Posts

Showing posts from July, 2024

The Hacker News - DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight

Certificate authority (CA) DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificates that do not have proper Domain Control Validation (DCV). "Before issuing a certificate to a from The Hacker News https://thehackernews.com/2024/07/digicert-to-revoke-83000-ssl.html

The Hacker News - North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS

The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster, dubbed DEV#POPPER and linked to North Korea, has been found to have singled out victims across South Korea, North America, Europe, and the Middle East. "This form of attack is an from The Hacker News https://thehackernews.com/2024/07/north-korea-linked-malware-targets.html

Krebs - Don’t Let Your Domain Name Become a “Sitting Duck”

Image
More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image: Shutterstock. Your Web browser knows how to find a site like example.com thanks to the global Domain Name System (DNS), which serves as a kind of phone book for the Internet by translating human-friendly website names (example.com) into numeric Internet addresses. When someone registers a domain name, the registrar will typically provide two sets of DNS records that the customer then needs to assign to their domain. Those records are crucial because they allow Web browsers to find the Internet address of the hosting provider that is serving that domain. But potential problems can arise when a domain’s DNS records are “lame,” meaning the authoritative name server does not have enough information ...

KnowBe4 - KnowBe4 Named a Leader in the Summer 2024 G2 Grid Report for Security Awareness Training

Image
We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares   security awareness training   (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/summer-2024-g2-grid-report-sat

The Hacker News - How To Get the Most From Your Security Team’s Email Alert Budget

We’ll TL;DR the FUDdy introduction: we all know that phishing attacks are on the rise in scale and complexity, that AI is enabling more sophisticated attacks that evade traditional defenses, and the never-ending cybersecurity talent gap means we’re all struggling to keep security teams fully staffed.  Given that reality, security teams need to be able to monitor and respond to threats from The Hacker News https://thehackernews.com/2024/07/how-to-get-most-from-your-security.html

The Hacker News - Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova

Companies in Russia and Moldova have been the target of a phishing campaign orchestrated by a little-known cyber espionage group known as XDSpy. The findings come from cybersecurity firm F.A.C.C.T., which said the infection chains lead to the deployment of a malware called DSDownloader. The activity was observed this month, it added. XDSpy is a threat actor of indeterminate origin that was first from The Hacker News https://thehackernews.com/2024/07/cyber-espionage-group-xdspy-targets.html

The Hacker News - New Mandrake Spyware Found in Google Play Store Apps After Two Years

A new iteration of a sophisticated Android spyware called Mandrake has been discovered in five applications that were available for download from the Google Play Store and remained undetected for two years. The applications attracted a total of more than 32,000 installations before being pulled from the app storefront, Kaspersky said in a Monday write-up. A majority of the downloads originated from The Hacker News https://thehackernews.com/2024/07/new-mandrake-spyware-found-in-google.html

KnowBe4 - CyberheistNews Vol 14 #31 How The Whole World Now Knows About Fake North Korean IT Workers

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-14-31-how-the-whole-world-now-knows-about-fake-north-korean-it-workers

HACKMAGEDDON - 16-30 April 2024 Cyber Attacks Timeline

In the second timeline of April 2024 I collected 107 events (7.13 events/day). And despite malware continued to dominate the threat landscape... from HACKMAGEDDON https://www.hackmageddon.com/2024/07/30/16-30-april-2024-cyber-attacks-timeline/

The Hacker News - New SideWinder Cyber Attacks Target Maritime Facilities in Multiple Countries

The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. The BlackBerry Research and Intelligence Team, which discovered the activity, said targets of the spear-phishing campaign include countries like Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and the from The Hacker News https://thehackernews.com/2024/07/new-sidewinder-cyber-attacks-target.html

The Hacker News - OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script

Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script. "This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems," Trellix security researcher Rafael Pena said in a Monday analysis. The cybersecurity from The Hacker News https://thehackernews.com/2024/07/onedrive-phishing-scam-tricks-users.html

Rapid 7 - VMware ESXi CVE-2024-37085 Targeted in Ransomware Campaigns

Image
On Monday, July 29, Microsoft published an extensive threat intelligence blog on observed exploitation of CVE-2024-37085, an Active Directory integration authentication bypass vulnerability affecting Broadcom VMware ESXi hypervisors. The vulnerability, according to Redmond, was identified in zero-day attacks and has evidently been used by at least half a dozen ransomware operations to obtain full administrative permissions on domain-joined ESXi hypervisors (which, in turn, enables attackers to encrypt downstream file systems). CVE-2024-37085 was one of multiple issues fixed in a June 25 advisory from Broadcom; it appears to have been exploited as a zero-day vulnerability. Per Broadcom’s advisory , successful exploitation of CVE-2024-37085 allows attackers “with sufficient Active Directory (AD) permissions to gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group (‘ESXi Admins’ by default) after it was de...

Rapid 7 - Key Takeaways From The Take Command Summit: Building Resilient Cyber Defenses Through AI

Image
One of the most talked-about sessions at the Take Command 2024 Cybersecurity Virtual Summit,"Control the Chaos: Building Resilient Cyber Defenses Through AI," featured experts from AWS and Rapid7 exploring how artificial intelligence is transforming cybersecurity and sharing practical guidance on leveraging AI to enhance cyber defenses. Here are the key takeaways: AI Enhances Alert Triage and Contextual Information : Laura Ellis, Vice President of Data Engineering at Rapid7, highlighted the power of AI in managing the overwhelming volume of alerts. "Using AI to help with alert triage... finding that signal, boosting the signal, reducing the noise, and being that assistant to work through that high volume of alerts." AI can also provide additional context to security teams, helping them make more informed decisions quickly. The Role of AI in Reducing Manual Tasks : Generative AI can significantly reduce the manual workload on security analysts. Laura said, ...

KnowBe4 - QR Code Phishing is Still on the Rise

Image
Organizations need to be aware of the threat posed by QR code phishing (quishing), according to researchers at Trend Micro. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/qr-code-phishing-is-still-on-the-rise

KnowBe4 - Nearly All Ransomware Attacks Now Include Exfiltration of Data…But Not All Are Notified

Image
Organizations are falling victim to ransomware attacks where data is stolen, but the victim isn’t being told about it. I have a theory as to why this is happening. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/nearly-all-ransomware-attacks-now-include-exfiltration-of-data-but-not-all-are-notified

The Hacker News - Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site

The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website ("chrome-web[.]com") serving malicious installer packages masquerading as Google's Chrome browser, indicating that users searching for the software on the from The Hacker News https://thehackernews.com/2024/07/gh0st-rat-trojan-targets-chinese.html

KnowBe4 - How The Whole World Now Knows About Fake North Korean IT Workers

Image
Wow. Last week's blog post went viral, hitting major media outlets and receiving over 100K hits in just a few days. Most responses, coming from all over the world, praised our transparency and commitment to doing what's right. However, some people reacted negatively. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/how-the-whole-world-now-knows-about-fake-north-korean-it-workers

The Hacker News - French Authorities Launch Operation to Remove PlugX Malware from Infected Systems

French judicial authorities, in collaboration with Europol, have launched a so-called "disinfection operation" to rid compromised hosts of a known malware called PlugX. The Paris Prosecutor's Office, Parquet de Paris, said the initiative was launched on July 18 and that it's expected to continue for "several months." It further said around a hundred victims located in France, Malta, Portugal, from The Hacker News https://thehackernews.com/2024/07/french-authorities-launch-operation-to.html

The Hacker News - Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with the goal of stealing users' Google Cloud credentials from a narrow pool of victims. The package, named "lr-utils-lib," attracted a total of 59 downloads before it was taken down. It was uploaded to the registry in early June 2024. "The malware uses a from The Hacker News https://thehackernews.com/2024/07/malicious-pypi-package-targets-macos-to.html

Schneier - Compromising the Secure Boot Process

This isn’t good : On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it. The repository was located at https://ift.tt/AsoePDC, and it’s not clear when it was taken down. The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plai...

KnowBe4 - New Phishing Scam Leverages Chat To Add Credibility And Ensure Success

Image
A new phishing scam is leveraging trusted aspects of ecommerce to make their scams look legitimate. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/add-chat-support-to-the-list-of-techniques-scammers-use

The Hacker News - This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level. Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, described the crimeware solution as a "sophisticated AI-powered phishing-as-a-service platform" from The Hacker News https://thehackernews.com/2024/07/spanish-hackers-bundle-phishing-kits.html

KnowBe4 - Russian Super-Threat Group Fin7 Comes Back from the Dead

Image
Declared “dead” by the U.S. Attorney’s Office in 2023, the Russian cyber crime group Fin7 is impersonating some of the top global brands. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/russian-super-threat-group-fin7-back

KnowBe4 - Your KnowBe4 Fresh Content Updates from July 2024

Image
Check out the 26 new pieces of training content added in July, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-july-2024

The Hacker News - Offensive AI: The Sine Qua Non of Cybersecurity

"Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo. In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Internet. The message, which read "I'm the Creeper: catch me if you can." was the output of a program named from The Hacker News https://thehackernews.com/2024/07/offensive-ai-sine-qua-non-of.html

The Hacker News - U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals

The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world. "Rim Jong Hyok and his co-conspirators deployed from The Hacker News https://thehackernews.com/2024/07/us-doj-indicts-north-korean-hacker-for.html

The Hacker News - CrowdStrike Warns of New Phishing Scam Targeting German Customers

CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers as part of a highly targeted campaign. The cybersecurity company said it identified what it described as an unattributed spear-phishing attempt on July 24, 2024, distributing an inauthentic CrowdStrike Crash Reporter from The Hacker News https://thehackernews.com/2024/07/crowdstrike-warns-of-new-phishing-scam.html

The Hacker News - Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk

Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier. "In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code from The Hacker News https://thehackernews.com/2024/07/critical-flaw-in-telerik-report-server.html

The Hacker News - North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks

A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the activity cluster under a new moniker APT45, which overlaps with names such as Andariel, Nickel Hyatt, from The Hacker News https://thehackernews.com/2024/07/north-korean-hackers-shift-from-cyber.html

Rapid 7 - Buying Stuff For Free From Shopping Websites

Image
Rapid7 is often tasked with evaluating the security of e-commerce sites. When dealing directly with customer financials, the security of these transactions is a top concern. Fortunately, there are ample pre-built e-commerce platforms one can simply purchase or install. From an attacker’s perspective, these are annoying to attack since they're tested so often by the vendors maintaining the e-commerce platform. So how do you exploit a site that’s already been thoroughly tested? There are many ways, but we’ll go over two. One exploitation path is through insecure custom code added to the e-commerce framework. Often, the framework won't come pre-installed with a business need of the organization and it's up to your team to create custom code to perform it. If this code isn't tested and secure, there’s a chance a vulnerability can be introduced. Another way is the leaking of secrets or guessable credentials (yes, it still happens in 2024 ). Think an admin password being ...

Schneier - Data Wallets Using the Solid Protocol

I am the Chief of Security Architecture at Inrupt, Inc. , the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture. Details are here , but basically a digital wallet is a repository for personal data and documents. Right now, there are hundreds of different wallets, but no standard. We think designing a wallet around Solid makes sense for lots of reasons. A wallet is more than a data store—data in wallets is for using and sharing. That requires interoperability, which is what you get from an open standard. It also requires fine-grained permissions and robust security, and that’s what the Solid protocols provide. I think of Solid as a set of protocols for decoupling applications, data, and security. That’s the sort of thing that will make digital wallets work. from Schneier on Security https://www.schneier.com/blog/archives/2024/07/data-wallets-using-the-s...

KnowBe4 - North Korean Fake IT Worker FAQ

Image
Frequently Asked Questions About KnowBe4's Fake IT Worker Blog   July 23, 2024, I wrote a blog post about how KnowBe4 inadvertently hired a skillful North Korean IT worker who used the stolen identity of a US citizen. He participated in several rounds of video interviews and circumvented background check processes commonly used.   The intent was to share an organizational learning moment, so you can make sure this does not happen to you. The story went viral, which is exactly what I had hoped for. Do we have egg on our face? Yes. And I am sharing that lesson with you. It's why I started KnowBe4 in 2010. In 2024 our mission is more important than ever.    Q1: Was any KnowBe4 system breached in this North Korean IT worker incident? No. KnowBe4 was not breached. When we hire new employees, their user account is granted only limited permissions that allow them to proceed through our new hire onboarding process and training. They can access only a minimal amoun...

The Hacker News - Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner. Tenable has given the vulnerability the name ConfusedFunction. "An attacker could escalate their privileges to the Default Cloud Build Service Account and from The Hacker News https://thehackernews.com/2024/07/experts-expose-confusedfunction.html

The Hacker News - CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition. "A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S. Cybersecurity and from The Hacker News https://thehackernews.com/2024/07/cisa-warns-of-exploitable.html

The Hacker News - Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins

Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity. "An attacker could exploit a bypass using an API request with Content-Length set from The Hacker News https://thehackernews.com/2024/07/critical-docker-engine-flaw-allows.html

The Hacker News - New Chrome Feature Scans Password-Protected Files for Malicious Content

Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said. To that from The Hacker News https://thehackernews.com/2024/07/new-chrome-feature-scans-password.html

Schneier - Robot Dog Internet Jammer

Supposedly the DHS has these : The robot, called “NEO,” is a modified version of the “Quadruped Unmanned Ground Vehicle” (Q-UGV) sold to law enforcement by a company called Ghost Robotics. Benjamine Huffman, the director of DHS’s Federal Law Enforcement Training Centers (FLETC), told police at the 2024 Border Security Expo in Texas that DHS is increasingly worried about criminals setting “booby traps” with internet of things and smart home devices, and that NEO allows DHS to remotely disable the home networks of a home or building law enforcement is raiding. The Border Security Expo is open only to law enforcement and defense contractors. A transcript of Huffman’s speech was obtained by the Electronic Frontier Foundation’s Dave Maass using a Freedom of Information Act request and was shared with 404 Media. “NEO can enter a potentially dangerous environment to provide video and audio feedback to the officers before entry and allow them to communicate with those in that environment,” ...

The Hacker News - CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices

Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week. "On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry on possible novel threat techniques," the company from The Hacker News https://thehackernews.com/2024/07/crowdstrike-explains-friday-windows.html

The Hacker News - Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers

A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs said it detected the stealer campaign targeting Spain, Thailand, and the U.S. using booby-trapped files that exploit CVE-2024-21412 (CVSS score: 8.1). The high-severity from The Hacker News https://thehackernews.com/2024/07/microsoft-defender-flaw-exploited-to.html

The Hacker News - CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2012-4792 (CVSS score: 9.3) - Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.3) - Twilio Authy Information Disclosure from The Hacker News https://thehackernews.com/2024/07/cisa-adds-twilio-authy-and-ie-flaws-to.html

KnowBe4 - How a North Korean Fake IT Worker Tried to Infiltrate Us

Image
Incident Report Summary: Insider Threat TLDR: KnowBe4 was in need of a software engineer for our internal IT AI team. Posted the job, got resumes, did the interviews, did the background check, checked the references and hired the person. We sent the Mac and the moment it was received it immediately started to load malware. The EDR software saw it and started to throw alerts to our InfoSec SOC team. SOC called the new hire and asked if they could help. That's when it got dodgy fast. We immediately locked the box and started investigating. Worked with Mandiant and the FBI. Turns out this was a fake IT worker from north Korea. The picture you see is an AI deepfake that started out with stock photography (below). from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us

HACKMAGEDDON - 1-15 April 2024 Cyber Attacks Timeline

In the first timeline of April 2024 I collected 107 events (7.13 events/day), as always characterized by a majority of malware attacks. from HACKMAGEDDON https://www.hackmageddon.com/2024/07/23/1-15-april-2024-cyber-attacks-timeline/

The Hacker News - Google Abandons Plan to Phase Out Third-Party Cookies in Chrome

Google on Monday abandoned plans to phase out third-party tracking cookies in its Chrome web browser more than four years after it introduced the option as part of a larger set of a controversial proposal called the Privacy Sandbox. "Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web from The Hacker News https://thehackernews.com/2024/07/google-abandons-plan-to-phase-out-third.html

The Hacker News - Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking

The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced "technology suite" that runs the whole cybercrime supply chain spectrum to spearhead its operations. Infoblox is tracking the proprietor from The Hacker News https://thehackernews.com/2024/07/experts-uncover-chinese-cybercrime.html

The Hacker News - PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing

A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. "Serverless architectures are attractive to developers and enterprises for their flexibility, cost effectiveness, and ease of use," Google from The Hacker News https://thehackernews.com/2024/07/pineapple-and-fluxroot-hacker-groups.html

The Hacker News - How to Set up an Automated SMS Analysis Service with AI in Tines

The opportunities to use AI in workflow automation are many and varied, but one of the simplest ways to use AI to save time and enhance your organization’s security posture is by building an automated SMS analysis service. Workflow automation platform Tines provides a good example of how to do it. The vendor recently released their first native AI features, and security teams have already from The Hacker News https://thehackernews.com/2024/07/how-to-set-up-automated-sms-analysis.html

The Hacker News - MSPs & MSSPs: How to Increase Engagement with Your Cybersecurity Clients Through vCISO Reporting

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, “Your First 100 Days as a vCISO – 5 Steps to Success”, which covers all the phases entailed in launching a successful vCISO engagement, along with from The Hacker News https://thehackernews.com/2024/07/msps-mssps-how-to-increase-engagement.html

The Hacker News - Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix. The attack chains involve distributing a ZIP archive file named "crowdstrike-hotfix.zip," from The Hacker News https://thehackernews.com/2024/07/cybercriminals-exploit-crowdstrike.html

The Hacker News - 17-Year-Old Linked to Scattered Spider Cybercrime Syndicate Arrested in U.K.

Law enforcement officials in the U.K. have arrested a 17-year-old boy from Walsall who is suspected to be a member of the notorious Scattered Spider cybercrime syndicate. The arrest was made "in connection with a global cyber online crime group which has been targeting large organizations with ransomware and gaining access to computer networks," West Midlands police said. "The arrest is part of from The Hacker News https://thehackernews.com/2024/07/17-year-old-linked-to-scattered-spider.html

Schneier - Friday Squid Blogging: Peru Trying to Protect its Squid Fisheries

Peru is trying to protect its territorial waters from Chinese squid-fishing boats. Blog moderation policy. from Schneier on Security https://www.schneier.com/blog/archives/2024/07/friday-squid-blogging-peru-trying-to-protect-its-squid-fisheries.html

KnowBe4 - CrowdStrike Phishing Attacks Appear in Record Time

Image
I have been the CEO of an anti-virus software developer. We had a special acronym for catastrophic events like this, a so-called "CEE". As in Company Extinction Event.  Within hours of mass IT outages on Friday, a surge of new domains began appearing online, all sharing one common factor: the name CrowdStrike. As the company grapples with a global tech outage that has delayed flights and disrupted emergency services, opportunistic cybercriminals are quick to exploit the chaos. Numerous websites have surfaced, promising help to those affected by the outage. Names like crowdstriketoken[.]com, crowdstrikedown[.]site, crowdstrikefix[.]com, were identified by a UK-based cybersecurity researcher specializing in credential phishing. These new domains were registered and designed in record time to lure in people desperate to restore their systems. While phishing sites commonly emerge following major events, the scale of Friday’s outages presents a vast field of potential vict...

KnowBe4 - 7 in 10 Organizations Experienced a Business Email Compromise Attack in the Last 12 Months

Image
Despite ransomware getting the lion’s share of the tech pub headlines, business email compromise (BEC) attacks are alive and well… and having a material impact. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/organizations-experienced-business-email-compromise-attack

Rapid 7 - Metasploit Weekly Wrap-Up 7/19/2024

Image
GeoServer Unauthenticated RCE This week, contributor h00die-gr3y added an interesting exploit module that targets the GeoServer open-source application. This software is used to view, edit, and share geospatial data. Versions prior to 2.23.6, versions between 2.24.0 and 2.24.3 and versions between 2.25.0 and 2.25.1 are unsafely evaluating property names as XPath expressions, which can lead to unauthenticated remote code execution. This vulnerability is identified as CVE-2024-36401 , and affects all GeoServer instances. This has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic, and WPS Execute requests. New module content (1) GeoServer Unauthenticated Remote Code Execution Authors: Steve Ikeoka, h00die-gr3y , and jheysel-r7 Type: Exploit Pull request: #19311 contributed by h00die-gr3y Path: multi/http/geoserver_unauth_rce_cve_2024_36401 AttackerKB reference: CVE-2024-36401 Description: T...

The Hacker News - Safeguard Personal and Corporate Identities with Identity Intelligence

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  In the current cyber threat landscape, the protection of personal and corporate identities has become vital. from The Hacker News https://thehackernews.com/2024/07/safeguard-personal-and-corporate.html

The Hacker News - Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware

A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed to harvest sensitive information. These attacks, attributed to an activity cluster codenamed OilAlpha, entail a new set of malicious mobile apps that come with their own supporting infrastructure, Recorded Future's Insikt Group said. Targets of the ongoing campaign from The Hacker News https://thehackernews.com/2024/07/pro-houthi-group-targets-yemen-aid.html

The Hacker News - Summary of "AI Leaders Spill Their Secrets" Webinar

Event Overview The "AI Leaders Spill Their Secrets" webinar, hosted by Sigma Computing, featured prominent AI experts sharing their experiences and strategies for success in the AI industry. The panel included Michael Ward from Sardine, Damon Bryan from Hyperfinity, and Stephen Hillian from Astronomer, moderated by Zalak Trivedi, Sigma Computing's Product Manager. Key Speakers and Their from The Hacker News https://thehackernews.com/2024/07/summary-of-ai-leaders-spill-their.html

The Hacker News - SolarWinds Patches 11 Critical Flaws in Access Rights Manager Software

SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to access sensitive information or execute arbitrary code. Of the 11 vulnerabilities, seven are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0. The remaining four weaknesses have been rated High in severity, with each of them having a CVSS from The Hacker News https://thehackernews.com/2024/07/solarwinds-patches-11-critical-flaws-in.html

The Hacker News - WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach

Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets. "A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million," the company said in a statement. "This wallet was operated utilizing the services of Liminal's digital asset custody and from The Hacker News https://thehackernews.com/2024/07/wazirx-cryptocurrency-exchange-loses.html

Rapid 7 - Unveiling Key Insights from the 2024 Take Command Summit

Image
The 2024 Take Command Summit, held virtually in partnership with AWS, united over 2,000 security professionals to delve into critical cybersecurity issues. Our infographic captures the essence of the summit, showcasing expert insights from 10 sessions on topics like new attack intelligence, AI disruptions, and transparent MDR partnerships. We also highlight attendees' thoughts on various subject matters, from AI's role in security to the importance of collaboration and communication. Check out the key highlights, stand out stats, and engaging stories can inform your security strategies and keep your organization ahead of emerging threats. from Rapid7 Cybersecurity Blog https://blog.rapid7.com/2024/07/18/unveiling-key-insights-from-the-2024-take-command-summit/

Black Hills InfoSec - Auditing GitLab: Public Gitlab Projects on Internal Networks

Image
A great place that can sometimes be overlooked on an internal penetration test are the secrets hidden in plain sight. That is, a place where no authentication is required in […] The post Auditing GitLab: Public Gitlab Projects on Internal Networks appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/auditing-gitlab/

Schneier - Criminal Gang Physically Assaulting People for Their Cryptocurrency

This is pretty horrific : …a group of men behind a violent crime spree designed to compel victims to hand over access to their cryptocurrency savings. That announcement and the criminal complaint laying out charges against St. Felix focused largely on a single theft of cryptocurrency from an elderly North Carolina couple, whose home St. Felix and one of his accomplices broke into before physically assaulting the two victims—­both in their seventies—­and forcing them to transfer more than $150,000 in Bitcoin and Ether to the thieves’ crypto wallets. I think cryptocurrencies are more susceptible to this kind of real-world attack because they are largely outside the conventional banking system. Yet another reason to stay away from them. from Schneier on Security https://www.schneier.com/blog/archives/2024/07/criminal-gang-physically-assaulting-people-for-their-cryptocurrency.html

The Hacker News - Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0. "This vulnerability is due to improper from The Hacker News https://thehackernews.com/2024/07/cisco-warns-of-critical-flaw-affecting.html

KnowBe4 - Crack the Code on Ransomware: Empowering Your Last Line of Defense

Image
Cybercriminals are maximizing the potential damage to your organization to boost their profits. A staggering   91% of reported ransomware attacks included a data exfiltration effort . Now is the time to prepare your defenses. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/crack-the-code-on-ransomware-empowering-your-last-line-of-defense