Posts

Showing posts from April, 2024

KnowBe4 - Phishing Failures: How Not to Phish Your Users

Image
This blog was co-written by Javvad Malik and Erich Kron. Let’s dive into the cautionary world of phishing simulations gone wrong. You know, those attempts to train users not to fall for phishing that somehow end up setting off more alarms than a Hawaiian missile alert system. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-failures-how-not-phish-your-users

KnowBe4 - FBI Warns of Verification Scams Targeting Dating Site Users

Image
The US Federal Bureau of Investigation (FBI) has issued an advisory warning of a scam campaign targeting users of online dating platforms. The scammers are attempting to trick users into signing up for fraudulent monthly subscriptions in order to be verified as a real person. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/fbi-warns-verification-scams-targeting-dating-users

KnowBe4 - How New College Graduates Can Avoid Increasingly Personalized Job Scams

Image
For many fresh out of college, the drive to land that first professional role is a top priority. Yet, new graduates can be exposed to sophisticated scams that can jeopardize not just their finances but also their identities. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/new-college-graduates-avoid-personalized-job-scams

The Hacker News - Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years

Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the repositories in Docker Hub are imageless and have no content except for the repository from The Hacker News https://thehackernews.com/2024/04/millions-of-malicious-imageless.html

Krebs - Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

Image
A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo Psychotherapy Center in Finland became the target of blackmail when a tormentor identified as “ransom_man” demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly sensitive therapy session notes Vastaamo had exposed online. Ransom_man announced on the dark web that he would start publishing 100 patient profiles every 24 hours. When Vastaamo declined to pay, ransom_man shifted to extorting individual patients. According to Finnish police, some 22,000 victims reported extortion attempts targeting them personally, targeted emails that threatened to publish their therapy notes online unless paid a 500 euro ransom. Finnish prosecutors quickly zeroed in o...

KnowBe4 - CyberheistNews Vol 14 #18 [Wake Up Call] A Fresh Nespresso Domain Hijack Brews an MFA Phishing Scheme

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-14-18-wake-up-call-a-fresh-nespresso-domain-hijack-brews-a-mfa-phishing-scheme

KnowBe4 - Targeted Smishing Attacks by Threat Group “The Com” On The Rise

Image
Cyber activity by the group "The Com," which leverages (SIM) swapping, cryptocurrency theft, swatting, and corporate intrusions, is increasing. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/targeted-smishishing-attacks-by-the-com-increasing

KnowBe4 - The Art of Huh?

Image
One of the best things you can teach yourself, your family, and your organization is how to recognize the common signs of phishing and how to mitigate and appropriately report it. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/the-art-of-huh

KnowBe4 - Phishing Campaigns Spoof the U.S. Postal Service

Image
Researchers at Akamai have found that phishing sites impersonating the U.S. Postal Service get as much traffic as the real USPS website. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-campaigns-spoof-the-us-postal-service

The Hacker News - Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023

Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or for repeated policy violations. "In 2023, from The Hacker News https://thehackernews.com/2024/04/google-prevented-228-million-malicious.html

The Hacker News - China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale

A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019. Cloud security firm Infoblox described the threat actor as likely affiliated with the from The Hacker News https://thehackernews.com/2024/04/china-linked-muddling-meerkat-hijacks.html

The Hacker News - New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322, "involves the use of promise objects and lazy evaluation in R," AI application security from The Hacker News https://thehackernews.com/2024/04/new-r-programming-vulnerability-exposes.html

The Hacker News - Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential proxy services, lists of previously stolen credentials ('combo lists'), and scripting tools," the from The Hacker News https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.html

The Hacker News - Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.ppsx") as the starting point, with from The Hacker News https://thehackernews.com/2024/04/ukraine-targeted-in-cyberattack.html

Schneier - Friday Squid Blogging: Searching for the Colossal Squid

A cruise ship is searching for the colossal squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2024/04/friday-squid-blogging-searching-for-the-colossal-squid.html

The Hacker News - Severe Flaws Disclosed in Brocade SANnav SAN Management Software

Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from incorrect firewall rules, from The Hacker News https://thehackernews.com/2024/04/severe-flaws-disclosed-in-brocade.html

KnowBe4 - How an Athletic Director Exploited AI to Frame a Principal with Fabricated Racist Comments

Image
In an unsettling turn of events, a high school athletic director in Maryland is accused of using artificial intelligence (AI) in a morally horrible manner. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/how-athletic-director-exploited-ai

KnowBe4 - US Justice Department Accuses Iranian Nationals of Launching Spear Phishing Attacks

Image
The US Department of Justice has indicted four Iranian nationals for allegedly launching spear phishing attacks against the US government and defense contractors. In one instance, the hackers compromised over 200,000 employee accounts at a victim organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/us-justice-department-accuses-iranian-nationals-launching-spear-phishing-attacks

KnowBe4 - Next Week is World Password Day!

Image
May 2nd is World Password Day. Despite the computer industry telling us for decades that our passwords will soon be gone, we now have more than ever! from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/world-password-day

KnowBe4 - Your KnowBe4 Fresh Content Updates from April 2024

Image
Check out the 33 new pieces of training content added in April, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-april-2024

Schneier - Long Article on GM Spying on Its Cars’ Drivers

Kashmir Hill has a really good article on how GM tricked its drivers into letting it spy on them—and then sold that data to insurance companies. from Schneier on Security https://www.schneier.com/blog/archives/2024/04/long-article-on-gm-spying-on-its-cars-drivers.html

The Hacker News - Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in from The Hacker News https://thehackernews.com/2024/04/palo-alto-networks-outlines-remediation.html

The Hacker News - North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from [command-and-control] server," Avast security researcher Luigino from The Hacker News https://thehackernews.com/2024/04/north-koreas-lazarus-group-deploys-new.html

Black Hills InfoSec - Deploy an Active Directory Lab Within Minutes

Image
Creating your own lab can sound like a daunting task. By the end of this blog post, you will be able to deploy your own Active Directory (AD) environment in […] The post Deploy an Active Directory Lab Within Minutes appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/deploy-an-active-directory-lab-within-minutes/

KnowBe4 - AI-Assisted Phishing Attacks Are on the Rise

Image
Threat actors are increasingly using generative AI tools to improve their phishing campaigns, according to a new report from Zscaler. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ai-assisted-phishing-attacks-rise

The Hacker News - Network Threats: A Step-by-Step Attack Demonstration

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit from The Hacker News https://thehackernews.com/2024/04/network-threats-step-by-step-attack.html

Schneier - The Rise of Large-Language-Model Optimization

The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming to an end. The advent of AI threatens to destroy the complex online ecosystem that allows writers, artists, and other creators to reach human audiences. To understand why, you must understand publishing. Its core task is to connect writers to an audience. Publishers work as gatekeepers, filtering candidates and then amplifying the chosen ones. Hoping to be selected, writers shape their work in various ways. This article might be written very differently in an academic publication, for example, and publishing it here entailed pitching an editor, revising multiple drafts for style and focus, and so on. The internet initially promised to change this process. Anyone could publish anything! But...

The Hacker News - DOJ Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactions

The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds. To that end, Keonne Rodriguez, 35, and William Lonergan Hill, 65, have been charged from The Hacker News https://thehackernews.com/2024/04/doj-arrests-founders-of-crypto-mixer.html

The Hacker News - U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April 2021. This includes the front companies Mehrsam Andisheh Saz Nik (MASN) and Dadeh from The Hacker News https://thehackernews.com/2024/04/us-treasury-sanctions-iranian-firms-and.html

The Hacker News - Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software. "SSLoad is designed to stealthily infiltrate systems, gather sensitive from The Hacker News https://thehackernews.com/2024/04/researchers-detail-multistage-attack.html

Schneier - Dan Solove on Privacy Regulation

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” His mini-abstract: In this Article I argue that most of the time, privacy consent is fictitious. Instead of futile efforts to try to turn privacy consent from fiction to fact, the better approach is to lean into the fictions. The law can’t stop privacy consent from being a fairy tale, but the law can ensure that the story ends well. I argue that privacy consent should confer less legitimacy and power and that it be backstopped by a set of duties on organizations that process personal data based on consent. Full abstract: Consent plays a profound role in nearly all privacy laws. As Professor Heidi Hurd aptly said, consent works “moral magic”—it transforms things that would be illegal and immoral into lawful and legitimate activities. As to privacy, consent authori...

The Hacker News - CISO Perspectives on Complying with Cybersecurity Regulations

Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means compliance is a time-consuming, high-stakes process that demands strong organizational and from The Hacker News https://thehackernews.com/2024/04/ciso-perspectives-on-complying-with.html

Rapid 7 - Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise

Image
On Friday, April 19, 2024, managed file transfer vendor CrushFTP released information to a private mailing list on a new zero-day vulnerability affecting versions below 10.7.1 and 11.1.0 (as well as legacy 9.x versions) across all platforms. No CVE was assigned by the vendor, but a third-party CVE Numbering Authority (CNA) assigned CVE-2024-4040 as of Monday, April 22. According to a public-facing vendor advisory , the vulnerability is ostensibly a VFS sandbox escape in CrushFTP managed file transfer software that allows “remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.” Rapid7’s vulnerability research team analyzed CVE-2024-4040 and determined that it is fully unauthenticated and trivially exploitable; successful exploitation allows for not only arbitrary file read as root, but also authentication bypass for administrator account access and full remote code execution. Successful exploitation allows a remote, unauthenticated attacker t...

KnowBe4 - CyberheistNews Vol 14 #17 [HEADS UP] LastPass Warns of a 'CEO' Deepfake Phishing Attempt

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-14-17-heads-up-lastpass-warns-of-a-ceo-deepfake-phishing-attempt

The Hacker News - Webinar: Learn Proactive Supply Chain Threat Hunting Techniques

In the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks have emerged as a potent threat, exploiting the intricate web of interconnected systems and third-party dependencies to breach even the most formidable defenses. But what if you could turn the tables and proactively hunt these threats before they wreak havoc? We invite you to join us for an from The Hacker News https://thehackernews.com/2024/04/webinar-learn-proactive-supply-chain.html

Schneier - Microsoft and Security Incentives

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft: Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best. […] “The government needs to focus on encouraging and catalyzing competition,” Grotto said. He believes it also needs to publicly scrutinize Microsoft and make sure everyone knows when it messes up. “At the end of the day, Microsoft, any company, is going to respond most directly to market incentives,” Grotto told us. “Unless this scrutiny generates changed behavior among its customers who might want to look elsewhere, then the incentives for Microsoft to change are not going to be as strong as they should be.” Breaking up the tech monopolies is one of t...

The Hacker News - German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies

German authorities said they have issued arrest warrants against three citizens on suspicion of spying for China. The full names of the defendants were not disclosed by the Office of the Federal Prosecutor (aka Generalbundesanwalt), but it includes Herwig F., Ina F., and Thomas R. "The suspects are strongly suspected of working for a Chinese secret service since an unspecified from The Hacker News https://thehackernews.com/2024/04/german-authorities-issue-arrest.html

Rapid 7 - Take Command Summit: Take Breaches from Inevitable to Preventable on May 21

Image
Registration is now open for Take Command , a day-long virtual summit in partnership with AWS. You do not want to miss it. You’ll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more. In 2024, adversaries are using AI and new techniques, working in gangs with nation-state budgets. But it’s “inevitable” they’ll succeed? Really? Before any talk of surrender, please join us at Take Command. We’ve packed the day with information and insights you can take back to your team and use immediately. You’ll hear from Chief Scientist Raj Samani, our own CISO Jaya Baloo, global security leaders, hands-on practitioners, and Rapid7 Labs leaders like Christiaan Beek and Caitlin Condon. You’ll get a first look at new, emergent research, trends, and intelligence from the curators of Metasploit and our renowned open source communities. You’ll leave with actionable strategies to safeguard against the newest ransomware, state-sponsored TTPs, and marquee vulner...

The Hacker News - MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion led to the compromise of its Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified research and prototyping network. The unknown adversary "performed reconnaissance from The Hacker News https://thehackernews.com/2024/04/mitre-corporation-breached-by-nation.html

The Hacker News - Ransomware Double-Dip: Re-Victimization in Cyber Extortion

Between crossovers - Do threat actors play dirty or desperate? In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether or not this is an actual second attack, an affiliate crossover (meaning an affiliate has gone to from The Hacker News https://thehackernews.com/2024/04/ransomware-double-dip-re-victimization.html

The Hacker News - Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. "When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path," SafeBreach security researcher Or Yair said& from The Hacker News https://thehackernews.com/2024/04/researchers-uncover-windows-flaws.html

The Hacker News - New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server IP address has been previously identified as associated with the malware. RedLine Stealer,  from The Hacker News https://thehackernews.com/2024/04/new-redline-stealer-variant-disguised.html

The Hacker News - Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files," CrushFTP said in an advisory released Friday. from The Hacker News https://thehackernews.com/2024/04/critical-update-crushftp-zero-day-flaw.html

Schneier - Friday Squid Blogging: Squid Trackers

A new bioadhesive makes it easier to attach trackers to squid. Note: the article does not discuss squid privacy rights. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2024/04/friday-squid-blogging-squid-trackers.html

Rapid 7 - Metasploit Weekly Wrap-Up 04/19/24

Image
Welcome Ryan and the new CrushFTP module It's not every week we add an awesome new exploit module to the Framework while adding the original discoverer of the vulnerability to the Rapid7 team as well. We're very excited to welcome Ryan Emmons to the Emergent Threat Response team, which works alongside Metasploit here at Rapid7. Ryan discovered an Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in CrushFTP (CVE-2023-43177) versions prior to 10.5.1 which results in unauthenticated remote code execution. Metasploit's very own Christophe De La Fuente did a fantastic job of turning this complex exploit into a smooth running Metasploit module. This release includes another unauthenticated remote code execution vulnerability in the oh so popular PostgreSQL management tool, pgAdmin. Written by Spencer McIntyre, the module exploits CVE-2024-2044 which is a path-traversal vulnerability in the session management that allows a Python pickl...

The Hacker News - BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Tool

Technology, research, and government sectors in the Asia-Pacific region have been targeted by a threat actor called BlackTech as part of a recent cyber attack wave. The intrusions pave the way for an updated version of modular backdoor dubbed Waterbear as well as its enhanced successor referred to as Deuterbear. "Waterbear is known for its complexity, as it from The Hacker News https://thehackernews.com/2024/04/blacktech-targets-tech-research-and-gov.html

KnowBe4 - Russian Threat Actor FIN7 Targeting the Automotive Industry with Spear Phishing Attacks

Image
The cybercriminal threat actor FIN7 is launching spear phishing attacks against the automotive industry in the United States, according to researchers at BlackBerry. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/fin7-targets-automotive-industry-with-spear-phishing

The Hacker News - Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia," cybersecurity agencies from the Netherlands and the U.S., from The Hacker News https://thehackernews.com/2024/04/akira-ransomware-gang-extorts-42.html

The Hacker News - Hackers Target Middle East Governments with Evasive "CR4T" Backdoor

Government entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T. Russian cybersecurity company Kaspersky said it discovered the activity in February 2024, with evidence suggesting that it may have been active since at least a year prior. The campaign has been codenamed  from The Hacker News https://thehackernews.com/2024/04/hackers-target-middle-east-governments.html

Black Hills InfoSec - Red Teaming: A Story From the Trenches

This article originally featured in the very first issue of our PROMPT# zine — Choose Wisely. You can find that issue (and all the others) here: https://ift.tt/219t3ez I remember a […] The post Red Teaming: A Story From the Trenches appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/red-teaming-a-story-from-the-trenches/

The Hacker News - FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor

The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak (aka Anunak). "FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights," the BlackBerry research and intelligence team said in a new write-up. "They from The Hacker News https://thehackernews.com/2024/04/fin7-cybercrime-group-targeting-us-auto.html

The Hacker News - Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes

Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024. OpenMetadata is an open-source platform that operates as a from The Hacker News https://thehackernews.com/2024/04/hackers-exploit-openmetadata-flaws-to.html

The Hacker News - Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor

A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. "The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords, thereby from The Hacker News https://thehackernews.com/2024/04/malicious-google-ads-pushing-fake-ip.html

The Hacker News - GenAI: A New Headache for SaaS Security Teams

The introduction of Open AI’s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, from The Hacker News https://thehackernews.com/2024/04/genai-new-headache-for-saas-security.html

The Hacker News - Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services

Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Cisco Talos said. Successful attacks could from The Hacker News https://thehackernews.com/2024/04/cisco-warns-of-global-surge-in-brute.html

KnowBe4 - CyberheistNews Vol 14 #16 Critical Improvements to the 7 Most Common Pieces of Cybersecurity Advice

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-14-16-critical-improvements-to-the-seven-most-common-pieces-of-cybersecurity-advice

Rapid 7 - Rapid7 Insight Platform Achieves Level 2 TX-Ramp Authorization

Authored by Damon Cabanillas Rapid7's Insight Platform has officially achieved Level 2 Texas Risk and Authorization Management Program (TX-RAMP) authorization. This milestone marks a significant step forward in providing our customers peace-of-mind as well as the best end-to-end cloud security solutions. According to the official TX-RAMP manual, Level 2 TX-RAMP authorization “is required for cloud computing services that store, process, or transmit confidential data of a state agency and the cloud computing service is determined to be moderate or high impact information resources.” This authorization also signifies our unwavering commitment to cybersecurity compliance as well as the people, processes, and technology required to safeguard the confidential data of our customers and mitigate an ever-expanding attack surface. Public-Sector Validation in Texas Cloud security providers (CSPs) must keep pace with the ever-evolving variety of controls and requirements enacted at the s...

Rapid 7 - Start with threat modelling and let gamers game

Image
Authored by Damon Cabanillas Is there anything that’s not changing too fast these days? The demand for games, availability, and stability has the gaming industry in sprint after sprint with new IT requirements. Most infrastructure has changed from on-prem to hybrid: the cloud accommodates highly volatile time-of-day, day-of-week, and new release traffic. The risks and threats have also changed a lot over the years, and are continuing to change. Adversaries are aware of it all and are using it to their advantage. Today, they’re extracting $10 billion from the global economy every year. Ready player one? Winning is about understanding your opponent Rapid7’s public research projects make this possible: Project Lorelei , Metasploit , and AttackerKB let us spot new, popular attacks exploits, their velocity, and the risk to you. Too busy to click the links today? Make time soon. Just as in any game, you need to understand what weapons adversaries use, how they think, and how capable ...

The Hacker News - TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. "The group made extensive use of steganography by sending VBSs, PowerShell code, as well as RTF documents with an embedded exploit, inside from The Hacker News https://thehackernews.com/2024/04/ta558-hackers-weaponize-images-for-wide.html

The Hacker News - AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs

New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in from The Hacker News https://thehackernews.com/2024/04/aws-google-and-azure-cli-tools-could.html

Krebs - Who Stole 3.6M Tax Records from South Carolina?

Image
For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card records from big box retailers like Home Depot and Target in the years that followed. Questions about who stole tax and financial data on roughly three quarters of all South Carolina residents came to the fore last week at the confirmation hearing of Mark Keel , who was appointed in 2011 by Gov. Nikki Haley to head the state’s law enforcement division. If approved, this would Keel’s third six-year term in that role. The Associated Press reports that Keel was careful not to release many details about the breach at his hearing, te...

KnowBe4 - You Really Are Being Surveilled All the Time

Image
“If the product is free, you are the product!” No truer words have ever been spoken. But in today’s internet-connected, ad-everywhere world, even if you are paying for the product or service, you are still the product. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/you-really-are-being-surveilled-all-the-time

The Hacker News - Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw

A security flaw impacting the Lighttpd web server used in baseboard management controllers (BMCs) has remained unpatched by device vendors like Intel and Lenovo, new findings from Binarly reveal. While the original shortcoming was discovered and patched by the Lighttpd maintainers way back in August 2018 with version 1.4.51, the lack of a CVE identifier or an advisory meant that from The Hacker News https://thehackernews.com/2024/04/intel-and-lenovo-bmcs-contain-unpatched.html

Schneier - Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking twice at RSA Conference 2024 in San Francisco. I’ll be on a panel on software liability on May 6, 2024 at 8:30 AM, and I’m giving a keynote on AI and democracy on May 7, 2024 at 2:25 PM. The list is maintained on this page . from Schneier on Security https://www.schneier.com/blog/archives/2024/04/upcoming-speaking-engagements-35.html

KnowBe4 - I don't have to say it, do I?

Image
So today, news broke that Iran has sent dozens, if not more than 100 drones to Israel in a direct attack. Discussion on Twitter also claim that ballistic missiles will be sent. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/i-dont-have-to-say-it-do-i