Dr. T's security brief

Skip to first unread message


Jan 7, 2024, 9:04:32 AMJan 7
to sec-...@googlegroups.com

SSH Servers Vulnerable to New Terrapin Attacks
Bill Toulas
January 3, 2024

The Terrapin attack developed by researchers at Germany's Ruhr University Bochum could put nearly 11 million Internet-exposed Secure Shell Protocol (SSH) servers at risk, according to security threat monitoring platform Shadowserver. The attack compromises the integrity of the SSH channel by manipulating sequence numbers during the handshake process. Attackers can intercept and modify the handshake exchange in the adversary-in-the-middle position. The researchers have developed a scanner to assess SSH client or server vulnerability.

Full Article



Machine Learning Helps Fuzzing Find Hardware Bugs
IEEE Spectrum
Tammy Xu
January 3, 2024

Texas A&M University researchers used the "fuzzing" technique, which introduces incorrect commands and prompts, to automate chip testing on the assembly line to help identify hardware bugs early in the development process. The researchers used reinforcement learning to select inputs for fuzz testing, then adapted an algorithm used to solve the multi-armed bandit (MAB) problem. The researchers found the MABFuzz algorithm significantly sped up the detection of vulnerabilities and covering the testing space.

Full Article



Your Car Is Tracking You. Abusive Partners May Be, Too
The New York Times
Kashmir Hill
December 31, 2023

Internet-connected vehicles gather large amounts of data using a variety of methods, and privacy advocates have raised concerns about how this data is being used and shared by auto manufacturers. Although drivers benefit from the convenience of smartphone apps that pinpoint a car's location and allow remote locking and unlocking, among other things, these same convenience features can be used by abusive domestic partners to track their victims. Vehicle manufacturers generally are unwilling to end an abusive partner's access to these apps, especially if the vehicle’s loan and title are in their name.

Full Article

*May Require Paid Registration



Java Applications Have Major Security Flaws
Tech Times
Jace Dela Cruz
December 28, 2023

Widely-used Java applications examined by researchers led by Alexandre Bartel at Umeå University in Sweden were found to have major security vulnerabilities in their deserialization process, in which packaged information is restored to its previous state. The study found the flow of bytes allows attackers to modify information during deserialization to gain control over the receiving system. Said Bartel, "The problem is that the programmers seem to repeat the same mistakes over and over again and therefore reintroduce the vulnerabilities."

Full Article



iPhone Triangulation Attack Abused Undocumented Hardware Feature
Bill Toulas
December 27, 2023

The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections. The attacks, which exploit four zero-day vulnerabilities, start with a malicious iMessage attachment sent to the target, and the entire chain is zero-click. Kaspersky discovered the attack within its own network in June 2023. It then reverse engineered the attack chain, concluding that the attackers "are able to write data to a certain physical address while bypassing the hardware-based memory protection by writing the data, destination address, and data hash to unknown hardware registers of the chip unused by the firmware."

Full Article



Content Credentials Will Fight Deepfakes in the 2024 Elections
IEEE Spectrum
Eliza Strickland
December 27, 2023

With nearly 80 countries holding major elections in 2024, the deployment of content credentialing to fight deepfakes and other AI-generated disinformation is expected to gain ground. The Coalition for Content Provenance and Authenticity (C2PA), an organization that’s developing technical methods to document the origin and history of real and fake digital-media files, in 2021 released initial standards for attaching cryptographically secure metadata to image and video files. It has been further developing the open-source specifications and implementing them with leading media companies. Microsoft, meanwhile, recently launched an initiative to help political campaigns use content credentials.

Full Article


CNBC Analysis: 2023 Proved Cryptocurrency Critics Right

In an approximately 2,400-word analysis for CNBC Share to FacebookShare to Twitter (12/30), MacKenzie Sigalos discusses challenges in the cryptocurrency industry. Signalos writes, “After a brutal 18 months of bankruptcies, company failures and criminal trials, the crypto market is starting to claw back some of its former standing. Bitcoin is up more than 150% this year. Meanwhile, Solana is nearly 10x higher in the last 12 months, and bitcoin miner Marathon Digital has also skyrocketed. Crypto-pegged stocks like Coinbase, MicroStrategy and the Grayscale Bitcoin Trust rose more than 300% in value year-to-date.” However, “even as prices swell, the sector’s reputation has struggled to regain ground after names virtually synonymous with bitcoin have both been found guilty of crimes directly related to their multibillion-dollar crypto empires.”


Jan 13, 2024, 7:20:51 PMJan 13
to sec-...@googlegroups.com

Security of Georgia's Dominion Voting Machines on Trial

A federal trial has begun to determine whether Dominion Voting Systems' touch-screen voting machines used in the U.S. state of Georgia can be hacked or manipulated. In Georgia, once voters make their choices, their ballots are printed with their votes and a QR code; the QR code is ultimately what is read and cast as the voter’s ballot. Several voters and the Coalition for Good Governance, who launched the suit, want the state to revert to paper ballots which, they say, will assure voters their ballots are being counted properly.
» Read full article ]

CBS News; Jared Eggleston (January 9, 2024)



China Forensic Firm Cracks Apple’s AirDrop

Chinese forensic firm Beijing Wangshendongjian Technology Co Ltd has “broken through the technical difficulties of tracing anonymous AirDrops," according to an article on the official WeChat of Beijing’s Bureau of Justice. When a Beijing subway passenger’s iPhone received an "inappropriate" video via AirDrop, Wangshendongjian analyzed the iPhone’s logs and found the sender’s mobile number and email address in the form of hash values. It then used a “rainbow table” of cracked passwords to decode enough information to help police “identify several suspects."
[ » Read full article ]

South China Morning Post; Yuanyue Dang (January 9, 2024)



AI Helps U.S. Intelligence Track Hackers Targeting Critical Infrastructure

At a Jan. 9 conference hosted by Fordham University, cybersecurity leaders said U.S. intelligence authorities are leveraging AI to detect hackers that increasingly are using the same technology to conceal their activities. National Security Agency's Rob Joyce explained that hackers are "using flaws in the architecture, implementation problems, and other things to get a foothold into accounts or create accounts that then appear like they should be part of the network." The FBI's Maggie Dugan noted that hackers are using open source models and their own datasets to develop and train their own generative AI tools, then sell them on the dark web.
» Read full article *May Require Paid Registration ]

WSJ Pro Cybersecurity; Catherine Stupp (January 10, 2024)



Philippines Turns to Hackers to Ward off China Cyber Threat

Amid rising tensions in the South China Sea, the Philippines has seen an increase in state-sponsored cyberattacks. The cybersecurity firm Surfshark said the Philippines was among the world’s 30 most cyber-attacked countries, with more than 60,000 user accounts compromised in the third quarter. The government's understaffed cyber response team is significantly understaffed (with just 35 members), which means it sometimes must collaborate with anonymous "black hat" hackers to obtain tips on looming threats.
[ » Read full article *May Require Paid Registration ]

Bloomberg; Cliff Harvey Venzon; Ditas B. Lopez; Jr., Manolo Serapio (January 7, 2024); et al.



Museum World Hit by Cyberattack on Software
The New York Times
Zachary Small
January 3, 2024

A cyberattack affecting technological service provider Gallery Systems took several museums' online collections offline when the eMuseum tool went down. The software allows visitors to search online collections and museums to manage sensitive information. Gallery Systems reported its software became encrypted and ceased operating on Dec. 28. Cyberattacks against cultural groups are becoming more common, according to some security experts.

Full Article

*May Require Paid Registration


SEC X Account Hacked, Briefly Falsely Claims Commission Approved Bitcoin Fund

The New York Times Share to FacebookShare to Twitter (1/9, Yaffe-Bellany) reports, “For 15 minutes, the cryptocurrency industry was euphoric. At 4:11 p.m. on Tuesday, the official X account” of the SEC “announced that regulators had approved a new investment product tracking the price of Bitcoin, an apparent victory for the embattled crypto industry.” Then, 15 minutes later, SEC Chair Gensler “posted that the agency’s account had been compromised, resulting in an ‘unauthorized tweet.’ An S.E.C. spokeswoman confirmed the hack in an emailed statement.” Bloomberg Share to FacebookShare to Twitter (1/9, Versprille, Subscription Publication) reports the incident “has sparked an investigation by US authorities into how a social media account at Wall Street’s main regulator was compromised.” Politico Share to FacebookShare to Twitter (1/9, Harty) reports X “is also investigating the hack, according to Joe Benarroch, head of business operations.”

        The Washington Post Share to FacebookShare to Twitter (1/9, Menn) reports, “Bitcoin backers have asked the SEC for permission to list such funds repeatedly, since they would give investors a more regulated way to participate in the crypto markets. The false post briefly drove a spike in bitcoin prices, so that anyone with knowledge of the scam could have reaped a major profit.” The Wall Street Journal Share to FacebookShare to Twitter (1/9, Kiernan, Osipovich, Subscription Publication) reports that an actual “decision on the funds is expected on Wednesday.” Reuters Share to
FacebookShare to Twitter (1/9, Lang, Mcgee) and The Hill Share to FacebookShare to Twitter (1/9) provide similar coverage.


FCC Asks Automakers To Disclose, Plan Policies Around Vehicle Location Privacy

The AP Share to FacebookShare to Twitter (1/11) reports the FCC “is asking automakers how they plan to protect people from being stalked or harassed by partners who have access to vehicle location and other data.” FCC Chairwoman Jessica Rosenworcel, in a letter sent on Thursday to major automakers, “asks for details about connected car systems and plans to support people who have been harassed by domestic abusers.” Rosenworcel said in a statement, “No survivor of domestic violence and abuse should have to choose between giving up their car and allowing themselves to be stalked and harmed by those who can access its data and connectivity.” The letter also “asks if the companies remove access even from someone whose name is on the vehicle’s title.”


Jan 21, 2024, 7:34:17 PMJan 21
to sec-...@googlegroups.com

Britain's Spies Mark 80th Anniversary of Code-Breaking Computer

January 18 marked the 80th anniversary of Colossus, the first digital computer, which decoded German messages for the Allied forces during World War II and is credited by many experts for shortening the war. Developed by Tommy Flowers, Colossus decreased the time it took to decode messages from weeks to just hours using 2,500 valves to process information.
[ » Read full article ]

Reuters; Sarah Young (January 18, 2024)



Tablet's Light Sensor Can Spy on Users

Massachusetts Institute of Technology researchers demonstrated that ambient light sensors on tablets can be employed by hackers to spy on users. The researchers developed an inversion algorithm to transform readings from such a sensor into a 32x32-pixel image of the region above the display. This test generated images of two-finger scrolling, three-finger pinches, and other touch gestures using a Samsung Galaxy View2 tablet. They also demonstrated that videos could be used to conceal illumination patterns.
[ » Read full article ]

IEEE Spectrum; Edd Gent (January 16, 2024)



First Unhackable Shopping Transactions Carried Out on Quantum Internet

Researchers at China's Renmin University demonstrated the first unhackable shopping transactions on a network of five quantum computers. Each of the quantum computers played a role, with one serving as the merchant, two serving as buyers, and two serving as neutral mediators. They communicated via quantum encryption keys (sequences of quantum light signals). The merchant produced an e-commerce contract that it and a buyer verified and signed, with their communications first going through a third-party mediator.

[ » Read full article *May Require Paid Registration ]

New Scientist; Karmela Padavic-Callaghan (January 12, 2024)



Breath 'Fingerprint' Could Be Used to Unlock Phones

Indian Institute of Technology Madras researchers found breathing data can be used as a biometric test for unlocking devices. They fed air velocity sensor readings of 10 breaths from each of 94 participants into an AI model, which detects an individual's unique patterns of breath turbulence created by the shape of their nasal and oral passages, pharynx, and larynx. After analyzing the breath of a particular individual, the model was more than 97% accurate in determining whether or not a breath came from that person.

[ » Read full article *May Require Paid Registration ]

New Scientist; Matthew Sparkes (January 12, 2024)



Our Fingerprints May Not Be Unique

Columbia University researchers developed an AI tool that can determine whether prints from different fingers came from a single person. The tool analyzed 60,000 fingerprints and was 75% to 90% accurate. Though uncertain how the AI makes its determinations, the researchers believe it concentrates on the orientation of the ridges in the center of a finger; traditional forensic methods look at how the individual ridges end and fork.
[ » Read full article ]

BBC; Zoe Kleinman (January 11, 2024)



Network-Connected Torque Wrench Is Vulnerable to Ransomware

Researchers at the IT security firm Nozomi Networks identified 25 vulnerabilities in Wi-Fi-enabled pneumatic torque wrenches featuring a Bosch Rexroth Linux-based NEXO-OS operating system. The researchers were able to install ransomware on the Bosch wrenches, then alter the graphical user interface (GUI) to display a message requesting a ransom payment. It also is possible to change the wrenches' configuration settings while displaying a normal value on the GUI. Bosch Rexroth said it will provide an official fix by the end of the month.
[ » Read full article ]

PC Magazine; Michael Kan (January 9, 2024)



AI-Driven Misinformation 'Biggest Short-Term Threat to Global Economy'

The World Economic Forum's annual risks report, based on a survey of 1,300 experts, revealed that respondents believe the biggest short-term threat to the global economy will come from AI-driven misinformation and disinformation. This is a major concern, given that elections will be held this year in countries accounting for 60% of global gross domestic product. Other short-term risks cited by respondents include extreme weather events, societal polarization, cyber insecurity, and interstate armed conflict.
[ » Read full article ]

The Guardian; Larry Elliott (January 10, 2024)



OpenAI Working With Pentagon On Cybersecurity Tools. Bloomberg Share to FacebookShare to Twitter (1/16, Subscription Publication) reports OpenAI is working “with the Pentagon on a number of projects including cybersecurity capabilities, a departure from the startup’s earlier ban on providing its artificial intelligence to militaries.” The ChatGPT developer is making tools “with the US Defense Department on open-source cybersecurity software, and has had initial talks with the US government about methods to assist with preventing veteran suicide, Anna Makanju, the company’s vice president of global affairs, said in an interview at Bloomberg House at the World Economic Forum in Davos on Tuesday.” OpenAI also “said that it is accelerating its work on election security, devoting resources to ensuring that its generative AI tools are not used to spread political disinformation.”


Lawmakers Propose Bupartsian Bill To Criminalize Deepfake Nudes Of Real People

The Wall Street Journal Share to FacebookShare to Twitter (1/16, Jargon, Subscription Publication) reports that on Tuesday, Resp. Joseph Morelle (D-NY) and Tom Kean (R-NJ) re-introduced the “Preventing Deepfakes of Intimate Images Act,” which would criminalize the nonconsensual sharing of digitally-altered intimate images. The Journal explains bipartisan move Tuesday comes in response to an incident at Westfield High School in New Jersey. Boys there were sharing AI-generated nude images of female classmates without their consent.

        California Assemblymember Proposes Bill Cracking Down On Harmful AI-Generated Content. Politico Share to FacebookShare to Twitter (1/16, Korte) reports a California state lawmaker “wants to crack down on AI-generated depictions of child sexual abuse as tech companies face growing scrutiny nationally over their moderation of illicit content.” A new bill “from Democratic Assemblymember Marc Berman, first reported in California Playbook, would update the state’s penal code to criminalize the production, distribution or possession of such material, even if it’s fictitious.” Among the backers “is Common Sense Media, the nonprofit founded by Jim Steyer that for years has advocated for cyber protections for children and their privacy.” The legislation “has the potential to open up a new avenue of complaints against social media companies, who are already battling criticisms that they don’t do enough to eradicate harmful material from their websites.”


States Enact Data Privacy Laws As Federal Policy Defers On Issue

Roll Call Share to FacebookShare to Twitter (1/17, Ratnam) reports, “States that have enacted data privacy laws and those pursuing them are migrating into disparate camps in their approaches to privacy protections, setting up a clash if Congress enacts federal legislation.” Currently, a number of states – including California, Oregon, Montana, Utah, and Virginia – have passed some form of data privacy laws, but most do not allow individuals to personally sue companies over data breached, instead offering consumers “a mix of basic and substantive protections.” Instead, most of the policies allow state attorneys general to “bring lawsuits against companies for violations.” However, multiple parties have argued that the laws could be modified or effected if Congress picks up the issue in the coming year.


That Emergency Phone Call from a Loved One Could Actually Be Scammers Using AI – How to Stay Safe
Scammers are now using AI technology to create deepfakes of loved ones' voices, making it harder to distinguish legitimate calls from fraudulent ones. To stay safe, it is important to be cautious of unexpected emergency calls, verify the information with the person directly or someone who knows them, and report suspicious activities to the police or the FBI. (TOMSGUIDE.COM)


Docker Hosts Hacked in Ongoing Website Traffic Theft Scheme
A campaign targeting vulnerable Docker services has been discovered, where attackers deploy an XMRig miner and the 9hits viewer app on compromised hosts. The 9hits app generates traffic for the attackers using the resources of the compromised systems, while the XMRig miner mines Monero cryptocurrency. This campaign highlights the need for stricter security checks and policies to prevent unauthorized use of platforms like 9hits that can cause financial damage and disruption. (BLEEPINGCOMPUTER.COM)


Vicarius Lands $30M for Its AI-Powered Vulnerability Detection Tools
Vulnerability remediation platform Vicarius has raised $30 million in a Series B funding round led by Bright Pixel Capital. The company's AI-powered tools, including the recently launched vuln_GPT text-generating AI tool, help automate system breach detection and remediation. With a growing customer base of over 400 brands, Vicarius plans to use the funding to advance its product roadmap and expand its team. The platform analyzes apps for vulnerabilities, offers in-memory protection, and provides access to a community of security researchers. Vicarius aims to consolidate and scale the vulnerability remediation process for enterprises. (TECHCRUNCH.COM)


NIST Offers Guidance on Measuring and Improving Your Company’s Cybersecurity Program
The National Institute of Standards and Technology (NIST) has released draft guidance on measuring information security efforts to help organizations evaluate and improve their cybersecurity programs. The two-volume document provides practical advice on developing an effective program and using quantitative measurements to communicate progress. NIST is seeking public comments on the draft until March 18, 2024. The guidance can be used in conjunction with risk management frameworks and aims to move organizations from qualitative descriptions of risk to data-driven assessments. The publication is tailored for both information security specialists and executives, offering guidance on specific measures and the development of an information security measurement program. (NIST.GOV)


FBI and CISA Warn Companies to Be Wary of Using Chinese-Made Drones Over National Security Risks
The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning stating that Chinese-made drones pose a significant risk to critical infrastructure and US national security. The memo highlights Chinese laws that require companies, including drone manufacturers, to provide the government with access to collected data, raising concerns about sensitive information exposure. The Department of Homeland Security has previously warned about the risks posed by Chinese-made drones, emphasizing the potential access to flight data by the Chinese government. (CNN.COM)


Critical Infrastructure Sees Most Cyber Incidents Due to Lack of Budget
Insufficient cybersecurity investment has led to a significant number of cyber incidents in critical infrastructure, oil & gas, and energy organizations in the META region, according to a study by Kaspersky. Of the companies surveyed, 60% in these sectors experienced cyber breaches due to improper budget allocation. Additionally, 24% of companies in the region reported not having enough funds for adequate cybersecurity measures. To address these issues, organizations are planning to invest in threat detection software, training programs, endpoint protection software, hiring IT professionals, and adopting SaaS cloud solutions. (MSN.COM)


CISA, FBI and EPA Release Incident Response Guide for Water and Wastewater Systems Sector
A joint guide has been released by CISA, FBI, and EPA to assist the Water and Wastewater Systems (WWS) Sector in preparing for and responding to cyber incidents. The guide covers the four stages of the incident response lifecycle and provides best practices, resources, and federal roles and responsibilities for each stage. (CISA.GOV)


CISA Releases 2023 Year in Review Showcasing Efforts to Protect Critical Infrastructure
CISA's 2023 Year in Review highlights their work in managing cyber and physical risks in communities across the US, including promoting secure software design, providing pre-ransomware notifications, conducting vulnerability warnings, and implementing cybersecurity recommendations. They also championed secure open-source software and released roadmaps for artificial intelligence and secure AI system development. Additionally, CISA made progress on implementing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) and launched the Secure Our World cybersecurity awareness program. They also played a vital role in protecting and defending federal networks, mitigating vulnerabilities, blocking malicious DNS requests, and responding to significant incidents. (CISA.GOV)


Illicit Crypto Addresses Received at Least $24.2 Billion in 2023 - Report
Crypto research firm Chainalysis reveals that at least $24.2 billion worth of cryptocurrency was sent to illicit wallet addresses in 2023. The figure is expected to rise as more illicit addresses are identified. Sanctioned entities and jurisdictions accounted for $14.9 billion of the illicit transaction volume, with the majority coming from crypto services in U.S.-sanctioned jurisdictions. Revenue from crypto scamming and hacking declined, while ransomware and darknet markets saw increased profits. Stablecoins have become the dominant cryptocurrency used in illicit transactions. (REUTERS.COM)


$80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell
A phishing campaign called "Inferno Drainer" has stolen over $80 million in cryptocurrency from 137,000 victims using brand impersonation. The campaign, which ran for a year, used more than 16,000 unique domains and employed a "drainer-as-a-service" model. While the campaign has been disrupted, experts warn that the success of Inferno Drainer may inspire the development of new drainers in 2024. Cryptocurrency holders are advised to be cautious of websites offering free digital assets, while businesses in the crypto sphere should report phishing websites and employ cybersecurity solutions to detect and block threats. (DARKREADING.COM)


Hacker Swipes $3.3M from Bungee Crypto Bridge Users by Exploiting Contract Bug
Over 200 wallets using crypto bridge aggregator Bungee have lost funds totaling $3.3 million due to a bug in the underlying technology. The bug allowed a hacker to drain funds from wallets that had previously used Bungee's Socket route to send tokens on Ethereum. The majority of stolen tokens were converted to Ether, with smaller amounts of other cryptocurrencies remaining in the hacker's wallet. The project behind Bungee, Socket, has paused the exploited smart contract to prevent further damage. Users are advised to revoke permissions granted to DeFi protocols after bridging to prevent similar incidents. (DLNEWS.COM)


China Raises Private Hacker Army to Probe Foreign Governments
China's cybersecurity law, which requires Chinese companies to report software vulnerabilities to the government, has inadvertently created a private army of hackers. The law has led to collaboration and competition among Chinese state institutions, resulting in efforts to outperform each other in finding cybersecurity vulnerabilities in software used by foreign governments. China's growing cybersecurity industry and the overlap between the vulnerability databases of the industry ministry and the military and intelligence agencies further highlight the dual purpose of these hackers. Concerns have been raised about the negative utilization of hacking talents if the traditional security sector fails to absorb them. (NEWSWEEK.COM)


Risk of Cyber Incidents Weigh Heavily on Businesses for 2024, Report Finds
A report by Allianz Commercial has identified cyber incidents as the top business risk for 2024, with 36% of respondents expressing concern. The report includes data breaches, IT disruptions, ransomware attacks, and fines as cyber incidents. Data breaches were cited as the most concerning cyber risk by 59% of companies surveyed. Cyber criminals are increasingly using new technologies like artificial intelligence to automate attacks, leading to more effective malware and phishing attempts. Business interruptions and natural catastrophes were also highlighted as major concerns for businesses in 2024. (FOXBUSINESS.COM)


Credentials Are Still King: Leaked Credentials, Data Breaches, and Dark Web Markets
Infostealer malware poses a major risk to corporate information security, stealing credentials and exporting them to command and control infrastructure. Leaked credentials, particularly from third-party breaches and infostealer logs, continue to be a significant threat to organizations. Monitoring leaked credentials databases, requiring password resets, and using password managers are recommended defense strategies. Combolists, which combine credential pairs for brute-forcing, also present a considerable attack vector. Tier 2 leaked credentials obtained through infostealer malware pose increased risks, while fresh stealer logs in Tier 3 may enable session hijacking attacks. Multi-factor authentication is not foolproof, as threat actors have techniques to bypass it. Flare offers a monitoring platform for leaked credentials. (BLEEPINGCOMPUTER.COM)


Veon CEO Says Russian State Actors Behind Kyivstar Cyberattack
Veon CEO Kaan Terzioglu has revealed that the December cyberattack that disrupted phone and internet services for approximately 24 million people in Ukraine was executed by Russian state actors. Terzioglu described the attack as "military-grade" and stated that Veon's investigation pointed to Russian state actors as the culprits. The cyberattack affected Kyivstar, Ukraine's largest mobile company, as well as digital banking services, ATMs, and air raid sirens. Veon provided $100 million in benefits to customers as compensation for the three days of disrupted services. (BLOOMBERG.COM)


Cyberattack on Ukraine's Kyivstar to Cost Veon Nearly $100 Million in Sales
Veon, the parent company of Kyivstar, Ukraine's largest mobile operator, expects to lose around $95 million in revenue in 2024 due to a major cyberattack in December. The attack disrupted services and damaged IT infrastructure, leading Kyivstar to compensate customers for the inconvenience. Veon does not anticipate a significant financial impact for 2023 but will absorb the costs in the current year. (USNEWS.COM)


Courts Reveal True Scale of Cyber Attack on System
The cyber attack on Victoria's court system was more extensive than originally believed, with hackers potentially accessing years' worth of recorded hearings. Court Services Victoria (CSV) discovered that the hack, which occurred in December, involved files dating back to 2016, including Supreme Court matters and County Court recordings. The source of the hack has not been confirmed, but experts suggest that hackers may have gained access through a court staffer's computer system. CSV is working to alert affected individuals and enhance security measures while monitoring the dark web for potential unauthorized publication or sale of the recordings. (COM.AU)


UC Irvine Students, Grads Fight Back After Hackers Post Gruesome Images in Cyberattack
UC Irvine students and graduates took action to combat a vicious cyberattack in which hackers targeted them with disturbing images and videos of human and animal mutilation. The attack, which started on January 9, caused shock and distress among the victims. Alina Kim, a UCI computer science and engineering graduate, organized a team to block the content on larger servers and ensure the safety of the community. UC Irvine officials have pledged to support affected students and are working with law enforcement agencies to address the incident. (NBCLOSANGELES.COM)


UC Irvine Students Sent to Hospital After Hackers Send Graphic Images to Their Discord Server
Hackers infiltrated UC Irvine's Discord server, posting graphic and violent images that traumatized students. Nearly 3,000 students were affected, with reports of vomiting and distress. The hackers demanded a $1,000 ransom and targeted 30 channels. Students created a bot to block the attackers and tracked down 400 associated accounts. The attack has been reported to UCI police, who plan to involve the FBI. The university is providing counseling and cybersecurity assistance to affected students. Similar attacks have been reported at other universities, including Washington State University and USC. (CBSNEWS.COM)


CNMF Marks a Decade Defending the Nation
The Cyber National Mission Force (CNMF) celebrates its 10th anniversary as a key unit of U.S. Cyber Command. CNMF has played a critical role in defending the nation by planning, directing, and synchronizing cyberspace operations to deter and defeat cyber adversaries. Over the past decade, CNMF has responded to national crises, defended U.S. elections, protected critical infrastructure, and conducted missions worldwide. With over 2,000 personnel from various military branches and agencies, CNMF remains committed to defending against advanced cyber threats and collaborating with partners and allies to strengthen cybersecurity. (CYBERCOM.MIL)


The Microsoft Threat Intelligence Podcast Microsoft Threat Intelligence Community Spotlights New TTPs
Senior threat researchers from Microsoft Threat Intelligence discuss their analysis of new tactics used by the threat actor known as Mint Sandstorm to target academics. In a recent campaign, this adversary group leveraged compromised accounts to send customized phishing emails and deployed a custom backdoor called MediaPl to maintain covert access into compromised systems. The podcast unveils innovative techniques observed through Microsoft's extensive threat monitoring. (MICROSOFT.COM)


Kansas State University Cyberattack Disrupts IT Network and Services
Kansas State University (K-State) is dealing with a cybersecurity incident that has caused disruption to various network systems, including VPN, email, and video services. Impacted systems have been taken offline, and the university is working to restore them with the help of third-party IT forensic experts. Guidance has been provided to academic deans for maintaining educational continuity, and the university is advising students and staff to remain vigilant and report any suspicious activity. This cyberattack follows a ransomware attack on the Memorial University of Newfoundland earlier this month. (BLEEPINGCOMPUTER.COM)


Feds: Androxgh0st Botnet Is Targeting AWS, Office 365, and Azure Credentials
The Androxgh0st botnet is actively targeting Amazon Web Services (AWS), Microsoft Office 365, SendGrip, and Twilio credentials, according to the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI. The botnet can steal credentials and use them to deliver malicious payloads, and server and website owners are advised to take necessary precautions to protect against it. Mitigation measures include keeping systems up to date, reviewing and securing credentials, and scanning for unrecognized files. (PCMAG.COM)


CISA and FBI Release Known IOCs Associated with Androxgh0st Malware
CISA and the FBI have jointly released a Cybersecurity Advisory to share known indicators of compromise (IOCs) and tactics associated with Androxgh0st malware. The malware is used to establish botnets for identifying and exploiting vulnerable networks, targeting files with sensitive information. Specific vulnerabilities, such as CVE-2017-9841, CVE-2021-41773, and CVE-2018-15133, are being exploited by threat actors. CISA advises organizations to review and implement the provided mitigations to minimize the impact of Androxgh0st malware. (CISA.GOV)


Cyber Safety Review Board Needs Stronger Authorities, More Independence, Experts Say
Experts have testified before Congress, stating that the Cyber Safety Review Board (CSRB) lacks the necessary authorities and independence to effectively investigate major cybersecurity incidents. The CSRB, created in 2021, is meant to review significant cyber incidents, but experts argue that it is too dependent on the participation of the companies it investigates. They call for reform to enhance independence and transparency. The board lacks a full-time staff and the power to subpoena companies, hindering its ability to conduct thorough investigations. The Senate Homeland Security Committee is working on legislation to legally establish the CSRB and grant it subpoena power. (CYBERSCOOP.COM)


Cyber Attacks Are One of the Biggest Threats Facing Healthcare Systems
The healthcare sector is increasingly targeted by cyber criminals, with hacking, supply chain attacks, phishing, and ransomware being the most common types of breaches. These attacks not only jeopardize patient safety but also incur significant financial costs. Governments are publishing new cybersecurity standards, and healthcare organizations are urged to implement measures such as annual audits, a "zero trust" approach, antivirus software, and extended detection and response (XDR) solutions. The rise of internet-connected medical devices also poses additional security risks that need to be addressed. (FT.COM)


Russian-Linked Hackers Target Switzerland After Zelenskiy's Davos Visit
The Swiss government has reported a cyber attack on its websites, allegedly conducted by Russia-linked hackers as retaliation for hosting Ukrainian President Volodymyr Zelenskiy at the World Economic Forum. The attack was a distributed denial-of-service (DDoS) attack, aiming to disrupt the websites' availability rather than stealing data. This is not the first time the Swiss government has been targeted by the hacker group 'NoName.' (BLOOMBERG.COM)


Inside Biden’s Secret Surveillance Court
The Biden administration established a secretive Data Protection Review Court in 2022 to address European privacy concerns over transatlantic data transfers. Located in an undisclosed location, the eight judges on the court can make binding decisions affecting US surveillance practices, but its hearings and rulings will remain confidential, raising transparency issues. While allowing large data flows to resume, critics argue the opaque design fails to sufficiently protect European citizens' rights. (POLITICO.COM)


Microsoft: Iranian Hackers Target Researchers with New MediaPl Malware
A sub-group of the Iranian cyberespionage group APT35, known as Charming Kitten or Phosphorus, is launching spearphishing attacks against high-profile employees in research organizations and universities across Europe and the US. The attackers use custom-tailored phishing emails and a new backdoor malware called MediaPl, which masquerades as Windows Media Player to evade detection. The group aims to steal sensitive data from breached systems and gather perspectives on events related to the Israel-Hamas war. This is part of a larger pattern of Iranian threat groups targeting various sectors with advanced malware. (BLEEPINGCOMPUTER.COM)


Bigpanzi Botnet Infects 170,000 Android TV Boxes with Malware
A cybercrime syndicate known as 'Bigpanzi' has been infecting Android TV and eCos set-top boxes since at least 2015. The group controls a botnet of approximately 170,000 daily active bots, with 1.3 million unique IP addresses associated with the botnet since August. The infected devices are used for illegal media streaming, traffic proxying, DDoS attacks, and OTT content provision. Bigpanzi uses malware tools called 'pandoraspear' and 'pcdn' to carry out their operations, with pandoraspear acting as a backdoor trojan and pcdn building a peer-to-peer Content Distribution Network (CDN). The full extent of Bigpanzi's operations is yet to be uncovered. (BLEEPINGCOMPUTER.COM)


Each Facebook User is Monitored by Thousands of Companies
A study by Consumer Reports reveals that Facebook users' online activities are tracked by an average of 2,230 companies, with some participants' data being sent to over 7,000 companies. The study sheds light on the massive scale of surveillance and highlights concerns about transparency and data sharing practices. (THEMARKUP.ORG)


FTC Joins Global Data Security and Privacy Investigative Consortium
The Federal Trade Commission (FTC) has announced its participation in the Global Cooperation Arrangement for Privacy Enforcement (Global CAPE), an international consortium aimed at assisting privacy investigators and monitoring global commerce in real time. By joining Global CAPE, the FTC will collaborate with international partners on privacy and data security investigations, eliminating the need for individual memoranda of understanding. The consortium facilitates information sharing on public opinion, enforcement initiatives, legislation updates, training programs, and more. The decision to participate in Global CAPE was unanimously approved by FTC commissioners. (THERECORD.MEDIA)


Google Updates Chrome Incognito Tab Message Following Lawsuit
Google has updated the message displayed on its Chrome "incognito mode" following a privacy lawsuit settlement. The updated message clarifies that websites and services, including Google, can still collect user data while browsing in incognito mode. The previous message did not mention data collection by websites and services. Google settled a $5 billion privacy lawsuit that accused the company of misleading users about data tracking in incognito mode. The updated message can be seen on the latest build of Google Chrome, and it provides more transparency to users about the limitations of incognito browsing. (THEHILL.COM)


SEC, Gensler Face Bipartisan Backlash Over X Account Hack
The Securities and Exchange Commission (SEC) Chair, Gary Gensler, is facing political backlash after the agency's social media account was hacked and falsely claimed approval of bitcoin investment funds. The incident has led to calls for investigations from both Republicans and Democrats, further complicating Gensler's already strained relationship with the cryptocurrency world and Republican lawmakers. The hack has raised concerns about the SEC's cybersecurity practices and has added to the criticism of Gensler's approach to regulation. Despite the hack, the SEC ultimately approved 11 spot bitcoin exchange-traded funds (ETFs), marking a historic shift in allowing funds directly invested in crypto assets. (THEHILL.COM)


Lessons in Risk Management from NASA's Space Security: Best Practices Guide
NASA has published the Space Security: Best Practices Guide, offering valuable insights for organizations in any industry. The guide prioritizes effective risk management over compliance, aligns with industry security frameworks, is openly accessible, and incorporates space mission resilience principles with cybersecurity. It serves as a resource to enhance security programs and enterprise risk management. (FORRESTER.COM)

Lock Down the Software Supply Chain With 'Secure by Design'
The concept of "secure by design" is gaining importance as cyber attackers increasingly target software supply chains. The Cybersecurity and Infrastructure Security Agency (CISA) is proposing an initiative that embraces secure by design principles in the software development life cycle to enhance software security globally. This approach involves prioritizing security from the ground up and designing software with robust defenses against attacks. It also emphasizes the shared responsibility of technology manufacturers and consumers in fostering a future where technology is inherently safe and secure. (DARKREADING.COM)

Worried About Spyware on Your iPhone? iShutdown Can Reveal if You've Been Infected
Kaspersky researchers have developed iShutdown, a set of Python scripts that can analyze an iPhone's Shutdown.log file to detect traces of spyware like Pegasus and Predator. This method provides a simpler way for security researchers to determine if high-profile targets have had spyware installed on their iPhones. However, it requires some technical expertise to use effectively. (TOMSGUIDE.COM)


Rotating Credentials for GitHub.com and New GHES Patches
GitHub has patched a vulnerability that allowed access to production container credentials and has rotated all affected credentials. Users are advised to ensure compatibility with the new keys if they have hardcoded or cached GitHub public keys. A patch is also available for GitHub Enterprise Server (GHES) to address the vulnerability. GitHub experienced service disruptions during the credential rotation process but has improved procedures to minimize downtime in the future. (GITHUB.BLOG)


Nearly 7K WordPress Sites Compromised by Balada Injector
Around 6,700 WordPress websites have been infected with the Balada Injector malware through a vulnerable version of the Popup Builder plugin. The malware campaign, which has been active since 2017, redirects visitors to fake support pages and compromised websites. The recent wave of attacks exploited a cross-site scripting (XSS) vulnerability in the plugin, allowing threat actors to inject malicious JavaScript code. With over 200,000 installations of the vulnerable plugin, more infections are expected. Users are advised to implement integrity monitoring solutions, minimize third-party code, and regularly update plugins to mitigate the risk. (DARKREADING.COM)


Google Chrome Zero-Day Bug Under Attack, Allows Code Injection
Google has patched a zero-day vulnerability in its Chrome browser, marked as CVE-2024-0519, which is actively being exploited by attackers. The bug, found in Chrome's V8 JavaScript engine, enables code execution and other cyberattacks on targeted endpoints. This is the second zero-day bug discovered in Chrome within a month. With Chrome being the most widely used browser, it has become a popular target for attackers. The growing interest in browser vulnerabilities has prompted organizations to implement measures to secure browser use. (DARKREADING.COM)


Sophisticated macOS Infostealers Get Past Apple's Built-In Detection
Emerging malware variants are evading Apple's built-in malware protection, including the XProtect detection engine, as attackers continue to evolve their techniques. Infostealers like KeySteal, Atomic Infostealer, and CherryPie have evolved to bypass macOS's XProtect, and their new variants are going undetected. This highlights the ongoing challenges faced by macOS users, and Apple needs to stay on top of the threats to ensure effective protection. (DARKREADING.COM)


The Many Faces of Undetected macOS InfoStealers | KeySteal, Atomic & CherryPie Continue to Adapt
KeySteal, Atomic InfoStealer, and CherryPie are active macOS infostealers that are evading static signature detection engines. KeySteal has evolved to use different names and distribution methods, while Atomic InfoStealer has multiple variants that prevent analysis and VM detection. CherryPie, also known as Gary Stealer, remains undetected on VirusTotal despite Apple's XProtect rule. SentinelOne provides protection against these threats for macOS users. A comprehensive defense-in-depth approach and proactive threat hunting are crucial to stay ahead of evolving macOS malware. (SENTINELONE.COM)


Inside the Massive Naz.API Credential Stuffing List
The Naz.API credential stuffing list contains 70,840,771 unique email addresses, with 65.03% of them being new to Have I Been Pwned. The list includes stealer logs and classic credential stuffing username and password pairs, with the largest file containing 312 million rows of email addresses and passwords. The data has been added to Pwned Passwords, and users are encouraged to use password managers and enable 2FA to protect themselves. (TROYHUNT.COM)


AMD, Apple, Qualcomm GPUs Leak AI Data in LeftoverLocals Attacks
GPU vulnerabilities dubbed 'LeftoverLocals' affect AMD, Apple, Qualcomm, and Imagination Technologies GPUs, allowing attackers to retrieve data from local memory. The flaw arises from inadequate memory isolation in GPU frameworks, enabling one kernel to read data written by another. Vendors are working on patches and mitigation strategies to address the issue. (BLEEPINGCOMPUTER.COM)


Transforming Security Training with ChatGPT: A New Frontier in Employee Awareness
ChatGPT is revolutionizing security training by providing realistic simulations of phishing attacks. Its natural language processing capabilities enable the creation of lifelike scenarios, allowing employees to interact with simulated phishing emails or messages and receive personalized feedback. This conversational approach enhances employee understanding and empowers them to make informed decisions in real-world situations. (MEDIUM.COM)


Jan 28, 2024, 1:49:02 PMJan 28
to sec-...@googlegroups.com

Tesla Hacked at Pwn2Own Automotive 2024

On the first day of the Pwn2Own Automotive 2024 hacking contest, security researchers hacked a Tesla Modem, collecting awards totaling $722,500 for three bug collisions and 24 unique zero-day exploits. The Synacktiv Team chained three zero-day bugs to obtain root permissions on a Tesla Modem, for which it won $100,000. The team won another $120,000 by hacking a Ubiquiti Connect EV Station and a JuiceBox 40 Smart EV Charging Station using unique two-bug chains, and $16,000 related to a known exploit chain targeting the ChargePoint Home Flex EV charger.
» Read full article ]

BleepingComputer; Sergiu Gatlan (January 24, 2024)



Countering Mobile Phone 'Account Takeover' Attacks

Computer scientists at the U.K.'s universities of Birmingham, Edinburgh, and Surrey, and the Netherlands' University of Twente developed a method of identifying security flaws and modeling mobile phone account takeover attacks. These attacks occur when a hacker disconnects a device, SIM card, or app from the account ecosystem to gain access to the victim's online accounts. The new method, based on mathematical and philosophical logic, models changes in account access when such disconnections occur by looking at the options available to hackers with access to the victim's mobile phone and PIN.
» Read full article ]

University of Birmingham (U.K.) (January 22, 2024)



Deepfake Audio of Biden Alarms Experts

A telephone message containing deepfake audio of U.S. President Joe Biden called on New Hampshire voters to avoid yesterdayʼs Democratic primary and save their votes for the November election. This comes amid rising concerns about the use of political deepfakes to influence elections around the world this year. Audio deepfakes are especially concerning, given that they are easy and inexpensive to create and hard to trace.

[ » Read full article *May Require Paid Registration ]

Bloomberg; Margi Murphy (January 22, 2024)



Microsoft Says Russian Government Hackers Stole Its Emails

Microsoft said hackers working for the Russian government breached its corporate networks recently and stole email from executives and some employees to find out what the company knew about them. The tech company said the breach was not due to any flaw in its software, but rather began with a “password spraying.” The technique worked on what Microsoft said was an old test account, and the hackers then used the account’s privileges to get access to multiple streams of email.
[ » Read full article ]

The Washington Post; Joseph Menn (January 19, 2024)



PixieFail UEFI Flaws Expose Millions of Computers

Researchers at French R&D firm Quarkslab identified nine security flaws in the TianoCore EFI Development Kit II (EDK II) affecting Unified Extensible Firmware Interface (UEFI) firmware from AMI, Intel, Insyde, and Phoenix Technologies. The PixieFail vulnerabilities put millions of computers at risk of remote code execution, denial-of-service, DNS cache poisoning, and sensitive information leaks. The issues were found in EDK II's NetworkPkg TCP/IP network protocol stack.
[ » Read full article ]

The Hacker News (January 18, 2024)


Critics Say Musk’s False Comments On American Voting System Could Amplify Election Denialism

The New York Times Share to FacebookShare to Twitter (1/25, Rutenberg, Conger) reports voting rights advocates, civil rights activists, and some Democrats are condemning a series of comments from X owner Elon Musk about the security of the American voting system, echoing similar comments made in recent years by former President Trump. Musk has put forth “distorted and false notions that American elections were wide open for fraud and illegal voting by noncitizens” without any evidence or proof to the veracity of his statements. Musk’s comments on X were then amplified by the platform’s algorithm, which some critics have argued is intentionally designed to push Musk’s posts to the widest audience possible. Critics of Musk have argued that his control over the platform “give him an outsize ability to reignite the doubts about the American election system that were so prevalent in the lead-up to the riot at the Capitol on Jan. 6, 2021.”


First Step in Securing AI/ML Tools Is Locating Them
Security teams first need to identify where artificial intelligence and machine learning tools are being used within their organizations, as these tools can pose new risks if not properly managed, since business teams often adopt such tools without notifying security, according to experts from Legit Security and the Berryville Institute of Machine Learning. (DARKREADING.COM)


A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data
Researchers have discovered a vulnerability called LeftoverLocals in GPUs from Apple, AMD, and Qualcomm, which could allow attackers to steal data from the GPU's memory. The vulnerability exposes sensitive information, including queries and responses generated by language models, and the weights driving the response. Patching the affected devices may prove challenging. (WIRED.COM)


Chinese Hackers Exploit VMware Bug as Zero-Day for Two Years
A Chinese hacking group, UNC3886, has been exploiting a critical vulnerability in VMware's vCenter Server (CVE-2023-34048) as a zero-day since late 2021. The flaw was patched in October 2023, but Mandiant, a security firm, revealed that the vulnerability was used by UNC3886 as part of a previously reported campaign. The group breached targets' vCenter servers, deployed backdoors on ESXi hosts, and exploited another VMware flaw (CVE-2023-20867) to escalate privileges and exfiltrate files. Although details of the attacks are not publicly available, UNC3886's focus on zero-day flaws in firewall and virtualization platforms in the defense, government, telecom, and technology sectors is well-documented. (BLEEPINGCOMPUTER.COM)


Number of Patient Records Exposed in Data Breaches Doubled in 2023
A report by cybersecurity firm Fortified Health Security reveals that the number of patient records exposed in data breaches doubled in 2023 compared to the previous year, reaching over 116 million compromised records across 655 breaches. The report highlights a significant increase in both the volume of exposed data and the number of large breaches. Hacking and IT incidents accounted for 80% of reported breaches, while physical thefts of records decreased as healthcare organizations transitioned to electronic health record systems. Business associate breaches also increased by 22% year over year. The rising number of healthcare breaches underscores the need for enhanced cybersecurity measures in the industry. (CYBERSECURITYDIVE.COM)


With Attacks on the Upswing, Cyber-Insurance Premiums Poised to Rise Too
Experts predict that cyber-insurance premiums will increase due to a rise in cyber-attacks. While premiums fell in Q3 2023, ransomware and privacy-related claims surged, leading to the expectation of rising costs in the next 12 to 24 months. The cost of cyber-insurance typically lags behind changes in the threat landscape. Despite a temporary decline in 2022, the cyber-insurance industry continues to grow, with direct written premiums reaching $5.1 billion in 2023. Larger enterprises view cyber insurance as a necessary expense, while there is potential for growth in underwriting for smaller companies. (DARKREADING.COM)


Application Threat Report - Applications Abound
The average organization now has 379 third-party applications connected, up from 166 in 2020. Over 75% of top permissions granted are medium-to-high risk, and nearly 40% of organizations have installed applications with known vulnerabilities, expanding potential entry points for attackers. (GOOGLEUSERCONTENT.COM)


Water and Wastewater Sector - Incident Response Guide
A joint guide, co-signed by CISA, FBI, and EPA, has been released to provide best practices and federal resources for incident response in the Water and Wastewater (WWS) Sector. The guide aims to enhance cybersecurity in the sector by offering guidance for reporting cyber incidents, connecting utilities with available cybersecurity resources, and empowering them to build a strong cybersecurity baseline. The goal is to improve cyber resilience, hygiene, and integration within local cyber communities. (CISA.GOV)


Containerised Clicks: Malicious Use of 9hits on Vulnerable Docker Hosts
Attackers are deploying a combination of XMRig miner and the 9hits viewer application as a payload to target vulnerable Docker services. The 9hits viewer app, typically used for generating web traffic, is now being used by malware to generate credits for the attacker. The campaign is initiated by an attacker-controlled server, and the Docker API is used to deploy the containers. The attacker leverages off-the-shelf images from Dockerhub for the 9hits and XMRig software. The main impact of this campaign is resource exhaustion on compromised hosts. (CADOSECURITY.COM)

Prolific Russian Hacking Unit Using Custom Backdoor for the First Time
The Russian cyber espionage and influence operation group known as "Cold River" has incorporated a custom backdoor malware called "SPICA" into its campaigns. This marks the first publicly known use of custom malware by the group, allowing them to execute commands, upload and download files, and gather system and file information. Cold River, linked to the Kremlin, has previously targeted U.S. nuclear facilities, NGOs, think tanks, military entities, and defense contractors aligned with Russian interests. The group is known for credential phishing campaigns and has been improving its evasive techniques for espionage activities. (CYBERSCOOP.COM)


Google Says Russian Espionage Crew Behind New Malware Campaign
Google researchers have identified evidence linking the Russian hacking group known as "Cold River" to a new malware campaign. The group, also known as "Callisto Group" and "Star Blizzard," has shifted its tactics to deliver data-stealing malware via PDF documents as lures. The malware, called "SPICA," grants the attackers persistent access to victims' machines to execute commands, steal browser cookies, and exfiltrate documents. While the exact number of victims is unknown, Google believes the attacks have been limited and targeted. The Cold River group has been associated with long-running espionage campaigns against NATO countries and has ties to the Russian state. (TECHCRUNCH.COM)


Cyberthreats Are Ever-Present, Always Tough to Fight
A global survey sponsored by Dell and McAfee found that nearly half of small-business owners have experienced a cyberattack, with many suffering multiple attacks. The majority of attacks were carried out using AI, and malware introduced through phishing links or malicious attachments was the most common method. The financial and reputational toll on businesses was significant, with 61% losing $10,000 or more. Small-business owners are advised to use AI to proactively protect against cyberthreats and to focus on building a solid defensive strategy to mitigate risks. (INC.COM)


Stealthy New macOS Backdoor Hides on Chinese Websites
A macOS backdoor has been discovered in trojanized applications hosted on Chinese websites. The backdoor, known as ".fseventsd," is a modified version of malware from the Khepri open source project. It allows attackers to remotely control infected machines, collect system information, download and upload files, and open a remote shell. The malware is designed to blend in with other processes on the operating system and is being distributed through Chinese pirating websites. Enterprises are advised to use software that detects and blocks threats on macOS and to avoid downloading pirated apps. (DARKREADING.COM)


Bigpanzi Exposes Growing Threat Posed by Encrypted Operations
Analysis revealed a consumer electronics firm may enable their expansion. Command logs also showed infections rose sharply through pirated apps while live stream hijacking targeting minors increased nearly tenfold. Strategic security cooperation is still needed to track this group's changing tactics and safeguard users amid open platforms' interconnected abuse risks. (QIANXIN.COM)


Ukraine 'Blackjack' Hackers Hit Jackpot in Russia
A Ukrainian hacking group known as "Blackjack" and linked to the country's main spy agency has successfully stolen construction plans for over 500 Russian military sites. The group, believed to be associated with Ukraine's Security Service, hacked into a Russian state enterprise involved in military construction. They obtained classified data comprising more than 1.2 terabytes, including maps of military bases in Russia and occupied regions in Ukraine. The stolen data was transferred to Ukraine's Security and Defense Forces, and all copies were deleted from Russian servers. This follows a recent cyber attack by Blackjack on a Moscow internet provider. (NEWSWEEK.COM)

Election Security Discussions on Cyber Threats to the US Electoral Process
Gerty Baker speaks to Matthew Prince, CEO of Cloudflare about emerging cyber threats to US elections and the security of electoral infrastructure and processes. Prince highlights the adaptability of foreign actors to target individual counties and sow distrust, and the role of private security in bolstering outdated systems against advanced attacks seeking to disrupt democracy. (WSJ.COM)


Bangladeshi Elections Come Into DDoS Crosshairs
Cloudflare data reveals a 33% increase in HTTP DDoS attack traffic in Bangladesh leading up to the national elections. Telecommunications and media industries were the primary targets, potentially aimed at disrupting communication channels and influencing public opinion. The Smart Election Management BD app, which provides election-related information, experienced performance issues on election day due to a cyberattack, with the origin of the bad traffic claimed to be Germany and Ukraine. The distributed nature of the DDoS attacks suggests the use of globally distributed botnets. Cloudflare expects DDoS attacks to continue being a threat to elections, with emerging technologies amplifying attack tactics. (DARKREADING.COM)


JPMorgan Suffers Wave of Cyber Attacks as Fraudsters Get 'More Devious'
JPMorgan Chase is experiencing a surge in cyber attacks as fraudsters become increasingly sophisticated and cunning, according to Mary Erdoes, the bank's head of asset and wealth management. The bank spends $15 billion annually on technology and employs 62,000 technologists to combat cybercrime. JPMorgan corrected Erdoes' statement about facing 45 billion hacking attempts per day, clarifying that she was referring to observed activity collected from their technology assets. The use of artificial intelligence by cyber criminals has contributed to the rise in incidents and the level of attack sophistication. (FT.COM)


Ivanti Connect Secure Exploitation Accelerates as Moody's Calls Impact Credit Negative
The exploitation of vulnerabilities in Ivanti Connect Secure VPN is increasing, with over 2,100 systems compromised by the Giftedvisitor webshell. The suspected state-linked threat actor, tracked as UTA0178, manipulated Ivanti's Integrity Checker Tool to hide any new or mismatched files. Moody's Investor Service stated that these attacks are credit negative for Ivanti, as they could harm the company's reputation, lead to customer attrition, potential litigation, and impact revenue growth. Ivanti is working with Mandiant to respond to the threat and is developing a patch that will be released next week. (CYBERSECURITYDIVE.COM)


Third Ivanti Vulnerability Exploited in the Wild, CISA Reports
CISA has added a critical authentication bypass vulnerability in Ivanti Endpoint Manager Mobile, tracked as CVE-2023-35082, to its Known Exploited Vulnerabilities catalog with a CVSS score of 9.8, as it has been exploited along with another flaw to write malicious files, putting all versions of Invanti Endpoint Manager at risk according to Rapid7 unless patched by early February. (DARKREADING.COM)


Mastercard Aims to Limit AI Bias, Cyber Risk
Mastercard's Chief Privacy Officer, Caroline Louveaux, is working closely with the company's cybersecurity team to ensure that AI fraud-prevention tools respect consumer privacy. The company has created an AI governance council to address AI risk and has been experimenting with homomorphic encryption to share intelligence data about financial crimes while protecting privacy. Mastercard is also exploring ways to evaluate AI systems for bias and considering the use of synthetic data sets to train AI models. Louveaux emphasizes the need to balance transparency, security, data minimization, and accuracy in AI applications. (WSJ.COM)


Threat Actors Team Up for Post-Holiday Phishing Email Surge
Threat actors have resumed their activities after the holiday break, with two groups teaming up to launch a post-holiday phishing email campaign targeting North American organizations. The campaign utilized lazy subject lines and corporate hooks to trick users into clicking on OneDrive links, leading to the download of custom malware. The main culprit, tracked as TA866, had been inactive for nine months prior, but used another threat actor, TA571, to distribute its malicious content on a large scale through traffic distribution systems. This resurgence in activity aligns with the trend of major cybercrime groups taking breaks during the holiday season. (DARKREADING.COM)

Building AI That Respects Our Privacy
In order to address the ethical concerns surrounding AI and privacy, there is a need for privacy best practices to be implemented. This includes shifting to individual user data sets for training AI models, using closed systems like laptops for data training, adding transparency and tracking to understand data sources, and providing data removal rights for individuals. In the absence of these practices, individuals should be aware of how AI platforms collect and use their data, limit sharing unnecessary information, understand the limitations of AI, and exercise situational awareness when interacting with AI. (DARKREADING.COM)


TensorFlow Supply Chain Compromise via Self-Hosted Runner Attack
Praetorian researchers discovered that TensorFlow used self-hosted GitHub Actions runners with default configuration, allowing a contributor to inject malicious code execution through pull requests. By compromising a runner, an attacker could steal credentials enabling unauthorized GitHub releases and PyPI package uploads, severely impacting the ML framework's users. TensorFlow implemented policy changes preventing this exploitation route. (PRAETORIAN.COM)


A Lightweight Method to Detect Potential iOS Malware
Kaspersky researchers have identified a forensic artifact, the Shutdown.log file, as a reliable method for detecting iOS malware. The file, stored in a sysdiag archive, records reboot events and can contain traces of malware infections. Analyzing the log file can help identify potential threats, although it relies on the user rebooting their device frequently. Kaspersky has developed Python scripts to automate the analysis process and extract valuable information from the log file. (SECURELIST.COM)


Lateral Movement – Visual Studio DTE
An attacker can exploit Visual Studio's Development Tools Environment (DTE) to achieve lateral movement in an organization. By retrieving the class ID from the registry, an attacker can remotely execute commands and enumerate processes on the target host. They can even launch executable applications and establish command and control communication. This technique can potentially enable attackers to dump the LSASS process for retrieving cached credentials and facilitate further lateral movement within the domain. (PENTESTLAB.BLOG)


Four-in-Ten Employees Sacked over Email Security Breaches as Firms Tackle "Truly Staggering" Increase in Attacks
Nearly half of employees responsible for email security breaches have been fired, as organizations worldwide face a surge in cyber attacks. A study by Egress reveals that 94% of organizations have experienced a serious email security incident in the past year, with phishing attacks on the rise. Human error and data exfiltration are major concerns. The use of AI tools by cyber criminals is also worrying security leaders, who anticipate attackers fine-tuning their capabilities through these tools. (ITPRO.COM)


Have I Been Pwned Adds 71 Million Emails from Naz.API Stolen Account List
Have I Been Pwned, the data breach notification service, has incorporated nearly 71 million email addresses from the Naz.API dataset, which contains stolen account information. The dataset includes credentials compiled from credential stuffing lists and data stolen by information-stealing malware. Users can check if their email is associated with the dataset on Have I Been Pwned, but it does not specify which specific websites were affected. It is recommended to change passwords for all saved accounts and transfer cryptocurrency to a different wallet if owned. (BLEEPINGCOMPUTER.COM)


CISO Tells IT Brew How Attackers Are Deploying AI and Deepfakes
Rex Booth, CISO of SailPoint, has raised concerns about the use of AI by threat actors to enhance social engineering attacks. Attackers are leveraging AI technology to expand their capabilities and grow rapidly, posing a significant threat. Booth emphasized the need for cybersecurity professionals to think like adversaries and consider the potential risks posed by these tools. SailPoint conducted tests using AI software to replicate the voice of their CEO, revealing that deepfakes can be more effective than typical phishing emails. Booth expressed concern about the risk deepfakes pose to a substantial portion of the population. (ITBREW.COM)


NIST A.I. Security Report: 3 Key Takeaways for Tech Pros
The National Institute of Standards and Technology (NIST) released a report on security and privacy issues in A.I. and machine learning (ML) technologies. The report highlights threats such as evasion attacks, poison attacks, privacy attacks, and abuse attacks. Tech professionals should understand these vulnerabilities and incorporate the lessons into their skill sets to effectively secure A.I. systems. (DICE.COM)


FraudGPT and WormGPT: The New Face of Cybercrime in the Age of Artificial Intelligence
The emergence of AI models like FraudGPT and WormGPT on the DarkWeb has introduced a new level of threat in cybercrime. These tools enable cybercriminals to create convincing phishing emails, fake websites, and conduct disinformation campaigns with unprecedented ease and accuracy. Traditional defense strategies must evolve to address these emerging threats in cybersecurity. (MEDIUM.COM)


Critical Vulnerabilities Found in Open Source AI/ML Platforms
Security researchers have discovered severe vulnerabilities in open source AI/ML platforms MLflow, ClearML, and Hugging Face. The most critical issues were found in MLflow, including a path traversal bug, a file path manipulation vulnerability, a path validation bypass, and a remote code execution vulnerability. All vulnerabilities have been patched in MLflow 2.9.2. Additionally, a critical vulnerability was identified in Hugging Face Transformers, and a high-severity stored cross-site scripting flaw was found in ClearML. The vulnerabilities were reported to project maintainers prior to public disclosure. (SECURITYWEEK.COM)


Leveraging ChatGPT in Cybersecurity
Artificial Intelligence (AI) tool ChatGPT can be a valuable asset in strengthening cybersecurity measures. It can be integrated into threat intelligence platforms to analyze and understand large volumes of text-based data, aiding in threat detection. ChatGPT can also assist in phishing detection by analyzing suspicious patterns in emails and messages. Incident response automation and security awareness training can be enhanced through ChatGPT-powered chatbots. Additionally, it can contribute to threat hunting activities, enhance user authentication, and continuously adapt to evolving cyber threats. (MEDIUM.COM)


Massive 26 Billion Record Leak: Dropbox, LinkedIn, Twitter All Named
Security researchers have discovered a database containing 26 billion leaked data records, making it one of the largest breaches to date. The database, found on an open storage instance, includes data from platforms such as Twitter, Dropbox, LinkedIn, and government organizations. While much of the data may be from previous breaches, the inclusion of usernames and passwords is still cause for concern. Users are advised to change their passwords, be alert to phishing attempts, and enable two-factor authentication. (FORBES.COM)


South African Researcher Exposes Bitcoin Anonymity Flaws With Blockchain Clustering
A University of Cape Town researcher demonstrated how tracking blockchain transaction inputs and outputs allowed her to link over 500,000 Bitcoin addresses to single identities, undermining the notion of anonymity on the network. By manually analyzing large Bitcoin transactions, she frequently reduced pseudonymity, contradicting privacy protections as she traced coins through chains. (WIRED.COM)


As LastPass Enforces Master-Password Mandates, Security Pros Talk MFA
Password manager LastPass now requires a 12-character minimum for master passwords. While this improves security, experts emphasize the need for multi-factor authentication (MFA) as an additional layer of protection. LastPass also prompts customers to enroll in MFA, although it is not mandatory. Verizon's data breach report revealed that credential compromise was a major factor in cyber incidents. LastPass's move is a step in the right direction, but some experts argue for the inclusion of randomly generated security keys for stronger encryption. (ITBREW.COM)


SEC Blames ‘SIM Swap’ Attack for Disastrous X Hack Ahead of Bitcoin ETF Approval
The Securities and Exchange Commission (SEC) revealed that it was the victim of a "SIM swap" attack, where cybercriminals convinced mobile carriers to transfer phone numbers to a new account. The attack occurred just before the SEC's anticipated approval of Bitcoin ETFs, causing confusion and speculation. The SEC is still working with law enforcement agencies to identify the perpetrators. SIM swap attacks are commonly used to gain unauthorized access to accounts, and the SEC is investigating how the hacker convinced the carrier to change the SIM card. The agency stated that there is no evidence that the hacker accessed SEC systems or data. (FORTUNE.COM)


Unmasking Pegasus: The Spyware That Flies Under the Radar
Pegasus Spyware, developed by NSO Group, poses a significant threat to privacy and security. Capable of infiltrating iOS and Android devices without user interaction, Pegasus enables unauthorized access to personal information and can be used for political surveillance. Detecting this stealthy spyware is challenging, but cybersecurity firms have developed detection tools. Vigilance, regular software updates, and cautious online behavior are crucial in safeguarding against advanced spyware. The iShutdown tool by Kaspersky's GReAT offers detection of Pegasus and other notorious threats on Apple iOS devices. (MEDIUM.COM)

The State of Software Supply Chain Security 2024
In its annual report, the cybersecurity company ReversingLabs analyzed software supply chain data and found an increasing prevalence of supply chain attacks, malicious open-source packages, and ransomware infiltrating code repositories. The findings underscore the evolving tactics targeting software development through public repositories in