Posts

Showing posts from July, 2023

The Hacker News - Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan

Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer, and spyware called Ursnif (aka Gozi). "It is a sophisticated downloader with the objective of installing a second malware payload," Proofpoint said in a technical report. "The malware uses multiple mechanisms to evade from The Hacker News https://thehackernews.com/2023/08/cybercriminals-renting-wikiloader-to.html

KnowBe4 - Researchers uncover surprising method to hack the guardrails of LLMs

Image
Researchers from Carnegie Mellon University and the Center for A.I. Safety have discovered a new prompt injection method to override the guardrails of large language models (LLMs). These guardrails are safety measures designed to prevent AI from generating harmful content. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/researchers-uncover-surprising-method-to-hack-the-guardrails-of-llms

The Hacker News - New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data

A new Android malware strain called CherryBlos has been observed making use of optical character recognition (OCR) techniques to gather sensitive data stored in pictures. CherryBlos, per Trend Micro, is distributed via bogus posts on social media platforms and comes with capabilities to steal cryptocurrency wallet-related credentials and act as a clipper to substitute wallet addresses when a from The Hacker News https://thehackernews.com/2023/07/new-android-malware-cherryblos.html

The Hacker News - Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse

Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection. "This will help ensure that apps only use these APIs for their intended purpose," the company said in a statement. "As part of this process, you'll need from The Hacker News https://thehackernews.com/2023/07/apple-sets-new-rules-for-developers-to.html

The Hacker News - Hackers Deploy "SUBMARINE" Backdoor in Barracuda Email Security Gateway Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday disclosed details of a "novel persistent backdoor" called SUBMARINE deployed by threat actors in connection with the hack on Barracuda Email Security Gateway (ESG) appliances. "SUBMARINE comprises multiple artifacts — including a SQL trigger, shell scripts, and a loaded library for a Linux daemon — that together enable from The Hacker News https://thehackernews.com/2023/07/hackers-deploy-submarine-backdoor-in.html

The Hacker News - Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack

Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as CVE-2023-35081 (CVSS score: 7.8), impacts supported versions 11.10, 11.9, and 11.8, as well as those that are currently end-of-life (EoL). " from The Hacker News https://thehackernews.com/2023/07/ivanti-warns-of-another-endpoint.html

The Hacker News - Hackers Abusing Windows Search Feature to Install Remote Access Trojans

A legitimate Windows search feature is being exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT. The novel attack technique, per Trellix, takes advantage of the "search-ms:" URI protocol handler, which offers the ability for applications and HTML links to launch custom local from The Hacker News https://thehackernews.com/2023/07/hackers-abusing-windows-search-feature.html

KnowBe4 - Your KnowBe4 Fresh Content Updates from July 2023

Image
Check out the 28 new pieces of training content added in July, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-update-july-2023

Schneier - Indirect Instruction Injection in Multi-Modal LLMs

Interesting research: “ (Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs “: Abstract: We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversarial perturbation corresponding to the prompt and blends it into an image or audio recording. When the user asks the (unmodified, benign) model about the perturbed image or audio, the perturbation steers the model to output the attacker-chosen text and/or make the subsequent dialog follow the attacker’s instruction. We illustrate this attack with several proof-of-concept examples targeting LLaVa and PandaGPT. from Schneier on Security https://www.schneier.com/blog/archives/2023/07/indirect-instruction-injection-in-multi-modal-llms.html

KnowBe4 - SEC Implements New Rule Requiring Firms to Disclose Cybersecurity Breaches in 4 Days

Image
What happened? The SEC (Securities and Exchange Commission) has introduced new rules that require public companies to be more transparent about their cybersecurity risks and any breaches they experience. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/sec-implements-new-rule-requiring-firms-to-disclose-cybersecurity-breaches-in-4-days

The Hacker News - BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities

The Russian nation-state actor known as BlueBravo has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton, exemplifying the continuous evolution of the threat. The phishing campaign is characterized by the use of legitimate internet services (LIS) for command-and-control (C2) obfuscation, Recorded Future said in from The Hacker News https://thehackernews.com/2023/07/bluebravo-deploys-graphicalproton.html

The Hacker News - Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches

Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. This includes a specific class of bugs called Insecure Direct Object Reference (IDOR), a type of access control flaw that occurs when an from The Hacker News https://thehackernews.com/2023/07/cybersecurity-agencies-warn-against.html

Rapid 7 - PenTales: There Are Many Ways to Infiltrate the Cloud

Image
Rapid7 was engaged to do an AWS cloud ecosystem pentest for a large insurance group. The test included looking at internal and external assets, the AWS cloud platform itself, and a configuration scan of their AWS infrastructure to uncover gaps based on NIST’s best practices guide. I evaluated their external assets but most of the IPs were configured to block unauthorized access. I continued to test but did not gain access to any of the external assets since, with cloud, once access has been blocked from the platform itself there is not a lot that I could do about it. But nevertheless, I continued to probe for cloud resources, namely S3 buckets, AWS Apps etc., using company-based keywords. For example: companyx, companyx.IT, companyx.media, etc.  Eventually, I found S3 buckets that were publicly available on their external network. These buckets contained sensitive information which definitely was a point of action for the client. My next step was to complete a configuration scan...

KnowBe4 - [Live Demo] Customizing Your Compliance Training to Increase Effectiveness

Image
Linking compliance training to specific outcomes is hard. Compliance training has a reputation for being challenging for organizations to offer, difficult to do right and employees are not engaged. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/live-demo-compliance-training-august-2023

The Hacker News - The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left

As cloud applications are built, tested and updated, they wind their way through an ever-complex series of different tools and teams. Across hundreds or even thousands of technologies that make up the patchwork quilt of development and cloud environments, security processes are all too often applied in only the final phases of software development.  Placing security at the very end of the from The Hacker News https://thehackernews.com/2023/07/the-4-keys-to-building-cloud-security.html

Schneier - Fooling an AI Article Writer

World of Warcraft players wrote about a fictional game element, “Glorbo,” on a subreddit for the game, trying to entice an AI bot to write an article about it. It worked : And it…worked. Zleague auto-published a post titled “World of Warcraft Players Excited For Glorbo’s Introduction.” […] That is…all essentially nonsense. The article was left online for a while but has finally been taken down ( here’s a mirror, it’s hilarious ). All the authors listed as having bylines on the site are fake. It appears this entire thing is run with close to zero oversight. Expect lots more of this sort of thing in the future. Also, expect the AI bots to get better at detecting this sort of thing. It’s going to be an arms race. from Schneier on Security https://www.schneier.com/blog/archives/2023/07/fooling-an-ai-article-writer.html

The Hacker News - Group-IB Co-Founder Sentenced to 14 Years in Russian Prison for Alleged High Treason

A city court in Moscow on Wednesday convicted Group-IB co-founder and CEO Ilya Sachkov of "high treason" and jailed him for 14 years in a "strict regime colony" over accusations of passing information to foreign spies. "The court found Sachkov guilty under Article 275 of the Russian Criminal Code (high treason) sentencing him to 14 years of incarceration in a maximum-security jail, restriction from The Hacker News https://thehackernews.com/2023/07/group-ib-co-founder-sentenced-to-14.html

The Hacker News - New SEC Rules Require U.S. Companies to Reveal Cyber Attacks Within 4 Days

The U.S. Securities and Exchange Commission (SEC) on Wednesday approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a "material" impact on their finances, marking a major shift in how computer breaches are disclosed. "Whether a company loses a factory in a fire — or millions of files in a cybersecurity from The Hacker News https://thehackernews.com/2023/07/new-sec-rules-require-us-companies-to.html

The Hacker News - Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks

A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it's a significant upgrade over the Pupy RAT, an open-source remote access trojan it's modeled on. "Decoy Dog has a full suite of powerful, previously unknown capabilities – including the ability to move victims to another controller, allowing them to maintain communication with compromised machines and remain from The Hacker News https://thehackernews.com/2023/07/decoy-dog-new-breed-of-malware-posing.html

The Hacker News - New AI Tool 'FraudGPT' Emerges, Tailored for Sophisticated Attacks

Following the footsteps of WormGPT, threat actors are advertising yet another cybercrime generative artificial intelligence (AI) tool dubbed FraudGPT on various dark web marketplaces and Telegram channels. "This is an AI bot, exclusively targeted for offensive purposes, such as crafting spear phishing emails, creating cracking tools, carding, etc.," Netenrich security researcher Rakesh Krishnan  from The Hacker News https://thehackernews.com/2023/07/new-ai-tool-fraudgpt-emerges-tailored.html

The Hacker News - Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets

A new malware family called Realst has become the latest to target Apple macOS systems, with a third of the samples already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system. Written in the Rust programming language, the malware is distributed in the form of bogus blockchain games and is capable of "emptying crypto wallets and stealing stored password and from The Hacker News https://thehackernews.com/2023/07/rust-based-realst-infostealer-targeting.html

The Hacker News - Critical MikroTik RouterOS Vulnerability Exposes Over Half a Million Devices to Hacking

A severe privilege escalation issue impacting MikroTik RouterOS could be weaponized by remote malicious actors to execute arbitrary code and seize full control of vulnerable devices. Cataloged as CVE-2023-30799 (CVSS score: 9.1), the shortcoming is expected to put approximately 500,000 and 900,000 RouterOS systems at risk of exploitation via their web and/or Winbox interfaces, respectively, from The Hacker News https://thehackernews.com/2023/07/critical-mikrotik-routeros.html

The Hacker News - North Korean Nation-State Actors Exposed in JumpCloud Hack After OPSEC Blunder

North Korean nation-state actors affiliated with the Reconnaissance General Bureau (RGB) have been attributed to the JumpCloud hack following an operational security (OPSEC) blunder that exposed their actual IP address. Google-owned threat intelligence firm Mandiant attributed the activity to a threat actor it tracks under the name UNC4899, which likely shares overlaps with clusters already from The Hacker News https://thehackernews.com/2023/07/north-korean-nation-state-actors.html

Schneier - New York Using AI to Detect Subway Fare Evasion

The details are scant—the article is based on a “heavily redacted” contract—but the New York subway authority is using an “AI system” to detect people who don’t pay the subway fare. Joana Flores, an MTA spokesperson, said the AI system doesn’t flag fare evaders to New York police, but she declined to comment on whether that policy could change. A police spokesperson declined to comment. If we spent just one-tenth of the effort we spend prosecuting the poor on prosecuting the rich, it would be a very different world. from Schneier on Security https://www.schneier.com/blog/archives/2023/07/new-york-using-ai-to-detect-subway-fare-evasion.html

The Hacker News - Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs

Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild. Tracked as CVE-2023-38606, the shortcoming resides in the kernel and permits a malicious app to modify sensitive kernel state potentially. The company said it was addressed with improved state management. " from The Hacker News https://thehackernews.com/2023/07/apple-rolls-out-urgent-patches-for-zero.html

KnowBe4 - FBI Warns of Increased Tech Support Scams Using Snail Mail

Image
The US Federal Bureau of Investigation ( FBI ) has warned of an increase in tech support scams that attempt to trick users into sending cash via snail mail. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/fbi-warns-tech-support-scams

The Hacker News - Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and from The Hacker News https://thehackernews.com/2023/07/critical-zero-days-in-atera-windows.html

The Hacker News - Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol

Google has announced that it intends to add support for Message Layer Security (MLS) to its Messages service for Android and open source implementation of the specification. "Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform," Giles Hogben, privacy engineering from The Hacker News https://thehackernews.com/2023/07/google-messages-getting-cross-platform.html

The Hacker News - How to Protect Patients and Their Privacy in Your SaaS Apps

The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven’t changed in 2023. The U.S. Government’s Office for Civil Rights reported 145 data breaches in the United States during the first quarter of this year. That follows 707 incidents a year ago, during which over 50 million records were from The Hacker News https://thehackernews.com/2023/07/how-to-protect-patients-and-their.html

The Hacker News - Apple Threatens to Pull iMessage and FaceTime from U.K. Amid Surveillance Demands

Apple has warned that it would rather stop offering iMessage and FaceTime services in the U.K. than bowing down to government pressure in response to new proposals that seek to expand digital surveillance powers available to state intelligence agencies. The development, first reported by BBC News, makes the iPhone maker the latest to join the chorus of voices protesting against forthcoming from The Hacker News https://thehackernews.com/2023/07/apple-threatens-to-pull-imessage-and.html

SBS CyberSecurity - Hacker Hour: 5 Business Challenges That Executives Overlook as the Business Grows

Hacker Hour: 5 Business Challenges That Executives Overlook as the Business Grows Wednesday, July 26  |  2:00 - 3:00 PM CT Free monthly webinar series. Register   Every business executive knows that growth is essential for survival, but with it comes a host of challenges. Among these, cybersecurity risk management stands out as a paramount concern that can make or break your growth journey. This webinar will highlight five specific cybersecurity challenges executives face that could undermine your progress. You will take away strategies and actionable steps that your business can implement right away. Join us to gain invaluable insights and forge a secure path towards growth, safeguarding your company every step of the way. from SBS CyberSecurity https://sbscyber.com/resources/hacker-hour-5-business-challenges-that-executives-overlook-as-the-business-grows

KnowBe4 - Save $200 on Your Security Awareness and Culture Professional (SACP) Certification

Image
H Layer Credentialing is launching an updated exam form with new content and they need YOUR help! They are looking for professionals interested in earning their SACP Certification to complete the exam between August 14th and  September 30th. This will allow them to perform statistical analyses and finalize scoring on the updated exam form. To assist with this pilot study, they are offering a significant registration discount for those who complete the exam within the specified time frame. Register now using the following coupon code to save $200. You must complete the exam between August 14th and September 30th.   from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/save-200-on-your-security-awareness-and-culture-professional-sacp-certification

Black Hills InfoSec - Talkin’ About Infosec News – 7/21/2023

from Black Hills Information Security https://www.blackhillsinfosec.com/talkin-about-infosec-news-7-21-2023/

The Hacker News - Local Governments Targeted for Ransomware – How to Prevent Falling Victim

Regardless of the country, local government is essential in most citizens' lives. It provides many day-to-day services and handles various issues. Therefore, their effects can be far-reaching and deeply felt when security failures occur. In early 2023, Oakland, California, fell victim to a ransomware attack. Although city officials have not disclosed how the attack occurred, experts suspect a from The Hacker News https://thehackernews.com/2023/07/local-governments-targeted-for.html

Schneier - AI and Microdirectives

Imagine a future in which AIs automatically interpret—and enforce—laws. All day and every day, you constantly receive highly personalized instructions for how to comply with the law, sent directly by your government and law enforcement. You’re told how to cross the street, how fast to drive on the way to work, and what you’re allowed to say or do online—if you’re in any situation that might have legal implications, you’re told exactly what to do, in real time. Imagine that the computer system formulating these personal legal directives at mass scale is so complex that no one can explain how it reasons or works. But if you ignore a directive, the system will know, and it’ll be used as evidence in the prosecution that’s sure to follow. This future may not be far off—automatic detection of lawbreaking is nothing new. Speed cameras and traffic-light cameras have been around for years. These systems automatically issue citations to the car’s owner based on the license plate. In such case...

The Hacker News - DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks

Several distributed denial-of-service (DDoS) botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems. "Through the capture of exploit traffic, the attacker's IP address was identified, and it was determined that the attacks were occurring in multiple regions, including Central America, North America, from The Hacker News https://thehackernews.com/2023/07/ddos-botnets-hijacking-zyxel-devices-to.html

The Hacker News - Citrix NetScaler ADC and Gateway Devices Under Attack: CISA Urges Immediate Action

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Thursday warning that the newly disclosed critical security flaw in Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices is being abused to drop web shells on vulnerable systems. "In June 2023, threat actors exploited this vulnerability as a zero-day to drop a web shell on a critical from The Hacker News https://thehackernews.com/2023/07/citrix-netscaler-adc-and-gateway.html

Rapid 7 - PenTales: Testing Security Health for a Healthcare Company

Image
At Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security. Rapid7 was tasked with testing a provider website in the healthcare industry. Providers had the ability on the website to apply for jobs, manage time cards, connect with employers needing help at hospitals, apply for contracts, as well as manage certificates and documents that were needed to perform duties. The provider website was interested to see if their web application had any flaws that could be leveraged as an attacker, as the application was heavily customized. I began by testing input fields for any vulnerabilities. If an input field does not sanitize user input correctly this could open the web application for potentia...

KnowBe4 - Kevin David Mitnick  (Aug 6, 1963 - July 16, 2023)

Image
The only constant is change. That is true for physics, for organizations, and for us humans. People join and leave teams, and of course also join and leave life. But it's always a shock when someone falls away too early.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/kevin-david-mitnick-aug-6-1963-july-16-2023

Schneier - Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy

The Atlantic Council released a detailed commentary on the White House’s new “Implementation Plan for the 2023 US National Cybersecurity Strategy.” Lots of interesting bits. So far, at least three trends emerge: First, the plan contains a (somewhat) more concrete list of actions than its parent strategy, with useful delineation of lead and supporting agencies, as well as timelines aplenty. By assigning each action a designated lead and timeline, and by including a new nominal section (6) focused entirely on assessing effectiveness and continued iteration, the ONCD suggests that this is not so much a standalone text as the framework for an annual, crucially iterative policy process. That many of the milestones are still hazy might be less important than the commitment. the administration has made to revisit this plan annually, allowing the ONCD team to leverage their unique combination of topical depth and budgetary review authority. Second, there are clear wins. Open-source softwa...

The Hacker News - Turla's New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector

The defense sector in Ukraine and Eastern Europe has been targeted by a novel .NET-based backdoor called DeliveryCheck (aka CAPIBAR or GAMEDAY) that's capable of delivering next-stage payloads. The Microsoft threat intelligence team, in collaboration with the Computer Emergency Response Team of Ukraine (CERT-UA), attributed the attacks to a Russian nation-state actor known as Turla, which is from The Hacker News https://thehackernews.com/2023/07/turlas-new-deliverycheck-backdoor.html

The Hacker News - New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems

Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer (P2P) worm called P2PInfect that targets vulnerable Redis instances for follow-on exploitation. "P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it more scalable and potent than other worms," Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said. "This from The Hacker News https://thehackernews.com/2023/07/new-p2pinfect-worm-targeting-redis.html

The Hacker News - Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats

Microsoft on Wednesday announced that it's expanding cloud logging capabilities to help organizations investigate cybersecurity incidents and gain more visibility after facing criticism in the wake of a recent espionage attack campaign aimed at its email infrastructure. The tech giant said it's making the change in direct response to increasing frequency and evolution of nation-state cyber from The Hacker News https://thehackernews.com/2023/07/microsoft-expands-cloud-logging-to.html

Rapid 7 - The Japanese Technology and Media Attack Landscape

Image
Recently, we released a major report analyzing the threat landscape of Japan, the globe’s third largest economy. In that report we looked at the ways in which threat actors infiltrate Japanese companies (spoiler alert: it is often through foreign subsidiaries and affiliates) and some of the most pervasive threats those companies face such as ransomware and state-sponsored threat actors. We also took a look at some of the hardest hit industries and it should come as no surprise that some of the most commonly attacked companies are in industries where Japan currently excels on a global scale. Think manufacturing and automotive, technology & media, and financial services. In a series of blog posts we’re going to briefly discuss the findings for one of those industries, but rest assured, more information can be found in our one-page rundowns and the report itself. When it comes to technology and media companies, personally identifiable information, or PII, is the name of the game....

Schneier - Practice Your Security Prompting Skills

Gandalf is an interactive LLM game where the goal is to get the chatbot to reveal its password. There are eight levels of difficulty, as the chatbot gets increasingly restrictive instructions as to how it will answer. It’s a great teaching tool. I am stuck on Level 7. Feel free to give hints and discuss strategy in the comments below. I probably won’t look at them until I’ve cracked the last level. from Schneier on Security https://www.schneier.com/blog/archives/2023/07/practice-your-security-prompting-skills.html

KnowBe4 - Threat Actors Add ".Zip" Domains to Phishbait

Image
Cybercriminals are exploiting the introduction of “.ZIP” as a new generic Top-Level Domain (gTLD) to launch phishing attacks, according to researchers at Fortinet. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/dot-zip-domains-phishbait

KnowBe4 - [INFOGRAPHIC] KnowBe4’s Content Library by the Numbers

Image
KnowBe4 offers the world’s largest library of always-fresh security awareness and compliance training content that includes assessments, interactive training modules, videos, games, posters and newsletters via the KnowBe4 ModStore. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/content-library-by-numbers-infographic

The Hacker News - Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations

On April 5, 2023, the FBI and Dutch National Police announced the takedown of Genesis Market, one of the largest dark web marketplaces. The operation, dubbed "Operation Cookie Monster," resulted in the arrest of 119 people and the seizure of over $1M in cryptocurrency. You can read the FBI's warrant here for details specific to this case. In light of these events, I'd like to discuss how OSINT from The Hacker News https://thehackernews.com/2023/07/exploring-dark-side-osint-tools-and.html

HACKMAGEDDON - 1-15 June 2023 Cyber Attacks Timeline

In the first half of June 2023, I collected 172 events (corresponding to 11.47 events/day), a value that shows... from HACKMAGEDDON https://www.hackmageddon.com/2023/07/19/1-15-june-2023-cyber-attacks-timeline/

The Hacker News - Bad.Build Flaw in Google Cloud Build Raises Concerns of Privilege Escalation

Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with application images and infect users, leading to supply chain attacks. The issue, dubbed Bad.Build, is rooted in the Google Cloud Build service, according to cloud security firm Orca, which discovered and reported the issue. "By abusing the flaw and enabling from The Hacker News https://thehackernews.com/2023/07/badbuild-flaw-in-google-cloud-build.html

The Hacker News - U.S. Government Blacklists Cytrox and Intellexa Spyware Vendors for Cyber Espionage

The U.S. government on Tuesday added two foreign commercial spyware vendors, Cytrox and Intellexa, to an economic blocklist for weaponizing cyber exploits to gain unauthorized access to devices and "threatening the privacy and security of individuals and organizations worldwide." This includes the companies' corporate holdings in Hungary (Cytrox Holdings Crt), North Macedonia (Cytrox AD), Greece from The Hacker News https://thehackernews.com/2023/07/us-government-blacklists-cytrox-and.html

The Hacker News - VirusTotal Data Leak Exposes Some Registered Customers' Details

Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, have leaked on the internet. The security incident, which comprises a database of 5,600 names in a 313KB file, was first disclosed by Der Spiegel and Der Standard yesterday. Launched in 2004, VirusTotal is a popular service that analyzes suspicious files and URLs to detect types of from The Hacker News https://thehackernews.com/2023/07/virustotal-data-leak-exposes-some.html

The Hacker News - Go Beyond the Headlines for Deeper Dives into the Cybercriminal Underground

Discover stories about threat actors’ latest tactics, techniques, and procedures from Cybersixgill’s threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Learn about the top vulnerabilities and review the latest ransomware and malware trends from the deep and dark web. Stolen ChatGPT from The Hacker News https://thehackernews.com/2023/07/go-beyond-headlines-for-deeper-dives.html

The Hacker News - FIN8 Group Using Modified Sardonic Backdoor for BlackCat Ransomware Attacks

The financially motivated threat actor known as FIN8 has been observed using a "revamped" version of a backdoor called Sardonic to deliver the BlackCat ransomware. According to the Symantec Threat Hunter Team, part of Broadcom, the development is an attempt on the part of the e-crime group to diversify its focus and maximize profits from infected entities. The intrusion attempt took place in from The Hacker News https://thehackernews.com/2023/07/fin8-group-using-modified-sardonic.html

The Hacker News - Cybercriminals Exploiting WooCommerce Payments Plugin Flaw to Hijack Websites

Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. The flaw, tracked as CVE-2023-28121 (CVSS score: 9.8), is a case of authentication bypass that enables unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, including an from The Hacker News https://thehackernews.com/2023/07/cybercriminals-exploiting-woocommerce.html

KnowBe4 - WormGPT, an "ethics-free" Cyber Crime text generator

Image
CyberWire wrote: "Researchers at SlashNext   describe   a generative AI cybercrime tool called “WormGPT,” which is being advertised on underground forums as “a blackhat alternative to GPT models, designed specifically for malicious activities.” The tool can generate output that legitimate AI models try to prevent, such as malware code or phishing templates.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/wormgpt-an-ethics-free-cyber-crime-text-generator

The Hacker News - Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps

Threat actors are taking advantage of Android's WebAPK technology to trick unsuspecting users into installing malicious web apps on Android phones that are designed to capture sensitive personal information. "The attack began with victims receiving SMS messages suggesting the need to update a mobile banking application," researchers from CSIRT KNF said in an analysis released last week. "The from The Hacker News https://thehackernews.com/2023/07/hackers-exploit-webapk-to-deceive.html

The Hacker News - WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks

With generative artificial intelligence (AI) becoming all the rage these days, it's perhaps not surprising that the technology has been repurposed by malicious actors to their own advantage, enabling avenues for accelerated cybercrime. According to findings from SlashNext, a new generative AI cybercrime tool called WormGPT has been advertised on underground forums as a way for adversaries to from The Hacker News https://thehackernews.com/2023/07/wormgpt-new-ai-tool-allows.html

Schneier - Friday Squid Blogging: Balloon Squid

Masayoshi Matsumoto is a “master balloon artist,” and he made a squid (and other animals). As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2023/07/friday-squid-blogging-balloon-squid.html

The Hacker News - Critical Security Flaws Uncovered in Honeywell Experion DCS and QuickBlox Services

Multiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system (DCS) and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems. Dubbed Crit.IX, the nine flaws in the Honeywell Experion DCS platform allow for "unauthorized remote code execution, which means an attacker would have from The Hacker News https://thehackernews.com/2023/07/critical-security-flaws-uncovered-in.html

KnowBe4 - KnowBe4 Wins 2023 Top Workplaces for Technology Award

Image
KnowBe4 ranks number one overall on the 2023 Technology Top Workplaces list for the third consecutive year and earns national recognition as an employer of choice! from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/2023-top-workplaces-technology-award

KnowBe4 - Banking Detail Malvertising Attack Disguises Itself as a Foolproof USPS Google Ad

Image
A new scam aimed at stealing your credit card and banking information has reared its’ ugly head as a completely legitimate ad that is likely to be clicked based on the corresponding search term. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/banking-detail-malvertising-attack

Schneier - Buying Campaign Contributions as a Hack

The first Republican primary debate has a popularity threshold to determine who gets to appear: 40,000 individual contributors. Now there are a lot of conventional ways a candidate can get that many contributors. Doug Burgum came up with a novel idea: buy them : A long-shot contender at the bottom of recent polls, Mr. Burgum is offering $20 gift cards to the first 50,000 people who donate at least $1 to his campaign. And one lucky donor, as his campaign advertised on Facebook, will have the chance to win a Yeti Tundra 45 cooler that typically costs more than $300—just for donating at least $1. It’s actually a pretty good idea. He could have spent the money on direct mail, or personalized social media ads, or television ads. Instead, he buys gift cards at maybe two-thirds of face value (sellers calculate the advertising value, the additional revenue that comes from using them to buy something more expensive, and breakage when they’re not redeemed at all), and resells them. Plus, man...

The Hacker News - New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries

A new malware strain has been found covertly targeting small office/home office (SOHO) routers for more than two years, infiltrating over 70,000 devices and creating a botnet with 40,000 nodes spanning 20 countries. Lumen Black Lotus Labs has dubbed the malware AVrecon, making it the third such strain to focus on SOHO routers after ZuoRAT and HiatusRAT over the past year. "This makes AVrecon one from The Hacker News https://thehackernews.com/2023/07/new-soho-router-botnet-avrecon-spreads.html

The Hacker News - Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation

Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. "A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced," the company said in an advisory. It also said that the issue has been addressed and that it's expected to from The Hacker News https://thehackernews.com/2023/07/zimbra-warns-of-critical-zero-day-flaw.html

Rapid 7 - Pentales: Old Vulns, New Tricks

Image
At Rapid7 we love a good pentest story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re going to share some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security. This engagement began like any other Internal Network Penetration test. I followed a systematic methodology to enumerate the internal domain. The target organization was a financial institution, but their internal domain was administered via Active Directory (AD) like most organizations with more than a handful of computers. AD is a Microsoft product that provides centralized control of the whole gamut of networking devices that an organization may have. This may include workstations, servers, switches, routers, printers, and IoT devices. Additionally, AD can be used for localized, global, or cloud-based networks. After enumerat...

The Hacker News - PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland

Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems. The intrusion set, which stretches from April 2022 to July 2023, leverages phishing lures and decoy documents to deploy a downloader malware called PicassoLoader, which from The Hacker News https://thehackernews.com/2023/07/picassoloader-malware-used-in-ongoing.html

The Hacker News - TeamTNT's Silentbob Botnet Infecting 196 Hosts in Cloud Attack Campaign

As many as 196 hosts have been infected as part of an aggressive cloud campaign mounted by the TeamTNT group called Silentbob. "The botnet run by TeamTNT has set its sights on Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and Nginx servers, Weave Scope, SSH, and Jupyter applications," Aqua security researchers Ofek Itach and Assaf Morag said in a from The Hacker News https://thehackernews.com/2023/07/teamtnts-silentbob-botnet-infecting-196.html

TrustedSec - Modeling Malicious Code: Hacking in 3D

Image
Introduction Attackers are always looking for new ways to deliver or evade detection of their malicious code, scripts, executables, and other tools that will allow them to access a target. We on the Tactical Awareness and Countermeasures (TAC) team at TrustedSec strive to keep up with attacker techniques and look ahead to develop potential evolutions in tactics and behavior. This is especially useful when we perform Purple Team engagements—we can keep our actions fresh and push the envelope on emulating attacker behavior. In following this ideology, I set out to look for some novel, first-stage techniques that might allow initial access or execution without raising too much suspicion. A colleague of mine, Andrew Schwartz ( @4ndr3w6S ), suggested to look for file types that could be leveraged for malicious purposes that also have default associations with Windows applications. This led us down a path of many interesting file types. Amazingly, countless file extensions end up being som...