Dr. T's security brief
dtau...@gmail.com
'KeyTrap' DNS Bug Threatens Widespread Internet Outages
Researchers at Germany's ATHENE (National Research Center for Applied Cybersecurity) found a design flaw in a Domain Name System (DNS) security extension that could cause widespread Internet disruptions if it were exploited on multiple DNS servers simultaneously. DNS servers that use the DNSSEC extension to validate traffic are vulnerable to the "KeyTrap" DNS bug, which has existed since 2000. The researchers worked with Google, Cloudflare, and other major DNS service providers on patches before publishing their work.
[ » Read full article ]
Dark Reading; Becky Bracken (February 20, 2024)
U.K. Leads Disruption of Hacker Group's Site
An operation conducted by the U.K. National Crime Agency, the U.S. Federal Bureau of Investigation, Europol, and a coalition of international police agencies has taken control of an online site run by the LockBit ransomware group. LockBit's eponymous software was the "most deployed ransomware variant" across the world last year. It was first discovered in 2020 when the software surfaced on Russian language forums. On Monday, a message appearing on the site belonging to the group said it was "now under control of law enforcement."
[ » Read full article ]
BBC News; Gordon Corera (February 20, 2024)
Wyze Security Issue Exposed Private Cameras to Strangers
Kirkland, WA-based Wyze said about 13,000 users of its security cameras were able to view sensitive content from the devices of other users when the cameras came back online Feb. 16 following an hours-long service outage attributed to Amazon Web Services. Some users were able to see thumbnails from other users' feeds in their apps and clicked to view the videos. Wyze attributed the mixup of device IDs and user ID mapping to a partner that has since fixed the issue.
[ » Read full article *May Require Paid Registration ]
The Washington Post; Heather Kelly (February 20, 2024)
Fingerprints Recreated from Sounds of Swiping a Touchscreen
Researchers in the U.S. and China have demonstrated a side-channel attack on the Automatic Fingerprint Identification System that allows fingerprint pattern features to be extracted from the sounds of a user's finger swiping a touchscreen. The attack, dubbed PrintListener, can be made through apps like Discord, Skype, WeChat, and FaceTime when a device’s microphone is on. Tests of PrintListener found it could extract up to 27.9% of partial fingerprints, and 9.3% of complete fingerprints, within five attempts at the highest-security false acceptance rate setting of 0.01%.
[ » Read full article ]
Tom's Hardware; Mark Tyson (February 19, 2024)
'AI Godfather', Others Urge More Deepfake Regulation
More than 400 AI experts and executives from various industries, including AI "godfather" and ACM A.M. Turing Award laureate Yoshua Bengio, signed an open letter calling for increased regulation of deepfakes. The letter states, "Today, deepfakes often involve sexual imagery, fraud, or political disinformation. Since AI is progressing rapidly and making deepfakes much easier to create, safeguards are needed." The letter provides recommendations for regulation, such as criminal penalties for individuals who knowingly produce or facilitate the spread of harmful deepfakes, and requiring AI companies to prevent their products from creating harmful deepfakes.
[ » Read full article ]
Reuters; Anna Tong (February 21, 2024)
Facial Recognition: Coming Soon to an Airport Near You
Major airlines in the U.S. have increasingly invested in facial recognition technology, as have government agencies in charge of aviation security. Overseas, a growing number of airports are installing biometrics-enabled electronic gates and self-service kiosks at Immigration and Customs. The technologies' adoption could mean enhanced security and faster processing for passengers, but also raises privacy and ethics concerns.
[ » Read full article *May Require Paid Registration ]
The New York Times; Christine Chung (February 19, 2024)
Tamper-Proof ID Tag Uses Terahertz Waves
Building on their previous work, researchers at the Massachusetts Institute of Technology leveraged terahertz waves to develop an antitampering identification tag that also offers the benefits of being tiny, cheap, and secure. In 2020, the researchers unveiled a cryptographic ID tag several times smaller and significantly less expensive than traditional radio frequency ID (RFID) tags. The team then mixed microscopic metal particles into the glue that sticks the tag to an object and used terahertz waves to detect the unique pattern those particles form on the item’s surface, which is used to authenticate the item.
[ » Read full article ]
Tech Times; Inno Flores (February 18, 2024)
'Unhackable' Computer Chip Works on Light
An "unhackable" computer chip that uses light instead of electricity for computations was created by researchers at the University of Pennsylvania (UPenn) to perform vector-matrix multiplications, widely used in neural networks for development of AI models. Since the silicon photonic (SiPh) chip can perform multiple computations in parallel, there is no need to store data in a working memory while computations are performed. That is why, UPenn's Firooz Aflatouni explained, "No one can hack into a non-existing memory to access your information."
[ » Read full article ]
Interesting Engineering; Ameya Paleja (February 16, 2024)
Tech Companies Agree to Combat AI-Generated Election Trickery
Executives from Adobe, Amazon, Google, IBM, Meta, Microsoft, OpenAI, and TikTok announced a joint effort to combat AI-generated images, audio, and video designed to sway elections. Announced at the Munich Security Conference on Friday, the initiative, which also will include 12 other major technology companies, outlines methods the companies will use to try to detect and label deceptive AI content when it is created or distributed on their platforms. Participants will share best practices and provide “swift and proportionate responses” when fake content starts to spread.
[ » Read full article ]
Associated Press; Matt O'Brien; Ali Swenson (February 16, 2024)
Leaked Files Demonstrate China’s “Vast” International Hacking Of Foreign Targets
The Washington Post 
(2/21, Shepherd, Cadell, Nakashima, Schaffer, Menn) reports that documents leaked from Chinese state-linked hacking group iSoon show that Chinese intelligence and military hackers are conducting extensive cyber espionage against foreign entities, exploiting claimed vulnerabilities in US software from companies including Microsoft, Apple and Google. The over 570 leaked files reveal contracts spanning eight years to extract data from “at least 20 foreign governments and territories, including India, Hong Kong, Thailand, South Korea, the United Kingdom, Taiwan and Malaysia.” Cybersecurity firm Mandiant Intelligence has confirmed the authenticity of the leaked data. The US intelligence community views China’s targeted hacking endeavors as a significant long-term security threat.
dtau...@gmail.com
LastPass Alerts Users about Fake App on Apple App Store
LastPass warns users about a counterfeit version of its app, discovered on the Apple App Store. The fake app closely resembles LastPass' interface and branding, posing a potential phishing threat to users' sensitive credentials. Despite LastPass' efforts, the counterfeit app remains available on the App Store, highlighting challenges in maintaining security standards. LastPass advises users to remove the fake app, change passwords, and take precautionary measures. Apple has confirmed the removal of the app and expulsion of the developer from the Apple Developer Program, emphasizing collaborative efforts to combat intellectual property infringements. (CYBERMATERIAL.COM)
Microsoft Is Bringing Linux's Sudo Command to Windows 11
Windows 11 will include a built-in sudo command, commonly used in Unix-based systems, to allow developers to run programs with higher security privileges or as another user. This feature will be available in a future version of Windows 11 and can be configured in three modes: new window, input disabled, and inline. Microsoft plans to expand documentation and open-source the project on GitHub. This move follows Microsoft's previous embrace of Linux with the inclusion of a Linux kernel in Windows 10 and other Linux-related features. (THEVERGE.COM)
Why Bloat Is Still Software’s Biggest Vulnerability
Bert Hubert reflects on the late Niklaus Wirth's 1995 plea for lean software and argues that software security issues arise less from code density and more from attack surface area. He points to an overreliance on external dependencies and code containers as key contributors to bloat. As proof that minimal, secure software is still achievable, Hubert offers Trifecta, his own 1,600-line image hosting solution. (IEEE.ORG)
How 'Big 4' Nations' Cyber Capabilities Threaten the West
The "Big Four" nations, namely Russia, China, Iran, and North Korea, pose significant cyber threats to the West. Each country has its own cyber agenda, with Russia focusing on offensive cyber operations, China on cyber espionage, Iran on influence operations, and North Korea on financial gain. Recent actions by these nations have been attributed to state-sponsored cyber groups associated with them. Geopolitical factors, economic partnerships, and strategic interests contribute to their cyber activities. With upcoming elections in democratic nations, cyber-influence campaigns are expected to escalate in the next year. (DARKREADING.COM)
Feds Deliver Stark Warnings to State Election Officials Ahead of November
Federal law enforcement and cybersecurity officials warn state election administrators about serious threats to the upcoming presidential election, including cyberattacks, disinformation, and threats to personal safety. Officials are urged to enhance cybersecurity measures and establish partnerships with federal agencies and fellow state officials. (STATELINE.ORG)
Wi-Fi Jamming to Knock Out Cameras Suspected in Nine Minnesota Burglaries -- Smart Security Systems Vulnerable as Tech Becomes Cheaper and Easier to Acquire
A serial burglar in Edina, Minnesota, is believed to be using Wi-Fi jammers to disable connected security cameras before carrying out burglaries. The burglaries target affluent homes, with the thief deploying Wi-Fi jammers to prevent incriminating video evidence. Wi-Fi jamming is becoming a growing trend among burglars, and popular wireless smart home security products like Ring, Blink, and Nest are vulnerable to such attacks. Wi-Fi jammers are easily accessible and inexpensive online, making them a trivial tool for criminals. Homeowners are advised to physically connect devices, utilize smart home technology, and adjust settings to enhance security. (TOMSHARDWARE.COM)
Hackers are Taking Advantage of Gaps in U.S. Cybersecurity Policy
Hackers are increasingly exploiting vulnerabilities in firmware to gain control of devices and steal data. The federal government's outdated cybersecurity framework lacks compliance incentives, and Congress has not prioritized firmware security. The National Institute of Standards and Technology (NIST) should update its framework, NIST 800-193, and the government should encourage private companies to comply by purchasing only compliant technology and offering financial incentives for critical infrastructure firms. (THECIPHERBRIEF.COM)
200,000 Facebook Marketplace User Records Leaked on Dark Web
Personal data from 200,000 Facebook Marketplace users has been leaked on a hacker forum, including names, phone numbers, email addresses, Facebook IDs, and profile information. The data was hacked by an individual named "algoatson" through a Meta contract worker. This is not the first time Facebook user information has been leaked, with a similar incident occurring in 2021. To protect themselves, users are advised to change their passwords, enable two-factor authentication, and be cautious of phishing attempts. (MASHABLE.COM)
The Crow Flies at Midnight - Exploring Red Team Persistence via AWS Lex Chatbots
This blog post explores the use of AWS Lex chatbots as a persistence method for red teamers in cybersecurity. While it may not be a practical technique, it provides hands-on experience with a service commonly used in the AI industry. The post includes a hypothetical scenario and a step-by-step guide on modifying a Lambda function to demonstrate persistence. (MEDIUM.COM)
Japan Risks Losing Trust of US, Other Allies Over Its 'Serious' Cybersecurity Flaws
Japan's lax cybersecurity defenses have raised concerns among its allies, particularly the US, that sensitive diplomatic communications are being accessed by China. The breach was initially alerted to Japan by the US National Security Agency, highlighting the scale of the problem and the potential leak of confidential data. Urgent action is needed to address the cybersecurity issue and rebuild trust with allies. (SCMP.COM)
Shim Vulnerability Exposes Most Linux Systems to Attack
A critical vulnerability in Shim, the software that facilitates Linux booting on Secure Boot PCs, could allow a network attacker to bypass Secure Boot and take control of the system. While the vulnerability requires specific conditions to be exploitable, it poses a significant risk due to the widespread use of shim in Linux distributions. Users are advised to patch shim or disable the network boot option to mitigate the risk. (ZDNET.COM)
FCC Orders Telecom Carriers to Report PII Data Breaches Within 30 Days
The FCC has issued a final rule requiring telecommunications companies to report data breaches impacting customers' personally identifiable information (PII) within 30 days. The updated data breach reporting requirements aim to ensure accountability for telecom carriers in safeguarding sensitive customer information and providing customers with the necessary tools to protect themselves. The rule expands the scope of breach notification requirements to include PII and inadvertent access, use, or disclosure of customer information. The FCC has removed the waiting period for carriers to inform customers, mandating prompt notification after alerting relevant federal agencies. (BLEEPINGCOMPUTER.COM)
Ongoing Azure Compromises Target Senior Execs, Microsoft 365 Apps
A campaign targeting Microsoft Azure corporate clouds is compromising dozens of environments and hundreds of user accounts. Attackers are using tailored phishing techniques to obtain Microsoft 365 login credentials, specifically targeting strategic individuals in organizations, including executives and managers. Once access is gained, the attackers engage in various malicious activities, such as data theft, financial fraud, and manipulation of multifactor authentication settings. Organizations are advised to be vigilant, enforce strict password hygiene, and implement auto-remediation policies to mitigate the risk of compromise. (DARKREADING.COM)
Chinese Hackers Compromised US City’s Emergency Networks, Report Finds
A Chinese-affiliated hacking group known as VOLTZITE, or Volt Typhoon, attempted to compromise the emergency services networks of a large unnamed US city last month, according to cybersecurity group Dragos. The group has been linked to China by the US government. Dragos also detected the group conducting reconnaissance on a US telecom group's networks. The report highlights the ongoing cyber threats posed by the Volt Typhoon and their attempts to infiltrate critical infrastructure. The Cybersecurity and Infrastructure Security Agency urges critical infrastructure organizations to take the threat seriously and report any suspicious activity to CISA or the FBI. (POLITICOPRO.COM)
Navy Officials Call for More 'Shared Cyber Responsibility,' Better Handling of 'Crapload of Data'
The Navy's principal cyber advisor, Scott St. Pierre, highlighted the challenge of fostering shared responsibility for cybersecurity among different leaders within the service. Bringing together systems commands, threat personnel, and operators will be crucial to address this challenge. Navy Chief Information Officer Jane Rathbun emphasized the need for better data management and protection, including data tagging, secure data movement, and access control. The Navy will also need to rethink the relationship between risk and consequence when it comes to data security classification. (BREAKINGDEFENSE.COM)
US Military Notifies 20,000 of Data Breach After Cloud Email Leak
The US Department of Defense is informing approximately 20,600 individuals that their personal information was exposed in an email data spill last year. The breach occurred when a misconfigured US government cloud email server hosted on Microsoft's cloud for government customers allowed access from the internet without a password. The server was identified and removed from public access on February 20, 2023, and the vendor has resolved the issues. The breach included sensitive personnel information and questionnaires from prospective federal employees seeking security clearances. (TECHCRUNCH.COM)
How AI Is Strengthening XDR To Consolidate Tech Stacks
Artificial intelligence (AI) is playing a crucial role in enhancing extended detection and response (XDR) platforms by analyzing behaviors and detecting threats in real-time. XDR is being adopted by CISOs and security teams for its ability to consolidate functions and provide a unified view of attack surfaces. Leading XDR vendors are leveraging AI and machine learning (ML) to consolidate tech stacks and improve prediction accuracy, closing gaps in identity and endpoint security. AI has the potential to strengthen XDR in areas such as threat detection and response, behavioral analysis, reducing false positives, and automating threat hunting. (VENTUREBEAT.COM)
UN Experts Investigating 58 Suspected North Korean Cyberattacks Valued at About $3 Billion
U.N. experts are investigating 58 cyberattacks attributed to North Korea between 2017 and 2023, worth approximately $3 billion. The funds are reportedly being used to support the country's weapons of mass destruction program. The cyberattacks, carried out by North Korean hacking groups affiliated with the Reconnaissance General Bureau, are ongoing. The report also highlights North Korea's flouting of U.N. sanctions, development of nuclear weapons, and production of nuclear fissile materials. (APNEWS.COM)
The Canadian Government Wants To Ban Flipper Zero-Type Hacker Tools To Combat Car Theft
The Canadian government plans to ban devices like Flipper Zero due to their alleged use in car theft. Flipper Devices, the manufacturer of Flipper Zero, denies that the device can be used for car theft and states that it is intended for security testing and development purposes. Cybersecurity experts argue that banning such devices may hinder innovation in security research and fail to effectively address underlying security challenges. (TOMSHARDWARE.COM)
Surge in "Hunter-Killer" Malware Poses Significant Challenge to Security Teams
Adversaries have increased their attacks aimed at disabling enterprise defenses, with a 333% rise in "hunter-killer" malware that actively targets and disables advanced enterprise defenses. This shift poses a significant challenge for defenders, requiring organizations to focus on these types of attacks. Cybercriminals are adapting to improved security measures by disabling security controls, with this behavior seen in a quarter of malware samples. To combat this, organizations should embrace machine learning, protect user credentials, and continuously validate defenses against evolving tactics. Behavioral analysis and defense schemes are necessary to counter adversaries who use the same tools as IT and security teams. (CSOONLINE.COM)
The Nine Lives of Commando Cat: Analyzing a Novel Malware Campaign Targeting Docker
This technical analysis examines a recently observed threat campaign leveraging Docker containers for initial access. Dubbed "Commando Cat," the actors deploy legitimate container software before escaping to run credential theft and crypto-miner payloads on Docker hosts in a multifaceted operation. Close examination of command lines and payloads sheds light on the adversary's evolving tactics. (CADOSECURITY.COM)
New Cybersecurity Threats Prompt A Rush To Sophisticated, Unified Security Strategies
Organizations are facing emerging threats, such as multi-extortion ransomware attacks and third-party associate attacks, necessitating the implementation of advanced cybersecurity strategies. Solutions like Security Service Edge (SSE) and Secure Access Service Edge (SASE) integrate multiple security capabilities into a unified cloud-native software stack, offering comprehensive protection across an enterprise's vulnerable surfaces. Gartner predicts that by 2025, 80% of enterprises will adopt SSE platforms to unify access to web, cloud services, and private applications. As the threat landscape evolves, organizations must remain vigilant in safeguarding against new types of cyber threats. (NEWSWEEK.COM)
Free Rhysida Ransomware Decryptor for Windows Exploits RNG Flaw
South Korean researchers have discovered and publicly disclosed a flaw in the Rhysida ransomware's encryption scheme, allowing them to create a decryptor for Windows. The flaw lies in the random number generator used to generate the encryption key, and by exploiting it, researchers were able to recover the internal state of the generator and create a valid key to reverse the encryption. An automated decryption tool has been made available on the Korean Internet & Security Agency (KISA) website, but its safety and effectiveness cannot be guaranteed. (BLEEPINGCOMPUTER.COM)
AI Girlfriends and Boyfriends Harvest Personal Data, Study Finds
A study by Mozilla's *Privacy Not Included project reveals that AI romance chatbots, including CrushOn.AI, collect and sell shockingly personal information, violating user privacy. These chatbots, marketed as enhancing mental health and well-being, actually thrive on dependency and loneliness while prying for data. Most apps sell or share user data, have poor security measures, and use numerous trackers for advertising purposes. Additionally, some apps have made questionable claims about improving mood and well-being, despite disclaimers stating they are not healthcare providers. (GIZMODO.COM)
Islamic Nonprofit Infiltrated for 3 Years With Silent Backdoor
A Saudi Arabian charitable nonprofit organization has been targeted in a stealthy espionage campaign using a custom backdoor called Zardoor. The malware, which exfiltrates data from the victim organization, has been active since March 2021 and is likely the work of an advanced attacker. While the use of reverse proxy tools matches tactics used by Chinese APT groups, the choice of the compromised target does not align with known Chinese objectives. The Zardoor campaign highlights the importance of implementing a defense-in-depth security posture to detect and mitigate advanced threats. (DARKREADING.COM)
Ransomware Groups Claim Hits on Hyundai Motor Europe and a California Union
Hyundai Motor Europe and the Service Employees International Union (SEIU) Local 1000 in California have both reported cyberattacks in January. Black Basta, a ransomware group, claimed to have stolen 3TB of data from Hyundai Motor Europe, while LockBit, another ransomware group, claimed responsibility for the attack on SEIU Local 1000, stealing 308GB of data. Both organizations are working with cybersecurity experts to investigate the incidents and restore operations. (DARKREADING.COM)
Biden Admin Pushes Software Liability Regime to Bolster Cybersecurity Practices
The Biden administration is focusing on liability regimes for commercial software developers as part of its national cybersecurity strategy. National Cyber Director Harry Coker plans to explore liability frameworks to prevent companies from disclaiming liability for software vulnerabilities. Collaboration with academic and legal experts, as well as engagement with industry stakeholders, will shape regulatory measures. The Cybersecurity and Infrastructure Security Agency (CISA) is also promoting secure software development practices through initiatives like the "secure by design" alert series. Industry stakeholders emphasize the importance of collective action and embedding cybersecurity measures into technology products. (CYBERMATERIAL.COM)
Cybercriminals are Stealing Face ID Scans to Break into Mobile Banking Accounts
iOS users in Thailand are being targeted by cybercriminals who steal Face ID scans to gain access to their bank accounts. A Chinese-speaking cybercrime group called GoldFactory is distributing trojanized apps that trick users into performing biometric verifications, allowing criminals to bypass security checks and steal money. The attacks have so far been limited to Thailand and Vietnam, but there are concerns about the spread of this type of cybercrime worldwide. (READWRITE.COM)
FBI Disrupts Moobot Botnet Used by Russian Military Hackers
The FBI has taken down a botnet of SOHO routers used by Russia's GRU in spearphishing and credential theft attacks. The botnet was controlled by GRU Military Unit 26165 and targeted governments, military entities, and corporate organizations. The FBI remotely accessed the routers, deleted stolen data, blocked remote access, and temporarily modified firewall rules to neutralize GRU's access. This is the second botnet disruption by the FBI in 2024, following the takedown of the KV botnet used by Chinese state hackers. (BLEEPINGCOMPUTER.COM)
Hackers Obtained Nearly 7 Million People's Data from 23andMe. The Firm Blamed Users in 'Very Dumb' Move.
Personal information, including names, addresses, and genetic heritage, of around 7 million individuals was accessed by hackers from 23andMe. The company attributed the breach to users' failure to update passwords, which has been criticized as a negligent response. Lawsuits have been filed against 23andMe, raising concerns of identity fraud and blackmail using the compromised genetic data. (THEGUARDIAN.COM)
QR Code 'Quishing' Attacks on Execs Surge, Evading Email Security
Attacks using QR codes to deliver malicious payloads have surged, especially against corporate executives, bypassing email security measures and targeting privileged users. Attackers exploit trust in QR codes, embedding them in everyday items, and often aim to steal credentials for lasting damage. While training is crucial, technical controls are necessary to protect against sophisticated attacks that even security professionals find difficult to detect. (DARKREADING.COM)
'Coyote' Malware Begins Its Hunt, Preying on 61 Banking Apps
A new banking Trojan called "Coyote" has been discovered targeting 61 different online banking applications, primarily in Brazil. Coyote is notable for its use of sophisticated components, including the Squirrel installer, NodeJs, and the programming language Nim. Brazilian malware developers have a history of expanding their threats globally, making it important for organizations to be prepared. Coyote has the potential to evolve into a fully-fledged initial access Trojan and backdoor, similar to other banking Trojans in the past. Brazilian banking Trojans have already targeted companies and individuals in countries such as Australia, Europe, and Italy. (DARKREADING.COM)
State-Backed Hackers Experimenting with OpenAI Models
Hackers from China, Iran, North Korea, and Russia are exploring the use of large language models (LLMs) in their operations, according to a report by Microsoft and OpenAI. While no notable attacks have been observed, the report highlights how hackers are using LLMs for research, crafting spear-phishing emails, and improving code generation. The report also emphasizes the need for monitoring and preventing the abuse of AI models by state-backed hackers, with Microsoft announcing principles to address this issue and collaborate with other stakeholders. (CYBERSCOOP.COM)
New RustDoor macOS Malware Impersonates Visual Studio Update
A new macOS malware called RustDoor, written in Rust, disguises itself as a Visual Studio update, allowing backdoor access to compromised systems. The campaign distributing the malware has been active since November 2023 and is linked to infrastructure associated with the ALPHV/BlackCat ransomware gang. While there is some evidence suggesting a potential connection to the ransomware operators, further investigation is required. RustDoor is primarily distributed as an updater for Visual Studio for Mac and has remained undetected for at least three months. The malware has various capabilities, including system control, data exfiltration, and persistence through modification of system files. (BLEEPINGCOMPUTER.COM)
'Ov3r_Stealer' Malware Spreads Through Facebook to Steal Crates of Info
A new malware named "Ov3r_Stealer" is being propagated on Facebook through job ads and accounts, using various execution methods to steal sensitive data. The malware exfiltrates data to a Telegram channel monitored by the threat actors, and it can steal information such as geolocation, passwords, credit card details, and more. Researchers believe that Ov3r_Stealer is still under development and poses an ongoing threat, urging organizations to implement security awareness programs and maintain up-to-date application patching to mitigate the risk. (DARKREADING.COM)
That Electric Toothbrush Botnet Story Is Totally Fake
A story claiming that cybercriminals created a botnet out of 3 million electric toothbrushes has been debunked. The Swiss newspaper that initially reported the story blamed Fortinet, a security company, for falsely claiming the incident was real. Fortinet clarified that the toothbrush incident was only mentioned as an illustration during an interview and not based on their research. The story highlights the challenge of covering cybersecurity as exaggerated research findings can be used to gain attention. (GIZMODO.COM)
Glupteba Botnet Adds UEFI Bootkit to Cyberattack Toolbox
The Glupteba malware, known for its multifunctionality, has incorporated a Unified Extensible Firmware Interface (UEFI) bootkit, enabling it to persist within Windows systems even after reboots. By manipulating the UEFI process, Glupteba can operate at a lower level and execute its code before Windows starts, making detection and removal more challenging. The bootkit poses serious threats, including unauthorized access, data loss, and operational disruptions. Organizations are advised to maintain good security hygiene and use up-to-date security products to prevent such sophisticated threats. (DARKREADING.COM)
A Nebraska Bill Would Hire a Hacker to Probe the State's Computer, Election Systems
Nebraska State Senator Loren Lippincott has proposed a bill to hire an "ethical hacker" to probe the state's computer network, election equipment, and software for vulnerabilities. Lippincott hopes that by hiring a hacker, the state can identify weaknesses before they are exploited by malicious actors. The bill also allows for the hiring of a security company to assess the state's systems. The proposal comes amid growing concerns about cyberattacks on critical infrastructure and election security. (CO.UK)
Iranian Hackers Broadcast Deepfake News in Cyber Attack on UAE Streaming Services
Iranian state-backed hackers disrupted TV streaming services in the UAE by broadcasting a deepfake newsreader delivering a fabricated report on the war in Gaza. The hackers, known as Cotton Sandstorm, used AI-generated technology to present unverified images and false information. This marks the first time Microsoft has detected an Iranian influence operation using AI as a significant component. The incident highlights the potential risks of deepfake technology in disrupting elections and spreading disinformation. (READWRITE.COM)
Data of Half the Population of France Stolen in Its Largest Ever Cyberattack. This Is What We Know
Over 33 million people in France, nearly half of the population, have been impacted by the country's biggest-ever cyberattack. Two French service providers for medical insurance companies were targeted, potentially exposing millions of people's data to hackers. The stolen data includes details such as marital status, date of birth, social security number, health insurer name, and policy cover. No bank details, medical data, postal address, telephone number, or email were compromised. The CNIL has warned users about phishing risks and advises them to verify the authenticity of communications from official organizations. (EURONEWS.COM)
Report: More Than Half of Americans Have Had Their Data Exposed
A recent report reveals that 61 percent of respondents in a survey of 1,200 adults in the United States reported experiencing a personal data breach at least once. Additionally, 44 percent stated that they had experienced multiple breaches. Despite concerns about cyberattacks in 2024, the report also highlighted that a majority of respondents felt confident in recognizing phishing emails and believed it was possible to avoid becoming a victim of a data breach. However, the report emphasized that many individuals are not taking recommended steps to protect their data, such as using password managers or pursuing credit monitoring. (GOVTECH.COM)
The Financial Industry Suffered the Most Data Breaches in 2023-Including a Single Attack That Affected Nearly 1,000 Institutions
The financial sector experienced the highest number of data breaches in 2023, with social engineering attacks such as phishing scams on the rise, according to a report by Kroll. The report highlights the attractiveness of the financial industry to cybercriminals due to the wealth of sensitive customer information it holds. The most notable attack was the CL0P ransomware attack on the MOVEit data transferring platform, which affected nearly 1,000 institutions, including major firms and government agencies. The report emphasizes the importance of addressing third-party risks in supply chains and outsourcing relationships. (FORTUNE.COM)
Top U.S. Officials Warn Congress of China's Hacking Powers
During a congressional hearing, top U.S. officials, including U.S. Cyber Commander Gen. Paul Nakasone and FBI Director Christopher Wray, warned lawmakers about China-backed hacking campaigns that pose a threat to U.S. critical infrastructure. They expressed concerns that China could disrupt basic services such as clean water and electricity, potentially endangering American lives. Officials highlighted China's growing interest in launching destructive cyberattacks against U.S. systems, diverging from their historical focus on espionage. They called for increased resources and information-sharing partnerships between the government and private sector to better prepare for Chinese cyber threats. (AXIOS.COM)
China Caught Dropping RAT Designed for FortiGate Devices
The Dutch Military Intelligence and Security Service (MIVD) has uncovered a new malware strain called "Coathanger," deployed by the Chinese government as part of a political espionage campaign. The RAT was used to spy on the Dutch Ministry of Defense and was delivered through a known FortiGate flaw. The Coathanger malware is persistent and stealthy, capable of surviving reboots and firmware upgrades. Chinese threat actors are targeting Internet-facing edge devices, including firewalls and VPN servers. The MIVD recommends regular risk analysis, limited Internet access, scheduled logging analysis, and replacing unsupported hardware to mitigate the threat. (DARKREADING.COM)
HijackLoader Upgrades Defense Evasion
HijackLoader, a loader malware, has introduced advanced defense evasion techniques, making it more difficult to detect and analyze. Cybercrime groups like TA544 are increasingly using HijackLoader to deliver sophisticated threats such as RAT and SystemBC. The malware employs methods like process hollowing and transacted hollowing to evade traditional security solutions, presenting challenges for cybersecurity professionals. The evolving nature of threats like HijackLoader highlights the importance of continuous innovation in cybersecurity defenses to effectively mitigate risks. Vigilance and proactive measures are crucial in addressing potential vulnerabilities in systems and networks. (CYBERMATERIAL.COM)
China's Cyberattackers Maneuver to Disrupt US Critical Infrastructure
The China-backed Volt Typhoon advanced persistent threat (APT) is targeting critical infrastructure and pivoting to operational technology (OT) networks. The attackers aim to disrupt physical operations in energy, water utilities, communications, and transportation, potentially causing panic and discord in the event of a kinetic conflict between the US and China. The APT, also known as Vanguard Panda, has been hiding in US infrastructure for five years, gathering information on and penetrating OT systems. The US Cybersecurity and Infrastructure Security Agency (CISA) is concerned about the potential for disruptive effects in geopolitical tensions or military conflicts. (DARKREADING.COM)
US Offers $10M Reward to Combat Hive Ransomware Threat
The US State Department has announced a reward of up to $10 million for information leading to the identification or location of key members of the Hive ransomware gang. This move comes in response to the group's extensive cybercrime activities, which have resulted in over $100 million in extortion from companies globally. The reward aims to disrupt and dismantle the operations of the Hive ransomware gang and incentivize cooperation in combating the escalating threat of ransomware attacks. Law enforcement agencies have already conducted a coordinated operation, seizing Hive's Tor websites and preventing victims from paying $130 million in ransom demands. However, the persistence and sophistication of the Hive ransomware operation necessitate continued collaboration between government agencies, private sector organizations, and international partners to effectively combat cybercrime. (CYBERMATERIAL.COM)
OpenSSF Securing Software Repositories Working Group Releases Principles for Package Repository Security
The OpenSSF Securing Software Repositories Working Group has released a framework called Principles for Package Repository Security. This framework aims to help package repositories assess their current security capabilities and plan for future improvements. It defines four levels of security maturity across various categories and encourages package repositories to self-assess and strengthens their security over time. The framework is voluntary and aims to accelerate the implementation of high-impact security improvements within package repositories. Funding opportunities are also encouraged to support completed proposals. (OPENSSF.ORG)
Cyber Startup Armis Buys Firm That Sets ‘Honeypots’ for Hackers
Armis, a cyber security startup, has acquired CTCI, a company that uses artificial intelligence to create a network of decoy systems to attract and trap hackers. This acquisition is part of Armis' broader strategy to expand its offerings in the cyber security market. (BLOOMBERG.COM)
Pentagon Weapons Tester Evolving Assessment of Radio Frequency-Enabled Cyberattacks
The Pentagon's chief weapons tester, the Office of the Director, Operational Test and Evaluation (DOT&E), is enhancing its ability to assess threats posed by radio frequency-enabled cyberattacks. These attacks exploit wireless systems and can disrupt critical mission systems, such as those in aircraft, ships, and vehicles. DOT&E's cyber assessment program is collaborating with the Air Force Cyber Resiliency Office for Weapon Systems (CROWS) to improve assessments and develop procedures to mitigate the effects of RF-enabled cyberattacks. The focus is expanding to include RF technologies and their vulnerabilities in addition to internet protocol-based networks. (DEFENSESCOOP.COM)
dtau...@gmail.com
Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation
Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows (Bulletin: ZSB-24008, CVEID: CVE-2024-24691) allows an unauthenticated user to escalate privileges via network access. Users should update to the latest versions to stay secure. Reported by Zoom Offensive Security. (ZOOM.COM)
iPhone Users Beware-This Malware Steals Your Facial Recognition
A new trojan targeting iPhones has been discovered, collecting facial recognition data, intercepting SMS messages, and stealing identity documents to gain unauthorized access to users' bank accounts. The malware creates deepfake images using AI-driven face-swapping services. While the attack has primarily focused on the Asia-Pacific region, it highlights the risk of using facial data for transactions. Users should be cautious of social engineering techniques used to trick them into installing malicious profiles or visiting fraudulent websites. (FORBES.COM)
DuckDuckGo Browser Upgrade: Privately Sync Your Bookmarks and Passwords Across Devices
DuckDuckGo has introduced a new Sync & Backup feature, allowing users to privately and securely synchronize bookmarks, passwords, and Email Protection settings across their DuckDuckGo browsers on multiple devices. The feature does not require users to create an account or sign in, ensuring the privacy and security of their data. DuckDuckGo's built-in password manager encrypts passwords locally on the device, and the private sync is end-to-end encrypted. Users can also back up their data in case of device loss or damage. (SPREADPRIVACY.COM)
ExpressVPN User Data Exposed Due to Bug
ExpressVPN Disables Split Tunneling on Windows After DNS Requests Not Properly Directed. Bug in Versions 12.23.1 through 12.72.0 Exposed DNS Requests to ISPs but Not Individual Pages. Less than 1% of Windows Users Affected. Split Tunneling is Disabled Until the Issue is Resolved. Users Advised to Upgrade or Downgrade to Version 10 for Split Tunneling. (SECURITYWEEK.COM)
New Technique Can Spy on Your Security Cameras Through Walls
Researchers at Northeastern University have developed a technique called EM Eye that can capture the video feed from most modern cameras, even through walls. By using a radio antenna to pick up the electromagnetic radiation emitted by the camera's internal wires, the researchers can decode the signal and reproduce real-time video without sound. The technique works on various types of cameras, and the distance required for eavesdropping ranges from less than 1 foot to 16 feet, depending on the camera model. (INTERESTINGENGINEERING.COM)
Researchers Uncover Wi-Fi Authentication Bypass Vulnerabilities Impacting Enterprise and Consumer Devices
Researchers from KU Leuven University in Belgium have discovered multiple vulnerabilities that can bypass Wi-Fi authentication protocols. Flaws were found in Wpa_supplicant and Intel's IWD that could allow attackers to access enterprise and home networks, intercept traffic and infiltrate systems. Impacted vendors have released patches, but full remediation will take time. (SECURITYWEEK.COM)
What Using Security to Regulate AI Chips Could Look Like
An exploratory research proposal recommends regulating AI chips and implementing stronger governance measures to keep up with rapid AI innovations. The proposal suggests auditing the development and use of AI systems and implementing security features like limiting performance and remotely disabling rogue chips. However, industry experts express concerns about the impact of security features on AI performance and the challenges of implementing such measures. Suggestions include limiting bandwidth between memory and chip clusters and remotely disabling chips, but the effectiveness and technical implementation of these measures remains uncertain. (DARKREADING.COM)
US Conducted Cyberattack On Suspected Iranian Spy Ship, NBC News Reports
NBC News reported that the US recently conducted a covert cyber operation against an Iranian military vessel in the Red Sea, according to unnamed officials, with the goal of inhibiting intelligence sharing with Houthi rebels amid recent drone attacks by Iran-backed militias. (REUTERS.COM)
Disrupting Malicious Uses of AI by State-Affiliated Threat Actors
OpenAI is taking a multi-pronged approach to combat the use of its platform by malicious state-affiliated actors. This includes monitoring and disrupting their activities, collaborating with industry partners to exchange information, iterating on safety mitigations, and promoting public transparency. OpenAI aims to stay ahead of evolving threats and foster collective defense against malicious actors while continuing to provide benefits to the majority of its users. (OPENAI.COM)
NSA’s Transformation from Secret Agency to Public Cybercrime Warrior
The National Security Agency (NSA) has undergone a transformation from a secretive organization to one that engages with the public in open forums. NSA leaders now regularly speak about offensive and defensive cyber missions, collaborating with other agencies to address threats to information networks, critical infrastructure, and supply chains. This transparency is crucial in developing active defenses against nation-state threats to the private sector. The NSA Cyber Directorate operates with a different approach, providing advice and threat information to cybersecurity professionals worldwide. The agency's collaboration with public-facing agencies has helped build trust and enhance cybersecurity across sectors. (C4ISRNET.COM)
McCrary Institute's Frank Cilluffo Explores Growing Cyber Dangers in Chat with Politico's Maggie Miller
Top Politico cyberscribe Maggie Miller lifts the lid on escalating digital dangers in a must-hear chat with Frank Cilluffo. From insidious infiltration of key infrastructure to ingenious defenses keeping State Department emails safe, Miller shares surprising intel gathered on her cyber beats. Tensions intensify as adversaries hone unconventional tactics, yet critical threats remain underreported. Tune in as these experts unpack urgent national security issues and grapple with an evolving threat landscape never far from the next headline. (BIT.LY)
Congress Should Enable Private Sector Collaboration To Reverse The Defender's Dilemma
A new bill proposes removing barriers to cooperation between companies and allowing them to share cyber threat information. This would help leverage AI capabilities across platforms to identify vulnerabilities and strengthen defenses for organizations of all sizes against continuously evolving attacks. (GOOGLE.COM)
A Celebrated Cryptography-Breaking Algorithm Just Got an Upgrade
Researchers have developed a more efficient version of the LLL algorithm, a well-known technique for lattice basis reduction. The new algorithm widens the range of scenarios in which LLL-like approaches can be used, benefiting cryptography and advanced mathematics. The upgrade improves the efficiency of the algorithm by using a recursive structure and carefully managing the precision of the numbers involved. The new technique has already proven useful in computational number theory tasks and can also aid research on lattice-based cryptography systems. (WIRED.COM)
Using AI in a Cyberattack? DOJ's Monaco Says Criminals Will Face Stiffer Sentences
Deputy Attorney General Lisa Monaco directs federal prosecutors to impose harsher penalties on cybercriminals who employ artificial intelligence (AI) in their crimes. Monaco emphasizes the need to prioritize AI in enforcement efforts, recognizing its potential to amplify the danger associated with criminal activities. The DOJ aims to deter criminals by demonstrating that the malicious use of AI will result in severe consequences. Additionally, the department is exploring ways to implement AI responsibly while respecting privacy and civil rights. (THERECORD.MEDIA)
Neuberger: Defining Espionage vs. Pre-Positioning for Attacks is Key to Battling State Actors
The White House's top cyber official said there needs to be more clarity defining cyber espionage versus cyberattack pre-positioning, noting that recent hacking of sectors like water and aviation have little intelligence value but appear aimed at positioning for disruption. The US is adopting European regulations for critical infrastructure and deepening information sharing with partners to distinguish the threats. (THERECORD.MEDIA)
Protect AI's February 2024 Vulnerability Report
Protect AI discovered critical vulnerabilities in February 2024, enabling server takeovers, file overwrites, and data loss in popular open-source AI tools, including Triton Inference Server, Hugging Face transformers, MLflow, and Gradio. All issues were responsibly disclosed with fixes released or forthcoming. (PROTECTAI.COM)
Dragos Outlines Voltzite's Attacks Against Critical Infrastructure
Dragos released a report detailing the activities of the Voltzite group, sponsored by the People's Republic of China (PRC), targeting critical infrastructure in the United States. The group has been observed infiltrating electric companies, emergency management services, telecommunications, and defense industrial bases. Dragos emphasizes the difficulty of detecting Voltzite's activities and provides guidance on mitigating the threat. (NATLAWREVIEW.COM)
380 Million Records Exposed by Global Network Service Provider
Cybersecurity researcher Jeremiah Fowler discovered a non-password protected database containing 380 million records, including Zenlayer internal data and customer information. The database, which was eventually secured, contained server logs, customer data, access and secret keys, internal emails, and VPN records. The exposure of this information poses potential risks such as targeted phishing attacks and unauthorized access to sensitive information or systems. Zenlayer, a global network services provider, has not responded to the researcher's disclosure notice. (WEBSITEPLANET.COM)
Russian APT 'Winter Vivern' Targets European Government, Military
The Russia-aligned threat group Winter Vivern, also known as TAG-70 or TA473, has been discovered targeting government, military, and national infrastructure in Georgia, Poland, and Ukraine. The group exploited cross-site scripting vulnerabilities in Roundcube webmail servers, using sophisticated social engineering techniques to gain unauthorized access. The campaign aims to gather intelligence on European political and military affairs, potentially to gain strategic advantages or undermine European security and alliances. Defending against such cyber-espionage campaigns can be challenging, but organizations can mitigate the impact by encrypting emails, patching vulnerabilities, and practicing good data hygiene. (DARKREADING.COM)
AWS SNS Hijackings Fuel Cloud Smishing Campaign
A new smishing campaign impersonating the US Postal Service is using Amazon Web Services (AWS) Simple Notification Service (SNS) to send phishing messages. The attackers behind the campaign are leveraging compromised AWS instances to send bulk messages with a USPS lure, posing a risk to businesses that have moved their workloads to the cloud. The campaign highlights the need for organizations to ensure the security of their cloud credentials and properly configure their AWS SNS environment to mitigate the risk of domain hijacking and potential damage to their reputation. (DARKREADING.COM)
DoJ Breaks Russian Military Botnet in Fancy Bear Takedown
The Department of Justice (DoJ) has disrupted a botnet operated by Russian military intelligence group Fancy Bear. The botnet, comprised of compromised small office/home office (SOHO) routers, was used for cyber espionage activities, including spear-phishing and credential harvesting. The botnet was built on existing malware called Moobot, which was installed on routers through publicly known default administrator passwords. US law enforcement successfully hacked into the compromised routers deleted stolen data and regained control. While this operation may not have a significant long-term impact on Russian cyber espionage, it adds friction to their operations and slows down their efforts. (DARKREADING.COM)
Zeus, IcedID Malware Gangs Leader Pleads Guilty, Faces 40 Years in Prison
Vyacheslav Igorevich Penchukov, a Ukrainian national and leader of the JabberZeus cybercrime gang, has pleaded guilty to charges related to his involvement in the Zeus and IcedID malware groups. Penchukov, also known as 'tank' and 'father,' was arrested in Switzerland in October 2022 and extradited to the United States. He was charged in 2012 for his role in the Zeus malware operation, which involved the theft of millions of dollars through personal identification numbers and other sensitive information. Penchukov was also part of the leadership of the Maze and Egregor ransomware operations. He faces a potential maximum penalty of 20 years imprisonment for each charge and is scheduled for sentencing on May 9. (BLEEPINGCOMPUTER.COM)
CharmingCypress: Innovating Persistence
Cybersecurity firm Volexity published a report detailing new tactics used by an Iranian state-sponsored threat actor group called CharmingCypress. The group conducts spear-phishing campaigns targeting journalists, NGOs and policy experts, using fake personas and tailored social engineering over prolonged conversations. Volexity exposes their use of custom VPN apps to distribute malware like POWERLESS and BASICSTAR. The report aims to raise awareness of CharmingCypress' persistence and willingness to rapidly modify techniques to compromise targets. (VOLEXITY.COM)
The Twin Pillars of Bitcoin's Unique Cybersecurity Model
Bitcoin's cybersecurity model consists of two main pillars. The first is transaction security, ensured by cryptography and digital signatures. The second is the security of transactions on the public ledger, achieved through a social science mechanism involving Bitcoin mining. The mining process secures the ledger, ensuring agreement on transaction history. The importance of mining in cybersecurity is often overlooked. Usability and managing private keys remain challenges for end users. The market is expected to find a balance between security and usability, potentially through innovations like multi-signature or hybrid custody solutions. Broad-scale adoption and education on managing private keys are key to enhancing security in Bitcoin. The social science aspect of Bitcoin's security model is relevant to the cyber industry. (FORBES.COM)
Blockchain and Data Privacy: The Future of Technology Compliance
As blockchain technology continues to expand, organizations must consider the implications of data privacy, information security, and the auditing process. Blockchain's transparency raises privacy concerns, but cryptographic techniques like zero-knowledge proofs can help conceal sensitive data. While blockchain offers security advantages, vulnerabilities still exist, especially in wallet security. Compliance with data privacy laws is crucial, but there is a clash between GDPR's right to be forgotten and blockchain's immutability. Auditing blockchain technology presents unique challenges due to its decentralized nature, but tools like consensus algorithms, smart contract analysis, programming knowledge, and AI integration can enhance efficiency and accuracy in audits. (FORBES.COM)
NSO Group Adds 'MMS Fingerprinting' Zero-Click Attack to Spyware Arsenal
Israeli surveillance firm NSO Group has reportedly added a new tactic, called "MMS Fingerprinting," to its Pegasus mobile spyware tool. A researcher discovered the technique mentioned in a contract between an NSO Group reseller and Ghana's telecom regulator. It allows NSO customers to obtain device details of targeted BlackBerry, Android, or iOS devices simply by sending an MMS message, without any user interaction. While there is no evidence of this technique being exploited in the wild, it raises concerns about potential abuse for surveillance or phishing campaigns. (DARKREADING.COM)
Russian APT Turla Wields Novel Backdoor Malware Against Polish NGOs
State-sponsored APT group Turla, also known as Snake or WaterBug, has expanded its cyber espionage campaign by targeting Polish NGOs. The group is using a newly developed modular backdoor called TinyTurla-NG, which acts as a last-chance backdoor left behind when other unauthorized access mechanisms fail. The backdoor deploys different malware features via different threads and includes PowerShell scripts and arbitrary commands. Turla has also introduced a PowerShell-based implant named TurlaPower-NG for exfiltrating files of interest. The campaign shows Turla's continued use of old tactics, such as leveraging compromised WordPress websites for command-and-control operations. Cisco Talos recommends a layered defense approach to mitigate sophisticated APT threats. (DARKREADING.COM)
Top National Security Council Cybersecurity Official on Institutions Vulnerable to Ransomware Attacks - "The Takeout"
According to Ann Neuberger, the deputy national security adviser for cyber and emerging technology, hospitals and schools are particularly vulnerable to ransomware attacks, often carried out by Russian cybercriminals. The US government is working to enhance cyber defenses in these institutions, utilizing artificial intelligence tools for quicker detection and source identification. The Biden administration is taking action by equipping companies with cybersecurity practices, dismantling cyberinfrastructure used by criminals, and collaborating with international partners to address cryptocurrency movement and money laundering. Neuberger emphasizes the importance of AI-driven defense to stay ahead or closely behind AI-driven offense, highlighting the need for speed in cybersecurity. Neuberger's comments were made prior to the public reference to a non-specific "serious national security threat" related to Russian capabilities in space. (CBSNEWS.COM)
Before Russia Satellite Threat, There Was Starfish Prime, 'Project K'
Russia's reported pursuit of nuclear weapons in space raises concerns over the vulnerability of U.S. satellites and the potential consequences for critical infrastructure. This article explores historical nuclear detonations in space, including the U.S.'s Starfish Prime test in 1962, and examines Russia and China's current efforts to weaponize space. The establishment of the U.S. Space Force reflects the growing recognition of space threats and the need for enhanced defenses. (C4ISRNET.COM)
CISA Establishing New Office Focused On Zero Trust
CISA is opening a Zero Trust Initiative Office to provide expanded training, resources, and guidance to help federal agencies implement zero trust security principles through community building, assessments of maturity progress, and building on existing CISA models and frameworks. (FEDSCOOP.COM)
Deputy CIO Gives Updates on Pentagon's 'Aggressive' Plan for Achieving Zero Trust by 2027
The Department of Defense is working urgently to implement a zero trust-based cybersecurity architecture by 2027. Deputy CIO Dave McKeown shared updates on the progress, including the publication of a reference architecture, strategy, and implementation plan. The department aims to achieve targeted zero trust by the set deadline and is focusing on uplifting the current environment, leveraging cloud services, and using purpose-built on-premises solutions. Congress has been briefed on the plans, and the department is now moving into the implementation phase over the next three years, with a focus on providing appropriate zero-trust training across the entire department. (DEFENSESCOOP.COM)
U.S. Internet Leaked Years of Internal, Customer Emails
Internet provider U.S. Internet Corp had a public link exposing over 6,500 customer domains and their email inboxes from 2008 through the present day, including state and local governments. Its Securence division provides email filtering, but the link gave full access to internal and customer emails in plain text. Hacked links were also created through Securence’s URL scrubbing. U.S. Internet took the inboxes offline after being notified but has not disclosed how long they were exposed or the timing of configuration errors. Regulators may need to intervene, given the secrecy and security oversight concerns after such a massive mistake. (KREBSONSECURITY.COM)
Scale AI to Set the Pentagon's Path for Testing and Evaluating Large Language Models
Scale AI has been chosen by the Pentagon's Chief Digital and Artificial Intelligence Office (CDAO) to develop a testing and evaluation framework for large language models (LLMs). This one-year contract aims to create a means of deploying AI safely, measuring model performance, and providing real-time feedback for military applications. The framework will address the complexities and uncertainties associated with generative AI, including the creation of "holdout datasets" and evaluation metrics. Scale AI will work closely with the DOD to enhance the robustness and resilience of AI systems in classified environments. (DEFENSESCOOP.COM)
Kubernetes Authentication Fundamentals
This article provides an overview of authentication in Kubernetes. It explains that Kubernetes relies on external systems for authentication and supports multiple methods. Built-in options like static and bootstrap tokens are generally not recommended, while client certificates are difficult to revoke. Service account tokens are designed for pods/services but can be abused. It also discusses authentication for other Kubernetes APIs like the kubelet, controller manager and scheduler. Overall, the article helps explain how authentication works in Kubernetes and why securing credentials is important for cluster security. (DATADOGHQ.COM)
dtau...@gmail.com
White House Urges Developers to Stop Using C, C++
In a report released Monday, the White House Office of the National Cyber Director called on developers to reduce the risk of cyberattacks by using programming languages that do not have memory safety vulnerabilities. The report cited C and C++ as examples of programming languages with such vulnerabilities, and named Rust as a programming language it considers safe. Microsoft and Google studies have found that about 70% of all security vulnerabilities are caused by memory safety issues.
[ » Read full article ]
InfoWorld; Grant Gross (February 27, 2024)
Meta Will Start Collecting 'Anonymized' Data About Quest Headset Usage
Users of Meta's Quest VR headsets were informed that the company will begin collecting and aggregating anonymized device usage data with the next software update "for things like building better experiences and improving Meta Quest products for everyone." This includes audio data related to an avatar's lip and face movement; hand, body, and eye tracking data; fitness-related data; data on the user's physical environment; audio commands or dictations; and the user's VR activity. It remains uncertain whether users will be able to opt out of the new data collection policies.
[ » Read full article ]
Ars Technica; Kyle Orland (February 27, 2024)
NIST Releases Version 2.0 of Landmark Cybersecurity Framework
Version 2.0 of the National Institute of Standards and Technology's Cybersecurity Framework (CSF) is geared toward all audiences, industry sectors, and organization types despite their level of cybersecurity knowledge. CSF 2.0's scope extends from protecting critical infrastructure to protecting organizations regardless of sector and includes a governance component that stresses the importance of considering cybersecurity as a major enterprise risk. A new CSF 2.0 Reference Tool lets users browse, search, and export data from core CSF guidance.
[ » Read full article ]
NIST (February 26, 2024)
Security Bugs in ConnectWise Remote-Access Software Under Mass Attack
Researchers at the cybersecurity firm Mandiant discovered "mass exploitation" of two vulnerabilities in ConnectWise ScreenConnect, a tool that provides tech support a route to remote online access to customer systems, by "various threat actors." They said the authentication bypass vulnerability and the path-traversal vulnerability, which enable malicious code to be planted remotely, are easy to exploit. Researchers at WithSecure found hackers are using the flaws to deploy password stealers, back doors, and ransomware, including a Windows variant of the KrustyLoader back door.
[ » Read full article ]
Tech Crunch; Carly Page (February 26, 2024)
New ‘Magic’ Gmail Security Uses AI And Is Here Now, Google Says
Google introduces its AI Cyber Defense Initiative, including the open-source Magika tool, to enhance Gmail security by detecting problematic content and identifying malware with high accuracy. The initiative also involves investing in AI-ready infrastructure, releasing new tools, and providing research grants to advance AI-powered security. (FORBES.COM)
Apple Rolls Out iMessage Upgrade to Withstand Decryption by Quantum Computers
Apple is introducing an upgrade to its iMessage platform called PQ3, aiming to protect against future encryption-breaking technologies, particularly quantum computing. The new protocol rebuilds the iMessage cryptographic protocol from scratch and will replace the existing one in all supported conversations this year. While Apple's encryption algorithms are considered state-of-the-art, the company is proactively preparing for the potential vulnerability that quantum computers could pose to current encryption methods. The move is seen as a "vote of confidence" in acknowledging the realistic threat that advanced computers could pose to existing security measures. (REUTERS.COM)
Android 15 Set to Add Extra Protection to OTP Notifications
Android 15 may enhance privacy and security by preventing third-party apps from intercepting one-time passwords (OTPs) sent via notifications. A new permission called "RECEIVE_SENSITIVE_NOTIFICATIONS" has been discovered in the Android 14 QPR Beta 1 update, indicating that only selected OEM-signed or specified apps will have access to sensitive notifications. This feature aims to prevent untrusted apps from accessing OTP messages, reducing the risk of unauthorized access to user accounts. The implementation of this feature is expected in Android 15, which is set to be unveiled later this year. (ANDROIDCENTRAL.COM)
Wi-Fi Software Flaws Pose Risks
Critical authentication bypass flaws have been discovered in open-source Wi-Fi software used in Android, Linux, and ChromeOS devices. These vulnerabilities could allow attackers to manipulate users into connecting to malicious networks or infiltrate trusted networks without authentication. One vulnerability, CVE-2023-52161, poses a severe threat by granting unauthorized access to secured Wi-Fi networks. Prompt patching and manual configuration of enterprise network certificates are advised to mitigate these risks. Linux distributions have released advisories, and ChromeOS has implemented fixes, but patches for Android devices are still pending. (CYBERMATERIAL.COM)
Meta Disrupts 8 Spyware Firms, 3 Fake News Networks
Meta, the social media company, has identified and disrupted six spyware networks associated with eight companies in Italy, Spain, and the United Arab Emirates. They have also taken down three fake news operations from China, Myanmar, and Ukraine. The report highlights the thriving commercial surveillance industry, which uses fake social media accounts to gather intelligence and distribute powerful spying tools. While fake news operations, particularly those from Russia, have declined, the use of malware and phishing, especially targeting mobile devices, is on the rise. Meta urges organizations to adopt mobile threat defense and mobile app vetting to protect against these threats. (DARKREADING.COM)
Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers
The Shadowserver Foundation has discovered that approximately 28,000 Microsoft Exchange servers have been affected by a zero-day vulnerability, with an additional 68,000 instances considered possibly vulnerable. The vulnerability, identified as CVE-2024-21410, allows for privilege escalation and pass-the-hash attacks. Microsoft has released patches for the vulnerability and advises customers to update their Exchange Server software. The actual number of vulnerable servers may be higher or lower due to the counting methodology used. Organizations are urged to take immediate action to identify and mitigate potentially affected systems. (SECURITYWEEK.COM)
Cybercriminals Utilize Meta's Llama 2 AI for Attacks, Says CrowdStrike
CrowdStrike's Global Threat Report reveals that cybercriminals, specifically the group Scattered Spider, have started using Meta's Llama 2 large language model to generate scripts for Microsoft's PowerShell tool. The generated scripts were employed to download login credentials from a North American financial services victim. Detecting generative AI-based attacks remains challenging, but the report predicts an increase in malicious use of AI as its development progresses. Cybersecurity experts also highlight the potential for misinformation campaigns during the multitude of government elections taking place this year. (ZDNET.COM)
A Top White House Cyber Official Sees the ‘Promise and Peril’ in AI
Anne Neuberger, the deputy national security adviser for cyber, spoke with WIRED about emerging technology issues such as identifying new national security threats from traffic cameras and security concerns regarding software patches for autonomous vehicles. She also discussed advancements in threats from AI and the next steps in the fight against ransomware. (WIRED.COM)
Google's Cloud Run Service Spreads Several Bank Trojans
Researchers have identified an increase in campaigns using Google Cloud Run Service to distribute banking Trojans, including Astaroth, Mekiotio, and Ousaban strains. These campaigns, initially focused on Latin America, have started spreading to Europe and North America. The attackers send phishing emails posing as invoices or financial documents, with malicious links leading to threat actor-controlled Cloud Run Web services. The attackers employ cloaking mechanisms to evade detection, including redirecting to a page for checking proxies and crawlers. Indicators of compromise and mitigation advice have been provided by Cisco Talos researchers. (DARKREADING.COM)
Election Security Concerns Grow Over GOP Criticism of Top Cyber Agency
GOP criticism of the Cybersecurity and Infrastructure Security Agency (CISA) is increasing concerns about election security ahead of the 2024 presidential race as the agency plays a key role in preparing for threats. CISA faces rising attacks from Republican lawmakers and court challenges discouraging collaboration, which experts warn could undermine efforts to counter disinformation campaigns and foreign interference targeting voters. (AXIOS.COM)
Election Officials in the US Face Daunting Challenges in 2024. And Congress Isn't Coming to Help
State election officials in the US are expressing frustration as Congress has yet to allocate federal money to help cover the costs of securing their systems from cyberattacks and updating equipment. With election season already underway, officials are concerned about potential cyberattacks, criminal ransomware gangs, and the spread of election misinformation. The lack of federal funding has left election officials feeling unsupported and struggling to meet the escalating challenges. (STARTRIBUNE.COM)
GitHub Leak Exposes Chinese Offensive Cyber Operations
Leaked Chinese government documents on GitHub reveal offensive cyber operations conducted by China using spyware developed by I-Soon, a Chinese infosec company. The documents provide insight into the inner workings of China's state-sponsored cyber activities, including targeting social media platforms and telecommunications companies. The leaked information also includes sensitive details from telecommunications providers and a victim list that includes institutions in France, India, and neighboring countries. The veracity of the leaked documents has not been officially confirmed. (CYBERNEWS.COM)
Russia’s Countervalue Cyber Approach: Utility or Futility?
The article discusses key operational factors in developing a cyber equivalent to the nuclear SIOP, including C3I requirements, verifying effectiveness, limitations on adaptive planning, distinctions between theater and strategic cyber operations, and the need for policymaker guidance on targeting priorities, escalation risks, and damage expectancy. (CARNEGIEENDOWMENT.ORG)
Shifting Trends in Cyber Threats
The 2024 Threat Index report by IBM X-Force reveals changing trends in cyber threats, including a decline in ransomware attacks but a rise in infostealing methods and attacks on cloud services and critical infrastructure. The report emphasizes the need for constant vigilance and adaptation to combat these evolving threats. Additionally, the report highlights the potential risks posed by AI-driven cyberattacks, urging proactive measures to secure AI systems. Organizations must adopt comprehensive cybersecurity strategies to effectively detect and mitigate emerging threats in this dynamic landscape. (CYBERMATERIAL.COM)
CISA HBOM Framework Doesn't Go Far Enough
CISA's hardware bill of materials (HBOM) framework is a crucial step in addressing semiconductor risks, but it falls short in terms of tracking beyond manufacturing. The framework provides a consistent way to communicate about hardware components, aiding supply chain management and risk assessment. However, to effectively combat emerging cyber threats, an HBOM must track chips throughout their entire lifecycle in end products. The recent Downfall vulnerability, affecting chips manufactured in 2015, highlights the need for comprehensive traceability and security measures beyond manufacturing. While CISA's framework is a good start, a more thorough HBOM framework is necessary for enhanced chip security. (DARKREADING.COM)
Migo Malware Targeting Redis Servers
The Migo malware campaign is targeting Redis servers to carry out cryptocurrency mining on compromised Linux systems. The attack involves disabling security measures on Redis servers and establishing persistence on targeted machines. Migo employs techniques to resist reverse engineering, acts as a downloader for an XMRig installer, and deploys a rootkit to conceal its activities. The motives behind the campaign remain unclear, but it highlights the evolving sophistication of cloud-focused cyber threats and the need for proactive cybersecurity measures. (CYBERMATERIAL.COM)
Sony’s PlayStation Portal Hacked to Run Emulated PSP Games
Google engineers have successfully hacked Sony's PlayStation Portal to run emulated games locally, bypassing streaming limitations. The engineers were able to run the PPSSPP emulator natively on the PlayStation Portal, allowing games like Grand Theft Auto: Liberty City Stories to be played without Wi-Fi streaming. The exploit is software-based and does not require hardware modifications. A release for the jailbreak is not currently planned, but it could greatly enhance the PlayStation Portal's capabilities if made available. (THEVERGE.COM)
dtau...@gmail.com
GitHub Besieged by Millions of Malicious Repositories in Ongoing Attack
An ongoing cyberattack at GitHub has resulted in millions of malicious code repositories that use malware to steal developers' passwords and cryptocurrency. GitHub's "automation detection seems to miss many repos,” contend Apiiro security researchers Matan Giladi and Gil David, “and the ones that were uploaded manually survive. Because the whole attack chain seems to be mostly automated on a large scale, the 1% that survive still amount to thousands of malicious repos."
[ » Read full article ]
Ars Technica; Dan Goodin (February 28, 2024)
'Self-Destruct' Chips Could Mitigate Counterfeiting
A "self-destruct" chip developed by a team led by Eric Hunt-Schroeder from the University of Vermont could prevent counterfeit chips from entering the market. The chips generate their own unique digital fingerprints, or physically unclonable functions (PUFs), ensuring their authenticity. If compromised, the PUFs destroy themselves using two methods of circuit suicide, both involving an increase in voltage that leads to electromigration or rapid time-dependent dielectric breakdown.
[ » Read full article ]
TechRadar; Wayne Williams (March 7, 2024)
Sam Altman's Eye-Scanning Worldcoin Banned in Spain
Spain has banned Worldcoin for up to three months over privacy risks from the project, co-founded in 2019 by OpenAI Chief Executive Sam Altman, which scans irises in exchange for a digital ID and free cryptocurrency. More than 4 million people in 120 countries have signed up to have their irises scanned by Worldcoin's "orb" devices, according to its website. But the project has drawn criticism from privacy campaigners over the collection, storage, and use of personal data. Altman says Worldcoin's ID will allow users to, among other things, prove online that they are human.
[ » Read full article ]
Reuters; Jaspreet Singh; Niket Nishan; David Latona (March 6, 2024); et al.
Your Doctor's Office Might Be Bugged
More physician practices are implementing ambient AI scribing, in which AI listens to patient visits and writes clinical notes summarizing them. In a recent study of the Permanente Medical Group in Northern California, more than 3,400 doctors have used ambient AI scribes in more than 300,000 patient encounters since October. Doctors reported that the technology reduced the amount of time spent on after-hours note writing and allowed for more meaningful patient interactions. However, its use raises concerns about security, privacy, and documentation errors.
[ » Read full article ]
Forbes; Jesse Pines (March 4, 2024)
Anycubic 3D Printers Hacked in Attempt to Inform Owners of Security Hole
Hackers reportedly discovered security vulnerabilities in Anycubic 3D printers and are using a readme file on the printer display to inform users about the issue and encourage them to disable the Internet connection until a patch is issued. The hackers indicated that they had contacted Anycubic regarding the two critical security flaws they uncovered but resorted to informing users directly after not receiving a response from the company.
[ » Read full article ]
Tom's Hardware; Christopher Harper (March 1, 2024)
Self-Destructing Circuits, More Security Schemes
A probe-sensing circuit developed by Columbia University researchers can launch a protection engine that instructs the processor to encrypt data traffic after detecting changes in capacitance as small as 0.5 picofarads. Meanwhile, University of Texas at Austin researchers developed a technique to obscure a chip's side-channel signals by breaking the SMA component of the AES encryption process into four parallel steps and slightly altering the timing of each substep. They also inserted tunable replica circuits to conceal the real signals. Additionally, University of Vermont researchers developed a circuit that self-destructs by increasing the current in its longest interconnects or speeding up the breakdown of the transistor's gate dielectric.
[ » Read full article ]
IEEE Spectrum; Samuel K. Moore (February 28, 2024)
Malware Worm Can Poison ChatGPT, Gemini-Powered Assistants
A "zero-click" AI worm able to launch an "adversarial self-replicating prompt" via text and image inputs has been developed by researchers at Cornell University, Intuit, and Technion—Israel Institute of Technology to exploit OpenAI’s ChatGPT-4, Google’s Gemini, and the LLaVA open source AI model. In a test of affected AI email assistants, the researchers found that the worm could extract personal data, launch phishing attacks, and send spam messages. The researchers attributed the self-replicating malware’s success to “bad architecture design” in the generative AI ecosystem.
[ » Read full article ]
PC Magazine; Kate Irwin (March 1, 2024)
dtau...@gmail.com
TikTok's Security Threats Go Beyond the Scope of House Legislation
Legislation passed by the U.S. House to require TikTok to sell its U.S. operations to a non-Chinese owner over national security risks does not address the security issues stemming from ownership of TikTok's code and algorithms. The algorithms, which guide the content showed to users based on what they view, are developed by engineers at Chinese parent company ByteDance. With China unlikely to allow those algorithms to be licensed to outside companies, an American-owned TikTok would require a new algorithm, which may or may not work and could render the app worthless.
[ » Read full article *May Require Paid Registration ]
The New York Times; David E. Sanger; David McCabe (March 13, 2024)
Hackers Breached Key Microsoft Systems
Microsoft revealed that a breach of its systems by Russian state-backed hackers was more extensive than previously thought when first disclosed in January. Microsoft believes the hackers have used information stolen from Microsoft's corporate email systems to access “some of the company's source code repositories and internal systems,” the company said in a filing with the U.S. Securities and Exchange Commission. An accompanying blog post said the hacker group may be using the information it stole “to accumulate a picture of areas to attack and enhance its ability to do so.”
[ » Read full article ]
CNN; Sean Lyngaas (March 8, 2024)
Researchers Jailbreak Chatbots with ASCII Art
ArtPrompt, developed by researchers in Washington and Chicago, can bypass large language models' (LLMs) built-in security features. The tool generates ASCII art prompts to get AI chatbots to respond to queries they are supposed to reject, like those referencing hateful, violent, illegal, or harmful content. ArtPrompt replaces the "safety word" (the reason for rejecting the submission) with an ASCII art representation of the word, which does not trigger the ethical or security measures that would prevent a response from the LLM.
[ » Read full article ]
Tom's Hardware; Mark Tyson (March 7, 2024)
CISA, NSA Share Best Practices for Securing Cloud Services
The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) jointly issued five cybersecurity bulletins offering best practices for securing cloud services. The cybersecurity information sheets provide guidance on identity and access management solutions, as well as key management solutions, encrypting data in the cloud, managing cloud storage, and mitigating risks from managed service providers.
[ » Read full article ]
BleepingComputer; Lawrence Abrams (March 7, 2024)
Biden Order Limits Foreign Access To Americans’ Sensitive Data
Bloomberg (2/28, Subscription Publication) reports President Biden is signing an executive order “designed to prevent foreign entities from accessing troves of Americans’ personal data amid worries it could be exploited for commercial and military advantage, particularly by China and Russia.” The new order “is intended to prevent ‘countries of concern’ from obtaining large tranches of sensitive data involving people’s health, location, finances, and even voice or keyboard patterns. That information can be purchased or obtained from sources such as data brokers, third-party vendors and employers.” The AP (2/28, Ortutay) says, “The attorney general and other federal agencies are to prevent the large-scale transfer of Americans’ personal data to what the White House calls ‘countries of concern,’ while erecting safeguards around other activities that can give those countries access to people’s sensitive data. The goal is to do so without limiting legitimate commerce around data, senior Biden administration officials said on a call with reporters.”
SEC: Companies Not Complying With New Cybersecurity Incident Disclosure Rules
Forbes (3/4, Zukis) reports the SEC “finalized new cybersecurity disclosure rules in 2023 to improve investor transparency over cybersecurity risks and the actual cybersecurity incidents impacting their investments. Disclosure requirements now span certain corporate governance and management processes and information about material cybersecurity incidents themselves.” While some firms “have made cybersecurity incident disclosures since the new rules went into effect on December 18,” none of the disclosures “are compliant with the new SEC cybersecurity incident disclosure rules.”
Microsoft Engineer Warns Company’s AI Tool Creates Violent, Sexual Images, Ignores Copyrights
CNBC (3/6, Field) reports that a former Microsoft employee warned Microsoft’s AI-powered Copilot Designer creates imagery containing sexual and violent content, but the company hasn’t taken appropriate action in response to the findings. Bloomberg (3/6, Davalos, Subscription Publication) says the engineer, Shane Jones, “sent letters to the company’s board, lawmakers and the Federal Trade Commission warning that the tech giant is not doing enough to safeguard” the AI tool. Jones “said he discovered a security vulnerability in OpenAI’s latest DALL-E image generator model that allowed him to bypass guardrails that prevent the tool from creating harmful images.”
Insider (3/6, Mok) reports Jones claimed in the letter that Microsoft’s AI image generator can add “harmful content” to images that can be created using “benign” prompts. For example, the prompt “car accident” produced images that included an “inappropriate, sexually objectified image of a woman” in front of totaled cars, according to the letter. In addition, he said “the term ‘pro-choice’ generated graphics of cartoons that depict Star Wars’ Darth Vader pointing a lightsaber next to mutated children, and blood spilling out of a smiling woman.”
Insider Cyber Threats Surge Amid Economic Uncertainty And Workforce Trends
TechRadar (3/7) reports that insider cyber threats have escalated, with 68% of organizations reporting an increase in such attacks over the past year. Insider threats originate from within an organization, committed by authorized personnel who misuse their access to confidential data. Attacks are not always intentional; 62% of insider incidents are caused by negligent employees or contractors. The CyberArk Identity Security Threat Landscape Report reveals that 58% of global security professionals have encountered cases of departing employees improperly saving sensitive work documents. There’s heightened risk amid layoffs, further intensified by today’s unstable economic climate amplifying financial incentives for malicious insiders. The report also underscores that third-party relationships pose danger, as vendors might still have privileged access to sensitive company information even after the partnership is terminated. Workforce reductions causing higher stress levels among remaining employees can lead to more mistakes and susceptibility to phishing attacks. To rectify these vulnerabilities, it’s recommended businesses adopt a Zero Trust and least privilege approach, which ensures total control over data access.
dtau...@gmail.com
Hidden GitHub Commits and How to Reveal Them
A security research team created a tool to find GitHub commits containing sensitive data that were deleted via force push. These are not visible in the commit history but accessible via the API. They explain force pushing doesn't delete remote commits due to GitHub's architecture. Their tool scans the events API for push events to find dangling commits, helping reveal potentially exposed secrets so users can delete them properly. (NEODYME.IO)
FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data
The US Federal Trade Commission (FTC) has imposed a $16.5 million fine on antivirus vendor Avast for selling users' browsing data to advertisers, despite claiming its products would block online tracking. The company has been prohibited from selling or licensing web browsing data for advertising purposes and must notify users whose data was sold without their consent. The FTC accused Avast of collecting and storing consumers' browsing information through its browser extensions and antivirus software, and selling it to over 100 third parties without adequate notice or consent. Avast's subsidiary, Jumpshot, was responsible for selling the data, which included users' web searches, location information, and other sensitive details. The privacy violation was exposed in 2020, prompting Avast to terminate Jumpshot's operations. (THEHACKERNEWS.COM)
Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft
A critical vulnerability (CVE-2024-23204) in Apple's Shortcuts app enables attackers to access sensitive data without user permission, potentially leading to data theft. The flaw has been patched, and users are advised to update their Shortcuts software to the latest version. Ongoing security awareness is crucial in the Apple ecosystem to mitigate such risks (DARKREADING.COM)
Leaked Files from Chinese Firm Show Vast International Hacking Effort
Chinese police are investigating leaked documents from a private security contractor linked to China's government showing extensive global hacking campaigns and tools used by intelligence and military groups. The leaked files detail targeting networks across Asia and elsewhere, along with details on compromising defense firms for sensitive data theft. (WASHINGTONPOST.COM)
VMware Authentication Plugin Risks
VMware has warned administrators about two unpatched vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP), posing severe security risks to Windows domain environments. These vulnerabilities allow attackers to exploit Kerberos service tickets and hijack privileged EAP sessions, potentially compromising system integrity. While there is no evidence of exploitation in the wild, VMware urges immediate action, including uninstalling the plugin and associated Windows service, and using alternative authentication methods to enhance security. (CYBERMATERIAL.COM)
AI Can 'Disproportionately' Help Defend Against Cybersecurity Threats, Google CEO Sundar Pichai Says
Google CEO Sundar Pichai believes that the rapid advancements in artificial intelligence (AI) can strengthen defenses against cybersecurity threats. While concerns about the malicious use of AI persist, Pichai argues that AI tools can aid governments and companies in detecting and responding to hostile actors more quickly. He states that AI disproportionately benefits defenders by providing a scalable tool to impact attacks, helping to tilt the balance in favor of defenders. Pichai's comments come as cyberattacks continue to grow in volume and sophistication, costing the global economy trillions of dollars. Google recently announced initiatives to enhance online security using AI tools and infrastructure investments. (CNBC.COM)
All About Hackbots
The author defines hackbots as automated systems using AI to find vulnerabilities in applications. They created a hackbot proof-of-concept called Hero to inspire others. The post discusses the potential impact of competent hackbots, noting they could help secure the internet but also pose national security risks. The author believes stealth mode startups and government agencies are developing hackbots, with differing approaches. They express hopes that AI researchers won't limit security expertise in models, that platforms will use hacker reports to train models, and that readers understand LLMs alone can't hack but will enable hacking in systems. (JOSEPHTHACKER.COM)
AI and Cybersecurity Defense: Mastering the Art of Empowering Defenders Against Hackers
Artificial intelligence (AI) can be a powerful ally in the fight against cyber threats. By leveraging AI techniques such as deep learning, machine learning, and natural language processing, cybersecurity defenders can detect, prevent, and mitigate cyberattacks more effectively. However, there are challenges to overcome, such as ensuring data quality and availability, addressing ethical concerns, and developing countermeasures against adversarial attacks. By adopting a holistic approach and collaborating with stakeholders, cybersecurity defenders can harness the full potential of AI in cybersecurity. (FORTUNE.COM)
The Need for 3072-Bit Keys in the Current Encryption Landscape
As quantum computing becomes more powerful, stronger encryption standards are necessary to protect against quantum-powered cyber threats. Using 3072-bit keys enhances resistance against quantum attacks and aligns with NIST recommendations. Transitioning to this encryption standard requires careful evaluation, compatibility considerations, and ongoing vigilance in response to evolving technology. (FORBES.COM)
U-Haul Data Breach Exposes Customer Records
U-Haul has notified customers that a hacker used stolen credentials to access an internal system, exposing customer records including personal information. Payment details were not impacted. U-Haul has reset passwords for affected accounts, implemented additional security measures, and is offering one-year identity theft protection services to affected customers. The company has not disclosed the number of customers affected. This is not the first data breach for U-Haul, as a similar incident occurred in September 2022. (BLEEPINGCOMPUTER.COM)
Georgia Election Officials Withheld Evidence in Voting Machine Breach, Group Alleges
The Coffee County Board of Elections in Georgia is accused of withholding crucial evidence in a lawsuit over an alleged breach of voting software prior to President Joe Biden's inauguration. The nonprofit suing the board claims that officials withheld emails, communications with a lawyer associated with efforts to overturn the 2020 election, and security camera footage of forensic experts visiting the office where voting software was copied. The breach, part of the Trump campaign's post-election efforts, is considered a significant breach of voting equipment. Cybersecurity experts are concerned about the potential exploitation of vulnerabilities in future elections due to unauthorized copies of the software. The Coalition for Good Governance is seeking sanctions and legal costs from the board. (CYBERSCOOP.COM)
Microsoft Introduces Tool for AI Risk
Microsoft has unveiled PyRIT, a red teaming tool designed to help security professionals and machine learning engineers identify risks associated with generative AI systems. PyRIT automates tasks and highlights areas that require investigation, complementing manual red teaming efforts. It addresses the challenges posed by generative AI, providing users with control over strategy and execution to assess potential risks more effectively. Although not a replacement for manual red teaming, PyRIT enhances the security assessment process in the realm of generative AI. (CYBERMATERIAL.COM)
Electric Car Charger Withdrawn Over Cybersecurity Concerns
The Copper SB electric car charger by Wallbox has been pulled from sale in the UK after the Office for Product Safety and Standards determined that it does not comply with cybersecurity laws. The charger, which can be connected to the internet and operated through a smartphone app, has the potential to be exploited by hackers to disrupt the National Grid. Wallbox has sold close to 40,000 electric car chargers in Britain, but it is unclear how many of them are the affected model. Sales of the charger will be allowed until the end of June. (YAHOO.COM)
Face Off: Attackers are Stealing Biometrics to Access Victims' Bank Accounts
Cybersecurity company Group-IB has discovered a banking trojan that steals people's faces, using deepfake technology to bypass security checkpoints and gain unauthorized access to bank accounts. The increasing sophistication of deepfake methods poses a significant threat to biometric authentication, leading experts to question its reliability. Users are advised to be cautious and take steps to protect against biometric attacks. (VENTUREBEAT.COM)
Russian Cyberattackers Launch Multiphase PsyOps Campaign
A recent cyber campaign named Operation Texonto, attributed to Russia-linked threat actors, employed a combination of psychological operations (PsyOps) and spear-phishing to target users in Ukraine and across Europe. The campaign, which took place in two waves, aimed to spread disinformation and steal Microsoft 365 credentials. The tactics used included diverse pysop techniques, spam emails, and fake Microsoft login pages. Operation Texonto also showcased a shift away from common channels and demonstrated a planned PsyOps strategy rather than mere misinformation. The campaign highlights the ongoing cyberwar between Russia and Ukraine and the need for organizations to implement strong security measures, such as two-factor authentication, to protect against spear-phishing attacks. (DARKREADING.COM)
Sneaky SSH-Snake Malware Steals SSH Keys - Putting Your Whole Network at Risk
Researchers from the Sysdig Threat Research Team (TRT) have discovered a new open-source tool called SSH-Snake, used by hackers to steal credentials and move laterally within a target network. The tool, released in January, is being actively used by threat actors to map out networks and potentially prepare for further attacks. SSH-Snake is more thorough and stealthy in its search for credentials compared to typical SSH worms, making it more efficient and successful. It also has self-modifying mechanisms, reducing its size and making it easily customizable for different strategies. The researchers have witnessed the victim list for SSH-Snake growing, with approximately 100 victims at the time of writing. (TECHRADAR.COM)
Raccoon Infostealer Operator Extradited to the United States
A Ukrainian national operating the Raccoon Infostealer malware was indicted in the US for fraud, money laundering and identity theft. After his arrest in the Netherlands and extradition appeal dismissal, he was extradited to Texas in February 2024 to face trial for his role in the criminal operation targeting over 50 million victims worldwide. (MALWAREBYTES.COM)
Police Arrest LockBit Ransomware Members, Release Decryptor in Global Crackdown
Law enforcement agencies have arrested two operators of the LockBit ransomware gang in Poland and Ukraine, seized over 200 crypto-wallets, and developed a decryption tool to recover files for free. The international crackdown, coordinated by Operation Cronos, also involved the takedown of 34 servers across multiple countries. The LockBit gang, responsible for extorting over $120 million from victims, has been linked to high-profile attacks on organizations such as Boeing and the UK Royal Mail. Investigations targeting the leaders, developers, and affiliates of LockBit are ongoing. (BLEEPINGCOMPUTER.COM)
Mustang Panda’s DOPLUGS Threat
China-linked threat actor Mustang Panda is deploying a customized variant of the PlugX backdoor, called DOPLUGS, across Asian countries, primarily targeting Taiwan and Vietnam. Spear-phishing campaigns and customized malware payloads are used to infiltrate networks. DOPLUGS incorporates a customized implementation of the RC4 algorithm for enhanced stealth. Mustang Panda's operations span several years and involve deploying various PlugX variants. The malware serves as a conduit for establishing connections with controlled servers and retrieving additional payloads. The group's evolution and adaptability highlight their ongoing activity and targeting of regions in Europe and Asia. (CYBERMATERIAL.COM)
Deepfake Phishing Grew by 3,000% in 2023 - And It's Just Beginning
Deepfake phishing, which uses AI-generated content to create convincing fake videos or audios, has seen a 3,000% increase in fraud attempts in 2023. As deep learning models become more accessible, cybercriminals are using deepfakes to bypass biometric security and carry out phishing attacks. Organizations can protect against deepfake phishing by securing account access, training employees to recognize deepfakes, using AI detection models, imposing failsafes, and staying updated on evolving threats. (HACKERNOON.COM)
Web3 Malware Threat Alert
A surge in cyber threats targeting the Web3 ecosystem and cryptocurrency assets has been observed since January 2024. Malware employing crypto drainers is becoming increasingly prevalent, compromising the safety of website owners and users. Malicious actors inject drainers into compromised websites or redirect visitors to phishing sites, posing significant risks. The emergence of malware like Angel Drainer, linked to recent security breaches, highlights the sophistication and persistence of these attackers. Over 20,000 unique Web3 phishing sites housing crypto drainers have been created in 2023 alone, signaling a growing threat landscape. Heightened awareness and proactive measures are crucial to mitigate the risks posed by these sophisticated malware campaigns. (CYBERMATERIAL.COM)
'We Want Our AI and We Want It Now' Say Software Buyers
A survey of 2,500 executives conducted by Gartner Digital Markets reveals that AI has become a top priority for software buyers, with 92% of businesses considering investing in AI-powered software in the coming year. The survey also highlights that 47% of buyers prioritize security and cyberattack concerns when making software investments. However, the results show that 53% of buyers do not see security as an important feature, raising alarm. Cost control is another factor influencing software purchases, with 31% of businesses replacing software due to high costs. Customization is preferred by a majority of enterprise managers, with 59% seeking customized solutions from vendors. (ZDNET.COM)
Utilities Trade Association Releases Baseline Cyber Standards for Distributed Renewable Energy
The National Association of Regulatory Utility Commissioners (NARUC) has released cybersecurity baselines for distributed renewable energy resources, such as solar panels, to provide standard cyber protections for electric distribution systems and distributed energy resources (DER) companies. The voluntary guidance aims to ensure basic cybersecurity measures are in place in the fast-growing DER industry. The initiative, funded by the Department of Energy (DOE), is part of the national cybersecurity strategy and supports President Biden's climate goals. The baselines were developed to promote uniformity in cybersecurity expectations across states. (CYBERSCOOP.COM)
iSoon's Secret APT Status Exposes China's Foreign Hacking Machination
Leaked documents reveal that the Chinese government collaborates with private sector hackers, such as Shanghai-based company iSoon, to spy on foreign governments, domestic dissidents, ethnic minorities, and more. The documents shed light on the primary targets and goals of China's state-sponsored hacking activities. (DARKREADING.COM)
Lucifer DDoS Botnet Malware Targeting Apache Big-Data Stack
Cybersecurity firm Aqua Nautilus analyzed a new campaign targeting Apache big data solutions like Hadoop and Druid. The attacker exploits vulnerabilities and misconfigurations to deploy Lucifer malware, which acts as a dropper to execute cryptomining payloads. The campaign evolves across three stages, showing increasing sophistication in evasion techniques. Aqua Nautilus provides IoCs and mitigation advice, including patching, securing configurations, runtime threat detection, and supply chain security. (AQUASEC.COM)
VoltSchemer Attacks Use Wireless Chargers to Inject Voice Commands, Fry Phones
Researchers have discovered a new set of attacks called VoltSchemer that can inject voice commands into smartphones through the magnetic field emitted by a wireless charger. These attacks can manipulate voice assistants, cause physical damage to the device, and even heat items near the charger to dangerous temperatures. The researchers tested popular wireless chargers and found security flaws in their design, highlighting the need for better protection against electromagnetic interference. (BLEEPINGCOMPUTER.COM)
MGM Resorts Says Regulators Probing September Cyberattack
MGM Resorts International has revealed that state and federal regulators are investigating a cyberattack on its systems that occurred in September, resulting in a $100 million impact on the company's third-quarter results. The casino operator plans to respond to the inquiries accordingly. The attack led to the shutdown of MGM's systems after disruptions at Las Vegas hotels and slot machines. Hacking group AlphV has claimed involvement in the breach. Another group, Scattered Spider, was also responsible for a cybersecurity incident at Caesars Entertainment. (REUTERS.COM)
Oil and Gas Industry Hit by Phishing
A sophisticated phishing campaign targeting the Oil and Gas industry has been detected, utilizing the advanced Rhadamanthys Stealer malware. Attackers employ various techniques, including open redirects and interactive PDFs hosted on legitimate domains, to trick victims into downloading the malware. The Rhadamanthys Stealer, recently updated to version 5.0, is capable of stealing data such as device information, documents, cryptocurrency wallets, and credentials. The campaign involves phishing emails with vehicle incident reports that lead victims to download the malware. The high volume of phishing emails suggests a concerted effort by threat actors to bypass secure email gateways. (CYBERMATERIAL.COM)
Pharmacy Delays Across US Blamed on Nation-State Hackers
A suspected nation-state threat actor breached the systems of healthcare tech provider Change Healthcare, causing widespread delays for patients needing prescription refills across the US. Change Healthcare manages patient payments and access to medical records, highlighting the real-world impact of cyberattacks on human health. The incident underscores the vulnerability of the healthcare sector and the need for proactive cybersecurity measures. (DARKREADING.COM)
dtau...@gmail.com
NSF announcement on JASON report: Safeguarding the Research Enterprise
March 21, 2024
Today, the U.S. National Science Foundation released the latest report by JASON, an independent science advisory group, Safeguarding the Research Enterprise. Building on the Fundamental Research Security report released in 2019, NSF commissioned this new study to satisfy legislative requirements in Section 10339 of the "CHIPS and Science Act of 2022" and the Fiscal Year 2023 Appropriations bill. JASON was asked to comment on specific steps NSF might take to identify sensitive areas of research and describe processes to address security in those areas.
Microsoft Security AI Product to Help Clients Track Hackers
Microsoft plans to launch Copilot for Security April 1 following a year-long trial with corporate customers. Leveraging OpenAI and the large amount of security-specific data collected by Microsoft, Copilot can be integrated with Microsoft's security and privacy software to generate suspicious incident summaries, answer questions, and determine attackers' intentions. Tests of Copilot showed a 26% increase in performance speed and a 35% increase in accuracy among newer security workers.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Dina Bass (March 13, 2024)
US Rivals Preparing for AI Cyberwar, Says Microsoft Report
According to Microsoft, countries such as Iran, Russia, and North Korea are gearing up for an escalation in cyberwar using generative AI, while a shortage of skilled cybersecurity personnel exacerbates the problem. Microsoft has responded with CoPilot For Security, an AI tool that can track, identify, and block threats more effectively and efficiently than humans. The report also highlights the use of AI by threat actors and the need for increased efforts to detect and combat these malicious activities. The impact of generative AI on cyber attacks is evident, with a rise in email-based attacks and phishing attempts. Microsoft anticipates that AI will evolve social engineering tactics, leading to more sophisticated attacks. (TECHRADAR.COM)
'GhostRace' Speculative Execution Attack Impacts All CPU, OS Vendors
An attack developed by researchers at IBM and the Netherlands' Vrije Universiteit Amsterdam (VU Amsterdam) takes advantage of a flaw in Intel, AMD, ARM, and IBM processors to bypass operating system controls against race conditions. The attack, called "GhostRace," targets modern processors' speculative execution (out-of-order processing) feature, specifically conditional branch speculation. The researchers said, "The security implications are significant, as an attacker can speculatively execute all the critical regions in victim software with no synchronization."
[ » Read full article ]
Dark Reading; Jai Vjayan (March 15, 2024)
FCC Approves Voluntary Cyber Trust Labels for Consumer IoT Products
The U.S. Federal Communications Commission (FCC) approved a voluntary cybersecurity labeling program for consumer Internet of Things (IoT) products. Products that meet the minimum criteria set forth in the National Institute for Standards and Technology's Internal Report 8425 can display U.S. Cyber Trust Certification Marks like the one shown at right. The goal is for the marks, along with related QR codes linking to product registries with security information, to help consumers make informed buying decisions.
[ » Read full article ]
Dark Reading; Nate Nelson (March 14, 2024)
U.S. Warns of Cyberattacks Against Water Systems
U.S. Environmental Protection Agency administrator Michael Regan and National Security Advisor Jake Sullivan warned in a letter to governors made public Tuesday that U.S. water systems were at risk of state-sponsored cyberattacks from hackers linked to the governments of Iran and China. “Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” the letter stated.
[ » Read full article ]
Bloomberg; Ari Natter (March 19, 2024)
Never-Repeating Patterns of Tiles Can Safeguard Quantum Information
Zhi Li of Canada's Perimeter Institute of Theoretical Physics and Latham Boyle of the U.K.'s University of Edinburgh developed a quantum error-correcting code based on Penrose tilings, which never produce a periodic repeating pattern regardless of how they are arranged. The researchers determined which tiling configurations would not be impacted by localized errors, and after distinguishing two qualitatively different relationships between distinct Penrose tilings, they built an error-correcting code in which the analogous states are superpositions of all tilings within a single equivalence class.
[ » Read full article ]
Wired; Ben Brubaker (March 17, 2024)
EU to Impose Election Safeguards on Big Tech
Brussels is set to roll out its first binding regime to fight election disinformation. The guidelines, aimed at countering online threats to election integrity, could be adopted by the European Commission as soon as next week, according to insiders. Among other things, the guidelines say platforms that fail to adequately address AI-powered disinformation or deepfakes could face fines of up to 6% of their global turnover.
[ » Read full article *May Require Paid Registration ]
Financial Times; Javier Espinoza (March 20, 2024)
Tech Job Seekers Without AI Skills Face a New Reality
Recently laid-off information technology workers are not finding new jobs quickly due to a mismatch in the skills they have and their expectations about pay, according to consulting company Janco Associates. Jobs in areas like telecommunications, corporate systems management, and entry-level IT have declined in recent months, while roles in cybersecurity, AI, and data science continue to rise, according to Janco's data. Meanwhile, data from job listings aggregator Indeed show that the average total compensation for IT workers is about $100,000, while the average salary potential for those with generative AI skills is $174,727.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Belle Lin (March 18, 2024)
School Cyberattacks On The Rise
NPR (3/11, Cardoza) reports, “School systems of every size have been hit by cyberattacks, from urban districts like Los Angeles and Atlanta, to rural districts in Pennsylvania and Illinois. And the problem has been growing.” An analysis by cybersecurity firm Emsisoft “estimates that 45 school districts were attacked in 2022. In 2023, Emsisoft found that number more than doubled, to 108.” In many cases, hackers steal “sensitive data about students and staff – including social security numbers, sexual assault records and discipline information.” A reason “for the increase in attacks is that hackers have realized school systems are vulnerable,” as they often have older computer systems. A report by the research group Comparitech found cyberattacks in 2022 “cost schools and colleges an estimated $9.45 billion in downtime alone,” and that doesn’t include the costs of recovery efforts.
Major Cyberattack Reveals Vulnerability Of US School Systems
NPR (3/12, Cardoza) reports that Minneapolis Public Schools experienced one of the most devastating cyberattacks to date in February 2023. Hackers accessed confidential student data and demanded a ransom for it. When the district declined, the information, including social security numbers, school security details, and data on sexual assaults and psychiatric holds, was released online. Cyberattacks on school districts have seen a rise nationwide due to increased dependency on technology. The breach can lead to long-term consequences for students, from identity theft to previous records surfacing in adulthood.
House Easily Passes TikTok Bill, Fate In Senate Uncertain
Bloomberg (3/13, Flatley, Subscription Publication) reports the House on Wednesday passed a bill on a 352-65 vote that would “ban TikTok in the US unless its Chinese owner sells the video-sharing app, mounting the most serious challenge yet to a service that’s used by 170 million Americans but critics call a national-security threat.” The New York Times (3/13, Maheshwari, McCabe, Karni) says the move “escalates a showdown between Beijing and Washington over the control of a wide range technologies that could affect national security, free speech and the social media industry.” The House bill passed easily “efforts to mobilize its 170 million U.S. users against the measure.”
The Washington Post (3/13, A1, Lima, Bogage, Alfaro Martínez) reports, “Private briefings from national security and law enforcement officials, including a classified hearing last week, served as a ‘call to action’ for Congress to ‘finally’ take a stand against TikTok, said Rep. Kathy Castor (D-Fla.), a member of the House Energy and Commerce Committee. It’s unclear whether these meetings with the FBI, Justice Department and Office of the Director of the National Intelligence surfaced new evidence against the company.”
In an analysis, the New York Times (3/13, Sanger) says the Chinese ownership argument “glosses over the deeper TikTok security problem, which the legislation does not fully address. In the four years this battle has gone on, it has become clear that the security threat posed by TikTok has far less to do with who owns it than it does with who writes the code and algorithms that make TikTok tick. Those algorithms, which guide how TikTok watches its users and feeds them more of what they want, are the magic sauce of an app that 170 million Americans now have on their phones.”
Senate Appears Unlikely To Approve TikTok Ban In The Near Future
Bloomberg (3/14, Subscription Publication) says, “Even before the House passed a measure, 352 to 65, on Wednesday to ban TikTok unless its Chinese owner divests it, the short-video app had turned its lobbying efforts to the Senate, where many a previous legislative juggernaut has gone to die.” Axios reports that Sen. Josh Hawley (R-MO) “was one of the first senators to applaud yesterday’s House vote on a bill that requires ByteDance to divest TikTok, or else risk the app from being banned. But he tells Axios that he doesn’t have much faith that there will be a similar vote in the Senate, where Majority Leader Chuck Schumer (D-N.Y.) is noncommittal about bringing it to the floor (despite support from President Biden).” Hawley said, “I’d be fine taking [the House bill] up verbatim. But if folks want to take it up and amend it, we can. ... My observation is that people say: ‘I agree with the idea in principle but have concerns.’ That basically means we should never do anything. What we’re likely to see happen in the Senate is people will nickel-and-dime it, a death by a thousand cuts. Nothing that Big Tech doesn’t want moves across the Senate floor.”
The Washington Post (3/14, Francis) reports that “some senators have raised constitutional concerns about potentially infringing on rights to free expression and targeting a business operating in the United States.” The Washington Post (3/14, A1, Harwell, Dou) also reports that “several senators on Thursday preached caution about moving too quickly against TikTok after the House swiftly passed its legislation in just over a week, including Sens. Laphonza Butler (D-Calif.) and Lindsey Graham (R-S.C.).” Roll Call (3/14, Ratnam) reports, “Sens. John Cornyn, R-Texas, J.D. Vance, R-Ohio, and Michael Bennet, D-Colo., have said they wanted to review the House bill before deciding how to proceed. Sen. John Thune, R-S.D., supported the House measure and said he expected overwhelming support in the Senate.”
The AP (3/14, Tang) says, “As TikTok fights for survival, it has made a move that is very present in American politics: It’s engaging in heavy lobbying, and appealing to its 170 million U.S. users to contact their lawmakers to say a TikTok ban would infringe on their free speech rights.” The New York Times (3/14, Maheshwari, Lu) has more on TikTok’s efforts to get its creators to lobby against a ban.
University Of North Carolina System Bans Apps Featuring Anonymous Posting
Inside Higher Ed (3/13, Coffey) reports the University of North Carolina system “will ban social media apps that allow anonymous posting, which the university says causes cyberbullying.” The system’s IT and legal departments “were instructed to begin blocking a handful of social media apps that allow anonymous posting, UNC system president Peter Hans said at a Feb. 29 Board of Governors meeting.” The four targeted apps “are Yik Yak, Sidechat, Fizz and Whisper.” A UNC system spokesperson “said there is no timeline for the ban’s implementation. Hans was unavailable to comment further to Inside Higher Ed.”
dtau...@gmail.com
Bipartisan Bill Would Require Online Identification, Labeling On AI Videos, Audio
The AP (3/21) reports a bipartisan House bill introduced Thursday “would require the identification and labeling of online images, videos and audio generated using artificial intelligence.” Such deepfakes have “already been used to mimic President Joe Biden’s voice, exploit the likenesses of celebrities and impersonate world leaders, prompting fears it could lead to greater misinformation, sexual exploitation, consumer scams and a widespread loss of trust.” The bill “would require AI developers to identify content created using their products with digital watermarks or metadata” and online platforms “would then be required to label the content in a way that would notify users.”
Advocacy Group Sues Consultant, Companies Behind AI-Deepfake Robocall Of Biden
The Washington Post (3/16, Raji) reports the League of Women Voters of New Hampshire has sued campaign consultant Steve Kramer and telecom companies Life Corp. and Lingo Telecom over the “AI-generated robocall of President Biden that in January urged New Hampshire voters not to participate in the state’s presidential primary.” The Post says the voting advocacy group accuses them “of voter intimidation, coercion and deception in violation of federal and state laws, including the Voting Rights Act and the Telephone Consumer Protection Act.” The lawsuit “asks a judge to fine the defendants and block them from producing, generating or distributing other robocalls generated with artificial intelligence.”
How to Make AI 'Forget' All the Private Data It Shouldn't Have
Researchers are exploring the concept of machine "unlearning" to enable AI models to remove specific data that should not be retained, such as private or outdated information. This is particularly important for compliance with data privacy regulations and to address biases or inaccuracies in training data. Machine unlearning involves efficiently removing the influence of the data without having to retrain the entire model. It has practical applications for companies like Facebook and Google, as well as in high-risk sectors like healthcare and finance. The vulnerability of generative AI models to privacy attacks and the increasing scale of models contribute to the need for machine unlearning. (HBS.EDU)
Microsoft Uses AI to Stop Phone Scammers
Microsoft introduces Azure Operator Call Protection, a service that analyzes phone conversations in real time to identify suspicious callers. The AI-powered system can alert users if a call seems fraudulent, reinforcing best practices and helping combat spam calls. The service is opt-in, and data from calls is not saved or used for training AI models. Microsoft is currently piloting the technology with BT Group. (CNET.COM)
2023 Will Go Down for Record-Setting Number of Data Breaches
In 2023, there were 3,205 data breaches reported in the U.S., impacting a total of 353 million victims, surpassing the previous record by 2,365 breaches. T-Mobile had the highest number of affected individuals with 37 million. The health care industry experienced the most compromises, followed by financial services and professional services. The report highlights an increase in supply chain attacks, zero-day exploits, and the effectiveness of phishing attacks aided by generative artificial intelligence. The Identity Theft Resource Center advocates for stronger federal regulations to improve breach notification processes. (GOVERNING.COM)
Chinese Hackers Stole Over 95 GB of Indian Immigration Data
Chinese hackers have targeted foreign governments and companies, including India, and gained access to 95.2 GB of Indian immigration data. The hackers have also targeted other countries such as Malaysia, Taiwan, South Korea, and the United Kingdom, among others. The attack highlights the vulnerability of software vulnerabilities in companies like Apple, Google, and Microsoft. (INC42.COM)
U-Haul Says 67,000 Customers Affected in Records System Breach
Truck and trailer rental company U-Haul has disclosed a data breach that occurred in December 2022, affecting some customers in the United States and Canada. An unauthorized party accessed U-Haul's system using legitimate credentials, compromising customer records. The breach exposed driver's license numbers and other identification card numbers, but did not involve the company's payment system. U-Haul is working with a cybersecurity company to investigate the incident and is offering affected customers free credit-monitoring services. (THERECORD.MEDIA)
When Does a Journalist Become a Hacker?
Journalist Tim Burke is facing charges under the Computer Fraud and Abuse Act (CFAA), the federal anti-hacking statute, for accessing video clips from LiveU, a streaming service used by media companies. The CFAA's vague language around "unauthorized access" has led to a range of questionable prosecutions, including those of Aaron Swartz and Andrew Auernheimer. The case against Burke highlights the need for reform of the CFAA, as its broad interpretation poses a risk to journalists and their use of computers in the modern era. (THEVERGE.COM)
A Power Struggle Brews Over Crypto and AI
A lawsuit and an essay highlight growing concerns over the energy demand of artificial intelligence and cryptocurrency mining. The crypto industry has obtained a temporary order blocking the Energy Department's collection of power usage data, while AI ethicist Kate Crawford calls for pragmatic actions to limit AI's ecological impacts. The Energy Information Administration is conducting an "emergency" data survey on crypto mining's power demand. On the other hand, the Texas Blockchain Council and Riot Platforms have filed a lawsuit against invasive government data collection. The International Energy Agency estimates that data centers, crypto, and AI could account for 4% of global power demand by 2026. (AXIOS.COM)
Lovers' Spat? North Korea Backdoors Russian Foreign Affairs Ministry
North Korean state hackers have been discovered planting a backdoor named Konni inside a bespoke government software used by Russia's Ministry of Foreign Affairs (MID). The backdoor was found bundled within a Russian-language installer associated with a tool called "Statistika KZU." This incident highlights North Korea's history of spying on Russia, despite their friendship, and raises questions about how they obtained knowledge of internal Russian government software. (DARKREADING.COM)
LockBit Group Revives Operations After Takedown
LockBit ransomware group has quickly reestablished operations and launched a new dark web leak site just days after a global law enforcement effort dismantled their infrastructure. While some experts believe the LockBit brand is dead, the group's comeback highlights the persistent challenges faced by authorities in the fight against ransomware. The relaunch of LockBit does not diminish the accomplishments of law enforcement, but it underscores the resilience of ransomware groups and the ongoing battle to permanently take them out of action. (CYBERSECURITYDIVE.COM)
LockBit Ransomware Secretly Building Next-Gen Encryptor Before Takedown
LockBit ransomware developers were in the process of building a new version of their malware, called LockBit-NG-Dev when law enforcement took down their infrastructure. The latest sample of LockBit is written in .NET and compiled with CoreRT, indicating that it is in its final development stages. The malware includes a configuration file that outlines execution parameters and offers features such as encryption modes, file or directory exclusion, and randomization of file naming. While law enforcement's actions have disrupted the LockBit operators, the discovery of this new encryptor poses a challenge for their future operations. (BLEEPINGCOMPUTER.COM)
Executive Order on Port Cybersecurity Points to IT/OT Threat Posed by Chinese Cranes
The Biden administration's executive order on port cybersecurity emphasizes the risks associated with the use of Chinese-made cranes in US ports. The order aims to strengthen the Department of Homeland Security's authority to address maritime cyber threats, including the ability to require vulnerability remediation, control ship movements, and inspect facilities. Mandatory reporting of cyber incidents and specific cybersecurity best practices are also introduced. The Coast Guard will issue a Maritime Security Directive focusing on cyber risk management for Chinese cranes and associated IT/OT systems. (SECURITYWEEK.COM)
Beijing Calls for Data Security Protection System to Guard Against Hackers
The Chinese government has issued a directive urging local governments and businesses to establish a "data security protection system" to enhance protection against hacking and safeguard sensitive domestic companies. The directive emphasizes the need to focus on businesses related to key technologies, the security of the industrial chain, and national security. It also calls for strengthening risk monitoring, emergency responses, and the enrollment of over 45,000 companies in a national data protection and classification system by 2026. This move comes amidst ongoing accusations of cyberattacks between China and foreign governments. (HONGKONGFP.COM)
France Issues Dark Warning Over Vladimir Putin's 'Threats' of Sabotage
French military officials have raised concerns about increased Russian cyberattacks and sabotage targeting France's armed forces. The French armed forces minister, Sébastien Lecornu, stated that Russia has attempted to take control of air and sea patrols conducted by the French ministry. President Emmanuel Macron echoed these warnings, stating that Russia has "crossed several limits" and showing a "desire for aggression" through the cyberattacks. The attacks intensified after France signed a security agreement with Ukraine, with Russia even threatening to shoot down a French aircraft in the Black Sea. (CO.UK)
Your Online Identity is Not as Safeguarded as You Think-and It's Not on You to Fix
A hacker with over 20 years of experience reveals that cybercriminals are increasingly using employees' identities to gain access to company networks. With the rise of generative AI, cyber criminals can easily piece together fragments of personal information to exploit individuals. As the adoption of generative AI grows, cybercriminals may distort identities for their attacks, including cloning voices or using deepfake services. It is crucial to dispel the notion of users as the "root cause" of data breaches, and instead, enterprises must take responsibility for combating the security issue. Businesses are shifting towards behavioral analytics and reducing the need for users to input credentials as methods of authentication. By making identity a harder path for cybercriminals to pursue, the incentive to exploit personal data decreases. (FASTCOMPANY.COM)
Steel Giant ThyssenKrupp Confirms Cyberattack on Automotive Division
ThyssenKrupp, one of the world's largest steel producers, has confirmed a cyberattack on its Automotive division. The firm shut down IT systems as part of its response to the breach, which affected its automotive body production division. The situation is under control, and the company is gradually returning to normal operations. ThyssenKrupp has been targeted by hackers multiple times in the past, with most attacks aimed at espionage and operational disruption. The type of breach and the responsible threat actor have not been disclosed. (BLEEPINGCOMPUTER.COM)
The Most Dangerous Time in Recent History, Warns British Military's Cyber General
Gen. Sir Jim Hockenhull, head of Britain's Strategic Command, warns that the current global landscape is the most dangerous he has witnessed in his career. As conflicts persist and threats to critical infrastructure increase, Hockenhull emphasizes the need for a change in how national security is approached, calling for collaboration with industry, academia, and international partners. He also highlights the shortage of cyber and electromagnetic skills and the importance of recruiting digital talent. Hockenhull cites Russia's significant deployment of electronic warfare equipment in Ukraine, which poses challenges to uncrewed systems and guided missiles. Integration and assurance in the cyber and electromagnetic domains are crucial for effective defense. (THERECORD.MEDIA)
Lessons and Warnings from the World's First All-Out Cyberwar
The conflict between Russia and Ukraine has marked the world's first all-out cyberwar, highlighting the need for the West to study the lessons learned and support Ukraine's cyber capabilities. Without offensive support, Ukraine is limited in its ability to match and overwhelm Russian cyberattacks. Strengthening Ukraine's cyber defenses will not only address immediate threats but also strategically curb Russia's capabilities and help define cyber red lines for NATO. The West should provide intelligence on vulnerabilities to Ukraine, improve its own cyber defenses, and deter other nation-states from launching devastating cyberattacks in the future. (ASIATIMES.COM)
Russian Hackers Shift to Cloud Attacks, US and Allies Warn
The APT29 Russian Foreign Intelligence Service (SVR) hackers, also known as Cozy Bear, have shifted their focus to targeting cloud services, according to the Five Eyes intelligence alliance. The SVR, responsible for the SolarWinds supply-chain attack, has been breaching U.S. federal agencies and compromising Microsoft 365 accounts of entities within NATO nations. The advisory issued by the intelligence agencies warns that the SVR is adapting to the modernization of systems and targeting cloud infrastructure. The hackers gain access to cloud environments using compromised access service account credentials and employ various tactics to evade detection. Mitigations include enabling multi-factor authentication, least privilege access, and monitoring for indicators of compromise. (BLEEPINGCOMPUTER.COM)
Senior Army Officer to Become New Cyber Security Chief
Lieutenant General Michelle McGuinness is set to become Australia's next cyber security chief, taking over from Air Marshal Darren Goldie, who was recalled to defense over a workplace matter. With 30 years of experience in the Australian Defence Force and a role in the United States Defence Intelligence Agency, Lt Gen McGuinness will lead and coordinate national cyber security policy and government responses to data breaches and hacking incidents. Her appointment comes as Australia continues to prioritize cyber security in the face of evolving threats. (CO.UK)
NIST Publishes Final "Cybersecurity Resource Guide" on Implementing the HIPAA Security Rule
The National Institute of Standards and Technology (NIST) has released its final guidance, the "Cybersecurity Resource Guide," to help HIPAA-regulated entities understand and comply with the HIPAA Security Rule. The guide provides detailed descriptions, sample questions, and considerations for implementing each standard, as well as guidelines for conducting risk assessments and risk management. NIST's resource aims to assist organizations in enhancing their cybersecurity posture and protecting electronic protected health information (ePHI). (JDSUPRA.COM)
Three Men Charged Over Alleged SMS Phishing Scam
Three men have been charged by the Cybercrime Squad following an investigation into an SMS phishing scam that sent over 80 million fraudulent text messages. The scam utilized Subscriber Identity Module (SIM) boxes to send bulk text messages containing fraudulent links. The messages claimed to be from legitimate institutions but directed victims to illegitimate websites. Police executed search warrants and arrested the men, seizing SIM boxes, SIM cards, identity information, cannabis, and mobile phones. The men have been charged with various offenses, including using equipment connected to a network to commit serious offenses and dealing with identity information to commit indictable offenses. (CO.UK)
Brussels Spyware Crisis Expands: Two MEPs Hit in Phone-Hacking Security Breach
Two members and one staffer of the European Parliament's security and defense subcommittee have been targeted with spyware, raising concerns about the security of the EU institution's work. The crisis highlights the need for increased cybersecurity measures, with calls for a full-fledged counterintelligence and security service within the Parliament. The incident follows previous cases of EU politicians being targeted with spyware, emphasizing the ongoing threat of cyberattacks and foreign interference. (POLITICOPRO.COM)
dtau...@gmail.com
Vulnerability in Apple Chip Leaks Encryption Keys
A newly discovered vulnerability embedded in Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform cryptographic operations. Named GoFetch by the multi-institutional academic researchers who discovered it, the flaw cannot be patched directly because it stems from the microarchitectural design of the silicon itself. It can only be mitigated by building defenses into third-party cryptographic software, which could greatly degrade M-series performance when executing cryptographic operations.
[ » Read full article ]
Ars Technica; Dan Goodin (March 21, 2024)
Hackers Open Keycard Locks in Seconds
Lennert Wouters of Belgium's KU Leuven University and independent security researcher Ian Carroll identified a hacking technique that leverages security flaws in Dormakaba's Saflok-brand RFID-based keycard locks to unlock a hotel room in a matter of seconds using a new or expired keycard. The technique, dubbed Unsaflok, exploits vulnerabilities in Dormakaba's encryption and its underlying RFID system, MIFARE Classic. The researchers used a $300 RFID read-write device to read a code on the keycard and write two new keycards, one that rewrites a piece of the lock's data when tapped on the lock and another that opens it.
[ » Read full article *May Require Paid Registration ]
Wired; Andy Greenberg (March 21, 2024)
Colorado State Researchers Warn Millions Of US Commercial Trucks May Have ELD Vulnerabilities
The Register (UK) (3/22) reported vulnerabilities in “common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to boffins at Colorado State University.” In a paper presented “at the 2024 Network and Distributed System Security Symposium, associate professor Jeremy Daily and systems engineering graduate students Jake Jepson and Rik Chatterjee demonstrated how ELDs can be accessed over Bluetooth or Wi-Fi connections to take control of a truck, manipulate data, and spread malware between vehicles.” The authors did not “specify brands or models of ELDs that are vulnerable to the security flaws they highlight in the paper.” But they do “note there’s not too much diversity of products on the market.”
EU Calling On Large Tech Firms To Crack Down On AI-Generated Content Ahead Of Election
AFP (3/27) reports the EU is calling on Facebook, TikTok, and other large tech firms “to crack down on deepfakes and other AI-generated content by using clear labels ahead of Europe-wide polls in June.” The guideline is part of a string of measures published under the Digital Services Act, under which the EU “has designated 22 digital platforms as ‘very large’ including Instagram, Snapchat, YouTube and X.” The European Commission “recommends that big platforms promote official information on elections and ‘reduce the monetization and virality of content that threatens the integrity of electoral processes’ to diminish any risks.” TikTok on Tuesday “announced more of the measures it was taking including push notifications from April that will direct users to find more ‘trusted and authoritative’ information.”
US Power Grids Facing Increased Hacking Threats Ahead Of Election
Bloomberg (3/26, Malik, Subscription Publication) reports according to the North American Electric Reliability Corp., “US power grids are facing heightened risks of cyber and physical attacks as the election nears.” These threats “come from state-backed hackers as well as the type of physical assault that happened at North Carolina substations in late 2022, said Jim Robb, chief executive officer of the North American Electric Reliability Corp., which sets federal standards.”
Education Department Launches Federal Council To Improve K-12 School Cybersecurity
To counter the “rising number of ransomware attacks and data breaches” on school districts across the country, the Education Department on Thursday launched a council to help K-12 schools improve their cybersecurity practices, StateScoop (3/28) reports. The Government Coordinating Council for the Education Facilities Subsector “aims to foster a more resilient and secure K-12 digital infrastructure through improved communications and shared best practices.” Deputy Education Secretary Cindy Marten said in remarks delivered to K-12 educational leaders, “The GCC embodies our commitment to ensuring the cybersecurity of our nation’s schools. This initiative represents a monumental step forward in formalizing the partnership between federal, state, and local educational leaders in protecting our K-12 critical infrastructure.”
Education Week (3/28) reports the GCC includes “representatives from federal agencies, state education departments, education technology leaders, superintendents, and principals.” The launch comes seven months after the White House hosted the first K-12 cybersecurity summit, “where Secretary of Education Miguel Cardona and first lady Jill Biden unveiled the cybersecurity initiative that includes the government coordinating council.” As part of the White House initiative, the Cybersecurity and Infrastructure Security Agency (CISA) “will provide tailored assessments and cybersecurity training and exercises for K-12 schools. The FBI will release updated resource guides so state governments and education officials know how to report cybersecurity incidents and can leverage the federal government’s cyber-defense capabilities. Some education technology companies also made commitments to provide free or low-cost cybersecurity-training resources to school districts.”
dtau...@gmail.com
Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
RedHat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils versions 5.6.0 (released February 24) and 5.6.1 (released March 9).
For more, see: https://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html
Hackers Threaten to Release Trump Documents from Georgia Case if Ransom is Not Paid
A hacking group known as LockBit 3.0 is demanding a ransom and threatening to release documents related to the criminal case against Donald Trump in Georgia. The group initially set a payment deadline for Saturday, but it has since moved the deadline up to Thursday. The group claims to have backup copies of documents taken from the Fulton County government's website and has demanded an undisclosed amount of money. LockBit 3.0 is known for targeting various companies and government agencies, and it operates on a service model where it develops ransomware hacking tools and leases them out to other hackers. (BUSINESSINSIDER.COM)
Tips to Fight Fraudulent Tax-Return Scammers
Tax-return fraud is a significant risk, with criminals stealing taxpayers' information and promising large refunds. To protect against fraudsters, experts recommend filing taxes early and obtaining an IRS-issued 6-digit Identity Protection (IP) PIN, making it harder for scammers. Other precautions include avoiding preparers who claim large refunds, not clicking on unsolicited emails related to returns, and ensuring the refund goes to the filer's account. With the rise of "new client" scams and deepfakes, identity verification is more crucial than ever. (ITBREW.COM)
Epic Games Allegedly Had 189GB of Confidential Data Stolen in Latest Ransomware Attack
Hackers from the ransomware group Mogilevich claim to have stolen approximately 189GB of confidential data, including email, passwords, payment information, and source code, from Epic Games. The group is threatening to sell the stolen data unless Epic Games buys it back by March 4. Epic Games has not yet confirmed the breach but stated that there is "zero evidence" of a cyberattack or data theft. The company has not been contacted directly by Mogilevich, and no proof of hacking has been provided. (DOTESPORTS.COM)
eBay, VMware, McAfee Sites Hijacked in Sprawling Phishing Operation
A phishing operation called "SubdoMailing" has compromised over 8,000 subdomains of well-known brands, including MSN, VMware, McAfee, and eBay. The campaign sends millions of malicious emails daily, bypassing email security measures. The operation is part of a larger cybercriminal effort and undermines the trust of the affected organizations. Researchers have identified a threat actor named "ResurrecAds" behind the campaign, which revives abandoned domains to exploit legitimate services and profit as an "Ad-Network" entity. Guardio has created a tool to check for domain compromise. (DARKREADING.COM)
Apple, Signal Debut Quantum-Resistant Encryption, but Challenges Loom
Apple and Signal have introduced post-quantum cryptographic (PQC) protocols, PQ3 and PQXDH, respectively, to secure their messaging platforms. While these quantum-resistant encryption methods aim to protect against future attacks from quantum computers, organizations face complex challenges in implementing and managing these new algorithms. The transition to post-quantum cryptography will require reevaluating existing authentication protocols, adapting to evolving standards, and educating the workforce on quantum threats and defenses. Despite the need to prepare for quantum computing, experts suggest taking a measured approach as the full impact of quantum computers may still be years away. (DARKREADING.COM)
How Hackers Steal Your Credit Card Information in 2024
In the ever-evolving digital landscape, hackers have become more sophisticated in their methods of stealing credit card information. This comprehensive guide explores the various tactics employed by cybercriminals, including phishing scams, the dark web, skimming devices, RFID scanning, and exploiting public Wi-Fi networks. To protect yourself, stay vigilant against phishing, use secure networks, invest in RFID protection, monitor your accounts, and choose credit cards with robust fraud protection. Let's commit to securing our financial future against unseen cyber threats. (MEDIUM.COM)
Welcome to the Era of BadGPTs: Hackers Utilize AI Chatbots for Cyberattacks
Hackers are using AI chatbots, similar to ChatGPT, to enhance their phishing emails and create deepfakes. The rise of AI-generated email fraud and deepfakes has businesses on high alert for more sophisticated cyberattacks. Dark web services are offering AI hacking tools, including BadGPT, which utilize models like OpenAI's GPT to generate effective malware and exploit vulnerabilities. The challenge lies in detecting these AI-enabled cybercrimes, as they are crafted to evade detection and can have a significant impact on businesses. (WSJ.COM)
Feds Say AI Favors Defenders Over Attackers in Cyberspace-So Far
According to officials from the FBI and DHS, artificial intelligence (AI) tools have provided more benefits to cybersecurity defenders than malicious hackers. While there are concerns that AI could be used by attackers to discover vulnerabilities and exploit them, defenders have been using AI for various purposes such as detecting malicious activity, incident response, and software development. The jury is still out on whether AI will ultimately favor attackers or defenders, but for now, defenders seem to have the advantage. However, officials caution that the balance could shift in the future, making it easier for hackers to hide their presence and obfuscate their origins. (CYBERSCOOP.COM)
Defending Against Cyber Threats in the Age of AI
Artificial intelligence (AI) plays a crucial role in cybersecurity, but it also presents challenges as attackers leverage AI for sophisticated attacks. The evolving threat landscape and AI's dual nature require organizations to adapt and embrace innovation in their defense strategies. AI-based threats include AI-generated phishing campaigns, AI-assisted target identification, AI-driven behavior analysis, automated vulnerability scanning, smart data sorting, and AI-assisted social engineering. Defenders must remain vigilant and leverage generative AI as a powerful tool to anticipate and counter future threats. (DARKREADING.COM)
With Deepfakes, Facial Recognition Can't Fight Alone
Gartner predicts that rising deepfake attacks on face biometrics will lead 30% of enterprises to doubt the reliability of facial recognition as a standalone authentication method by 2026. However, industry professionals argue that combining facial recognition with other factors like behavioral analysis and location-specific analysis can enhance security and maintain trust in digital authentication. Deepfakes have become increasingly convincing, but incorporating additional detection capabilities can help identify suspicious activity beyond just detecting the deepfake itself. (ITBREW.COM)
Integration of Antidetect with AI: New Security Age or Global Risk?
The fusion of artificial intelligence (AI) with antidetection technologies poses challenges and opportunities for online privacy. AI-driven antidetect systems enhance privacy and anonymity but also raise concerns about evasion, phishing attacks, targeted attacks, fraud detection compromise, and the formation of cyber armies. The cybersecurity community, developers, and governmental bodies must collaborate to develop advanced detection techniques, share threat intelligence, establish ethical guidelines, promote secure coding practices, educate users, introduce regulations, support research, and ensure international cooperation to ensure digital security. (FORBES.COM)
Police Face Cyber Crime Epidemic
Cybercrime in Scotland is doubling each year, with online frauds accounting for 95% of all fraud cases. A specialist cyber fraud centre will open in April to tackle the issue, as cybercriminals use technology to deceive victims and commit financial scams. Police Scotland is working alongside other agencies to target cybercriminals, and they are exploring new technologies, capabilities, and crypto currency tools. The police are also reviewing their approach to tackling fraud and considering joining a service to replace Action Fraud. Public support and vigilance are crucial in combating cybercrime. (CO.UK)
How to Cyber Secure a Modernizing, Greener Energy Grid
As the U.S. transitions to a greener energy system, officials are considering the cybersecurity challenges that come with it. The shift to renewable energy means a more distributed energy grid, requiring a change in risk management and resiliency approaches. Cybersecurity threats to the energy sector, including state-sponsored hacking groups and potential manipulations of energy storage systems, highlight the need for robust cybersecurity measures. Organizations in the energy space must recognize their role in securing the grid and educate themselves on cyber risks. They should also prepare for resilience by developing playbooks for disaster scenarios and adapting their cyber postures to new technologies such as smart grids and distributed energy resource management systems. (GOVTECH.COM)
Selected Projects for the Cyber Research, Development, and Demonstration Funding Opportunity
The U.S. Department of Energy has announced the selected projects for its Cyber Research, Development, and Demonstration funding opportunity. The projects cover various areas including automated cyberattack prevention, security and resiliency, authentication mechanisms, vulnerability discovery and mitigation, cybersecurity through software solutions, and integration of new concepts and technologies. Organizations such as General Electric, Electric Power Research Institute, and universities like Georgia Tech and Kansas State University are among the recipients of the funding. (ENERGY.GOV)
Russian Hackers Exploit Compromised Internet Routers, Warns Law Enforcement
The FBI and international law enforcement agencies have issued a warning about Russian state-sponsored hackers, known as APT28, who are exploiting "compromised" Ubiquiti EdgeRouters. The hackers are using default credentials to gain access to the routers, which are popular among consumers and cyber criminals alike. The affected industries include aerospace and defense, education, energy and utilities, governments, and more. The FBI advises consumers to update their devices to prevent compromise. (GO.COM)
Iran Hacking Group Impersonates Defense Firms, Hostage Campaigners
A cyberespionage unit linked to the Islamic Revolutionary Guard Corps (IRGC) is engaging in a hacking campaign targeting the aerospace, aviation, and defense industries across the Middle East. The group impersonates major brands like Boeing and DJI to carry out social engineering and phishing attacks. They have also created a fake website related to the Israel-Hamas conflict to lure targets. The campaign, which started in June 2022, remains active and primarily targets Israel, the United Arab Emirates, and potentially other countries. The Iranian hacking group is known for using fake job offers and has a history of social engineering campaigns. (CYBERSCOOP.COM)
'Illusive' Iranian Hacking Group Ensnares Israeli, UAE Aerospace and Defense Firms
An Iranian threat group, UNC1549, believed to be linked to the Iranian Revolutionary Guard Corps (IRGC), has been targeting aerospace and defense companies in Israel and the United Arab Emirates (UAE) through spear-phishing and watering-hole attacks. The group, also known as Smoke Sandstorm and Tortoiseshell, aims to compromise systems and gain access to sensitive information. UNC1549's tactics, which include tailored spear phishing emails and the use of cloud infrastructure for command and control, make it difficult to detect and track the group. The attacks highlight the increasing focus of Iranian threat groups on sensitive industries to obtain government secrets and intellectual property. (DARKREADING.COM)
Russia and Belarus Targeted By at Least 14 Nation-State Hacker Groups, Researchers Say
At least 14 state-sponsored hacker groups from around the world, including North Korea, China, and Ukraine, have targeted Russia, Belarus, and other former Soviet Union countries with destructive or espionage campaigns, according to a report by Russian company F.A.C.C.T. The report highlights the increasing politically motivated cyber attacks in Russia, with major targets including the government, military agencies, and industrial enterprises. Hacktivist groups, such as the IT Army of Ukraine and the Belarusian Cyber Partisans, are also posing threats to Russian enterprises. Researchers expect these attacks to continue in the future. (THERECORD.MEDIA)
An Infamous Hacking Group is Reportedly Behind the Cyberattack That Has Left US Pharmacies Reeling
A ransomware attack on Chain Healthcare, the payment management arm of UnitedHealth Group, was carried out by the notorious hacking group Blackcat (ALPHV), according to unnamed sources. Blackcat has been involved in several high-profile data breaches, including attacks on Reddit, Caesars Entertainment, and MGM Resorts. The attack has caused system outages, resulting in a significant backlog in prescription insurance claims for pharmacies across the United States. UnitedHealth Group has disconnected its systems and is working to restore the affected environment. Cybersecurity firms Mandiant and Palo Alto Networks will lead the investigation into the breach. (BUSINESSINSIDER.COM)
Kaspersky Finds Attacks on Mobile Devices Significantly Increased in 2023
In 2023, Kaspersky observed a 50% increase in attacks on mobile devices, reaching nearly 33.8 million attacks. Adware was the most prevalent threat, accounting for 40.8% of all threats detected. Malicious apps infiltrating Google Play and fake investment apps were common vectors of attack. Kaspersky advises downloading apps only from official stores, checking app permissions, and using reliable security solutions. Updating operating systems and apps is also recommended. (DARKREADING.COM)
Russia's 'Midnight Blizzard' Targets Service Accounts for Initial Cloud Access
Russian threat group "Midnight Blizzard" is shifting tactics to target cloud environments, using automated cloud service accounts and dormant accounts to gain initial access. Organizations are advised to implement mitigations such as multifactor authentication and strong passwords for service accounts to defend against the threat actor. (DARKREADING.COM)
The Time Has Come to Regulate Cyber Warfare
The rise of cyber warfare has blurred the line between combatants and civilians, necessitating the establishment of new norms, laws, and accountability mechanisms. Initiatives like the Tallinn Manual and Red Cross Cyber Norms aim to adapt existing legal frameworks to the realities of cyber warfare, addressing issues of sovereignty, state responsibility, and the protection of civilians. As the internet connects more facets of our lives, international cyber norms and agreements become increasingly relevant in mitigating the impact and ensuring accountability in cyberspace. (ASIATIMES.COM)
US Blacklists Sandvine for Censorship, Web Monitoring in Egypt
The US Commerce Department has added computer networking company Sandvine to its Entity List, effectively banning it from obtaining US technology. The decision was made due to Sandvine's supply of equipment to the government of Egypt, enabling mass web monitoring and censorship. The company's deep-packet inspection technology can be used for internet traffic monitoring, but it has been deployed for blocking websites, carrying out surveillance, and targeting political actors and human rights activists. Sandvine has previously faced criticism for its involvement in censorship activities in Egypt and Belarus. (BNNBLOOMBERG.CA)
Russia's Use Of Malware To Enhance Election Influence Operations Sign Of Things To Come
New research examined Russian troll farm activities during the 2016 US election. It uncovered Russia's use of click-fraud malware to boost the visibility of its social media content. This cyber-enabled influence operation tactic likely continues today. Malware overcomes constraints faced by foreign actors trying to reach broad audiences. Experts previously overlooked malware's role in amplifying disinformation campaigns. Now it is seen as a critical influence-enabling attack. The discovery should refocus assessments of cyber risks to elections. Beyond infrastructure, workforces face heightened vulnerability to a malware infection that aids foreign propaganda. As elections proceed worldwide, security teams must monitor personnel practices that could introduce new influence operation risks. (CSOONLINE.COM)
Is the US Prepared for AI's Influence on the Election?
The use of artificial intelligence (AI) in elections is becoming a concern as technology advances and regulations lag behind. Recent incidents, such as AI-generated robocalls targeting New Hampshire voters and fake audio recordings swaying an election in Slovakia, highlight the potential for AI interference. US regulations are not ready for the impact of AI on elections, leaving voters to discern what is real and not real. AI can be used to manipulate audio, video, and text to mislead voters and spread disinformation. The ability of AI to deceive has exacerbated the problem of misinformation. While companies have imposed limitations on AI tools, government regulation is lacking. Some states have implemented laws to regulate AI in political ads, but federal regulations are still pending. It remains uncertain if regulations will be in place in time for the upcoming elections. (THEGUARDIAN.COM)
US, Partner Countries Preach Open, Secure, and Resilient Principles for 6G Systems
The US, along with nearly a dozen other countries, including Australia, Canada, Japan, and the United Kingdom, has released a joint statement outlining six shared principles for 6G wireless communication networks. These principles include protecting national security, using spectrum efficiently, and ensuring security, resilience, and privacy. The countries call for global cooperation and collaboration to advance the development of 6G networks and encourage other governments and stakeholders to support and uphold these principles. (FEDSCOOP.COM)
Malicious Code Found In Tornado Cash Governance Proposal
A malicious code was inserted in a proposal to add timelock functions to Tornado Cash, aiming to steal funds from the protocol. The code was caught by reviewers before it was implemented. (CRYPTOPOLITAN.COM)
Online Travelers at Risk: Agent Tesla Malware Attacks Travel Industry
Researchers uncovered a phishing campaign targeting the travel industry that delivers the Agent Tesla RAT via malicious PDF attachments in spoofed Booking.com emails. The PDFs contain embedded scripts that ultimately download payloads leading to system infection. Analysis shows the malware uses sophisticated obfuscation techniques and aims to steal data and take remote control. The campaign highlights the ongoing evolution of tactics by threat actors to infect systems and evade detection. (FORCEPOINT.COM)
An AI License Plate Surveillance Startup Installed Hundreds of Cameras Without Permission
Surveillance startup Flock has installed car tracking cameras in 4,000 cities across 42 states without obtaining the necessary permits, leading to a ban on its operations in two states. Flock provides AI-based tracking hardware and software to local police departments, but it has been found to violate state regulations by installing cameras without prior approval. The company's actions raise concerns about the handling and access to tracking data, infringing on personal freedom. Flock's CEO claims their cameras cover almost 70% of the population and are used to solve around 2,200 crimes per day. (QZ.COM)
IBM Introduces Data Path Ransomware Detection in New FlashSystem
IBM has enhanced its storage solutions with AI capabilities to improve data resilience against cyber threats. The new features, integrated with IBM's FlashCore Module technology and updated Storage Defender release, enable real-time monitoring of data for ransomware detection and response. The system analyzes data anomalies and employs machine learning models to detect and mitigate cyber attacks, providing early warnings and enhancing data protection and cyber resilience. (FORBES.COM)
Schneider Electric, in Ransomware Recovery, Faces Claims of Stolen Data Trove
The Cactus ransomware group claims to have stolen 1.5 terabytes of data from Schneider Electric, including sensitive documents such as non-disclosure agreements and copies of passports. Schneider Electric has mobilized its incident response team to contain the attack and reinforce security measures. (FACILITIESDIVE.COM)
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks
A vulnerability in the Hugging Face Safetensors conversion service allows attackers to compromise user-submitted models, leading to potential supply chain attacks. By hijacking the conversion service using a malicious PyTorch binary, threat actors can tamper with models, implant neural backdoors, and execute arbitrary code. The attack can be accomplished by sending malicious pull requests to any repository on the platform and posing as the conversion bot. This vulnerability poses significant risks to the security of machine learning models hosted on the Hugging Face platform. (THEHACKERNEWS.COM)
How Attack Surface Management Strengthens Your Cybersecurity Posture
Attack surface management (ASM) plays a crucial role in reducing cybersecurity risks by addressing vulnerabilities and prioritizing patch management. It enhances incident response through early detection, threat hunting, and incident triage. ASM also improves resilience and cost-saving by preventing breaches and disruptions. Additionally, it enhances visibility into digital assets and vulnerabilities, enabling organizations to strengthen their defense. (READWRITE.COM)
Companies Flock to Passwordless Tech
A survey conducted by LastPass reveals that the majority of companies are planning to move away from traditional passwords in favor of alternative login methods like biometrics or authentication codes. This shift is driven by the increasing threat of hackers using leaked credentials and reused passwords to breach corporate networks. 55% of organizations surveyed have plans to reduce password reliance, with 32% aiming to do so within the next year and 54% within the next two years. While more websites are adopting passwordless technologies, there is still some friction as not all password managers or websites support these methods yet. (AXIOS.COM)
Hack The Box Launches Certified Web Exploitation Expert As Demand for Risk Mitigation Grows
Hack The Box has introduced the Hack The Box Certified Web Exploitation Expert (HTB CWEE) certification to address the increasing need for specialized cybersecurity professionals. The hands-on certification assesses candidates' proficiency in identifying advanced web vulnerabilities and employs both blackbox and whitebox techniques. The HTB CWEE curriculum equips professionals with the skills to identify vulnerabilities, apply mitigation strategies, and enhance web application security. (DARKREADING.COM)
#StopRansomware: ALPHV Blackcat
The FBI, CISA, and HHS disclosed details on the ALPHV Blackcat ransomware group. Since December 2023, they increasingly targeted healthcare, likely due to the disruption of their operations. Tactics include social engineering for access, living off the land tools, MFA credential theft, and data exfiltration before encryption. Specific IOCs, MITRE ATT&CK mappings, and response recommendations were provided. Mitigations include securing remote access, MFA, network monitoring, user training, and testing defenses. The advisory aims to help organizations combat this threat through threat awareness and cyber hygiene. (CISA.GOV)
dtau...@gmail.com
Software Engineer Stops Attempt to Add Backdoor to Linux Operating Systems
Microsoft software engineer Andres Freund last Friday uncovered a backdoor in XZ Utils, an open source set of data compression tools widely used across Linux and Unix-like operating systems (OS). Freund found a component within XZ Utils can inject unauthorized code into a Linux installation to spy on a user's computer and execute additional malicious code. In response, Linux OS providers Red Hat and Debian issued security advisories.
[ » Read full article ]
PC Magazine; Michael Kan (April 1, 2024)
Google Pledges to Destroy Browsing Data to Settle ‘Incognito’ Lawsuit
Google pledged to destroy data that reflects millions of users’ Web-browsing histories as part of a settlement of a lawsuit that accused the company of tracking people without their knowledge. The class action, filed in 2020, accused Google of misleading users about how Chrome tracked the activity of anyone who used the private “Incognito” browsing option. The settlement sets out the actions the company will take to change its practices around private browsing, including destroying billions of data points the lawsuit alleged it improperly collected.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Erin Mulvaney; Miles Kruppa (April 1, 2024)
Cloud Email Filtering Bypass Attack Works 80% of the Time
Computer scientists led by Sumanth Rao at the University of California, San Diego, found that popular enterprise cloud-based email spam filtering services could be bypassed in at least 80% of major domains they examined. The filtering services can be "bypassed if the email hosting provider is not configured to only accept messages that arrive from the email filtering service," explained Rao. The bypass is possible because of a mismatch between the filtering server and the email server, in terms of matching how Google and Microsoft email servers react to a message coming from an unknown IP address.
[ » Read full article ]
Dark Reading; David Strom (March 29, 2024)
U.S. Public, Private Sectors Hold Joint Cyber Drill
During last week's Tri-Sector Cyber Defense Exercise, companies from the U.S. telecommunications, financial services, and power sectors engaged in a joint cybersecurity exercise with government agencies. Security staff from AT&T, Lumen Technologies, Southern Co., Mastercard, and Southern California Edison were divided into offensive and defensive teams and engaged in digital battle, while the U.S. departments of Energy and the Treasury, other federal agencies, and company executives engaged in a tabletop exercise to test the companies' incident-response processes.
[ » Read full article *May Require Paid Registration ]
WSJ Pro Cybersecurity; James Rundle (March 29, 2024)
Microsoft Tools to Stop Users from Tricking Chatbots
Microsoft's Azure AI Studio will soon have new built-in safety features to identify and block suspicious inputs in real time. Developers use Azure AI Studio to create customized AI assistants. The new features include "prompt shields" to stop prompt injection attacks or jailbreaks, which can trick an AI model into acting in an unintended way, and will address "indirect prompt injections," which insert malicious instructions into the training dataset to get the model to perform unauthorized actions.
[ » Read full article *May Require Paid Registration ]
Bloomberg; Jackie Davalos (March 28, 2024)
AI Researcher Takes on Election Deepfakes
TrueMedia.org, founded by Oren Etzioni (pictured), founding chief executive of the Allen Institute for AI, has rolled out free tools that journalists, fact-checkers, and others can use to detect AI-generated deepfakes. Etzioni said the tools will help detect "a tsunami of misinformation" that is expected during an election year. However, he added that the tools are not perfect, noting, "We are trying to give people the best technical assessment of what is in front of them. They still need to decide if it is real."
[ » Read full article *May Require Paid Registration ]
The New York Times; Cade Metz; Tiffany Hsu (April 2, 2024)
Google To Delete Improperly Collected User Data As Part Of Class Action Settlement
The Wall Street Journal (4/1, Subscription Publication) reports Google on Monday revealed plans to destroy millions of users’ improperly collected browsing data as part of deal to settle a 2020 class action lawsuit. The settlement does not include damages for individual users, but allows them to file claims. Bloomberg (4/1, Alba, Subscription Publication) reports the company has also “made several changes to its disclosures to clarify how people’s data is collected as well as what activity is visible to websites when users browse in ‘incognito’ mode,” and has agreed “to allow incognito mode users to block third-party cookies” for the next five years.
The New York Times (4/1, Grant) reports the lawsuit alleged Google “had misled users by tracking their online activity in Chrome’s Incognito mode, which they believed would be private.” The Times adds that “Google has spent well over $1 billion to settle lawsuits” since December, “as it prepares to fight the Justice Department, which has targeted Google’s search engine and its advertising business in a pair of lawsuits.”
Cyber Safety Review Board Issues Report Criticizing Microsoft Over Chinese Hack
The Washington Post (4/2, Nakashima, Menn) says the Cyber Safety Review Board “issued a scathing report Tuesday detailing lapses by the tech giant Microsoft that led to a targeted Chinese hack last year of top U.S. government officials’ emails, including those of Commerce Secretary Gina Raimondo.” The Board’s report specifically “takes aim at shoddy cybersecurity practices, lax corporate culture and a deliberate lack of transparency over what Microsoft knew about the origins of the breach.” The Post says, “It is a blistering indictment of a tech titan whose cloud infrastructure is widely used by consumers and governments around the world.”
Texas Forms Committee For AI Policy Development
The Austin (TX) American Statesman (4/2, Wagner, Subscription Publication) reports that Texas House Speaker Dade Phelan (R) announced the establishment of a five-member panel, the House Select Committee on Artificial Intelligence and Emerging Technologies, tasked to study “challenges and opportunities” of AI and other modern technologies. The move is driven by concerns about data privacy and cybersecurity. The committee, chaired by Rep. Giovanni Capriglione (R), who also leads the state AI Advisory Council, will make recommendations for potential legislative, policy, regulatory and remedial actions.
dtau...@gmail.com
How Cryptographers Finally Cracked One of the Zodiac Killer's Hardest Codes
A whitepaper from an international team of cryptographers provides a detailed look at the efforts, including crowdsourcing and computational programming, required to decipher the code of one of the Zodiac Killer's messages. The 340-character cipher published in newspapers on Nov. 12, 1969 was deciphered in December 2020 by adapting AZDecrypt, developed by research team member Jarl Van Eycke, to decode the message. AZDecrypt, which can solve up to 200 homophonic substitution ciphers per second, was altered to add transposition options.
[ » Read full article ]
Popular Science; Andrew Paul (April 4, 2024)
Knocking Cloud Security Off Its Game
Computer scientists at Switzerland's ETH Zurich have identified a vulnerability in confidential computing systems, which are used by shared cloud computing resources to process sensitive data securely. The vulnerability in cloud server hardware used in AMD and Intel processors could allow hackers to access data stored in the memories of other active cloud users working with the same hardware. The researchers gained root access to a trusted execution environment (TEE)-secured system by sending coordinated interrupt heckles to confuse it.
[ » Read full article ]
ETH Zurich (Switzerland); Daniel Meierhans (April 4, 2024)
'Social Order Could Collapse' in AI Era, Japanese Companies Say
In an AI manifesto published April 8, Japan's Nippon Telegraph and Telephone (NTT) and Yomiuri Shimbun Group Holdings called for legislation to rein in generative AI. Despite acknowledging the productivity benefits afforded by generative AI, the manifesto said that if AI remains unchecked, "in the worst-case scenario, democracy and social order could collapse, resulting in wars." The companies called for laws to safeguard elections and national security from generative AI abuse.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Peter Landers (April 7, 2024)
U.S. Police Warn Those Driving to Canada to Watch for Hidden AirTags
Law enforcement officials in Vermont are warning residents to look for hidden Apple AirTags in their vehicles after returning from road trips to Canada. There has been an increase in the use of AirTags by criminals in Montreal to track cars to steal and sell or to move drugs over the border. Apple notifies iPhone users if it detects an unknown AirTag and has released an app for Android users that allows them to manually search for the trackers.
[ » Read full article ]
PC Magazine; Emily Price (March 30, 2024)
Wigderson Named Turing Awardee for Decisive Work on Randomness
Avi Wigderson (pictured) has been named the 2023 ACM A.M. Turing Award laureate for his contributions to the theory of computation, in particular by expanding understanding of the role that randomness plays in computation and mathematics. Wigderson, currently a professor at the School of Mathematics at the Institute for Advanced Study in Princeton, NJ, also advanced understanding of zero-knowledge proofs, which allow someone to show they know some information while keeping that information secret.
[ » Read full article ]
Communications of the ACM; Neil Savage (April 10, 2024)
Privacy-Preserving Robotic Cameras Obscure Images Beyond Human Recognition
Researchers at Australia's University of Sydney and Queensland University of Technology have developed a privacy-preserving camera that processes and scrambles visual information used by Internet of Things devices before it is digitized. The obfuscation process occurs within the optics and analogue electronics of the camera, rather than in the camera's computer, offering greater protection against hackers.
[ » Read full article ]
University of Sydney (Australia) (April 5, 2024)
Denmark Dispatches Quantum Encrypted Message Over 62 Miles
Technical University of Denmark researchers transmitted a quantum encrypted message more than 62 miles (100 km) using Continuous Variable Quantum Key Distribution (CV QKD). The researchers leveraged machine learning to reduce noise disturbances from electromagnetic radiation that could distort or destroy quantum keys and correct errors in key transmission resulting from hardware interference or imperfections. CV QKD technology can be used with the fiber optic cables that make up the existing Internet infrastructure.
[ » Read full article ]
Interesting Engineering; Ameya Paleja (April 3, 2024)
Insurers Spy on Homes from the Sky
Insurance companies in the U.S. increasingly are using drones to take aerial images of homes and analyze them using computer models, which can result in policyholders being dropped for signs of roof damage, yard debris, overhanging tree branches, and undeclared swimming pools or trampolines, among other things. While insurers say aerial images allow them to better assess a property's risk, some industry insiders and consumer advocates contend the images can be misinterpreted, while others argue such surveillance creates privacy concerns.
[ » Read full article *May Require Paid Registration ]
The Wall Street Journal; Jean Eaglesham (April 6, 2024)
CISA Official Confirms Russian Hackers Stole Emails Between US Government And Microsoft
CNN (4/11, Lyngaas) reports CISA official Eric Goldstein on Thursday confirmed that “Russian state-backed hackers have stolen email correspondence between US government agencies and Microsoft via a breach of the software giant’s systems.” According to Goldstein, “Microsoft has notified ‘several’ US federal agencies that the hackers may have stolen emails that Microsoft sent to those agencies that included login information such as usernames, or passwords.” Goldstein also said that, so far, his agency is “not aware of any agency production environments that have experienced a compromise as a result of a credential exposure.” Still, CNN says the breach “is still forcing the tech giant and US cyber officials to scramble to ensure there is no further damage at the hands of the alleged Russian operatives.” Politico says the hack is also “likely to increase scrutiny of Microsoft, which has been under the federal spotlight in recent weeks for a separate hack of its systems by Chinese hackers.”
dtau...@gmail.com
A Paris Olympics' Sure Thing: Cyberattacks
Cybersecurity experts with the organizing committee of the Summer Olympic Games in Paris are preparing for cyberattacks. There were 450 million attempted "security events" at the Tokyo Summer Games in 2021, a number expected to surge by eight to 12 times for the Paris Summer Games. The Paris organizers joined with the International Olympic Committee and official technology partner Atos to conduct "war games," offering "bug bounties" to ethical hackers who identify vulnerabilities in the Games' systems.
[ » Read full article *May Require Paid Registration ]
The New York Times; Tariq Panja (April 17, 2024)
Texas Hack May Be First Disruption of U.S. Water System by Russia
A water tower serving the town of Muleshoe, TX, overflowed in January after the system controlling it was hacked, releasing tens of thousands of gallons of water. The hackers, who called themselves the Cyber Army of Russia Reborn (CARR), posted a video online of the town’s water-control system and that of a nearby town being manipulated, showing how they reset the controls. CARR is believed to be a front for Russia's military spy agency.
[ » Read full article *May Require Paid Registration ]
The Washington Post; Ellen Nakashima; Aaron Schaffer (April 17, 2024)
Security Vulnerability in Browser Interface Allows Computer Access via Graphics Card
Researchers at Austria's Graz University of Technology (TU Graz) demonstrated three side-channel attacks on graphics cards using the WebGPU browser interface, through which they gained information about data, keystrokes, and encryption keys on other people’s computers. Said TU Graz's Lukas Giner (pictured), "With our work, we want to clearly point out to browser manufacturers that they need to deal with access to the GPU in the same way as with other resources that affect security and privacy."
[ » Read full article ]
Graz University of Technology (Austria); Falko Schoklitsch (April 15, 2024)
Rust Flaw Enables Windows Command Injection Attacks
A security flaw in the Rust standard library could be used by hackers to launch command injection attacks targeting Windows systems. The vulnerability stems from OS command and argument injection weaknesses. The Rust Security Response Working Group said it was notified that the Rust standard library did not properly escape arguments when invoking batch files on Windows using the Command API. Flatt Security engineer RyotaK, who discovered the vulnerability, said it also impacts other major programming languages.
[ » Read full article ]
BleepingComputer; Sergiu Gatlan (April 9, 2024)
Brain Waves Are Up for Sale. Colorado Wants to Change That
First-of-its-kind legislation signed by Colorado Gov. Jared Polis on April 17 broadens the Colorado Privacy Act's definition of "sensitive data" to include biological and "neural data" generated by the brain, spinal cord, and network of nerves throughout the body. The bill targets consumer neurotechnologies, as federal health law safeguards patient data collected by medical devices in clinical settings. The legislation follows an analysis of 30 consumer neurotechnology companies by the Neurorights Foundation, which found just one had meaningful restrictions on individuals’ neural data.
[ » Read full article *May Require Paid Registration ]
The New York Times; Jonathan Moens (April 18, 2024)
Breakthrough May Herald Secure Quantum Computing
Scientists at the U.K.'s University of Oxford used "blind quantum computing" to connect two quantum computing entities securely. The team created a system comprised of an ordinary fiber network link that connected a quantum computing server and a simple device set up to detect photons at an independent client computer that remotely accessed the server. Using a unique combination of quantum memory and photons, the researchers remotely performed computations using sample data on the server, without the server seeing any of the data at any point.
[ » Read full article ]
Computer Weekly; Alex Scroxton (April 11, 2024)
Schools Using Technology To Monitor Remote Test Taking
The Seventy Four (4/18, Keierleber) reports that students at Utah’s online-only Kings Peak High School “take tests from their homes at times that work best with their schedules.” However, “any student who feels compelled to cheat while their teacher is sound asleep...should know they’re still being watched. ... During exams, their every movement is captured on their computer’s webcam and scrutinized by Proctorio, a surveillance company that uses artificial intelligence.” The company “desk scans” in a bid to catch test-takers who turn to “unauthorized resources,” as incorporates “face detection” technology to ensure there isn’t anybody else in the room to help. Similar remote proctoring tools “grew exponentially during the pandemic,” although K-12 schools’ use of such tools “has largely gone under the radar.” Civil rights activists have expressed “privacy and security concerns...for young children and teens, who may not be fully aware of the monitoring or its implications.”
AI Deepfakes Disrupt Pop Music Industry
TIME (4/18) reports recent suspected leaks of songs by prominent artists like Taylor Swift and Drake have been attributed to AI-generated vocal deepfakes, leading to significant confusion among fans. Sites like Reddit have seen intense speculation about the authenticity of these tracks, highlighted by incidents such as Rick Ross releasing a diss track in response to supposed lyrics from Drake. This issue is becoming more evident as AI technology that replicates artists’ voices improves and becomes more accessible, fooling even the most dedicated fans. Simultaneously, the music industry and lawmakers are exploring methods to protect artists, evidenced by multiple lawsuits against AI companies and new laws like the ELVIS Act in Tennessee, which targets unauthorized use of vocal mimicry through AI.
dtau...@gmail.com
GitHub Comments Abused to Push Malware via Microsoft Repo URLs
McAfee reported that a new LUA malware loader is being distributed through what appeared to be legitimate Microsoft GitHub repositories. GitHub users can attach files when leaving a comment that are uploaded to GitHub's content delivery network (CDN) and associated with the related project using a unique URL. The download link is generated automatically after the file is added to an unsaved comment, allowing threat actors to attach malware to any repository. The files are not deleted from the CDN and download URLs continue to work even if the comment is not posted or is deleted after being posted.
[ » Read full article ]
BleepingComputer; Lawrence Abrams (April 20, 2024)
Cisco Says Hackers Subverted Its Security Devices to Spy on Governments
Cisco Systems on Wednesday said that hackers have subverted some of its digital security devices to break into government networks globally. In a blog post, Cisco said its Adaptive Security Appliances had previously unknown vulnerabilities that had been exploited by a group of hackers they dubbed "UAT4356." The company described the group as a "sophisticated state-sponsored actor." Cisco said the vulnerabilities have been patched.
[ » Read full article ]
Reuters; Raphael Satter (April 24, 2024)
Russian Programmers Play 'Cat and Mouse' to Outsmart Censors
An increasing number of freelance programmers and VPN companies are working to circumvent Russian censors via group chats, collaborative Web development programs, and virtual hackathons. Eighteen-year-old Antony Rudkovsky recently won a $1,200 prize in the Demhack hackathon for developing a VPN for mobile phones that switches between two protocols in case one is blocked. Other programmers are building on Chinese and U.S. anti-censorship tools.
[ » Read full article ]
Reuters; Lucy Papachristou (April 25, 2024)
Hackers Use Developing Countries as Testing Ground for New Ransomware Attacks
Cybersecurity firm Performanta reported that businesses in Africa, Asia, and South America increasingly are being used by hackers as testing grounds for their latest ransomware before they turn to higher-value targets in North America and Europe. Recent dry runs in developing countries focused on a Senegalese bank, a Chilean financial services company, a Colombian tax firm, and a government economic agency in Argentina.
[ » Read full article *May Require Paid Registration ]
Financial Times; Ellesheva Kissin (April 24, 2024)
Deepfakes of Bollywood Stars Spark Worries of Meddling in India Election
Deepfake videos of A-list Bollywood actors Aamir Khan (pictured, right) and Ranveer Singh (left) criticizing India Prime Minister Narendra Modi (center) have gone viral. The videos, which call on viewers to vote for the opposition Congress party, have generated concerns about the use of AI to influence the nation's ongoing general election. Reuters found that the videos had been viewed more than 500,000 times on social media since last week. At least eight fact-checking websites determined the videos to be altered or manipulated, but it remains unclear who created them.
[ » Read full article ]
Reuters; Aditya Kalra; Munsif Vengattil; Dhwani Pandya (April 22, 2024); et al.
Meta, TikTok, X Invited to Stress-Test DSA Election Guidelines
Meta, TikTok, X and other online platforms with more than 45 million EU users have been invited by the European Commission (EC) to stress-test election guidelines to help prepare for EU elections in June. Elections guidelines were published by the EC in March under the Digital Services Act. Participants will work through multiple scenarios that could be used to address incidents such as disinformation campaigns.
[ » Read full article ]
Euronews; Cynthia Kroet (April 19, 2024)
Report: Universities Increasing Spending To Combat Cyber Attacks
Inside Higher Ed (4/25, Coffey) reports Moody’s Investor Service says in a report that “higher education institutions have increased their cybersecurity budgets as more universities fall prey to cyber attacks.” The bond ratings agency reports “that higher education institutions allocating a portion of their budget to cybersecurity increased more than 70 percent from 2019 to 2023.” Still, universities focus “less on cyber spending than other institutions do. In 2023, the higher education sector’s average budget allocation was 7 percent for cybersecurity, below the global average’s 8 percent of spending.” Moody’s Global Cyber Risk Issuer Survey “was released Wednesday, polling 114 universities from across the globe on their cybersecurity habits and spending.”
dtau...@gmail.com
Most Brain Monitors Sold to Consumers Don't Keep Data Private
A Neurorights Foundation study of 30 firms that sell neurotech devices or services to consumers found that many collect users' neural data and maintain the right to share or sell the data without additional permission from users. Twenty-nine of the 30 companies investigated do not provide meaningful limitations on the sharing of users' neural data; just one said it would not share customer data.
[ » Read full article *May Require Paid Registration ]
New Scientist; Jeremy Hsu (April 30, 2024)
Precision Attacks Target Intel, AMD Processors
A team led by computer scientists at the University of California San Diego uncovered two novel types of attacks that target the conditional branch predictor found in high-end Intel processors. The attack is the first known to target a feature in the Path History Register (PHR), exposing more information with more precision than prior attacks. The researchers also introduced a precise Spectre-style poisoning attack, enabling attackers to induce intricate patterns of branch mispredictions within victim code. Intel and AMD were informed of these findings.
[ » Read full article ]
ScienceBlog (April 28, 2024)
Phone Keyboard Exploits Leaves Billion Users Exposed
A team led by researchers at the University of Toronto's Citizen Lab in Canada revealed that a billion smartphone users are exposed to potential cyberattacks due to their use of digital Chinese-language keyboards. The Chinese-language keyboards use character-prediction features that rely on cloud computing resources, and improperly secured communications between the keyboard app and external cloud servers make users' keystrokes and messages vulnerable to spying and eavesdropping.
[ » Read full article ]
IEEE Spectrum; Margo Anderson (April 29, 2024)
Telegram Unblocks Chatbots Used by Ukraine's Security Services
The Telegram messaging app has restored access to chatbots used by Ukraine's security agencies to gather information about Russia's war effort. Ukraine's military spy agency GUR said Monday the app had blocked access to three bots used by Ukraine's SBU security service, GUR, and the digital ministry. The bots allow people to report the location of Russian military hardware and personnel inside Ukraine. According to a Telegram spokesperson, the bots were "temporarily disabled due to a false positive but have since been reinstated."
[ » Read full article ]
Reuters; Anastasiia Malenko; Lidia Kelly (April 29, 2024)
EU Investigates Meta Over Fears of Election Interference, Foreign Disinformation
Meta is being investigated by EU officials over concerns it is not doing enough to safeguard upcoming EU elections or curtail foreign disinformation on Facebook and Instagram. The investigation targets Meta's handling of advertising by scammers and foreigners interfering with elections, and its move to shutter the CrowdTangle analysis tool that allowed researchers and journalists to track trending conversations on its platforms. Meta could be fined of up to 6% of its global revenue if violations of the EU's Digital Services Act are identified.
[ » Read full article ]
CNN; Brian Fung (April 29, 2024)
Chip Safeguards Data, Enables Efficient Computing on Smartphone
Researchers from the Massachusetts Institute of Technology (MIT) and the MIT-IBM Watson AI Lab developed a chip that can efficiently accelerate machine learning workloads on edge devices like smartphones while protecting sensitive user data from side-channel and bus-probing attacks. To accomplish this, the team split data in an in-memory compute chip into random pieces, used a lightweight cipher that encrypts the model stored in off-chip memory, and generated the key that decrypts the cipher directly on the chip.
[ » Read full article ]
MIT News; Adam Zewe (April 23, 2024)
DHS Establishes AI Safety Board For Evaluating Threats To Critical Infrastructure
Reuters reports the Department of Homeland Security on Friday “announced a blue-ribbon board that includes the CEOs of OpenAI, Microsoft, Google parent Alphabet and Nvidia that will advise the government on the role of artificial intelligence on critical infrastructure.” Homeland Security Secretary Alejandro Mayorkas “told reporters the board would help ensure the safe deployment of AI technology and how to address threats posed by this technology to vital services like energy, utilities, transportation, defense, information technology, food and agriculture, and financial services.” Mayorkas added, “It is not a board that will be focused on theory, but rather practical solutions for the implementation of AI in our nation’s daily life.”
According to the AP (4/26, Staff), Mayorkas said that “AI holds potential for improving government services but ‘we recognize the tremendously debilitating impact its errant use can have.’” The AP adds regarding the 22-member board that “corporate executives dominate, but it also includes civil rights advocates, AI scientist Fei-Fei Li who leads Stanford University’s AI institute as well as Maryland Gov. Wes Moore and Seattle Mayor Bruce Harrell, two public officials who are ‘already ahead of the curve’ in thinking about harnessing AI’s capabilities and mitigating risks.”
Study: AI Models Can Automate Security Exploits
Axios (4/26) reports that academic research from the University of Illinois Urbana-Champaign has revealed that GPT-4 can autonomously write scripts to exploit security vulnerabilities with an 87 percent success rate. This research tested 10 different models against 15 serious vulnerabilities listed by Mitre’s Common Vulnerabilities and Exposures. As of their study, GPT-4 was the most proficient, managing nearly 50 steps in a single exploit attempt. These findings, published this month, validate concerns about AI’s potential role in cybersecurity threats. Additionally, ongoing advancements in AI technologies suggest other models may soon demonstrate similar capabilities.
Education Department Announces Partnership With UC Berkeley To Improve Ed-Tech Cybersecurity
Education Week (5/2) reports the Education Department is “teaming up with the University of California at Berkeley’s Center for Long-Term Cybersecurity on an initiative to improve collaboration between schools’ education technology vendors and cybersecurity experts.” The Partnership for Advancing Cybersecurity in Education’s (PACE) goal is to “stem the tidal wave of attacks on districts, which increasingly originate from the platforms, applications, and other technology schools use for teaching, learning, operations, and more.” PACE will “hold a summit in October bringing together cybersecurity experts and ed-tech vendors.” A survey of IT Professionals conduced last year found that 80% of K-12 schools had been targeted by ransomware in the past year, “a higher percentage than any other industry surveyed.” Deputy Secretary of Education Cindy Marten said in a statement, “This partnership will develop actionable insights to enhance the resilience of the ed-tech sector, ensuring that our educational tools are not only effective but secure.”
Survey: Most School District Leaders Prioritize Cybersecurity Improvements
K-12 Dive (5/2, Merod) reports cybersecurity remains “the biggest concern among district ed tech leaders, with nearly all 981 survey respondents to an annual survey from the Consortium for School Networking reporting that they are working to improve protections.” The survey found other indicators “that schools are beginning to bolster their cyberdefense, including a sizable increase in districts using two-factor authentication – 72% in 2024 compared with 40% in 2022.” Around 53% of districts “also reported having incident response plans versus 34% two years ago,” though ed tech leaders “seem to view their risk” from cyberthreats as “relatively (and surprisingly) low,” CoSN found. Despite K-12 being “the most-targeted sector for phishing scams, for example, only 26% of leaders saw their districts as being at high risk from them, the report said.”