle Management capabilities to enable organizations to automate their hybrid and multi-cloud environments. “Enterprise clients are wrestling with an unprecedented expansion in infrastructure and applications across public and private clouds, as well as on-prem … More →

The post IBM to buy HashiCorp in $6.4 billion cash deal, expanding cloud portfolio appeared first on Help Net Security.

Dropzone AI raises $16.85 million to combat advanced AI attacks

Dropzone AI has raised $16.85 million in Series A funding. Theory Ventures led the round, adding to their cohort of existing investors Decibel Partners, Pioneer Square Ventures, and In-Q-Tel (IQT). Carta CISO Garrett Held, Head of Security at Postman Joshua Scott, and Integreon President and Head of Cyber Solutions Anshu Gupta also joined the Series A round. Theory Ventures Founder Tomasz Tunguz will join the board as part of its investment. Dropzone will use this … More →

The post Dropzone AI raises $16.85 million to combat advanced AI attacks appeared first on Help Net Security.

What makes Starmus unique? – A Q&A with award-winning filmmaker Todd Miller

The director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges as well as why he became involved with Starmus.

How technology drives progress – A Q&A with Nobel laureate Michel Mayor

We spoke to Michel Mayor about the importance of public engagement with science and fostering responsibility among the youth for the preservation of our changing planet

The vision behind Starmus – A Q&A with the festival’s co-founder Garik Israelian

Dr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and the strong sense of community within the Starmus universe

Protecting yourself after a medical data breach – Week in security with Tony Anscombe

What are the risks and consequences of having your health data exposed and what are the steps to take if it happens to you?

The many faces of impersonation fraud: Spot an imposter before it’s too late

What are some of the most common giveaway signs that the person behind the screen or on the other end of the line isn’t who they claim to be?

The ABCs of how online ads can impact children’s well-being

From promoting questionable content to posing security risks, inappropriate ads present multiple dangers for children. Here’s how to help them stay safe.

eXotic Visit includes XploitSPY malware – Week in security with Tony Anscombe

Almost 400 people in India and Pakistan have fallen victim to an ongoing Android espionage campaign called eXotic Visit

Bitcoin scams, hacks and heists – and how to avoid them

Here’s how cybercriminals target cryptocurrencies and how you can keep your bitcoin or other crypto safe

Beyond fun and games: Exploring privacy risks in children’s apps

Should children’s apps come with ‘warning labels’? Here's how to make sure your children's digital playgrounds are safe places to play and learn.

The devil is in the fine print – Week in security with Tony Anscombe

Temu's cash giveaway where people were asked to hand over vast amounts of their personal data to the platform puts the spotlight on the data-slurping practices of online services today

RDP remains a security concern – Week in security with Tony Anscombe

Much has been written about the risks that poorly-secured RDP connections entail, but many organizations continue to leave themselves at risk and get hit by data breaches as a result

How often should you change your passwords?

And is that actually the right question to ask? Here’s what else you should consider when it comes to keeping your accounts safe.

Malware hiding in pictures? More likely than you think

There is more to some images than meets the eye – their seemingly innocent façade can mask a sinister threat.

AceCryptor attacks surge in Europe – Week in security with Tony Anscombe

The second half of 2023 saw massive growth in AceCryptor-packed malware spreading in the wild, including courtesy of multiple spam campaigns where AceCryptor packed the Rescoms RAT

Borrower beware: Common loan scams and how to avoid them

Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Here’s how to avoid being scammed when considering a loan.

Cybercriminals play dirty: A look back at 10 cyber hits on the sporting world

This rundown of 10 cyberattacks against the sports industry shows why every team needs to keep its eyes on the ball when it comes to cybersecurity

Cybersecurity starts at home: Help your children stay safe online with open conversations

Struggle to know how to help children and teens stay safe in cyberspace? A good ol’ fashioned chat is enough to put them on the right track.

A prescription for privacy protection: Exercise caution when using a mobile health app

Given the unhealthy data-collection habits of some mHealth apps, you’re well advised to tread carefully when choosing with whom you share some of your most sensitive data

Healthcare still a prime target for cybercrime gangs – Week in security with Tony Anscombe

Healthcare organizations remain firmly in attackers' crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in the US in 2023

Threat intelligence explained | Unlocked 403: A cybersecurity podcast

We break down the fundamentals of threat intelligence and its role in anticipating and countering emerging threats

Rescoms rides waves of AceCryptor spam

Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries

How to share sensitive files securely online

Here are a few tips for secure file transfers and what else to consider when sharing sensitive documents so that your data remains safe

APT attacks taking aim at Tibetans – Week in security with Tony Anscombe

Evasive Panda has been spotted targeting Tibetans in several countries and territories with payloads that included a previously undocumented backdoor ESET has named Nightdoor

Election cybersecurity: Protecting the ballot box and building trust in election integrity

What cyberthreats could wreak havoc on elections this year and how worried should we as voters be about the integrity of our voting systems?

Top 10 scams targeting seniors – and how to keep your money safe

The internet can be a wonderful place. But it’s also awash with fraudsters preying on people who are susceptible to fraud.

Irresistible: Hooks, habits and why you can’t put down your phone

Struggle to part ways with your tech? You’re not alone. Here’s why your devices are your vices.

Deceptive AI content and 2024 elections – Week in security with Tony Anscombe

As the specter of AI-generated disinformation looms large, tech giants vow to crack down on fabricated content that could sway voters and disrupt elections taking place around the world this year

Evasive Panda leverages Monlam Festival to target Tibetans

ESET researchers uncover strategic web compromise and supply-chain attacks targeting Tibetans

eXotic Visit campaign: Tracing the footprints of Virtual Invaders

ESET researchers uncovered the eXotic Visit espionage campaign that targets users mainly in India and Pakistan with seemingly innocuous apps

Vulnerabilities in business VPNs under the spotlight

As adversaries increasingly set their sights on vulnerable enterprise VPN software to infiltrate corporate networks, concerns mount about VPNs themselves being a source of cyber risk

PSYOP campaigns targeting Ukraine – Week in security with Tony Anscombe

Coming in two waves, the campaign sought to demoralize Ukrainians and Ukrainian speakers abroad with disinformation messages about war-related subjects

10 things to avoid posting on social media – and why

Do you often take to social media to broadcast details from your life? Here’s why this habit may put your privacy and security at risk.

Cyber-insurance and vulnerability scanning – Week in security with Tony Anscombe

Here's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signals

What is AI, really? | Unlocked 403: A cybersecurity podcast

Artificial intelligence is on everybody’s lips these days, but there are also many misconceptions about what AI actually is and isn’t. We unpack AI's basics, applications and broader implications.

Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war

A mix of PSYOPs, espionage and … fake Canadian pharmacies!

Everything you need to know about IP grabbers

Unsuspecting users beware, IP grabbers do not ask for your permission.

Watching out for the fakes: How to spot online disinformation

Why and how are we subjected to so much disinformation nowadays, and is there a way to spot the fakes?

Ransomware payments hit a record high in 2023 – Week in security with Tony Anscombe

Called a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous year

Deepfakes in the global election year of 2024: A weapon of mass deception?

As fabricated images, videos and audio clips of real people go mainstream, the prospect of a firehose of AI-powered disinformation is a cause for mounting concern

7 reasons why cybercriminals want your personal data

Here's what drives cybercriminals to relentlessly target the personal information of other people – and why you need to guard your data like your life depends on it

Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses

Here’s how the blue team wards off red teamers and a few open-source tools it may leverage to identify chinks in the corporate armor

Grandoreiro banking malware disrupted – Week in security with Tony Anscombe

The banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windows

The buck stops here: Why the stakes are high for CISOs

Heavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses?

Could your Valentine be a scammer? How to avoid getting caught in a bad romance

With Valentine’s Day almost upon us, here’s some timely advice on how to prevent scammers from stealing more than your heart

ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora

An AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes

ESET takes part in global operation to disrupt the Grandoreiro banking trojan

ESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimology

Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony Anscombe

The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK

Cyber: The Swiss army knife of tradecraft

In today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike

VajraSpy: A Patchwork of espionage apps

ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group

Assessing and mitigating supply chain cybersecurity risks

Blindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk management

Why many CISOs consider quitting – Week in security with Tony Anscombe

The job of a CISO is becoming increasingly stressful as cybersecurity chiefs face overwhelming workloads and growing concerns over personal liability for security failings

Break the fake: The race is on to stop AI voice cloning scams

As AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls – and what the future holds for deepfake detection

NSPX30: A sophisticated AitM-enabled implant evolving since 2005

ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood

Virtual kidnapping: How to see through this terrifying scam

Phone fraud takes a frightening twist as fraudsters can tap into AI to cause serious emotional and financial damage to the victims

Is Temu safe? What to know before you ‘shop like a billionaire’

Here are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible deal

The 7 deadly cloud security sins – and how SMBs can do things better

By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk

Lessons from SEC's X account hack – Week in security with Tony Anscombe

The cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC's X account right ahead of the much-anticipated decision about Bitcoin ETFs

Attack of the copycats: How fake messaging apps and app mods could bite you

WhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Don’t get taken for a ride.

Love is in the AI: Finding love online takes on a whole new meaning

Is AI companionship the future of not-so-human connection – and even the cure for loneliness?

Cybersecurity trends and challenges to watch out for in 2024 – Week in security with Tony Anscombe

What are some of the key cybersecurity trends that people and organizations should have on their radars this year?

Lost and found: How to locate your missing devices and more

Losing your keys, your wallet – or anything else, really – can be a pain, but there is a wide world of trackers that can help you locate your missing things – with awesome accuracy

Cracking the 2023 SANS Holiday Hack Challenge

From ChatNPT to Game Boys and space apps, this year’s challenge took us to the Geese Islands for another rollicking romp of fun

The art of digital sleuthing: How digital forensics unlocks the truth

Learn how the cyber variety of CSI works, from sizing up the crime scene and hunting for clues to piecing together the story that the data has to tell

A peek behind the curtain: How are sock puppet accounts used in OSINT?

How wearing a ‘sock puppet’ can aid the collection of open source intelligence while insulating the ‘puppeteer’ from risks

Key findings from ESET Threat Report H2 2023 – Week in security with Tony Anscombe

How cybercriminals take advantage of the popularity of ChatGPT and other tools of its ilk to direct people to sketchy sites, plus other interesting findings from ESET's latest Threat Report

A year in review: 10 of the biggest security incidents of 2023

As we draw the curtain on another eventful year in cybersecurity, let’s review some of the high-profile cyber-incidents that befell various organizations this year

Got a new device? 7 things to do before disposing of your old tech

Before getting rid of your no-longer-needed device, make sure it doesn’t contain any of your personal documents or information

Safeguard the joy: 10 tips for securing your shiny new device

Unwrapping a new gadget this holiday season will put a big smile on your face but things may quickly turn sour if the device and data on it aren’t secured properly

New iOS feature to thwart eavesdropping – Week in security with Tony Anscombe

Your iPhone has just received a new feature called iMessage Contact Key Verification that is designed to help protect your messages from prying eyes

ESET Threat Report H2 2023

A view of the H2 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

These aren’t the Androids you should be looking for

You may get more than you bargained for when you buy a budget-friendly smartphone and forgo safeguards baked into Google Play

ESET Research Podcast: Neanderthals, Mammoths and Telekopye

ESET researchers discuss the dynamics within and between various groups of scammers who use a Telegram bot called Telekopye to scam people on online marketplaces

Black Hat Europe 2023: Should we regulate AI?

ChatGPT would probably say "Definitely not!", but will we learn any lessons from the rush to regulate IoT in the past?

Delivering trust with DNS security

Can DNS protection technology transform consumers’ worries about cybercrime with a trust-based approach?

Surge in deceptive loan apps – Week in security with Tony Anscombe

ESET Research reveals details about a growth in the number of deceptive loan apps on Android, their origins and modus operandi.

Black Hat Europe 2023: The past could return to haunt you

Legacy protocols in the healthcare industry present dangers that can make hospitals extremely vulnerable to cyberattacks.

Silent but deadly: The rise of zero-click attacks

A security compromise so stealthy that it doesn’t even require your interaction? Yes, zero-click attacks require no action from you – but this doesn’t mean you’re left vulnerable.

OilRig’s persistent attacks using cloud service-powered downloaders

ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications

A pernicious potpourri of Python packages in PyPI

The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository

To tap or not to tap: Are NFC payments safer?

Contactless payments are quickly becoming ubiquitous – but are they more secure than traditional payment methods?

Navigating privacy: Should we put the brakes on car tracking?

Your car probably knows a lot more about you than it lets on – but is the trade-off of privacy for convenience truly justifiable?

Teaching appropriate use of AI tech – Week in security with Tony Anscombe

Several cases of children creating indecent images of other children using AI software add to the worries about harmful uses of AI technology

Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths

ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play

Very precisely lost – GPS jamming

The technology is both widely available and well developed, hence it's also poised to proliferate – especially in the hands of those wishing ill

Executives behaving badly: 5 ways to manage the executive cyberthreat

Failing to practice what you preach, especially when you are a juicy target for bad actors, creates a situation fraught with considerable risk

Telekopye's tricks of the trade – Week in security with Tony Anscombe

ESET's research team reveals details about the onboarding process of the Telekopye scam operation and the various methods that the fraudsters use to defraud people online

Left to their own devices: Security for employees using personal devices for work

As personal devices within corporate networks make for a potentially combustible mix, a cavalier approach to BYOD security won’t cut it

Retail at risk: Top threats facing retailers this holiday season

While it may be too late to introduce wholesale changes to your security policies, it doesn’t hurt to take a fresh look at where the biggest threats are and which best practices can help neutralize them

‘Tis the season to be wary: 12 steps to ruin a cybercriminal's day

The holiday shopping season may be the time to splurge, but it’s a also favorite time of year for cybercriminals to target shoppers with phony deals, phishing scams and other threats

Telekopye: Chamber of Neanderthals’ secrets

Insight into groups operating Telekopye bots that scam people in online marketplaces

Your voice is my password

AI-driven voice cloning can make things far too easy for scammers – I know because I’ve tested it so that you don’t have to learn about the risks the hard way.

Fuel for thought: Can a driverless car get arrested?

What happens when problems caused by autonomous vehicles are not the result of errors, but the result of purposeful attacks?

Safeguarding ports from the rising tide of cyberthreats – Week in security with Tony Anscombe

An attack against a port operator that ultimately hobbled some 40 percent of Australia’s import and export capacity highlights the kinds of supply chain shocks that a successful cyberattack can cause

Say what you will? Your favorite speech-to-text app may be a privacy risk

Typing with your voice? It should go without saying that you need to take some precautions and avoid spilling your secrets.

Spyware disguised as a news app – Week in security with Tony Anscombe

The Urdu version of the Hunza News website offers readers the option to download an Android app – little do they know that the app is actually spyware

Level up! These games will make learning about cybersecurity fun

Discover six games that will provide valuable knowledge while turning learning about digital security into an enjoyable and rewarding adventure

Capture the flag: 5 websites to sharpen your hacking skills

Through engaging hacking challenges and competitions, CTFs offer an excellent opportunity to test and enhance your security and problem-solving skills

Cyber threat intelligence: Getting on the front foot against adversaries

By collecting, analyzing and contextualizing information about possible cyberthreats, including the most advanced ones, threat intelligence offers a critical method to identify, assess and mitigate cyber risk

Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan

ESET researchers discovered Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News

The mysterious demise of the Mozi botnet – Week in security with Tony Anscombe

Various questions linger following the botnet's sudden and deliberate demise, including: who actually initiated it?

What is Network Pen Testing?

With cyber threats constantly evolving, protecting your network’s security is important. Network pen testing, also known as Network VAPT (Vulnerability Assessment and Penetration Testing), helps you attain this objective. It is a simulated cyber attack carried out by ethical hackers to detect and exploit flaws in your network infrastructure. What is Network Infrastructure? Network infrastructure […]

The post What is Network Pen Testing? appeared first on Kratikal Blogs.

The post What is Network Pen Testing? appeared first on Security Boulevard.

RSAC 2024 Innovation Sandbox | The Future Frontline: Harmonic Security’s Data Protection in the AI Era

The RSA Conference 2024 will kick off on May 6. Known as the “Oscars of Cybersecurity,” the RSAC Innovation Sandbox has become a benchmark for innovation in the cybersecurity industry. Let’s focus on the new hotspots in cybersecurity and understand the new trends in security development. Today, let’s get to know Harmonic Security. Introduction of […]

The post RSAC 2024 Innovation Sandbox | The Future Frontline: Harmonic Security’s Data Protection in the AI Era appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post RSAC 2024 Innovation Sandbox | The Future Frontline: Harmonic Security’s Data Protection in the AI Era appeared first on Security Boulevard.

How to Migrate from FedRAMP Rev 4 to FedRAMP Rev 5

The stereotype of the government as a slow-moving behemoth is not ill-fitting, but when it makes adjustments and changes, it does so with deliberation and intent. An excellent example is the ongoing development and evolution of things like security standards. Technology moves much, much faster than the government can respond to or that even most […]

The post How to Migrate from FedRAMP Rev 4 to FedRAMP Rev 5 appeared first on Security Boulevard.

NodeZero: Testing for Exploitability of Palo Alto Networks CVE-2024-3400

On April 12 (and then updated again on April 20), Palo Alto Networks released an advisory about a vulnerability in the PAN-OS® software that runs Palo Alto Networks® Next-Generation Firewalls (NGFWs).

The post NodeZero: Testing for Exploitability of Palo Alto Networks CVE-2024-3400 appeared first on Horizon3.ai.

The post NodeZero: Testing for Exploitability of Palo Alto Networks CVE-2024-3400 appeared first on Security Boulevard.

USENIX Security ’23 – LibScan: Towards More Precise Third-Party Library Identification for Android Applications

Authors/Presenters: *Yafei Wu, Cong Sun, Dongrui Zeng, Gang Tan, Siqi Ma, Peicheng Wang*

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – LibScan: Towards More Precise Third-Party Library Identification for Android Applications appeared first on Security Boulevard.

North American Developers Optimistic About Generative AI and Code Security

North American software developers have reasonable confidence that generative AI can be a tool to improve the security of the software they're building. In other regions? Not so much.

The post North American Developers Optimistic About Generative AI and Code Security appeared first on Security Boulevard.

Defending Against ArcaneDoor: How Eclypsium Protects Network Devices

Introduction In coordination with multiple government agencies, Cisco announced yesterday the discovery of a new backdoor targeting their Adaptive Security Appliances (ASA). The threat actor is new, tracked by Cisco as UAT4356 and STORM-1849 by Microsoft, and leveraged two zero-day vulnerabilities in the campaign dubbed ArcaneDoor. The campaign started in November 2023, predating the recent […]

The post Defending Against ArcaneDoor: How Eclypsium Protects Network Devices appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Defending Against ArcaneDoor: How Eclypsium Protects Network Devices appeared first on Security Boulevard.

AI Adoption Prompts Security Advisory from NSA

The warning underscores the importance of a collaborative approach to AI security involving stakeholders across different domains, including data science and infrastructure.

The post AI Adoption Prompts Security Advisory from NSA appeared first on Security Boulevard.

AI Data Poisoning: How Misleading Data Is Evading Cybersecurity Protections

Discover why AI data poisoning is an emerging threat and how fake data is used to evade AI cybersecurity protections.

The post AI Data Poisoning: How Misleading Data Is Evading Cybersecurity Protections appeared first on Security Boulevard.

Nemesis 1.0.0

In August of last year, @tifkin_, @0xdab0, and I released Nemesis, our offensive data enrichment platform. After lots of feedback, operational testing, hundreds of commits, and another solid dev cycle, we’re proud to finally announce Nemesis’ 1.0.0 release. This post will detail several of the major changes we’re excited about, from host modeling, to a streamlined installation process, dashboard improvements, and more!

Host Modeling

Since the beginning of development, one of our visions for Nemesis has been for it to provide guidance to operators agnostic of their C2 tooling. If we want Nemesis to be able to perform analysis like PowerUp’s privilege escalation, we have to build a proper offline data model to handle the analysis we want. Part of this involves the very specific problem of host “uniqueness” when you have data coming in from a number of different C2 sources.

This, however, ended up being a more challenging task than we anticipated. We will be releasing a detailed post diving into all of the nuances of this problem in the next few weeks, but we wanted to at least highlight the problem as we viewed it. We also have a specific temporal issue that we’ll touch on briefly as well.

The host uniqueness problem is a consequence of the variety of ways host data can be ingested into Nemesis. In order to perform host-based analysis, we have to collapse data from potentially multiple ingested sources into a single host abstraction so we don’t miss any details. I.e., consider the situation of having multiple C2 agent types on the same host. C2 agents can report a host’s short name(e.g., NetBIOS name), fully qualified name, or IP addresses. We might be performing an action against a remote host from a C2 agent, i.e., downloading a file from a host that doesn’t have an agent on it, but the connection is being routed through an existing agent. And finally, we might have manual data we’re uploading through the Nemesis interface in case there isn’t an existing connector.

With all of these options, the way to elegantly (well, at least as elegantly as possible) combine data from multiple ingestion sources in a way that we can break sections back apart if there is a mapping mistake was…tricky. We also ran across a “temporal problem” for specific types of data like file or process listings where these data are ephemeral and can be influenced by operator events. For example, if you took a file listing but then uploaded or deleted a file on the host, the ground truth (as far as you know) for the filesystem state has to be built from multiple pieces. This data may also be ingested out of order (e.g., ingesting long-term collection output from a tool running on another host). Luckily, we believe we have a solution for this too!

If you’re as interested in this type of problem as we are (Bueller? Bueller?) keep an eye out for our upcoming modeling deep dive post.

HELM Charts!

One of the most common pieces of negative, yet legitimate, feedback we received about Nemesis was the complexity of its installation. Previously, setting up Nemesis required a number of prerequisites like Docker, Helm, and Kubernetes via Minikube. In response to this feedback, we’ve now adopted k3s, which can be installed with one command and doesn’t depend on Docker. Our updated quickstart guide outlines the full installation process in just five steps, making it quicker to get up and running.

We’ve significantly improved the deployment process of Nemesis with the transition from Skaffold to Helm. Max worked hard on creating three new Helm charts: quickstart, nemesis, and monitoring. The quickstart chart is designed to configure all the secrets and dependencies necessary for Nemesis, providing an easy setup for most users. Advanced users, who might want to manually manage these settings or integrate with a Kubernetes secrets manager will want to replicate the functionality of the quickstart chart themselves. The nemesis chart sets up all the required Nemesis services like before. The monitoring chart is an optional installation that deploys monitoring services like Fluentd, Grafana, and Prometheus for those who want more insight into logging and performance. Additionally, this change has allowed us to eliminate the need for the janky nemesis-cli.py script!

Additionally, we have builds of Nemesis Docker images pushed to Dockerhub, meaning users no longer have to go through the build process. The entire setup process is described here in the documentation, but involves setting up the prerequisites, running the Nemesis quickstart chart to configure a handful of secrets/configs, and running the Nemesis Helm chart from a local clone or the remote repo. Here’s how the actual core Nemesis deployment looks like from running the local Helm chart:

Another nice side effect of this is that Max was able to get self-signed TLS working, so communication to the Nemesis endpoint is now all over HTTPS. Additionally, the monitoring infrastructure is now optional, which can help save on resources. Big thanks to @M_alphaaa for helping us out with some Helm issues!

And finally, for those who really like Minikube or Docker Desktop, we do have documentation for setting up Nemesis using the new installation procedure. Note that we will only be officially supporting k3s going forward (it’s way easier, we promise!).

Text Search Modifications

The “Summoning RAGnarok With Your Nemesis” post we released in March has complete details on these modifications, but TL;DR we completely redid how text search works under the hood for Nemesis.

In the Document Search page, there are now two tabs. The first, “Full Document Search”, searches for text phrases over the entire text extracted from any compatible document, à la Google:

The main difference here is that we now have search filters that let you include or exclude specific paths, name patterns, or file extensions:

We also collapsed the old “Source Code Search” tab into “Full Document Search”. In order to search indexed source instead of extracted document text, select source_code as the index in the expanded search filter section:

The “Text Snippet Search” tab now replaces the old “Semantic Search” tab and has received a complete overhaul. This tab searches over snippets of text extracted from compatible documents, where each snippet/chunk is ~400–500 words. If you want to know more about why this chunking was used, check out the “Summoning RAGnarok With Your Nemesis” post!

When you type a term or question into this search, the query is passed to the new https://<NEMESIS>/nlp/ endpoint, specifically the /nlp/hybrid_search route. Nemesis calculates the embedding vector for the query and searches the closest vector/text pairs, as well as performing a more classic BM25 “fuzzy” search of the text and the indexed document title. These results are fused together through Reciprocal Rank Fusion and returned reordered to the user:

Note: deselecting “Use Hybrid Vector Search” will remove the embedding vector approach and use just the BM25 “fuzzy” search. “Snippet Search” also has the same include/exclude filters that the “Full Document Search” tab has.

If you want to use a local LLM to chat over text extracted from Nemesis documents, check out RAGnarok!

Hasura API

Nemesis has a very rich backend data model that’s presented in two ways: a semi-structured and easily searchable form in Elasticsearch, and a highly structured form in PostgreSQL. While Kibana/Elastic have been accessible in Nemesis since the beginning, one piece of feedback we commonly heard was there was no way to easily access the structured data. We have had pgAdmin present for basic troubleshooting but nothing programmatically accessible.

Hasura fixes that! Hasura lets us easily construct GraphQL and REST APIs on top of our existing PostgreSQL database. Once it’s deployed, we get an awesome interface where we can play around with query and subscription construction:

This also means we can do some basic scripting to process existing data or new data as it comes in. We have some improved documentation (another 1.0.0 “feature”!) which includes information about scripting with Hasura here:

Dashboard Changes

As the Nemesis /dashboard/ route is the main way operators interact with Nemesis, it’s one of the pieces we received the most feedback on. There are nearly too many quality-of-life changes to count, but we’ll highlight a few of them here:

The File Viewer page was broken out which displays syntax-highlighted text, or raw hex of a binary file. This page is accessible via the i icon on the main files page:

The File Upload was broken out into its own page with values saved in cookies for persistence between runs:

We finally exposed the Custom Cracklist endpoint in the interface. This service keeps a unique list of non-dictionary words extracted from documents and lets you download the X most common:

If there are any Yara rule matches against a downloaded file, the match is displayed in a new sub-tab along with the matching rule text. The appropriate icon on the Files page will link you directly to these results now as well:

The NoseyParker tab was revamped and hyperlinked from the displayed tag bubbles as well:

Countless Miscellaneous Changes

There were, of course, countless other bug fixes and tweaks as well. We’ll run through a grabbag of them here:

• Added additional documentation, including (finally) a usage guide to get people started.
• Streamlined NLP indexing to prevent choking and exposed a /nlp/ route for search.
• Removed the Tensorflow model hosting and DeepPass as the model just wasn’t accurate enough to be useful.
• Streamlined hash cracking and added in deduplication so hashes aren’t cracked twice.
• Added a `monitor` command to submit_to_nemesis.sh for continual file submission.
• Any compatible file is now handled by Apache Tika instead of a subset.
• Detection of already processed files and suppression of alerts.
• Automatic expunging of expired data via the `data_expunge` task.
• Added Jupyter notebooks back into the stack.
• Processing for Chromium JSON cookie dumps.
• Countless other bug fixes and small usability changes.

Wrapup

We’ve put a lot of blood, sweat, and tears (mostly at k8s) into Nemesis, and we’re incredibly excited for this official 1.0.0 release! With the quality of life changes and ease of installation with Helm, we’re looking forward to more people getting to play with Nemesis hands on.

If you play around with Nemesis, let us know what works and what doesn’t! Come join us in the #nemesis-chat channel of the BloodHound Slack! We (the main Nemesis devs- @tifkin_, @harmj0y, and @Max Harley) are all active in that channel.

Nemesis 1.0.0 was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Nemesis 1.0.0 appeared first on Security Boulevard.

FBI warns against using unlicensed crypto transfer services

The FBI has warned today that using unlicensed cryptocurrency transfer services can result in financial loss if these platforms are taken down by law enforcement. [...]

LA County Health Services: Patients' data exposed in phishing attack

The L.A. County's Department of Health Services, the second-largest public health care system in the United States, disclosed a data breach after patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. [...]

Researchers sinkhole PlugX malware server with 2.5 million unique IPs

Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. [...]

Reddit down in major outage blocking access to web, mobile apps

Reddit is investigating a major outage blocking users worldwide from accessing the social network's websites and mobile apps. [...]

Over 1,400 CrushFTP servers vulnerable to actively exploited bug

​Over 1,400 CrushFTP servers exposed online were found vulnerable to attacks currently targeting a critical severity server-side template injection (SSTI) vulnerability previously exploited as a zero-day. [...]

WP Automatic WordPress plugin hit by millions of SQL injection attacks

Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. [...]

New Brokewell malware takes over Android devices, steals data

Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches. [...]

US charges Samourai cryptomixer founders for laundering $100 million

Keonne Rodriguez and William Lonergan Hill have been charged by the U.S. Department of Justice for laundering more than $100 million from various criminal enterprises through Samourai, a cryptocurrency mixer service they ran for nearly a decade. [...]

Maximum severity Flowmon bug has a public exploit, patch now

Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility. [...]

ArcaneDoor hackers exploit Cisco zero-days to breach govt networks

​Cisco warned today that a state-backed hacking group has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. [...]

Google Meet opens client-side encrypted calls to non Google users

Google is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls. [...]

Windows 11 KB5036980 update goes live with Start Menu ads

​Microsoft has enabled Start menu ads in the optional KB5036980 preview cumulative update for Windows 11 22H2 and 23H2. [...]

Simbian brings AI to existing security tools

Simbian is a cybersecurity platform that effectively controls other cybersecurity platforms as well as security apps and tooling.

© 2024 TechCrunch. All rights reserved. For personal use only.

Apple alerts users in 92 nations to mercenary spyware attacks

Apple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that they may have been targeted by mercenary spyware attacks. The company said it sent the alerts to individuals in 92 nations at 12 p.m. Pacific Time Wednesday. The notification, which TechCrunch has seen, did not disclose the attackers’ identities or […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Google injects generative AI into its cloud security tools

At Cloud Next, many of the announcements had to do with Gemini, Google's flagship family of generative AI models.

© 2024 TechCrunch. All rights reserved. For personal use only.

Zscaler buys Avalor to bring more AI into its security tools

Zscaler, a cloud security company with headquarters in San Jose, California, has acquired cybersecurity startup Avalor 26 months after its founding, reportedly for $310 million in cash and equity. In a press release announcing the news, Zscaler founder and CEO Jay Chaudhry said that the deal would expand Zscaler’s platform with capabilities including streamlined reporting of […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Reach Security taps a company’s existing tools to fight cyber threats

Thanks to an uncertain economy, cybersecurity budgets are in a tight spot. According to a 2023 survey from IANS and recruiting firm Artico Search, more than a third of chief information security officers (CISOs) kept their security spending the same — or slightly reduced — in 2023. A separate report from PwC suggests that one […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Cycode acquires Bearer to accelerate its move into AI-enhanced security remediation

Cycode is a well-funded startup that offers an end-to-end application security posture management platform — that is, a tool that continuously scans code (and the libraries it relies on) for potential security vulnerabilities throughout the software development life cycle and then helps remediate those issues. Today, the company announced that it has acquired Bearer, a […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Researchers say easy-to-exploit security bugs in ConnectWise remote-access software now under mass attack

Security researchers say a pair of easy-to-exploit flaws in a popular remote-access tool used by more than a million companies around the world are now being mass exploited, with hackers abusing the vulnerabilities to deploy ransomware and steal sensitive data. Cybersecurity giant Mandiant said in a post on Friday that it has “identified mass exploitation” […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Apple readies iMessage for when quantum computers could break encryption

Apple announced today it is upgrading iMessage’s security layer to post-quantum cryptography, starting in iOS and iPadOS 17.4, macOS 14.4 and watchOS 10.4. The technology giant said that in the coming years, quantum computers will be able to break today’s cryptography standards. That’s why Apple said it is changing how end-to-end encryption works with iMessage […]

© 2024 TechCrunch. All rights reserved. For personal use only.

1Password expands its endpoint security offerings with Kolide acquisition

1Password, the AgileBits-owned password management software developer, today announced that it has acquired Kolide, an endpoint security platform, for an undisclosed amount. According to 1Password CEO Jeff Shiner, Kolide founder and CEO Jason Meller and all of Kolide’s 30 employees will join 1Password “as an intact team.” Meller has taken on the role of VP […]

© 2024 TechCrunch. All rights reserved. For personal use only.

BMW security lapse exposed sensitive company information, researcher finds

A misconfigured cloud storage server belonging to automotive giant BMW exposed sensitive company information, including private keys and internal data, TechCrunch has learned. Can Yoleri, a security researcher at threat intelligence company SOCRadar, told TechCrunch that he discovered the exposed BMW cloud storage server while routinely scanning the internet. Yoleri said the exposed Microsoft Azure–hosted […]

© 2024 TechCrunch. All rights reserved. For personal use only.

KTrust launches an automated red team for Kubernetes security

KTrust, a Tel Aviv–based security startup, is taking a different approach to Kubernetes security from many of its competitors in the space. Instead of only scanning Kubernetes clusters and their configurations for known vulnerabilities, KTrust is taking a more proactive approach. It deploys an automated system that tries to hack into the system. This allows […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Twitter rival Spoutible alleges smear campaign amid security breach controversy

A user on the Twitter/X alternative Spoutible claims the company deleted their posts after they pushed Spoutible CEO Christopher Bouzy to be more honest about the nature of its recent security issue. The claims, which the company denies, are the latest bizarre twist in the security incident saga taking place over the past week at […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Apple pulled a fake app masquerading as password manager LastPass from the App Store

Apple has removed a fake app that was masquerading as password manager LastPass on the App Store. The illegitimate app was listed under an individual developer’s name (Parvati Patel) and copied LastPass’s branding and user interface in an attempt to confuse users. Beyond being published by a different developer that was not LastPass owner LogMeIn, […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Google saves your conversations with Gemini for years by default

Don’t type anything into Gemini, Google’s family of GenAI apps, that’s incriminating — or that you wouldn’t want someone else to see. That’s the PSA (of sorts) today from Google, which in a new support document outlines the ways in which it collects data from users of its Gemini chatbot apps for the web, Android […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Security flaw in a popular smart helmet allowed silent location tracking

The maker of a popular smart ski and bike helmet has fixed a security flaw that allowed the easy real-time location tracking of anyone wearing its helmets. Livall makes internet-connected helmets that allow groups of skiers or bike riders to talk with each other using the helmet’s in-built speaker and microphone, and share their real-time […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Endpoint security startup NinjaOne lands $231.5M at $1.9B valuation

Just two years ago, VC funding to cybersecurity startups was on fire. Indeed, $23 billion flooded the sector, per Crunchbase. But in 2023, cybersecurity upstarts only saw a third of that — the result of the exceptional surge in 2021, bloated valuations and investors wary of market instability. But there are always some winners during […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Kusari is building a supply chain security platform on top of open source

The software supply chain, which comprises the components, libraries and processes companies use to develop and publish software, is under threat. According to one recent survey, 88% of companies believe that software supply chain security presents an “enterprise-wide risk” to their organizations, while nearly two-thirds (65%) believe their organizations’ software supply chain security program isn’t […]

© 2024 TechCrunch. All rights reserved. For personal use only.

X adds support for passkeys on iOS after removing SMS 2FA support last year

X, formerly Twitter, today announced support for passkeys, a new and more secure login method than traditional passwords, which will become an option for U.S. users on iOS devices. The technology has been adopted by a number of apps as of late, including PayPal, TikTok, WhatsApp, and others. Today we’re excited to launch Passkeys as […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Clerk, the authentication startup, lands $30M and inks a strategic deal with Stripe

Clerk, a startup creating a suite of embeddable UIs, APIs and admin dashboards that app developers can use to authenticate and manage users, has raised $30 million in a Series B round led by CRV with participation from Stripe, Andreessen Horowitz and Madrona. The proceeds bring Clerk’s total raised to $55.5 million, and co-founder and […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Cybersecurity automation firm Torq lands $42M in expanded Series B

Torq, a self-described “hyperautomation” cybersecurity startup, today announced that it raised $42 million in an extension to its Series B funding round from investors, including Bessemer Venture Partners, GGV Capital, Insight Partners, Greenfield Partners and Evolution Equity Partners. Bringing the company’s total raised to $120 million, the new cash will be put toward expanding Torq’s […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings

Recently, Prospect Medical Holdings suffered a massive cyberattack that allegedly stole around 500,000 social security numbers. In addition, the hackers also managed to get away with patient records and even some corporate documents. Since then, a ransomware gang called Rhysida has stepped up to claim responsibility for the breach. Details about the attack Researchers believe … Continue reading Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings

The post Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings appeared first on KoDDoS Blog.

Compromised routers allowed online criminals to target Pentagon contract site

A hacking campaign that went dark earlier this year has resumed operations. According to a new warning issued by Black Lotus Labs researchers, the hackers’ goal is to target US Department of Defense procurement sites and organizations based in Taiwan. Similarities with the March attacks The hacking campaign initially emerged in the spring of 2023. … Continue reading Compromised routers allowed online criminals to target Pentagon contract site

The post Compromised routers allowed online criminals to target Pentagon contract site appeared first on KoDDoS Blog.

1.2 million customers of Mom’s Meals were affected after the recent data breach

A recent hacking attack hit PurFoods, which operates in the US under the name of Mom’s Meals. The attack affected over 1.2 million customers and employees alike, stealing their personal data. PurFoods, or Mom’s Meals, is a medical meal delivery service that provides its services to self-paying customers and people eligible for government assistance, according … Continue reading 1.2 million customers of Mom’s Meals were affected after the recent data breach

The post 1.2 million customers of Mom’s Meals were affected after the recent data breach appeared first on KoDDoS Blog.

How VPNs Can Defend Against the Threat of Hacking

As our reliance on the internet grows, so does our exposure to a myriad of online threats. Malware, DDoS attacks, DNS spoofing, and Man-In-The-Middle (MITM) attacks are just some of the hacking techniques cybercriminals use to exploit the internet’s vulnerabilities and gain access to our most sensitive data. Hacking has emerged as a prominent threat, … Continue reading How VPNs Can Defend Against the Threat of Hacking

The post How VPNs Can Defend Against the Threat of Hacking appeared first on KoDDoS Blog.

Terra Developers Shut Down Website Amid A Phishing Campaign

The website of layer one blockchain network Terra has been targeted by a hacking campaign over the weekend. During this hacking campaign, hackers used unauthorized access to run a phishing campaign on visitors to the site. These visitors are usually forced to link their online and hardware wallets to the website, which is compromised. Terra’s … Continue reading Terra Developers Shut Down Website Amid A Phishing Campaign

The post Terra Developers Shut Down Website Amid A Phishing Campaign appeared first on KoDDoS Blog.

Foreign Spies And Hackers Target The US Space Industry

Intelligence agencies in the United States have warned about foreign spies targeting the US space sector. According to these agencies, hackers have also been launching hacking campaigns against the US space industry, which could significantly affect the US satellite infrastructure. Foreign spies and hackers target the US space industry The National Counterintelligence and Security Center … Continue reading Foreign Spies And Hackers Target The US Space Industry

The post Foreign Spies And Hackers Target The US Space Industry appeared first on KoDDoS Blog.

High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs

A recent study has detected a high-severity vulnerability with the WinRAR file archiver utility for Windows. Millions of people use WinRAR, which can be deployed to execute commands on a computer whenever a user opens an archive. WinRAR flaw allows hackers to assume control over PCs The flaw in question is tracked as CVE-2023-40477, allowing … Continue reading High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs

The post High-Severity WinRAR Flaw Allows Hackers To Assume Control Over PCs appeared first on KoDDoS Blog.

Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate

A Chinese hacker group, Bronze Starlight, has launched a hacking campaign against the Southeast Asian gambling industry. The hacker group has used a valid certificate to launch this malicious campaign while also using the Ivacy Virtual Private Network (VPN). Bronze Starlight hacker group linked to a recent campaign The activities of this hacker group were … Continue reading Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate

The post Chinese Hacker Group Targets Southeast Asian Gambling Industry Using Stolen Ivacy VPN Certificate appeared first on KoDDoS Blog.

North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills

Hackers based in North Korea conducted an unsuccessful campaign to access information on a joint military drill operation by the US and South Korean military forces. The military drills will commence on Monday, explaining why South Korean hackers are trying to obtain access to the activity. North Korean hackers Target US-South Korean Military drills The … Continue reading North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills

The post North Korean Hackers Run Unsuccessful Hacking Campaign To Infiltrate Joint US-South Korea Military Drills appeared first on KoDDoS Blog.

Suspected Chinese Hackers Behind Microsoft Cloud Breach Hacked US Rep Emails

Suspected Chinese threat actor groups behind an exploit on the State Department also hacked US Representative Don Bacon. The Republican representative from Nebraska also serves on the House Armed Services Committee. Chinese hackers hack GOP Congressman Chinese hackers are believed to be behind a campaign that forged Microsoft customer identities. The hacking campaign infiltrated the … Continue reading Suspected Chinese Hackers Behind Microsoft Cloud Breach Hacked US Rep Emails

The post Suspected Chinese Hackers Behind Microsoft Cloud Breach Hacked US Rep Emails appeared first on KoDDoS Blog.

"Junk gun" ransomware: the cheap new threat to small businesses

What's going on? A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit , Rhysida , and BlackSuit , it still presents a serious threat to organizations. What's "junk gun" ransomware? It's a name coined by Sophos researchers for unsophisticated ransomware that is often sold cheaply as a one-time purchase. "Junk gun" ransomware is appealing to a criminal who wants to operate independently but lacks technical skills. Can you give some examples? Sure. The Kryptina ransomware was made available for sale in December...

UK IT Leaders Are Prioritizing Cybersecurity: But Is This a Good Thing?

Tech leaders taking cybersecurity seriously is something of a double-edged sword. While it’s undoubtedly good that organizations are waking up to the genuine threat cyberattacks pose, it’s depressing that they must siphon off so many resources to protect themselves rather than using them for growth and innovation. A recent survey of UK technology leaders, run by UK IT Leaders and the Horizon CIO Network, revealed that over half of those surveyed said cybersecurity was their top priority for 2024. Again, this is both a good and bad thing. The cyber threat landscape is about as dangerous as ever...

"All for One and One for All": The EU Cyber Solidarity Act Strengthens Digital Defenses

Alexandre Dumas's timeless novel "The Three Musketeers" immortalized the ideal of unyielding solidarity, the enduring motto "All for one and one for all." In the face of ever-evolving threats in the digital realm, the European Union echoes this spirit with its landmark Cyber Solidarity Act . This new legislation recognizes that collective defense is the cornerstone of cybersecurity – in a world where a cyberattack on one nation can have ripple effects across borders, a unified response is no longer an option but a necessity. The stakes are high. Cyberattacks on businesses, government...

Enhancing Endpoint Security with Advanced Host-Based Intrusion Detection Capabilities

In 2023, companies lost about $4.45 million on average because of data breaches. As cyber threats advance, securing endpoints is more important than ever. An advanced Host-based Intrusion Detection System (HIDS) provides a sturdy remedy to improve endpoint security . By monitoring and examining system responses and device status, HIDS identifies and tackles nefarious behaviors that are often overlooked by conventional defenses. The Significance of Advanced HIDS in Endpoint Security An advanced HIDS plays a crucial part in strengthening endpoint security. It is capable of identifying and...

University Cybersecurity Clinics Can Now Use the New CISA Resource Guide

Budgetary and resource constraints play a huge role in cyberattacks on smaller organizations. Amidst a strained global economy, many under-resourced organizations like non-profits, local governments, and hospitals struggle to keep their heads above water - they simply don't have the funds to invest in cybersecurity. To make matters worse, cybercriminals see these organizations as easy prey. Although they may not be able to shell out for extortionate ransom demands as big business can, at the end of the day, data is data and is always worth something on the dark web. In many cases, smaller...

Exploring Cybersecurity Risks in Telemedicine: A New Healthcare Paradigm

The experience of seeing a doctor has transformed dramatically, thanks in part to the emergence of telemedicine. This digital evolution promises convenience and accessibility but brings with it a host of cybersecurity risks that were unimaginable up until a few years ago. The unique cybersecurity challenges facing telemedicine today underscore the importance of adopting stringent security measures to protect the sanctity of this vital service. Advanced Cybersecurity Threats to Telemedicine The stakes are high as the healthcare sector grapples with the dual challenge of expanding digital...

NSA Debuts Top 10 Cloud Security Mitigation Strategies

As businesses transition to hybrid and multi-cloud setups, vulnerabilities arising from misconfigurations and security gaps are escalating, attracting attention from bad actors. In response, the US National Security Agency (NSA) issued a set of ten recommended mitigation strategies, published earlier this year (with support from the US Cybersecurity and Infrastructure Security Agency on six of the strategies). The recommendations cover cloud security, identity management, data protection, and network segmentation. Let ' s take a closer look: 1. Uphold the Cloud Shared Responsibility Model...

37 Arrested as Police Smash LabHost International Fraud Network

Police have successfully infiltrated and disrupted the fraud platform "LabHost", used by more than 2,000 criminals to defraud victims worldwide. A major international operation, led by the UK's Metropolitan Police, has seized control of LabHost , which has been helping cybercriminals create phishing websites since 2021 to steal sensitive information like passwords, email addresses, and bank details. LabHost has helped criminals create over 40,000 fraudulent websites and steal data from over 70,000 victims in the UK alone. Scammers used the service to steal vast amounts of information...

Supply Chain Cybersecurity – the importance of everyone

I’m always surprised – and a little disappointed – at how far we have to go before supply chain cybersecurity gets the respect and attention it deserves. I sat down this week with a new client who wanted some help addressing several internal issues surrounding their IT systems. When I asked them about their relationship with the supplier – essentially, how was their supply chain cybersecurity? - their response was not only worrying but, unfortunately, quite typical. "Well, we've used them since we first started the business a couple of years ago, so we've kind of grown up together,” they...

Navigating AI and Cybersecurity: Insights from the World Economic Forum (WEF)

Cybersecurity has always been a complex field. Its adversarial nature means the margins between failure and success are much finer than in other sectors. As technology evolves, those margins get even finer, with attackers and defenders scrambling to exploit them and gain a competitive edge. This is especially true for AI. In February, the World Economic Forum (WEF) published an article entitled " AI and cybersecurity: How to navigate the risks and opportunities ," highlighting AI's existing and potential impacts on cybersecurity. The bottom line? AI benefits both the good and bad guys, so it's...

Russian hacking group claims responsibility for cyberattack on Indiana wastewater plant

The post Russian hacking group claims responsibility for cyberattack on Indiana wastewater plant appeared first on CyberScoop.

Campaigns and political parties are in the crosshairs of election meddlers

Attacks on elections have become more multifaceted over the past decade, but fears of a hacked election — real or perceived — remain one of the biggest threats.

The post Campaigns and political parties are in the crosshairs of election meddlers appeared first on CyberScoop.

CISA ransomware warning program has sent out more than 2,000 alerts

The program warns organizations running software or hardware with vulnerabilities that are being exploited by ransomware gangs.

The post CISA ransomware warning program has sent out more than 2,000 alerts appeared first on CyberScoop.

FCC wants rules for ‘most important part of the internet you’ve probably never heard of’

U.S. agencies want to secure the Border Gateway Protocol, but experts question whether their approach could worsen security.

The post FCC wants rules for ‘most important part of the internet you’ve probably never heard of’ appeared first on CyberScoop.

Iranian nationals charged with hacking U.S. companies, Treasury and State departments

$10 million rewards offered for information regarding the accused, who are allegedly connected to a pair of IRGC front companies.

The post Iranian nationals charged with hacking U.S. companies, Treasury and State departments appeared first on CyberScoop.

Democratic operative behind Biden AI robocall says lawsuit won’t ‘get anywhere’

Steve Kramer tells CyberScoop he hasn’t seen the lawsuit filed against him over the New Hampshire primary robocall, but it won’t be successful.

The post Democratic operative behind Biden AI robocall says lawsuit won’t ‘get anywhere’ appeared first on CyberScoop.

Stolen Change Healthcare data could contain information on ‘a substantial portion’ of Americans

The revelations from the UnitedHealth Group subsidiary come as the company acknowledges paying a ransom in the case.

The post Stolen Change Healthcare data could contain information on ‘a substantial portion’ of Americans appeared first on CyberScoop.

Proposed data broker regulations draw industry pushback on anonymized data exceptions, bulk thresholds

Others contend that loosening things up could have dangerous consequences, and the administration should go the opposite direction.

The post Proposed data broker regulations draw industry pushback on anonymized data exceptions, bulk thresholds appeared first on CyberScoop.

Cybersecurity executive order requirements are nearly complete, GAO says

CISA and OMB have just a handful of outstanding tasks to finish as part of the president’s 2021 order.

The post Cybersecurity executive order requirements are nearly complete, GAO says appeared first on CyberScoop.

FISA reauthorization heads to Biden’s desk after Senate passage

A two-year extension of Section 702 of the Foreign Intelligence Surveillance Act clears the chamber in a 60-34 vote Saturday.

The post FISA reauthorization heads to Biden’s desk after Senate passage appeared first on CyberScoop.

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Cisco Talos this week warned that the nation-state actor UAT4356 (aka STORM-1849) has been exploiting two zero-day vulnerabilities in Adaptive Security […]

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Cisa added the flaw to the KEV catalog after Microsoft reported that the Russia-linked APT28 group (aka “Forest Blizzard”, […]

DOJ arrested the founders of crypto mixer Samourai for facilitating $2 Billion in illegal transactions

The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer Samourai. The U.S. Department of Justice (DoJ) has arrested two co-founders of the cryptocurrency mixer Samourai and seized the service. The allegations include claims of facilitating over $2 billion in illicit transactions and laundering more than $100 million in criminal […]

Google fixed critical Chrome vulnerability CVE-2024-4058

Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine. Google addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The vulnerability CVE-2024-4058 is a Type Confusion issue that resides in the ANGLE graphics layer engine. An attacker can exploit this vulnerability […]

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Cisco Talos warned that the nation-state actor UAT4356 (aka STORM-1849) has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. […]

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners. Threat actors employed two different types of backdoors and targeted large corporate networks […]

US offers a $10 million reward for information on four Iranian nationals

The Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their role in cyberattacks against the U.S.. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions on four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. OFAC has also sanctioned […]

The street lights in Leicester City cannot be turned off due to a cyber attack

A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all day and severely impacted the council’s operations The Leicester City Council suffered a cyber attack that severely impacted the authority’s services in March and led to the leak of confidential documents. The ransomware group behind the attack leaked multiple documents, including rent statements and […]

North Korea-linked APT groups target South Korean defense contractors

The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities. The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities to steal defense technology information. North Korea-linked APT groups Lazarus, Andariel, and Kimsuky hacked multiple defense companies in South […]

U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity

The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the commercial spyware business. The US Department of State is imposing visa restrictions on 13 individuals involved in the development and sale of commercial spyware or their immediate family members. The measure aims to counter the misuse of surveillance technology targeting […]

Attackers Leverage Black Hat SEO Techniques to Distribute Info-Stealer Malware

Threat actors utilize fraudulent websites hosted on popular legitimate platforms to spread malware and steal data. To evade detection, attackers employ obfuscation methods and checks on referral URLs.

Ring Customers Get $5.6 Million in Privacy Breach Settlement

The FTC is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections.

Vulnerabilities in Microsoft's PlayReady DRM Could Enable Illegal Movie Downloads From Streaming Services

The research identified deficiencies in various PMP components that could be exploited to gain access to plaintext content keys guarded by PlayReady DRM in Windows 10/11 environments.

ArcaneDoor Hackers Exploit Cisco Zero-Days to Breach Government Networks

The hackers, identified as UAT4356 by Cisco Talos and STORM-1849 by Microsoft, began infiltrating vulnerable edge devices in early November 2023 in a cyber-espionage campaign tracked as ArcaneDoor.

Report: Security Leaders Braced for Daily AI-Driven Attacks by Year-End

Most businesses are concerned about AI-enabled cyber-threats, with 93% of security leaders expecting to face daily AI-driven attacks by the end of 2024, according to a new report by Netacea.

Feds Accuse Founders of Cryptocurrency Mixer of ‘Large-Scale Money Laundering’

The two founders of a cryptocurrency mixing service that allegedly obfuscated the origins of at least $100 million in criminal proceeds have been arrested, the Department of Justice announced Wednesday.

Maximum Severity Flowmon Bug has a Public Exploit, Patch Now

Flowon developer Progress Software first alerted about the flaw on April 4, warning that it impacts versions of the product v12.x and v11.x. The company urged system admins to upgrade to the latest releases, v12.3.4 and 11.1.14.

CISA Warns of Cisco and CrushFTP Vulnerabilities Being Actively Exploited

On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco product vulnerabilities — CVE-2024-20353 and CVE-2024-20359 — as well as one vulnerability affecting popular file transfer tool CrushFTP.

Google Meet opens client-side encrypted calls to non Google users

Google announced it is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls.

Chinese, Russian Espionage Campaigns Increasingly Targeting Edge Devices

Chinese and Russian hackers have turned their focus to edge devices — like VPN appliances, firewalls, routers and Internet of Things (IoT) tools — amid a startling increase in espionage attacks, according to Google security firm Mandiant.

Security Bugs in a Popular Phone-Tracking App Exposed Users’ Precise Locations

A security researcher discovered vulnerabilities in the popular phone-tracking app iSharing, which has over 35 million users. The bugs allowed a user to access others' precise coordinates, even if the user wasn't actively sharing their location data.

Google Ad for Facebook Redirects to Scam

Researchers observed a malicious ad campaign targeting Facebook users via Google search. The ad, which appears at the top of Google search results for the keyword "Facebook," redirects users to a scam page.

Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

"SSLoad is designed to stealthily infiltrate systems, gather sensitive information and transmit its findings back to its operators," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News.

Iran Dupes US Military Contractors, Gov't Agencies in Cyber Campaign

An Iranian state-sponsored hacking group successfully infiltrated hundreds of thousands of employee accounts at US companies and government agencies, including the US Treasury and State Department, as part of a five-year cyber espionage campaign.

Major Security Flaws Expose Keystrokes of Over One Billion Chinese Keyboard App Users

The vulnerabilities could be exploited to "completely reveal the contents of users' keystrokes in transit," researchers Jeffrey Knockel, Mona Wang, and Zoë Reichert said.

Salt Security Enhances API Security Platform with OAuth Protection Package

Salt Security have announced the release of its new multi-layered OAuth protection package to detect attempts to exploit OAuth and proactively fix vulnerabilities. Salt is enhancing its API protection platform with a comprehensive suite of new OAuth threat detections and posture rules to address the growing challenge of OAuth exploitation. The company is the first […]

The post Salt Security Enhances API Security Platform with OAuth Protection Package first appeared on IT Security Guru.

The post Salt Security Enhances API Security Platform with OAuth Protection Package appeared first on IT Security Guru.

Female Tech Duo take Flight to Dubai to Launch the future of Cyber Leadership

Two formidable female tech leaders have joined forces to launch an innovative new leadership development and mentoring platform for the cyber community – Leading Cyber.  Danielle Phillips, Founder and Managing Director of Durham based Inside Out, and Director at CyberNorth has collaborated with Annabel Berry, Founder of The Lamplight, experienced CEO, and Chair of the Strategic Board at CyberNorth, […]

The post Female Tech Duo take Flight to Dubai to Launch the future of Cyber Leadership first appeared on IT Security Guru.

The post Female Tech Duo take Flight to Dubai to Launch the future of Cyber Leadership appeared first on IT Security Guru.

Interview: Cydea’s Risk Management Platform, Understanding Not Eliminating Risk

Last week, the IT Security Guru team attended Cydea’s Risk Management Platform launch in London. After the event, Robin Oldham, CEO and Founder of Cydea, sat down with the Gurus to answer some questions about risk management and why it’s critical for businesses to take it seriously. Established in 2019, Cydea set out to expel […]

The post Interview: Cydea’s Risk Management Platform, Understanding Not Eliminating Risk first appeared on IT Security Guru.

The post Interview: Cydea’s Risk Management Platform, Understanding Not Eliminating Risk appeared first on IT Security Guru.

AI-driven cyber attacks to be the norm within a year, say security leaders

Netacea, the bot detection and response specialist, today announced new research into the threat of AI-driven cyberattacks. It finds that most businesses see “offensive AI” fast becoming a standard tool for cybercriminals, with 93% of security leaders expecting to face daily AI-driven attacks. The research, Cyber security in the age of offensive AI, surveyed security […]

The post AI-driven cyber attacks to be the norm within a year, say security leaders first appeared on IT Security Guru.

The post AI-driven cyber attacks to be the norm within a year, say security leaders appeared first on IT Security Guru.

Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox

Coalition, the world’s first Active Insurance provider designed to prevent digital risk before it strikes, today published its 2024 Cyber Claims Report, which details emerging cyber trends and their impact on Coalition policyholders throughout 2023. The report found that more than half (56%) of all 2023 claims were a result of funds transfer fraud (FTF) […]

The post Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox first appeared on IT Security Guru.

The post Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox appeared first on IT Security Guru.

Expert Insight: ‘Minding the Gap’: How can we work to make cyber accessible for women?

According to the Department for Science, Innovation and Technology (DSIT), only 17% of the UK cyber sector workforce is female, and this is down from 22% in 2022. To make matters worse, we’re fighting a losing battle against an ever-increasing cyber skills gap. In fact, there’s a shortfall of over 11,000 people to meet the […]

The post Expert Insight: ‘Minding the Gap’: How can we work to make cyber accessible for women? first appeared on IT Security Guru.

The post Expert Insight: ‘Minding the Gap’: How can we work to make cyber accessible for women? appeared first on IT Security Guru.

KnowBe4 acquires UK’s Egress to create advanced AI-driven platform to manage human risk

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced it has entered into a definitive agreement to acquire Egress, a leader in adaptive and integrated cloud email security. Egress’ Intelligent Email Security suite provides a set of scaled, AI-enabled security tools with adaptive learning capabilities to help prevent, […]

The post KnowBe4 acquires UK’s Egress to create advanced AI-driven platform to manage human risk first appeared on IT Security Guru.

The post KnowBe4 acquires UK’s Egress to create advanced AI-driven platform to manage human risk appeared first on IT Security Guru.

Google’s Core Update is ‘Biggest’ Algorithm Update in History

Search giant Google is currently undergoing one of its biggest algorithm updates in its history, sources are told. The online search platform which manages more than 8 billion searches per day is doing a significant update to its internal systems which will impact how search queries will be shown, with attention to parasite websites, improved […]

The post Google’s Core Update is ‘Biggest’ Algorithm Update in History first appeared on IT Security Guru.

The post Google’s Core Update is ‘Biggest’ Algorithm Update in History appeared first on IT Security Guru.

Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army

Cybersecurity is ‘inclusive’ by nature: no one is exempt from the fallout of the expanding cyber threat landscape. The notion, therefore, that some groups of individuals are offered fewer opportunities to join the cyber industry than others is frankly absurd. ISC2’s latest Cybersecurity Workforce Study gives us a snapshot into the supply and demand of […]

The post Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army first appeared on IT Security Guru.

The post Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army appeared first on IT Security Guru.

Mandiant’s M-Trends Report Reveals New Insights from Frontline Cyber Investigations

Mandiant, part of Google Cloud, today released the findings of its M-Trends 2024 report. Now in its 15th year, this annual report provides expert trend analysis based on Mandiant frontline cyber attack investigations and remediations conducted in 2023. The 2024 report reveals evidence that organizations globally have made meaningful improvements in their defensive capabilities, identifying […]

The post Mandiant’s M-Trends Report Reveals New Insights from Frontline Cyber Investigations first appeared on IT Security Guru.

The post Mandiant’s M-Trends Report Reveals New Insights from Frontline Cyber Investigations appeared first on IT Security Guru.

Data Breach Search Engines

Navigating Access and Security in the Stolen Credentials Landscape By Tom Caliendo, Cybersecurity Reporter, Co-Founder at Brocket Consulting LLC In the last few years, an unprecedented number of stolen login […]

The post Data Breach Search Engines appeared first on Cyber Defense Magazine.

UnitedHealth Group Pays Ransom After Cyberattack: What You Need to Know

In an alarming revelation, officials from the Minnesota-based UnitedHealth Group disclosed on Monday that the health insurance and services giant fell victim to a cyberattack, resulting in the breach of […]

The post UnitedHealth Group Pays Ransom After Cyberattack: What You Need to Know appeared first on Cyber Defense Magazine.

Cybersecurity Trends and Predictions for 2024

By Nick France, CTO at Cybersecurity Leader Sectigo Given the fact that bad actors are always on the prowl, 2024 is off to a fast start with numerous cybersecurity incidents […]

The post Cybersecurity Trends and Predictions for 2024 appeared first on Cyber Defense Magazine.

AI is Revolutionizing Phishing for Both Sides. What will make the Difference?

Thanks to AI, phishing attacks are better than ever. So is our ability to stop them. By Antonio Sanchez, Principal Cybersecurity Evangelist at Fortra AI has always been a lurking […]

The post AI is Revolutionizing Phishing for Both Sides. What will make the Difference? appeared first on Cyber Defense Magazine.

Crafting AI’s Future: Decoding the AI Executive Order

By: Rajat Kohli, Partner at Zinnov There is something to be learned from epic fantasy productions like Harry Potter. That every few years, there will be a gifted wizard who […]

The post Crafting AI’s Future: Decoding the AI Executive Order appeared first on Cyber Defense Magazine.

Weighing Down Cyberrisk Options: How to Make Objective Cybersecurity Decisions Without Negatively Impacting the Organization’s IT Teams?

By Mike Starr, CEO of Trackd It’s often paid lip service to (or worse, intentionally neglected), and rarely appreciated, but there’s an operational cost to be paid for security. Security […]

The post Weighing Down Cyberrisk Options: How to Make Objective Cybersecurity Decisions Without Negatively Impacting the Organization’s IT Teams? appeared first on Cyber Defense Magazine.

Connecting Tech to Black America

By David Lee, Chief Evangelist and Visionary for Tech Diversity As technology rapidly evolves and advances, it can often seem inaccessible and intimidating for the everyday person. For Black Americans […]

The post Connecting Tech to Black America appeared first on Cyber Defense Magazine.

The Importance of Cyber Hygiene for Businesses

By Rigo Van den Broeck, Executive Vice President, Cyber Security Product Innovation at Mastercard Cybercrime is set to cost $10.3 trillion worldwide by 2025, and it’s growing fast. It’s a […]

The post The Importance of Cyber Hygiene for Businesses appeared first on Cyber Defense Magazine.

5 Cybersecurity Resolutions for the New Year

By Roger Spears, Schneider Downs Whenever the new year rolls around, resolutions—to achieve a goal, improve a behavior or continue good practices—abound. And, while many resolutions center personal goals such […]

The post 5 Cybersecurity Resolutions for the New Year appeared first on Cyber Defense Magazine.

Hybrid Working is Changing How We Think About Security

By Prakash Mana, CEO, Cloudbrink Security will continue to head the list of priorities for CISOs in 2024, but how we secure our enterprises will need rethinking in the face […]

The post Hybrid Working is Changing How We Think About Security appeared first on Cyber Defense Magazine.

Malicious Life Podcast: The Y2K Bug Pt. 2

In the waning years of the 20th century, amid growing anxieties about the turn of the millennium, one man, Robert Bemer, observed the unfolding drama from his remote home on King Possum Lake. A revered figure in computing, Bemer had early on flagged a significant, looming issue known as the Y2K bug, which threatened to disrupt global systems as calendars rolled over to the year 2000. This episode delves into Bemer's life during this critical period, exploring his predictions, the ensuing global frenzy to avert disaster, and the disparate views on whether the billions spent in prevention were justified or merely a response to a misunderstood threat.

Malicious Life Podcast: The Y2K Bug Pt. 1

In the 1950s and 60s - even leading into the 1990s - the cost of storage was so high, that using a 2-digit field for dates in a software instead of 4-digits could save an organization between $1.2-$2 Million dollars per GB of data. From this perspective, programming computers in the 1950s to record four-digit years would’ve been outright malpractice. But 40 years later, this shortcut became a ticking time bomb which one man, computer scientist Bob Bemer, was trying to diffuse before it was too late.

Cybereason’s evolution to disrupt beyond SIEM and XDR market

Today, enterprises are accelerating to invest into digitalization to stay ahead of competition. They are increasingly encountering an evolving threat landscape and complex security challenges - with more workloads in multi clouds, more workforces in hybrid environments, and more intelligent devices connected in mission critical operations. This transformation journey is exacerbated by an exponential increase in compute resources, as well as data volumes and security tooling driving up the cost of storing, managing and analyzing the data for security purposes.

Threat Alert: The Anydesk Breach Aftermath

Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.

Malicious Life Podcast: Can You Bomb a Hacker?

The 2008 Russo-Georgian War marked a turning point: the first time cyberattacks were used alongside traditional warfare. But what happens when the attackers aren't soldiers, but ordinary citizens? This episode delves into the ethical and legal implications of civilian participation in cyberwarfare, examining real-world examples from Ukraine and beyond.

Beware of the Messengers, Exploiting ActiveMQ Vulnerability

Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.

Bridging the Gap: Balancing Security Compliance and Innovation in Cybersecurity

As an Ex-Amazonian (AWS) and cloud-native guy by passion, I never thought I would write a blog post like the following. But I'm also a Defender, a cyber security enthusiast and most of all customer obsessed and therefore I recognize that the world is not black and white, instead it's colorful with a wide range of colors and several nuances. So are the requirements from companies. This leads us to the questions:

Unboxing Snake - Python Infostealer Lurking Through Messaging Services

Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.

Ransomware: True Cost to Business 2024

If I could have one wish for 2024, it would be that we stop calling ransomware by the same name.

Malicious Life Podcast: Kevin Mitnick, Part 2

In 1991, Kevin Mitnick was bouncing back from what was probably the lowest point of his life. He began to rebuild his life: he started working out and lost a hundred pounds, and most importantly - he was finally on the path towards ditching his self-destructive obsession of hacking.

But just as he was in the process of turning his life around, his brother introduced him to a hacker named Eric Heinz, who told him about a mysterious piece of equipment he came across while breaking into Pacific Bell: SAS, a testing system that allowed its user to listen in on all the calls going through the telephone network. SAS proved to be too great of a temptation for Mitnick, who desperately wanted to wield the power that the testing system could afford him.

How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Soon�

Posted by Sean @ 12:52 GMT

Our "construction project" is progressing nicely.



And it should resolve this…



Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.

On 18/08/15 At 12:52 PM

Work In Progress

Posted by Sean @ 13:25 GMT

Regular readers will have noticed it's been slow here of late.


Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.

On 13/08/15 At 01:25 PM

"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT

Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:



And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.



We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.

On 23/07/15 At 09:53 AM

Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT

Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.


An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.


A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.


A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".


Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.


The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP

On 22/07/15 At 11:59 AM

'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT

VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.



The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.

On 20/07/15 At 12:40 PM

IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT

The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:



Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:



Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.



The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)

On 17/07/15 At 10:15 AM

Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT

After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.




Here are the stats for each exploit kit:




The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:




Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:




We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:




HanJuan Flash Exploit:




There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.

On 13/07/15 At 12:29 PM

The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT

When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):



Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:





Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.


Post by – Su Gim

On 08/07/15 At 02:31 AM

Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT

The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.


(Source)


So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.

On 09/06/15 At 01:25 PM

Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT

I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.



Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean

On 08/06/15 At 01:27 PM

SMS Exploit Messages

Posted by Sean @ 13:56 GMT

There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.


S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:


Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:


Effective Power Unicode iOS hack vs Twitter

On 28/05/15 At 01:56 PM

Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT

In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:



When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:



So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:



Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:



If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:



And then to the malware itself:



This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor

On 19/05/15 At 03:17 AM

Mac Hack Demonstration

Posted by Sean @ 12:46 GMT

Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.



Don't worry, it's an authorized hack, she asked her mom for permission.

On 15/05/15 At 12:46 PM

Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

GMX (Global Mail eXchange) Mail is an email service where users may register up to 10 individual email addresses at no cost. As a result, threat actors are leveraging this service to easily spin up new email addresses and effectively delivering phishing attacks that bypass Microsoft o365 and Google Workspace, landing in an organization’s email […]

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries.  As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

Patch Now! CrushFTP Zero-day Lets Attackers Download System Files

CrushFTP urges customers to patch servers with new versions due to discovering zero-day. The CrushFTP zero-day vulnerability is tracked tracked CVE-2024-4040 and enables hackers to escape VFS and download system files. Its CVSS is 9.8, which is critical. CrushFTP zero-day explained CrushFTP is vulnerable to a server-side template injection issue that affects versions before 10.7.1 […]

The post Patch Now! CrushFTP Zero-day Lets Attackers Download System Files appeared first on Heimdal Security Blog.

MITRE Breached – Hackers Chained 2 Ivanti Zero-days to Compromise VPN

MITRE Corporation announced that state-backed hackers used Ivanti zero-day vulnerabilities to breach their system. The attack happened in January 2024 and impacted MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). NERVE is an unclassified collaborative network that researchers use. The two Ivanti vulnerabilities were: authentication bypass CVE-2023-46805 command injection CVE-2024-21887 None of them had an […]

The post MITRE Breached – Hackers Chained 2 Ivanti Zero-days to Compromise VPN appeared first on Heimdal Security Blog.

A System Administrator’s Challenges in Patch Management

Patching is the second most challenging and resource-consuming task of a System Administrator. That’s what Alex Panait told me when I wanted to know his opinion on the benefits and hurdles of patching.  Alex has been a System Administrator in Internal IT at Heimdal for the last 8 years. He’s seen the company developing and […]

The post A System Administrator’s Challenges in Patch Management appeared first on Heimdal Security Blog.

Free and Downloadable Account Management Policy Template

Managing user accounts and ensuring the security of data and information systems are crucial for any business. To assist organizations in this task, we offer a comprehensive Account Management Policy Template designed to streamline the process of account creation, maintenance, and termination. This template is adaptable and available in three formats—PDF, Word, and Google Docs—to […]

The post Free and Downloadable Account Management Policy Template appeared first on Heimdal Security Blog.

Atera vs. ConnectWise: Head-to-Head Comparison (And Alternative)

Choosing a cybersecurity solution is no easy task. Some solutions specialize in one thing, while others take a broader, unified approach. Finding the right balance for your company depends on many factors such as size, price, support, or complexity. Atera and ConnectWise are some of the most common solutions, and in this article, we’ll compare […]

The post Atera vs. ConnectWise: Head-to-Head Comparison (And Alternative) appeared first on Heimdal Security Blog.

NinjaOne vs. Atera: A Deep Comparison Between the Solutions

If you run an MSP business, choosing a remote monitoring and management (RMM) platform will be a critical business decision. A quality RMM allows you to oversee your customers’ IT environments, remediate issues, and manage everything from patches to software updates.  There are many RMM tools out there, so deciding which one is right for […]

The post NinjaOne vs. Atera: A Deep Comparison Between the Solutions appeared first on Heimdal Security Blog.

Deceptive Google Ads Mimic IP Scanner Software to Push Backdoor

Cybersecurity researchers unveiled a new malvertising campaign that uses malicious Google ads to deliver a backdoor dubbed ‘MadMxShell’. The ads leverage a set of domains to push the backdoor and mimic legitimate IP scanner software. The 45 domains, registered between November 2023 and March 2024 pose as IP scanner software such as: Angry IP Scanner […]

The post Deceptive Google Ads Mimic IP Scanner Software to Push Backdoor appeared first on Heimdal Security Blog.

CrowdStrike vs. SentinelOne: Which One Is Better For Endpoint Security?

When it comes to endpoint detection tools, the cybersecurity market is a pretty crowded place. Finding the right one for your business can be a minefield. Some are designed to do one thing very well; others offer a broader, more unified solution. One product might be perfect for enterprises, but far too expensive and unwieldy […]

The post CrowdStrike vs. SentinelOne: Which One Is Better For Endpoint Security? appeared first on Heimdal Security Blog.

Surge in Botnets Exploiting CVE-2023-1389 to Infect TP-Link Archer Routers

Researchers observed a rise in daily infection attempts leveraging old TP-Link Archer Command Injection Vulnerability. Since March 2024, six botnet malware operations showed interest in scanning TP-Link Archer AX21 (AX1800) routers for CVE-2023-1389. The daily number of attempts ranged between 40,000 – 50,000 during the month. Source – Bleeping Computer The vendor released a patch […]

The post Surge in Botnets Exploiting CVE-2023-1389 to Infect TP-Link Archer Routers appeared first on Heimdal Security Blog.

Years-Old Vulnerability in AMI MegaRAC BMCs Impacts Intel and Lenovo Hardware

Researchers discovered an overlooked vulnerability in Lighttpd web server that is used in Baseboard Management Controllers (BMCs). The flaw impacts hardware vendors that use AMI MegaRAC BMCs, like Intel, Lenovo and Supermicro. Although developers discovered and fixed the Lighttpd flaw back in 2018, the vulnerability didn’t get a CVE. Further on, Lighttpd users, like AMI […]

The post Years-Old Vulnerability in AMI MegaRAC BMCs Impacts Intel and Lenovo Hardware appeared first on Heimdal Security Blog.

Your All-In Guide to MSP Patch Management Software in 2024 [Template Included]

Patch management is one of the most effective, yet overlooked cybersecurity practices to keep your operations safe. And it’s not just me saying it, statistics do too. For example, were you aware that 80% of cyberattacks happen due to unpatched vulnerabilities? With 84% of companies and online businesses reporting suffering at least one cyberattack in […]

The post Your All-In Guide to MSP Patch Management Software in 2024 [Template Included] appeared first on Heimdal Security Blog.

Free and Downloadable Email Security Policy Template

Email serves as a fundamental communication tool in business operations, necessitating stringent security measures to protect sensitive information and maintain corporate integrity. Our email security policy template serves as a comprehensive guide for companies looking to implement robust email security practices. It’s written in three different formats (PDF, Word, Google Docs) to suit all business […]

The post Free and Downloadable Email Security Policy Template appeared first on Heimdal Security Blog.

SharePoint Flaws Could Help Threat Actors Evade Detection Easier When Stealing Files

Two methods that researchers have found might allow attackers to get around audit logs or produce less serious entries when they download data from SharePoint. Due to the sensitivity of SharePoint data, a lot of businesses audit sensitive occurrences, such as data downloads, to set off alarms in security information and event management platforms (SIEMs), […]

The post SharePoint Flaws Could Help Threat Actors Evade Detection Easier When Stealing Files appeared first on Heimdal Security Blog.

CISA Issues Emergency Directive and Orders Agencies to Mitigate the Risks of the Microsoft Hack

A new emergency directive from CISA requires U.S. federal agencies to address the risks associated with the Russian hacking group APT29’s compromise of several Microsoft business email accounts. On April 2, Federal Civilian Executive Branch (FCEB) agencies received Emergency Directive 24-02. They must look into potentially impacted emails, reset any compromised passwords, and take precautions […]

The post CISA Issues Emergency Directive and Orders Agencies to Mitigate the Risks of the Microsoft Hack appeared first on Heimdal Security Blog.

CISA Urges Sisense Customers to Reset Credentials and Report Suspicious Activity

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Thursday about a data breach at Sisense, a US business intelligence software. The agency strongly recommended that all Sisense users promptly change their passwords and any other potentially compromised credentials used to access the company’s services. The agency also advised users to be […]

The post CISA Urges Sisense Customers to Reset Credentials and Report Suspicious Activity appeared first on Heimdal Security Blog.

ISC Stormcast For Friday, April 26th, 2024 https://isc.sans.edu/podcastdetail/8956, (Fri, Apr 26th)

No summary available.

ISC Stormcast For Thursday, April 25th, 2024 https://isc.sans.edu/podcastdetail/8954, (Thu, Apr 25th)

No summary available.

Does it matter if iptables isn't running on my honeypot?, (Thu, Apr 25th)

I&#;x26;#;39;ve been working on comparing data from different DShield [1] honeypots to understand differences when the honeypots reside on different networks. One point of comparison is malware submitted to the honeypots. During a review of the summarized data, I noticed that one honeypot was an outlier in terms of malware captured.

ISC Stormcast For Wednesday, April 24th, 2024 https://isc.sans.edu/podcastdetail/8952, (Wed, Apr 24th)

No summary available.

API Rug Pull - The NIST NVD Database and API (Part 4 of 3), (Wed, Apr 24th)

A while back I got an email from Perry, one of our readers who was having a problem using my cvescan script, which I covered in a 3 part story back in 2021:

Struts "devmode": Still a problem ten years later?, (Tue, Apr 23rd)

Like many similar frameworks and languages, Struts 2 has a "developer mode" (devmode) offering additional features to aid debugging. Error messages will be more verbose, and the devmode includes an OGNL console. OGNL, the Object-Graph Navigation Language, can interact with Java, but in the end, executing OGNL results in arbitrary code execution. This OGNL console resembles a "web shell" built into devmode.

ISC Stormcast For Tuesday, April 23rd, 2024 https://isc.sans.edu/podcastdetail/8950, (Tue, Apr 23rd)

No summary available.

It appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years, (Mon, Apr 22nd)

It has been nearly three years since we last looked at the number of industrial devices (or, rather, devices that communicate with common OT protocols, such as Modbus/TCP, BACnet, etc.) that are accessible from the internet[1]. Back in May of 2021, I wrote a slightly optimistic diary mentioning that there were probably somewhere between 74.2 thousand (according to Censys) and 80.8 thousand (according to Shodan) such systems, and that based on long-term data from Shodan, it appeared as though there was a downward trend in the number of these systems.

ISC Stormcast For Monday, April 22nd, 2024 https://isc.sans.edu/podcastdetail/8948, (Mon, Apr 22nd)

No summary available.

The CVE's They are A-Changing!, (Wed, Apr 17th)

The downloadable format of CVE&#;x26;#;39;s from Miter will be changing in June 2024, so if you are using CVE downloads to populate your scanner, SIEM or to feed a SOC process, now would be a good time to look at that. If you are a vendor and use these downloads to populate your own feeds or product database, if you&#;x26;#;39;re not using the new format already you might be behind the eight ball!

New Report Finds That 27% of Small Businesses Would Be Put Out of Business By A Cyber Attack

According to the U.S. Chamber of Commerce, the pressure is mounting on small and medium businesses (SMBs), as they must get their cyber preparedness correct or the next cyber attacks could prove disastrous.

AI-Assisted Phishing Attacks Are on the Rise

Threat actors are increasingly using generative AI tools to improve their phishing campaigns, according to a new report from Zscaler.

Phishing Campaign Exploits Nespresso Domain

Attackers are launching phishing campaigns using an open-redirect vulnerability affecting a website belonging to coffee machine company Nespresso, according to researchers at Perception Point.

Global Optics Provider Hit with Ransomware Attack and a $10M Ransom

Global optics manufacturer Hoya had business operations at its headquarters and several business divisions impacted and is now facing a “No Negotiation / No Discount Policy” $10 million ransom decision to make.

Level Up Your Users’ Cybersecurity Skills with 'The Inside Man: New Recruits’

We’re thrilled to announce our newest addition to our ModStore’s already brimming collection of games with a new offering based on our award-winning “The Inside Man” training series!

Environmental Sustainable Training: KnowBe4's Commitment to a Greener Earth

KnowBe4 is committed to sustainability and helping protect the environment, as evidenced by our initiatives such as our public commitment to sustainability, our planting trees and supporting local bee hives, and even our CEO Stu Sjouwerman’s donation of $2.5M to the Florida Wildlife Corridor.

USPS Surges to Take Top Spot as Most Impersonated Brand in Phishing Attacks

New data shows phishing attacks are deviating from the traditional focus on technology and retail sectors and are opting for alternate brands with widespread appeal.

CyberheistNews Vol 14 #17 [HEADS UP] LastPass Warns of a 'CEO' Deepfake Phishing Attempt

[NEW GAME] The Inside Man: New Recruits Game

We released a new game, now available on the KnowBe4 Modstore. I played it myself and this is recommended for all Inside Man fans!  

"Mark Shepherd, The Inside Man himself, is recruiting a crack security team to thwart the sinister ‘Handler’. Your mission is to accumulate points in a series of challenges that apply lessons learnt throughout The Inside Man series, to test your expertise in combating phishing, social engineering, password breaches, ransomware and document security. "

This new Game is 10 minutes in duration, available in English (GB), and at Diamond subscription level. 

4 out of 5 of Physicians Were Impacted by February’s Cyber Attack on Change Healthcare

A new survey of physicians details the devastating impact of the Change Healthcare cyber attack on the healthcare sector.

GUEST ESSAY: Here’s why securing smart cities’ critical infrastructure has become a top priority

Critical infrastructure like electrical, emergency, water, transportation and security systems are vital for public safety but can be taken out with a single cyberattack. How can cybersecurity professionals protect their cities?

In 2021, a lone hacker infiltrated a water treatment … (more…)

MY TAKE: GenAI revolution — the transformative power of ordinary people conversing with AI

San Francisco, Calif. — The amazing digital services we have today wouldn’t have come to fruition without the leading technology and telecom giants investing heavily in R&D.

Related: GenAi empowers business

I had the chance to attend NTT Research’s Upgrade … (more…)

News alert: NTT all photonics network connects data centers in U.S., U.K. at very low latency

San Francisco and Tokyo, Apr. 11, 2024 – At Upgrade 2024, NTT Corporation (NTT) and NTT DATA announced the successful demonstration of All-Photonics Network (APN)-driven hyper low-latency connections between data centers in the United States and United Kingdom.… (more…)

News alert: Simbian launches with $10M to build autonomous, GenAI-powered security platform

Mountain View, Calif. – April 11, 2024 – Simbian today emerged from stealth mode with oversubscribed $10M seed funding to deliver on fully autonomous security.

As a first step towards that goal, the company is introducing the industry’s first GenAI-powered … (more…)

Best Practices Q&A: Guidance about what directors need to hear from CISOs — from a board member

CISOs can sometimes be their own worst enemy, especially when it comes to communicating with the board of directors.

Related: The ‘cyber’ case for D&O insurance

Vanessa Pegueros knows this all too well. She serves on the board of several … (more…)

MY TAKE: Why email security desperately needs retooling in this post-Covid 19, GenAI era

It’s a digital swindle as old as the internet itself, and yet, as the data tells us, the vast majority of security incidents are still rooted in the low-tech art of social engineering.

Related: AI makes scam email look real… (more…)

Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

The technology and best practices for treating cybersecurity as a business enabler, instead of an onerous cost-center, have long been readily available.

Related: Data privacy vs data security

However, this remains a novel concept at most companies. Now comes a … (more…)

GUEST ESSAY: NIST’s Cybersecurity Framework update extends best practices to supply chain, AI

The National Institute of Standards and Technology (NIST) has updated their widely used Cybersecurity Framework (CSF) — a free respected landmark guidance document for reducing cybersecurity risk.

Related: More background on CSF

However, it’s important to note that most of … (more…)

LW ROUNDTABLE: Will the U.S. Senate keep citizens safe, vote to force China to divest TikTok?

Congressional bi-partisanship these day seems nigh impossible.

Related: Rising tensions spell need for tighter cybersecurity

Yet by a resounding vote of 352-65, the U.S. House of Representatives recently passed a bill that would ban TikTok unless its China-based owner, ByteDance … (more…)

Author Q&A: A patient’s perspective of advanced medical technology and rising privacy risks

A close friend of mine, Jay Morrow, has just authored a book titled “Hospital Survival.”

Related: Ransomware plagues healthcare

Jay’s book is very personal. He recounts a health crisis he endured that began to manifest at the start of what … (more…)

Ring agrees to pay $5.6 million after cameras were used to spy on customers

The FTC is paying Ring customers in the US a totoal of $5.6 million over charges that the company allowed employees to access private videos.

TikTok comes one step closer to a US ban

The US Senate has approved a bill that will ban TikTok, unless it finds a new owner, bringing it one step closer to being signed into law.

Google ad for Facebook redirects to scam

Beware of this malicious ad campaign currently making the rounds. Read our blog for more details and how to protect yourself.

“Substantial proportion” of Americans may have had health and personal data stolen in Change Healthcare breach

UnitedHealth has made an announcement about the stolen data in the ransomware attack on subsidiary Change Healthcare.

Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09

This week on the Lock and Code podcast, we speak with Justin Brookman about past consumer wins in the tech world, and how to avoid despair.

Billions of scraped Discord messages up for sale

An internet scraping platform is offering access to a database filled with over four billion Discord messages and combined user profiles.

A week in security (April 15 – April 21)

A list of topics we covered in the week of April 15 to April 21 of 2024

Law enforcement reels in phishing-as-a-service whopper

A major international law enforcement effort has disrupted the notorious LabHost phishing-as-a-service platform.

Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million

The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data.

Cannabis investment scam JuicyFields ends in 9 arrests

JuicyFields was an investment scam that urged victims to invest in cannabis production.

Should you share your location with your partner?

Location sharing is popular among couples. But is it something you want in your own relationship?

Giant Tiger breach sees 2.8 million records leaked

A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger

A week in security (April 8 – April 14)

A list of topics we covered in the week of April 8 to April 14 of 2024

How to change your Social Security Number

Wondering whether changing your SSN is an option. Read here what you need to qualify for a new SSN and what you need to get one.

Apple warns people of mercenary attacks via threat notification system

Apple has sent alerts to people in 92 nations to say it's detected that they may have been a victim of a mercenary attack.

How to check if your data was exposed in the AT&T breach

We've made it easy for you to check if your data has been exposed in the AT&T breach.

Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities

Microsoft has fixed 149 vulnerabilities, two of which are reportedly being exploited in the wild.

How to protect yourself from online harassment

Don't wait for an online harassment campaign to unfairly target you or a loved one. Take these proactive steps today to stay safe.

Introducing the Digital Footprint Portal

Find out what sensitive data of yours is exposed online today with our new, free Digital Footprint Portal.

New ransomware group demands Change Healthcare ransom

The Change Healthcare ransomware attack as suffered a third cruel twist.

Looking Back on the Channel Partner Event and Awards 2024

Previously, I had the pleasure of sitting down with Sophie Sayer, our Channel Sales Director, to talk about the IT Governance partner programme and partner event on 9 April 2024. Now that the drinks have been served and awards handed out, I caught up with her again. When I asked her how the event went, she said: The Channel Partner Event and Awards 2024 in Ely was an absolute triumph! The atmosphere was charged with excitement and camaraderie as partners and MSPs gathered under one roof to celebrate excellence in the industry. It was truly heartening to witness the community

The post Looking Back on the Channel Partner Event and Awards 2024 appeared first on IT Governance UK Blog.

The Week in Cyber Security and Data Privacy: 15 – 21 April 2024

16,482,365 known records breached in 241 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight Criminal hackers threaten to leak World-Check screening database A criminal group known as GhostR claims to have stolen 5.3 million records from World-Check, a database used to screen potential customers for links to illegal activity and government

The post The Week in Cyber Security and Data Privacy: 15 – 21 April 2024 appeared first on IT Governance UK Blog.

Cyber Defence in Depth: An Expert’s Overview

Expert insight from our information security manager What is defence in depth? Why is it important? How does it work? And what are some practical examples of it? We put all these questions and more to information security manager Adam Seamons, who has more than 15 years’ experience working as a systems engineer and in technical support. He also holds CISSP (Certified Information Systems Security Professional) and SSCP (Systems Security Certified Practitioner) certifications. What is defence in depth? In very broad terms, defence in depth contains three layers: You can split these up further – into identify, protect, detect, respond

The post Cyber Defence in Depth: An Expert’s Overview appeared first on IT Governance UK Blog.

The Week in Cyber Security and Data Privacy: 8 – 14 April 2024

7,531,492 known records breached in 124 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Update on last week’s story about the alleged US EPA (Environmental Protection Agency) breach: it appears the data was already publicly available. We’ve therefore removed this entry from our incident log. Publicly disclosed data breaches and cyber attacks: in the spotlight AT&T confirms more than 50 million

The post The Week in Cyber Security and Data Privacy: 8 – 14 April 2024 appeared first on IT Governance UK Blog.

The Week in Cyber Security and Data Privacy: 1 – 7 April 2024

67,273,297 known records breached in 130 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight US Environmental Protection Agency allegedly breached: nearly 8.5 million accounts compromised A threat actor known as ‘USDoD’ claims to have exfiltrated a large database from the US EPA (Environmental Protection Agency). According to a listing on the

The post The Week in Cyber Security and Data Privacy: 1 – 7 April 2024 appeared first on IT Governance UK Blog.

Global Data Breaches and Cyber Attacks in 2024

30,578,031,872 known records breached so far in 8,839 publicly disclosed incidents Welcome to our 2024 data breaches and cyber attacks page, where you can find an overview of the year’s top security incidents, the most breached sectors of 2024, month-on-month trends, links to our monthly reports, and much more. Use the links in the ‘On this page’ section below to navigate. To get our latest research delivered straight to your inbox, subscribe to our free weekly newsletter, the Security Spotlight. IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses. We offer

The post Global Data Breaches and Cyber Attacks in 2024 appeared first on IT Governance UK Blog.

Global Data Breaches and Cyber Attacks in March 2024 – 299,368,075 Records Breached

IT Governance’s research found the following for March 2024: This month saw fewer records breached than in February (a 58% drop), but a staggering 388% rise in incidents. This is largely caused by two outlier events: To minimise data skewing, we’ve accounted for this by providing two Data Breach Dashboards this month: one including and one excluding the above events. Free PDF download: Data Breach Dashboards For quick, one-page overviews of this month’s findings, please use our Data Breach Dashboards: The above Dashboard includes our complete data for the month. To offer a more direct comparison with last month’s data,

The post Global Data Breaches and Cyber Attacks in March 2024 – 299,368,075 Records Breached appeared first on IT Governance UK Blog.

An Expert Overview of CISM®

A Springboard to Career Success CISM® (Certified Information Security Manager) is a globally recognised qualification that provides a good understanding of IT security with a management flavour. But with so much in the news about AI, Cloud security and other niche areas of cyber security, it’s easy to overlook the importance of such solid, tried-and-tested qualifications in information security. Adesoji ‘Soji’ Ogunjobi is a cyber security specialist and instructor, with nearly two decades of experience as a cyber security professional and IT auditor. He also has an MSc in Information Technology, Computer and Information Systems, as well as CISM, CISSP,

The post An Expert Overview of CISM® appeared first on IT Governance UK Blog.

The Week in Cyber Security and Data Privacy: 25 – 31 March 2024

37,376,751 known records breached in 2,109 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight Researchers find thousands of publicly exposed – and compromised – Ray servers The Oligo Security research team have discovered an attack campaign targeting a critical vulnerability in Ray – an AI framework developed and maintained by Anyscale

The post The Week in Cyber Security and Data Privacy: 25 – 31 March 2024 appeared first on IT Governance UK Blog.

The Week in Cyber Security and Data Privacy: 18 – 24 March 2024

134,503,937 known records breached in 1,091 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight Misconfigured Google Firebase instances expose almost 125 million user records On 10 January, a security researcher known as ‘MrBruh’ reported on vulnerabilities in the AI hiring system Chattr.ai, which is used by many US fast food chains.

The post The Week in Cyber Security and Data Privacy: 18 – 24 March 2024 appeared first on IT Governance UK Blog.

Assessing the Y, and How, of the XZ Utils incident

In this article we analyze social engineering aspects of the XZ backdoor incident. Namely pressuring the XZ maintainer to pass on the project to Jia Cheong Tan, and then urging major downstream maintainers to commit the backdoored code to their projects.

ToddyCat is making holes in your infrastructure

We continue to report on the APT group ToddyCat. This time, we’ll talk about traffic tunneling, constant access to a target infrastructure and data extraction from hosts.

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go.

SoumniBot: the new Android banker’s unique techniques

We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection.

Using the LockBit builder to generate targeted ransomware

Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder.

XZ backdoor story – Initial analysis

Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.

DinodasRAT Linux implant targeting entities worldwide

In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.

Android malware, Android malware and more Android malware

In this report, we share our latest Android malware findings: the Tambir spyware, Dwphon downloader and Gigabud banking Trojan.

Threat landscape for industrial automation systems. H2 2023

Kaspersky ICS CERT shares industrial threat statistics for H2 2023: most commonly detected malicious objects, threat sources, threat landscape by industry and region.

A patched Windows attack surface is still exploitable

In this report, we highlight the key points about a class of recently-patched elevation-of-privilege vulnerabilities affecting Microsoft Windows, and then focus on how to check if any of them have been exploited or if there have been any attempts to exploit them.

Ending Session Hijacking

This week on the podcast, we cover a Google initiative to kill off session hijacking attacks once and for all. Before that, we give an analysis of CVE-2023-3400, the Palo Alto zero-day vulnerability currently under active exploit. Additionally, we discuss a recent white paper from CISA on securely deploying artificial intelligence systems.

Read More - Ending Session Hijacking

BatBadBut What?

This week on the podcast, we cover a research post that describes a code injection vulnerability caused by the way nearly every high level programming language runs on Windows. We also discuss a series of vulnerabilities in LG televisions that allow remote attackers to root the device before ending with a chat about new adversarial […]

Read More - BatBadBut What?

Bad Month for Software Supply Chains

This week on the podcast, we cover a software supply chain attack years in the making that was days away from a devastating global impact. After that, we cover Facebook’s Project Ghostbusters and its impact on user privacy before ending with another software supply chain attack that successfully compromised developers in the gaming world.

Read More - Bad Month for Software Supply Chains

Trucking Worms

This week on the podcast we discuss a vulnerability in required commercial truck hardware that could enable an automatically propagating worm across the entire US. Before that, we cover Apple’s “un-patchable” vulnerability in their M-series processors as well as a vulnerability that could let attackers unlock hotel room doors at will.

Read More - Trucking Worms

A Wild Month in Ransomware

This week on the podcast, we’re joined by Ryan Estes, a member of WatchGuard’s Zero-Trust Application Service classification team and resident ransomware expert to discuss the wild month in ransomware news. We start the episode with a story about a fake ransomware operator that scammed cybercriminals out of tens of thousands of dollars before discussing […]

Read More - A Wild Month in Ransomware

Operation Cronos: A Breakdown of the LockBit Disruption

Check out LockBit 3.0 on our new Ransomware Tracker Beta! Hear more about Operation Cronos on The 443 Podcast. If you’ve followed the ransomware space for the past few years, it’s very likely you’ve heard of LockBit. If you don’t follow the cybersecurity landscape, there’s still a good chance you’ve heard of them or at […]

Read More - Operation Cronos: A Breakdown of the LockBit Disruption

Locking Up LockBit

This week on the podcast, we cover an international law enforcement takedown of the LokBit ransomware group’s infrastructure. After that, we cover a novel malware delivery vector involving an IoT “toy.” We end the podcast by covering the latest White House Executive Order addressing cybersecurity in critical infrastructure.

Read More - Locking Up LockBit

Flipping Out Over Flipper Zero

This week on the podcast we cover Canada’s attempt to ban the Flipper Zero. Before that, we review a recent research post on a new class of vulnerability on the Ubuntu operating system. We end the episode with a chat bout a the impacts of artificial intelligence on data security. Menlo Report on Business AI […]

Read More - Flipping Out Over Flipper Zero

AnyDesk Remote Access Vendor Compromise

On February 2nd, remote access software vendor AnyDesk disclosed they had been the victim of a cyberattack where an unknown threat actor obtained access to production systems. AnyDesk appears to have contained the incident before the adversaries were able to leverage their access into a supply chain attack against AnyDesk customers but out of an […]

Read More - AnyDesk Remote Access Vendor Compromise

Could a Toothbrush Botnet Happen?

This week on the podcast, we cover a recent news post about an army of 3 million compromised toothbrushes taking down a Swiss website, causing millions in damages. After that, we discuss the United States DOJ’s latest botnet takedown, this time targeting Volt Typhoon. We end the episode by walking through a CISA joint-publication giving […]

Read More - Could a Toothbrush Botnet Happen?

A Door in Apple’s Walled Garden

This week on the podcast, we cover Apple’s recent announcement describing how they will comply with the European Union’s new Digital Markets Act and what that means for the iPhone walled garden. Before that, we cover a databreach at Mercedez-Benze thanks to an alternative authentication method. Additionally, we cover the roundup of vulnerabilities in Ivanti’s […]

Read More - A Door in Apple’s Walled Garden

A Blizzard of Threats

This week on the podcast, we cover two “Blizzard” threat actors targeting governments and private organizations. We also give an update to the SEC’s compromised Twitter/X Account, and then end with a discussion of an EU program designed to improve their citizen’s privacy while browsing the internet.

Read More - A Blizzard of Threats

Androxgh0st Analysis

This week on the podcast, we review a CISA and FBI joint advisory on the Androxgh0st malware. Before that we cover recent Volt Typhoon activity targeting SMB routers exposed on the internet. We end the episode with a fun research blog post about a series of flaws in an Indian insurance provider.

Read More - Androxgh0st Analysis

NIST Tackles Adversarial AI

This week on the podcast, we review NIST’s new publication that defines a taxonomy for how we talk about Adversarial Machine Learning. Before that, we cover a recent discovery of threat actors retaining access to Google accounts even through a password reset. We round out the episode with an account compromise that lead to a […]

Read More - NIST Tackles Adversarial AI

RIPE for the Taking

This week, we cover a password compromise that lead to a mobile telco in Spain losing control of their IP address space. We also give a quick update on the Lapsus$ ringleader’s court case before discussing a recently discovered macOS backdoor malware that evades most endpoint protection. We end the episode by covering Microsoft’s research […]

Read More - RIPE for the Taking

Hacking the Crypto Supply Chain

This week on the podcast, we cover a supply chain attack against one of the largest hardware cryptocurrency wallet manufacturers. After that, we discuss the latest Apache Struts vulnerability under active exploit by threat actors. We end the episode with our thoughts on a research blog post about a set of threat actors using an […]

Read More - Hacking the Crypto Supply Chain

Bluetooth Busted

This week on the podcast, we cover a new unauthenticated keystroke injection vulnerability in the Bluetooth implementation on nearly every type of device. After that we discuss Logofail, a suite of vulnerabilities in most UEFI boot implementations that could let threat actors easily hide their tracks. We end by covering a recent CISA advisory on […]

Read More - Bluetooth Busted

Our 2024 Security Predictions

This week on the podcast we discuss our cybersecurity predictions for 2024. We’ll cover each of the 6 predictions for the coming year including the trends behind them and how to protect your organization if they come true!

Read More - Our 2024 Security Predictions

Grading our 2023 Security Predictions

This week on the podcast, we look back to our 2023 security predictions and grade ourselves on how well we were able to see the future. We’ll go through each of our 6 predictions, explain the trends that fueled them, and then provide either evidence that they came true or discuss reasons why they may […]

Read More - Grading our 2023 Security Predictions

What to Expect from NIS2

This week on the podcast, we dive in to the EU’s Network and Information Security directive update, aka NIS2. We’ll cover who might be impacted and what to expect in terms of requirements in the coming year. Before that, we give an update to on the latest Scattered Spider threat actor activity followed by an […]

Read More - What to Expect from NIS2

Combined Cyber and Kinetic Warfare

This week on the podcast, we cover an analysis from Mandiant on an attack lead by the Russian state-sponsored threat actor Sandworm that came alongside missiles strikes against Ukraine. Before that, we review Okta’s post mortum from their recent cyber incident. We end the episode by discussing udpated research from Jamf on a North Korean […]

Read More - Combined Cyber and Kinetic Warfare

The White House Tackles AI

This week on the podcast we cover an Executive Order from the US White House on the topic of Artificial Intelligence. After that, we discuss the latest CISO that has found themselves in hot water with the law. We then cover an update to the Common Vulnerability Scoring System and end with a researcher claiming […]

Read More - The White House Tackles AI

The Threat Actor That Hacked MGM

This week on the podcast, we review a thorough unmasking of Octa Tempest, the threat actor beind the MGM and Caesars Entertainment attacks in September. Before that, we give an update on the Cisco IOS XE vulnerability that head to an implant installed on thousands of exposed devices. We round out the episode with an […]

Read More - The Threat Actor That Hacked MGM

CISA’s Secure by Design Whitepaper

This week on the podcast, we cover CISA’s newly updated whitepaper on guidance for both software manufacturers and customers on the principals of secure-by-design and secure-by-default. Before that, we cover the Cisco IOS XE vulnerability that is under active exploitation in the wild, give an update on the EPA’s efforts to regulate cybersecurity practices in […]

Read More - CISA’s Secure by Design Whitepaper

Microsoft is Killing NTLM

This week on the podcast, we cover the recent HTTP/2 protocol vulnerability that lead to the largest DDoS attack ever recorded by CloudFlare. After that, we discuss Microsoft’s announcement about the deprecation of VBScript and the impending removal of NTLM. We then cover a collection of data allegedly stolen from the genealogy website 23 and […]

Read More - Microsoft is Killing NTLM

Q2 2023 Internet Security Report

This week on the podcast, we go through the latest Internet Security Report from the WatchGuard Threat Lab. We’ll cover the top malware and network attack trends from Q2 2023 impacting small and mid-market organization globally before ending with defensive tips anyone can take back to their company.

Read More - Q2 2023 Internet Security Report

Bing Chat Malvertising

This week on the podcast, we discuss an alert from CISA on nation state threat actors embedding malware into legacy Cisco router firmware. After that, we cover a research post on malicious advertisements served up via Bing’s ChatGTP integration. We then end with an analysis of North Korea’s Lazarus group’s latest social engineering techniques.

Read More - Bing Chat Malvertising

Meta’ One Good Deed

This week on the podcast, we get up to speed on the MGM and Caesars Entertainment ransomware incidents from the previous week. After that, we take a deep dive into a blog post from Meta’s application security team for their VR headsets. After that, we cover Microsoft’s analysis of an ATP’s pivot from email to […]

Read More - Meta’ One Good Deed

iPhone’s Latest 0-Day

This week on the podcast, we cover Microsoft’s final report on their July incident involving nation-state actors compromising enterprise email accounts. After that, we discuss a zero-day, zero-click vulnerability in iOS being actively exploited in the wild before ending with a chat about an upcoming change to how Android handles CA certificates.

Read More - iPhone’s Latest 0-Day

The Qakbot Takedown

This week on the podcast, we cover the FBI-lead, multinational takedown of the Qakbot botnet of over 700,000 victim devices. After that, we cover two android malware variants including one targeting victims in southeast Asia and another built by the Russian GRU.

Read More - The Qakbot Takedown

Weaponizing WinRAR

This week on the podcast we cover the latest evolutions of the North Korean threat actor Lazarus before covering an actively-exploited 0day vulnerability in the popular unarchiver WinRAR. We end the episode with an AI-related attack that doesn’t actually use AI.

Read More - Weaponizing WinRAR

U.S. Cyber Trust Mark

This week on the podcast we cover the FCC’s proposal for a security assurance labeling program for IoT devices. Before that, we discuss the latest AI research challenge hosted by DARPA as well as some research into a novel attack against the AI/ML supply chain.

Read More - U.S. Cyber Trust Mark

Def Con 2023 Recap

On this week’s episode, we chat about some of our favorite talks from this year’s Def Con security conference. We’ll cover several topics including artificial intelligence, hacking mobile point of sale devices, and how worried we should or shouldn’t be about cyber warfare.

Read More - Def Con 2023 Recap

BlackHat 2023 Recap

In this special end-of-week episode of The 443, we cover some of our favorite talks from this year’s edition of the BlackHat cybersecurity conference in Las Vegas. We’ll discuss the trends we saw and summaries of interesting topics including AI, nation state warfare, and improving cyber defense.

Read More - BlackHat 2023 Recap

What Is Same-Origin Policy? Replay

This week we look back to an episode that originally aired in May 2021 where we remember a Def Con legend then dive in to two web browsing security acronyms. Keep an eye out later this week as we come to you from this year’s Black Hat and Def Con cybersecurity conferences!

Read More - What Is Same-Origin Policy? Replay

Qakbot Qacktivity

This week on the podcast, we cover the latest evolutions of the decade-old Qakbot malware including changes in how attackers deliver it. After that, we give an update on the SEC’s new rules around mandatory security disclosure. We then end by reviewing CISA’s analysis of Risk and Vulnerability Assessments they completed for their constituents in […]

Read More - Qakbot Qacktivity

Red Teaming AI Systems

This week on the podcast, we give an update on last week’s discussion around a China-based APT targeting government organizations. After that, we cover the latest uses of generative AI like ChatGPT by malicious hackers. Finally, we end with a report from Google on their efforts around Red Teaming Artificial Intelligence systems.

Read More - Red Teaming AI Systems

New Microsoft Office 0-Day

This week on the podcast we cover two stories that came out of Microsoft’s July Patch Tuesday. The first involves an incident within Microsoft that lead to foreign cybercriminals compromising the email accounts of multiple government agencies. The second story involves an actively exploited 0-day vulnerability in Office that at the time of recording, remains […]

Read More - New Microsoft Office 0-Day

Q1 2023 Internet Security Report

This week on the podcast, we cover WatchGuard Threat Lab’s Internet Security Report for Q1 2023. Throughout the episode, we’ll discuss the key trends for cyber threats impacting small and midsize organizations globally including the top malware and network attach detections as well as a look specifically at the endpoint. We round out the episode […]

Read More - Q1 2023 Internet Security Report

RepoJacking

On this week’s podcast we discuss a recent analysis on the risks of GitHub RepoJacking. After that, we dive in to the Barracuda 0-day that China-based threat actors are actively exploiting as well as a novel command and control distribution method for a separate China-based APT.

Read More - RepoJacking

A New Russian APT

On this week’s episode we discuss the newly named threat actor Cadet Blizzard, including their typical tools, tactics and procedures. We also cover CISA’s newest binding directive to federal agencies. Before that, we give an update on exploited MOVEit Transfer servers and the latest Bitcoin laundering technique.

Read More - A New Russian APT

Minecraft Mod Malware

This week on the podcast we cover a supply chain attack of sorts against Minecraft gamers. After that, we cover a vulnerability in MOVEit Transfer that threat actors are exploiting in the wild to steal data and deploy ransomware. Finally, we wne with our review of the latest Verizon Data Breach Investigations Report (DBIR).

Read More - Minecraft Mod Malware

How Not to Update Software

This week on the podcast, we give a quick update on the latest Volt Typhoon activity before covering a newly for sale EDR bypass tool. After that, we discuss Gigabyte’s decision to rootkit their own motherboards before ending with a new macOS vulnerability.

Read More - How Not to Update Software

Naming APTs

This week on the podcast, we cover Microsoft’s latest refresh of naming conventions for advanced persistent threat (APT) actors worldwide, as well as an update on two specific threat actors and their latest tactics. We also cover a ransomware event targeting a biotechnology company with an interesting twist.

Read More - Naming APTs

TikTok is Banned, Kind Of

This week on the podcast, we cover the recent TikTok ban coming from the state of Montana and discuss whether it was justified and what the potential security impact is. Before that, we give an update on two US Supreme Court cases that were poised to potentially strip away Section 230 protections. We also highlight […]

Read More - TikTok is Banned, Kind Of

Scratching the Surface of Rhysida Ransomware

A few days ago, I was scrolling through Twitter and came across a post by the MalwareHunterTeam briefly discussing a new Ransomware group – Rhysida. A lack of results from a Google search shows this is a newer group prepping to start operations. I grabbed a sample and downloaded it, and the executable confirmed that […]

Read More - Scratching the Surface of Rhysida Ransomware

An Interview with ChatGPT

This week on the podcast, Marc kick’s Corey off the podcast and interview’s ChatGPT to learn its thoughts on AI applications in cybersecurity, both on offense and defense.

Read More - An Interview with ChatGPT

Securing Healthcare Tech

This week on the podcast, we cover two new malware research pieces, including the latest evolution of a delivery vehicle as old as time. After that, we cover recent regulations in the healthcare industry that have a chance to push the industry to a more secure future.

Read More - Securing Healthcare Tech

Rustbuckets and Papercuts

This week on the podcast, we cover a recently discovered macOS malware attack that uses a multi-stage delivery mechanism. Before that, we discuss an actively-exploited vulnerability in the print management software PaperCut, as well as an update on the 3CX supply chain attack.

Read More - Rustbuckets and Papercuts

MSPs Around the World – Americas

This week’s podcast comes from the WatchGuard Apogee partner conference for the Americas where we bring on special guests Kevin Willette of Verus Corporation and Neil Holme of Impact Business Technology to discuss the challenges and opportunities MSPs and MSSPs will face in the coming years. This is the first of a multipart series where […]

Read More - MSPs Around the World – Americas

Zero Trust Maturity Model 2.0

This week on the podcast, we cover two new publications out of CISA. First, we dive into CISA’s guidance to manufacturers and customers on products that are secure-by-design and secure-by-default. Next, we discuss CISA’s latest Zero Trust Maturity Model which any organization can use to gauge how far along they are on the ZTA path […]

Read More - Zero Trust Maturity Model 2.0

Cybersecurity News: A Trio of Vulnerabilities, BreachForums Admin Arrested, Hundreds of Ransomware Victims, and The Rise of AI

This post arrives later than usual, but as they say, “Better late than never.” Researchers and the media have highlighted various unique, interesting, or destructive vulnerabilities in the last few weeks. We decided to pick three of these vulnerabilities and talk about them. One was patched with Microsoft’s Patch Tuesday in March; another affects the […]

Read More - Cybersecurity News: A Trio of Vulnerabilities, BreachForums Admin Arrested, Hundreds of Ransomware Victims, and The Rise of AI

Operation Cookie Monster

This week on the podcast, we discuss another cybercrime marketplace takedown dubbed Operation Cookie Monster. After that, we discuss Microsoft’s attempts to limit the distribution of a popular hacking toolkit. Finally, we discuss a recent analysis by Dr. Ken Tindell of Canis Automotive Labs around how criminals were able to steal his friend’s Toyota Rav4. […]

Read More - Operation Cookie Monster

Another Software Supply Chain Attack

This week on The 443, we discuss the latest software supply chain attack with a potential blast radius of thousands of organizations. Then we cover a new protocol vulnerability in the Wi-Fi wireless standard before ending with some research into insecure Microsoft Azure applications.

Read More - Another Software Supply Chain Attack

3CX Supply Chain Attack

    3CX created the desktop phone app 3CXDesktopApp and now finds itself in the middle of a supply chain attack. As a recognized company in the softphone space, 3CX provides services to many large companies including Honda, Coca-Cola, BMW, Holiday Inn among others, according to the testimonials on their website. This week though, they […]

Read More - 3CX Supply Chain Attack

The NSA’s Guidance on Securing Authentication

This week we have all the acronyms as we cover a joint publication by CISA and the NSA with Identity and Access Management (IAM) best practices. We then cover some new proposed cybersecurity rules out of the Securities and Exchange Commission (SEC) before ending with an FBI takedown of a popular hacking forum.

Read More - The NSA’s Guidance on Securing Authentication

Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches

It’s Monday, and there’s no better way to start a new week than with some cybersecurity-related news. So, if you need an excuse to procrastinate a bit more, allow us to fill that void. For this iteration, we made a few minor improvements, as always. In addition to the table of contents from last time, […]

Read More - Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches

An Update on Section 230

  On this week’s episode we look back to our initial monologue on Section 230 protections that allow the social media and the internet as a whole to function. We cap off the episode replay with a new discussion on a recent supreme court case that has the potential to dramatically impact the internet as […]

Read More - An Update on Section 230

Here Come The Regulations

  On today’s episode, we cover two new sets of cybersecurity regulations, fresh off the heels of the White House’s National Cybersecurity Strategy publication, targeting different critical infrastructure sectors in the United States. We’ll also cover the latest in nation state activity targeting network connectivity appliances and end with some fun research into an oldie but […]

Read More - Here Come The Regulations

US National Cybersecurity Strategy

This week’s episode is all about the White House’s recently released National Cybersecurity Strategy. We’ll walk through the strategy from top to bottom and discuss the key elements most likely to impact individuals and organizations as well as our overall thoughts on the direction the US Federal Government is planning to take.

Read More - US National Cybersecurity Strategy

Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!

A new week, a new month, and a new Cybersecurity News post! This iteration contains a whopping eight (8) stories covering the last two to four weeks. Since cybersecurity is a diverse field of assorted specializations, we attempt to match that with various stories touching on all aspects of cybersecurity. This time we cover a […]

Read More - Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!

Cybersecurity’s Toll on Mental Health

This week on the episode we have a discussion about stress related issues impacting cybersecurity professionals and ways to combat them. Before that, we cover the latest news including new 0click exploit protection from Samsung, the latest update on GoDaddy’s security woes, and Twitters latest erratic move.

Read More - Cybersecurity’s Toll on Mental Health

Successfully Prosecuting a Russian Hacker

In today’s episode, we discuss a recent court case resulting in the succesful conviction of a Russian national tied to breaking in to several publicly traded US companies. We also cover the latest details on the ESXiArgs ransomware attacks that have been impacting organizations globally as well as the latest CISA alert on nation-state ransomware […]

Read More - Successfully Prosecuting a Russian Hacker

Cybersecurity News: Automated Ransomware Attacks, U.S. No Fly List Leaked, and A.I. Detecting A.I.

Welcome to another iteration of Cybersecurity News. The fairly new and unorthodox, semi-monthly news article that highlights a handful of noteworthy cybersecurity-related stories and provides extra references and resources to do further research if you desire. We aim to solidify a more concrete release schedule going forward and will release more information once we have […]

Read More - Cybersecurity News: Automated Ransomware Attacks, U.S. No Fly List Leaked, and A.I. Detecting A.I.

Live Audience MSP Q&A Panel

On this week’s very special episode of the podcast, we sit down with Matt Lee, Calvin Engen, and Scott Williamson, three MSP security and business experts for a Q&A panel in front of a live audience! We’ll cover everything from how MSPs and MSSPs should address the cyber threat landscape to what vendors can do […]

Read More - Live Audience MSP Q&A Panel

A Technical Analysis of ISAACWiper

Shortly after Putin launched his “special military operation” in Ukraine on February 24th, 2022, researchers from ESET published information about two novel destructive malware families – HermeticWiper and ISAACWiper. HermeticWiper was part of a three-pronged campaign that included a worm and pseudo-ransomware component known as HermeticWizard and HermeticRansom, respectively. HermeticWiper is the data-wiping component. ISAACWiper, […]

Read More - A Technical Analysis of ISAACWiper

What is CVSS?

This week on the podcast we cover the Common Vulnerability Scoring System (CVSS) including how it works and some of its limitations. Before that though, we discuss a recent survey on the risks of ChatGPT’s usage in cyberattacks and the latest activity from Lazarus, the North Korean government hacking operation.

Read More - What is CVSS?

CISA Warns of Weaponized RMM Software

On today’s episode, we cover a recent Department of Justice operation that resulted in taking down a major ransomware organization. After that, we cover two recent publications from CISA, the first on malicious use of legitimate RRM software and the second giving guidance to K-12 on how to address cybersecurity concerns.

Read More - CISA Warns of Weaponized RMM Software

Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Sifting through the most recent cybersecurity-related news may seem daunting, and keeping up with the latest developments is arduous. However, the WatchGuard Threat Lab is happy to filter through the latest cybersecurity news and highlight some stories we believe are important, noteworthy, or interesting. The goal is to focus on a few recent cybersecurity-related stories, […]

Read More - Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Law Enforcement Infiltrate and Seize Hive Ransomware Operation

In a sudden, stunning announcement today, the United States Department of Justice, the FBI, and federal agencies from 13 countries from Europol, announced the seizure of the transnational Hive ransomware operation. The seizure was part of a months-long operation that began in late July 2022 when the FBI infiltrated the Hive network. Deputy Attorney General […]

Read More - Law Enforcement Infiltrate and Seize Hive Ransomware Operation

Report Roundup

This week on the podcast, we cover key findings from  three individual reports published last week. In the first report we’ll dive into the world of blockchain analysis looking for illicit transactions. In the second report, we’ll cover the state of SMB security. The final report includes a discussion of overall financial crime involving stolen […]

Read More - Report Roundup

Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach

Regarding malware, breaches, and the overall threat landscape, 2023 is off to a dynamic start. Malvertising (malicious advertising) continues to be a successful attack vector for hackers, especially from sponsored ads via Google searches. Jon DiMaggio released his long-awaited Ransomware Diary series beginning with the first iteration of the LockBit ransomware group. Also, a new […]

Read More - Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach

The RCE Vulnerability That Wasn’t

This week on the podcast we cover a recently-disclosed vulnerability in the popular JavaScript library JsonWebToken. After that, we give an update to weaponizing ChatGPT, the currently free Artificial Intelligence chat bot that has made waves since it’s release in November. We round out the episode with a wave farewell to Windows 7 and Windows […]

Read More - The RCE Vulnerability That Wasn’t

When Trying to Catch ‘Em All, Leave This RAT Alone

Recently, researchers have observed threat actors using a website previously associated with the popular AR game, PokemonGo to distribute a remote access trojan (RAT). The method of delivery is a cleverly disguised game installer that includes a copy of the commonly used NetSupport Manager application, which on its own is technically a trusted application. The […]

Read More - When Trying to Catch ‘Em All, Leave This RAT Alone

Reviving a Dead Botnet

This week on the podcast we cover a recent analysis by Mandiant on a Russia-based APT using a decade old botnet to deliver new attacks. Before that, we cover an update from LastPass about their most recent breach as well as the 200 million Twitter accounts leaked last week.

Read More - Reviving a Dead Botnet

Q3 2022 Internet Security Report

This week on the podcast we discuss key findings from the WatchGuard Threat Lab’s Q3 2022 Internet Security Report. We’ll cover everything from the top malware threats to the latest network attack trends targeting small and midsize enterprises globally and give practical defensive tips that anyone can use to keep their organizations safe. [PowerPress]

Read More - Q3 2022 Internet Security Report

2023 Security Predictions

It’s that time of year for us to discuss the WatchGuard Threat Lab’s 2023 cyber security predictions! On this episode, we will cover the six predictions plus another two that didn’t make the cut as well as some defensive strategies to try and help stop them from coming true.

Read More - 2023 Security Predictions

Apple’s New Privacy Expansion

This week on the podcast, we cover Apple’s latest announcement of expanded privacy and security features for their users. Before that, we cover a major breach in the Android ecosystem followed by a new Internet Explorer (yes, that still exists) 0-day vulnerability.

Read More - Apple’s New Privacy Expansion

Hacking Hyundai

On this week’s episode, we cover the latest in car hacking, this time involving a vulnerability that could have given remote attackers full control over certain Hyundai models’ doors, lights and engine. After that, we discuss the latest breach impacting a major password management app and how it’s different from previous ones we’ve seen. We […]

Read More - Hacking Hyundai

CISA Incident Response Learnings

On today’s episode we cover a pair of alerts from the Cybersecurity Infrastructure and Security Agency (CISA), one detailing the tools, tactics and procedures from a prolific ransomware organization and another walking through a recent incident response engagement CISA completed with a federal agency. Before that though, we learn about what happens when you use […]

Read More - CISA Incident Response Learnings

Attack Surface Management

This week on the podcast we dive into the world of attack surface management. We discuss what your attack surface is made up of including some areas you may not have thought of and then cover the best ways to reduce and ultimately protect it.

Read More - Attack Surface Management

Endurance Ransomware Claims Breach of US Federal Government

The WatchGuard Security Team spends a lot of time chasing ransomware extortion groups throughout the dark web. So, it only fits that one of the newer ransomware extortion groups is named Endurance Ransomware. It appears this “group” is one individual known as IntelBroker, who has allegedly breached several entities of the US government and two […]

Read More - Endurance Ransomware Claims Breach of US Federal Government

2022 Cybersecurity Predictions Recap

This week on the podcast we take a look back at our 2022 cybersecurity predictions and give ourselves a grading on how well we did. From cyber insurance to space hacks, we’ll cover each of the 6 predictions we made last December and discuss why we think they did or did not come to fruition. […]

Read More - 2022 Cybersecurity Predictions Recap

Why OpenSSL Downgraded Their Vulnerability

On this episode we cover the much anticipated OpenSSL vulnerabilities that were disclosed and patched on November 1st and why the 6 year streak of no critical issues continues. After that, we dive back in to election security and the hacking activity that could have the most impact. We end with an update from Apple […]

Read More - Why OpenSSL Downgraded Their Vulnerability

CISA’s Cybersecurity Performance Goals

This week on the podcast we cover CISA’s freshly-released Cybersecurity Performance Goals (CPGs) designed to help smaller organizations bridge the gap between frameworks and practical implementation. After that, we discuss a new bill working its way through the US Senate designed to address open source software security risks. Finally, we end with a research post […]

Read More - CISA’s Cybersecurity Performance Goals

Ransomware TTPs Deep Dive

This week on the podcast, we cover another remote code execution vulnerability that looks extremely concerning on the surface but might be less serious in reality. After that, we cover two research articles by Microsoft on ransomware campaigns including defensive takeaways for all organizations.

Read More - Ransomware TTPs Deep Dive

Cyber Energy Star

This week on the podcast we cover a proposed program from the White House to create an Energy Star-like label for cybersecurity in consumer products. Before that, we cover two other updates from the federal government including a new open source tool from CISA and the latest reincarnation of Privacy Shield.

Read More - Cyber Energy Star

Q2 Threats and Guilty CSOs

This week on the podcast, we focus on highlighting WatchGuard’s Q2 Internet Security Report, covering the latest threat trends and what you can do to avoid them. However, we also pack in our security news segment, with an Optus breach update from an Australian IT and security expert and WatchGuard Partner, the latest on the […]

Read More - Q2 Threats and Guilty CSOs

Optus Opts Out of PII Protection

This week on the podcast, we cover an Optus data breach that could affect over 10 million Australian customers, and what they should do to protect themselves. We highlight a new malware-as-a-service (MaaS) information stealer that lowers the cost and technical bar for cybercriminals. Finally, we end with some good news about how the FBI […]

Read More - Optus Opts Out of PII Protection

Two Microsoft Exchange Server Zero-Day Vulnerabilities (aka ProxyNotShell)

Update 10/6/2022 : Microsoft has released several updates since their post on the “ProxyNotShell” Exchange vulnerabilities.  If you followed their initial mitigation steps, they are not sufficient to block this threat and your Exchange server may remain vulnerable. Security researchers began poking at the initial mitigation recommendations and found ways to bypass their initial detection […]

Read More - Two Microsoft Exchange Server Zero-Day Vulnerabilities (aka ProxyNotShell)

An Uber Hack

This week on the podcast, we cover Uber’s most recent security incident and the alleged individual behind it. After that, we dive into the world of gas station operational technology and potential security weaknesses in one tool. Finally, we end with a chat about the FBI CISO Academy and how the FBI as a whole […]

Read More - An Uber Hack

Are CISOs Legally Accountable for Security?

This week on the podcast we cover a court case that is attempting to hold the ex-CISO of a popular tech company accountable for their actions involving a data breach dating back to 2016. Before that though, we dive in to a novel command and control (C2) method as well as the latest commoditization of […]

Read More - Are CISOs Legally Accountable for Security?

A Day in the Life of a Malware Analyst

This week on the podcast we sit down with Ryan Estes, a malware analyst on  the WatchGauard Threat Lab team, to discuss what it takes to rapidly differentiate malware from goodware. In this interview, we discuss what it takes to get in to malware analytics, popular tools to help with the task, and resources anyone […]

Read More - A Day in the Life of a Malware Analyst

The Twitter Thing

This week on the podcast, we cover the big whistleblower complaint against Twitter including our hot takes on who to believe. We then cover an FBI alert on evasion techniques cyber criminals are deploying in their authentication attacks before finishing with a highlight of a very convincing phish.

Read More - The Twitter Thing

2022 Black Hat and Def Con Recap

  This week on the podcast we review our time at this year’s Black Hat and Def Con cybersecurity conferences in Las Vegas. We’ll cover how the WatchGuard CTF contest went this year and discuss takeaways from a few of the briefings we attended.

Read More - 2022 Black Hat and Def Con Recap

Hacker Summer Camp 2022

This week on the podcast, we give our preview of the Black Hat and Def Con cybersecurity conferences, aka Hacker Summer Camp. Throughout the episode, we’ll discuss the briefings and panels we’re most excited to see and what we hope to get out of them. If you’re not able to attend either conference in person […]

Read More - Hacker Summer Camp 2022

Private Sector Offensive Actors

This week on the podcast we discuss the shifting landscape of phishing attacks in the wake of Microsoft’s efforts to block malicious Office macros. We then cover a private organization that has been found not just selling exploit tools but also participating in offensive cyber operations. We end the episode with a review of IBM […]

Read More - Private Sector Offensive Actors

USA’s Answer to GDPR

This week on the podcast, we discuss the current cyber skills gab and a federal program designed to help combat it. After that, we dive in to the American Data Privacy protection Act and what it potentially means if passed by US Congress. We end this week with a quick update on Microsoft’s attempts to […]

Read More - USA’s Answer to GDPR

Rolling PWN

This week on the podcast we cover the latest in car hacking research, this time targeting vulnerabilities in remote keyless entry. We then dive in to Microsoft’s latest research on Adversary in the Middle (AitM) attacks and end with key findings from the latest WatchGuard Threat Lab quarterly Internet Security Report.

Read More - Rolling PWN

Over a Billion Records Leaked in Shanghai National Police Database Hack

This past week, a hacker by the name of ChinaDan allegedly breached the Shanghai National Police (SHGA) database and has put the nearly 23 TB of data up for sale for 10 bitcoin (BTC), or a little over $200k USD as of this writing. ChinaDan claims the data contains “information on 1 Billion Chinese national […]

Read More - Over a Billion Records Leaked in Shanghai National Police Database Hack

LockBit Ransomware Group Introduces Bug Bounties and More

The LockBit ransomware group has unveiled a new website – LockBit 3.0 – to host their ransom extortions and data leaks. The website includes several new features, including an unprecedented bug bounty program to assist the group in securing their site; acceptance of the privacy cryptocurrency, Zcash; and the addition of receiving payments from users […]

Read More - LockBit Ransomware Group Introduces Bug Bounties and More

Grading Gartner’s Guesses

This week on the podcast, we discuss two recent security reports, one on the topic of open source software and the other on “insecure by design” in the Operational Technology (OT) space. We go through the key findings from each report and what our thoughts are on their accuracy within the real world. We end […]

Read More - Grading Gartner’s Guesses

200th Episode Extravaganza

In celebration of our 200th episode, this week on the podcast we take a look back at the last few years and revisit some of our favorite episodes. Along the way, we’ll give updates on a few of our cybersecurity predictions from years past that took just a little bit longer than anticipated to come […]

Read More - 200th Episode Extravaganza

Robux Ransomware

This week on the podcast we cover the latest and most bizarre ransomware extortion demand we’ve seen in recent memory. Before that though, we cover the latest updates on nation state hacking activity including threats of escalating attacks leading to physical retaliation.

Read More - Robux Ransomware

0-Days for Days

This week on the podcast we cover two fresh 0-day vulnerabilities, one in Windows and another in Atlassian’s Confluence, both under active exploitation in the wild. Additionally, we cover Costa Rica’s no good, terrible month in Cybersecurity.

Read More - 0-Days for Days

Package Hijacking

This week on the podcast, we discuss the line between ethical security research and malicious activity thanks to a compromised open source software package. After that we cover the latest industry to fall victim to Ransomware and end by highlighting a 0-click vulnerability in Zoom’s message system discovered by Google Project Zero.

Read More - Package Hijacking

WatchGuard Launches PSIRT Page

WatchGuard’s Product Security Incident Response Team (PSIRT) has launched our public PSIRT page to provide a consolidated resource where network administrators can find advisories and information about security vulnerabilities in WatchGuard products, as well as WatchGuard’s investigations into industry-wide security issues that may impact our products or services. Our PSIRT page also provides information for […]

Read More - WatchGuard Launches PSIRT Page

Building Security Strategies with Matt Lee

This week on the podcast we sit down for a chat with Matt Lee, Sr. Director of Security and Compliance at Pax8 and well-known cyber security educator, to discuss security strategies for MSPs and midsize enterprises in the face of a dynamic threat landscape. We cover everything from picking a framework to getting buy in […]

Read More - Building Security Strategies with Matt Lee

CISA Guidance for MSPs

This week on the podcast we walk through CISA alert AA222-131A which gives bulleted guidance to MSPs and customers of MSPs on how to navigate their relationship security as threats targeting service providers continue to grow. We’ll walk through the list and hit each recommendation and give our own guidance on top of them for […]

Read More - CISA Guidance for MSPs

The REturn of REvil?

This week on the podcast we discuss the latest rumblings around the return of the prolific ransomware-as-a-service organization REvil. Before that though, we dive in to the latest tools, tactics and procedures of the Lazarous nation state hacking group as well as a recently discovered form of fileless malware evasion.

Read More - The REturn of REvil?

Most Exploited Vulnerabilities of 2021

This week on the podcast, we dive into CISA’s list of the 15 most exploited vulnerabilities in 2021. We’ll walk through each flaw and give a refresher on their history and how attackers have exploited them. After that, we cover the latest ransomware-as-a-service threat that has victimized over 60 organizations worldwide before ending with a […]

Read More - Most Exploited Vulnerabilities of 2021

Psychic Signatures

This week on the podcast we cover a critical and easily-exploited vulnerability in how some recent versions of Java handle cryptography. We also discuss the latest in a series of alerts from CISA and international intelligence organizations on cyber threats to critical infrastructure. Finally, we end with a condensed overview of the latest internet security […]

Read More - Psychic Signatures

Hidden Hafnium

This week on the podcast, we cover the latest evasion and persistence techniques from the state-sponsored threat actors known as Hafnium. Then, we dive into the world of ICS and SCADA devices to discuss the latest joint-agency alert from the US Government. We then round out the episode by highlighting some recent research into spoofing […]

Read More - Hidden Hafnium

Patch Management Lag

This week on the podcast we discuss one of the most rampant yet easily resolved risks facing many organizations today, not installing vendor-supplied security fixes. We’ll cover some of the reasons why organizations might fall behind on patching as well as the potentially serious consequences. After that, we cover the latest 0-day Chromium vulnerability before […]

Read More - Patch Management Lag

For the Love of InfoSec, Don’t Over-Expose Administrative Management Portals

When talking to IT and Security professionals, everyone seems to know they shouldn’t overly-expose management portals. And yet, every year we learn some new statistic showing tens of thousands of devices or software products with management portals exposed on the Internet. In hopes of changing this trend, this article talks about why management portals sometimes […]

Read More - For the Love of InfoSec, Don’t Over-Expose Administrative Management Portals

The Rise and Fall of Lapsus$

This week on the podcast we cover the hacking organization Lapsus$ including their tactics, targets, and how they ended up with several members arrested last week. After that, we cover the cyber cold war and threats of Russian revenge attacks against the US energy sector that prompted classified meetings with potentially targeted organizations.

Read More - The Rise and Fall of Lapsus$

Sharing Cyclops Blink Threat Intelligence with the Community

At WatchGuard, we understand the importance of sharing threat intelligence with the information security (infosec) community when safe and appropriate. Not only does this information sharing help to directly defend against known threats, but it also helps the community at large learn from the attacks found in the wild, and appropriately adjust detection and defense […]

Read More - Sharing Cyclops Blink Threat Intelligence with the Community

SATCOM Security

This week on the podcast, we cover a CISA alert on securing satellite communications (SATCOM) in the wake of several recent incidents involving providers and networks in eastern Europe. After that, we check in on the TSA’s cybersecurity rules for pipeline distribution networks and how adoption is going so far in the industry.

Read More - SATCOM Security

US-Backed Cryptocurrency

This week on the podcast, we cover last week’s Executive Order from the White House that lays the foundation for a United States Central Bank Digital Currency, or CBDC, and what it means for the future of Cryptocurrency. We also discuss recent research from Mandiant on APT41, a Chinese threat actor that has recently turned […]

Read More - US-Backed Cryptocurrency

Conti Leaks

This week on the podcast we cover the recent leaks highlighting the inner workings of the Conti ransomware group that started with chat logs and grew to entire source code dumps. We then round out the episode by discussing the recent Nvidea breach and how some of the stolen information might fuel future attacks.

Read More - Conti Leaks

5G Didn’t Break Your Car

5G didn’t put malware on these Mazda’s entertainment systems but many Seattle Mazda drivers couldn’t change their radio station after turning it to the local NPR station, KUOW. As one reddit user put it, “the whole audio system and Bluetooth just keeps trying to reboot.” Some users also reported they couldn’t use their backup cameras. […]

Read More - 5G Didn’t Break Your Car

Rewind: Can We Trust Facial Recognition

This week on the podcast we dig back into our archives for an episode that originally aired back in July 2020 where we discussed one of our analysts first-hand research into facial recognition biases.

Read More - Rewind: Can We Trust Facial Recognition

SpoolFool: Windows Print Spooler Fooled Again

Microsoft’s monthly Patch Tuesday already occurred this month, so you know what that means – more disclosed vulnerabilities. This iteration of patches included fixes for a combined 70 vulnerabilities, including one zero-day. Thankfully, none of these fall into Microsoft’s “critical” category. However, there are four Elevation of Privilege vulnerabilities targeting the Windows Print Spooler service […]

Read More - SpoolFool: Windows Print Spooler Fooled Again

BGP-Powered Crypto Theft

This week on the podcast we cover a cryptocurrency heist that abused the backbone of the internet to steal millions of dollars of coins. In related news, we also cover the FBI’s new Virtual Asset Exploitation Team and their focus on tracking cryptocurrency-related cybercrime as well as a recent alert on business email compromise from […]

Read More - BGP-Powered Crypto Theft

Russia, Fighters of Cybercrime?

This week on the podcast we cover Russia’s latest crackdown on cybercriminals within their borders and try to answer the “why now?” question. We also discuss a multi-billion dollar cryptocurrency recovery by the US Justice Department including the arrest of two New Yorkers allegedly responsible for the 2016 Bitfinex hack.

Read More - Russia, Fighters of Cybercrime?

New Oski Stealer Variant, “Mars Stealer”, Targets Credentials, Crypto, and 2FA

In early 2020, during the emergence of the COVID-19 pandemic, researchers discovered a novel malware named Oski Stealer, capable of stealing browser data such as cookies, history, payment information, and autofill information, as well as cryptocurrency wallets, login credentials of applications, and Authy 2FA information. It can also take screenshots of your desktop and perform […]

Read More - New Oski Stealer Variant, “Mars Stealer”, Targets Credentials, Crypto, and 2FA

Face Recognition and Privacy Concerns Works Its Way Into Taxes

The US IRS has plans to use a 3rd party identification system to prevent tax-related identity theft. The IRS plans to contract with ID.me to identify people using, among other factors, face recognition. James Hendler, professor of Computer, Web and Cognitive Sciences, wrote about some issues with the IRS’s plan. How will the data be […]

Read More - Face Recognition and Privacy Concerns Works Its Way Into Taxes

Hacking Back at North Korea

This week on the podcast, we cover the heist of $322 million in cryptocurrency from the distributed exchange Wormhole, including a long discussion on the why it feels like cryptocurrency is still the wild west of technology. After that, give an update on our brief mention in last week’s episode about North Korea’s internet seemingly […]

Read More - Hacking Back at North Korea

The Pwnkit Problem

This week on the podcast, we cover Pwnkit, a privilege escalation vulnerability impacting almost every modern Linux release worldwide. We also dive in to the world of macOS malware with DazzleSpy, a remote a remote access trojan targeting Hong Kong pro-democracy advocates. Finally, we end with an update on North Korea’s Lazarus APT and their […]

Read More - The Pwnkit Problem

Q3 2021 Internet Security Report

This week on the podcast we discuss the latest Internet Security Report from the WatchGuard Threat Lab. Built with threat intelligence gathered from tens of thousands of Firebox UTM appliances that have opted-in to sharing data, the quarterly report lets us talk about the latest malware and attack trends targeting organizations globally. On this episode, […]

Read More - Q3 2021 Internet Security Report

Log4j Becomes The Highest Detected Vulnerability Days After Release

Log4Shell attacks have spread throughout the Internet due to the ease with which attackers can perform them. The WatchGuard Threat Lab sees a sample of these attacks from our customers’ perspectives when they opt to provide anonymized threat intelligence data from their Fireboxes. This limited data, along with our analysis, gives us a unique opportunity […]

Read More - Log4j Becomes The Highest Detected Vulnerability Days After Release

The Death of the Carding Marketplace

This week on the podcast we give a quick update to the Log4Shell saga after the researchers detected the first significant campaign that uses the critical vulnerability. After that, we dive in to the world of carding marketplaces where cybercriminals buy and sell stolen credit card information and discuss possible reasons for why these marketplaces […]

Read More - The Death of the Carding Marketplace

Is Cybersecurity Vocational?

This week on the podcast we give an update on log4j2 and it’s most recently-disclosed vulnerabilities before covering a recent report on credential stuffing by the New York Attorney General. Then, we discuss this recent article in DarkReading on whether or not cybersecurity jobs should be considered professional or vocational.

Read More - Is Cybersecurity Vocational?

HP iLO and the Newly Discovered iLOBleed Rootkit

Iranian researchers at Amnpardaz security firm have discovered rootkits in HPs iLO (Integrated Lights-Out) management modules. These optional chips are added to servers for remote management and grant full high-level access to the system. This includes the ability to turn the server on and off, configure hardware and firmware settings, and additional administrator functions. The […]

Read More - HP iLO and the Newly Discovered iLOBleed Rootkit

Post-Purchase Monetization of the TV and Your Diminishing Privacy

The internet came by storm. Yes, for years it wasn’t accessible to the major populace, but over time it found its way into the office, school, home, and now more specifically into the living room. With the evolution of the internet came few rules. In came the market makers who began to define basic expectations […]

Read More - Post-Purchase Monetization of the TV and Your Diminishing Privacy

Give Us Your SSN, Your Email Password, and Your Dream Job

Every so often, there is a phish that stands out because of its brazenness. Today, we came across a bank phish that requested a few verification details: Username and Password Social Security Number Email address and email password used for 2-Step verification Security Questions: What was your dream job as a child? Who is your […]

Read More - Give Us Your SSN, Your Email Password, and Your Dream Job

Active Compromises of vCenter Using The Log4J Vulnerability

Much of what we see exploiting the log4j2 vulnerability, CVE-2021-44228, appears like a scan for the vulnerability, not necessarily exploitation. However, our own honey pot https://github.com/WatchGuard-Threat-Lab/log4shell-iocs has seen activity from this exploit to install coin miners. In one of the first targeted cases for this vulnerability, a ransomware gang have exploited VMware vCenter with Conti […]

Read More - Active Compromises of vCenter Using The Log4J Vulnerability

Log4Shell Deep Dive

This week we take a deep dive into CVE-2021-44228, better known as Log4Shell, a critical vulnerability in the massively popular log4j2 logging library for Java applications. We discuss how the flaw came about, how it works, and why this specific issue has the potential to cause lasting headaches for the security industry for years to […]

Read More - Log4Shell Deep Dive

Bluetooth Is Safe Enough For You

Politico published a short piece about Kamala Harris’s hesitancy with Bluetooth devices. They considered this a bit amusing, perhaps considering her paranoid based on their tone. While the article’s content was light, it did discuss some important security concerns that any Jane Doe might care about. Besides Kamala Harris opting for wired headphones instead of […]

Read More - Bluetooth Is Safe Enough For You

Our 2022 Security Predictions

As we move in to the end of the year it’s time for us to discuss WatchGuard Threat Lab’s 2022 cybersecurity predictions. While many of our predictions tend to come off as extreme, they’re all grounded in the trends that we’ve been following and what we expect to see continue into the coming year. If […]

Read More - Our 2022 Security Predictions

Critical RCE Vulnerability in Log4J2

[Updated 13-12-2021: Additional information for WatchGuard customers] On Thursday, security researchers disclosed a critical, unauthenticated remote code execution (RCE) vulnerability in log4j2, a popular and widely used logging library for java applications. CVE-2021-44228 is a full 10.0 on the CVSS vulnerability scoring system due to a combination of how trivial the exploit is and damaging […]

Read More - Critical RCE Vulnerability in Log4J2

2021 Security Predictions Grading

Its getting to be the end of the year which means its time to take a look back at WatchGuard Threat Lab’s 2021 security predictions and give ourselves a grading on how well we did! On this episode, we’ll go through our 8 predictions for 2021, recap the trends that fueled them, and discuss either […]

Read More - 2021 Security Predictions Grading

Dangers of Bicubic Interpolation In Pictures

We have seen interpolation in the news concerning a recent court case. Here we cover what interpolation does to an image, not only because of the recent news but also because face recognition uses interpolation to better recognize a face – something we have covered in the past.   Interpolation means to take pixels in an image and calculate what their […]

Read More - Dangers of Bicubic Interpolation In Pictures

CISA Alert Tips Off Adversaries

This week on the podcast we discuss how a recent CISA alert on specific threat actor activity tipped off a separate adversary, leading to a new wave of attacks against vulnerable systems across multiple industries. We also cover the latest US and international law enforcement crackdowns on ransomware operators as well as a breakthrough on […]

Read More - CISA Alert Tips Off Adversaries

The Evolution of Phishing: A WatchGuard Real-World Example

Phishing is a type of social engineering attack where threat actors attempt to trick users into providing sensitive information via email. Typically, this involves creating a phishing campaign where threat actors will send the same phishing email to a large batch of recipients in an attempt to trick at least a small subset of these […]

Read More - The Evolution of Phishing: A WatchGuard Real-World Example

Trojan Source

On this week’s episode of the podcast, we cover a newly discovered method for hiding malicious source code in plain sight, CISA’s new Known Exploited Vulnerabilities Catalog, and action from the US Department of Commerce on the Pegasus spyware manufacturer NSO Group.

Read More - Trojan Source

Face Recognition Removed from Facebook But Added to Metaverse

Facebook’s face recognition has one of the largest training databases in the world, built from photos that users have uploaded since Facebook’s inception, but that database’s time may be coming to an end. In a blog post on Facebook they recently announced that they are going to remove the controversial face recognition technology from Facebook.  “We’re shutting down the Face Recognition system […]

Read More - Face Recognition Removed from Facebook But Added to Metaverse

The Security Conscious NRA Breached by Russian Hacking Group

The NRA has found itself in the middle of a potential breach and ransomware attack. This happened last week after the Russian hacking group Greif reportedly gained access. Greif has close ties to Evil Corp (another advanced hacking group currently sanctioned by the US) or may even just be the same group rebranded. Grief posted […]

Read More - The Security Conscious NRA Breached by Russian Hacking Group

Stealing Make-believe Money

This week on the podcast, we cover a heist of over $130 million worth of cryptocurrency from a distributed financial (DeFi) organization and have an in depth discussion on why cryptocurrency-related platforms continue to suffer substantial breaches. Before that though, we cover an apparent ransomware attack against the National Rifle Association and an FBI raid […]

Read More - Stealing Make-believe Money

Nobelium Threat Group Sets Sights on IT Providers

The Microsoft Threat Intelligence Center (MSTIC) detected attacks by the Nobelium group targeting IT services providers. The intent was to “gain access to downstream customers” such as Cloud Service Providers (CSP) and Managed Service Providers (MSP). If the Nobelium name sounds familiar, it’s because they were the threat actor behind the 2020 SolarWinds compromise. MSTIC […]

Read More - Nobelium Threat Group Sets Sights on IT Providers

China Linked Hacking Group Compromises 13 Telcos

Many cellular network protocols don’t have clear documentation explaining them, especially when it comes to the proprietary protocols used by 4G and 5G networks. This makes them difficult to understand by the average person, but also potentially vulnerable to anyone willing to take the time to research them and find issues. We haven’t yet seen attacks […]

Read More - China Linked Hacking Group Compromises 13 Telcos

Schrödinger’s REvil

This week on the podcast, we cover the latest news on REvil, the ransomware-as-a-service organization responsible for the Kaseya attack earlier this year among many others. After that, we cover an update from the US Commerce Department on new export rules around selling hacking tools outside of the United States, nearly 6 years after the […]

Read More - Schrödinger’s REvil

InfoSec News From Last Week October 25th, 2021

  Exploit Broker Zerodium Increasing Focus on VPNs The exploit broker Zerodium announced they are seeking exploits for ExpressVPN, NordVPN, and Surfshark VPNs. VPNs are becoming a more lucrative target.  Zerodium’s announcement has brought attention to that. Many use VPNs because they believe it protects their privacy. However, it also puts the responsibility of that […]

Read More - InfoSec News From Last Week October 25th, 2021

US Government Sets Rules for Hacking Tool Exports

The US Department of Commerce announced export controls on hacking tools used for surveillance. The aim is to curb access to authoritarian governments who have been identified for human rights violations and abuses. Any companies who intend to sell their wares abroad will need to acquire a License Exception Authorized Cybersecurity Exports (ACE). An additional […]

Read More - US Government Sets Rules for Hacking Tool Exports

InfoSec News From Last Week October 18th, 2021

Azure, BitBucket, GitHub, and GitLab revoke SSH Keys After GitKraken Vulnerability Git software client GitKraken disclosed an SSH key generation flaw in a post this past Monday. The flaw was discovered in versions 7.6.x, 7.7.x, and 8.0.0 for releases available between mid-May to late-June this year. GitKraken uses the library keypair to generate SSH keys […]

Read More - InfoSec News From Last Week October 18th, 2021

VirusTotal Global Ransomware Report

This week on the podcast we cover VirusTotal’s first ever global ransomware report which analyzes ransomware trends over the last year from the unique position of the world’s largest malware intelligence platform. Before that though, we cover another APT group with a ridiculous name found exploiting a zero-day vulnerability in Windows.

Read More - VirusTotal Global Ransomware Report

HTML Basics That We Often Miss

  By now you have probably heard of Missouri governor Mike Parson tweet threatening to prosecute a journalist for responsibly disclosing a data breach. If you missed it though, according to the tweet and the governor’s ensuing press conference, a journalist from the St. Louis Post-Dispatch found teachers’ SSNs embedded in a public web page […]

Read More - HTML Basics That We Often Miss

The SMS Breach You Didn’t Hear About

This week on the podcast we discuss a breach that lasted over 5 years involving a company responsible for routing SMS messages for 95 of the top 100 mobile carriers in the world. Before that though, we’ll cover the recent Facebook downtime incident as well as the seemingly total compromise of the video game streaming […]

Read More - The SMS Breach You Didn’t Hear About

InfoSec News Weekly Wrap-Up October 8th, 2021

SMS Routing Company Syniverse Discloses Breach Spanning 5 Years Syniverse claims to be “the world’s most connected company” serving so many large telecommunication companies that it should be assumed that your provider is one of their customers. Their reach is significant, acting as the intermediary for text messages between carriers and routing calls between networks. […]

Read More - InfoSec News Weekly Wrap-Up October 8th, 2021

US Agencies Have Been Busy

U.S. Agencies have been making headlines recently for a lot of their new cyber related regulations. The following are several noteworthy of examples of what they have been up to. The Federal Communications Commission (FCC) and Robocalls The FCC expects phone carriers to block illegal robocalls from providers not yet registered with the Robocall Mitigation […]

Read More - US Agencies Have Been Busy

How SMBs Deal With An Uptick in Breaches

A recent survey of 700 SMBs (small and medium businesses) by Untangle shows an increase in cybersecurity budgets and awareness. While some companies still have users working remotely, 50% of respondents have moved back into the office or at least some form of hybrid work environment. Most companies – 64% – see breaches as the […]

Read More - How SMBs Deal With An Uptick in Breaches

Twitch Affected by Large Data Leak

  Update 1: Twitch believes login credentials have not been exposed (October 7th, 2021): Twitch posted a statement on their blog that, “At this time, we have no indication that login credentials have been exposed.” Additionally, as credit card details are not stored by Twitch, they have ruled out exposure. We recommend changing your password […]

Read More - Twitch Affected by Large Data Leak

To Not Share is To Care

October is Cybersecurity (or, for the less civilized, ‘cyber security’) Awareness Month. Every October, CISA hosts security awareness presentations. Additionally, Cybersecurity Awareness month means an increase in jaded by posts by InfoSec professionals on Twitter and emails from corporate reiterating security basics. There are plenty of positives to be found. Individuals are increasingly familiar with […]

Read More - To Not Share is To Care

Q2 2021 Internet Security Report

This week on the podcast we cover the latest quarterly Internet Security Report from the WatchGuard Threat Lab. We’ll go over the latest attack trends and key findings from Q2 2021 as well as defensive tips for keeping your systems safe from the latest threat landscape.

Read More - Q2 2021 Internet Security Report

FBIs Botched Plan to Catch REvil Cost Victims Millions

Earlier this year Kaseya, who provides IT management software to service providers that support tens of thousands of organizations from schools to hospitals, was involved in a ransomware attack fueled by a compromise of their VSA Remote Monitoring and Management (RMM) software. While the ransomware only impacted a small percentage of their customer base, thousands […]

Read More - FBIs Botched Plan to Catch REvil Cost Victims Millions

Half of Respondents Admitted to Sharing Their Passwords

  We often write about passwords and password policies from the IT/security administrator side, usually after a password becomes compromised. We recently found a survey that looked at compromised passwords from the user’s side to better understand how users feel about them. The survey shows a few key points that shed light on the social […]

Read More - Half of Respondents Admitted to Sharing Their Passwords

Kaseya’s Trusted Third Party

This week on the podcast we discuss the recently disclosed identify of the”Trusted Third Party” that Kaseya acquired the REvil ransomware master decryption key from, as well as the morals around a decision to hold on to the decryption key for multiple weeks before handing it off to Kaseya. We then cover a new APT […]

Read More - Kaseya’s Trusted Third Party

OMIGOD!

This week on the podcast we discuss the recently patched zero-click vulnerability in iOS, macOS and WatchOS that researchers at TheCitizen Lab discovered while investigating NSO Group’s Pegasus spyware. After that, we cover a vulnerability in the OMI Agent that comes automatically installed on all Azure Linux virtual machines. We finish by covering Microsoft’s latest […]

Read More - OMIGOD!

OWASP Update

This week on the podcast we discuss the first update to the OWASP Top 10 since 2017. OWASP servers as an excellent resource for improving web application security so we’re excited to run through the latest refresh of their top security weaknesses. We also discuss phishing attacks that abuse Internationalized Domain Names (IDNs) in emails […]

Read More - OWASP Update

Azure Linux VMs Vulnerable Due to Pre-Installed Agents

Update 1:  OMI agent is not installed on Azure FireboxV/Cloud instances (September 17th, 2021): We reviewed our FireboxV/Cloud instance for Azure and confirmed that the OMI agent cannot be installed on the image. We recommend reviewing the additional guidance Microsoft published on September 16th, 2021 for securing the OMI affected resources/tools. Original Post (September 16th, […]

Read More - Azure Linux VMs Vulnerable Due to Pre-Installed Agents

ProxyWare

This week on the podcast we cover ProxyWare, a form of malware that monetizes your internet access for the benefit of the attacker. After that, we discuss ChaosDB, a vulnerability that could have enabled any Azure user to gain full access to any other user’s CosmosDB instance. Finally, we end with a discussion of location […]

Read More - ProxyWare

Stop Following Me – Rewind

This week on the podcast we dig back in the archives to 2019 where we discussed how web servers manage to track users across sites using browser fingerprinting methods. Even though some improvements like removing third-party cookies have been made to limit tracking, plenty of additional fingerprinting options still remain.

Read More - Stop Following Me – Rewind

PolyNetwork Heist

This week on the podcast we cover one of the largest cryptocurrency heists in history, with a surprising twist of an ending! Before that we’ll chat about the latest T-Mobile data breach and what we can learn about protecting user identity. We end the episode with a discussion about one of the latest episodes of […]

Read More - PolyNetwork Heist

Mobile Carriers Leak 123 million Customer Records in One Week

Over the last week we saw 70 million AT&T customers and 53 million T-Mobile customers have their personal data leaked to hackers. While we didn’t find any connections between these two breaches the timing of the incidents  is strange. AT&T has so far denied the breach involving their customers. While we don’t have confirmation from […]

Read More - Mobile Carriers Leak 123 million Customer Records in One Week

DEF CON 29 Recap

This week on the podcast we chat about a few of our favorite presentations from the 2021 edition of the DEF CON security conference out of Las Vegas. If haven’t checked them out yourself, visit the DEF CON YouTube channel or media.defcon.org to view this year’s and all previous year’s content.

Read More - DEF CON 29 Recap

Supply Chain Attacks Through an IDE

David Dworken, a Google security researcher, presented a recent Defcon talk about how he found over 30 vulnerabilities in various Integrated Development Environments (IDEs) over the course of a few months of research.  Many believe that source code on its own is benign as long as you don’t compile and run it, but as Dworken proved, simply loading code into an IDE can cause infections. A popular example of this comes from […]

Read More - Supply Chain Attacks Through an IDE

ProxyShell, Exchange Servers Under Attack Again

With the 2021 editions of the BlackHat and DEF CON security conferences all wrapped up, one of the presentation that made the biggest waves was the latest research from Orange Tsai of Devcore Security Consulting. Tsai was the researcher responsible for identifying and disclosing CVE-2021-26855, better known as ProxyLogon, to Microsoft back in January 2021, […]

Read More - ProxyShell, Exchange Servers Under Attack Again

Bad BGP

This week on the podcast, we chat about a recent report from Qrator that highlights some of the massive weaknesses in the backbone of the internet. After that, we discuss a recent research blog post from Yan (@bcrypt) showing her work in finding a CSRF flaw in OK Cupid that bypassed Cross-Origin Resource Sharing (CORS) […]

Read More - Bad BGP

Defcon Talk Timeless-Timing-Attacks

  A recent Defcon talk by Tom Van Goethem and Mathy Vanhoef, “Timeless Timing Attacks” made significant progress on ways to create timing attacks over a network. Timing attacks work by extracting data form devices based on how long it takes to respond. To successfully run a timing attack, the attacker usually must be directly […]

Read More - Defcon Talk Timeless-Timing-Attacks

What Is Zero-Trust Security?

This week on the podcast we talk Zero-Trust. What is it? How do you implement it? And why should all IT professionals work towards updating their networks to this security architecture? We’ll answer all that and more after a quick Kaseya update and a security memorandum from the White House.

Read More - What Is Zero-Trust Security?

What to Make of the Biden Administration’s New ICS Cybersecurity Initiative

Yesterday, the Biden Administration unveiled a new initiative to help improve the cybersecurity stance of the industrial control systems (ICS) that manage the nation’s critical infrastructure. As recent events (like the Colonial Pipeline ransomware incident) have shown, disruptions to critical infrastructure can have serious, potentially even fatal consequences. In short, this is a very real need and […]

Read More - What to Make of the Biden Administration’s New ICS Cybersecurity Initiative

Why So SeriousSAM

This week on the podcast we cover the latest Microsoft Windows privilege escalation vulnerability, SeriousSAM aka HaveNightmare. Before that, we discuss NSO Group and their spyware software known as Pegasus and whether private organizations should be allowed to market and sell spyware to government agencies.

Read More - Why So SeriousSAM

Section 230 – Rewind

With the White House announcing this month that it plans to investigate potential changes to Section 230, the safe harbor laws that enable websites to moderate content without risk of liability for content they fail to remove, we wanted to bring back an episode from last year where we discuss exactly what these laws are […]

Read More - Section 230 – Rewind

REvil Hasn’t Gone Anywhere (Probably)

Many of the recent high-profile ransomware attacks like those against Acer, JBS and more recently, customers of Kaseya, have been the work of the ransomware as a service group REvil. After the most recent attack that exploited multiple zero-day vulnerabilities in Kaseya’s VSA software and left thousands of organizations encrypted, REvil appears to have gone […]

Read More - REvil Hasn’t Gone Anywhere (Probably)

The PrintNightmare Saga Continues to Frustrate System Administrators

  Update 1: Third PrintNightmare CVE published (July 16th, 2021): Microsoft published CVE-2021-34481 on July 15th for a local privilege escalation vulnerability. The third Print Spooler service vulnerability is considered separate from PrintNightmare (CVE-2021-34527), but it is still within a similar sphere of printer driver vulnerabilities. Gentilkiwi, the author of the Mimikatz utility, posted a […]

Read More - The PrintNightmare Saga Continues to Frustrate System Administrators

Kaseya & PrintNightmare

This week on the podcast we cover the Kaseya mass ransomware incident from July 7. While the event is still ongoing, we already have evidence for how the attack occurred and exactly what the threat actors did on affected endpoints. In this episode we dive in to the details around the incident and defensive tips […]

Read More - Kaseya & PrintNightmare

A Market for Lemons?

We recorded this episode before news of the massive attack against Kasaye users broke on Friday. Suffice to say, next week’s episode will give a full debrief of the incident including how it happened, who it affected, and what all MSPs can learn from it. In the meantime, check out Corey’s post on the Kaseya […]

Read More - A Market for Lemons?

Breaking Alert: MSP Targeted Ransomware Attack (Kaseya Supply Chain Attack)

Managed Service Providers (MSPs), especially ones using Kaseya VSA, should read this and take action as soon as possible. High-level Summary: On Friday, July 2, some MSPs using the on-premises version of Kaseya VSA suffered ransomware attacks that trickled down to their customers. Kaseya says around 1500 companies (so far), many customers of MSPs, have […]

Read More - Breaking Alert: MSP Targeted Ransomware Attack (Kaseya Supply Chain Attack)

Q1 2021 Internet Security Report

Its that time of year again! This week on the podcast, we cover the latest internet security report from the WatchGuard Threat Lab. We’ll go over the latest trends in malware and network attacks targeting WatchGaurd customer networks through the first quarter of the year, as well as defensive tips for all organizations.

Read More - Q1 2021 Internet Security Report

AutoIt Malware: To obfuscate, or not to obfuscate

What is malware? Its goal is to bypass computer defenses, infect a target, and often remain on the system if possible. A variety of evasion techniques depend on a mix between the skill of the author and the defenses of the intended victim. One of the most widely used tactics in malware is obfuscation. Obfuscation […]

Read More - AutoIt Malware: To obfuscate, or not to obfuscate

Python Modules: Not As Safe As You Think

  We normally think of malware and threats coming from executables, packages, and scripts. Researchers recently found a supply chain attack using a different method. Programs use Python scripts to manage and run services. You especially see this in Unix-based operating systems. When it comes to security many professionals use Python to automate tasks. Because […]

Read More - Python Modules: Not As Safe As You Think

Domain Parking, PUPs, and Annoying Push Notifications

It has been 11 years since the Google Doodle Pac-Man game was published. Many of us may remember this Google Doodle as it was the first interactive Google Doodle made. Unfortunately, like many fun things, there are those who see opportunity and take advantage of that. We recently noticed DNSWatch traffic blocking googlepacman[.]net. After some […]

Read More - Domain Parking, PUPs, and Annoying Push Notifications

Dark Web Bake Sale

  This week on the podcast we discuss an often overlooked item for sale on underground forums, authentication cookies. Before that though, we’ll cover a few surprising stats from a  recent ransomware study by Cybereason and an update from NATO on cyber warfare.

Read More - Dark Web Bake Sale

Anom

This week on the podcast, we discuss operation Trojan Shield, a multi-year program where the FBI in partnership with international law enforcement agencies developed and distributed an encrypted communications application on the underground that gave them full access into criminal messages. We’ll also cover the latest news from the recent Colonial Pipeline and JBS ransomware […]

Read More - Anom

Law Enforcement Agencies Went the Extra Mile with An0m

In an operation headed by the US Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP), international law enforcement agencies managed to gather 27 million encrypted messages used for criminal communications, through an elaborate operation that involved development and distribution of a custom communications application for  modified phones. Unsurprisingly, organized crime groups take extraordinary […]

Read More - Law Enforcement Agencies Went the Extra Mile with An0m

FIFA 21 Source Code Leak From Member of Reemerging Hacking Group

A KickAss hacking group member (not the Torrent group) who goes by Leakbook claims to have the full FIFA 21 source code, which they have listed for sale on a popular hacking forum. In addition to the FIFA 21 source code they also claim to have access to the matchmaking servers, Frostbite source code, private […]

Read More - FIFA 21 Source Code Leak From Member of Reemerging Hacking Group

Atomic Flashcards

This week on the podcast, we take a look at how soldiers unknowingly leaked highly-sensitive information about the United States’ foreign nuclear arsenal and discuss how we can reprogram humans to not make similar mistakes. We also cover the latest major ransomware incident targeting manufacturing and industrial control, a damning privacy admission from Google’s own […]

Read More - Atomic Flashcards

“The Biggest Cyber Attack In New Zealand’s History”

A large cyber attack has caused chaos in the New Zealand healthcare system over the past few weeks. Multiple hospitals in New Zealand became crippled due to locked phone lines and computers from a large ransomware attack. Though the ransom note didn’t contain a dollar amount the note indicates a “ransomware event” according to the […]

Read More - “The Biggest Cyber Attack In New Zealand’s History”

WiFi FragAttacks

A few years ago, in 2017, researchers Mathy Vanhoef and Frank Piessens published a whitepaper showcasing serious vulnerabilities within practically all modern protected Wi-Fi networks. The vulnerabilities lie within the Wi-Fi standard itself and are exploited using Key Reinstallation Attacks (KRACKs). These attacks primarily target the 4-way handshake of the WPA2 protocol – the current […]

Read More - WiFi FragAttacks

An Epic Battle

This week on the podcast we cover an epic battle between a video game giant and a tech behemoth that has the potential to change mobile security forever. After that, we cover updates to several recent security events including the SolarWinds breach, the attempted poisoning of the Oldsmar, FL water supply, and the ransomware attack […]

Read More - An Epic Battle