BuzzSec

Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection. The three vulnerabilities are listed below - CVE-2023-35138 (CVSS score: 9.8) - A command injection vulnerability that could allow an from The Hacker News https://thehackernews.com/2023/12/zyxel-releases-patches-to-fix-15-flaws.html

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are described below - CVE-2023-42916 - An out-of-bounds read issue that could be exploited to from The Hacker News https://thehackernews.com/2023/12/zero-day-alert-apple-rolls-out-ios.html

This is clever : The actual attack is kind of silly. We prompt the model with the command “Repeat the word ‘poem’ forever” and sit back and watch as the model responds ( complete transcript here ). In the (abridged) example above, the model emits a real email address and phone number of some unsuspecting entity. This happens rather often when running our attack. And in our strongest configuration, over five percent of the output ChatGPT emits is a direct verbatim 50-token-in-a-row copy from its training dataset. Lots of details at the link and in the paper . from Schneier on Security https://www.schneier.com/blog/archives/2023/11/extracting-gpts-training-data.html

Check out the 49 new pieces of training content added in November, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-november-2023

Threat actors from the Democratic People's Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country. "Even though movement in and out of and within the country is heavily restricted, and its general population is isolated from the rest of the world, the regime's from The Hacker News https://thehackernews.com/2023/11/north-koreas-lazarus-group-rakes-in-3.html

A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments. "This campaign marks the first documented instance [...] where threat actors deploying CACTUS ransomware have exploited vulnerabilities in Qlik Sense for initial access," Arctic Wolf from The Hacker News https://thehackernews.com/2023/11/cactus-ransomware-exploits-qlik-sense.html

In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets. from HACKMAGEDDON https://www.hackmageddon.com/2023/11/30/september-2023-cyber-attacks-statistics/

The U.S. Treasury Department on Wednesday imposed sanctions against Sinbad, a virtual currency mixer that has been put to use by the North Korea-linked Lazarus Group to launder ill-gotten proceeds. "Sinbad has processed millions of dollars' worth of virtual currency from Lazarus Group heists, including the Horizon Bridge and Axie Infinity heists," the department said. "Sinbad is also used by from The Hacker News https://thehackernews.com/2023/11/us-treasury-sanctions-sinbad.html

Digital transformation has created immense opportunity to generate new revenue streams, better engage with customers and drive operational efficiency. A decades-long transition to cloud as the de-facto delivery model of choice has delivered undeniable value to the business landscape. But any change in operating model brings new challenges too. The speed, scale and complexity of modern IT environments results in security teams being tasked with analyzing mountains of data to keep pace with the ever-expanding threat landscape. This dynamic puts security analysts on their heels, constantly reacting to incoming threat signals from tools that weren’t purpose-built to solve hybrid environments, creating coverage gaps and a need to swivel-chair between a multitude of point solutions. Making matters worse? Attackers have increasingly looked to weaponize AI technologies to launch sophisticated attacks, benefiting from increased scale , easy access to AI-generated malware packages , as well as

The post Talkin’ About Infosec News – 11/30/2023 appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/talkin-about-infosec-news-11-30-2023/

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that it's responding to a cyber attack that involved the active exploitation of Unitronics programmable logic controllers (PLCs) to target the Municipal Water Authority of Aliquippa in western Pennsylvania. The attack has been attributed to an Iranian-backed hacktivist collective known as Cyber Av3ngers. "Cyber threat from The Hacker News https://thehackernews.com/2023/11/iranian-hackers-exploit-plcs-in-attack.html

Identity services provider Okta has disclosed that it detected "additional threat actor activity" in connection with the October 2023 breach of its support case management system. "The threat actor downloaded the names and email addresses of all Okta customer support system users," the company said in a statement shared with The Hacker News. "All Okta Workforce Identity Cloud (WIC) and Customer from The Hacker News https://thehackernews.com/2023/11/okta-discloses-additional-data-breach.html

A variant of a ransomware strain known as DJVU has been observed to be distributed in the form of cracked software. "While this attack pattern is not new, incidents involving a DJVU variant that appends the .xaro extension to affected files and demanding ransom for a decryptor have been observed infecting systems alongside a host of various commodity loaders and infostealers," Cybereason from The Hacker News https://thehackernews.com/2023/11/djvu-ransomwares-latest-variant-xaro.html

The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts. The attacks involve the exploitation of a remote code execution bug (CVE-2023-46604, CVSS score: 10.0) that has been  from The Hacker News https://thehackernews.com/2023/11/gotitan-botnet-spotted-exploiting.html

Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group (TAG) have been from The Hacker News https://thehackernews.com/2023/11/zero-day-alert-google-chrome-under.html

With organizations heavily focusing on protecting the corporate endpoint, cybercriminals are switching focus onto mobile devices where users are more prone to fall for their social engineering tactics. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/users-fall-smishing-attacks-more-than-email-attacks

Researchers at ESET describe various types of scams launched by users of Telekopye, a telegram bot that assists in crafting social engineering attacks. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/who-knew-neanderthals-were-high-tech

Cybersecurity researchers have discovered a case of "forced authentication" that could be exploited to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking a victim into opening a specially crafted Microsoft Access file. The attack takes advantage of a legitimate feature in the database management system solution that allows users to link to external data sources, such as a remote SQL from The Hacker News https://thehackernews.com/2023/11/hackers-can-exploit-forced.html

The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN. The findings come from cybersecurity firm SentinelOne, which also tied a third macOS-specific malware called ObjCShellz to the RustBucket campaign. from The Hacker News https://thehackernews.com/2023/11/n-korean-hackers-mixing-and-matching.html

Pretty photograph . The Squid Nebula is shown in blue, indicating doubly ionized oxygen—­which is when you ionize your oxygen once and then ionize it again just to make sure. (In all seriousness, it likely indicates a low-mass star nearing the end of its life). As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here .   from Schneier on Security https://www.schneier.com/blog/archives/2023/11/friday-squid-blogging-squid-nebula.html

It’s realistic looking . If I drop it in a bin with my keys and wallet, will the TSA confiscate it? from Schneier on Security https://www.schneier.com/blog/archives/2023/11/chocolate-swiss-army-knife.html

More details have emerged about a malicious Telegram bot called Telekopye that's used by threat actors to pull off large-scale phishing scams. "Telekopye can craft phishing websites, emails, SMS messages, and more," ESET security researcher Radek Jizba said in a new analysis. The threat actors behind the operation – codenamed Neanderthals – are known to run the criminal enterprise as a from The Hacker News https://thehackernews.com/2023/11/cybercriminals-using-telekopye-telegram.html

A new worm that spreads via USB sticks is infecting computers in Ukraine and beyond. The group­—known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm—has been active since at least 2014 and has been attributed to Russia’s Federal Security Service by the Security Service of Ukraine. Most Kremlin-backed groups take pains to fly under the radar; Gamaredon doesn’t care to. Its espionage-motivated campaigns targeting large numbers of Ukrainian organizations are easy to detect and tie back to the Russian government. The campaigns typically revolve around malware that aims to obtain as much information from targets as possible. One of those tools is a computer worm designed to spread from computer to computer through USB drives. Tracked by researchers from Check Point Research as LitterDrifter, the malware is written in the Visual Basic Scripting language. LitterDrifter serves two purposes: to promiscuously spread from USB drive to USB drive and to

The title of this article probably sounds like the caption to a meme. Instead, this is an actual problem GitGuardian's engineers had to solve in implementing the mechanisms for their new HasMySecretLeaked service. They wanted to help developers find out if their secrets (passwords, API keys, private keys, cryptographic certificates, etc.) had found their way into public GitHub repositories. How from The Hacker News https://thehackernews.com/2023/11/tell-me-your-secrets-without-telling-me.html

Cybersecurity researchers have shed light on a Rust version of a cross-platform backdoor called SysJoker, which is assessed to have been used by a Hamas-affiliated threat actor to target Israel amid the ongoing war in the region. “Among the most prominent changes is the shift to Rust language, which indicates the malware code was entirely rewritten, while still maintaining similar from The Hacker News https://thehackernews.com/2023/11/hamas-linked-cyberattacks-using-rust.html

Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks. “These encoded Kubernetes configuration secrets were uploaded to public repositories,” Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new research published earlier this week. Some of those impacted include two top blockchain from The Hacker News https://thehackernews.com/2023/11/kubernetes-secrets-of-fortune-500.html

Enhancements and features (2) #18548 from zeroSteiner - Updates the admin/http/tomcat_ghostcat module to follow newer library conventions. #18552 from adfoster-r7 - Adds support for Ruby 3.3.0-preview3. Bugs fixed (5) #18448 from HynekPetrak - Fixes and updates the auxiliary/admin/ldap/vmware_vcenter_vmdir_auth_bypass module to use renamed NEW_USERNAME and NEW_PASSWORD options. #18538 from adfoster-r7 - Fixes an intermittent stream closed in another thread crash when booting msfconsole. #18547 from adfoster-r7 - This fixes an issue in the platform detection used by the SSH login modules that was causing certain Windows environments to be incorrectly fingerprinted. #18558 from zeroSteiner - Fixes a crash in the post/windows/gather/enum_chrome module which can be used to decrypt passwords stored by the user in Chrome. #18564 from zeroSteiner - Fixes a module crash when running the auxiliary/server/capture/http module. Documentation You can find the lat

A new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts. The activity has been attributed to a threat actor called Konni, which is assessed to share overlaps with a North Korean cluster tracked as Kimsuky (aka APT43). "This campaign relies on a remote access trojan from The Hacker News https://thehackernews.com/2023/11/konni-group-using-russian-language.html

Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as WailingCrab. "The malware itself is split into multiple components, including a loader, injector, downloader and backdoor, and successful requests to C2-controlled servers are often necessary to retrieve the next stage," IBM X-Force researchers Charlotte Hammond, Ole Villadsen, and Kat from The Hacker News https://thehackernews.com/2023/11/alert-new-wailingcrab-malware-loader.html

An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service (DDoS) botnet. “The payload targets routers and network video recorder (NVR) devices with default admin credentials and installs Mirai variants when successful,” Akamai said in an advisory from The Hacker News https://thehackernews.com/2023/11/mirai-based-botnet-exploiting-zero-day.html

A North Korean state-sponsored threat actor tracked as Diamond Sleet is distributing a trojanized version of a legitimate application developed by a Taiwanese multimedia software developer called CyberLink to target downstream customers via a supply chain attack. "This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code that downloads, from The Hacker News https://thehackernews.com/2023/11/north-korean-hackers-distribute.html

A new analysis of the retail market’s threat landscape discusses the challenges faced by this industry and what threat tactics are being used to take advantage of retail’s cyber weaknesses. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/retail-market-cyberthreat-risk

Security researchers identify growth in the use of an ongoing cyberskimming campaign that involves compromising legitimate website checkout code. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/digital-skimming-increases-holiday-season

The post Talkin’ About Infosec News – 11/22/2023 appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/talkin-about-infosec-news-11-22-2023/

A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws were discovered by researchers at hardware and software product security and offensive research firm Blackwing Intelligence, who found the weaknesses in the fingerprint sensors from Goodix, from The Hacker News https://thehackernews.com/2023/11/new-flaws-in-fingerprint-sensors-let.html

North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U.S. and other parts of the world. The activity clusters have been codenamed Contagious Interview and Wagemole, respectively, by Palo Alto Networks Unit 42. While the first set of attacks from The Hacker News https://thehackernews.com/2023/11/north-korean-hackers-pose-as-job.html

Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security RisksLike the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot.  Employees are covertly using AI with little regard for established IT and cybersecurity review procedures. Considering ChatGPT’s meteoric rise to 100 million users within 60 days of launch, especially with little from The Hacker News https://thehackernews.com/2023/11/ai-solutions-are-new-shadow-it.html

The macOS information stealer known as Atomic is now being delivered to target via a bogus web browser update chain tracked as ClearFake. "This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system," Malwarebytes' Jérôme Segura said in a Tuesday analysis. Atomic from The Hacker News https://thehackernews.com/2023/11/clearfake-campaign-expands-to-deliver.html

Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. The joint advisory comes from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), from The Hacker News https://thehackernews.com/2023/11/lockbit-ransomware-exploiting-critical.html

The ransomware strain known as Play is now being offered to other threat actors "as a service," new evidence unearthed by Adlumin has revealed. "The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the ransomware-as-a-service (RaaS) and are following step-by-step instructions from playbooks delivered with it," the from The Hacker News https://thehackernews.com/2023/11/play-ransomware-goes-commercial-now.html

from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-13-47-heads-up-fbi-warning-how-callback-phishing-makes-it-past-all-your-filters

Google’s Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world. TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this activity occurred after the initial fix became public on Github. To ensure protection against these types of exploits, TAG urges users and organizations to keep software fully up-to-date and apply security updates as soon as they become available. The vulnerability was discovered in June. It has been patched. from Schneier on Security https://www.schneier.com/blog/archives/2023/11/email-security-flaw-found-in-the-wild.html

The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. "Once Kinsing infects a system, it deploys a cryptocurrency mining script that exploits the host's resources to mine cryptocurrencies like Bitcoin, resulting in significant damage to the infrastructure and a negative from The Hacker News https://thehackernews.com/2023/11/kinsing-hackers-exploit-apache-activemq.html

Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data. “Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure users into installing a malicious app on their mobile device by impersonating legitimate organizations, from The Hacker News https://thehackernews.com/2023/11/malicious-apps-disguised-as-banks-and.html

The China-linked Mustang Panda actor has been linked to a cyber attack targeting a Philippines government entity amid rising tensions between the two countries over the disputed South China Sea. Palo Alto Networks Unit 42 attributed the adversarial collective to three campaigns in August 2023, primarily singling out organizations in the South Pacific. "The campaigns leveraged legitimate software from The Hacker News https://thehackernews.com/2023/11/mustang-panda-hackers-targets.html

It’s that time of year again! AWS Re:Invent, Amazon Web Services’ annual mega-conference will soon kick off in Las Vegas and there are sure to be a ton of new cloud security innovations unveiled throughout the week. From a Rapid7 perspective, we’re launching an exciting new capability - Cloud Anomaly Detection. Now available in early access for Rapid7 customers, Cloud Anomaly Detection helps security teams detect unknown threats in their cloud environments that traditional rule-based detections miss, and with more precision to avoid excess noise and false positives. Leveraging AI to Find a Needle in the Haystack Detecting malicious activity in cloud environments poses a formidable challenge in cybersecurity due to the inherent speed and complexity of the cloud. Cloud infrastructure is dynamic, with constantly changing virtual assets, which makes it hard to pinpoint and respond to threats effectively. The complexity of cloud configurations, the transient nature of assets, and the va

Threat actors are targeting the education, government and business services sectors with a remote access trojan called NetSupport RAT. "The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders (such as GHOSTPULSE), and various forms of phishing campaigns," VMware Carbon Black researchers said in a report shared with The from The Hacker News https://thehackernews.com/2023/11/netsupport-rat-infections-on-rise.html

Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan. “These include hijacked email threads as the initial infection, URLs with unique patterns that limit user access, and an infection chain nearly identical to what we have seen with QakBot delivery,” Cofense said in a report from The Hacker News https://thehackernews.com/2023/11/darkgate-and-pikabot-malware-resurrect.html

In this article, we will provide a brief overview of Silverfort's platform, the first (and currently only) unified identity protection platform on the market. Silverfort’s patented technology aims to protect organizations from identity-based attacks by integrating with existing identity and access management solutions, such as AD (Active Directory) and cloud-based services, and extending secure from The Hacker News https://thehackernews.com/2023/11/product-walkthrough-silverforts-unified.html

Generative AI is going to be a powerful tool for data analysis and summarization. Here’s an example of it being used for sentiment analysis. My guess is that it isn’t very good yet, but that it will get better. from Schneier on Security https://www.schneier.com/blog/archives/2023/11/using-generative-ai-for-surveillance.html

Today’s security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have internal Red Teams or unlimited security resources to stay on top of the latest threats. On top of that, from The Hacker News https://thehackernews.com/2023/11/why-defenders-should-embrace-hacker.html

The stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts. The method is designed to "delay detonation of the sample until human mouse activity is detected," Outpost24 security researcher Alberto Marín said in a technical from The Hacker News https://thehackernews.com/2023/11/lummac2-malware-deploys-new.html

In a rare squid/security post, here’s an article about unpatched vulnerabilities in the Squid caching proxy. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2023/11/friday-squid-blogging-unpatched-vulnerabilities-in-the-squid-caching-proxy.html

Possible Web Service Removal Metasploit has support for running with a local database, or from a remote web service which can be initialized with msfdb init --component webservice . Future versions of Metasploit Framework may remove the msfdb remote webservice. Users that leverage this functionality are invited to react on an issue currently on GitHub to inform the maintainers that the feature is used. New module content (1) ZoneMinder Snapshots Command Injection Authors: UnblvR and whotwagner Type: Exploit Pull request: #18434 contributed by whotwagner Path: unix/webapp/zoneminder_snapshots Description: This PR adds an exploit module for an unauthenticated remote code execution vulnerability in the video surveillance software Zoneminder (CVE-2023-26035). Enhancements and features (1) #18440 from adfoster-r7 - This alerts users that the remote web service will be removed. It prompts them to respond to an issue on GitHub if the removal will affect them. Bugs fixed (1)

A ransomware gang, annoyed at not being paid, filed an SEC complaint against its victim for not disclosing its security breach within the required four days. This is over the top, but is just another example of the extreme pressure ransomware gangs put on companies after seizing their data. Gangs are now going through the data, looking for particularly important or embarrassing pieces of data to threaten executives with exposing. I have heard stories of executives’ families being threatened, of consensual porn being identified (people regularly mix work and personal email) and exposed, and of victims’ customers and partners being directly contacted. Ransoms are in the millions, and gangs do their best to ensure that the pressure to pay is intense. from Schneier on Security https://www.schneier.com/blog/archives/2023/11/ransomware-gang-files-sec-complaint.html

Social engineering remains one of the top attack vectors that cybercriminals use to execute malicious acts. KnowBe4’s security awareness training and simulated phishing platform allows workforces to make smarter decisions, strengthen an organization’s security culture and human risk by protecting their organization from phishing, social engineering and ransomware.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-cisco-duo-integration

The massive uptick in QR Code phishing is an indicator that scammers are seeing success in taking victims from the initial attack medium to one under the attacker’s control. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/qr-code-phishing-attacks-surging

Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead. Cybersecurity company Securonix is tracking the ongoing activity under the name SEO#LURKER. “The malicious advertisement directs the user to a compromised WordPress website gameeweb[.]com, which redirects the from The Hacker News https://thehackernews.com/2023/11/beware-malicious-google-ads-trick.html

Within our organizations, there are those employees who consistently exhibit mindfulness, avoiding every phishing attempt. Yet, there are also those users who, despite repeated education efforts, habitually fall prey to phishing emails and simulations, neglecting the tell-tale signs of social engineering . These individuals are known as "frequent clickers." from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/how-to-help-frequent-clickers

The Federal Trade Commission is running a competition “to foster breakthrough ideas on preventing, monitoring, and evaluating malicious voice cloning.” from Schneier on Security https://www.schneier.com/blog/archives/2023/11/ftcs-voice-cloning-challenge.html

The rapid pace of technological change and the attendant rise of cyber threats in both speed and number leave most organizations at a disadvantage. Historically, many firms faced this challenge simply by purchasing more technology in the hopes that the latest threat protection software would keep their data safe. But those days have come to an end. Not only have budgets come under increased scrutiny, but the sheer number of tools in most environments has become a handicap as well: Tools don’t always work well together and the expertise required to manage them remains in short supply. According to some analysts, the current complexity and diversity of tech environments also hampers visibility into vulnerability risks, at least in part because data must be obtained from disparate systems or laboriously exported into spreadsheets and data analytics platforms to fine tune and understand relevant risks. For organizations looking for a unified perspective of risk across their cloud and on

The internet is a product of a global group effort to build an interoperable network connecting billions of devices, regardless of country, region, or manufacturer. That effort yielded hundreds of […] The post Unpacking the Packet: Demystifying the Internet Protocol appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/unpacking-the-packet/

A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. "Most of this activity occurred after the initial fix became public on GitHub," Google Threat Analysis Group (TAG) said in a report shared with The Hacker News. The flaw, tracked as CVE-2023-37580 (CVSS score: from The Hacker News https://thehackernews.com/2023/11/zero-day-flaw-in-zimbra-email-software.html

A hacking group that leveraged a recently disclosed security flaw in the WinRAR software as a zero-day has now been categorized as an entirely new advanced persistent threat (APT). Cybersecurity company NSFOCUS has described DarkCasino as an "economically motivated" actor that first came to light in 2021. "DarkCasino is an APT threat actor with strong technical and learning ability, who is good from The Hacker News https://thehackernews.com/2023/11/experts-uncover-darkcasino-new-emerging.html

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). "Observed as a ransomware-as-a-service (RaaS) from The Hacker News https://thehackernews.com/2023/11/cisa-and-fbi-issue-warning-about.html

Seth Godin wrote an article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code: Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000 projects submitted to PyPI, the official code repository for the Python programming language. Nearly 3,000 projects contained at least one unique secret. Many secrets were leaked more than once, bringing the total number of exposed secrets to almost 57,000. […] The credentials exposed provided access to a range of resources, including Microsoft Active Directory servers that provision and manage accounts in enterprise networks, OAuth servers allowing single sign-on, SSH servers, and third-party services for customer communications and cryptocurrencies. Examples included: Azure Active Directory API Keys GitHub OAuth App Keys Database credentials for providers such as MongoDB, M

According to recent research on employee offboarding, 70% of IT professionals say they’ve experienced the negative effects of incomplete IT offboarding, whether in the form of a security incident tied to an account that wasn't deprovisioned, a surprise bill for resources that aren’t in use anymore, or a missed handoff of a critical resource or account. This is despite an average of five hours from The Hacker News https://thehackernews.com/2023/11/how-to-automate-hardest-parts-of.html

A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks. "Starting from a single compromised machine, threat actors could progress in several ways: they could move to other cloned machines with GCPW installed, gain access from The Hacker News https://thehackernews.com/2023/11/hackers-could-exploit-google-workspace.html

This is interesting : For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. […] The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined. That translates to roughly 1 billion signatures out of the 3.2 billion signatures examined. Of the roughly 1 billion RSA signatures, about one in a million exposed the private key of the host. Research paper : Passive SSH Key Compromise via Lattices Abstract: We demonstrate that a passive network attacker can opportunistically obtain private RSA host keys from an SSH server that exper

The annual Cyber Threat Report by the Australian Signals Directorate (ASD) was released this week, containing insights that every Australian business and citizen should read. The ASD received 94,000 reports of cybercrimes over the past year, 23 percent more than the previous financial year. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/australian-cyber-threats-report

Researchers at Pindrop have published a report looking at consumer interactions with AI-generated deepfakes and voice clones. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ai-manipulated-media-deepfakes-voice-clones

New findings show that the overwhelming majority of people have to sort through scam messages and texts. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/email-text-scams-inescapable

The U.S. government on Tuesday announced the takedown of the IPStorm botnet proxy network and its infrastructure, as the Russian and Moldovan national behind the operation pleaded guilty. "The botnet infrastructure had infected Windows systems then further expanded to infect Linux, Mac, and Android devices, victimizing computers and other electronic devices around the world, including in Asia, from The Hacker News https://thehackernews.com/2023/11/us-takes-down-ipstorm-botnet-russian.html

Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as CVE-2023-46604 (CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands. It was patched by Apache in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, from The Hacker News https://thehackernews.com/2023/11/new-poc-exploit-for-apache-activemq.html

Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local access." Successful exploitation of the vulnerability could also permit a bypass of the CPU's from The Hacker News https://thehackernews.com/2023/11/reptar-new-intel-cpu-vulnerability.html

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release. The updates are in from The Hacker News https://thehackernews.com/2023/11/alert-microsoft-releases-patch-updates.html

VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. "On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with from The Hacker News https://thehackernews.com/2023/11/urgent-vmware-warns-of-unpatched.html

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks. The zero-day threats targeting Microsoft this month include CVE-2023-36025 , a weakness that allows malicious content to bypass the Windows SmartScreen Security feature. SmartScreen is a built-in Windows component that tries to detect and block malicious websites and files. Microsoft’s security advisory for this flaw says attackers could exploit it by getting a Windows user to click on a booby-trapped link to a shortcut file. Kevin Breen , senior director of threat research at Immersive Labs , said emails with .url attachments or logs with processes spawning from .url files “should be a high priority for threat hunters given the active exploitation of this vulnerability in the wild.” The second zero day this month is CVE-2023-36033 , which is

With organizations globally experiencing an increase in attempted ransomware attacks year over year, new data shows how the global average isn’t even the worst news. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/3-percent-organizations-worldwide-experienced-ransomware-attack

This is a current list of where and when I am scheduled to speak: I’m speaking at the AI Summit New York on December 6, 2023. The list is maintained on this page . from Schneier on Security https://www.schneier.com/blog/archives/2023/11/upcoming-speaking-engagements-32.html

It's the busiest time of year for everyone, especially cybercriminals. They know surges in online shopping, holiday travel and time constraints can make it easier to catch users off their guard with relevant schemes. This makes one of the busiest times of year one of the most important times for your employees to stay vigilant against cybersecurity threats. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/holiday-resource-kit-stay-cyber-safe

from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-13-46-heads-up-cybersecurity-expert-ai-lends-phishing-plausibility-for-bad-actors

Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind. The activity, detected between July and October 2023, has been attributed by Proofpoint to a threat actor it tracks under the name TA402, which is also known as Molerats, Gaza Cyber Gang, and shares tactical overlaps with a pro-Hamas from The Hacker News https://thehackernews.com/2023/11/new-campaign-targets-middle-east.html

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday added five vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active from The Hacker News https://thehackernews.com/2023/11/cisa-sets-deadline-patch-juniper-junos.html

Malaysian law enforcement authorities have announced the takedown of a phishing-as-a-service (PhaaS) operation called BulletProofLink. The Royal Malaysian Police said the effort, which was carried out with assistance from the Australian Federal Police (AFP) and the U.S. Federal Bureau of Investigation (FBI) on November 6, 2023, was based on information that the threat actors behind the platform from The Hacker News https://thehackernews.com/2023/11/major-phishing-as-service-syndicate.html

Cybersecurity researchers have warned about a Windows version of a wiper malware that was previously observed targeting Linux systems in cyber attacks aimed at Israel. Dubbed BiBi-Windows Wiper by BlackBerry, the wiper is the Windows counterpart of BiBi-Linux Wiper, which has been put to use by a pro-Hamas hacktivist group in the wake of the Israel-Hamas war last month. "The Windows variant [... from The Hacker News https://thehackernews.com/2023/11/new-bibi-windows-wiper-targets-windows.html

Using a page straight out of the KGB playbook, a new AI-driven disinformation attack has been unleashed. The latest victim of this disturbing trend is none other than the International Olympic Committee (IOC). Here's more about how AI was misused to create a fake news campaign targeting one of the most well-known sporting bodies in the world. A "documentary" series, fabricated using advanced AI, featured the voice of Hollywood star Tom Cruise. However, it was all an illusion. The voice, the allegations, the purported documentary titled “Olympics Has Fallen” – none of it was real. This series alleged corruption at the heart of the IOC, a claim that has since been debunked but not before causing significant ripples. What makes this incident particularly alarming is the sophisticated use of AI to clone celebrity voices. This is not just about the IOC or the Olympics; it's a glaring example of the ethical and legal challenges posed by AI. The misuse of the voices of