BuzzSec

QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/critical-vulnerabilities-qnap-synology-nas-rce

This scale of this month's encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say. from Dark Reading https://www.darkreading.com/attacks-breaches/cloudflare-flags-largest-https-ddos-attack-it-s-ever-recorded

New research: “ Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps “: Abstract: In the post-pandemic era, video conferencing apps (VCAs) have converted previously private spaces — bedrooms, living rooms, and kitchens — into semi-public extensions of the office. And for the most part, users have accepted these apps in their personal space, without much thought about the permission models that govern the use of their personal data during meetings. While access to a device’s video camera is carefully controlled, little has been done to ensure the same level of privacy for accessing the microphone. In this work, we ask the question: what happens to the microphone data when a user clicks the mute button in a VCA? We first conduct a user study to analyze users’ understanding of the permission model of the mute button. Then, using runtime binary analysis tools, we trace raw audio in many popular VCAs as it traverses the app from the audio driver to the net

Encryption will break, so it's important to mix and layer different encryption methods. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/take-a-diversified-approach-to-encryption

The AI startup releases new threat signatures to expand the computer vision platform’s ability to identify potential physical security incidents from camera feeds. from Dark Reading https://www.darkreading.com/emerging-tech/ambient-ai-expands-computer-vision-capabilities-for-better-building-security

Exclusive Threatpost research examines organizations’ top cloud security concerns, attitudes towards zero-trust and DevSecOps. from Threatpost https://threatpost.com/security-turbulence-in-the-cloud-survey-says/179437/

The threat group known as TA410 that wields the sophisticated FlowCloud RAT actually has three subgroups operating globally, each with their own toolsets and targets. from Threatpost https://threatpost.com/apt-id-3-separate-actors/179435/

As the use of AI- and ML-driven decision-making draws transparency concerns, the need increases for explainability especially when machine learning models appear in high-risk environments. from Dark Reading https://www.darkreading.com/analytics/explainable-ai-for-fraud-prevention

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations. from Threatpost https://threatpost.com/github-repos-stolen-oauth-tokens/179427/

Researchers at IBM Security X-Force are tracking a financially motivated cybercriminal group called “Hive0117” that’s impersonating a Russian government agency to target users in Eastern Europe. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/criminal-gang-impersonates-russian-government-in-phishing-campaign

Visa has invested heavily in data analytics and artificial intelligence over the past five years to secure the movement of money and keep fraud rates low. from Dark Reading https://www.darkreading.com/edge-articles/a-peek-into-visa-s-ai-tools-against-fraud

At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine's digital infrastructure. from Threatpost https://threatpost.com/cyberwar-ukraine-military/179421/

Here's how to reduce security risk and gain the benefits of open source software. from Dark Reading https://www.darkreading.com/risk/how-industry-leaders-should-approach-open-source-security

Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found. from Threatpost https://threatpost.com/java-apps-vulnerable-log4shell/179397/

A campaign by APT37 used a sophisticated malware to steal information about sources , which appears to be a successor to Bluelight. from Threatpost https://threatpost.com/hackers-target-journalists-goldbackdoor/179389/

No government and customer data was accessed. from Threatpost https://threatpost.com/lapsus-hackers-target-t-mobile/179384/

SMS phishing attacks — annoyingly called “smishing” — are becoming more common . I know that I have been receiving a lot of phishing SMS messages over the past few months. I am not getting the “Fedex package delivered” messages the article talks about. Mine are usually of the form: “thank you for paying your bill, here’s a free gift for you.” from Schneier on Security https://www.schneier.com/blog/archives/2022/04/sms-phishing-attacks-are-on-the-rise.html

. from Dark Reading https://www.darkreading.com/operations/fortress-information-security-receives-125m-strategic-investment-from-goldman-sachs-asset-management

Comcast Business mitigated 24,845 multi-vector DDoS attacks in 2021, a 47 percent increase over 2020. from Dark Reading https://www.darkreading.com/attacks-breaches/comcast-business-2021-ddos-threat-report-ddos-becomes-a-bigger-priority-as-multivector-attacks-are-on-the-rise

From increasing cybersecurity awareness in staff, students, and parents to practicing good security hygiene for devices, using endpoint protection, and inspecting network traffic, schools can boost cybersecurity to keep students safe. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/creating-cyberattack-resilience-in-modern-education-environments

How to use zero-trust architecture effectively in today's modern cloud-dependent infrastructures. from Threatpost https://threatpost.com/zero-trust-guide/179377/

Interesting implementation mistake : The vulnerability, which Oracle patched on Tuesday , affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authenticate messages digitally. […] ECDSA signatures rely on a pseudo-random number, typically notated as K, that’s used to derive two additional numbers, R and S. To verify a signature as valid, a party must check the equation involving R and S, the signer’s public key, and a cryptographic hash of the message. When both sides of the equation are equal, the signature is valid. […] For the process to work correctly, neither R nor S can ever be a zero. That’s because one side of the equation is R, and the other is multiplied by R and a value from S. If the values are both 0, the verification check translates to 0 = 0 X (other values from the private key and hash), which will be true regardless o

Nate Warfield, CTO at Prevailion, discusses the dangers of focusing on zero-day security vulnerabilities, and how security teams are being distracted from the day-to-day work that prevents most breaches. from Threatpost https://threatpost.com/security-101-takes-a-backseat-to-0-days/179374/

In a recent article about the largest cyberthreats currently facing the UK , John Edwards – the UK’s newly-appointed information commissioner- talks about the need for a security culture in the workplace. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/uk-information-commissioner-many-cybersecurity-incidents-preventable

To better manage risks, companies can concentrate on resilience, sharing information to protect from cyber threats, and making the cybersecurity tent bigger by looking at workers with nontraditional skill sets. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/3-ways-we-can-improve-cybersecurity

In a joint multi-country cybersecurity advisory (CSA), governments are warning their respective critical infrastructure organizations to be vigilant against increased malicious cyber threat activity. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cisa-warns-of-potential-russian-cybercrime-infrastructure-attacks

A large number of enterprise applications are affected by the vulnerability in log4j, but adversaries aren't just looking for the most common applications. They are looking for targets that are easier to exploit and/or have the biggest payoff. from Dark Reading https://www.darkreading.com/edge-threat-monitor/adversaries-look-for-attackability-when-selecting-targets

Ronan Farrow has a long article in The New Yorker on NSO Group, which includes the news that someone — probably Spain — used the software to spy on domestic Catalonian sepratists. from Schneier on Security https://www.schneier.com/blog/archives/2022/04/long-article-on-nso-group.html

When a quantum computer can decipher the asymmetric encryption protecting our vital systems, Q-Day will arrive. from Dark Reading https://www.darkreading.com/edge-articles/backward-compatible-post-quantum-communications-is-a-matter-of-national-security

This is the shift that companies need to make after a cyberattack. from Dark Reading https://www.darkreading.com/threat-intelligence/from-passive-recovery-to-active-readiness

Beanstalk Farms is a decentralized finance project that has a majority stake governance system: basically people have proportiona votes based on the amount of currency they own. A clever hacker used a “flash loan” feature of another decentralized finance project to borrow enough of the currency to give himself a controlling stake, and then approved a $182 million transfer to his own wallet. It is insane to me that cryptocurrencies are still a thing. from Schneier on Security https://www.schneier.com/blog/archives/2022/04/clever-cryptocurrency-theft.html

Fortress Information Security will expand its Asset to Vendor Library to include hardware bill of materials and software bill of materials information. from Dark Reading https://www.darkreading.com/emerging-tech/fortress-tackles-supply-chain-security-one-asset-at-a-time

Last year, Google Project Zero tracked a record 58 exploited-in-the-wild zero-day security holes. from Threatpost https://threatpost.com/google-2021-0-days/179355/

The enterprise grade solution will provide enhanced cloud security and provide new open-source tools. from Dark Reading https://www.darkreading.com/cloud/verica-launches-prowler-pro-to-make-aws-security-simpler-for-customers

A phishing campaign is targeting African banks with a technique called “HTML smuggling” to bypass security filters, according to threat researchers at HP . from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/social-engineering-campaign-against-african-banks

Attackers are spamming multifactor authentication (MFA) prompts in an attempt to irritate users into approving the login, Ars Technica reports. Both criminal and nation-state actors are using this technique. Researchers at Mandiant observed the Russian state-sponsored actor Cozy Bear launching repeated MFA prompts until the user accepted the request. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/being-annoying-as-a-social-engineering-approach

     In The Wild - CyberSecurity Newsletter Welcome to the 271 st  issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!            Behind the Hack: How Employee Handling of Phishing Emails Can Allow a Hacker Inside Your Network SBS Educational Resources During a recent social engineering assessment, an SBS Cybe