Dr. T's security brief

Skip to first unread message


Mar 2, 2024, 1:00:12 PMMar 2
to sec-...@googlegroups.com

'KeyTrap' DNS Bug Threatens Widespread Internet Outages

Researchers at Germany's ATHENE (National Research Center for Applied Cybersecurity) found a design flaw in a Domain Name System (DNS) security extension that could cause widespread Internet disruptions if it were exploited on multiple DNS servers simultaneously. DNS servers that use the DNSSEC extension to validate traffic are vulnerable to the "KeyTrap" DNS bug, which has existed since 2000. The researchers worked with Google, Cloudflare, and other major DNS service providers on patches before publishing their work.
» Read full article ]

Dark Reading; Becky Bracken (February 20, 2024)


U.K. Leads Disruption of Hacker Group's Site

An operation conducted by the U.K. National Crime Agency, the U.S. Federal Bureau of Investigation, Europol, and a coalition of international police agencies has taken control of an online site run by the LockBit ransomware group. LockBit's eponymous software was the "most deployed ransomware variant" across the world last year. It was first discovered in 2020 when the software surfaced on Russian language forums. On Monday, a message appearing on the site belonging to the group said it was "now under control of law enforcement."
[ » Read full article ]

BBC News; Gordon Corera (February 20, 2024)


Wyze Security Issue Exposed Private Cameras to Strangers

Kirkland, WA-based Wyze said about 13,000 users of its security cameras were able to view sensitive content from the devices of other users when the cameras came back online Feb. 16 following an hours-long service outage attributed to Amazon Web Services. Some users were able to see thumbnails from other users' feeds in their apps and clicked to view the videos. Wyze attributed the mixup of device IDs and user ID mapping to a partner that has since fixed the issue.
» Read full article *May Require Paid Registration ]

The Washington Post; Heather Kelly (February 20, 2024)


Fingerprints Recreated from Sounds of Swiping a Touchscreen

Researchers in the U.S. and China have demonstrated a side-channel attack on the Automatic Fingerprint Identification System that allows fingerprint pattern features to be extracted from the sounds of a user's finger swiping a touchscreen. The attack, dubbed PrintListener, can be made through apps like Discord, Skype, WeChat, and FaceTime when a device’s microphone is on. Tests of PrintListener found it could extract up to 27.9% of partial fingerprints, and 9.3% of complete fingerprints, within five attempts at the highest-security false acceptance rate setting of 0.01%.
» Read full article ]

Tom's Hardware; Mark Tyson (February 19, 2024)


'AI Godfather', Others Urge More Deepfake Regulation

More than 400 AI experts and executives from various industries, including AI "godfather" and ACM A.M. Turing Award laureate Yoshua Bengio, signed an open letter calling for increased regulation of deepfakes. The letter states, "Today, deepfakes often involve sexual imagery, fraud, or political disinformation. Since AI is progressing rapidly and making deepfakes much easier to create, safeguards are needed." The letter provides recommendations for regulation, such as criminal penalties for individuals who knowingly produce or facilitate the spread of harmful deepfakes, and requiring AI companies to prevent their products from creating harmful deepfakes.
» Read full article ]

Reuters; Anna Tong (February 21, 2024)


Facial Recognition: Coming Soon to an Airport Near You

Major airlines in the U.S. have increasingly invested in facial recognition technology, as have government agencies in charge of aviation security. Overseas, a growing number of airports are installing biometrics-enabled electronic gates and self-service kiosks at Immigration and Customs. The technologies' adoption could mean enhanced security and faster processing for passengers, but also raises privacy and ethics concerns.
[ » Read full article *May Require Paid Registration ]

The New York Times; Christine Chung (February 19, 2024)


Tamper-Proof ID Tag Uses Terahertz Waves

Building on their previous work, researchers at the Massachusetts Institute of Technology leveraged terahertz waves to develop an antitampering identification tag that also offers the benefits of being tiny, cheap, and secure. In 2020, the researchers unveiled a cryptographic ID tag several times smaller and significantly less expensive than traditional radio frequency ID (RFID) tags. The team then mixed microscopic metal particles into the glue that sticks the tag to an object and used terahertz waves to detect the unique pattern those particles form on the item’s surface, which is used to authenticate the item.
[ » Read full article ]

Tech Times; Inno Flores (February 18, 2024)


'Unhackable' Computer Chip Works on Light

An "unhackable" computer chip that uses light instead of electricity for computations was created by researchers at the University of Pennsylvania (UPenn) to perform vector-matrix multiplications, widely used in neural networks for development of AI models. Since the silicon photonic (SiPh) chip can perform multiple computations in parallel, there is no need to store data in a working memory while computations are performed. That is why, UPenn's Firooz Aflatouni explained, "No one can hack into a non-existing memory to access your information."
[ » Read full article ]

Interesting Engineering; Ameya Paleja (February 16, 2024)


Tech Companies Agree to Combat AI-Generated Election Trickery

Executives from Adobe, Amazon, Google, IBM, Meta, Microsoft, OpenAI, and TikTok announced a joint effort to combat AI-generated images, audio, and video designed to sway elections. Announced at the Munich Security Conference on Friday, the initiative, which also will include 12 other major technology companies, outlines methods the companies will use to try to detect and label deceptive AI content when it is created or distributed on their platforms. Participants will share best practices and provide “swift and proportionate responses” when fake content starts to spread.
[ » Read full article ]

Associated Press; Matt O'Brien; Ali Swenson (February 16, 2024)

Leaked Files Demonstrate China’s “Vast” International Hacking Of Foreign Targets

The Washington Post Share to FacebookShare to Twitter (2/21, Shepherd, Cadell, Nakashima, Schaffer, Menn) reports that documents leaked from Chinese state-linked hacking group iSoon show that Chinese intelligence and military hackers are conducting extensive cyber espionage against foreign entities, exploiting claimed vulnerabilities in US software from companies including Microsoft, Apple and Google. The over 570 leaked files reveal contracts spanning eight years to extract data from “at least 20 foreign governments and territories, including India, Hong Kong, Thailand, South Korea, the United Kingdom, Taiwan and Malaysia.” Cybersecurity firm Mandiant Intelligence has confirmed the authenticity of the leaked data. The US intelligence community views China’s targeted hacking endeavors as a significant long-term security threat.


Mar 3, 2024, 8:40:37 PMMar 3
to sec-...@googlegroups.com

LastPass Alerts Users about Fake App on Apple App Store
LastPass warns users about a counterfeit version of its app, discovered on the Apple App Store. The fake app closely resembles LastPass' interface and branding, posing a potential phishing threat to users' sensitive credentials. Despite LastPass' efforts, the counterfeit app remains available on the App Store, highlighting challenges in maintaining security standards. LastPass advises users to remove the fake app, change passwords, and take precautionary measures. Apple has confirmed the removal of the app and expulsion of the developer from the Apple Developer Program, emphasizing collaborative efforts to combat intellectual property infringements. (CYBERMATERIAL.COM)


Microsoft Is Bringing Linux's Sudo Command to Windows 11
Windows 11 will include a built-in sudo command, commonly used in Unix-based systems, to allow developers to run programs with higher security privileges or as another user. This feature will be available in a future version of Windows 11 and can be configured in three modes: new window, input disabled, and inline. Microsoft plans to expand documentation and open-source the project on GitHub. This move follows Microsoft's previous embrace of Linux with the inclusion of a Linux kernel in Windows 10 and other Linux-related features. (THEVERGE.COM)


Why Bloat Is Still Software’s Biggest Vulnerability
Bert Hubert reflects on the late Niklaus Wirth's 1995 plea for lean software and argues that software security issues arise less from code density and more from attack surface area. He points to an overreliance on external dependencies and code containers as key contributors to bloat. As proof that minimal, secure software is still achievable, Hubert offers Trifecta, his own 1,600-line image hosting solution. (IEEE.ORG)


How 'Big 4' Nations' Cyber Capabilities Threaten the West
The "Big Four" nations, namely Russia, China, Iran, and North Korea, pose significant cyber threats to the West. Each country has its own cyber agenda, with Russia focusing on offensive cyber operations, China on cyber espionage, Iran on influence operations, and North Korea on financial gain. Recent actions by these nations have been attributed to state-sponsored cyber groups associated with them. Geopolitical factors, economic partnerships, and strategic interests contribute to their cyber activities. With upcoming elections in democratic nations, cyber-influence campaigns are expected to escalate in the next year. (DARKREADING.COM)


Feds Deliver Stark Warnings to State Election Officials Ahead of November
Federal law enforcement and cybersecurity officials warn state election administrators about serious threats to the upcoming presidential election, including cyberattacks, disinformation, and threats to personal safety. Officials are urged to enhance cybersecurity measures and establish partnerships with federal agencies and fellow state officials. (STATELINE.ORG)


Wi-Fi Jamming to Knock Out Cameras Suspected in Nine Minnesota Burglaries -- Smart Security Systems Vulnerable as Tech Becomes Cheaper and Easier to Acquire
A serial burglar in Edina, Minnesota, is believed to be using Wi-Fi jammers to disable connected security cameras before carrying out burglaries. The burglaries target affluent homes, with the thief deploying Wi-Fi jammers to prevent incriminating video evidence. Wi-Fi jamming is becoming a growing trend among burglars, and popular wireless smart home security products like Ring, Blink, and Nest are vulnerable to such attacks. Wi-Fi jammers are easily accessible and inexpensive online, making them a trivial tool for criminals. Homeowners are advised to physically connect devices, utilize smart home technology, and adjust settings to enhance security. (TOMSHARDWARE.COM)


Hackers are Taking Advantage of Gaps in U.S. Cybersecurity Policy
Hackers are increasingly exploiting vulnerabilities in firmware to gain control of devices and steal data. The federal government's outdated cybersecurity framework lacks compliance incentives, and Congress has not prioritized firmware security. The National Institute of Standards and Technology (NIST) should update its framework, NIST 800-193, and the government should encourage private companies to comply by purchasing only compliant technology and offering financial incentives for critical infrastructure firms. (THECIPHERBRIEF.COM)


200,000 Facebook Marketplace User Records Leaked on Dark Web
Personal data from 200,000 Facebook Marketplace users has been leaked on a hacker forum, including names, phone numbers, email addresses, Facebook IDs, and profile information. The data was hacked by an individual named "algoatson" through a Meta contract worker. This is not the first time Facebook user information has been leaked, with a similar incident occurring in 2021. To protect themselves, users are advised to change their passwords, enable two-factor authentication, and be cautious of phishing attempts. (MASHABLE.COM)


The Crow Flies at Midnight - Exploring Red Team Persistence via AWS Lex Chatbots
This blog post explores the use of AWS Lex chatbots as a persistence method for red teamers in cybersecurity. While it may not be a practical technique, it provides hands-on experience with a service commonly used in the AI industry. The post includes a hypothetical scenario and a step-by-step guide on modifying a Lambda function to demonstrate persistence. (MEDIUM.COM)


Japan Risks Losing Trust of US, Other Allies Over Its 'Serious' Cybersecurity Flaws
Japan's lax cybersecurity defenses have raised concerns among its allies, particularly the US, that sensitive diplomatic communications are being accessed by China. The breach was initially alerted to Japan by the US National Security Agency, highlighting the scale of the problem and the potential leak of confidential data. Urgent action is needed to address the cybersecurity issue and rebuild trust with allies. (SCMP.COM)


Shim Vulnerability Exposes Most Linux Systems to Attack
A critical vulnerability in Shim, the software that facilitates Linux booting on Secure Boot PCs, could allow a network attacker to bypass Secure Boot and take control of the system. While the vulnerability requires specific conditions to be exploitable, it poses a significant risk due to the widespread use of shim in Linux distributions. Users are advised to patch shim or disable the network boot option to mitigate the risk. (ZDNET.COM)


FCC Orders Telecom Carriers to Report PII Data Breaches Within 30 Days
The FCC has issued a final rule requiring telecommunications companies to report data breaches impacting customers' personally identifiable information (PII) within 30 days. The updated data breach reporting requirements aim to ensure accountability for telecom carriers in safeguarding sensitive customer information and providing customers with the necessary tools to protect themselves. The rule expands the scope of breach notification requirements to include PII and inadvertent access, use, or disclosure of customer information. The FCC has removed the waiting period for carriers to inform customers, mandating prompt notification after alerting relevant federal agencies. (BLEEPINGCOMPUTER.COM)


Ongoing Azure Compromises Target Senior Execs, Microsoft 365 Apps
A campaign targeting Microsoft Azure corporate clouds is compromising dozens of environments and hundreds of user accounts. Attackers are using tailored phishing techniques to obtain Microsoft 365 login credentials, specifically targeting strategic individuals in organizations, including executives and managers. Once access is gained, the attackers engage in various malicious activities, such as data theft, financial fraud, and manipulation of multifactor authentication settings. Organizations are advised to be vigilant, enforce strict password hygiene, and implement auto-remediation policies to mitigate the risk of compromise. (DARKREADING.COM)


Chinese Hackers Compromised US City’s Emergency Networks, Report Finds
A Chinese-affiliated hacking group known as VOLTZITE, or Volt Typhoon, attempted to compromise the emergency services networks of a large unnamed US city last month, according to cybersecurity group Dragos. The group has been linked to China by the US government. Dragos also detected the group conducting reconnaissance on a US telecom group's networks. The report highlights the ongoing cyber threats posed by the Volt Typhoon and their attempts to infiltrate critical infrastructure. The Cybersecurity and Infrastructure Security Agency urges critical infrastructure organizations to take the threat seriously and report any suspicious activity to CISA or the FBI. (POLITICOPRO.COM)


Navy Officials Call for More 'Shared Cyber Responsibility,' Better Handling of 'Crapload of Data'
The Navy's principal cyber advisor, Scott St. Pierre, highlighted the challenge of fostering shared responsibility for cybersecurity among different leaders within the service. Bringing together systems commands, threat personnel, and operators will be crucial to address this challenge. Navy Chief Information Officer Jane Rathbun emphasized the need for better data management and protection, including data tagging, secure data movement, and access control. The Navy will also need to rethink the relationship between risk and consequence when it comes to data security classification. (BREAKINGDEFENSE.COM)


US Military Notifies 20,000 of Data Breach After Cloud Email Leak
The US Department of Defense is informing approximately 20,600 individuals that their personal information was exposed in an email data spill last year. The breach occurred when a misconfigured US government cloud email server hosted on Microsoft's cloud for government customers allowed access from the internet without a password. The server was identified and removed from public access on February 20, 2023, and the vendor has resolved the issues. The breach included sensitive personnel information and questionnaires from prospective federal employees seeking security clearances. (TECHCRUNCH.COM)


How AI Is Strengthening XDR To Consolidate Tech Stacks
Artificial intelligence (AI) is playing a crucial role in enhancing extended detection and response (XDR) platforms by analyzing behaviors and detecting threats in real-time. XDR is being adopted by CISOs and security teams for its ability to consolidate functions and provide a unified view of attack surfaces. Leading XDR vendors are leveraging AI and machine learning (ML) to consolidate tech stacks and improve prediction accuracy, closing gaps in identity and endpoint security. AI has the potential to strengthen XDR in areas such as threat detection and response, behavioral analysis, reducing false positives, and automating threat hunting.  (VENTUREBEAT.COM)


UN Experts Investigating 58 Suspected North Korean Cyberattacks Valued at About $3 Billion
U.N. experts are investigating 58 cyberattacks attributed to North Korea between 2017 and 2023, worth approximately $3 billion. The funds are reportedly being used to support the country's weapons of mass destruction program. The cyberattacks, carried out by North Korean hacking groups affiliated with the Reconnaissance General Bureau, are ongoing. The report also highlights North Korea's flouting of U.N. sanctions, development of nuclear weapons, and production of nuclear fissile materials. (APNEWS.COM)


The Canadian Government Wants To Ban Flipper Zero-Type Hacker Tools To Combat Car Theft
The Canadian government plans to ban devices like Flipper Zero due to their alleged use in car theft. Flipper Devices, the manufacturer of Flipper Zero, denies that the device can be used for car theft and states that it is intended for security testing and development purposes. Cybersecurity experts argue that banning such devices may hinder innovation in security research and fail to effectively address underlying security challenges. (TOMSHARDWARE.COM)


Surge in "Hunter-Killer" Malware Poses Significant Challenge to Security Teams
Adversaries have increased their attacks aimed at disabling enterprise defenses, with a 333% rise in "hunter-killer" malware that actively targets and disables advanced enterprise defenses. This shift poses a significant challenge for defenders, requiring organizations to focus on these types of attacks. Cybercriminals are adapting to improved security measures by disabling security controls, with this behavior seen in a quarter of malware samples. To combat this, organizations should embrace machine learning, protect user credentials, and continuously validate defenses against evolving tactics. Behavioral analysis and defense schemes are necessary to counter adversaries who use the same tools as IT and security teams. (CSOONLINE.COM)


The Nine Lives of Commando Cat: Analyzing a Novel Malware Campaign Targeting Docker
This technical analysis examines a recently observed threat campaign leveraging Docker containers for initial access. Dubbed "Commando Cat," the actors deploy legitimate container software before escaping to run credential theft and crypto-miner payloads on Docker hosts in a multifaceted operation. Close examination of command lines and payloads sheds light on the adversary's evolving tactics. (CADOSECURITY.COM)


New Cybersecurity Threats Prompt A Rush To Sophisticated, Unified Security Strategies
Organizations are facing emerging threats, such as multi-extortion ransomware attacks and third-party associate attacks, necessitating the implementation of advanced cybersecurity strategies. Solutions like Security Service Edge (SSE) and Secure Access Service Edge (SASE) integrate multiple security capabilities into a unified cloud-native software stack, offering comprehensive protection across an enterprise's vulnerable surfaces. Gartner predicts that by 2025, 80% of enterprises will adopt SSE platforms to unify access to web, cloud services, and private applications. As the threat landscape evolves, organizations must remain vigilant in safeguarding against new types of cyber threats. (NEWSWEEK.COM)


Free Rhysida Ransomware Decryptor for Windows Exploits RNG Flaw
South Korean researchers have discovered and publicly disclosed a flaw in the Rhysida ransomware's encryption scheme, allowing them to create a decryptor for Windows. The flaw lies in the random number generator used to generate the encryption key, and by exploiting it, researchers were able to recover the internal state of the generator and create a valid key to reverse the encryption. An automated decryption tool has been made available on the Korean Internet & Security Agency (KISA) website, but its safety and effectiveness cannot be guaranteed. (BLEEPINGCOMPUTER.COM)


AI Girlfriends and Boyfriends Harvest Personal Data, Study Finds
A study by Mozilla's *Privacy Not Included project reveals that AI romance chatbots, including CrushOn.AI, collect and sell shockingly personal information, violating user privacy. These chatbots, marketed as enhancing mental health and well-being, actually thrive on dependency and loneliness while prying for data. Most apps sell or share user data, have poor security measures, and use numerous trackers for advertising purposes. Additionally, some apps have made questionable claims about improving mood and well-being, despite disclaimers stating they are not healthcare providers. (GIZMODO.COM)


Islamic Nonprofit Infiltrated for 3 Years With Silent Backdoor
A Saudi Arabian charitable nonprofit organization has been targeted in a stealthy espionage campaign using a custom backdoor called Zardoor. The malware, which exfiltrates data from the victim organization, has been active since March 2021 and is likely the work of an advanced attacker. While the use of reverse proxy tools matches tactics used by Chinese APT groups, the choice of the compromised target does not align with known Chinese objectives. The Zardoor campaign highlights the importance of implementing a defense-in-depth security posture to detect and mitigate advanced threats. (DARKREADING.COM)


Ransomware Groups Claim Hits on Hyundai Motor Europe and a California Union
Hyundai Motor Europe and the Service Employees International Union (SEIU) Local 1000 in California have both reported cyberattacks in January. Black Basta, a ransomware group, claimed to have stolen 3TB of data from Hyundai Motor Europe, while LockBit, another ransomware group, claimed responsibility for the attack on SEIU Local 1000, stealing 308GB of data. Both organizations are working with cybersecurity experts to investigate the incidents and restore operations. (DARKREADING.COM)


Biden Admin Pushes Software Liability Regime to Bolster Cybersecurity Practices
The Biden administration is focusing on liability regimes for commercial software developers as part of its national cybersecurity strategy. National Cyber Director Harry Coker plans to explore liability frameworks to prevent companies from disclaiming liability for software vulnerabilities. Collaboration with academic and legal experts, as well as engagement with industry stakeholders, will shape regulatory measures. The Cybersecurity and Infrastructure Security Agency (CISA) is also promoting secure software development practices through initiatives like the "secure by design" alert series. Industry stakeholders emphasize the importance of collective action and embedding cybersecurity measures into technology products. (CYBERMATERIAL.COM)


Cybercriminals are Stealing Face ID Scans to Break into Mobile Banking Accounts
iOS users in Thailand are being targeted by cybercriminals who steal Face ID scans to gain access to their bank accounts. A Chinese-speaking cybercrime group called GoldFactory is distributing trojanized apps that trick users into performing biometric verifications, allowing criminals to bypass security checks and steal money. The attacks have so far been limited to Thailand and Vietnam, but there are concerns about the spread of this type of cybercrime worldwide. (READWRITE.COM)


FBI Disrupts Moobot Botnet Used by Russian Military Hackers
The FBI has taken down a botnet of SOHO routers used by Russia's GRU in spearphishing and credential theft attacks. The botnet was controlled by GRU Military Unit 26165 and targeted governments, military entities, and corporate organizations. The FBI remotely accessed the routers, deleted stolen data, blocked remote access, and temporarily modified firewall rules to neutralize GRU's access. This is the second botnet disruption by the FBI in 2024, following the takedown of the KV botnet used by Chinese state hackers. (BLEEPINGCOMPUTER.COM)


Hackers Obtained Nearly 7 Million People's Data from 23andMe. The Firm Blamed Users in 'Very Dumb' Move.
Personal information, including names, addresses, and genetic heritage, of around 7 million individuals was accessed by hackers from 23andMe. The company attributed the breach to users' failure to update passwords, which has been criticized as a negligent response. Lawsuits have been filed against 23andMe, raising concerns of identity fraud and blackmail using the compromised genetic data. (THEGUARDIAN.COM)


QR Code 'Quishing' Attacks on Execs Surge, Evading Email Security
Attacks using QR codes to deliver malicious payloads have surged, especially against corporate executives, bypassing email security measures and targeting privileged users. Attackers exploit trust in QR codes, embedding them in everyday items, and often aim to steal credentials for lasting damage. While training is crucial, technical controls are necessary to protect against sophisticated attacks that even security professionals find difficult to detect. (DARKREADING.COM)


'Coyote' Malware Begins Its Hunt, Preying on 61 Banking Apps
A new banking Trojan called "Coyote" has been discovered targeting 61 different online banking applications, primarily in Brazil. Coyote is notable for its use of sophisticated components, including the Squirrel installer, NodeJs, and the programming language Nim. Brazilian malware developers have a history of expanding their threats globally, making it important for organizations to be prepared. Coyote has the potential to evolve into a fully-fledged initial access Trojan and backdoor, similar to other banking Trojans in the past. Brazilian banking Trojans have already targeted companies and individuals in countries such as Australia, Europe, and Italy. (DARKREADING.COM)


State-Backed Hackers Experimenting with OpenAI Models
Hackers from China, Iran, North Korea, and Russia are exploring the use of large language models (LLMs) in their operations, according to a report by Microsoft and OpenAI. While no notable attacks have been observed, the report highlights how hackers are using LLMs for research, crafting spear-phishing emails, and improving code generation. The report also emphasizes the need for monitoring and preventing the abuse of AI models by state-backed hackers, with Microsoft announcing principles to address this issue and collaborate with other stakeholders. (CYBERSCOOP.COM)


New RustDoor macOS Malware Impersonates Visual Studio Update
A new macOS malware called RustDoor, written in Rust, disguises itself as a Visual Studio update, allowing backdoor access to compromised systems. The campaign distributing the malware has been active since November 2023 and is linked to infrastructure associated with the ALPHV/BlackCat ransomware gang. While there is some evidence suggesting a potential connection to the ransomware operators, further investigation is required. RustDoor is primarily distributed as an updater for Visual Studio for Mac and has remained undetected for at least three months. The malware has various capabilities, including system control, data exfiltration, and persistence through modification of system files. (BLEEPINGCOMPUTER.COM)


'Ov3r_Stealer' Malware Spreads Through Facebook to Steal Crates of Info
A new malware named "Ov3r_Stealer" is being propagated on Facebook through job ads and accounts, using various execution methods to steal sensitive data. The malware exfiltrates data to a Telegram channel monitored by the threat actors, and it can steal information such as geolocation, passwords, credit card details, and more. Researchers believe that Ov3r_Stealer is still under development and poses an ongoing threat, urging organizations to implement security awareness programs and maintain up-to-date application patching to mitigate the risk. (DARKREADING.COM)


That Electric Toothbrush Botnet Story Is Totally Fake
A story claiming that cybercriminals created a botnet out of 3 million electric toothbrushes has been debunked. The Swiss newspaper that initially reported the story blamed Fortinet, a security company, for falsely claiming the incident was real. Fortinet clarified that the toothbrush incident was only mentioned as an illustration during an interview and not based on their research. The story highlights the challenge of covering cybersecurity as exaggerated research findings can be used to gain attention. (GIZMODO.COM)


Glupteba Botnet Adds UEFI Bootkit to Cyberattack Toolbox
The Glupteba malware, known for its multifunctionality, has incorporated a Unified Extensible Firmware Interface (UEFI) bootkit, enabling it to persist within Windows systems even after reboots. By manipulating the UEFI process, Glupteba can operate at a lower level and execute its code before Windows starts, making detection and removal more challenging. The bootkit poses serious threats, including unauthorized access, data loss, and operational disruptions. Organizations are advised to maintain good security hygiene and use up-to-date security products to prevent such sophisticated threats. (DARKREADING.COM)


A Nebraska Bill Would Hire a Hacker to Probe the State's Computer, Election Systems
Nebraska State Senator Loren Lippincott has proposed a bill to hire an "ethical hacker" to probe the state's computer network, election equipment, and software for vulnerabilities. Lippincott hopes that by hiring a hacker, the state can identify weaknesses before they are exploited by malicious actors. The bill also allows for the hiring of a security company to assess the state's systems. The proposal comes amid growing concerns about cyberattacks on critical infrastructure and election security. (CO.UK)


Iranian Hackers Broadcast Deepfake News in Cyber Attack on UAE Streaming Services
Iranian state-backed hackers disrupted TV streaming services in the UAE by broadcasting a deepfake newsreader delivering a fabricated report on the war in Gaza. The hackers, known as Cotton Sandstorm, used AI-generated technology to present unverified images and false information. This marks the first time Microsoft has detected an Iranian influence operation using AI as a significant component. The incident highlights the potential risks of deepfake technology in disrupting elections and spreading disinformation. (READWRITE.COM)


Data of Half the Population of France Stolen in Its Largest Ever Cyberattack. This Is What We Know
Over 33 million people in France, nearly half of the population, have been impacted by the country's biggest-ever cyberattack. Two French service providers for medical insurance companies were targeted, potentially exposing millions of people's data to hackers. The stolen data includes details such as marital status, date of birth, social security number, health insurer name, and policy cover. No bank details, medical data, postal address, telephone number, or email were compromised. The CNIL has warned users about phishing risks and advises them to verify the authenticity of communications from official organizations. (EURONEWS.COM)


Report: More Than Half of Americans Have Had Their Data Exposed
A recent report reveals that 61 percent of respondents in a survey of 1,200 adults in the United States reported experiencing a personal data breach at least once. Additionally, 44 percent stated that they had experienced multiple breaches. Despite concerns about cyberattacks in 2024, the report also highlighted that a majority of respondents felt confident in recognizing phishing emails and believed it was possible to avoid becoming a victim of a data breach. However, the report emphasized that many individuals are not taking recommended steps to protect their data, such as using password managers or pursuing credit monitoring. (GOVTECH.COM)


The Financial Industry Suffered the Most Data Breaches in 2023-Including a Single Attack That Affected Nearly 1,000 Institutions
The financial sector experienced the highest number of data breaches in 2023, with social engineering attacks such as phishing scams on the rise, according to a report by Kroll. The report highlights the attractiveness of the financial industry to cybercriminals due to the wealth of sensitive customer information it holds. The most notable attack was the CL0P ransomware attack on the MOVEit data transferring platform, which affected nearly 1,000 institutions, including major firms and government agencies. The report emphasizes the importance of addressing third-party risks in supply chains and outsourcing relationships. (FORTUNE.COM)


Top U.S. Officials Warn Congress of China's Hacking Powers
During a congressional hearing, top U.S. officials, including U.S. Cyber Commander Gen. Paul Nakasone and FBI Director Christopher Wray, warned lawmakers about China-backed hacking campaigns that pose a threat to U.S. critical infrastructure. They expressed concerns that China could disrupt basic services such as clean water and electricity, potentially endangering American lives. Officials highlighted China's growing interest in launching destructive cyberattacks against U.S. systems, diverging from their historical focus on espionage. They called for increased resources and information-sharing partnerships between the government and private sector to better prepare for Chinese cyber threats. (AXIOS.COM)


China Caught Dropping RAT Designed for FortiGate Devices
The Dutch Military Intelligence and Security Service (MIVD) has uncovered a new malware strain called "Coathanger," deployed by the Chinese government as part of a political espionage campaign. The RAT was used to spy on the Dutch Ministry of Defense and was delivered through a known FortiGate flaw. The Coathanger malware is persistent and stealthy, capable of surviving reboots and firmware upgrades. Chinese threat actors are targeting Internet-facing edge devices, including firewalls and VPN servers. The MIVD recommends regular risk analysis, limited Internet access, scheduled logging analysis, and replacing unsupported hardware to mitigate the threat. (DARKREADING.COM)


HijackLoader Upgrades Defense Evasion
HijackLoader, a loader malware, has introduced advanced defense evasion techniques, making it more difficult to detect and analyze. Cybercrime groups like TA544 are increasingly using HijackLoader to deliver sophisticated threats such as RAT and SystemBC. The malware employs methods like process hollowing and transacted hollowing to evade traditional security solutions, presenting challenges for cybersecurity professionals. The evolving nature of threats like HijackLoader highlights the importance of continuous innovation in cybersecurity defenses to effectively mitigate risks. Vigilance and proactive measures are crucial in addressing potential vulnerabilities in systems and networks. (CYBERMATERIAL.COM)


China's Cyberattackers Maneuver to Disrupt US Critical Infrastructure
The China-backed Volt Typhoon advanced persistent threat (APT) is targeting critical infrastructure and pivoting to operational technology (OT) networks. The attackers aim to disrupt physical operations in energy, water utilities, communications, and transportation, potentially causing panic and discord in the event of a kinetic conflict between the US and China. The APT, also known as Vanguard Panda, has been hiding in US infrastructure for five years, gathering information on and penetrating OT systems. The US Cybersecurity and Infrastructure Security Agency (CISA) is concerned about the potential for disruptive effects in geopolitical tensions or military conflicts. (DARKREADING.COM)


US Offers $10M Reward to Combat Hive Ransomware Threat
The US State Department has announced a reward of up to $10 million for information leading to the identification or location of key members of the Hive ransomware gang. This move comes in response to the group's extensive cybercrime activities, which have resulted in over $100 million in extortion from companies globally. The reward aims to disrupt and dismantle the operations of the Hive ransomware gang and incentivize cooperation in combating the escalating threat of ransomware attacks. Law enforcement agencies have already conducted a coordinated operation, seizing Hive's Tor websites and preventing victims from paying $130 million in ransom demands. However, the persistence and sophistication of the Hive ransomware operation necessitate continued collaboration between government agencies, private sector organizations, and international partners to effectively combat cybercrime. (CYBERMATERIAL.COM)


OpenSSF Securing Software Repositories Working Group Releases Principles for Package Repository Security
The OpenSSF Securing Software Repositories Working Group has released a framework called Principles for Package Repository Security. This framework aims to help package repositories assess their current security capabilities and plan for future improvements. It defines four levels of security maturity across various categories and encourages package repositories to self-assess and strengthens their security over time. The framework is voluntary and aims to accelerate the implementation of high-impact security improvements within package repositories. Funding opportunities are also encouraged to support completed proposals. (OPENSSF.ORG)


Cyber Startup Armis Buys Firm That Sets ‘Honeypots’ for Hackers
Armis, a cyber security startup, has acquired CTCI, a company that uses artificial intelligence to create a network of decoy systems to attract and trap hackers. This acquisition is part of Armis' broader strategy to expand its offerings in the cyber security market. (BLOOMBERG.COM)


Pentagon Weapons Tester Evolving Assessment of Radio Frequency-Enabled Cyberattacks
The Pentagon's chief weapons tester, the Office of the Director, Operational Test and Evaluation (DOT&E), is enhancing its ability to assess threats posed by radio frequency-enabled cyberattacks. These attacks exploit wireless systems and can disrupt critical mission systems, such as those in aircraft, ships, and vehicles. DOT&E's cyber assessment program is collaborating with the Air Force Cyber Resiliency Office for Weapon Systems (CROWS) to improve assessments and develop procedures to mitigate the effects of RF-enabled cyberattacks. The focus is expanding to include RF technologies and their vulnerabilities in addition to internet protocol-based networks. (DEFENSESCOOP.COM)


Mar 6, 2024, 8:28:38 AMMar 6
to sec-...@googlegroups.com

Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation
Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows (Bulletin: ZSB-24008, CVEID: CVE-2024-24691) allows an unauthenticated user to escalate privileges via network access. Users should update to the latest versions to stay secure. Reported by Zoom Offensive Security. (ZOOM.COM)


iPhone Users Beware-This Malware Steals Your Facial Recognition
A new trojan targeting iPhones has been discovered, collecting facial recognition data, intercepting SMS messages, and stealing identity documents to gain unauthorized access to users' bank accounts. The malware creates deepfake images using AI-driven face-swapping services. While the attack has primarily focused on the Asia-Pacific region, it highlights the risk of using facial data for transactions. Users should be cautious of social engineering techniques used to trick them into installing malicious profiles or visiting fraudulent websites. (FORBES.COM)


DuckDuckGo Browser Upgrade: Privately Sync Your Bookmarks and Passwords Across Devices
DuckDuckGo has introduced a new Sync & Backup feature, allowing users to privately and securely synchronize bookmarks, passwords, and Email Protection settings across their DuckDuckGo browsers on multiple devices. The feature does not require users to create an account or sign in, ensuring the privacy and security of their data. DuckDuckGo's built-in password manager encrypts passwords locally on the device, and the private sync is end-to-end encrypted. Users can also back up their data in case of device loss or damage. (SPREADPRIVACY.COM)


ExpressVPN User Data Exposed Due to Bug
ExpressVPN Disables Split Tunneling on Windows After DNS Requests Not Properly Directed. Bug in Versions 12.23.1 through 12.72.0 Exposed DNS Requests to ISPs but Not Individual Pages. Less than 1% of Windows Users Affected. Split Tunneling is Disabled Until the Issue is Resolved. Users Advised to Upgrade or Downgrade to Version 10 for Split Tunneling. (SECURITYWEEK.COM)


New Technique Can Spy on Your Security Cameras Through Walls
Researchers at Northeastern University have developed a technique called EM Eye that can capture the video feed from most modern cameras, even through walls. By using a radio antenna to pick up the electromagnetic radiation emitted by the camera's internal wires, the researchers can decode the signal and reproduce real-time video without sound. The technique works on various types of cameras, and the distance required for eavesdropping ranges from less than 1 foot to 16 feet, depending on the camera model. (INTERESTINGENGINEERING.COM)


Researchers Uncover Wi-Fi Authentication Bypass Vulnerabilities Impacting Enterprise and Consumer Devices
Researchers from KU Leuven University in Belgium have discovered multiple vulnerabilities that can bypass Wi-Fi authentication protocols. Flaws were found in Wpa_supplicant and Intel's IWD that could allow attackers to access enterprise and home networks, intercept traffic and infiltrate systems. Impacted vendors have released patches, but full remediation will take time. (SECURITYWEEK.COM)


What Using Security to Regulate AI Chips Could Look Like
An exploratory research proposal recommends regulating AI chips and implementing stronger governance measures to keep up with rapid AI innovations. The proposal suggests auditing the development and use of AI systems and implementing security features like limiting performance and remotely disabling rogue chips. However, industry experts express concerns about the impact of security features on AI performance and the challenges of implementing such measures. Suggestions include limiting bandwidth between memory and chip clusters and remotely disabling chips, but the effectiveness and technical implementation of these measures remains uncertain. (DARKREADING.COM)


US Conducted Cyberattack On Suspected Iranian Spy Ship, NBC News Reports
NBC News reported that the US recently conducted a covert cyber operation against an Iranian military vessel in the Red Sea, according to unnamed officials, with the goal of inhibiting intelligence sharing with Houthi rebels amid recent drone attacks by Iran-backed militias. (REUTERS.COM)


Disrupting Malicious Uses of AI by State-Affiliated Threat Actors
OpenAI is taking a multi-pronged approach to combat the use of its platform by malicious state-affiliated actors. This includes monitoring and disrupting their activities, collaborating with industry partners to exchange information, iterating on safety mitigations, and promoting public transparency. OpenAI aims to stay ahead of evolving threats and foster collective defense against malicious actors while continuing to provide benefits to the majority of its users. (OPENAI.COM)


NSA’s Transformation from Secret Agency to Public Cybercrime Warrior
The National Security Agency (NSA) has undergone a transformation from a secretive organization to one that engages with the public in open forums. NSA leaders now regularly speak about offensive and defensive cyber missions, collaborating with other agencies to address threats to information networks, critical infrastructure, and supply chains. This transparency is crucial in developing active defenses against nation-state threats to the private sector. The NSA Cyber Directorate operates with a different approach, providing advice and threat information to cybersecurity professionals worldwide. The agency's collaboration with public-facing agencies has helped build trust and enhance cybersecurity across sectors. (C4ISRNET.COM)


McCrary Institute's Frank Cilluffo Explores Growing Cyber Dangers in Chat with Politico's Maggie Miller
Top Politico cyberscribe Maggie Miller lifts the lid on escalating digital dangers in a must-hear chat with Frank Cilluffo. From insidious infiltration of key infrastructure to ingenious defenses keeping State Department emails safe, Miller shares surprising intel gathered on her cyber beats. Tensions intensify as adversaries hone unconventional tactics, yet critical threats remain underreported. Tune in as these experts unpack urgent national security issues and grapple with an evolving threat landscape never far from the next headline. (BIT.LY)

Congress Should Enable Private Sector Collaboration To Reverse The Defender's Dilemma
A new bill proposes removing barriers to cooperation between companies and allowing them to share cyber threat information. This would help leverage AI capabilities across platforms to identify vulnerabilities and strengthen defenses for organizations of all sizes against continuously evolving attacks. (GOOGLE.COM)


A Celebrated Cryptography-Breaking Algorithm Just Got an Upgrade
Researchers have developed a more efficient version of the LLL algorithm, a well-known technique for lattice basis reduction. The new algorithm widens the range of scenarios in which LLL-like approaches can be used, benefiting cryptography and advanced mathematics. The upgrade improves the efficiency of the algorithm by using a recursive structure and carefully managing the precision of the numbers involved. The new technique has already proven useful in computational number theory tasks and can also aid research on lattice-based cryptography systems. (WIRED.COM)


Using AI in a Cyberattack? DOJ's Monaco Says Criminals Will Face Stiffer Sentences
Deputy Attorney General Lisa Monaco directs federal prosecutors to impose harsher penalties on cybercriminals who employ artificial intelligence (AI) in their crimes. Monaco emphasizes the need to prioritize AI in enforcement efforts, recognizing its potential to amplify the danger associated with criminal activities. The DOJ aims to deter criminals by demonstrating that the malicious use of AI will result in severe consequences. Additionally, the department is exploring ways to implement AI responsibly while respecting privacy and civil rights. (THERECORD.MEDIA)


Neuberger: Defining Espionage vs. Pre-Positioning for Attacks is Key to Battling State Actors
The White House's top cyber official said there needs to be more clarity defining cyber espionage versus cyberattack pre-positioning, noting that recent hacking of sectors like water and aviation have little intelligence value but appear aimed at positioning for disruption. The US is adopting European regulations for critical infrastructure and deepening information sharing with partners to distinguish the threats. (THERECORD.MEDIA)


Protect AI's February 2024 Vulnerability Report
Protect AI discovered critical vulnerabilities in February 2024, enabling server takeovers, file overwrites, and data loss in popular open-source AI tools, including Triton Inference Server, Hugging Face transformers, MLflow, and Gradio. All issues were responsibly disclosed with fixes released or forthcoming. (PROTECTAI.COM)


Dragos Outlines Voltzite's Attacks Against Critical Infrastructure
Dragos released a report detailing the activities of the Voltzite group, sponsored by the People's Republic of China (PRC), targeting critical infrastructure in the United States. The group has been observed infiltrating electric companies, emergency management services, telecommunications, and defense industrial bases. Dragos emphasizes the difficulty of detecting Voltzite's activities and provides guidance on mitigating the threat. (NATLAWREVIEW.COM)


380 Million Records Exposed by Global Network Service Provider
Cybersecurity researcher Jeremiah Fowler discovered a non-password protected database containing 380 million records, including Zenlayer internal data and customer information. The database, which was eventually secured, contained server logs, customer data, access and secret keys, internal emails, and VPN records. The exposure of this information poses potential risks such as targeted phishing attacks and unauthorized access to sensitive information or systems. Zenlayer, a global network services provider, has not responded to the researcher's disclosure notice. (WEBSITEPLANET.COM)


Russian APT 'Winter Vivern' Targets European Government, Military
The Russia-aligned threat group Winter Vivern, also known as TAG-70 or TA473, has been discovered targeting government, military, and national infrastructure in Georgia, Poland, and Ukraine. The group exploited cross-site scripting vulnerabilities in Roundcube webmail servers, using sophisticated social engineering techniques to gain unauthorized access. The campaign aims to gather intelligence on European political and military affairs, potentially to gain strategic advantages or undermine European security and alliances. Defending against such cyber-espionage campaigns can be challenging, but organizations can mitigate the impact by encrypting emails, patching vulnerabilities, and practicing good data hygiene. (DARKREADING.COM)


AWS SNS Hijackings Fuel Cloud Smishing Campaign
A new smishing campaign impersonating the US Postal Service is using Amazon Web Services (AWS) Simple Notification Service (SNS) to send phishing messages. The attackers behind the campaign are leveraging compromised AWS instances to send bulk messages with a USPS lure, posing a risk to businesses that have moved their workloads to the cloud. The campaign highlights the need for organizations to ensure the security of their cloud credentials and properly configure their AWS SNS environment to mitigate the risk of domain hijacking and potential damage to their reputation. (DARKREADING.COM)


DoJ Breaks Russian Military Botnet in Fancy Bear Takedown
The Department of Justice (DoJ) has disrupted a botnet operated by Russian military intelligence group Fancy Bear. The botnet, comprised of compromised small office/home office (SOHO) routers, was used for cyber espionage activities, including spear-phishing and credential harvesting. The botnet was built on existing malware called Moobot, which was installed on routers through publicly known default administrator passwords. US law enforcement successfully hacked into the compromised routers deleted stolen data and regained control. While this operation may not have a significant long-term impact on Russian cyber espionage, it adds friction to their operations and slows down their efforts. (DARKREADING.COM)


Zeus, IcedID Malware Gangs Leader Pleads Guilty, Faces 40 Years in Prison
Vyacheslav Igorevich Penchukov, a Ukrainian national and leader of the JabberZeus cybercrime gang, has pleaded guilty to charges related to his involvement in the Zeus and IcedID malware groups. Penchukov, also known as 'tank' and 'father,' was arrested in Switzerland in October 2022 and extradited to the United States. He was charged in 2012 for his role in the Zeus malware operation, which involved the theft of millions of dollars through personal identification numbers and other sensitive information. Penchukov was also part of the leadership of the Maze and Egregor ransomware operations. He faces a potential maximum penalty of 20 years imprisonment for each charge and is scheduled for sentencing on May 9. (BLEEPINGCOMPUTER.COM)


CharmingCypress: Innovating Persistence
Cybersecurity firm Volexity published a report detailing new tactics used by an Iranian state-sponsored threat actor group called CharmingCypress. The group conducts spear-phishing campaigns targeting journalists, NGOs and policy experts, using fake personas and tailored social engineering over prolonged conversations. Volexity exposes their use of custom VPN apps to distribute malware like POWERLESS and BASICSTAR. The report aims to raise awareness of CharmingCypress' persistence and willingness to rapidly modify techniques to compromise targets. (VOLEXITY.COM)


The Twin Pillars of Bitcoin's Unique Cybersecurity Model
Bitcoin's cybersecurity model consists of two main pillars. The first is transaction security, ensured by cryptography and digital signatures. The second is the security of transactions on the public ledger, achieved through a social science mechanism involving Bitcoin mining. The mining process secures the ledger, ensuring agreement on transaction history. The importance of mining in cybersecurity is often overlooked. Usability and managing private keys remain challenges for end users. The market is expected to find a balance between security and usability, potentially through innovations like multi-signature or hybrid custody solutions. Broad-scale adoption and education on managing private keys are key to enhancing security in Bitcoin. The social science aspect of Bitcoin's security model is relevant to the cyber industry. (FORBES.COM)


Blockchain and Data Privacy: The Future of Technology Compliance
As blockchain technology continues to expand, organizations must consider the implications of data privacy, information security, and the auditing process. Blockchain's transparency raises privacy concerns, but cryptographic techniques like zero-knowledge proofs can help conceal sensitive data. While blockchain offers security advantages, vulnerabilities still exist, especially in wallet security. Compliance with data privacy laws is crucial, but there is a clash between GDPR's right to be forgotten and blockchain's immutability. Auditing blockchain technology presents unique challenges due to its decentralized nature, but tools like consensus algorithms, smart contract analysis, programming knowledge, and AI integration can enhance efficiency and accuracy in audits. (FORBES.COM)


NSO Group Adds 'MMS Fingerprinting' Zero-Click Attack to Spyware Arsenal
Israeli surveillance firm NSO Group has reportedly added a new tactic, called "MMS Fingerprinting," to its Pegasus mobile spyware tool. A researcher discovered the technique mentioned in a contract between an NSO Group reseller and Ghana's telecom regulator. It allows NSO customers to obtain device details of targeted BlackBerry, Android, or iOS devices simply by sending an MMS message, without any user interaction. While there is no evidence of this technique being exploited in the wild, it raises concerns about potential abuse for surveillance or phishing campaigns. (DARKREADING.COM)


Russian APT Turla Wields Novel Backdoor Malware Against Polish NGOs
State-sponsored APT group Turla, also known as Snake or WaterBug, has expanded its cyber espionage campaign by targeting Polish NGOs. The group is using a newly developed modular backdoor called TinyTurla-NG, which acts as a last-chance backdoor left behind when other unauthorized access mechanisms fail. The backdoor deploys different malware features via different threads and includes PowerShell scripts and arbitrary commands. Turla has also introduced a PowerShell-based implant named TurlaPower-NG for exfiltrating files of interest. The campaign shows Turla's continued use of old tactics, such as leveraging compromised WordPress websites for command-and-control operations. Cisco Talos recommends a layered defense approach to mitigate sophisticated APT threats. (DARKREADING.COM)


Top National Security Council Cybersecurity Official on Institutions Vulnerable to Ransomware Attacks - "The Takeout"
According to Ann Neuberger, the deputy national security adviser for cyber and emerging technology, hospitals and schools are particularly vulnerable to ransomware attacks, often carried out by Russian cybercriminals. The US government is working to enhance cyber defenses in these institutions, utilizing artificial intelligence tools for quicker detection and source identification. The Biden administration is taking action by equipping companies with cybersecurity practices, dismantling cyberinfrastructure used by criminals, and collaborating with international partners to address cryptocurrency movement and money laundering. Neuberger emphasizes the importance of AI-driven defense to stay ahead or closely behind AI-driven offense, highlighting the need for speed in cybersecurity. Neuberger's comments were made prior to the public reference to a non-specific "serious national security threat" related to Russian capabilities in space. (CBSNEWS.COM)


Before Russia Satellite Threat, There Was Starfish Prime, 'Project K'
Russia's reported pursuit of nuclear weapons in space raises concerns over the vulnerability of U.S. satellites and the potential consequences for critical infrastructure. This article explores historical nuclear detonations in space, including the U.S.'s Starfish Prime test in 1962, and examines Russia and China's current efforts to weaponize space. The establishment of the U.S. Space Force reflects the growing recognition of space threats and the need for enhanced defenses. (C4ISRNET.COM)


CISA Establishing New Office Focused On Zero Trust
CISA is opening a Zero Trust Initiative Office to provide expanded training, resources, and guidance to help federal agencies implement zero trust security principles through community building, assessments of maturity progress, and building on existing CISA models and frameworks. (FEDSCOOP.COM)


Deputy CIO Gives Updates on Pentagon's 'Aggressive' Plan for Achieving Zero Trust by 2027
The Department of Defense is working urgently to implement a zero trust-based cybersecurity architecture by 2027. Deputy CIO Dave McKeown shared updates on the progress, including the publication of a reference architecture, strategy, and implementation plan. The department aims to achieve targeted zero trust by the set deadline and is focusing on uplifting the current environment, leveraging cloud services, and using purpose-built on-premises solutions. Congress has been briefed on the plans, and the department is now moving into the implementation phase over the next three years, with a focus on providing appropriate zero-trust training across the entire department. (DEFENSESCOOP.COM)


U.S. Internet Leaked Years of Internal, Customer Emails
Internet provider U.S. Internet Corp had a public link exposing over 6,500 customer domains and their email inboxes from 2008 through the present day, including state and local governments. Its Securence division provides email filtering, but the link gave full access to internal and customer emails in plain text. Hacked links were also created through Securence’s URL scrubbing. U.S. Internet took the inboxes offline after being notified but has not disclosed how long they were exposed or the timing of configuration errors. Regulators may need to intervene, given the secrecy and security oversight concerns after such a massive mistake. (KREBSONSECURITY.COM)


Scale AI to Set the Pentagon's Path for Testing and Evaluating Large Language Models
Scale AI has been chosen by the Pentagon's Chief Digital and Artificial Intelligence Office (CDAO) to develop a testing and evaluation framework for large language models (LLMs). This one-year contract aims to create a means of deploying AI safely, measuring model performance, and providing real-time feedback for military applications. The framework will address the complexities and uncertainties associated with generative AI, including the creation of "holdout datasets" and evaluation metrics. Scale AI will work closely with the DOD to enhance the robustness and resilience of AI systems in classified environments. (DEFENSESCOOP.COM)


Kubernetes Authentication Fundamentals
This article provides an overview of authentication in Kubernetes. It explains that Kubernetes relies on external systems for authentication and supports multiple methods. Built-in options like static and bootstrap tokens are generally not recommended, while client certificates are difficult to revoke. Service account tokens are designed for pods/services but can be abused. It also discusses authentication for other Kubernetes APIs like the kubelet, controller manager and scheduler. Overall, the article helps explain how authentication works in Kubernetes and why securing credentials is important for cluster security. (DATADOGHQ.COM)


Mar 7, 2024, 8:22:53 AMMar 7
to sec-...@googlegroups.com

White House Urges Developers to Stop Using C, C++

In a report released Monday, the White House Office of the National Cyber Director called on developers to reduce the risk of cyberattacks by using programming languages that do not have memory safety vulnerabilities. The report cited C and C++ as examples of programming languages with such vulnerabilities, and named Rust as a programming language it considers safe. Microsoft and Google studies have found that about 70% of all security vulnerabilities are caused by memory safety issues.
[ » Read full article ]

InfoWorld; Grant Gross (February 27, 2024)


Meta Will Start Collecting 'Anonymized' Data About Quest Headset Usage

Users of Meta's Quest VR headsets were informed that the company will begin collecting and aggregating anonymized device usage data with the next software update "for things like building better experiences and improving Meta Quest products for everyone." This includes audio data related to an avatar's lip and face movement; hand, body, and eye tracking data; fitness-related data; data on the user's physical environment; audio commands or dictations; and the user's VR activity. It remains uncertain whether users will be able to opt out of the new data collection policies.
[ » Read full article ]

Ars Technica; Kyle Orland (February 27, 2024)


NIST Releases Version 2.0 of Landmark Cybersecurity Framework

Version 2.0 of the National Institute of Standards and Technology's Cybersecurity Framework (CSF) is geared toward all audiences, industry sectors, and organization types despite their level of cybersecurity knowledge. CSF 2.0's scope extends from protecting critical infrastructure to protecting organizations regardless of sector and includes a governance component that stresses the importance of considering cybersecurity as a major enterprise risk. A new CSF 2.0 Reference Tool lets users browse, search, and export data from core CSF guidance.
[ » Read full article ]

NIST (February 26, 2024)


Security Bugs in ConnectWise Remote-Access Software Under Mass Attack

Researchers at the cybersecurity firm Mandiant discovered "mass exploitation" of two vulnerabilities in ConnectWise ScreenConnect, a tool that provides tech support a route to remote online access to customer systems, by "various threat actors." They said the authentication bypass vulnerability and the path-traversal vulnerability, which enable malicious code to be planted remotely, are easy to exploit. Researchers at WithSecure found hackers are using the flaws to deploy password stealers, back doors, and ransomware, including a Windows variant of the KrustyLoader back door.
[ » Read full article ]

Tech Crunch; Carly Page (February 26, 2024)


New ‘Magic’ Gmail Security Uses AI And Is Here Now, Google Says
Google introduces its AI Cyber Defense Initiative, including the open-source Magika tool, to enhance Gmail security by detecting problematic content and identifying malware with high accuracy. The initiative also involves investing in AI-ready infrastructure, releasing new tools, and providing research grants to advance AI-powered security. (FORBES.COM)


Apple Rolls Out iMessage Upgrade to Withstand Decryption by Quantum Computers
Apple is introducing an upgrade to its iMessage platform called PQ3, aiming to protect against future encryption-breaking technologies, particularly quantum computing. The new protocol rebuilds the iMessage cryptographic protocol from scratch and will replace the existing one in all supported conversations this year. While Apple's encryption algorithms are considered state-of-the-art, the company is proactively preparing for the potential vulnerability that quantum computers could pose to current encryption methods. The move is seen as a "vote of confidence" in acknowledging the realistic threat that advanced computers could pose to existing security measures. (REUTERS.COM)


Android 15 Set to Add Extra Protection to OTP Notifications
Android 15 may enhance privacy and security by preventing third-party apps from intercepting one-time passwords (OTPs) sent via notifications. A new permission called "RECEIVE_SENSITIVE_NOTIFICATIONS" has been discovered in the Android 14 QPR Beta 1 update, indicating that only selected OEM-signed or specified apps will have access to sensitive notifications. This feature aims to prevent untrusted apps from accessing OTP messages, reducing the risk of unauthorized access to user accounts. The implementation of this feature is expected in Android 15, which is set to be unveiled later this year. (ANDROIDCENTRAL.COM)


Wi-Fi Software Flaws Pose Risks
Critical authentication bypass flaws have been discovered in open-source Wi-Fi software used in Android, Linux, and ChromeOS devices. These vulnerabilities could allow attackers to manipulate users into connecting to malicious networks or infiltrate trusted networks without authentication. One vulnerability, CVE-2023-52161, poses a severe threat by granting unauthorized access to secured Wi-Fi networks. Prompt patching and manual configuration of enterprise network certificates are advised to mitigate these risks. Linux distributions have released advisories, and ChromeOS has implemented fixes, but patches for Android devices are still pending. (CYBERMATERIAL.COM)


Meta Disrupts 8 Spyware Firms, 3 Fake News Networks
Meta, the social media company, has identified and disrupted six spyware networks associated with eight companies in Italy, Spain, and the United Arab Emirates. They have also taken down three fake news operations from China, Myanmar, and Ukraine. The report highlights the thriving commercial surveillance industry, which uses fake social media accounts to gather intelligence and distribute powerful spying tools. While fake news operations, particularly those from Russia, have declined, the use of malware and phishing, especially targeting mobile devices, is on the rise. Meta urges organizations to adopt mobile threat defense and mobile app vetting to protect against these threats. (DARKREADING.COM)


Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers
The Shadowserver Foundation has discovered that approximately 28,000 Microsoft Exchange servers have been affected by a zero-day vulnerability, with an additional 68,000 instances considered possibly vulnerable. The vulnerability, identified as CVE-2024-21410, allows for privilege escalation and pass-the-hash attacks. Microsoft has released patches for the vulnerability and advises customers to update their Exchange Server software. The actual number of vulnerable servers may be higher or lower due to the counting methodology used. Organizations are urged to take immediate action to identify and mitigate potentially affected systems. (SECURITYWEEK.COM)


Cybercriminals Utilize Meta's Llama 2 AI for Attacks, Says CrowdStrike
CrowdStrike's Global Threat Report reveals that cybercriminals, specifically the group Scattered Spider, have started using Meta's Llama 2 large language model to generate scripts for Microsoft's PowerShell tool. The generated scripts were employed to download login credentials from a North American financial services victim. Detecting generative AI-based attacks remains challenging, but the report predicts an increase in malicious use of AI as its development progresses. Cybersecurity experts also highlight the potential for misinformation campaigns during the multitude of government elections taking place this year. (ZDNET.COM)


A Top White House Cyber Official Sees the ‘Promise and Peril’ in AI
Anne Neuberger, the deputy national security adviser for cyber, spoke with WIRED about emerging technology issues such as identifying new national security threats from traffic cameras and security concerns regarding software patches for autonomous vehicles. She also discussed advancements in threats from AI and the next steps in the fight against ransomware. (WIRED.COM)


Google's Cloud Run Service Spreads Several Bank Trojans
Researchers have identified an increase in campaigns using Google Cloud Run Service to distribute banking Trojans, including Astaroth, Mekiotio, and Ousaban strains. These campaigns, initially focused on Latin America, have started spreading to Europe and North America. The attackers send phishing emails posing as invoices or financial documents, with malicious links leading to threat actor-controlled Cloud Run Web services. The attackers employ cloaking mechanisms to evade detection, including redirecting to a page for checking proxies and crawlers. Indicators of compromise and mitigation advice have been provided by Cisco Talos researchers. (DARKREADING.COM)


Election Security Concerns Grow Over GOP Criticism of Top Cyber Agency
GOP criticism of the Cybersecurity and Infrastructure Security Agency (CISA) is increasing concerns about election security ahead of the 2024 presidential race as the agency plays a key role in preparing for threats. CISA faces rising attacks from Republican lawmakers and court challenges discouraging collaboration, which experts warn could undermine efforts to counter disinformation campaigns and foreign interference targeting voters. (AXIOS.COM)


Election Officials in the US Face Daunting Challenges in 2024. And Congress Isn't Coming to Help
State election officials in the US are expressing frustration as Congress has yet to allocate federal money to help cover the costs of securing their systems from cyberattacks and updating equipment. With election season already underway, officials are concerned about potential cyberattacks, criminal ransomware gangs, and the spread of election misinformation. The lack of federal funding has left election officials feeling unsupported and struggling to meet the escalating challenges. (STARTRIBUNE.COM)


GitHub Leak Exposes Chinese Offensive Cyber Operations
Leaked Chinese government documents on GitHub reveal offensive cyber operations conducted by China using spyware developed by I-Soon, a Chinese infosec company. The documents provide insight into the inner workings of China's state-sponsored cyber activities, including targeting social media platforms and telecommunications companies. The leaked information also includes sensitive details from telecommunications providers and a victim list that includes institutions in France, India, and neighboring countries. The veracity of the leaked documents has not been officially confirmed. (CYBERNEWS.COM)


Russia’s Countervalue Cyber Approach: Utility or Futility?
The article discusses key operational factors in developing a cyber equivalent to the nuclear SIOP, including C3I requirements, verifying effectiveness, limitations on adaptive planning, distinctions between theater and strategic cyber operations, and the need for policymaker guidance on targeting priorities, escalation risks, and damage expectancy. (CARNEGIEENDOWMENT.ORG)


Shifting Trends in Cyber Threats
The 2024 Threat Index report by IBM X-Force reveals changing trends in cyber threats, including a decline in ransomware attacks but a rise in infostealing methods and attacks on cloud services and critical infrastructure. The report emphasizes the need for constant vigilance and adaptation to combat these evolving threats. Additionally, the report highlights the potential risks posed by AI-driven cyberattacks, urging proactive measures to secure AI systems. Organizations must adopt comprehensive cybersecurity strategies to effectively detect and mitigate emerging threats in this dynamic landscape. (CYBERMATERIAL.COM)


CISA HBOM Framework Doesn't Go Far Enough
CISA's hardware bill of materials (HBOM) framework is a crucial step in addressing semiconductor risks, but it falls short in terms of tracking beyond manufacturing. The framework provides a consistent way to communicate about hardware components, aiding supply chain management and risk assessment. However, to effectively combat emerging cyber threats, an HBOM must track chips throughout their entire lifecycle in end products. The recent Downfall vulnerability, affecting chips manufactured in 2015, highlights the need for comprehensive traceability and security measures beyond manufacturing. While CISA's framework is a good start, a more thorough HBOM framework is necessary for enhanced chip security. (DARKREADING.COM)


Migo Malware Targeting Redis Servers
The Migo malware campaign is targeting Redis servers to carry out cryptocurrency mining on compromised Linux systems. The attack involves disabling security measures on Redis servers and establishing persistence on targeted machines. Migo employs techniques to resist reverse engineering, acts as a downloader for an XMRig installer, and deploys a rootkit to conceal its activities. The motives behind the campaign remain unclear, but it highlights the evolving sophistication of cloud-focused cyber threats and the need for proactive cybersecurity measures. (CYBERMATERIAL.COM)


Sony’s PlayStation Portal Hacked to Run Emulated PSP Games
Google engineers have successfully hacked Sony's PlayStation Portal to run emulated games locally, bypassing streaming limitations. The engineers were able to run the PPSSPP emulator natively on the PlayStation Portal, allowing games like Grand Theft Auto: Liberty City Stories to be played without Wi-Fi streaming. The exploit is software-based and does not require hardware modifications. A release for the jailbreak is not currently planned, but it could greatly enhance the PlayStation Portal's capabilities if made available. (THEVERGE.COM)


Mar 9, 2024, 8:19:34 AMMar 9
to sec-...@googlegroups.com

GitHub Besieged by Millions of Malicious Repositories in Ongoing Attack

An ongoing cyberattack at GitHub has resulted in millions of malicious code repositories that use malware to steal developers' passwords and cryptocurrency. GitHub's "automation detection seems to miss many repos,” contend Apiiro security researchers Matan Giladi and Gil David, “and the ones that were uploaded manually survive. Because the whole attack chain seems to be mostly automated on a large scale, the 1% that survive still amount to thousands of malicious repos."
» Read full article ]

Ars Technica; Dan Goodin (February 28, 2024)


'Self-Destruct' Chips Could Mitigate Counterfeiting

A "self-destruct" chip developed by a team led by Eric Hunt-Schroeder from the University of Vermont could prevent counterfeit chips from entering the market. The chips generate their own unique digital fingerprints, or physically unclonable functions (PUFs), ensuring their authenticity. If compromised, the PUFs destroy themselves using two methods of circuit suicide, both involving an increase in voltage that leads to electromigration or rapid time-dependent dielectric breakdown.
» Read full article ]

TechRadar; Wayne Williams (March 7, 2024)


Sam Altman's Eye-Scanning Worldcoin Banned in Spain

Spain has banned Worldcoin for up to three months over privacy risks from the project, co-founded in 2019 by OpenAI Chief Executive Sam Altman, which scans irises in exchange for a digital ID and free cryptocurrency. More than 4 million people in 120 countries have signed up to have their irises scanned by Worldcoin's "orb" devices, according to its website. But the project has drawn criticism from privacy campaigners over the collection, storage, and use of personal data. Altman says Worldcoin's ID will allow users to, among other things, prove online that they are human.
» Read full article ]

Reuters; Jaspreet Singh; Niket Nishan; David Latona (March 6, 2024); et al.


Your Doctor's Office Might Be Bugged

More physician practices are implementing ambient AI scribing, in which AI listens to patient visits and writes clinical notes summarizing them. In a recent study of the Permanente Medical Group in Northern California, more than 3,400 doctors have used ambient AI scribes in more than 300,000 patient encounters since October. Doctors reported that the technology reduced the amount of time spent on after-hours note writing and allowed for more meaningful patient interactions. However, its use raises concerns about security, privacy, and documentation errors.
» Read full article ]

Forbes; Jesse Pines (March 4, 2024)


Anycubic 3D Printers Hacked in Attempt to Inform Owners of Security Hole

Hackers reportedly discovered security vulnerabilities in Anycubic 3D printers and are using a readme file on the printer display to inform users about the issue and encourage them to disable the Internet connection until a patch is issued. The hackers indicated that they had contacted Anycubic regarding the two critical security flaws they uncovered but resorted to informing users directly after not receiving a response from the company.
» Read full article ]

Tom's Hardware; Christopher Harper (March 1, 2024)


Self-Destructing Circuits, More Security Schemes

A probe-sensing circuit developed by Columbia University researchers can launch a protection engine that instructs the processor to encrypt data traffic after detecting changes in capacitance as small as 0.5 picofarads. Meanwhile, University of Texas at Austin researchers developed a technique to obscure a chip's side-channel signals by breaking the SMA component of the AES encryption process into four parallel steps and slightly altering the timing of each substep. They also inserted tunable replica circuits to conceal the real signals. Additionally, University of Vermont researchers developed a circuit that self-destructs by increasing the current in its longest interconnects or speeding up the breakdown of the transistor's gate dielectric.
» Read full article ]

IEEE Spectrum; Samuel K. Moore (February 28, 2024)


Malware Worm Can Poison ChatGPT, Gemini-Powered Assistants

A "zero-click" AI worm able to launch an "adversarial self-replicating prompt" via text and image inputs has been developed by researchers at Cornell University, Intuit, and Technion—Israel Institute of Technology to exploit OpenAI’s ChatGPT-4, Google’s Gemini, and the LLaVA open source AI model. In a test of affected AI email assistants, the researchers found that the worm could extract personal data, launch phishing attacks, and send spam messages. The researchers attributed the self-replicating malware’s success to “bad architecture design” in the generative AI ecosystem.
» Read full article ]

PC Magazine; Kate Irwin (March 1, 2024)


Mar 17, 2024, 1:12:38 PMMar 17
to sec-...@googlegroups.com

TikTok's Security Threats Go Beyond the Scope of House Legislation

Legislation passed by the U.S. House to require TikTok to sell its U.S. operations to a non-Chinese owner over national security risks does not address the security issues stemming from ownership of TikTok's code and algorithms. The algorithms, which guide the content showed to users based on what they view, are developed by engineers at Chinese parent company ByteDance. With China unlikely to allow those algorithms to be licensed to outside companies, an American-owned TikTok would require a new algorithm, which may or may not work and could render the app worthless.

» Read full article *May Require Paid Registration ]

The New York Times; David E. Sanger; David McCabe (March 13, 2024)


Hackers Breached Key Microsoft Systems

Microsoft revealed that a breach of its systems by Russian state-backed hackers was more extensive than previously thought when first disclosed in January. Microsoft believes the hackers have used information stolen from Microsoft's corporate email systems to access “some of the company's source code repositories and internal systems,” the company said in a filing with the U.S. Securities and Exchange Commission. An accompanying blog post said the hacker group may be using the information it stole “to accumulate a picture of areas to attack and enhance its ability to do so.”
[ » Read full article ]

CNN; Sean Lyngaas (March 8, 2024)


Researchers Jailbreak Chatbots with ASCII Art

ArtPrompt, developed by researchers in Washington and Chicago, can bypass large language models' (LLMs) built-in security features. The tool generates ASCII art prompts to get AI chatbots to respond to queries they are supposed to reject, like those referencing hateful, violent, illegal, or harmful content. ArtPrompt replaces the "safety word" (the reason for rejecting the submission) with an ASCII art representation of the word, which does not trigger the ethical or security measures that would prevent a response from the LLM.
[ » Read full article ]

Tom's Hardware; Mark Tyson (March 7, 2024)


CISA, NSA Share Best Practices for Securing Cloud Services

The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) jointly issued five cybersecurity bulletins offering best practices for securing cloud services. The cybersecurity information sheets provide guidance on identity and access management solutions, as well as key management solutions, encrypting data in the cloud, managing cloud storage, and mitigating risks from managed service providers.
[ » Read full article ]

BleepingComputer; Lawrence Abrams (March 7, 2024)


Biden Order Limits Foreign Access To Americans’ Sensitive Data

Bloomberg Share to FacebookShare to Twitter (2/28, Subscription Publication) reports President Biden is signing an executive order “designed to prevent foreign entities from accessing troves of Americans’ personal data amid worries it could be exploited for commercial and military advantage, particularly by China and Russia.” The new order “is intended to prevent ‘countries of concern’ from obtaining large tranches of sensitive data involving people’s health, location, finances, and even voice or keyboard patterns. That information can be purchased or obtained from sources such as data brokers, third-party vendors and employers.” The AP