Posts

Showing posts from March, 2024

Schneier - Ross Anderson

Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I can’t remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security . (Okay, he created both—I helped.) It was before 1998, when we wrote about the problems with key escrow systems. I was one of the people he brought to the Newton Institute for the six-month cryptography residency program he ran (I mistakenly didn’t stay the whole time)—that was in 1996. I know I was at the Fast Software Encryption workshop in December 1993, another conference he created. There I presented the Blowfish encryption algorithm. Pulling an old first-edition of Applied Cryptography down from the shelf, I see his name in the acknowledgments. Which means that sometime in early 1993 I, as an unpublished book author who only wrote a couple of crypto articles for Dr...

The Hacker News - Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware

Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims' Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs said in a report published Friday. One from The Hacker News https://thehackernews.com/2024/03/hackers-target-macos-users-with.html

The Hacker News - Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros

RedHat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils from The Hacker News https://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html

KnowBe4 - Russian Federation-backed threat group APT29 Now Targeting German Political Parties

Image
New analysis of APT29’s (aka Cozy Bear) activities and their association  with Russia’s Foreign Intelligence Service (SVR) has revealed suspected attempts to collect political intelligence. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/russian-backed-group-apt29-targeting-german-political-parties

KnowBe4 - Narwhal Spider Threat Group Behind New Phishing Campaign Impersonating Reputable Law Firms

Image
Using little more than a well-known business name and a invoice-related PDF, the “NaurLegal” phishing campaign aims at installing malware trojans. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/narwhal-spider-threat-group-behind-phishing

The Hacker News - Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds

Security vulnerabilities discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana. They were reported to the Zurich-based from The Hacker News https://thehackernews.com/2024/03/dormakaba-locks-used-in-millions-of.html

The Hacker News - TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024," the Black Lotus Labs team at Lumen from The Hacker News https://thehackernews.com/2024/03/themoon-botnet-resurfaces-exploiting.html

KnowBe4 - Your KnowBe4 Fresh Content Updates from March 2024

Image
Check out the 35 new pieces of training content added in March, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-march-2024

Schneier - Lessons from a Ransomware Attack against the British Library

You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but. from Schneier on Security https://www.schneier.com/blog/archives/2024/03/lessons-from-a-ransomware-attack-against-the-british-library.html

Schneier - AI and Trust

Watch the Video on YouTube.com A 15-minute talk by Bruce Schneier. from Schneier on Security https://www.schneier.com/blog/archives/2024/03/ai-and-trust-2.html

The Hacker News - PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers

The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. It said "new project creation and new user registration" was temporarily halted to mitigate what it said was a "malware upload campaign." The incident was resolved 10 hours later, on March 28, 2024, at from The Hacker News https://thehackernews.com/2024/03/pypi-halts-sign-ups-amid-surge-of.html

The Hacker News - New Webinar: Avoiding Application Security Blind Spots with OPSWAT and F5

Considering the ever-changing state of cybersecurity, it's never too late to ask yourself, "am I doing what's necessary to keep my organization's web applications secure?" The continuous evolution of technology introduces new and increasingly sophisticated threats daily, posing challenges to organizations all over the world and across the broader spectrum of industries striving to maintain from The Hacker News https://thehackernews.com/2024/03/new-webinar-avoiding-application.html

KnowBe4 - [New Feature] Start Coaching Your Users in Real Time With the New Google Chat Integration for KnowBe4's SecurityCoach

Image
Attention Google Workspace users! You’ve asked, and we’ve delivered, integrating KnowBe4's SecurityCoach with Google Chat . from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/securitycoach-google-chat-integration

The Hacker News - New ZenHammer Attack Bypasses Rowhammer Defenses on AMD CPUs

Cybersecurity researchers from ETH Zurich have developed a new variant of the RowHammer DRAM (dynamic random-access memory) attack that, for the first time, successfully works against AMD Zen 2 and Zen 3 systems despite mitigations such as Target Row Refresh (TRR). "This result proves that AMD systems are equally vulnerable to Rowhammer as Intel systems, which greatly increases the attack from The Hacker News https://thehackernews.com/2024/03/new-zenhammer-attack-bypasses-rowhammer.html

Schneier - Hardware Vulnerability in Apple’s M-Series Chips

It’s yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel’s 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years. […] The breakthrough of the new research is that it exposes a previously overlooked behavior of DMPs in Apple silicon: Sometimes they confuse memory content, such as key material, with the pointer value that is used to load other data. As a result, the DMP often reads the data and attempts to treat it as an address to perform memory access. This “dereferenci...

The Hacker News - Telegram Offers Premium Subscription in Exchange for Using Your Number to Send OTPs

In June 2017, a study of more than 3,000 Massachusetts Institute of Technology (MIT) students published by the National Bureau for Economic Research (NBER) found that 98% of them were willing to give away their friends' email addresses in exchange for free pizza. "Whereas people say they care about privacy, they are willing to relinquish private data quite easily when from The Hacker News https://thehackernews.com/2024/03/telegram-offers-premium-subscription-in.html

KnowBe4 - [SCARY] Research Shows Weaponized GenAI Worm That Gets Distributed Via A Zero Click Phishing Email

Image
Israeli researchers came out with a hell of a hing just now. Here is a bit of the abstract and a video. YIKES. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/scary-research-shows-weaponized-genai-worm-that-gets-distributed-via-a-zero-click-phishing-email

Schneier - Security Vulnerability in Saflok’s RFID-Based Keycard Locks

It’s pretty devastating : Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok . The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries. By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap t...

The Hacker News - Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment notification, urging the user to open an archive file attachment. The archive ("Bank Handlowy w Warszawie from The Hacker News https://thehackernews.com/2024/03/alert-new-phishing-attack-delivers.html

The Hacker News - Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries

Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN) as part of a cyber espionage campaign over the past three months. This includes the threat actor known as Mustang Panda, which has been recently linked to cyber attacks against Myanmar as well as from The Hacker News https://thehackernews.com/2024/03/two-chinese-apt-groups-ramp-up-cyber.html

KnowBe4 - [New Research] KnowBe4's Report is a Call to Action for Global Organizations to Improve Their Security Culture

Image
We’re thrilled to announce the release of the 2024 Security Culture Report , which dives deep into how security measures affect organizations and the way employees act and feel at work. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-security-culture-report-2024-new-research

Schneier - On Secure Voting Systems

Andrew Appel shepherded a public comment —signed by twenty election cybersecurity experts, including myself—on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but it’s general in nature. From the executive summary: We believe that no system is perfect, with each having trade-offs. Hand-marked and hand-counted ballots remove the uncertainty introduced by use of electronic machinery and the ability of bad actors to exploit electronic vulnerabilities to remotely alter the results. However, some portion of voters mistakenly mark paper ballots in a manner that will not be counted in the way the voter intended, or which even voids the ballot. Hand-counts delay timely reporting of results, and introduce the possibility for human error, bias, or misinterpretation. Technology introduces the means of efficient tabulation, but also introduces a manifold increase in complexity and sophistication of the process. This places the und...

HACKMAGEDDON - 2024 Cyber Attacks Statistics

In 2023, there was a 35% increase in cyber attacks to 4,128 events, with the MOVEit CVE-2023-34362 vulnerability being heavily exploited. Cybercrime dominated as the main motivation at 79%, while malware led attack techniques with 35.9%. Healthcare remained a top target for ransomware. The data, though not exhaustive, provides an overview of the cyber threat landscape. from HACKMAGEDDON https://www.hackmageddon.com/2024/03/26/2024-cyber-attacks-statistics/

The Hacker News - U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022. This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC (AWEX), and Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey ( from The Hacker News https://thehackernews.com/2024/03/us-sanctions-3-cryptocurrency-exchanges.html

The Hacker News - CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities added are as follows - CVE-2023-48788 (CVSS score: 9.3) - Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 (CVSS score: 9.8) - Ivanti from The Hacker News https://thehackernews.com/2024/03/cisa-alerts-on-active-exploitation-of.html

The Hacker News - Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks

The Iran-affiliated threat actor tracked as MuddyWater (aka Mango Sandstorm or TA450) has been linked to a new phishing campaign in March 2024 that aims to deliver a legitimate Remote Monitoring and Management (RMM) solution called Atera. The activity, which took place from March 7 through the week of March 11, targeted Israeli entities spanning global manufacturing, technology, and from The Hacker News https://thehackernews.com/2024/03/iran-linked-muddywater-deploys-atera.html

The Hacker News - N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks

The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting its tactics, leveraging Compiled HTML Help (CHM) files as vectors to deliver malware for harvesting sensitive data. Kimsuky, active since at least 2012, is known to target entities located in South Korea as well as North America, Asia, and Europe. According from The Hacker News https://thehackernews.com/2024/03/n-korea-linked-kimsuky-shifts-to.html

The Hacker News - German Police Seize 'Nemesis Market' in Major International Darknet Raid

German authorities have announced the takedown of an illicit underground marketplace called Nemesis Market that peddled narcotics, stolen data, and various cybercrime services. The Federal Criminal Police Office (aka Bundeskriminalamt or BKA) said it seized the digital infrastructure associated with the darknet service located in Germany and Lithuania and confiscated €94,000 ($102,107) from The Hacker News https://thehackernews.com/2024/03/german-police-seize-nemesis-market-in.html

The Hacker News - Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties

The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia's Foreign Intelligence Service (SVR), which was responsible for breaching SolarWinds and Microsoft. The findings come from Mandiant, which said Midnight Blizzard (aka APT29, BlueBravo, or from The Hacker News https://thehackernews.com/2024/03/russian-hackers-use-wineloader-malware.html

The Hacker News - AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking

Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances. The vulnerability, now addressed by AWS, has been codenamed FlowFixation by Tenable. from The Hacker News https://thehackernews.com/2024/03/aws-patches-critical-flowfixation-bug.html

The Hacker News - Massive Sign1 Campaign Infects 39,000+ WordPress Sites with Scam Redirects

A massive malware campaign dubbed Sign1 has compromised over 39,000 WordPress sites in the last six months, using malicious JavaScript injections to redirect users to scam sites. The most recent variant of the malware is estimated to have infected no less than 2,500 sites over the past two months alone, Sucuri said in a report published this week. The attacks entail injecting rogue from The Hacker News https://thehackernews.com/2024/03/massive-sign1-campaign-infects-39000.html

The Hacker News - Implementing Zero Trust Controls for Compliance

The ThreatLocker® Zero Trust Endpoint Protection Platform implements a strict deny-by-default, allow-by-exception security posture to give organizations the ability to set policy-based controls within their environment and mitigate countless cyber threats, including zero-days, unseen network footholds, and malware attacks as a direct result of user error. With the capabilities of the from The Hacker News https://thehackernews.com/2024/03/implementing-zero-trust-controls-for.html

Schneier - Google Pays $10M in Bug Bounties in 2023

BleepingComputer has the details . It’s $2M less than in 2022, but it’s still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. For Android, the world’s most popular and widely used mobile operating system, the program awarded over $3.4 million. Google also increased the maximum reward amount for critical vulnerabilities concerning Android to $15,000, driving increased community reports. During security conferences like ESCAL8 and hardwea.io, Google awarded $70,000 for 20 critical discoveries in Wear OS and Android Automotive OS and another $116,000 for 50 reports concerning issues in Nest, Fitbit, and Wearables. Google’s other big software project, the Chrome browser, was the subject of 359 security bug reports that paid out a total of $2.1 million. Slashdot thread . from Schneier on Security https://www.schneier.com/blog/archives/2024/03/google-pays-10m-in-bug-bountie...

The Hacker News - U.S. Justice Department Sues Apple Over Monopoly and Messaging Security

The U.S. Department of Justice (DoJ), along with 16 other state and district attorneys general, on Thursday accused Apple of illegally maintaining a monopoly over smartphones, thereby undermining, among others, security and privacy of users when messaging non-iPhone users. "Apple wraps itself in a cloak of privacy, security, and consumer preferences to justify its anticompetitive from The Hacker News https://thehackernews.com/2024/03/us-justice-department-sues-apple-over.html

The Hacker News - Russian Hackers Target Ukrainian Telecoms with Upgraded 'AcidPour' Malware

The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show. The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with Russian military intelligence. "AcidPour's expanded capabilities would enable it to better from The Hacker News https://thehackernews.com/2024/03/russian-hackers-target-ukrainian.html

The Hacker News - Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems

The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG. "The attackers compromised the first system, established persistence and added exclusions to antivirus products running on these endpoints as part of their preliminary post-compromise actions," Cisco from The Hacker News https://thehackernews.com/2024/03/russia-hackers-using-tinyturla-ng-to.html

The Hacker News - AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs researcher Kashinath T Pattan said. "Classified as an SMTP cracker, it exploits SMTP from The Hacker News https://thehackernews.com/2024/03/androxgh0st-malware-targets-laravel.html

KnowBe4 - [Heads-Up] Phishing Campaign Delivers VCURMS RAT

Image
Researchers at Fortinet are tracking a phishing campaign that’s distributing a new version of the VCURMS remote access Trojan (RAT). from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-campaign-delivers-vcurms-rat

KnowBe4 - CISA Recommends Continuous Cybersecurity Training

Image
In an age when 70% - 90% of successful data breaches involve social engineering (which gets past all other defenses), sufficient training is needed to best reduce human-side cybersecurity risk. Everyone should be trained in how to recognize social engineering attempts, how to mitigate (i.e., delete, ignore, etc.) them, and how to appropriately report them if in a business scenario. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cisa-recommends-continuous-cybersecurity-training

The Hacker News - How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the SaaS supply chain snowball quickly. That’s why effective vendor risk management (VRM) is a from The Hacker News https://thehackernews.com/2024/03/how-to-accelerate-vendor-risk.html

The Hacker News - GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws

GitHub on Wednesday announced that it's making available a feature called code scanning autofix in public beta for all Advanced Security customers to provide targeted recommendations in an effort to avoid introducing new security issues. "Powered by GitHub Copilot and CodeQL, code scanning autofix covers more than 90% of alert types in JavaScript, Typescript, Java, and from The Hacker News https://thehackernews.com/2024/03/github-launches-ai-powered-autofix-tool.html

Schneier - Public AI as an Alternative to Corporate AI

This mini-essay was my contribution to a round table on Power and Governance in the Age of AI .  It’s nothing I haven’t said here before, but for anyone who hasn’t read my longer essays on the topic, it’s a shorter introduction.   The increasingly centralized control of AI is an ominous sign . When tech billionaires and corporations steer AI, we get AI that tends to reflect the interests of tech billionaires and corporations, instead of the public. Given how transformative this technology will be for the world, this is a problem. To benefit society as a whole we need an AI public option —not to replace corporate AI but to serve as a counterbalance —as well as stronger democratic institutions to govern all of AI. Like public roads and the federal postal system, a public AI option could guarantee universal access to this transformative technology and set an implicit standard that private services must surpass to compete. Widely available public models and computing infrastru...

The Hacker News - Making Sense of Operational Technology Attacks: The Past, Present, and Future

When you read reports about cyber-attacks affecting operational technology (OT), it’s easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the from The Hacker News https://thehackernews.com/2024/03/making-sense-of-operational-technology.html

The Hacker News - U.S. Sanctions Russians Behind 'Doppelganger' Cyber Influence Campaign

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging in cyber influence operations. Ilya Andreevich Gambashidze (Gambashidze), the founder of the Moscow-based company Social Design Agency (SDA), and Nikolai Aleksandrovich Tupikin (Tupikin), the CEO and from The Hacker News https://thehackernews.com/2024/03/us-sanctions-russians-behind.html

The Hacker News - Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability

Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as CVE-2023-41724, the vulnerability carries a CVSS score of 9.6. "An unauthenticated threat actor can execute arbitrary commands on the underlying operating system of the appliance from The Hacker News https://thehackernews.com/2024/03/ivanti-releases-urgent-fix-for-critical.html

Rapid 7 - The Updated APT Playbook: Tales from the Kimsuky threat actor group

Image
Co-authors are Christiaan Beek and Raj Samani Within Rapid7 Labs we continually track and monitor threat groups. This is one of our key areas of focus as we work to ensure that our ability to protect customers remains constant. As part of this process, we routinely identify evolving tactics from threat groups in what is an unceasing game of cat and mouse. Our team recently ran across some interesting activity that we believe is the work of the Kimsuky threat actor group, also known as Black Banshee or Thallium. Originating from North Korea and active since at least 2012, Kimsuky focuses primarily on intelligence gathering. The group is known to have targeted South Korean government entities, individuals associated with the Korean peninsula's unification process, and global experts in various fields relevant to the regime's interests. In recent years, Kimsuky’s activity has also expanded across the APAC region to impact Japan, Vietnam, Thailand, etc. Through our research, ...

The Hacker News - New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems

A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk. Called Loop DoS attacks, the approach pairs "servers of these protocols in such a way that they communicate with each other indefinitely," researchers from the CISPA Helmholtz-Center for from The Hacker News https://thehackernews.com/2024/03/new-loop-dos-attack-impacts-hundreds-of.html

The Hacker News - New BunnyLoader Malware Variant Surfaces with Modular Attack Features

Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various functions as well as allow it to evade detection. "BunnyLoader is dynamically developing malware with the capability to steal information, credentials and cryptocurrency, as well as deliver additional malware to its victims," Palo Alto Networks from The Hacker News https://thehackernews.com/2024/03/new-bunnyloader-malware-variant.html

The Hacker News - Ukraine Arrests Trio for Hijacking Over 100 Million Email and Instagram Accounts

The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world. The suspects, aged between 20 and 40, are said to be part of an organized criminal group living in different parts of the country. If convicted, they face up to 15 years in prison. The accounts, authorities said, were from The Hacker News https://thehackernews.com/2024/03/ukraine-arrests-trio-for-hijacking-over.html

The Hacker News - U.S. EPA Forms Task Force to Protect Water Systems from Cyberattacks

The U.S. Environmental Protection Agency (EPA) said it's forming a new "Water Sector Cybersecurity Task Force" to devise methods to counter the threats faced by the water sector in the country. "In addition to considering the prevalent vulnerabilities of water systems to cyberattacks and the challenges experienced by some systems in adopting best practices, this Task Force in its deliberations from The Hacker News https://thehackernews.com/2024/03/us-epa-forms-task-force-to-protect.html

KnowBe4 - CyberheistNews Vol 14 #12 [HEADS UP] I Am Announcing AIDA: Artificial Intelligence Defense Agents!

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-14-12-heads-up-i-am-announcing-aida-artificial-intelligence-defense-agents

Schneier - AI and the Evolution of Social Media

Oh, how the mighty have fallen. A decade ago, social media was celebrated for sparking democratic uprisings in the Arab world and beyond. Now front pages are splashed with stories of social platforms’ role in misinformation , business conspiracy , malfeasance , and risks to mental health . In a 2022 survey , Americans blamed social media for the coarsening of our political discourse, the spread of misinformation, and the increase in partisan polarization. Today, tech’s darling is artificial intelligence. Like social media, it has the potential to change the world in many ways, some favorable to democracy. But at the same time, it has the potential to do incredible damage to society. There is a lot we can learn about social media’s unregulated evolution over the past decade that directly applies to AI companies and technologies. These lessons can help us avoid making the same mistakes with AI that we did with social media. In particular, five fundamental attributes of social media h...

The Hacker News - Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices

A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for Linux x86 devices, SentinelOne's Juan Andres Guerrero-Saade said in a series of posts on X. "The new variant [...] is an ELF binary compiled for x86 (not MIPS) and while it refers to similar devices/ from The Hacker News https://thehackernews.com/2024/03/suspected-russian-data-wiping-acidpour.html

The Hacker News - New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT

A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu. "The PhantomBlu operation introduces a nuanced exploitation method, diverging from NetSupport RAT’s typical delivery mechanism by leveraging OLE (Object from The Hacker News https://thehackernews.com/2024/03/new-phishing-attack-uses-clever.html

The Hacker News - E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials

A 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands of compromised credentials, the Department of Justice (DoJ) announced. Sandu Boris Diaconu was charged with conspiracy to commit access device and computer fraud and possession of 15 or more unauthorized from The Hacker News https://thehackernews.com/2024/03/e-root-marketplace-admin-sentenced-to.html

Rapid 7 - Rapid7 offers continued vulnerability coverage in the face of NVD delays

Image
Recently, the US National Institute of Standards and Technology (NIST) announced on the National Vulnerability Database (NVD) site that there would be delays in adding information on newly published CVEs. NVD enriches CVEs with basic details about a vulnerability like the vulnerability’s CVSS score, software products impacted by a CVE, information on the bug, patching status, etc. Since February 12th, 2024, NVD has largely stopped enriching vulnerabilities. Given the broad usage and visibility into the NVD, the delays are sure to have a widespread impact on security operations that rely on timely and effective vulnerability information to prioritize and respond to risk introduced by software vulnerabilities. We want to assure our customers that this does not impact Rapid7’s ability to provide coverage and checks for vulnerabilities in our products. At Rapid7, we believe in a multi-layered approach to vulnerability detection creation and risk scoring, which means that our products a...