Posts

Showing posts from December, 2023

The Hacker News - New JinxLoader Targeting Users with Formbook and XLoader Malware

A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor XLoader. The disclosure comes from cybersecurity firms Palo Alto Networks Unit 42 and Symantec, both of which highlighted multi-step attack sequences that led to the deployment of JinxLoader through phishing attacks. "The from The Hacker News https://thehackernews.com/2024/01/new-jinxloader-targeting-users-with.html

KnowBe4 - Researchers use AI chatbots against themselves to 'jailbreak' each other

Image
Fascinating article at TechXplore, December 28, 2023.   Computer scientists from Nanyang Technological University, Singapore (NTU Singapore) have managed to compromise multiple artificial intelligence (AI) chatbots, including ChatGPT, Google Bard and Microsoft Bing Chat, to produce content that breaches their developers' guidelines—an outcome known as "jailbreaking."  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/researchers-use-ai-chatbots-against-themselves-to-jailbreak-each-other

The Hacker News - Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks

Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets. "These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu, from The Hacker News https://thehackernews.com/2023/12/beware-scam-as-service-aiding.html

The Hacker News - Albanian Parliament and One Albania Telecom Hit by Cyber Attacks

The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed this week. “These infrastructures, under the legislation in force, are not currently classified as critical or important information infrastructure,” AKCESK said. One Albania, which has from The Hacker News https://thehackernews.com/2023/12/albanian-parliament-and-one-albania.html

KnowBe4 - Your KnowBe4 Fresh Content Updates from December 2023

Image
Check out the 36 new pieces of training content added in December, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-december-2023

Schneier - AI Is Scarily Good at Guessing the Location of Random Photos

Wow : To test PIGEON’s performance, I gave it five personal photos from a trip I took across America years ago, none of which have been published online. Some photos were snapped in cities, but a few were taken in places nowhere near roads or other easily recognizable landmarks. That didn’t seem to matter much. It guessed a campsite in Yellowstone to within around 35 miles of the actual location. The program placed another photo, taken on a street in San Francisco, to within a few city blocks. Not every photo was an easy match: The program mistakenly linked one photo taken on the front range of Wyoming to a spot along the front range of Colorado, more than a hundred miles away. And it guessed that a picture of the Snake River Canyon in Idaho was of the Kawarau Gorge in New Zealand (in fairness, the two landscapes look remarkably similar). This kind of thing will likely get better. And even if it is not perfect, it has some pretty profound privacy implications (but so did geoloca...

The Hacker News - CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the agency between December 15 and 25, 2023, targets government entities from The Hacker News https://thehackernews.com/2023/12/cert-ua-uncovers-new-malware-wave.html

Schneier - Friday Squid Blogging: Sqids

They’re short unique strings : Sqids (pronounced “squids”) is an open-source library that lets you generate YouTube-looking IDs from numbers. These IDs are short, can be generated from a custom alphabet and are guaranteed to be collision-free. I haven’t dug into the details enough to know how they can be guaranteed to be collision-free. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2023/12/friday-squid-blogging-sqids.html

The Hacker News - Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks

Nation-state actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines. South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky. “A notable point about attacks that from The Hacker News https://thehackernews.com/2023/12/kimsuky-hackers-deploying-appleseed.html

The Hacker News - Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service

Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to from The Hacker News https://thehackernews.com/2023/12/google-cloud-resolves-privilege.html

KnowBe4 - SMTP Smuggling Technique Bypasses Email Authentications Establishing Legitimacy

Image
A newly-discovered technique misusing SMTP commands allows cybercriminals to pass SPF, DKIM and DMARC checks, empowering impersonated emails to reach their intended victim. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/smtp-smuggling-email-security-impersonation

Schneier - AI and Lossy Bottlenecks

Image
Artificial intelligence is poised to upend much of society, removing human limitations inherent in many systems. One such limitation is information and logistical bottlenecks in decision-making. Traditionally, people have been forced to reduce complex choices to a small handful of options that don’t do justice to their true desires. Artificial intelligence has the potential to remove that limitation. And it has the potential to drastically change how democracy functions. AI researcher Tantum Collins and I, a public-interest technology scholar , call this AI overcoming “lossy bottlenecks.” Lossy is a term from information theory that refers to imperfect communications channels—that is, channels that lose information. Multiple-choice practicality Imagine your next sit-down dinner and being able to have a long conversation with a chef about your meal. You could end up with a bespoke dinner based on your desires, the chef’s abilities and the available ingredients. This is possible ...

The Hacker News - Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature

The Operation Triangulation spyware attacks targeting Apple iOS devices leveraged never-before-seen exploits that made it possible to even bypass pivotal hardware-based security protections erected by the company. Russian cybersecurity firm Kaspersky, which discovered the campaign at the beginning of 2023 after becoming one of the targets, described it as from The Hacker News https://thehackernews.com/2023/12/most-sophisticated-iphone-hack-ever.html

The Hacker News - New Rugmi Malware Loader Surges with Hundreds of Daily Detections

A new malware loader is being used by threat actors to deliver a wide range of information stealers such as Lumma Stealer (aka LummaC2), Vidar, RecordBreaker (aka Raccoon Stealer V2), and Rescoms. Cybersecurity firm ESET is tracking the trojan under the name Win/TrojanDownloader.Rugmi. "This malware is a loader with three types of components: a downloader that downloads an from The Hacker News https://thehackernews.com/2023/12/new-rugmi-malware-loader-surges-with.html

KnowBe4 - We Do What We Are Trained To Do

Image
When I was young, I was an oceanfront lifeguard, firefighter and EMT paramedic. All disciplines involved frequent education and training.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/we-do-what-we-are-trained-to-do

Rapid 7 - There’s One Last Gift Under the Tree, It’s Hands-On IoT!

Image
It’s the holiday season and since we’re in a giving mood we thought we’d surprise our loyal readers with a fun, hands-on hardware exercise to enjoy during some well-earned downtime. But first, a little background. Every year Rapid7 has a pretty solid presence at DefCon in Las Vegas. This year was no exception. One of the cornerstones of our DefCon experience is participating in the IoT Village. Deral Heiland, our Principal Security Researcher for IoT, takes attendees through each of the steps of breaking into a particular piece of IoT hardware. And every year we release his talk (with a few additions) for those who couldn’t make it to Vegas for the conference. What we have here is this year’s Hands-On IoT presentation for the hacking of an IP camera over Universal Asynchronous Receiver/Transmitter (UART). It’s Deral’s original presentation with some added details and context. In this paper, Deral takes you step by step through the process, offering insight into how UART and U-Boots...

The Hacker News - Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances

Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoor on a "limited number" of devices. Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that resides within a third-party and open-source library Spreadsheet::ParseExcel that's used by the Amavis scanner within the from The Hacker News https://thehackernews.com/2023/12/chinese-hackers-exploited-new-zero-day.html

Schneier - New iPhone Security Features to Protect Stolen Devices

Apple is rolling out a new “Stolen Device Protection” feature that seems well thought out: When Stolen Device Protection is turned on, Face ID or Touch ID authentication is required for additional actions, including viewing passwords or passkeys stored in iCloud Keychain, applying for a new Apple Card, turning off Lost Mode, erasing all content and settings, using payment methods saved in Safari, and more. No passcode fallback is available in the event that the user is unable to complete Face ID or Touch ID authentication. For especially sensitive actions, including changing the password of the Apple ID account associated with the iPhone, the feature adds a security delay on top of biometric authentication. In these cases, the user must authenticate with Face ID or Touch ID, wait one hour, and authenticate with Face ID or Touch ID again. However, Apple said there will be no delay when the iPhone is in familiar locations, such as at home or work. More details at the link. from ...

The Hacker News - New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices

A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it's developed using an open-source mobile app framework called Xamarin and abuses the operating system's accessibility permissions to fulfill its objectives. from The Hacker News https://thehackernews.com/2023/12/new-sneaky-xamalicious-android-malware.html

The Hacker News - Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining

Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS) attacks. "Threat actors can also choose to install only scanners and sell the breached IP and account credentials on from The Hacker News https://thehackernews.com/2023/12/warning-poorly-secured-linux-ssh.html

Schneier - Google Stops Collecting Location Data from Maps

Google Maps now stores location data locally on your device, meaning that Google no longer has that data to turn over to the police. from Schneier on Security https://www.schneier.com/blog/archives/2023/12/google-stops-collecting-location-data-from-maps.html

The Hacker News - Carbanak Banking Malware Resurfaces with New Ransomware Tactics

The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. "Carbanak returned last month through new from The Hacker News https://thehackernews.com/2023/12/carbanak-banking-malware-resurfaces.html

The Hacker News - Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies

The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after Group-IB's formal exit from Russia earlier this year. Cloud Atlas, active since at from The Hacker News https://thehackernews.com/2023/12/cloud-atlas-spear-phishing-attacks.html

The Hacker News - British LAPSUS$ Teen Members Sentenced for High-Profile Attacks

Two British teens part of the LAPSUS$ cyber crime and extortion gang have been sentenced for their roles in orchestrating a string of high-profile attacks against a number of companies. Arion Kurtaj, an 18-year-old from Oxford, has been sentenced to an indefinite hospital order due to his intent to get back to cybercrime "as soon as possible," BBC reported. Kurtaj, who is autistic, was from The Hacker News https://thehackernews.com/2023/12/british-lapsus-teen-members-sentenced.html

The Hacker News - Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft

Threat hunters have discovered a rogue WordPress plugin that's capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri. "As with many other malicious or fake WordPress plugins it contains some deceptive information at from The Hacker News https://thehackernews.com/2023/12/rogue-wordpress-plugin-exposes-e.html

SBS CyberSecurity - Press Release: SBS CyberSecurity Announces CEO Transition

SBS has announced that CEO, Honey Shelton, will transition to the role of Chief Strategy Officer (CSO) effective January 1, 2024. from SBS CyberSecurity https://sbscyber.com/resources/press-release-sbs-cybersecurity-announces-ceo-transition

KnowBe4 - SC Mag: "Attacks on critical infrastructure are harbingers of war: Are we prepared?"

Image
I just found a great post by Morgan Wright, chief security advisor of SentinelOne. Here is a quick summary and a link to the full article is at the bottom. The recent attacks on water authorities like Aliquippa and St. Johns River have cast a spotlight on the vulnerability of critical infrastructure. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/sc-mag-attacks-on-critical-infrastructure-are-harbingers-of-war-are-we-prepared

The Hacker News - Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities

Indian government entities and the defense sector have been targeted by a phishing campaign that's engineered to drop Rust-based malware for intelligence gathering. The activity, first detected in October 2023, has been codenamed Operation RusticWeb by enterprise security firm SEQRITE. "New Rust-based payloads and encrypted PowerShell commands have been utilized to exfiltrate from The Hacker News https://thehackernews.com/2023/12/operation-rusticweb-rust-based-malware.html

The Hacker News - Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers' unfamiliarity can hamper their investigation," Netskope researchers Ghanashyam Satpathy and Jan Michael Alcantara  from The Hacker News https://thehackernews.com/2023/12/decoy-microsoft-word-documents-used-to.html

Schneier - Data Exfiltration Using Indirect Prompt Injection

Interesting attack on a LLM: In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents. We show that attackers can prepare websites that, when a user adds them as a source, manipulate the LLM into sending private information to the attacker or perform other malicious activities. The data theft can include documents the user has uploaded, their chat history or potentially specific private information the chat model can convince the user to divulge at the attacker’s behest. from Schneier on Security https://www.schneier.com/blog/archives/2023/12/data-exfiltration-using-indirect-prompt-injection.html

The Hacker News - UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. "The threat actor targets Ukrainian employees working for companies outside of Ukraine," cybersecurity firm Deep Instinct said in a Thursday analysis. UAC-0099 was first from The Hacker News https://thehackernews.com/2023/12/uac-0099-using-winrar-exploit-to-target.html

The Hacker News - Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector

Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach Sandstorm (formerly Holmium), which is also known as APT33, Elfin, and Refined Kitten. " from The Hacker News https://thehackernews.com/2023/12/microsoft-warns-of-new-falsefont.html

KnowBe4 - Underground Cyber Crime Marketplaces are Now Showing Up on the Open Web

Image
Marketplaces such as OLVX are shifting from the dark web to the open web to take advantage of traditional web services to assist in marketing to and providing access to new customers. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/underground-cyber-crime-marketplaces-open-web

KnowBe4 - Interest in AI-Generated ‘Undressing’ Increases 2000% as it Becomes a Mainstream Online Business

Image
The advent of non-consensual intimate imagery (NCII) as a monetized business on the Internet has shifted pornography into the realm of undressing anyone you like. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ai-generated-undressing-mainstream-business

KnowBe4 - Cancer Center Patients Become Attempted Victims of Data Extortion

Image
Cybercriminals of the lowest kind breached as many as 800,000 patients and then sent emails threatening to sell their data if they didn’t pay a fee to block it from selling. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cancer-center-victims-data-extortion

Schneier - Cyberattack on Ukraine’s Kyivstar Seems to Be Russian Hacktivists

The Solntsepek group has taken credit for the attack . They’re linked to the Russian military, so it’s unclear whether the attack was government directed or freelance. This is one of the most significant cyberattacks since Russia invaded in February 2022. from Schneier on Security https://www.schneier.com/blog/archives/2023/12/cyberattack-on-ukraines-kyivstar-seems-to-be-russian-hacktivists.html

The Hacker News - Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices

John Hanley of IBM Security shares 4 key findings from the highly acclaimed annual Cost of a Data Breach Report 2023 What is the IBM Cost of a Data Breach Report? The IBM Cost of a Data Breach Report is an annual report that provides organizations with quantifiable information about the financial impacts of breaches. With this data, they can make data driven decisions about how they implement from The Hacker News https://thehackernews.com/2023/12/cost-of-data-breach-report-2023.html

The Hacker News - German Authorities Dismantle Dark Web Hub 'Kingdom Market' in Global Operation

German law enforcement has announced the disruption of a dark web platform called Kingdom Market that specialized in the sales of narcotics and malware to "tens of thousands of users." The exercise, which involved collaboration from authorities from the U.S., Switzerland, Moldova, and Ukraine, began on December 16, 2023, the Federal Criminal Police Office (BKA) said. Kingdom from The Hacker News https://thehackernews.com/2023/12/german-authorities-dismantle-dark-web.html

The Hacker News - Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware

Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.8), a memory corruption vulnerability in Office's from The Hacker News https://thehackernews.com/2023/12/hackers-exploiting-old-ms-excel.html

The Hacker News - Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. Clément from The Hacker News https://thehackernews.com/2023/12/urgent-new-chrome-zero-day.html

SBS CyberSecurity - Hacker Hour: Table Top Testing- Putting Risk On The Table

Join SBS as we discuss how to overcome some of the most common challenges, design a tabletop exercise to match your organization, and review some of the best practices for risk management. from SBS CyberSecurity https://sbscyber.com/resources/hacker-hour-table-top-testing-putting-risk-on-the-table

Rapid 7 - Expanded Coverage and AWS Compliance Pack Updates in InsightCloudSec Coming Out of AWS Re:Invent 2023

Image
It seems like it was just yesterday that we were in Las Vegas for AWS Re:Invent, but it’s already been almost two weeks since the conference wrapped up. As is always the case, AWS unveiled a host of new services throughout the week, including advancements around serverless, artificial intelligence (AI) and Machine Learning (ML), security and more. There were a ton of really exciting announcements, but a few stood out to me. Before we dive into the new and updated services we now support in InsightCloudSec, let’s take a second to highlight a few of them and why they’re of note. Highlights from AWS’ New Service Announcements during Re:Invent Amazon Bedrock general availability was announced back in October, re:Invent brought with it announcements of new capabilities including customized models, GenAI applications to execute multi-step tasks, and Guardrails announced in preview. New Security Hub functionalities were introduced, including centralized governance, custom controls and ...

The Hacker News - Remote Encryption Attacks Surge: How One Vulnerable Device Can Spell Disaster

Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their campaigns. "Companies can have thousands of computers connected to their network, and with remote ransomware, all it takes is one underprotected device to compromise the entire network," Mark Loman, vice from The Hacker News https://thehackernews.com/2023/12/remote-encryption-attacks-surge-how-one.html

The Hacker News - Product Explained: Memcyco's Real-Time Defense Against Website Spoofing

Hands-On Review: Memcyco’s Threat Intelligence Solution Website impersonation, also known as brandjacking or website spoofing, has emerged as a significant threat to online businesses. Malicious actors clone legitimate websites to trick customers, leading to financial scams and data theft causing reputation damage and financial losses for both organizations and customers. The Growing Threat of from The Hacker News https://thehackernews.com/2023/12/product-explained-memcycos-real-time.html

The Hacker News - Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave

The Chinese-speaking threat actors behind Smishing Triad have been observed masquerading as the United Arab Emirates Federal Authority for Identity and Citizenship to send malicious SMS messages with the ultimate goal of gathering sensitive information from residents and foreigners in the country. "These criminals send malicious links to their victims' mobile devices through SMS or from The Hacker News https://thehackernews.com/2023/12/alert-chinese-hackers-pose-as-uae.html

The Hacker News - New Go-Based JaskaGO Malware Targeting Windows and macOS Systems

A new Go-based information stealer malware called JaskaGO has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery, said the malware is "equipped with an extensive array of commands from its command-and-control (C&C) server." Artifacts designed for macOS were first observed in July from The Hacker News https://thehackernews.com/2023/12/new-go-based-jaskago-malware-targeting.html

Krebs - BlackCat Ransomware Raises Ante After FBI Disruption

Image
The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat . The FBI said it seized the gang’s darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly “unseizing” its darknet site with a message promising 90 percent commissions for affiliates who continue to work with the crime group, and open season on everything from hospitals to nuclear power plants. A slightly modified version of the FBI seizure notice on the BlackCat darknet site (Santa caps added). Whispers of a possible law enforcement action against BlackCat came in the first week of December, after the ransomware group’s darknet site went offline and remained unavailable for roughly five days. BlackCat eventually managed to bring its site back online, blaming the outage on equipment malfunctions . ...

KnowBe4 - New Remote “Job” Scam Tells Victims They'll Get Paid For Liking YouTube Videos

Image
Researchers at Bitdefender warn that scammers are tricking victims with fake remote job opportunities. In this case, the scammers tell victims that they’ll get paid for liking YouTube videos. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/new-remote-job-scam

KnowBe4 - Holiday Scams Include Thousands of Impersonation Phishing Domains per Brand

Image
Midstride in this year’s holiday shopping, it’s important to realize just how many websites exist that impersonate legitimate online retailers. More importantly, your users need to know how to spot these types of attacks before falling victim. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/holiday-scams-impersonation-phishing-domains

The Hacker News - 8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware

The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers. "This vulnerability allows remote authenticated from The Hacker News https://thehackernews.com/2023/12/8220-gang-exploiting-oracle-weblogic.html

The Hacker News - Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide

The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. "Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations in North from The Hacker News https://thehackernews.com/2023/12/double-extortion-play-ransomware.html

The Hacker News - Top 7 Trends Shaping SaaS Security in 2024

Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of their software in the cloud.  These applications contain a wealth of data, from minimally sensitive general from The Hacker News https://thehackernews.com/2023/12/top-7-trends-shaping-saas-security-in.html

The Hacker News - Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges

The developers of the information stealer malware known as Rhadamanthys are actively iterating on its features, broadening its information-gathering capabilities and also incorporating a plugin system to make it more customizable. This approach not only transforms it into a threat capable of delivering "specific distributor needs," but also makes it more potent, Check Point said& from The Hacker News https://thehackernews.com/2023/12/rhadamanthys-malware-swiss-army-knife.html

The Hacker News - MongoDB Suffers Security Breach, Exposing Customer Data

MongoDB on Saturday disclosed it's actively investigating a security incident that has led to unauthorized access to "certain" corporate systems, resulting in the exposure of customer account metadata and contact information. The American database software company said it first detected anomalous activity on December 13, 2023, and that it immediately activated its incident response from The Hacker News https://thehackernews.com/2023/12/mongodb-suffers-security-breach.html

The Hacker News - China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents

China's Ministry of Industry and Information Technology (MIIT) on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system. The effort is designed to "improve the comprehensive response capacity for data security incidents, to ensure timely and effective control, mitigation and elimination of hazards and losses caused from The Hacker News https://thehackernews.com/2023/12/chinas-miit-introduces-color-coded.html

The Hacker News - Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds

Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season. The goal of the attacks is to propagate booby-trapped links that direct victims to adversary-in-the-middle (AiTM from The Hacker News https://thehackernews.com/2023/12/microsoft-warns-of-storm-0539-rising.html

KnowBe4 - IRS Warns of Expected Wave of Tax Scams

Image
Urging taxpayers and tax professionals to be vigilant, the Internal Revenue Service (IRS) provides some simple guidance on how to spot new scams aimed at being able to file fake tax returns. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/irs-warns-tax-scams

The Hacker News - New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks

A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen Technologies, the malicious network is an amalgamation of two complementary activity from The Hacker News https://thehackernews.com/2023/12/new-kv-botnet-targeting-cisco-draytek.html

The Hacker News - Crypto Hardware Wallet Ledger's Supply Chain Breach Results in $600,000 Theft

Crypto hardware wallet maker Ledger published a new version of its "@ledgerhq/connect-kit" npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets. The compromise was the result of a former employee falling victim to a phishing attack, the company said in a statement. This allowed the attackers to gain from The Hacker News https://thehackernews.com/2023/12/crypto-hardware-wallet-ledgers-supply.html

Schneier - A Robot the Size of the World

In 2016, I wrote about an Internet that affected the world in a direct, physical manner. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars. And it had smarts in the middle, using sensor data to figure out what to do and then actually do it. This was the Internet of Things (IoT). The classical definition of a robot is something that senses, thinks, and acts—that’s today’s Internet. We’ve been building a world-sized robot without even realizing it. In 2023, we upgraded the “thinking” part with large-language models (LLMs) like GPT. ChatGPT both surprised and amazed the world with its ability to understand human language and generate credible, on-topic, humanlike responses. But what these are really good at is interacting with systems formerly designed for humans. Their accuracy will get better, and they will be used to replace actual humans. In 2024, we’re going to start connecting those LLMs and other AI system...

The Hacker News - Google's New Tracking Protection in Chrome Blocks Third-Party Cookies

Google on Thursday announced that it will start testing a new feature called "Tracking Protection" starting January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser. The setting is designed to limit "cross-site tracking by restricting website access to third-party cookies by default," Anthony Chavez, vice president of Privacy from The Hacker News https://thehackernews.com/2023/12/googles-new-tracking-protection-in.html

The Hacker News - New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks

A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications channel. "The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities," Russian from The Hacker News https://thehackernews.com/2023/12/new-nkabuse-malware-exploits-nkn.html

Krebs - Ten Years Later, New Clues in the Target Breach

Image
On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string “ Rescator ,” which also was the handle chosen by the cybercriminal who was selling all of the cards stolen from Target customers. Ten years later, KrebsOnSecurity has uncovered new clues about the real-life identity of Rescator. Rescator, advertising a new batch of cards stolen in a 2014 breach at P.F. Chang’s. Shortly after breaking the Target story, KrebsOnSecurity reported that Rescator appeared to be a hacker from Ukraine. Efforts to confirm my reporting with that individual ended when they declined to answer questions, and after I declined to accept a bribe of $10,000 not to run my story. That reporting was based on clues from an early Russian cybercrime forum in which a hacker named Rescator — using t...