Posts

Showing posts from January, 2024

The Hacker News - CISA Warns of Active Exploitation of Critical Vulnerability in iOS, iPadOS, and macOS

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component. "An attacker with from The Hacker News https://thehackernews.com/2024/02/cisa-warns-of-active-exploitation-of.html

KnowBe4 - [Live Demo] Customizing Your Compliance Training to Increase Effectiveness

Image
Linking compliance training to specific outcomes is hard. Compliance training has a reputation for being challenging for organizations to offer, difficult to do right and employees are not engaged. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/live-demo-compliance-training-q1-2024

The Hacker News - Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware

A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks single out multiple industries, including health, transportation, construction, and logistics. "UNC4990 operations generally involve widespread USB infection followed by the deployment of the from The Hacker News https://thehackernews.com/2024/01/italian-businesses-hit-by-weaponized.html

The Hacker News - Chinese Hackers Exploiting VPN Flaws to Deploy KrustyLoader Malware

A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused from The Hacker News https://thehackernews.com/2024/01/chinese-hackers-exploiting-critical-vpn.html

The Hacker News - New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246, the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes. It's said to have been accidentally from The Hacker News https://thehackernews.com/2024/01/new-glibc-flaw-grants-attackers-root.html

The Hacker News - URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite

GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10. "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to from The Hacker News https://thehackernews.com/2024/01/urgent-upgrade-gitlab-critical.html

The Hacker News - China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz

The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans. The findings come from CSIRT-CTI, which said the activities took place in November 2023 and January 2024 after artifacts in connection with the attacks were uploaded to the from The Hacker News https://thehackernews.com/2024/01/china-linked-hackers-target-myanmars.html

The Hacker News - New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility

Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet's infrastructure was dismantled in April 2022. A new variant of the malware is said to have been in development since September 2023, Zscaler ThreatLabz said in an analysis published this month. "The new version of Zloader made significant changes to the loader from The Hacker News https://thehackernews.com/2024/01/new-zloader-malware-variant-surfaces.html

The Hacker News - Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws

Juniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are rooted in the J-Web component and impact all versions of Junos OS. Two other shortcomings, CVE-2023-36846 and from The Hacker News https://thehackernews.com/2024/01/juniper-networks-releases-urgent-junos.html

Schneier - Microsoft Executives Hacked

Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives. Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. from Schneier on Security https://www.schneier.com/blog/archives/2024/01/microsoft-executives-hacked.html

Krebs - Who is Alleged Medibank Hacker Aleksandr Ermakov?

Image
Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank . 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia’s most destructive ransomware groups, but little more is shared about the accused. Here’s a closer look at the activities of Mr. Ermakov’s alleged hacker handles. Aleksandr Ermakov, 33, of Russia. Image: Australian Department of Foreign Affairs and Trade. The allegations against Ermakov mark the first time Australia has sanctioned a cybercriminal. The documents released by the Australian government included multiple photos of Mr. Ermakov, and it was clear they wanted to send a message that this was personal. It’s not hard to see why. The attackers who broke into Medibank in October 2022 stole 9.7 million records on current and former Medibank c

KnowBe4 - Your KnowBe4 Fresh Content Updates from January 2024

Image
Check out the 37 new pieces of training content added in January, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-january-2024

Schneier - Chatbots and Human Conversation

For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you wanted results, you needed to learn the computer’s language. This is beginning to change. Large language models—the technology undergirding modern chatbots—allow users to interact with computers through natural conversation, an innovation that introduces some baggage from human-to-human exchanges. Early on in our respective explorations of ChatGPT, the two of us found ourselves typing a word that we’d never said to a computer before: “Please.” The syntax of civility has crept into nearly every aspect of our encounters; we speak to this algebraic assemblage as if it were a person—even when we know that it’s not . Right now, this sort of interaction is a novelty. But as chatbots become a ubiqu

KnowBe4 - Houston, We Have a 2024 China Problem

Image
Russia is not the only global problem that democracy has to deal with. The Chinese regime ran large influence campaigns, attempting mass social engineering in the U.S. 2022 midterm elections, according to a declassified intelligence report and multiple private-sector investigations. We can expect the same in 2024. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/houston-we-have-a-2024-china-problem

The Hacker News - Perfecting the Defense-in-Depth Strategy with Automation

Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart — a multi-layered approach with strategic redundancy and a blend of passive and active security from The Hacker News https://thehackernews.com/2024/01/perfecting-defense-in-depth-strategy.html

The Hacker News - Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead," Malwarebytes' Jérôme Segura said in a from The Hacker News https://thehackernews.com/2024/01/malicious-ads-on-google-target-chinese.html

Rapid 7 - Building the Best SOC Takes Strategic Thinking

Image
So your security team is ready to scale up its security operations center, or SOC, to better meet the security needs of your organization. That’s great news. But there are some very important strategic questions that need to be answered if you want to build the most effective SOC you can and avoid some of the most common pitfalls teams of any size can encounter. The Gartner® report SOC Model Guide, is an excellent resource for understanding how to ask the right questions regarding your security needs and what to do once those questions are answered. Question 1: Which Model is Right for You? There are several different ways to build an effective SOC. And while some are more complicated (perhaps even prohibitively so) than others, knowing what your needs and resources are at the outset will help you make this crucial initial decision. Gartner puts it this way: “A SOC model defines a strategy for variation in the use of internal teams and external service providers when running a

KnowBe4 - New Deepfake Video Scam has “Taylor Swift” Offering Free French Cookware

Image
A new wave of ads utilizing video of well-known celebrities seemingly promoting video games, fake giveaways, and more are starting to popup, and fans are falling for this trap. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/deepfake-video-scam-taylor-swift-offering-cookware

The Hacker News - LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks

Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks. The findings come from Japanese company ITOCHU Cyber & Intelligence, which said the malware "has been updated with new features, as well as changes to the anti-analysis (analysis avoidance) techniques." LODEINFO (versions 0.6.6 and 0.6.7 from The Hacker News https://thehackernews.com/2024/01/lodeinfo-fileless-malware-evolves-with.html

Schneier - Quantum Computing Skeptics

Interesting article . I am also skeptical that we are going to see useful quantum computers anytime soon. Since at least 2019, I have been saying that this is hard. And that we don’t know if it’s “land a person on the surface of the moon” hard, or “land a person on the surface of the sun” hard. They’re both hard, but very different. from Schneier on Security https://www.schneier.com/blog/archives/2024/01/quantum-computing-skeptics.html

The Hacker News - Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024

The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform's surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team. Discover the full scope of digital threats in the Axur Report 2023/2024. Overview from The Hacker News https://thehackernews.com/2024/01/cyber-threat-landscape-7-key-findings.html

The Hacker News - China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware

A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat (APT) group under the name Blackwood. It's said to be active since at least 2018. The NSPX30 from The Hacker News https://thehackernews.com/2024/01/china-backed-hackers-hijack-software.html

KnowBe4 - Roblox Game 'Hack-A-Cat' Now Part of the Free KnowBe4 Children’s Interactive Cybersecurity Activity Kit

Image
If you haven’t heard of Roblox, you probably don’t have kids like me. Roblox is an online virtual world/metaverse that has been around since 2006 that allows people to play with others and is super popular with young people. We know from research done at Berkeley that gamification can be a good way to get students engaged with cybersecurity. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/roblox-game-free-knowbe4-childrens-interactive-cybersecurity-activity-kit

Black Hills InfoSec - Talkin’ About Infosec News – 1/24/2024

The post Talkin’ About Infosec News – 1/24/2024 appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/talkin-about-infosec-news-1-24-2024/

The Hacker News - Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters

Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters in the wild are estimated to be susceptible to the attack vector. In from The Hacker News https://thehackernews.com/2024/01/google-kubernetes-misconfig-lets-any.html

KnowBe4 - North Korean Threat Actor Targeting Cybersecurity Researchers With Spear Phishing Attacks

Image
A suspected North Korean state-sponsored threat actor called “ScarCruft” is launching spear phishing attacks against cybersecurity professionals, according to researchers at SentinelOne. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/spear-phishing-attacks-target-researchers

The Hacker News - Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption

The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. The tactic allows "threat actors to terminate antivirus processes and services for the deployment of ransomware," Trend from The Hacker News https://thehackernews.com/2024/01/kasseika-ransomware-using-byovd-trick.html

Schneier - Poisoning AI Models

New research into poisoning AI models : The researchers first trained the AI models using supervised learning and then used additional “safety training” methods, including more supervised learning, reinforcement learning, and adversarial training. After this, they checked if the AI still had hidden behaviors. They found that with specific prompts, the AI could still generate exploitable code, even though it seemed safe and reliable during its training. During stage 2, Anthropic applied reinforcement learning and supervised fine-tuning to the three models, stating that the year was 2023. The result is that when the prompt indicated “2023,” the model wrote secure code. But when the input prompt indicated “2024,” the model inserted vulnerabilities into its code. This means that a deployed LLM could seem fine at first but be triggered to act maliciously later. Research paper : Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training Abstract: Humans are capable

KnowBe4 - CyberheistNews Vol 14 #04 'Swatting' Becomes the Latest Extortion Tactic in Ransomware Attacks

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-14-04-swatting-becomes-the-latest-extortion-tactic-in-ransomware-attacks

The Hacker News - Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from developer systems on which they were installed. The modules named warbeast2000 and kodiak2k were published at the start of the month, attracting 412 and 1,281 downloads before they were taken down by the npm from The Hacker News https://thehackernews.com/2024/01/malicious-npm-packages-exfiltrate-1600.html

The Hacker News - "Activator" Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets

Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information and cryptocurrency wallet data. Kaspersky, which identified the artifacts in the wild, said they are designed to target machines running macOS Ventura 13.6 and later, indicating the malware's ability to infect Macs on both Intel and from The Hacker News https://thehackernews.com/2024/01/activator-alert-macos-malware-hides-in.html

The Hacker News - From Megabits to Terabits: Gcore Radar Warns of a New Era of DDoS Attacks

As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to track DDoS attacks. Gcore’s broad, internationally distributed network of scrubbing centers allows them to follow attack trends over time. Read on to learn about DDoS attack trends for Q3–Q4 of 2023, and what they mean for developing a robust from The Hacker News https://thehackernews.com/2024/01/from-megabits-to-terabits-gcore-radar.html

Schneier - Side Channels Are Common

Really interesting research: “ Lend Me Your Ear: Passive Remote Physical Side Channels on PCs .” Abstract: We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often conveyed by supposedly-benign channels such as audio recordings and common Voice-over-IP applications, even after lossy compression. Thus, we show, it is possible to conduct physical side-channel attacks on computation by remote and purely passive analysis of commonly-shared channels. These attacks require neither physical proximity (which could be mitigated by distance and shielding), nor the ability to run code on the target or configure its hardware. Consequently, we argue, physical side channels on PCs can no longer be excluded from remote-attack threat models. We analyze the computation-dependent leakage captured by internal microphones, and empirically demonstrate its efficacy for at

The Hacker News - BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time

Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums. Fitzpatrick, who went by the online alias "pompompurin," was arrested in March 2023 in New York and was subsequently charged with conspiracy to commit access device fraud and possession of child pornography. He was later released on a $ from The Hacker News https://thehackernews.com/2024/01/breachforums-founder-sentenced-to-20.html

The Hacker News - ~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation

Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as CVE-2023-22527 (CVSS score: 10.0), the vulnerability impacts out-of-date versions of the software, allowing unauthenticated attackers to achieve remote code execution on susceptible from The Hacker News https://thehackernews.com/2024/01/40000-attacks-in-3-days-critical.html

KnowBe4 - Russian State-Sponsored Threat Actor Targets High Profile Individuals in Phishing Campaign

Image
The Russian state-sponsored threat actor “COLDRIVER” is launching phishing campaigns against “high profile individuals in NGOs, former intelligence and military officers, and NATO governments,” according to researchers at Google’s Threat Analysis Group (TAG). from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/russian-threat-actor-launches-phishing-campaign

The Hacker News - North Korean Hackers Weaponize Fake Research to Deliver RokRAT Backdoor

Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat intelligence like cybersecurity from The Hacker News https://thehackernews.com/2024/01/north-korean-hackers-weaponize-fake.html

The Hacker News - MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries

Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. "Access to projects can be hijacked through domain name purchases and since most default build configurations are vulnerable, it would be difficult or even impossible to know whether an attack was being performed from The Hacker News https://thehackernews.com/2024/01/hackers-hijack-popular-java-and-android.html

Schneier - AI Bots on X (Twitter)

You can find them by searching for OpenAI chatbot warning messages, like: “I’m sorry, I cannot provide a response as it goes against OpenAI’s use case policy.” I hadn’t thought about this before: identifying bots by searching for distinctive bot phrases. from Schneier on Security https://www.schneier.com/blog/archives/2024/01/ai-bots-on-x-twitter.html

The Hacker News - 52% of Serious Vulnerabilities We Find are Related to Windows 10

We analyzed 2,5 million vulnerabilities we discovered in our customer’s assets. This is what we found. Digging into the data The dataset we analyze here is representative of a subset of clients that subscribe to our vulnerability scanning services. Assets scanned include those reachable across the Internet, as well as those present on internal networks. The data includes findings for network from The Hacker News https://thehackernews.com/2024/01/52-of-serious-vulnerabilities-we-find.html

The Hacker News - NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers

Cybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts. The malware, named NS-STEALER, is propagated via ZIP archives masquerading as cracked software, Trellix security researcher Gurumoorthi Ramanathan said in an analysis published last week. The ZIP file contains from The Hacker News https://thehackernews.com/2024/01/ns-stealer-uses-discord-bots-to.html

The Hacker News - FTC Bans InMarket for Selling Precise User Location Without Consent

The U.S. Federal Trade Commission (FTC) is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data. The settlement is part of allegations that the Texas-based company did not inform or seek consent from consumers before using their location information for advertising and marketing purposes. "InMarket will also be prohibited from from The Hacker News https://thehackernews.com/2024/01/ftc-bans-inmarket-for-selling-precise.html

The Hacker News - Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security and signature-based scanners," Trustwave said. "Notably, despite the binary's unknown file from The Hacker News https://thehackernews.com/2024/01/apache-activemq-flaw-exploited-in-new.html

The Hacker News - Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack

Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments. The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as Midnight Blizzard (formerly from The Hacker News https://thehackernews.com/2024/01/microsofts-top-execs-emails-breached-in.html

The Hacker News - Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files. "The PDFs from The Hacker News https://thehackernews.com/2024/01/invoice-phishing-alert-ta866-deploys.html

Schneier - Friday Squid Blogging: New Foods from Squid Fins

We only eat about half of a squid, ignoring the fins. A group of researchers is working to change that . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2024/01/friday-squid-blogging-new-foods-from-squid-fins.html

Rapid 7 - Metasploit Weekly Wrap-Up 01/19/24

Image
Unicode your way to a php payload and three modules to add to your playbook for Ansible Our own jheysel-r7 added an exploit leveraging the fascinating tool of php filter chaining to prepend a payload using encoding conversion characters and h00die et. al. have come through and added 3 new Ansible post modules to gather configuration information, read files, and deploy payloads. While none offer instantaneous answers across the universe, they will certainly help in red team exercises. New module content (4) Ansible Agent Payload Deployer (1 of 3 Ansible post modules) Authors: h00die and n0tty Type: Exploit Pull request: #18627 contributed by h00die Path: linux/local/ansible_node_deployer Ansible Config Gather (2 of 3 Ansible post modules) Author: h00die Type: Post Pull request: #18627 contributed by h00die Path: linux/gather/ansible Ansible Playbook Error Message File Reader (3 of 3 Ansible post modules) Authors: h00die and rioasmara Type: Post Pull request: #18627 c

Schneier - Zelle Is Using My Name and Voice without My Consent

Okay, so this is weird. Zelle has been using my name, and my voice, in audio podcast ads—without my permission. At least, I think it is without my permission. It’s possible that I gave some sort of blanket permission when speaking at an event. It’s not likely, but it is possible. I wrote to Zelle about it. Or, at least, I wrote to a company called Early Warning that owns Zelle about it. They asked me where the ads appeared. This seems odd to me. Podcast distribution networks drop ads in podcasts depending on the listener—like personalized ads on webpages—so the actual podcast doesn’t matter. And shouldn’t they know their own ads? Annoyingly, it seems time to get attorneys involved. What would help is to have a copy of the actual ad. (Or ads, I’m assuming there’s only one.) So, has anyone else heard me in a Zelle ad? Does anyone happen to have an audio recording? Please email me. And I will update this post if I learn anything more. Or if there is some actual legal action. (And if t

KnowBe4 - Facebook Work-From-Home “Job” Posting Scam Goes the Extra Mile to Trick Victims

Image
A new job posting scam   found by IT security company Qualysys is focused on capturing victim’s identity details, accessing victim’s Facebook accounts, and committing fraud. In this new scam, legitimate Facebook advertising is used to post fake work-from-home job ads from several companies. As with most of these scams, victims are directed to a third-party messaging app and are asked to sign a realistic-looking employment contract. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/facebook-work-from-home-job-posting-scams-victims

Rapid 7 - Critical CVEs in Outdated Versions of Atlassian Confluence and VMware vCenter Server

Image
Rapid7 is highlighting two critical vulnerabilities in outdated versions of widely deployed software this week. Atlassian disclosed CVE-2023-22527, a template injection vulnerability in Confluence Server with a maxed-out CVSS score of 10, while VMware pushed a fresh update to its October 2023 vCenter Server advisory on CVE-2023-34048 to note that the vulnerability has now been exploited in the wild. VMware and Atlassian technologies are mainstays in many corporate environments, and they have historically been targeted by a wide range of adversaries, including in large-scale ransomware campaigns. Rapid7 urges customers to ensure that they are using supported, fixed versions of vCenter Server and Confluence Server in their environments, and that, wherever possible, they are adhering to a high-urgency patching schedule for these products. VMware vCenter Server CVE-2023-34048 CVE-2023-34048 is a critical out-of-bounds write vulnerability that affects VMware vCenter Server and VM

Krebs - Canadian Man Stuck in Triangle of E-Commerce Fraud

Image
A Canadian man who says he’s been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name. His case appears to involve “triangulation fraud,” which occurs when a consumer purchases something online — from a seller on Amazon or eBay , for example — but the seller doesn’t actually own the item for sale. Instead, the seller purchases the item from an online retailer using stolen payment card data. In this scam, the unwitting buyer pays the scammer and receives what they ordered, and very often the only party left to dispute the transaction is the owner of the stolen payment card. Triangulation fraud. Image: eBay Enterprise. Timothy Barker , 56, was until recently a Band Manager at Duncan’s First Nation , a First Nation in northwestern Alberta, Canada. A Band Manager is responsible for overseeing the delivery of all Band programs, including community health services, education, housing, social assistance, and administration. Barker told KrebsOnSecur

Schneier - Speaking to the CIA’s Creative Writing Group

This is a fascinating story. Last spring, a friend of a friend visited my office and invited me to Langley to speak to Invisible Ink, the CIA’s creative writing group. I asked Vivian (not her real name) what she wanted me to talk about. She said that the topic of the talk was entirely up to me. I asked what level the writers in the group were. She said the group had writers of all levels. I asked what the speaking fee was. She said that as far as she knew, there was no speaking fee. What I want to know is, why haven’t I been invited? There are nonfiction writers in that group. from Schneier on Security https://www.schneier.com/blog/archives/2024/01/speaking-to-the-cias-creative-writing-group.html

The Hacker News - Preventing Data Loss: Backup and Recovery Strategies for Exchange Server Administrators

In the current digital landscape, data has emerged as a crucial asset for organizations, akin to currency. It’s the lifeblood of any organization in today's interconnected and digital world. Thus, safeguarding the data is of paramount importance. Its importance is magnified in on-premises Exchange Server environments where vital business communication and emails are stored and managed.  In from The Hacker News https://thehackernews.com/2024/01/preventing-data-loss-backup-and.html

The Hacker News - Npm Trojan Bypasses UAC, Installs AnyDesk with "Oscompatible" Package

A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. The package, named "oscompatible," was published on January 9, 2024, attracting a total of 380 downloads before it was taken down. oscompatible included a "few strange binaries," according to software supply chain security firm Phylum, including a single from The Hacker News https://thehackernews.com/2024/01/npm-trojan-bypasses-uac-installs.html

The Hacker News - U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities (KEV) catalog, stating it's being actively exploited in the wild. The vulnerability in question is CVE-2023-35082 (CVSS score: 9.8), an authentication bypass from The Hacker News https://thehackernews.com/2024/01/us-cybersecurity-agency-warns-of.html

KnowBe4 - More Than Half of Data Breaches in the U.K.’s Legal Sector are Due to Insider Error

Image
A new analysis of data breaches in the United Kingdom's legal sector shows that organizations need to be looking inward more and look for ways to elevate the security awareness of employees. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/half-data-breaches-uk-legal-due-insider-error

Rapid 7 - Privacy, Security, and Connected Devices: Key Takeaways From CES 2024

Image
The topic of data privacy has become so relevant in our age of smart technology. With everything becoming connected, including our homes, workplaces, cities, and even our cars, those who develop this technology are obligated to identify consumers' expectations for privacy and then find the best ways to meet those expectations. This of course includes determining how to best secure the data with which these technologies interact. As you can imagine, accomplishing these requirements is no easy feat. Yes, connected technology developers have their work cut out for them, and that’s why CES 2024 included a panel to discuss this very topic: “ Safeguarding Your Sanctuary: Expectations for Data Privacy in the Smart Home Era .” I had the privilege of being a part of this four-person panel, and if you weren’t in the room with us, here’s your chance to get some of the key takeaways from our discussion. Putting the Consumer’s Needs First What do consumers expect? The answer to this questio