Posts

Showing posts from August, 2023

KnowBe4 - [Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Image
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/live-demo-security-awareness-training-phishing

The Hacker News - SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations

An open-source .NET-based information stealer malware dubbed SapphireStealer is being used by multiple entities to enhance its capabilities and spawn their own bespoke variants. “Information-stealing malware like SapphireStealer can be used to obtain sensitive information, including corporate credentials, which are often resold to other threat actors who leverage the access for additional from The Hacker News https://thehackernews.com/2023/08/sapphirestealer-malware-gateway-to.html

Rapid 7 - PenTales: What It’s Like on the Red Team

Image
At Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re sharing some of our favorite tales from the pen test desk and hopefully highlight some ways you can improve your own organization’s security. Performing a Red Team exercise at Rapid7 is a rollercoaster of emotions. The first week starts off with excitement and optimism, as you have a whole new client environment to dig into. All assets and employees are in-scope, no punches held. From a hacker mentality, it's truly exciting to be unleashed with unlimited possibilities bouncing around in your head of how you’ll breach the perimeter, set persistence, laterally move, and access the company “crown jewels.” Then the first week comes to a close and you’ve realized this company has locked down their assets, and short of developing and deploying a 0-day, you’re going to have to ...

Rapid 7 - Velociraptor 0.7.0 Release: Dig Deeper With Enhanced Client Search, Server Improvements and Expanded VQL Library

Image
Carlos Canto contributed to this article. Rapid7 is thrilled to announce version 0.7.0 of Velociraptor is now LIVE and available for download.  The focus of this release was on improving user efficiency while also expanding and strengthening the library of VQL plug-ins and artifacts. Let’s take a look at some of the interesting new features in detail. GUI improvements The GUI was updated in this release to improve user workflow and accessibility. Enhanced client search In previous versions, client information was written to the datastore in individual files (one file per client record). This works ok, as long as the number of clients is not too large and the filesystem is fast. This has become more critical as users are now deploying Velociraptor with larger deployment sizes, often in excess of 50k. In this release, the client index was rewritten to store all client records in a single snapshot file, while managing this file in memory. This approach allows client searching ...

The Hacker News - Numbers Don't Lie: Exposing the Harsh Truths of Cyberattacks in New Report

How often do cyberattacks happen? How frequently do threat actors target businesses and governments around the world? The BlackBerry® Threat Research and Intelligence Team recently analyzed 90 days of real-world data to answer these questions. Full results are in the latest BlackBerry Global Threat Intelligence Report, but read on for a teaser of several interesting cyber attack statistics. from The Hacker News https://thehackernews.com/2023/08/numbers-dont-lie-exposing-harsh-truths.html

Schneier - Own Your Own Government Surveillance Van

A used government surveillance van is for sale in Chicago: So how was this van turned into a mobile spying center? Well, let’s start with how it has more LCD monitors than a Counterstrike LAN party. They can be used to monitor any of six different video inputs including a videoscope camera. A videoscope and a borescope are very similar as they’re both cameras on the ends of optical fibers, so the same tech you’d use to inspect cylinder walls is also useful for surveillance. Kind of cool, right? Multiple Sony DVD-based video recorders store footage captured by cameras, audio recorders by high-end equipment brand Marantz capture sounds, and time and date generators sync gathered media up for accurate analysis. Circling back around to audio, this van features seven different audio inputs including a body wire channel. Only $26,795, but you can probably negotiate them down. from Schneier on Security https://www.schneier.com/blog/archives/2023/08/own-your-own-government-surveillance...

The Hacker News - Earth Estries' Espionage Campaign Targets Governments and Tech Titans Across Continents

A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S. "The threat actors behind Earth Estries are working with high-level resources and functioning with sophisticated skills and experience in cyber espionage and illicit from The Hacker News https://thehackernews.com/2023/08/earth-estries-espionage-campaign.html

The Hacker News - MMRat Android Trojan Executes Remote Financial Fraud Through Accessibility Feature

A previously undocumented Android banking trojan dubbed MMRat has been observed targeting mobile users in Southeast Asia since late June 2023 to remotely commandeer the devices and perform financial fraud. "The malware, named after its distinctive package name com.mm.user, can capture user input and screen content, and can also remotely control victim devices through various techniques, enabling from The Hacker News https://thehackernews.com/2023/08/mmrat-android-trojan-executes-remote.html

KnowBe4 - Quishing: QR Codes as Phishbait

Image
Researchers at Trustwave are tracking an increase in the use of QR codes to spread phishing links. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/quishing-qr-codes-phishbait

The Hacker News - Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits

Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild, according to multiple reports. The Shadowserver Foundation said that it's "seeing exploitation attempts from multiple IPs for Juniper J-Web CVE-2023-36844 (& friends) targeting /webauth_operation.php endpoint," the same day a proof-of-concept (PoC) from The Hacker News https://thehackernews.com/2023/08/alert-juniper-firewalls-openfire-and.html

The Hacker News - Critical Vulnerability Alert: VMware Aria Operations Networks at Risk from Remote Attacks

VMware has released software updates to correct two security vulnerabilities in Aria Operations for Networks that could be potentially exploited to bypass authentication and gain remote code execution. The most severe of the flaws is CVE-2023-34039 (CVSS score: 9.8), which relates to a case of authentication bypass arising as a result of a lack of unique cryptographic key generation. "A from The Hacker News https://thehackernews.com/2023/08/critical-vulnerability-alert-vmware.html

The Hacker News - FBI Dismantles QakBot Malware, Frees 700,000 Computers, Seizes $8.6 Million

A coordinated law enforcement effort codenamed Operation Duck Hunt has felled QakBot, a notorious Windows malware family that's estimated to have compromised over 700,000 computers globally and facilitated financial fraud as well as ransomware. To that end, the U.S. Justice Department (DoJ) said the malware is "being deleted from victim computers, preventing it from doing any more harm," adding from The Hacker News https://thehackernews.com/2023/08/fbi-dismantles-qakbot-malware-frees.html

Rapid 7 - Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs

Image
Tyler Starks, Christiaan Beek, Robert Knapp, Zach Dayton, and Caitlin Condon contributed to this blog. Rapid7’s managed detection and response (MDR) teams have observed increased threat activity targeting Cisco ASA SSL VPN appliances (physical and virtual) dating back to at least March 2023. In some cases, adversaries have conducted credential stuffing attacks that leveraged weak or default passwords; in others, the activity we’ve observed appears to be the result of targeted brute-force attacks on ASA appliances where multi-factor authentication (MFA) was either not enabled or was not enforced for all users (i.e., via MFA bypass groups). Several incidents our managed services teams have responded to ended in ransomware deployment by the Akira and LockBit groups. There is no clear pattern among target organizations or verticals. Victim organizations varied in size and spanned healthcare, professional services, manufacturing, and oil and gas, along with other verticals. We have inclu...

The Hacker News - Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability

Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what's suspected to be a ransomware attack. Cybersecurity company Sophos is tracking the activity cluster under the moniker STAC4663. Attack chains involve the exploitation of CVE-2023-3519, a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could from The Hacker News https://thehackernews.com/2023/08/citrix-netscaler-alert-ransomware.html

The Hacker News - Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks

Microsoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service (PhaaS) cybercrime model. In addition to an uptick in AiTM-capable PhaaS platforms, the tech giant noted that existing phishing services like PerSwaysion are incorporating AiTM capabilities. "This development in the PhaaS ecosystem enables from The Hacker News https://thehackernews.com/2023/08/phishing-as-service-gets-smarter.html

Schneier - Remotely Stopping Polish Trains

Turns out that it’s easy to broadcast radio commands that force Polish trains to stop: …the saboteurs appear to have sent simple so-called “radio-stop” commands via radio frequency to the trains they targeted. Because the trains use a radio system that lacks encryption or authentication for those commands, Olejnik says, anyone with as little as $30 of off-the-shelf radio equipment can broadcast the command to a Polish train­—sending a series of three acoustic tones at a 150.100 megahertz frequency­—and trigger their emergency stop function. “It is three tonal messages sent consecutively. Once the radio equipment receives it, the locomotive goes to a halt,” Olejnik says, pointing to a document outlining trains’ different technical standards in the European Union that describes the “radio-stop” command used in the Polish system. In fact, Olejnik says that the ability to send the command has been described in Polish radio and train forums and on YouTube for years. “Everybody could do...

The Hacker News - KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities

An updated version of a botnet malware called KmsdBot is now targeting Internet of Things (IoT) devices, simultaneously branching out its capabilities and the attack surface. "The binary now includes support for Telnet scanning and support for more CPU architectures," Akamai security researcher Larry W. Cashdollar said in an analysis published this month. The latest iteration, from The Hacker News https://thehackernews.com/2023/08/kmsdbot-malware-gets-upgrade-now.html

The Hacker News - LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants

The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants. Russian cybersecurity company Kaspersky said it detected a ransomware intrusion that deployed a version of LockBit but with a markedly different ransom demand procedure. "The attacker behind this incident decided to use a different ransom note with a headline related to a from The Hacker News https://thehackernews.com/2023/08/lockbit-30-ransomware-builder-leak.html

Schneier - Friday Squid Blogging: China’s Squid Fishing Ban Ineffective

China imposed a “pilot program banning fishing in parts of the south-west Atlantic Ocean from July to October, and parts of the eastern Pacific Ocean from September to December.” However, the conservation group Oceana analyzed the data and figured out that the Chinese weren’t fishing in those areas in those months, anyway. < blockquote>In the south-west Atlantic moratorium area, Oceana found there had been no fishing conducted by Chinese fleets in the same time period in 2019. Between 1,800 and 8,500 fishing hours were detected in the zone in each of the five years to 2019. In the eastern Pacific zone, China’s fishing fleet appeared to fish only 38 hours in the year before the ban’s introduction. “Ending squid fishing in areas where there is no fishing does nothing to protect squid,” said Oceana’s campaign director, Max Valentine. < blockquote> As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my b...

The Hacker News - Learn How Your Business Data Can Amplify Your AI/ML Threat Detection Capabilities

In today's digital landscape, your business data is more than just numbers—it's a powerhouse. Imagine leveraging this data not only for profit but also for enhanced AI and Machine Learning (ML) threat detection. For companies like Comcast, this isn't a dream. It's reality. Your business comprehends its risks, vulnerabilities, and the unique environment in which it operates. No generic, from The Hacker News https://thehackernews.com/2023/08/learn-how-your-business-data-can.html

KnowBe4 - Use KnowBe4’s New Callback Phishing Feature to Boost Your Organization's Security Awareness

Image
What's the Deal with Callback Phishing? from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/new-callback-phishing-feature-to-boost-your-security-awareness

KnowBe4 - Your KnowBe4 Fresh Content Updates from August 2023

Image
Check out the 21 new pieces of training content added in August, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-august-2023

The Hacker News - China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors

A nation-state activity group originating from China has been linked to cyber attacks on dozens of organizations in Taiwan as part of a suspected espionage campaign. The Microsoft Threat Intelligence team is tracking the activity under the name Flax Typhoon, which is also known as Ethereal Panda. "Flax Typhoon gains and maintains long-term access to Taiwanese organizations' networks with minimal from The Hacker News https://thehackernews.com/2023/08/china-linked-flax-typhoon-cyber.html

Schneier - Hacking Food Labeling Laws

This article talks about new Mexican laws about food labeling, and the lengths to which food manufacturers are going to ensure that they are not effective. There are the typical high-pressure lobbying tactics and lawsuits. But there’s also examples of companies hacking the laws: Companies like Coca-Cola and Kraft Heinz have begun designing their products so that their packages don’t have a true front or back, but rather two nearly identical labels—except for the fact that only one side has the required warning. As a result, supermarket clerks often place the products with the warning facing inward, effectively hiding it. […] Other companies have gotten creative in finding ways to keep their mascots, even without reformulating their foods, as is required by law. Bimbo, the international bread company that owns brands in the United States such as Entenmann’s and Takis, for example, technically removed its mascot from its packaging. It instead printed the mascot on the actual food p...

The Hacker News - Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches

The U.S. Federal Bureau of Investigation (FBI) is warning that Barracuda Networks Email Security Gateway (ESG) appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups. It also deemed the fixes as "ineffective" and that it "continues to observe active intrusions and considers all affected Barracuda ESG from The Hacker News https://thehackernews.com/2023/08/urgent-fbi-warning-barracuda-email.html

The Hacker News - Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware

The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan called such as QuiteRAT. Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S., cybersecurity company Cisco Talos said in a two-part analysis  from The Hacker News https://thehackernews.com/2023/08/lazarus-group-exploits-critical-zoho.html

The Hacker News - New Telegram Bot "Telekopye" Powering Large-scale Phishing Scams from Russia

A new financially motivated operation is leveraging a malicious Telegram bot to help threat actors scam their victims. Dubbed Telekopye, a portmanteau of Telegram and kopye (meaning "spear" in Russian), the toolkit functions as an automated means to create a phishing web page from a premade template and send the URL to potential victims, codenamed Mammoths by the criminals. "This toolkit is from The Hacker News https://thehackernews.com/2023/08/new-telegram-bot-telekopye-powering.html

The Hacker News - WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders

A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it possible to launch malicious scripts contained within an archive that masquerades as seemingly innocuous image or text files. from The Hacker News https://thehackernews.com/2023/08/winrar-security-flaw-exploited-in-zero.html

Schneier - Parmesan Anti-Forgery Protection

The Guardian is reporting about microchips in wheels of Parmesan cheese as an anti-forgery measure. from Schneier on Security https://www.schneier.com/blog/archives/2023/08/parmesan-anti-forgery-protection.html

The Hacker News - Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw

Thousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 (CVSS score: 7.5), the vulnerability relates to a path traversal vulnerability in Openfire's administrative console that could permit an unauthenticated attacker to access otherwise restricted from The Hacker News https://thehackernews.com/2023/08/thousands-of-unpatched-openfire-xmpp.html

The Hacker News - Tornado Cash Founders Charged in Billion-Dollar Crypto Laundering Scandal

The U.S. Justice Department (DoJ) on Wednesday unsealed an indictment against two founders of the now-sanctioned Tornado Cash cryptocurrency mixer service, charging them with laundering more than $1 billion in criminal proceeds. Both the individuals, Roman Storm and Roman Semenov, have been charged with conspiracy to commit money laundering, conspiracy to commit sanctions violations, and from The Hacker News https://thehackernews.com/2023/08/tornado-cash-founders-charged-in.html

The Hacker News - Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead

Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security’s p0 Labs team identified and tracked an attacker developing and deploying eight (8) incremental iterations of their credential harvesting malware while continuing to develop infrastructure for an upcoming (spoiler: now launched) campaign from The Hacker News https://thehackernews.com/2023/08/agile-approach-to-mass-cloud-credential.html

The Hacker News - Syrian Threat Actor EVLF Unmasked as Creator of CypherRAT and CraxsRAT Android Malware

A Syrian threat actor named EVLF has been outed as the creator of malware families CypherRAT and CraxsRAT. "These RATs are designed to allow an attacker to remotely perform real-time actions and control the victim device's camera, location, and microphone," Cybersecurity firm Cyfirma said in a report published last week. CypherRAT and CraxsRAT are said to be offered to other cybercriminals as from The Hacker News https://thehackernews.com/2023/08/syrian-threat-actor-evlf-unmasked-as.html

The Hacker News - Spacecolon Toolset Fuels Global Surge in Scarab Ransomware Attacks

A malicious toolset dubbed Spacecolon is being deployed as part of an ongoing campaign to spread variants of the Scarab ransomware across victim organizations globally. "It probably finds its way into victim organizations by its operators compromising vulnerable web servers or via brute forcing RDP credentials," ESET security researcher Jakub Souček said in a detailed technical write-up from The Hacker News https://thehackernews.com/2023/08/spacecolon-toolset-fuels-global-surge.html

The Hacker News - Over a Dozen Malicious npm Packages Target Roblox Game Developers

More than a dozen malicious packages have been discovered on the npm package repository since the start of August 2023 with capabilities to deploy an open-source information stealer called Luna Token Grabber on systems belonging to Roblox developers. The ongoing campaign, first detected on August 1 by ReversingLabs, employs modules that masquerade as the legitimate package noblox.js, an API from The Hacker News https://thehackernews.com/2023/08/over-dozen-malicious-npm-packages.html

The Hacker News - CISOs Tout SaaS Cybersecurity Confidence, But 79% Admit to SaaS Incidents, New Report Finds

A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cybersecurity. Over 600 IT, cybersecurity, and business leaders at from The Hacker News https://thehackernews.com/2023/08/cisos-tout-saas-cybersecurity.html

The Hacker News - New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App

A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote." "The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg," SentinelOne security researchers Dinesh Devadoss and Phil Stokes said in a Monday analysis. "The application from The Hacker News https://thehackernews.com/2023/08/new-variant-of-xloader-macos-malware.html

The Hacker News - Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software

Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue has been described as a case of authentication bypass impacting versions 9.18 and prior due to what it called an from The Hacker News https://thehackernews.com/2023/08/ivanti-warns-of-critical-zero-day-flaw.html

The Hacker News - Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to a deserialization flaw present in Adobe ColdFusion 2018 (Update 15 and earlier) and ColdFusion 2021 ( from The Hacker News https://thehackernews.com/2023/08/critical-adobe-coldfusion-flaw-added-to.html

The Hacker News - WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams

Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that's engineered to conduct tech support scams. The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, leveraging JavaScript embedded in compromised websites to perform anti-bot and web traffic filtering checks to serve from The Hacker News https://thehackernews.com/2023/08/wooflocker-toolkit-hides-malicious.html

The Hacker News - New Juniper Junos OS Flaws Expose Devices to Remote Attacks - Patch Now

Networking hardware company Juniper Networks has released an "out-of-cycle" security update to address multiple flaws in the J-Web component of Junos OS that could be combined to achieve remote code execution on susceptible installations. The four vulnerabilities have a cumulative CVSS rating of 9.8, making them Critical in severity. They affect all versions of Junos OS on SRX and EX Series. "By from The Hacker News https://thehackernews.com/2023/08/new-juniper-junos-os-flaws-expose.html

SBS CyberSecurity - {Onsite} Graduate School of Banking: Bank Technology Security School

October 16-20: An innovative program designed by, and especially for, information security officers in the financial industry. from SBS CyberSecurity https://sbscyber.com/resources/articleType/ArticleView/articleId/2275/onsite-graduate-school-of-banking-bank-technology-security-school

The Hacker News - New Wave of Attack Campaign Targeting Zimbra Email Users for Credential Theft

A new "mass-spreading" social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect their login credentials for use in follow-on operations. The activity, active since April 2023 and still ongoing, targets a wide range of small and medium businesses and governmental entities, most of which are located in Poland, Ecuador, Mexico, Italy, and Russia from The Hacker News https://thehackernews.com/2023/08/new-wave-of-attack-campaign-targeting.html

KnowBe4 - Bloomberg Reports: Stealth QR Code Phishing Attack On Major US Energy Company

Image
During my two years as the CEO of a Public Company , Bloomberg became one of my go-to sources for financial news. I am still subscribed and today found an interesting story from Drake Bennett in New York. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/bloomberg-reports-stealth-qr-code-phishing-attack-on-major-us-energy-company

KnowBe4 - Bloomberg Reports: Stealth QR Code Phishing Attack On Major US Bank

Image
During my two years as the CEO of a Public Company , Bloomberg became one of my go-to sources for financial news. I am still subscribed and today found an interesting story from Drake Bennett in New York. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/bloomberg-reports-stealth-qr-code-phishing-attack-on-major-us-bank

The Hacker News - New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools

Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution. "The Impacket tool has credential dumping and remote service execution modules that could be used for broad deployment of the BlackCat ransomware in target environments," the company's from The Hacker News https://thehackernews.com/2023/08/new-blackcat-ransomware-variant-adopts.html

Schneier - Bots Are Better than Humans at Solving CAPTCHAs

Interesting research: “ An Empirical Study & Evaluation of Modern CAPTCHAs “: Abstract: For nearly two decades, CAPTCHAS have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAS have continued to improve. Meanwhile, CAPTCHAS have also evolved in terms of sophistication and diversity, becoming increasingly difficult to solve for both bots (machines) and humans. Given this long-standing and still-ongoing arms race, it is critical to investigate how long it takes legitimate users to solve modern CAPTCHAS, and how they are perceived by those users. In this work, we explore CAPTCHAS in the wild by evaluating users’ solving performance and perceptions of unmodified currently-deployed CAPTCHAS. We obtain this data through manual inspection of popular websites and user studies in which 1, 400 participants collectively solved 14, 000 CAPTCHAS. Results show significant differences between the most popu...

The Hacker News - Google Chrome's New Feature Alerts Users About Auto-Removal of Malicious Extensions

Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when an add-on has been unpublished by a developer, taken down for violating Chrome Web Store policy, or marked as malware. from The Hacker News https://thehackernews.com/2023/08/google-chromes-new-feature-alerts-users.html

Rapid 7 - Join us for VeloCON 2023: Digging Deeper Together!

Image
September 13, 2023 at 9 am ET Rapid7 is thrilled to announce that the 2nd annual VeloCON: Digging Deeper Together virtual summit will be held this September 13th at 9 am ET. Once again, the conference will be online and completely free! VeloCON is a one-day event focused on the Velociraptor community. It’s a place to share experiences in using and developing Velociraptor to address the needs of the wider DFIR community and an opportunity to take a look ahead at the future of our platform. This year’s event calls for even more of the stimulating and informative content that made last year’s VeloCON so much fun. Don’t miss your chance at being a part of the marquee event of the open-source DFIR calendar. Registration is now OPEN!   Click here to register and get event updates and start time reminders. Last year’s event was a tremendous success, with over 500 unique participants enjoying fascinating discussions, tech talks and the opportunity to get to know real members of our...

The Hacker News - New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode

Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and main access to an Apple device even when the victim believes it is offline. The method "tricks the victim into thinking their device's Airplane Mode works when in reality the attacker (following successful device exploit) has planted an artificial from The Hacker News https://thehackernews.com/2023/08/new-apple-ios-16-exploit-enables.html

The Hacker News - New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities

A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign. "The attacker utilized undetected signature-based tools, sophisticated and stealthy cross-platform malware, command-and-control (C2) tools which bypassed firewalls, and kernel-based rootkits to hide their presence," Sysdig  from The Hacker News https://thehackernews.com/2023/08/new-labrat-campaign-exploits-gitlab.html

TrustedSec - The Client/Server Relationship — A Match Made In Heaven

Image
This blog post was co-authored with Charlie Clark and Jonathan Johnson of Binary Defense . 1    Introduction One thing often forgotten is that detection engineering isn’t always centered around 1 action to 1 query but also to drive effective incident response to optimize the triage of an alert. This is best served with context. We often say, ‘context is king,’ because this exposes a story that helps defenders understand the intent behind the actions. Context doesn’t always surround one process but potentially multiple processes, network connections, and different hosts. Context paints the picture for responders to best measure how to handle the event/incident that they are answering to. It is through context that the defensive team can get a better understanding of the attack they are facing and ultimately attribution. Charlie and Andrew have been trying to bring more offensive and defensive awareness around Kerberos, and Jonny has helped close the gaps by leveraging...

The Hacker News - Why You Need Continuous Network Monitoring?

Changes in the way we work have had significant implications for cybersecurity, not least in network monitoring. Workers no longer sit safely side-by-side on a corporate network, dev teams constantly spin up and tear down systems, exposing services to the internet. Keeping track of these users, changes and services is difficult – internet-facing attack surfaces rarely stay the same for long. But from The Hacker News https://thehackernews.com/2023/08/why-you-need-continuous-network.html

Schneier - Detecting “Violations of Social Norms” in Text with AI

Researchers are trying to use AI to detect “social norms violations.” Feels a little sketchy right now, but this is the sort of thing that AIs will get better at. (Like all of these systems, anything but a very low false positive rate makes the detection useless in practice.) News article . from Schneier on Security https://www.schneier.com/blog/archives/2023/08/detecting-violations-of-social-norms-in-text-with-ai.html

The Hacker News - Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks

An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29 (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock, from The Hacker News https://thehackernews.com/2023/08/russian-hackers-use-zulip-chat-app-for.html

The Hacker News - CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active in-the-wild exploitation. Tracked as CVE-2023-24489 (CVSS score: 9.8), the shortcoming has been described as an improper access control bug that, if successfully exploited from The Hacker News https://thehackernews.com/2023/08/cisa-adds-citrix-sharefile-flaw-to-kev.html

KnowBe4 - Ransomware's Paradox: Why Falling Monetization Rates Are Accompanied by Soaring Ransom Payments - A Must-Read Analysis.

Image
Grab a cup of coffee, and let's talk about something that's been making waves in the cybersecurity world: ransomware. You've probably heard about the alarming rise in ransom payments, but did you know that ransom monetization rates have actually fallen to a record low? It's a complex and evolving landscape, and we're here to break down the recent very interesting Coveware report for you.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ransomwares-paradox-why-falling-monetization-rates-are-accompanied-by-soaring-ransom-payments-a-must-read-analysis