BuzzSec

New insight into ransomware attacks show that cyber attacks are a top concern for organizations – with many not aware they were a victim until after the attack. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/nearly-every-ransomware-attack-today-includes-exfiltrating-your-data

Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets," the Microsoft Threat Intelligence team said. from The Hacker News https://thehackernews.com/2024/05/microsoft-warns-of-surge-in-cyber.html

Check out the 60 new pieces of training content added in May, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-may-2024

Digital content is a double-edged sword, providing vast benefits while simultaneously posing significant threats to organizations across the globe. The sharing of digital content has increased significantly in recent years, mainly via email, digital documents, and chat. In turn, this has created an expansive attack surface and has made ‘digital content’ the preferred carrier for cybercriminals from The Hacker News https://thehackernews.com/2024/05/beyond-threat-detection-race-to-digital.html

I don’t think it’s an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn’t necessarily interesting. But when an AI takes over a human task, the task changes. In particular, there are potential changes over four dimensions: Speed, scale, scope and sophistication. The problem with AIs trading stocks isn’t that they’re better than humans—it’s that they’re faster. But computers are better at chess and Go because they use more sophisticated strategies than humans. We’re worried about AI-controlled social media accounts because they operate on a superhuman scale. It gets interesting when changes in degree can become changes in kind. High-speed trading is fundamentally different than regular human trading. AIs have invented fundamentally new strategies in the game of Go. Millions of AI-controlled social me

The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. APT28, also known by the names BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422, is an advanced persistent threat (APT) group affiliated with from The Hacker News https://thehackernews.com/2024/05/russian-hackers-target-europe-with.html

OpenAI on Thursday disclosed that it took steps to cut off five covert influence operations (IO) originating from China, Iran, Israel, and Russia that sought to abuse its artificial intelligence (AI) tools to manipulate public discourse or political outcomes online while obscuring their true identity. These activities, which were detected over the past three months, used its AI models to from The Hacker News https://thehackernews.com/2024/05/openai-meta-tiktok-disrupt-multiple-ai.html

Law enforcement agencies in the United States and Europe today announced Operation Endgame , a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like  IcedID , Smokeloader and Trickbot . A frame from one of three animated videos released today in connection with Operation Endgame. Operation Endgame targets the cybercrime ecosystem supporting droppers/loaders, slang terms used to describe tiny, custom-made programs designed to surreptitiously install malware onto a target system. Droppers are typically used in the initial stages of a breach, and they allow cybercriminals to bypass security measures and deploy additional harmful programs, including viruses, ransomware, or spyware. Droppers like IcedID are most often deplo

We are thrilled to announce that two of our exceptional team members, Joanne Guarglia and Kelly Hiscoe, have been recognized as CRN's 2024 Women of the Channel. This recognition celebrates the achievements and leadership of women within the channel community, and we are incredibly proud to see Joanne and Kelly honored for their contributions. Kelly Hiscoe: Driving innovation in partner programs Kelly Hiscoe and her team are at the forefront of designing and launching partner programs, optimizing our operations to support Rapid7's global channel ecosystem. Their commitment to creating highly effective and streamlined partner experiences ensures seamless execution within our channel. Engaging continuously with partners, Kelly's team drives simplified, scalable, and predictable experiences that benefit all stakeholders. Kelly's dedication to improving our operational infrastructure and incentive programs is unwavering. Kelly said: "We will never be done focusing o

Security leaders are in a tricky position trying to discern how much new AI-driven cybersecurity tools could actually benefit a security operations center (SOC). The hype about generative AI is still everywhere, but security teams have to live in reality. They face constantly incoming alerts from endpoint security platforms, SIEM tools, and phishing emails reported by internal users. Security from The Hacker News https://thehackernews.com/2024/05/how-to-build-your-autonomous-soc.html

Europol on Thursday said it shut down the infrastructure associated with several malware loader operations such as IcedID, SystemBC, PikaBot, SmokeLoader, Bumblebee, and TrickBot as part of a coordinated law enforcement effort codenamed Operation Endgame. "The actions focused on disrupting criminal services through arresting High Value Targets, taking down the criminal infrastructures and from The Hacker News https://thehackernews.com/2024/05/europol-dismantles-100-servers-linked.html

The U.S. Department of Justice (DoJ) on Wednesday said it dismantled what it described as "likely the world's largest botnet ever," which consisted of an army of 19 million infected devices that was leased to other threat actors to commit a wide array of offenses. The botnet, which has a global footprint spanning more than 190 countries, functioned as a residential proxy service known as 911 S5. from The Hacker News https://thehackernews.com/2024/05/us-dismantles-worlds-largest-911-s5.html

Okta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing attacks orchestrated by threat actors. "We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for a number of our customers," the Identity and access management (IAM) services provider said. The from The Hacker News https://thehackernews.com/2024/05/okta-warns-of-credential-stuffing.html

Check Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild. Tracked as CVE-2024-24919, the issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. "The vulnerability potentially allows an attacker to read certain information on from The Hacker News https://thehackernews.com/2024/05/check-point-warns-of-zero-day-attacks.html

A recent study by Wing Security found that 63% of businesses may have former employees with access to organizational data, and that automating SaaS Security can help mitigate offboarding risks.  Employee offboarding is typically seen as a routine administrative task, but it can pose substantial security risks, if not handled correctly. Failing to quickly and thoroughly remove access for from The Hacker News https://thehackernews.com/2024/05/new-research-warns-about-weak.html

Brian Krebs reports on research into geolocating routers: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geolocate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally—including non-Apple devices like Starlink systems—and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. Really fascinating implications to this research. Research paper: “ Surveilling the Masses with Wi-Fi-Based Positioning Systems : Abstract: Wi-Fi-based Positioning Systems (WPSes) are used by modern mobile devices to learn their position using nearby Wi-Fi access points as landmarks. In this work, we show that Apple’s WPS can be abused to create a privacy threat on a glo

A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks targeting individuals and organizations in the software and information technology, education, and defense industrial base sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. "Moonstone Sleet is observed to set up fake companies and from The Hacker News https://thehackernews.com/2024/05/microsoft-uncovers-moonstone-sleet-new.html

The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure. Cybersecurity researchers and dark web trackers Brett Callow, Dark Web Informer, and FalconFeeds revealed the site's online return at breachforums[.]st – one of the dismantled sites – by a user named ShinyHunters, from The Hacker News https://thehackernews.com/2024/05/breachforums-returns-just-weeks-after.html

We are big fans of the U.S. Cybersecurity Infrastructure Security Agency (CISA), whose informal slogan of “An organization so committed to security that it’s in our name twice” is a source of pride. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/free-knowbe4-tools-cisas-website

The China-aligned threat actor “Sharp Dragon” is launching spear phishing attacks against government entities in African and Caribbean countries, according to researchers at Check Point. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/spear-phishing-attacks-target-african-caribbean-entities

Quantum computers are probably coming, though we don’t know when—and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The National Institute for Standards and Technology (NIST) has been hosting a competition since 2017, and there already are several proposed standards . Most of these are based on lattice problems. The mathematics of lattice cryptography revolve around combining sets of vectors—that’s the lattice—in a multi-dimensional space. These lattices are filled with multi-dimensional periodicities. The hard problem that’s used in cryptography is to find the shortest periodicity in a large, random-looking lattice. This can be turned into a public-key cryptosystem in a variety of different ways. Research has been ongoing since 1996, and there has been some really great work since then—including many practica

The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks. "CatDDoS-related gangs' samples have used a large number of known vulnerabilities to deliver samples," the QiAnXin XLab team  from The Hacker News https://thehackernews.com/2024/05/researchers-warn-of-catddos-botnet-and.html

A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as CVE-2024-5035, carries a CVSS score of 10.0. It impacts all versions of the router firmware including and prior to 1_1.1.6. It has  from The Hacker News https://thehackernews.com/2024/05/tp-link-gaming-router-vulnerability.html

Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that's behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. "Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate," the company said in its latest Cyber Signals report. "We've seen some examples where from The Hacker News https://thehackernews.com/2024/05/moroccan-cybercrime-group-steals-up-to.html

The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks are still a very risky attack vector. A new report by LayerX explores the state of from The Hacker News https://thehackernews.com/2024/05/report-dark-side-of-phishing-protection.html

Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. "Exploitation of this vulnerability would have allowed unauthorized access to the AI prompts and results of all Replicate's platform customers," from The Hacker News https://thehackernews.com/2024/05/experts-find-flaw-in-replicate-ai.html

The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating rogue virtual machines (VMs) within its VMware environment. "The adversary created their own rogue VMs within the VMware environment, leveraging compromised vCenter Server access," MITRE from The Hacker News https://thehackernews.com/2024/05/hackers-created-rogue-vms-to-evade.html

Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. "Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from The Hacker News https://thehackernews.com/2024/05/fake-antivirus-websites-deliver-malware.html

Don't be fooled into thinking that cyber threats are only a problem for large organizations. The truth is that cybercriminals are increasingly targeting smaller businesses, and they're getting smarter every day. Join our FREE webinar "Navigating the SMB Threat Landscape: Key Insights from Huntress' Threat Report," in which Jamie Levy — Director of Adversary Tactics at Huntress, a renowned from The Hacker News https://thehackernews.com/2024/05/how-do-hackers-blend-in-so-well-learn.html

Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of from The Hacker News https://thehackernews.com/2024/05/google-detects-4th-chrome-zero-day-in.html

New paper: “ Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market “: Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft. The last ten years have also been marked by stark failures to control spyware and its precursors and components. This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. Second, this Article applies lessons from these failures to guide regulatory efforts going forward. While recognizing that controlling this trade is difficult, I argue countries should focus on building and strengthening multilateral coalitions of the willing, rather than on strong-arming existing multilateral institutio

Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad. "The origin of BLOODALCHEMY and Deed RAT is ShadowPad and given the history of ShadowPad being utilized in numerous APT from The Hacker News https://thehackernews.com/2024/05/japanese-experts-warn-of-bloodalchemy.html

The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and the Caribbean as part of an ongoing cyber espionage campaign. "The campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while minimizing the exposure of their custom tools," Check Point from The Hacker News https://thehackernews.com/2024/05/new-frontiers-old-tactics-chinese-cyber.html

The Take Command Summit is officially in the books. It was a day-long virtual powerhouse of major voices and ultra-relevant topics from across the entire cybersecurity spectrum. We are super proud of the event and grateful for all who joined us for these important discussions. At Rapid7 we are eager to have the critical conversations at the critical moments and right now, the industry faces a great many challenges. From ransomware to cloud security to building the best 24/7/365 security operations center, the entire industry is facing hard choices from all fronts. But like every challenge, there are opportunities. And the Take Command Summit was created to help galvanize the entire security community to take command of those opportunities. There are way too many highlights from the summit for us to go through them all here, but needless to say, the entire event is chock full of insights into the security landscape, tactics for overcoming security challenges, deep conversations on to

Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part of an ongoing cyber espionage campaign dubbed Operation Diplomatic Specter since at least late 2022. "An analysis of this threat actor’s activity reveals long-term espionage operations against at least seven governmental entities," Palo Alto Networks from The Hacker News https://thehackernews.com/2024/05/inside-operation-diplomatic-specter.html

Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called “Recall” for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall records everything users do on their PC, including activities in apps, communications in live meetings, and websites visited for research. Despite encryption and local storage, the new feature raises privacy concerns for certain Windows users. I wrote about this AI trust problem last year: One of the promises of generative AI is a personal digital assistant. Acting as your advocate with others, and as a butler with you. This requires an intimacy greater than your search engine, email provider, cloud storage system, or phone. You’re going to want it with you 24/7, constantly training on everything you do. You will want it to know everything about you, so it can most effectively work on your b

Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances. Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to SQL injection flaws that allow an unauthenticated attacker within the same network to from The Hacker News https://thehackernews.com/2024/05/ivanti-patches-critical-remote-code.html

The UK’s National Cyber Security Centre (NCSC) has issued guidance to help medium-sized organizations defend themselves against business email compromise (BEC) attacks, especially those targeting senior staff members. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ncsc-offers-advice-for-thwarting-bec-attacks

Summer has finally arrived in certain parts of the world, and with it come many exciting events — from the grandeur of the Olympics to the grass courts of Wimbledon, from the electrifying performances of Taylor Swift to the many other concerts that light up the season. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/dont-let-criminals-steal-your-summer-fun

Analysis of malicious large language model (LLM) offerings on the dark web uncovers wide variation in service quality, methodology and value – with some being downright scams. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/malicious-use-of-generative-ai-large-language-models-now-comes-in-multiple-flavors

I recently heard another heartbreaking story of students who were scammed out of financial aid by a phishing attack . We have also heard stories of employment scams and social media based attacks where students fell victim to cybercriminals.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/introducing-knowbe4-student-edition-ksat

Experiments in unredacting text that has been pixelated. from Schneier on Security https://www.schneier.com/blog/archives/2024/05/unredacting-pixelated-text.html

Since the first edition of The Ultimate SaaS Security Posture Management (SSPM) Checklist was released three years ago, the corporate SaaS sprawl has been growing at a double-digit pace. In large enterprises, the number of SaaS applications in use today is in the hundreds, spread across departmental stacks, complicating the job of security teams to protect organizations against from The Hacker News https://thehackernews.com/2024/05/the-ultimate-saas-security-posture.html

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver (BYOVD) attack. Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE. Previous research from Chinese from The Hacker News https://thehackernews.com/2024/05/ghostengine-exploits-vulnerable-drivers.html

Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. At issue is the way that Apple collects and publicly shares information about the precise location of all Wi-Fi access points seen by its devices. Apple collects this location data to give Apple devices a crowdsourced, low-power alternative to constantly requesting global positioning system (GPS) coordinates. Both Apple and Google operate their own Wi-Fi-based Positioning Systems (WPS) that obtain cer