Posts

Showing posts from May, 2024

KnowBe4 - 91% of Every Ransomware Attack Today Includes Exfiltrating Your Data

Image
New insight into ransomware attacks show that cyber attacks are a top concern for organizations – with many not aware they were a victim until after the attack. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/nearly-every-ransomware-attack-today-includes-exfiltrating-your-data

The Hacker News - Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices

Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets," the Microsoft Threat Intelligence team said. from The Hacker News https://thehackernews.com/2024/05/microsoft-warns-of-surge-in-cyber.html

KnowBe4 - Your KnowBe4 Fresh Content Updates from May 2024

Image
Check out the 60 new pieces of training content added in May, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-may-2024

The Hacker News - Beyond Threat Detection – A Race to Digital Security

Digital content is a double-edged sword, providing vast benefits while simultaneously posing significant threats to organizations across the globe. The sharing of digital content has increased significantly in recent years, mainly via email, digital documents, and chat. In turn, this has created an expansive attack surface and has made ‘digital content’ the preferred carrier for cybercriminals from The Hacker News https://thehackernews.com/2024/05/beyond-threat-detection-race-to-digital.html

Schneier - How AI Will Change Democracy

I don’t think it’s an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn’t necessarily interesting. But when an AI takes over a human task, the task changes. In particular, there are potential changes over four dimensions: Speed, scale, scope and sophistication. The problem with AIs trading stocks isn’t that they’re better than humans—it’s that they’re faster. But computers are better at chess and Go because they use more sophisticated strategies than humans. We’re worried about AI-controlled social media accounts because they operate on a superhuman scale. It gets interesting when changes in degree can become changes in kind. High-speed trading is fundamentally different than regular human trading. AIs have invented fundamentally new strategies in the game of Go. Millions of AI-controlled social me...

The Hacker News - Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting

The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. APT28, also known by the names BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422, is an advanced persistent threat (APT) group affiliated with from The Hacker News https://thehackernews.com/2024/05/russian-hackers-target-europe-with.html

The Hacker News - OpenAI, Meta, TikTok Disrupt Multiple AI-Powered Disinformation Campaigns

OpenAI on Thursday disclosed that it took steps to cut off five covert influence operations (IO) originating from China, Iran, Israel, and Russia that sought to abuse its artificial intelligence (AI) tools to manipulate public discourse or political outcomes online while obscuring their true identity. These activities, which were detected over the past three months, used its AI models to from The Hacker News https://thehackernews.com/2024/05/openai-meta-tiktok-disrupt-multiple-ai.html

Krebs - ‘Operation Endgame’ Hits Malware Delivery Platforms

Image
Law enforcement agencies in the United States and Europe today announced Operation Endgame , a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like  IcedID , Smokeloader and Trickbot . A frame from one of three animated videos released today in connection with Operation Endgame. Operation Endgame targets the cybercrime ecosystem supporting droppers/loaders, slang terms used to describe tiny, custom-made programs designed to surreptitiously install malware onto a target system. Droppers are typically used in the initial stages of a breach, and they allow cybercriminals to bypass security measures and deploy additional harmful programs, including viruses, ransomware, or spyware. Droppers like IcedID are most often d...

Rapid 7 - Celebrating Excellence: Joanne Guarglia and Kelly Hiscoe Recognized as CRN's 2024 Women of the Channel

Image
We are thrilled to announce that two of our exceptional team members, Joanne Guarglia and Kelly Hiscoe, have been recognized as CRN's 2024 Women of the Channel. This recognition celebrates the achievements and leadership of women within the channel community, and we are incredibly proud to see Joanne and Kelly honored for their contributions. Kelly Hiscoe: Driving innovation in partner programs Kelly Hiscoe and her team are at the forefront of designing and launching partner programs, optimizing our operations to support Rapid7's global channel ecosystem. Their commitment to creating highly effective and streamlined partner experiences ensures seamless execution within our channel. Engaging continuously with partners, Kelly's team drives simplified, scalable, and predictable experiences that benefit all stakeholders. Kelly's dedication to improving our operational infrastructure and incentive programs is unwavering. Kelly said: "We will never be done focusing o...

The Hacker News - How to Build Your Autonomous SOC Strategy

Security leaders are in a tricky position trying to discern how much new AI-driven cybersecurity tools could actually benefit a security operations center (SOC). The hype about generative AI is still everywhere, but security teams have to live in reality. They face constantly incoming alerts from endpoint security platforms, SIEM tools, and phishing emails reported by internal users. Security from The Hacker News https://thehackernews.com/2024/05/how-to-build-your-autonomous-soc.html

The Hacker News - Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware

Europol on Thursday said it shut down the infrastructure associated with several malware loader operations such as IcedID, SystemBC, PikaBot, SmokeLoader, Bumblebee, and TrickBot as part of a coordinated law enforcement effort codenamed Operation Endgame. "The actions focused on disrupting criminal services through arresting High Value Targets, taking down the criminal infrastructures and from The Hacker News https://thehackernews.com/2024/05/europol-dismantles-100-servers-linked.html

The Hacker News - U.S. Dismantles World's Largest 911 S5 Botnet, with 19 Million Infected Devices

The U.S. Department of Justice (DoJ) on Wednesday said it dismantled what it described as "likely the world's largest botnet ever," which consisted of an army of 19 million infected devices that was leased to other threat actors to commit a wide array of offenses. The botnet, which has a global footprint spanning more than 190 countries, functioned as a residential proxy service known as 911 S5. from The Hacker News https://thehackernews.com/2024/05/us-dismantles-worlds-largest-911-s5.html

The Hacker News - Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud

Okta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing attacks orchestrated by threat actors. "We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for a number of our customers," the Identity and access management (IAM) services provider said. The from The Hacker News https://thehackernews.com/2024/05/okta-warns-of-credential-stuffing.html

The Hacker News - Check Point Warns of Zero-Day Attacks on its VPN Gateway Products

Check Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild. Tracked as CVE-2024-24919, the issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. "The vulnerability potentially allows an attacker to read certain information on from The Hacker News https://thehackernews.com/2024/05/check-point-warns-of-zero-day-attacks.html

The Hacker News - New Research Warns About Weak Offboarding Management and Insider Risks

A recent study by Wing Security found that 63% of businesses may have former employees with access to organizational data, and that automating SaaS Security can help mitigate offboarding risks.  Employee offboarding is typically seen as a routine administrative task, but it can pose substantial security risks, if not handled correctly. Failing to quickly and thoroughly remove access for from The Hacker News https://thehackernews.com/2024/05/new-research-warns-about-weak.html

Schneier - Privacy Implications of Tracking Wireless Access Points

Brian Krebs reports on research into geolocating routers: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geolocate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally—including non-Apple devices like Starlink systems—and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. Really fascinating implications to this research. Research paper: “ Surveilling the Masses with Wi-Fi-Based Positioning Systems : Abstract: Wi-Fi-based Positioning Systems (WPSes) are used by modern mobile devices to learn their position using nearby Wi-Fi access points as landmarks. In this work, we show that Apple’s WPS can be abused to create a privacy threat on a glo...

The Hacker News - Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group

A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks targeting individuals and organizations in the software and information technology, education, and defense industrial base sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. "Moonstone Sleet is observed to set up fake companies and from The Hacker News https://thehackernews.com/2024/05/microsoft-uncovers-moonstone-sleet-new.html

The Hacker News - BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder?

The online criminal bazaar BreachForums has been resurrected merely two weeks after a U.S.-led coordinated law enforcement action dismantled and seized control of its infrastructure. Cybersecurity researchers and dark web trackers Brett Callow, Dark Web Informer, and FalconFeeds revealed the site's online return at breachforums[.]st – one of the dismantled sites – by a user named ShinyHunters, from The Hacker News https://thehackernews.com/2024/05/breachforums-returns-just-weeks-after.html

KnowBe4 - KnowBe4 Free Tools Now Available On CISA’s Website

Image
We are big fans of the U.S. Cybersecurity Infrastructure Security Agency (CISA), whose informal slogan of “An organization so committed to security that it’s in our name twice” is a source of pride. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/free-knowbe4-tools-cisas-website

KnowBe4 - China Threat Actor Targeting African and Caribbean Entities With Spear Phishing Attacks

Image
The China-aligned threat actor “Sharp Dragon” is launching spear phishing attacks against government entities in African and Caribbean countries, according to researchers at Check Point. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/spear-phishing-attacks-target-african-caribbean-entities

Schneier - Lattice-Based Cryptosystems and Quantum Cryptanalysis

Quantum computers are probably coming, though we don’t know when—and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The National Institute for Standards and Technology (NIST) has been hosting a competition since 2017, and there already are several proposed standards . Most of these are based on lattice problems. The mathematics of lattice cryptography revolve around combining sets of vectors—that’s the lattice—in a multi-dimensional space. These lattices are filled with multi-dimensional periodicities. The hard problem that’s used in cryptography is to find the shortest periodicity in a large, random-looking lattice. This can be turned into a public-key cryptosystem in a variety of different ways. Research has been ongoing since 1996, and there has been some really great work since then—including many practica...

The Hacker News - Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique

The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks. "CatDDoS-related gangs' samples have used a large number of known vulnerabilities to deliver samples," the QiAnXin XLab team  from The Hacker News https://thehackernews.com/2024/05/researchers-warn-of-catddos-botnet-and.html

The Hacker News - TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as CVE-2024-5035, carries a CVSS score of 10.0. It impacts all versions of the router firmware including and prior to 1_1.1.6. It has  from The Hacker News https://thehackernews.com/2024/05/tp-link-gaming-router-vulnerability.html

The Hacker News - Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud

Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that's behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. "Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate," the company said in its latest Cyber Signals report. "We've seen some examples where from The Hacker News https://thehackernews.com/2024/05/moroccan-cybercrime-group-steals-up-to.html

The Hacker News - Report: The Dark Side of Phishing Protection

The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks are still a very risky attack vector. A new report by LayerX explores the state of from The Hacker News https://thehackernews.com/2024/05/report-dark-side-of-phishing-protection.html

The Hacker News - Experts Find Flaw in Replicate AI Service Exposing Customers' Models and Data

Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. "Exploitation of this vulnerability would have allowed unauthorized access to the AI prompts and results of all Replicate's platform customers," from The Hacker News https://thehackernews.com/2024/05/experts-find-flaw-in-replicate-ai.html

The Hacker News - Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack

The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating rogue virtual machines (VMs) within its VMware environment. "The adversary created their own rogue VMs within the VMware environment, leveraging compromised vCenter Server access," MITRE from The Hacker News https://thehackernews.com/2024/05/hackers-created-rogue-vms-to-evade.html

The Hacker News - Fake Antivirus Websites Deliver Malware to Android and Windows Devices

Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. "Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from The Hacker News https://thehackernews.com/2024/05/fake-antivirus-websites-deliver-malware.html

The Hacker News - How Do Hackers Blend In So Well? Learn Their Tricks in This Expert Webinar

Don't be fooled into thinking that cyber threats are only a problem for large organizations. The truth is that cybercriminals are increasingly targeting smaller businesses, and they're getting smarter every day. Join our FREE webinar "Navigating the SMB Threat Landscape: Key Insights from Huntress' Threat Report," in which Jamie Levy — Director of Adversary Tactics at Huntress, a renowned from The Hacker News https://thehackernews.com/2024/05/how-do-hackers-blend-in-so-well-learn.html

The Hacker News - Google Detects 4th Chrome Zero-Day in May Actively Under Attack - Update ASAP

Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of from The Hacker News https://thehackernews.com/2024/05/google-detects-4th-chrome-zero-day-in.html

Schneier - On the Zero-Day Market

New paper: “ Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market “: Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft. The last ten years have also been marked by stark failures to control spyware and its precursors and components. This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. Second, this Article applies lessons from these failures to guide regulatory efforts going forward. While recognizing that controlling this trade is difficult, I argue countries should focus on building and strengthening multilateral coalitions of the willing, rather than on strong-arming existing multilateral institutio...

The Hacker News - Japanese Experts Warn of BLOODALCHEMY Malware Targeting Government Agencies

Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad. "The origin of BLOODALCHEMY and Deed RAT is ShadowPad and given the history of ShadowPad being utilized in numerous APT from The Hacker News https://thehackernews.com/2024/05/japanese-experts-warn-of-bloodalchemy.html

The Hacker News - New Frontiers, Old Tactics: Chinese Espionage Group Targets Africa & Caribbean Govts

The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and the Caribbean as part of an ongoing cyber espionage campaign. "The campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while minimizing the exposure of their custom tools," Check Point from The Hacker News https://thehackernews.com/2024/05/new-frontiers-old-tactics-chinese-cyber.html

Rapid 7 - The Take Command Summit: A Day of Resilience and Preparation

Image
The Take Command Summit is officially in the books. It was a day-long virtual powerhouse of major voices and ultra-relevant topics from across the entire cybersecurity spectrum. We are super proud of the event and grateful for all who joined us for these important discussions. At Rapid7 we are eager to have the critical conversations at the critical moments and right now, the industry faces a great many challenges. From ransomware to cloud security to building the best 24/7/365 security operations center, the entire industry is facing hard choices from all fronts. But like every challenge, there are opportunities. And the Take Command Summit was created to help galvanize the entire security community to take command of those opportunities. There are way too many highlights from the summit for us to go through them all here, but needless to say, the entire event is chock full of insights into the security landscape, tactics for overcoming security challenges, deep conversations on to...

The Hacker News - Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed

Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part of an ongoing cyber espionage campaign dubbed Operation Diplomatic Specter since at least late 2022. "An analysis of this threat actor’s activity reveals long-term espionage operations against at least seven governmental entities," Palo Alto Networks from The Hacker News https://thehackernews.com/2024/05/inside-operation-diplomatic-specter.html

Schneier - Personal AI Assistants and Privacy

Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called “Recall” for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall records everything users do on their PC, including activities in apps, communications in live meetings, and websites visited for research. Despite encryption and local storage, the new feature raises privacy concerns for certain Windows users. I wrote about this AI trust problem last year: One of the promises of generative AI is a personal digital assistant. Acting as your advocate with others, and as a butler with you. This requires an intimacy greater than your search engine, email provider, cloud storage system, or phone. You’re going to want it with you 24/7, constantly training on everything you do. You will want it to know everything about you, so it can most effectively work on your b...

The Hacker News - Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager

Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances. Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to SQL injection flaws that allow an unauthenticated attacker within the same network to from The Hacker News https://thehackernews.com/2024/05/ivanti-patches-critical-remote-code.html

KnowBe4 - UK Cybersecurity Org Offers Advice for Thwarting BEC Attacks

Image
The UK’s National Cyber Security Centre (NCSC) has issued guidance to help medium-sized organizations defend themselves against business email compromise (BEC) attacks, especially those targeting senior staff members. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ncsc-offers-advice-for-thwarting-bec-attacks

KnowBe4 - Don't Let Criminals Steal Your Summer Fun

Image
Summer has finally arrived in certain parts of the world, and with it come many exciting events — from the grandeur of the Olympics to the grass courts of Wimbledon, from the electrifying performances of Taylor Swift to the many other concerts that light up the season. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/dont-let-criminals-steal-your-summer-fun

KnowBe4 - Malicious Use of Generative AI Large Language Models Now Comes in Multiple Flavors

Image
Analysis of malicious large language model (LLM) offerings on the dark web uncovers wide variation in service quality, methodology and value – with some being downright scams. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/malicious-use-of-generative-ai-large-language-models-now-comes-in-multiple-flavors

KnowBe4 - Announcing KnowBe4 Student Edition: Cybersecurity Education Tailored for the Next Generation

Image
I recently heard another heartbreaking story of students who were scammed out of financial aid by a phishing attack . We have also heard stories of employment scams and social media based attacks where students fell victim to cybercriminals.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/introducing-knowbe4-student-edition-ksat

Schneier - Unredacting Pixelated Text

Experiments in unredacting text that has been pixelated. from Schneier on Security https://www.schneier.com/blog/archives/2024/05/unredacting-pixelated-text.html

The Hacker News - The Ultimate SaaS Security Posture Management Checklist, 2025 Edition

Since the first edition of The Ultimate SaaS Security Posture Management (SSPM) Checklist was released three years ago, the corporate SaaS sprawl has been growing at a double-digit pace. In large enterprises, the number of SaaS applications in use today is in the hundreds, spread across departmental stacks, complicating the job of security teams to protect organizations against from The Hacker News https://thehackernews.com/2024/05/the-ultimate-saas-security-posture.html

The Hacker News - GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver (BYOVD) attack. Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE. Previous research from Chinese from The Hacker News https://thehackernews.com/2024/05/ghostengine-exploits-vulnerable-drivers.html

Krebs - Why Your Wi-Fi Router Doubles as an Apple AirTag

Image
Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. At issue is the way that Apple collects and publicly shares information about the precise location of all Wi-Fi access points seen by its devices. Apple collects this location data to give Apple devices a crowdsourced, low-power alternative to constantly requesting global positioning system (GPS) coordinates. Both Apple and Google operate their own Wi-Fi-based Positioning Systems (WPS) that obtain cer...