Posts

Showing posts from April, 2023

The Hacker News - Google Blocks 1.43 Million Malicious Apps, Bans 73,000 Bad Accounts in 2022

Google disclosed that its improved security features and app review processes helped it block 1.43 million bad apps from being published to the Play Store in 2022. In addition, the company said it banned 173,000 bad accounts and fended off over $2 billion in fraudulent and abusive transactions through developer-facing features like Voided Purchases API, Obfuscated Account ID, and Play Integrity from The Hacker News https://thehackernews.com/2023/05/google-blocks-143-million-malicious.html

KnowBe4 - Your KnowBe4 Fresh Content Updates from April 2023

Image
Check out the 19 new pieces of training content added in April, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-april-2023

The Hacker News - ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection

A significant number of victims in the consumer and enterprise sectors located across Australia, Japan, the U.S., and India have been affected by an evasive information-stealing malware called ViperSoftX. ViperSoftX was first documented in 2020, with cybersecurity company Avast detailing a campaign in November 2022 that leveraged the malware to distribute a malicious Google Chrome extension from The Hacker News https://thehackernews.com/2023/04/vipersoftx-infostealer-adopts.html

KnowBe4 - Heart of the Matter: How LLMs Can Show Political Bias in Their Outputs

Image
Wired just published an interesting story about political bias that can show up in LLM's due to their training. It is becoming clear that training an LLM to exhibit a certain bias is relatively easy. This is a reason for concern, because this can "reinforce entire ideologies, worldviews, truths and untruths” which is what OpenAI has been warning about.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/heart-of-the-matter-how-llms-can-show-political-bias-in-their-outputs

KnowBe4 - [Eyes Wide Shut] Fed Powell's Call with Russian Pranksters Exposed as Social Engineering

Image
It was all over the news. Fed's Jerome Powell was social engineered by Russian pranksters posing as Zelensky.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/eyes-wide-shut-fed-powells-call-with-russian-pranksters-exposed-as-social-engineering

The Hacker News - Attention Online Shoppers: Don't Be Fooled by Their Sleek, Modern Looks — It's Magecart!

An ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users. "The threat actor used original logos from the compromised store and customized a web element known as a modal to perfectly hijack the checkout page," Jérôme Segura, director of threat intelligence at from The Hacker News https://thehackernews.com/2023/04/attention-online-shoppers-dont-be.html

The Hacker News - Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions

South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team. "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execute their malicious attacks," the AhnLab Security Emergency Response Center (ASEC) said in a report from The Hacker News https://thehackernews.com/2023/04/tonto-team-uses-anti-malware-file-to.html

KnowBe4 - [Live Demo] Customizing Your Compliance Training to Increase Effectiveness

Image
Linking compliance training to specific outcomes is hard. Compliance training has a reputation for being challenging for organizations to offer, difficult to do right and employees are not engaged. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/live-demo-compliance-training

The Hacker News - Paperbug Attack: New Politically-Motivated Surveillance Campaign in Tajikistan

A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan. The intrusion set, dubbed Paperbug by Swiss cybersecurity company PRODAFT, has been attributed to a threat actor known as Nomadic Octopus (aka DustSquad). "The from The Hacker News https://thehackernews.com/2023/04/paperbug-attack-new-politically.html

Schneier - Security Risks of AI

Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic. Jim Dempsey, one of the workshop organizers, wrote a blog post on the report: As a first step, our report recommends the inclusion of AI security concerns within the cybersecurity programs of developers and users. The understanding of how to secure AI systems, we concluded, lags far behind their widespread adoption. Many AI products are deployed without institutions fully understanding the security risks they pose. Organizations building or deploying AI models should incorporate AI concerns into their cybersecurity functions using a risk management framework that addresses security throughout the AI system life cycle. It will be necessary to grapple with the ways in which AI vulnerabilities are different from traditional cybersecurity bugs, but the starting point is to assume that AI security is a subset of cybersecurity and to...

KnowBe4 - Does ChatGPT Have Cybersecurity Tells?

Image
Poker players and other human lie detectors look for “tells,” that is, a sign by which someone might unwittingly or involuntarily reveal what they know, or what they intend to do. A cardplayer yawns when he’s about to bluff, for example, or someone’s pupils dilate when they’ve successfully drawn to an insider straight. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/chatgpt-cybersecurity-tells

KnowBe4 - Latest QBot Attacks Use a Mixture of PDF Attachments and Windows Scripting Host Files to Infect Victims

Image
QBot malware seems to be outliving its competitors through innovative new ways to socially engineer victims into helping install it. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/qbot-attacks-pdfs-windows-scripting-host-files

KnowBe4 - Scammers Impersonate Zelle via the Lure of “Getting Paid” to Get Paid Themselves

Image
A new impersonation scam targets users of the popular pay platform under the guise of the victim having money coming to them and with the goal to obtain Zelle credentials. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/zelle-impersonation-scam

KnowBe4 - Despite a Majority of Organizations Believing They’re Prepared for Cyber Attacks, Half Were Still Victims

Image
A new survey points to an overconfidence around organization’s preparedness, despite admitting to falling victim to ransomware attacks – in some cases multiple times. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyber-attack-preparedness-overconfidence

KnowBe4 - Organizations Have No Idea of a Data Breach’s Root Cause in 42% of Reported Cases

Image
New data shows how poorly organizations are at identifying – let alone removing – an attacker's foothold, putting themselves at continued risk of further attacks and data breaches. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/data-breach-root-causes-unknown

The Hacker News - LimeRAT Malware Analysis: Extracting the Config

Remote Access Trojans (RATs) have taken the third leading position in ANY. RUN's Q1 2023 report on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it apart. Capable of carrying out a broad spectrum of malicious activities, it excels not only in data from The Hacker News https://thehackernews.com/2023/04/limerat-malware-analysis-extracting.html

The Hacker News - RTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts

The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's first foray into the open source operating system. "Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware's leaked source code," Uptycs said in a new report published Wednesday. "It uses a combination of ECDH on from The Hacker News https://thehackernews.com/2023/04/rtm-lockers-first-linux-ransomware.html

The Hacker News - Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the name Lace Tempest (formerly DEV-0950), which overlaps with other hacking groups like FIN11, TA505, and Evil from The Hacker News https://thehackernews.com/2023/04/microsoft-confirms-papercut-servers.html

The Hacker News - Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks

The prolific Iranian nation-state group known as Charming Kitten targeted multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed BellaCiao, adding to its ever-expanding list of custom tools. Discovered by Bitdefender Labs, BellaCiao is a "personalized dropper" that's capable of delivering other malware payloads onto a victim machine based on commands received from The Hacker News https://thehackernews.com/2023/04/charming-kittens-new-bellaciao-malware.html

Schneier - AI to Aid Democracy

There’s good reason to fear that A.I. systems like ChatGPT and GPT4 will harm democracy. Public debate may be overwhelmed by industrial quantities of autogenerated argument. People might fall down political rabbit holes, taken in by superficially convincing bullshit, or obsessed by folies à deux relationships with machine personalities that don’t really exist. These risks may be the fallout of a world where businesses deploy poorly tested A.I. systems in a battle for market share, each hoping to establish a monopoly. But dystopia isn’t the only possible future. A.I. could advance the public good, not private profit, and bolster democracy instead of undermining it. That would require an A.I. not under the control of a large tech monopoly, but rather developed by government and available to all citizens. This public option is within reach if we want it. An A.I. built for public benefit could be tailor-made for those use cases where technology can best help democracy. It could plausib...

The Hacker News - Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks

The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access from The Hacker News https://thehackernews.com/2023/04/apache-superset-vulnerability-insecure.html

The Hacker News - VMware Releases Critical Patches for Workstation and Fusion Software

VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the from The Hacker News https://thehackernews.com/2023/04/vmware-releases-critical-patches-for.html

Rapid 7 - Starting a Career in Tech? Learn How Rapid7’s Emerging Talent Programmes Foster Long-Term Success

Image
Rapid7’s Emerging Talent Programmes pave the way for early career professionals to have a successful career in tech. In Belfast, we offer both an Apprentice Programme and a Placement Programme to support new talent coming into the tech field. The Apprentice Programme is designed for individuals with established careers that want to pivot into the cybersecurity field. In our Placement Programme, students spend a full year working as a member of one of our teams while enrolled in university, gaining valuable experience working on real projects. Cybersecurity is constantly evolving, and we work diligently to stay ahead of attackers and create a more secure digital future for all. Emerging Talent Programme participants bring fresh and valuable perspectives to our business and are equipped with the resources and opportunities to develop valuable industry knowledge and experience. We spoke with several team members who went through these programmes and went on to pursue full time roles a...

The Hacker News - Modernizing Vulnerability Management: The Move Toward Exposure Management

Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding of from The Hacker News https://thehackernews.com/2023/04/modernizing-vulnerability-management.html

Schneier - Cyberweapons Manufacturer QuaDream Shuts Down

Following a report on its activities , the Israeli spyware company QuaDream has shut down . This was QuadDream: Key Findings Based on an analysis of samples shared with us by Microsoft Threat Intelligence , we developed indicators that enabled us to identify at least five civil society victims of QuaDream’s spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. We are not naming the victims at this time. We also identify traces of a suspected iOS 14 zero-click exploit used to deploy QuaDream’s spyware. The exploit was deployed as a zero-day against iOS versions 14.4 and 14.4.2, and possibly other versions. The suspected exploit, which we call ENDOFDAYS , appears to make use of invisible iCloud calendar invitations sent from the spyware’s operator to victims. We performed Internet scanning to identify QuaDream servers, and in some cases were able to identify op...

The Hacker News - Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud. "This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security," from The Hacker News https://thehackernews.com/2023/04/google-authenticator-app-gets-cloud.html

KnowBe4 - [Heads Up] The New FedNow Service Opens Massive New Attack Surface

Image
You may not have heard of this service planned for July 2023, but it promises a massive new social engineering attack surface. This is from their website: "About the FedNowSM Service. The FedNow Service is a new instant payment infrastructure developed by the Federal Reserve that allows financial institutions of every size across the U.S. to provide safe and efficient instant payment services. "Through financial institutions participating in the FedNow Service, businesses and individuals can send and receive instant payments in real time, around the clock, every day of the year. Financial institutions and their service  providers can use the service to provide innovative instant payment services to customers, and recipients will have full access to funds immediately, allowing for greater financial flexibility when making time-sensitive payments." This is the site: https://www.frbservices.org/financial-services/fednow/about.html You can imagine the pandora's b...

The Hacker News - CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows - CVE-2023-28432 (CVSS score - 7.5) - MinIO Information Disclosure Vulnerability  CVE-2023-27350 (CVSS score - 9.8) - PaperCut MF/NG Improper Access Control from The Hacker News https://thehackernews.com/2023/04/cisa-adds-3-actively-exploited-flaws-to.html

The Hacker News - 14 Kubernetes and Cloud Security Challenges and How to Solve Them

Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and adopt comprehensive security solutions to protect their digital assets. In response, Uptycs, the first from The Hacker News https://thehackernews.com/2023/04/14-kubernetes-and-cloud-security.html

TrustedSec - Better Hacking Through Cracking: Know Your Rules

Image
THIS POST WAS WRITTEN BY  @NYXGEEK Intro Password recovery tool hashcat ships with a bunch of great rules, but have you actually looked at them? Being familiar with the built-in rules can help enhance your cracking capabilities and enable you to choose the right rule or rule combination. via GIPHY So where are these rules anyways? The rules files exist in a “rules” folder that comes with hashcat. Here’s what a default rules folder will look like: One of the most basic things to know is how LONG the different rulesets are. How many permutations will be applied to the wordlist? This is important for gauging how long a job will take and decide which combinations of wordlist + rules might be completed in a timely manner. To find the length of the rulesets we could use “wc -l”, but there are some comments and blank lines in these rules. So for accuracy, use a little Bash one-liner: for file in `ls *.rule`; do echo -n "$file ";cat $file | grep -v '^#' | grep -v ...

KnowBe4 - Phishing for Credentials in Social Media-Based Platform Linktree

Image
Social media is designed of course to connect, but legitimate modes of doing so can be abused. One such case of abuse that’s currently running involves Linktree, a kind of meta-medium for social media users with many accounts. If you’re unfamiliar with Linktree, which, we stress, is a legitimate service, here’s how the company describes what it will let you do. “Connect your TikTok, Instagram, Twitter, website, store, videos, music, podcast, events and more,” Linktree says. ”It all comes together in a link in a bio landing page designed to convert.” And you can “Get started for free.” from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-for-credentials-linktree

HACKMAGEDDON - Q1 2023 Cyber Attacks Statistics

I have aggregated the statistics created from the cyber attacks timelines published in the first three months of 2023. In total... from HACKMAGEDDON https://www.hackmageddon.com/2023/04/21/q1-2023-cyber-attacks-statistics/

The Hacker News - N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX

The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors. Google-owned Mandiant, which is tracking the attack event under the moniker UNC4736, said the incident marks the first time it has seen a "software supply chain attack lead to another software from The Hacker News https://thehackernews.com/2023/04/nk-hackers-employ-matryoshka-doll-style.html

The Hacker News - Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products

Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9), which resides in the web UI component and arises as a result of from The Hacker News https://thehackernews.com/2023/04/cisco-and-vmware-release-security.html

KnowBe4 - More Companies with Cyber Insurance Are Hit by Ransomware Than Those Without

Image
In an interesting twist, new data hints that organizations with cyber insurance may be relying on it too much, instead of shoring up security to ensure attacks never succeed. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyber-insurance-hit-by-ransomware

KnowBe4 - OpenAI Transparency Report Highlights How GPT-4 Can be Used to Aid Both Sides of the Cybersecurity Battle

Image
The nature of an advanced artificial intelligence (AI) engine such as ChatGPT provides its users with an ability to use and misuse, potentially empowering both security teams and threat actors alike. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/report-gpt4-aid-both-sides-of-cybersecurity-battle