Why Ransomware Gangs Opt for Encryption-Less Attacks
Attackers have shifted their strategies in the face of increased law enforcement attention and the desire to encourage ransom payments.
This strategy to minimize business disruption helps keep the victim's business functional while pressuring them to pay the ransom discreetly.
They also want to increase the chance of a victim paying ransom because in many of the cases - and this is not in large numbers - the victim will not even report it.
They will pay it off and keep it under the wrap. It's a win-win situation if you think about it from their perspective.
@Cyber_Security_Channel
CISA Posts Remote Monitoring & Management Systems Cyber Defense Plan
The Cybersecurity and Infrastructure Security Agency (CISA) published the Cyber Defense Plan for Remote Monitoring and Management (RMM), the first proactive plan developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC) as part of their 2023 Planning Agenda.
Part of the 2023 Planning Agenda, the RMM Cyber Defense Plan provides a roadmap to advance security and resilience of this critical ecosystem, including RMM vendors, managed service providers (MSPs), managed security service providers (MSSPs), small and medium sized businesses (SMBs) and critical infrastructure operators.
@Cyber_Security_Channel
DEF CON's AI Village Pits Hackers Against LLMs to Find Flaws
"We will be going through the anonymized data and finding patterns of vulnerabilities that participants discovered during the challenge and produce a report that will hopefully help ML and security researchers gain better insights into LLMs and policymakers make more informed regulations about AI," Ghosh says.
While he won't answer questions directly about any of the winning LLM hacks, Ghosh says he was able to use the LLMs to generate discriminatory code, credit card numbers, misinformation, and more.
@Cyber_Security_Channel
⚡️Duolingo Suffers Massive Data Breach; Scrapped Data Lands on Hacking Forum
The hacker was able to verify active Duolingo users by feeding millions of email addresses to the vulnerable API.
The verified email IDs were then used by the hacker to create a dataset containing both public and non-public information.
Alternatively, it is also possible to feed a username to the API to retrieve JSON output, containing sensitive user data.
@Cyber_Security_Channel
BankCard USA Data Breach Exposes Thousands
The state of Maine imposes unusually strict reporting requirements on data breaches affecting its residents — in this case just 32 of the total 10,312 victims, the rest of whom Cybernews understands to be located across the US.
As well as launching an internal investigation into the breach using third-party cybersecurity contractors, BankCard reported the incident to police and says it has since “implemented additional layers of security in our identification and verification processes.”
@Cyber_Security_Channel
This Israeli AI Firm is Revolutionizing Cybersecurity's War on Bots
Bots exist on a spectrum, with beneficial and detrimental implications.
These programs execute tasks efficiently, saving time and providing users with detailed data.
The usage of AI-powered bots has emerged as a vexing challenge for organizations.
A University of Baltimore study estimates that in 2020 alone, ad fraud, primarily driven by bots, inflicted a global economic loss of $35 billion.
An Internet bot, commonly referred to as just a bot, is a software application designed to automate tasks and scripts over the Internet.
@Cyber_Security_Channel
Spoofing an Apple device and tricking users into sharing sensitive data
Even if users tap on the Bluetooth icon, their iPhones will continue to receive proximity actions.
Bochs speculate that these flaws were “certainly by design” to allow smartwatches and headphones to keep working with Bluetooth toggled and Apple won’t address them.
The expert recommends turning Bluetooth off in the device settings to protect the device.
@Cyber_Security_Channel
Phishing Attack Targets Hundreds of Zimbra Customers in 4 Continents
Each attack starts the same — a general phishing email, purporting to come from Zimbra itself, relaying some kind of urgent message about, say, a server update, or account deactivation.
For example, the following note titled "Important information from Zimbra Security Service".
@Cyber_Security_Channel
African Cybercrime Operations Shut Down in Law Enforcement Operation
The investigation used private sector intelligence to identify rogue networks that were responsible for financial losses of more than $40 million.
According to Interpol, the operation underscores the power of cooperation among international law enforcement, national authorities, and private sector partners "to share best practices and pro-actively combat cybercrime" especially in a region that has seen a surge in cybercrime.
@Cyber_Security_Channel
PDF Security: Safeguarding Your Confidential Information
Encryption is the foundation of PDF security, and it’s what keeps your data safe from prying eyes.
When a PDF document is encrypted, its contents are scrambled using complex algorithms, making it practically impossible for unauthorized users to decipher without the correct decryption key.
This ensures that even if the document falls into the wrong hands, its contents remain secure.
@Cyber_Security_Channel
23 Years of Illegal Data Transfers Due to Inactive DPAs and New EU-US Deals
The highest European court sent a strong message for better data privacy, when it invalidated the data transfer deals "Safe Harbor" and "Privacy Shield" in 2015 and 2020 respectively.
The logical consequence of this decision was that almost all transfers between the European Union and United States since the year 2000 were illegal.
In reality, companies didn’t stop the practice though.
This was largely made possible by to the inaction of European data protection authorities (DPAs), which mostly failed to implement the CJEU’s rulings. In combination with new (and void) deals, we are therefore lookig back on 23 years of illegal data transfers.
@Cyber_Security_Channel
Five ways AI Can be Used to Prevent Cyber Attacks
Cyber crime presents a major risk to global prosperity in the Fourth Industrial Revolution.
As these attacks grow in volume, artificial intelligence (AI) not only supports under-resourced analysts but also provides a wide range of protection from malicious attacks.
@Cyber_Security_Channel
Unveiling the Hidden Risks of Routing Protocols
There has been a prevailing attitude within the security industry that "if it ain't broke, then don't fix it."
There is a tendency to overlook security auditing with the mistaken belief that these types of vulnerabilities are less serious than the origin and path validation issues.
Traditional risk assessment often fails to thoroughly examine all the software and devices on a network and their implications, creating blind spots.
These gaps can become even more pronounced when an organization does not even realize these routing protocols are in use.
Routing protocols can show up in more places than one might think, such as data centers, VPNs across organization sites, and embedded in custom appliances.
@Cyber_Security_Channel
Jenkins Patches High-Severity Vulnerabilities in Multiple Plugins
Jenkins also announced fixes for medium-severity vulnerabilities in the Folders, Config File Provider, NodeJS, Blue Ocean, Fortify, and Delphix plugins.
According to the advisory, these flaws could lead to information disclosure, credential leaks, CSRF attacks, HTML injection, and credential ID enumeration.
Fixes were included in Blue Ocean version 1.27.5.1, Config File Provider version 953.v0432a_802e4d2, Delphix version 3.0.3, Flaky Test Handler version 1.2.3, Folders version 6.848.ve3b_fd7839a_81, Fortify version 22.2.39, NodeJS version 1.6.0.1, and Shortcut Job version 0.5.
@Cyber_Security_Channel
Breached for years: How Long-Term Cyber Attacks Are Able To Linger
What many don’t realize is that cyber security practitioners and security operations center (SOC) analysts triage a deluge of data every day, and connecting the dots between the faint signals passing through every second is a task that’s much, much easier said than done.
Experts also say there are plenty of avoidable errors involved.
@Cyber_Security_Channel
Why Online Choice Architecture is a Data Protection Priority
Online Choice Architecture (OCA) is defined as the way that companies present information and choices to users of websites and other online services.
It can include the way prices are displayed on a website, personal recommendations presented to consumers and the options available to consumers.
OCA practices can also be used to exploit behavioural biases of consumers and lead them to make riskier decisions.
OCA has an impact on individual's privacy rights, an impact on how businesses compete and how consumers are treated.
@Cyber_Security_Channel
“Snakes In Airplane Mode” – What If Your Phone Says it’s Offline But isn’t?
The bad news, however, is that the software shenanigans used aren’t the typical tricks associated with malware or date exfiltration code.
That’s because “fake airplane” mode doesn’t itelf snoop on or try to steal private data belonging to other apps, but works simply by showing you what you hope to see, namely visual clues that imply that your device is offline even when it isn’t.
@Cyber_Security_Channel
📩 Our partners at Hacklido released a new version of their newsletter: Cyber Security Round Up - August 15th, 2023
It includes materials on the following topics:
• XXE attack
• Blockchain
• API security
• IOT Hacking
• OpenredireX
• SQL injection
• DNS Takeover
• C2 server Hacking
• Web race conditions
And more...
You can find the full version of the newsletter here.
——
✨ If your company / project / community is willing to become a partner of Cyber Security News, feel free to contact us: @cybersecadmin
——
@Cyber_Security_Channel
Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability
While the issue carries a 9.8/10 CVSS severity score, Ivanti notes there is low risk of exploitation for enterprise administrations who do not expose port 8443 to the internet.
“Ivanti recommends that customers restrict access to MICS to internal management networks and not expose this to the internet,” the company said.
@Cyber_Security_Channel
8 AI Risk and Resilience Firms CISOs Should Track
CISOs need to help their organizations account for new attack vectors, such as adversarial AI attacks like model inversion attacks and data poisoning.
But that’s just a slim picture of the risks. Resilience, reliability, and trust issues like model brittleness, AI bias, and explainability are all increasingly important factors to manage.
Additionally, AI further exacerbates software supply chain issues, as open sourced AI models and training data are de rigueur for building these systems.
@Cyber_Security_Channel
Microsoft is Now a Cybersecurity Titan
Microsoft is also grappling with its own cybersecurity demons.
Following a breach of Microsoft’s platforms by suspected Chinese hackers in July, which exposed email accounts operated by various government agencies, it’s under fire in the US Congress for what Senator Ron Wyden has called ‘negligent cybersecurity practices’.
Microsoft’s recent cybersecurity demons, however, risk unsettling its hard-won progress toward establishing itself as a trusted figure in the global security landscape.
@Cyber_Security_Channel
CyCognito Finds Large Volume of Personal Identifiable Information in Vulnerable Cloud and Web Applications
Gurzeev continued, "The size of a company's attack surface fluctuates up and down by as much as 10 percent a month, making it a moving target rife with security gaps ready to be exploited.
Our latest research is not only a wake-up call that no business is immune to risk; it's also clear proof that unknown and undiscovered assets present a major threat to an organization."
@Cyber_Security_Channel
🧑💻 DevOpsDays Ukraine: Disaster Recovery Conference on September 14-15th
Here is a brief message from our partners at DevOpsDays:
"Hey folks! We’re happy to invite you to DevOpsDays Ukraine: Disaster Recovery on September 14-15th
Get ready for a two-day journey with Cultural Talks, Ignites & Tech Talks.
The top speakers you can expect to see are:
- Manuel Pais
- Adriana Villela
- Charity Majors
- Iaroslav Molochko
- And other specail guests
We will talk about Self-Service Tooling, Future of Platforms, CI/CD and IaC for GameDev, and you will get to know about the successful cloud migration journey undertaken by the National Bank of Ukraine & PrivatBank.
Furthermore, on the live fireside chat, you can ask questions to the founder of DevOpsDays, Patrick Debois, and learn more about his personal experience and ideas.
Finally, we will provide online networking on Open-Spaces with like-minded experts from around the world.
Key Information:
• When?
↳ September 14th-15th
• Where?
↳ Online
• Registration:
↳ Here
Can't wait to see y'all!"
@Cyber_Security_Channel
Case from one week ago: Suspected N. Korean Hackers Target S. Korea-US Drills
The hackers — believed to be linked to a North Korean group dubbed Kimsuky — carried out “continuous malicious email attacks” on South Korean contractors working at the allies’ combined exercise war simulation centre, the Gyeonggi Nambu Provincial Police Agency said in a statement on Sunday.
@Cyber_Security_Channel
Transparency is Key to Increasing Driver Data Collection
Europe’s approach to data transparency and safety differs from other markets—a key issue for the wider industry.
On the possibility of a global DMS (driver monitoring systems)data privacy and transparency standard, Meyer is unconvinced: “How much someone considers privacy to be a fundamental value varies worldwide”.
He believes GDPR is the result of a cultural mindset around data.
“Chinese people think it’s absolutely normal to deal with mass surveillance,” he adds.
“It’s a specific European mindset to want to know what data is being used for and if it’s in a person’s interests.”
@Cyber_Security_Channel
As the U.S. Tightens Its Grip On Data Privacy, Can Companies Stay Ahead?
User-data exploitation comes part and parcel with Web 2.0 operations for entirely legal business purposes.
But the U.S. Department of Justice is cracking down on serial privacy violators, with senior officials repeatedly issuing warnings to consumers to avoid certain data-siphoning apps.
In that sense, security and customer-data safeguards must be built from the ground up.
Data privacy and security should be a foundational aspect of any app or tech development moving forward, not an added bonus.
Twitter, for example, made text-based two-factor authentication under Elon Musk available only to paying Twitter Blue Check Mark users. That’s exactly what companies shouldn’t do.
@Cyber_Security_Channel
How Important Is Explainability in Cybersecurity AI?
Explainability is crucial for cybersecurity AI and will only become more so over time.
However, building and deploying XAI carries some unique challenges.
Organizations must recognize these to enable effective XAI rollouts.
Many AI models today are black boxes, meaning you can’t see how they arrive at their decisions.
By contrast, explainable AI (XAI) provides complete transparency into how the model processes and interprets data.
When you use an XAI model, you can see its output and the string of reasoning that led it to those conclusions, establishing more trust in this decision-making.
@Cyber_Security_Channel
Data Resiliency in the Face of Ransomware
“The key point I want to make is, you’ve really got to start thinking about that business risk in a more a planned way.
To really think about, “what am I going to do in each of those phases?”
Because it comes back to the point I am saying: hope is not a method. Hoping the breach won't happen is one approach, right, but it's not a very good approach.”
@Cyber_Security_Channel
Proxyjacking Trend Continues as Attackers Abuse Years-Old GitLab Vulnerability
The campaign makes use of a 2021 vulnerability in GitLab - CVE-2021-22205 - to enable remote command execution on a victim’s server.
CVE-2021-22205 itself was patched by GitLab in 2021, meaning the impact is restricted to customers remaining on vulnerable versions.
@Cyber_Security_Channel
5 Tips for Securing Data When Using a Personal Mac for Work
There are ways you can take to secure your Mac and protect your organization’s information.
Before following these five tips, check with your employer to confirm employees are permitted to use their personal Macs — a practice often referred to as BYOD for Bring Your Own Device — for work.
@Cyber_Security_Channel