Infosec Press

Reader

Read the latest posts from Infosec Press.

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

💳 So stehlen Kriminelle mit gefälschten FinanzOnline-Benachrichtigungen Ihre Bankomatkarte cybercrime – Kriminelle nutzen gefälschte Onlinebanking-Seiten, um Bankdaten zu stehlen. Nutzer erhalten betrügerische Benachrichtigungen über Kartensperrungen und sollen ihre alte Karte zurücksenden. https://www.watchlist-internet.at/news/so-stehlen-kriminelle-kartenwechsel-scam/


News For All

🤖 Your robot vacuum cleaner might be spying on you privacy – A security flaw in Ecovacs robot vacuums allows remote access to cameras and microphones, exposing users to privacy risks. Updates are coming, but not soon enough for some customers. https://www.bitdefender.com/en-us/blog/hotforsecurity/your-robot-vacuum-cleaner-might-be-spying-on-you/

🤔 Cops often hush up use of facial recognition tools privacy – U.S. police frequently use facial recognition technology without disclosing it to suspects, leading to wrongful arrests. This raises concerns about privacy and accountability in law enforcement practices. https://www.theregister.com/2024/10/07/cops_love_facial_recognition_and/

🔒 Google brings better bricking to Androids, to curtail crims security news – Google is rolling out features to enhance Android security, making it harder for thieves to profit from stolen phones by requiring credentials for factory resets and biometric verification for sensitive actions. https://www.theregister.com/2024/10/08/google_android_security/

⚖️ Twitter Acts Fast on Nonconsensual Nudity If It Thinks It’s a Copyright Violation privacy – A study reveals Twitter removes nonconsensual nude images quickly if reported for copyright violations but delays action on similar reports for nonconsensual content, highlighting legal gaps. https://www.404media.co/twitter-acts-fast-on-nonconsensual-nudity-if-it-thinks-its-a-copyright-violation/

🔄 What Google’s U-Turn on Third-Party Cookies Means for Chrome Privacy privacy – Google paused its plans to eliminate third-party cookies in Chrome, citing backlash from various stakeholders. Critics argue this compromises user privacy while Google emphasizes user choice in tracking. https://www.wired.com/story/google-chrome-third-party-cookies-privacy-rollback/

🔍 Credit monitoring and supply chain risk company hacked data breach – CreditRiskMonitor reported a data breach where sensitive employee information was stolen, though customer data remained unaffected. The company is offering impacted individuals 24 months of free credit monitoring. https://cyberscoop.com/credit-risk-monitor-cyber-crmz-ransomware/

📱 Don’t use iPhone Mirroring at work, experts warn privacy – Experts warn against using iPhone Mirroring at work due to privacy risks, as it can expose personal app data to employers. Apple is aware and working on a fix. https://www.theregister.com/2024/10/08/iphone_mirroring_at_work/

📚 The Editors Protecting Wikipedia from AI Hoaxes security news – Wikipedia editors have launched WikiProject AI Cleanup to address the rise of unsourced, poorly-written AI-generated content on the platform, aiming to preserve the quality of information. https://www.404media.co/the-editors-protecting-wikipedia-from-ai-hoaxes/

💉 Trinity ransomware targets healthcare orgs cybercrime – Trinity ransomware has infected at least one U.S. healthcare provider, employing double extortion tactics. Experts warn healthcare organizations to enhance security measures against such attacks. https://www.theregister.com/2024/10/09/trinity_ransomware_targets_healthcare_orgs/

🔑 How to use Apple’s new Passwords app on iOS and macOS security news – Apple's new Passwords app replaces previous password management methods, allowing users to store and manage passwords, passkeys, and Wi-Fi credentials across devices. It offers autofill, sharing, and security alerts. https://www.theverge.com/24264400/passwords-apple-ios-macos-how-to

📉 National Public Data files for bankruptcy after info leak security news – National Public Data filed for bankruptcy after a massive data breach affecting potentially hundreds of millions. The company faces multiple lawsuits and regulatory challenges following the incident. https://www.theregister.com/2024/10/09/national_public_data_bankrupt/

🔒 The Internet Archive is under attack, with a breach revealing info for 31 million accounts data breach – The Internet Archive confirmed a breach exposing data for 31 million accounts, including email addresses and hashed passwords. The site also faced a DDoS attack following the incident. https://www.theverge.com/2024/10/9/24266419/internet-archive-ddos-attack-pop-up-message

📱 How Telegram Turbocharges Organised Crime cybercrime – A UN report highlights Telegram's role in facilitating organized crime, including cyber fraud, money laundering, and criminal marketplaces, emphasizing the need for stricter regulations to combat these activities. https://news.risky.biz/how-telegram-turbocharges-organised-crime/

⚠️ Mozilla issued an urgent Firefox update to fix actively exploited flaw vulnerability – Mozilla released an urgent update for Firefox to fix a critical use-after-free vulnerability (CVE-2024-9680) actively exploited in attacks, urging users to upgrade immediately. https://securityaffairs.com/169590/security/mozilla-firefox-actively-exploited-flaw.html

🛡️ Blue Team, Red Team, and Purple Team: An Overview security news – This article discusses the roles of Blue, Red, and Purple Teams in cybersecurity, highlighting defensive operations, adversarial simulations, and collaborative efforts to enhance security measures. https://www.blackhillsinfosec.com/red-blue-and-purple-teams/

😷 14,000 medical devices are online, unsecured and vulnerable security research – A report reveals over 14,000 exposed medical devices globally, with nearly half in the U.S. Many lack basic security measures, making them prime targets for cybercriminals amid increasing healthcare attacks. https://cyberscoop.com/medical-devices-online-health-censys/

🐖 Pig Butchering Scams Are Going High Tech cybercrime – The UNODC reports a surge in high-tech 'pig butchering' scams in Southeast Asia, utilizing generative AI and deepfakes to enhance fraud. These scams, alongside cryptocurrency drainers, are increasingly sophisticated and pose significant challenges for law enforcement. https://www.wired.com/story/pig-butchering-scams-go-high-tech/

⛓️‍💥 'Chat control': The EU's controversial CSAM-scanning legal proposal explained privacy – The EU's proposed legislation to combat child sexual abuse material (CSAM) threatens user privacy by mandating scanning of private communications on messaging apps, raising concerns about encryption and mass surveillance. https://techcrunch.com/2024/10/12/chat-control-the-eus-controversial-csam-scanning-legal-proposal-explained/

🔒 How to Stop Your Data From Being Used to Train AI privacy – As generative AI increasingly utilizes online data, users can take steps to opt out of having their content used for training. The article outlines various platforms and methods to help protect personal data from being scraped. https://www.wired.com/story/how-to-stop-your-data-from-being-used-to-train-ai/

⚠️ Magenta ID wurde deaktiviert: Vorsicht vor täuschend echter Phishing-Mail warning – Eine täuschend echte Phishing-Mail mit dem Betreff „Aktion erforderlich: Reaktivierung Ihrer Magenta ID“ fordert zur Aktivierung einer nicht existierenden ID auf. Drei Hinweise entlarven die Betrugsmasche. https://futurezone.at/digital-life/magenta-id-wurde-deaktiviert-mail-phishing-rechnung-hinweise-betrug-warnung/402960708


Some More, For the Curious

🎉 Kyiv's hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin's birthday security news – Ukrainian hackers reportedly disrupted VGTRK operations, wiping servers and backups on Putin's birthday, amid ongoing cyber conflict between Russia and Ukraine. https://securityaffairs.com/169486/cyber-warfare-2/kyivs-hackers-hit-russian-state-media.html

🧓 The 30-year-old internet backdoor law that came back to bite security news – Chinese hackers compromised U.S. telecom wiretap systems, highlighting risks of backdoor laws like CALEA, which mandate access to customer data but create vulnerabilities for abuse. https://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-law-that-came-back-to-bite/

💰 MoneyGram says hackers stole customers' personal information and transaction data data breach – MoneyGram confirmed a cyberattack resulted in the theft of customers' personal and transaction data, affecting names, addresses, and some Social Security numbers. Investigation is ongoing. https://techcrunch.com/2024/10/07/moneygram-says-hackers-stole-customers-personal-information-and-transaction-data/

🗃️ ADT says hacker stole encrypted internal employee data after compromising business partner security news – ADT reported a breach where a hacker accessed its network through a compromised third-party partner, stealing encrypted employee data. No customer information was believed to be affected. https://therecord.media/adt-hacker-stole-encrypted-data-after-breaching-third-party

🛡️ Following the Trail of Flax Typhoon to Uncover Newly Discovered Vulnerabilities in Linear Emerge Access Control Devices security research – A vulnerability, CVE-2024-9441, affects Linear Emerge E3 series devices and is unpatched, raising concerns of imminent exploitation. Organizations are urged to isolate affected devices. https://vulncheck.com/blog/flax-typhoon-linear-merge

🔧 Zero Day Initiative — The October 2024 Security Update Review security news – Adobe and Microsoft released significant security updates in October 2024, addressing numerous vulnerabilities including critical code execution bugs. Users are urged to promptly apply patches to mitigate risks. https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review

🚫 Russia and Turkey ban Discord messaging app security news – Russia and Turkey have blocked Discord, citing non-compliance with local laws and misuse for illegal activities. The bans have sparked backlash, highlighting the platform's importance for communication. https://therecord.media/discord-messaging-app-banned-russia-turkey

🔍 Two never-before-seen tools, from same group, infect air-gapped devices security research – Researchers discovered two sophisticated toolsets used by a suspected Russian hacking group to compromise air-gapped devices for data theft, highlighting their evolving capabilities and modular design. https://arstechnica.com/security/2024/10/two-never-before-seen-tools-from-same-group-infect-air-gapped-devices/

⌨️ Hackers targeted Android users by exploiting zero-day bug in Qualcomm chips vulnerability – Qualcomm confirmed hackers exploited a zero-day vulnerability (CVE-2024-43047) in its chipsets used in Android devices, with indications of targeted exploitation. Fixes have been made available to device manufacturers. https://techcrunch.com/2024/10/09/hackers-were-targeting-android-users-with-qualcomm-zero-day/

🌐 OpenAI says it has disrupted 20-plus foreign influence networks in past year security news – OpenAI disrupted over 20 foreign influence operations using its AI tools to manipulate political sentiments and elections. The report highlights ongoing threats from nations like Russia and Iran. https://cyberscoop.com/openai-threat-report-foreign-influence-generative-ai/

🚔 Dutch cops reveal takedown of 'largest dark web market' cybercrime – Dutch police arrested the alleged administrators of Bohemia and Cannabia, the largest dark web marketplaces, which processed €12 million monthly. The operators attempted an exit scam after becoming aware of the investigation. https://www.theregister.com/2024/10/10/cannabia_bohemia_darkweb_market_investigation/

🪙 FBI created a crypto token so it could watch it being abused security news – The FBI developed its own cryptocurrency, NexFundAI, to monitor fraudulent activities in the crypto market, leading to arrests in three countries for alleged wash trading and manipulation schemes. https://www.theregister.com/2024/10/11/fbi_nexfundai_crypto_fraud_sting/

🔧 GitLab fixed a critical flaw that could allow arbitrary CI vulnerability – GitLab patched a critical vulnerability (CVE-2024-9164) that allowed unauthorized CI/CD pipeline execution. The update also addressed several high and medium severity issues in both Community and Enterprise Editions. https://securityaffairs.com/169671/security/gitlab-fixed-critical-flaw-cve-2024-9164.html

📦 Malicious packages in open-source repositories are surging security research – A report by Sonatype reveals a 150% increase in malicious packages in open-source repositories over the past year, highlighting security vulnerabilities and the slow response to patching them. https://cyberscoop.com/open-source-security-supply-chain-sonatype/

💻 Ransomware operators exploited Veeam Backup & Replication flaw CVE vulnerability – Ransomware operators are exploiting the critical CVE-2024-40711 vulnerability in Veeam Backup & Replication to deploy malware and create rogue accounts. Sophos warns of attacks leveraging compromised credentials and outdated VPNs. https://securityaffairs.com/169679/cyber-crime/ransomware-groups-exploit-veeam-backup-replication-bug.html

📁 File hosting services misused for identity phishing security research – Microsoft reports that ransomware operators are exploiting legitimate file hosting services to conduct phishing attacks, using tactics to evade detection and compromise user identities, leading to business email compromise (BEC) attacks. https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/


CISA Corner

🚨 Avoid Scams After Disaster Strikes warning – CISA warns of increased cyber scams following natural disasters, urging caution with emails and social media related to hurricanes. Verify information from trusted sources before responding. https://www.cisa.gov/news-events/alerts/2024/10/08/avoid-scams-after-disaster-strikes

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has included three vulnerabilities in its Known Exploited Vulnerabilities Catalog, highlighting risks from active exploitation. Agencies are required to remediate these vulnerabilities to protect federal networks. https://www.cisa.gov/news-events/alerts/2024/10/08/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting risks from active exploitation in Fortinet and Ivanti products. Federal agencies must remediate these vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2024/10/09/cisa-adds-three-known-exploited-vulnerabilities-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🐖 The Pig Butchering Invasion Has Begun cybercrime – Global pig butchering scams, rooted in Southeast Asia, exploit vulnerable populations and net billions. Operations are expanding worldwide, raising serious human trafficking and financial crime concerns. https://www.wired.com/story/pig-butchering-scam-invasion/

🔍 Remote ID verification tech is often biased and wrong security news – A GSA study reveals remote identity verification technologies are biased, with significant error rates affecting marginalized groups. The tech’s reliability raises concerns for government and user equity. https://www.theregister.com/2024/09/30/remote_identity_verification_biased/

📚 Massive E-Learning Platform Udemy Gave Teachers a Gen AI 'Opt-Out Window'. It's Already Over. privacy – Udemy's brief opt-out period for teachers to exclude their content from generative AI training has passed, sparking backlash over perceived intellectual property theft and biased communication. https://www.404media.co/massive-e-learning-platform-udemy-gave-teachers-a-gen-ai-opt-out-window-its-already-over/

🎯 North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence security news – North Korea's APT Kimsuky targeted German defense contractor Diehl Defence through a phishing campaign involving fake job offers, raising significant concerns due to the company's military manufacturing role. https://securityaffairs.com/169162/apt/kimsuky-apt-hit-diehl-defence.html

🫴 Paypal Opted You Into Sharing Data Without Your Knowledge privacy – PayPal has been criticized for automatically opting users into data sharing with third parties for personalized shopping, raising privacy concerns as users were unaware of this change. https://www.404media.co/paypal-personalized-shopping-opt-out/

📰 News agency AFP hit by cyberattack, client services impacted cybercrime – AFP confirmed a cyberattack affecting its IT systems and client services, prompting investigations with France’s cybersecurity agency. Global news coverage remains unaffected, but partners were warned about potential FTP credential compromises. https://securityaffairs.com/169175/hacking/news-agency-afp-hit-by-cyberattack-client-services-impacted.html

🚔 Multinational police effort hits sections of Lockbit ransomware operation security news – An international police effort led to arrests and seizures targeting the LockBit ransomware group, including a suspected developer in France and sanctions against affiliates linked to Evil Corp, amid ongoing efforts to disrupt cybercrime. https://cyberscoop.com/lockbit-arrests-ransomware-fbi-uk-nca-evil-corp/

🏥 UMC Health System diverted patients following a ransomware attack cybercrime – UMC Health System in Texas diverted patients after a ransomware attack caused a network outage. The hospital is investigating the breach and working to restore services while ensuring patient care. https://securityaffairs.com/169198/cyber-crime/umc-health-system-cyberattack.html

🕵️‍♀️ ICE Signs $2 Million Contract With Spyware Maker Paragon Solutions security news – ICE has contracted Israeli spyware vendor Paragon Solutions for $2 million amid ongoing scrutiny of commercial spyware. The contract raises questions about ethical surveillance practices and human rights implications. https://www.wired.com/story/ice-paragon-solutions-contract/

📊 Thunderbird für Android: Telemetrie-Daten werden bereits beim Start erfasst privacy – Die Beta-Version von Thunderbird für Android überträgt Telemetriedaten ohne Einwilligung an Mozilla. Dies verstößt gegen Datenschutzgesetze und enttäuscht Nutzer, die eine Opt-In-Lösung erwarten. https://www.kuketz-blog.de/thunderbird-fuer-android-telemetrie-daten-werden-bereits-beim-start-erfasst/

🪩 A Network of AI ‘Nudify’ Sites Are a Front for Notorious Russian Hackers cybercrime – Fake AI ‘nudify’ sites are revealed to be fronts for Fin7, a Russian hacking group, designed to steal credentials. The sites lure users with the promise of generating nonconsensual content. https://www.404media.co/a-network-of-ai-nudify-sites-are-a-front-for-notorious-russian-hackers-2/

🔍 Telegram has disclosed criminal data to authorities for years, Durov says security news – Telegram's founder, Pavel Durov, clarified that the platform has long disclosed user data to law enforcement upon legal request, emphasizing recent updates to privacy policies do not signify a major shift in practices. https://therecord.media/telegram-disclosing-criminal-data-law-enforcement-durov-statement

💰 Men Stole Over $1 Million From DoorDash Delivery Drivers By Impersonating Them to Customer Service cybercrime – Two men impersonated DoorDash drivers to steal over $1 million by hijacking accounts and redirecting payments. They used stolen personal information to bypass security and change account details. https://www.404media.co/men-stole-over-1-million-from-doordash-delivery-drivers-by-impersonating-them-to-customer-service/

🔐 The feds still can’t get into Eric Adams’ phone security news – NYC Mayor Eric Adams forgot the new passcode to his phone after changing it, complicating federal investigators' efforts to access it amid ongoing fraud and bribery charges against him. https://www.theverge.com/2024/10/2/24260626/fbi-eric-adams-locked-phone-forgotten-changed-password

📸 License Plate Readers Are Creating a US-Wide Database of More Than Just Cars privacy – License plate readers in the US are compiling extensive databases that capture political affiliations and personal beliefs, raising concerns about privacy and surveillance as they collect data beyond just vehicle information. https://www.wired.com/story/license-plate-readers-political-signs-bumper-stickers/

🔒 DOJ, Microsoft seize 107 domains used in Russian attacks security news – The DOJ and Microsoft seized 107 domains linked to Russia's Callisto Group, disrupting a phishing campaign targeting US government agencies and other organizations, aimed at stealing sensitive information. https://www.theregister.com/2024/10/03/russian_phishing_domains_seized/

👮‍♀️ Dutch police breached by a state actor data breach – A state actor has been blamed for hacking into the Dutch police system, exposing contact details of officers. The investigation is ongoing, with security measures implemented to protect affected personnel. https://securityaffairs.com/169328/hacking/dutch-police-breached-by-state-actor.html

👓 Harvard duo modifies Meta glasses to grab strangers' info security news – Harvard students developed 'I-XRAY,' a system using Meta smart glasses to identify individuals and compile personal information from publicly available sources, highlighting privacy concerns in the AI era. https://www.theregister.com/2024/10/04/harvard_engineer_meta_smart_glasses/

💼 Crook made millions by breaking into execs’ Office365 inboxes, feds say cybercrime – UK national Robert B. Westbrook has been charged with a hack-to-trade scheme, illegally accessing Office365 accounts of US executives to steal financial reports, earning approximately $3.75 million from insider trading. https://arstechnica.com/security/2024/10/crook-made-millions-by-breaking-into-execs-office365-inboxes-feds-say/

🎥 Meta’s new “Movie Gen” AI system can deepfake video from a single photo security news – Meta's Movie Gen AI can create realistic videos from a single photo, generating deepfakes and personalized content. While it offers innovative editing and sound synthesis features, it raises significant ethical concerns. https://arstechnica.com/ai/2024/10/metas-new-movie-gen-ai-system-can-deepfake-video-from-a-single-photo/

🔒 Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs security news – Apple's iOS 18.0.1 and iPadOS 18.0.1 updates address two vulnerabilities that could expose audio snippets and passwords. The flaws were fixed with improved validation checks, with no known active exploits reported. https://securityaffairs.com/169381/mobile-2/apple-ios-18-0-1.html

🛬 Ryanair faces GDPR turbulence over customer ID checks security news – Ireland's Data Protection Commission is investigating Ryanair's ID verification process for customers booking through third-party sites, focusing on compliance with GDPR regarding the use of biometric data. https://www.theregister.com/2024/10/05/irish_dpc_ryanair_probe/


Some More, For the Curious

🎒 Danger is Still Lurking in the NVD Backlog security news – The National Vulnerability Database still has a significant backlog of over 18,000 vulnerabilities, with 72.4% unanalyzed. Progress has been made, but many critical vulnerabilities remain unassessed. https://vulncheck.com/blog/nvd-backlog-exploitation-lurking

🔒 More frequent disruption operations needed to dent ransomware gangs, officials say security news – Officials urge for increased frequency of disruption operations against ransomware gangs, as current efforts have proven insufficient. New strategies and international cooperation are essential to combat the rising threat. https://cyberscoop.com/counter-ransomware-initiative-summit-white-house-odni/

🛠️ capa Explorer Web: A Web-Based Tool for Program Capability Analysis security research – Mandiant introduces capa Explorer Web, a browser-based tool for visualizing program capabilities identified by the capa reverse engineering tool, enhancing analysis with interactive features and integration with VirusTotal. https://cloud.google.com/blog/topics/threat-intelligence/capa-explorer-web-program-capability-analysis/

🕵️‍♂️ Notorious Evil Corp Hackers Targeted NATO Allies for Russian Intelligence cybercrime – Evil Corp has been linked to Russian intelligence agencies and tasked with espionage against NATO allies. The group, known for its Dridex malware and ransomware operations, has extorted over $300 million. https://www.wired.com/story/evil-corp-lockbit-russian-intelligence/

🛡️ Level Up Your Security Skills with the New Microsoft Sentinel Ninja Training! security news – Microsoft Sentinel Ninja Training has been revamped with interactive modules, hands-on labs, and real-world scenarios to enhance skills in threat detection and incident response, integrating with Defender XDR for streamlined operations. https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/level-up-your-security-skills-with-the-new-microsoft-sentinel/ba-p/4260106

🚨 Russian authorities arrest nearly 100 in raids tied to cybercriminal money laundering cybercrime – Russian authorities arrested nearly 100 individuals linked to the UAPS payment system and Cryptex exchanges in a money laundering investigation, handling over $1.2 billion in illicit funds for cybercriminals. https://cyberscoop.com/russian-cybercrime-raids-cryptex-uaps/

🔒 14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries vulnerability – Forescout identified 14 vulnerabilities in DrayTek routers, affecting over 704,000 devices globally. Two critical flaws could enable severe attacks, prompting urgent updates from DrayTek. https://securityaffairs.com/169267/security/draytek-routers-flaws-impacts-700000-devices.html

💻 Threat actor believed to be spreading new MedusaLocker variant since 2022 malware – Cisco Talos reports a financially motivated threat actor distributing a new MedusaLocker ransomware variant, 'BabyLockerKZ,' targeting organizations globally since 2022, with a shift from Europe to South America. https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/

📧 Weird Zimbra Vulnerability vulnerability – A Zimbra vulnerability allows hackers to execute remote commands via malformed emails. While exploitation is easy, large-scale infections are unlikely. Defenders should monitor for suspicious email patterns. https://www.schneier.com/blog/archives/2024/10/weird-zimbra-vulnerability.html

⚠️ The Silent Epidemic: Uncovering the Dangers of Alert Fatigue and How to Overcome It security news – Alert fatigue poses a significant threat to cybersecurity, overwhelming security teams and causing critical alerts to be overlooked. Organizations must adopt automation tools and education to mitigate these risks. https://www.cybereason.com/blog/the-silent-epidemic-uncovering-the-dangers-of-alert-fatigue-and-how-to-overcome-it

🛰️ Black Hills Information Security hacking write-up – The article discusses the history and future of satellite technology, highlighting vulnerabilities and notable attacks, including spoofing and jamming. It emphasizes the risks of cyberattacks on satellites and the need for robust security measures. https://www.blackhillsinfosec.com/satellite-hacking/

🐍 Thousands of Linux systems infected by stealthy malware since 2021 malware – A stealthy malware strain named Perfctl has infected thousands of Linux systems since 2021, exploiting over 20,000 misconfigurations and a critical vulnerability, allowing for cryptocurrency mining and unauthorized access. https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/

📊 Introducing the Use Cases Mapper workbook cyber defense – The Use Case Mapper Workbook aids organizations in optimizing Microsoft Sentinel by mapping common security use cases to the MITRE ATT&CK framework, identifying gaps in security solutions, and facilitating updates. https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/introducing-the-use-cases-mapper-workbook/ba-p/4202058


CISA Corner

⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog warning – CISA has added four actively exploited vulnerabilities to its catalog, including critical command injection issues in routers and a deserialization flaw in SAP, posing serious risks to federal networks. https://www.cisa.gov/news-events/alerts/2024/09/30/cisa-adds-four-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added an Ivanti Endpoint Manager SQL Injection vulnerability to its Known Exploited Vulnerabilities Catalog, highlighting risks that malicious actors pose to federal networks. https://www.cisa.gov/news-events/alerts/2024/10/02/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has included a new vulnerability, CVE-2024-45519, affecting Synacor Zimbra, in its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, posing risks to federal networks. https://www.cisa.gov/news-events/alerts/2024/10/03/cisa-adds-one-known-exploited-vulnerability-catalog

⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – CISA issued two advisories on October 1, 2024, highlighting vulnerabilities in Optigo Networks and Mitsubishi Electric ICS. Users are urged to review the advisories for mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/01/cisa-releases-two-industrial-control-systems-advisories ⚙️ CISA Releases Three Industrial Control Systems Advisories vulnerability – CISA issued three advisories on October 3, 2024, addressing vulnerabilities in TEM Opera Plus, Subnet Solutions, and Delta Electronics ICS. Users are urged to review for security details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/03/cisa-releases-three-industrial-control-systems-advisories

🔐 ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations security news – The ASD’s ACSC, alongside CISA and international partners, released a guide outlining six principles for enhancing cybersecurity in operational technology environments to mitigate risks associated with business decisions. https://www.cisa.gov/news-events/alerts/2024/10/01/asds-acsc-cisa-fbi-nsa-and-international-partners-release-guidance-principles-ot-cybersecurity


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Jack Fortin

Tips for Getting the Best Car Loan Rates in British Columbia

Car Loan Rates in British Columbia

Getting the best BC auto loan rate might improve your finances. With changing interest rates and loan possibilities, it's important to know how to receive the best terms. This detailed guide will help you negotiate BC automobile financing and get the best vehicle loan rates.

1. Knowing BC Car Finance

Before applying for a vehicle loan, you must understand BC auto financing. Knowing the sorts of vehicle loans, interest rate considerations, and competing financial institutions is necessary. British Columbia vehicle finance includes online, credit union, and bank loans. Each option has benefits and downsides, and rates depend on credit history, loan amount, and term.

2. Improve Credit Score

Credit score is crucial to getting a cheap vehicle loan rate. Lenders evaluate creditworthiness and interest rates based on credit scores. Lower interest rates are characteristic of better credit scores.

3. BC Auto Loan Rates Compare

Compare BC auto loan rates from several lenders to get the best deals. Different lenders and financial profiles charge different interest rates. Compare rates from banks, credit unions, and internet lenders using web tools. Ask lenders about their rates and any specials or reductions.

4. Get BC Auto Loan Pre-Approval

Pre-approval for a BC auto loans may speed up car buying. Your financial information is reviewed by a lender to establish your maximum loan amount and interest rate before you start car shopping. Pre-approval defines your budget and attracts dealerships. It demonstrates you're serious and can acquire financing, providing you negotiation leverage.

5. Consider Loan Term

The period of your auto loan affects your monthly payments and total interest. Longer loan periods may cut monthly payments but increase interest payments. Consider your budget and financial objectives when choosing a loan term. If you can afford larger monthly payments, a shorter loan period may save you money. If you require lower payments, a longer term may be easier but cost more.

6. Negotiate Car Loan Terms

Never be scared to negotiate your BC auto finance. Many lenders may provide better rates if you have strong credit and are pre-approved. Interest rate, loan period, and fees are negotiable. Being proactive and talking to lenders may get you a better rate or loan terms.

7. Can I Extend My Car Loan?

If you want a car loan extension, then you should examine the advantages and downsides first. Extended terms may lower monthly payments but increase interest charges throughout the loan's life. Discuss loan term extensions with your lender to determine their influence on loan expenses. Make sure the new terms fit your financial objectives and don't cause debt.

8. Read Your Loan Agreement Carefully

Before signing a vehicle loan, read the terms. Consider the interest rate, loan length, payment plan, and fees and penalties. Understanding your loan agreement helps you prevent surprises and hidden fees. Ask your lender for clarification if needed.

Conclusion

The finest car loan rates in British Columbia need preparation and thought. Understanding for BC auto loan approved, boosting your credit score, comparing rates, and negotiating conditions may improve your loan prospects. Check the loan term and agreement to make sure it fits your financial objectives. You can better understand the vehicle loan process and locate the best financing plan with these advices.

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🎮 Be Internet Awesome World: A fun new game to learn about online safety security news – Google's new game, Be Internet Awesome World, teaches kids online safety through interactive lessons on scams, passwords, and personal information sharing. https://blog.google/technology/safety-security/be-internet-awesome-roblox/

🚨 Staying a Step Ahead: Mitigating the DPRK IT Worker Threat security research – Mandiant reports on DPRK IT workers posing as non-North Koreans to infiltrate global companies, generating revenue for the regime and posing cybersecurity risks; awareness and vigilance are crucial. https://cloud.google.com/blog/topics/threat-intelligence/mitigating-dprk-it-worker-threat/

🚴‍♂️ Hacking the “Bike Angels” System for Moving Bikeshares security news – New York City's bikeshare system, Bike Angels, is being exploited by users creating artificial shortages to maximize rewards, prompting a need for system modifications to prevent such hacks. https://www.schneier.com/blog/archives/2024/09/hacking-the-bike-angels-system-for-moving-bikeshares.html

🚗 White House proposes rule to ban Chinese, Russian parts for networked vehicles security news – The White House proposes banning Chinese and Russian components in connected vehicles to address national security threats, targeting parts for connectivity systems amid rising surveillance and hacking concerns. https://cyberscoop.com/us-government-ban-china-russia-connected-cars/

☑️ Privacy Service Optery Faces Backlash After Plan to Send OpenAI User Data privacy – Optery faced criticism for defaulting to transferring user data to OpenAI, leading to a backlash from privacy advocates and a subsequent shift to an opt-in model for data sharing. https://www.404media.co/privacy-service-optery-faces-backlash-after-plan-to-send-openai-user-data/

🧻 Telegram will now hand over your phone number and IP if you’re a criminal suspect security news – Telegram will disclose users' phone numbers and IP addresses to authorities upon valid requests for criminal suspects, reflecting a shift in its privacy policy amid concerns over illegal activities on the platform. https://www.theverge.com/2024/9/23/24252276/telegram-disclose-user-data-legal-requests-criminal-activity

⛰️ Pro-Russia hackers aim DDoS campaign at Austrian websites ahead of elections security news – Pro-Russia hacker groups, including NoName057(16) and OverFlame, have launched DDoS attacks on over 40 Austrian websites ahead of the upcoming elections, causing temporary outages but no lasting damage. https://therecord.media/austria-websites-ddos-incidents-pro-russia-hacktivists

📸 New twist on sextortion scam includes pictures of people's homes cybercrime – A new sextortion scam involves emails with photos of victims' homes, threatening to reveal their online activity unless they pay a ransom, leveraging personal data for intimidation. https://therecord.media/new-twist-on-sextortion-scam-pictures-of-peoples-homes

🍰 Iranian-linked election interference operation shows signs of recent access security news – An alleged Iranian hacking effort targeting Trump’s campaign continues, sharing materials with journalists, suggesting ongoing access to campaign documents, with U.S. officials linking the activity to the Iranian government. https://cyberscoop.com/trump-campaign-hack-new-material-ongoing-access/

🛤️ Who is tracking web behavior the most? Google, obviously privacy – Kaspersky's report reveals Google as the top tracker of online behavior, with its systems like Google Analytics and YouTube Analytics leading the way in data collection across various regions. https://www.theregister.com/2024/09/24/google_online_tracker/

🚙 Study finds many European car resellers fail to delete driver data privacy – A study reveals that 80% of resold cars in Europe contain previous owners' personal data, violating data privacy laws; dealerships are urged to implement structured data deletion processes to avoid legal consequences. https://therecord.media/study-finds-european-car-resellers-fail-to-delete-data

💳 New Android banking trojan Octo2 targets European banks malware – The Octo2 banking trojan has emerged, enhancing remote takeover capabilities and targeting European banks. Its advanced features and leaked source code could expand its use among cybercriminals. https://securityaffairs.com/168857/malware/octo2-android-banking-trojan.html

🪤 New Windows Malware Locks Computer in Kiosk Mode malware – A new malware campaign locks users in their browser's kiosk mode on Google's login page, coercing them to enter their credentials, which are then stolen by information-stealing malware. https://www.schneier.com/blog/archives/2024/09/new-windows-malware-locks-computer-in-kiosk-mode.html

🦊 Data privacy watchdog files complaint against Mozilla for new ad tracking feature privacy – The advocacy group noyb has filed a complaint against Mozilla for implementing a new ad tracking feature in Firefox without user consent, claiming it undermines data privacy rights. https://therecord.media/noyb-europe-complaint-mozilla-firefox-privacy-preserving-attribution

🏎️ Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug vulnerability – Researchers discovered a flaw in Kia's web portal that allowed them to track and control millions of vehicles, highlighting serious security vulnerabilities in the automotive industry’s web-based systems. https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/

📰 When UK rail stations Wi-Fi was defaced by hackers the only casualty was the truth security news – Hackers defaced public Wi-Fi at 19 UK rail stations with a hate-filled message, but the incident was downplayed as a minor cybersecurity breach rather than a major attack, contradicting sensational media coverage. https://www.bitdefender.com/blog/hotforsecurity/when-uk-rail-stations-wi-fi-was-defaced-by-hackers-the-only-casualty-was-the-truth/

💷 UK data watchdog confirms it's investigating MoneyGram data breach data breach – The UK's ICO is investigating MoneyGram following a reported data breach that caused significant operational downtime, affecting customer transactions and partnerships; details on the breach remain unclear. https://techcrunch.com/2024/09/27/uk-data-watchdog-confirms-investigating-moneygram-data-breach/

🖨️ CUPS flaws allow remote code execution on Linux systems under certain conditions vulnerability – A critical vulnerability in the CUPS printing system allows unauthenticated remote code execution on Linux systems. Researchers disclosed multiple flaws, urging users to disable the affected service as a temporary mitigation. https://securityaffairs.com/169001/hacking/cups-flaws-allow-rce-on-linux-systems.html

🤑 Irish Data Protection Commission fines Meta €91 million for passwords stored in plaintext privacy – The Irish Data Protection Commission fined Meta €91 million for violating GDPR by storing users' passwords in plaintext, following a 2019 investigation where Meta disclosed the issue to regulators. https://cyberscoop.com/meta-fined-passwords-plaintext-ireland-millions-users/

📷 Microsoft details security/privacy overhaul for Windows Recall ahead of relaunch security news – Microsoft is revamping its Recall feature for Windows after security concerns, making it opt-in, enhancing encryption, and requiring user re-authentication to access stored data. https://arstechnica.com/?p=2052960


Some More, For the Curious

🤔 The Cyber Resilience Act, an Accidental European Alien Torts Statute? security news – The Cyber Resilience Act may allow the EU to restrict tech sales based on fundamental rights violations, blending cybersecurity with accountability for international actions. https://www.lawfaremedia.org/article/the-cyber-resilience-act--an-accidental-european-alien-torts-statute

🚒 Insecurity through Censorship: Vulnerabilities Caused by The Great Firewall security research – China's Great Firewall manipulates DNS responses, creating vulnerabilities for domains routed through Chinese infrastructure, risking attacks like subdomain takeovers and XSS. https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall

🐀 Move over, Cobalt Strike, there's a new post-exploit tool security research – Attackers are now using Splinter, a new post-exploitation tool capable of executing commands and stealing data, raising concerns for organizations despite being less advanced than Cobalt Strike. https://www.theregister.com/2024/09/23/splinter_red_team_tool/

💀 Necro Trojan infiltrates Google Play and Spotify and WhatsApp mods malware – The Necro Trojan has re-emerged, infecting popular apps on Google Play and modified versions of Spotify and WhatsApp, using techniques like steganography to evade detection and execute malicious activities. https://securelist.com/necro-trojan-is-back-on-google-play/113881/

🔂 Microsoft’s largest ever security transformation detailed in new report security news – Microsoft reveals its largest security overhaul, emphasizing a cultural shift towards security, with 34,000 engineers involved and new governance structures, following criticism of its previous security practices. https://www.theverge.com/2024/9/23/24251945/microsoft-security-report-secure-future-initiative

🤖 A generative artificial intelligence malware used in phishing attacks malware – HP researchers found malware generated by AI in a phishing attack that delivered AsyncRAT, highlighting how generative AI is making it easier for cybercriminals to create sophisticated threats. https://securityaffairs.com/168840/malware/generative-artificial-intelligence-malware.html

🤡 CrowdStrike exec apologizes in front of Congress over huge global IT outage security news – A CrowdStrike executive apologized to Congress for a faulty update that caused a massive IT outage affecting 8.5 million systems, outlining new measures to prevent future incidents. https://cyberscoop.com/crowdstrike-exec-apologizes-congressional-hearing-it-outage/

🎯 China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs) security news – The China-linked APT group Salt Typhoon has compromised several U.S. ISPs, aiming for intelligence gathering and potential cyberattacks, raising concerns about security in critical infrastructure. https://securityaffairs.com/168941/apt/salt-typhoon-china-linked-threat-actors-breached-us-isp.html

🏥 Senate bill eyes minimum cybersecurity standards for health care industry security news – Senators Wyden and Warner introduced the Health Infrastructure Security and Accountability Act to enforce mandatory cybersecurity standards in the health care sector following a ransomware attack on Change Healthcare. https://cyberscoop.com/minimum-cybersecurity-standards-health-care-wyden-warner-bill/

🔒 HPE patches three critical security holes in Aruba PAPI vulnerability – HPE has released urgent patches for three critical vulnerabilities in Aruba access points that allow unauthenticated attackers to execute code remotely, urging upgrades to affected systems. https://www.theregister.com/2024/09/26/hpe_aruba_patch_papi/

📏 NIST Recommends Some Common-Sense Password Rules security news – NIST's draft guidelines propose sensible password rules, including a minimum length of 8-15 characters, no mandatory complexity requirements, and no periodic changes unless compromised. https://www.schneier.com/blog/archives/2024/09/nist-recommends-some-common-sense-password-rules.html

⚠️ Critical Nvidia bug allows container escape, host takeover vulnerability – A critical vulnerability in Nvidia's Container Toolkit (CVE-2024-0132) allows attackers to escape containers and gain control of the host system, affecting 33% of cloud environments; fixes have been issued. https://www.theregister.com/2024/09/26/critical_nvidia_bug_container_escape/

⚖️ The Data Breach Disclosure Conundrum security news – The article discusses the complexities of data breach disclosure, emphasizing the legal and ethical obligations organizations have to notify affected individuals and the potential backlash from non-disclosure, highlighting examples like Deezer and Uber. https://www.troyhunt.com/the-data-breach-disclosure-conundrum/


CISA Corner

🛡️ Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means securnty news – CISA warns that cyber threat actors exploit vulnerable OT/ICS devices using basic methods like default credentials and brute force attacks, urging operators to enhance their security measures. https://www.cisa.gov/news-events/alerts/2024/09/25/threat-actors-continue-exploit-otics-through-unsophisticated-means

📜 ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises security news – A joint guide by ASD ACSC and CISA offers strategies for organizations to detect and mitigate Active Directory compromises, crucial for securing enterprise IT networks against malicious actors. https://www.cisa.gov/news-events/alerts/2024/09/26/asds-acsc-cisa-and-us-and-international-partners-release-guidance-detecting-and-mitigating-active

🛠️ CISA Releases Eight Industrial Control Systems Advisories vulnerability – CISA has issued eight advisories highlighting vulnerabilities in various Industrial Control Systems, urging users to review them for important security updates and mitigations. https://www.cisa.gov/news-events/alerts/2024/09/24/cisa-releases-eight-industrial-control-systems-advisories 🛠️ CISA Releases Five Industrial Control Systems Advisories vulnerability – CISA has published five advisories addressing vulnerabilities in various Industrial Control Systems, urging users to review them for essential security updates and mitigations. https://www.cisa.gov/news-events/alerts/2024/09/26/cisa-releases-five-industrial-control-systems-advisories

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA has included CVE-2024-7593, an authentication bypass vulnerability in Ivanti Virtual Traffic Manager, in its Known Exploited Vulnerabilities Catalog due to active exploitation. https://www.cisa.gov/news-events/alerts/2024/09/24/cisa-adds-one-known-exploited-vulnerability-catalog

🔧 Citrix Releases Security Updates for XenServer and Citrix Hypervisor vulnerability – Citrix has issued security updates for XenServer and Citrix Hypervisor to fix vulnerabilities that could lead to denial of service attacks; users are urged to apply these updates. https://www.cisa.gov/news-events/alerts/2024/09/25/citrix-releases-security-updates-xenserver-and-citrix-hypervisor 🔒 Cisco Releases Security Updates for IOS and IOS XE Software vulnerability – Cisco's September 2024 advisory addresses vulnerabilities in IOS and IOS XE software that could allow cyber actors to take control of affected systems; users are advised to apply updates. https://www.cisa.gov/news-events/alerts/2024/09/26/cisco-releases-security-updates-ios-and-ios-xe-software


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Not Simon 🐐

Country: People's Republic of China Organization: N/A Objective: Espionage (Page Last Updated: October 12, 2024)

Aliases:

Vulnerabilities Exploited

  • ProxyLogon (Sources: ESET, Kaspersky, Sygnia):
    • CVE-2021-26855 (9.8 critical, in CISA's KEV Catalog) Microsoft Exchange Server Remote Code Execution Vulnerability
    • CVE-2021-26857 (7.8 high, in CISA's KEV Catalog) Microsoft Exchange Server Remote Code Execution Vulnerability
    • CVE-2021-26858 (7.8 high, in CISA's KEV Catalog) Microsoft Exchange Server Remote Code Execution Vulnerability
    • CVE-2021-27065 (7.8 high, in CISA's KEV Catalog)
  • unidentified Microsoft SharePoint and Oracle Opera business software vulnerabilities (Source: ESET)
  • CVE-2017-11882 (7.8 high, in CISA's KEV Catalog. Note: associated with alias Tropic Trooper) Microsoft Office Memory Corruption Vulnerability Source: Trend Micro
  • CVE-2012-0158 (8.8 high, in CISA's KEV Catalog. Note: associated with alias Tropic Trooper, KeyBoy) Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability Sources: Unit 42, Citizen Lab
  • CVE-2017-0199 (7.8 high, in CISA's KEV Catalog. Note: associated with alias Tropic Trooper) Microsoft Office and WordPad Remote Code Execution Vulnerability Source: Citizen Lab
  • CVE-2015-1641 (7.8 high, in CISA's KEV Catalog. Note: associated with alias KeyBoy) Microsoft Office Memory Corruption Vulnerability Source: Citizen Lab

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2021

2020

2018

2017

2016

2015

2013

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from Not Simon 🐐

Country: People's Republic of China Organization: Integrity Technology Group Objective: Espionage, Information theft (Page last updated: October 13, 2024)

Aliases (sorted alphabetically):

Associated Company

Integrity Technology Group (Integrity Tech) (Source: FBI (PDF)) aka Yongxin Zhicheng, 永信至诚

Vulnerabilities Exploited

Source: FBI

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2020

  • May 20, 2020?? – PRC Ministry of State Security: 前沿 | 网络靶场,未来安全的基础设施 (web archive of a MSS-run periodical reprinted on IntegrityTech's website, English translation: “Frontier | Cyber ​​Range, the secure infrastructure of the future”)

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know.


Highlight

🚨 Akute Welle an DDoS-Angriffen gegen österreichische Unternehmen und Organisationen security news – Austrian organizations face DDoS attacks, likely linked to hacktivism. Companies should review their defenses and maintain offline contact info for emergencies. https://www.cert.at/de/aktuelles/2024/9/ddos-angriffe-september-2024


News For All

🗳️ Germany’s CDU still struggling with cyberattack fallout security news – Germany's CDU party is facing challenges restoring member data after a June cyberattack, risking its election processes. The restoration deadline has been pushed to November. https://www.theregister.com/2024/09/16/nein_luck_for_germanys_cdu/

🚫 Meta blocks RT and other Russian state media; Kremlin says it's 'unacceptable' security news – Meta bans Russian state media accounts, including RT, citing deceptive influence operations. The Kremlin calls this decision 'unacceptable' and complicates relations with the company. https://therecord.media/meta-bans-russian-state-owned-media-facebook-instagram

🔑 Google’s passkey syncing makes it easier to move on from passwords security news – Google enhances passkey support in Chrome, allowing users to sync passkeys across devices using a Password Manager PIN instead of QR codes, ensuring secure access with end-to-end encryption. https://www.theverge.com/2024/9/19/24248820/google-chrome-passkey-logins-device-sync-password-manager-pin

🐦‍🔥 No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom privacy – The FTC's report reveals that major tech firms inadequately handle vast amounts of user data, particularly concerning children's privacy, and calls for comprehensive federal privacy regulations to address ongoing data extraction issues. https://www.theregister.com/2024/09/19/social_media_data_harvesting_handling_ftc/

🤔 Ever wonder how crooks get the credentials to unlock stolen phones? cybercrime – Law enforcement shut down iServer, a phishing-as-a-service platform that helped unlock over 1.2 million stolen phones by obtaining user credentials through phishing attacks, leading to multiple arrests. https://arstechnica.com/?p=2051165

🤳 Snapchat Reserves the Right to Use AI-Generated Images of Your Face in Ads privacy – Snapchat's 'My Selfie' feature can use users' likenesses in ads by default, unless opted out. The 'See My Selfie in Ads' option is enabled automatically. https://www.404media.co/snapchat-reserves-the-right-to-use-ai-generated-images-of-your-face-in-ads/

🔒 Discord launches end-to-end encrypted voice and video chats privacy – Discord introduces end-to-end encryption for voice and video calls, enhancing user privacy while maintaining content moderation for messages, which remain unencrypted. https://techcrunch.com/2024/09/17/discord-launches-end-to-end-encrypted-voice-and-video-chats/

🖼️ Instagram to bolster privacy and safety features for millions of teen users privacy – Instagram plans to enhance privacy for teen users by making accounts private, limiting content exposure, and implementing features to reduce social media addiction, amid growing regulatory pressure. https://therecord.media/instagram-bolster-privacy-security-teens-children-social-media

⚰️ Scam ‘Funeral Streaming’ Groups Thrive on Facebook cybercrime – Scammers exploit Facebook by creating fake funeral streaming groups, tricking users into providing credit card info. The scheme has expanded to various events, with ties to a group in Bangladesh. https://krebsonsecurity.com/2024/09/scam-funeral-streaming-groups-thrive-on-facebook/

💥 The Mystery of Hezbollah’s Deadly Exploding Pagers security news – Exploding pagers used by Hezbollah have killed 11 and injured nearly 2,800 in Lebanon. Experts suggest a supply chain compromise, not a cyberattack, may be responsible for the blasts. https://www.wired.com/story/pager-explosion-hezbollah/

💣 Walkie-Talkies Explode in New Attack on Hezbollah security news – Exploding two-way radios targeted Hezbollah members in Lebanon, causing multiple deaths and injuries, following a previous attack involving detonating pagers. Experts suspect deep supply chain infiltration by attackers. https://www.wired.com/story/walkie-talkie-explosions-hezbollah/

📱 Your Phone Won’t Be the Next Exploding Pager security news – Recent attacks using booby-trapped pagers and walkie-talkies against Hezbollah have raised concerns about supply chain security. However, modern smartphones are unlikely to be weaponized similarly due to manufacturing complexities. https://www.wired.com/story/exploding-pagers-hezbollah-phones/

📩 U.S. agencies say Iranian hackers tried to pass ‘non-public’ Trump campaign docs to Biden’s campaign security news – U.S. authorities revealed that Iranian hackers sent emails containing stolen Trump campaign information to Biden campaign associates, aiming to influence the 2024 election and stoke political discord. https://cyberscoop.com/iran-hackers-trump-campaign-emails-biden/

🛑 Project Analyzing Human Language Usage Shuts Down Because ‘Generative AI Has Polluted the Data’ security news – The Wordfreq project, which tracked language usage across various media, has been discontinued due to generative AI spam corrupting data quality, rendering the tool ineffective. https://www.404media.co/project-analyzing-human-language-usage-shuts-down-because-generative-ai-has-polluted-the-data/

🔐 D-Link addressed three critical RCE in wireless router models vulnerability – D-Link fixed three critical remote code execution vulnerabilities in WiFi 6 routers, allowing unauthorized access and control. Users are urged to update their firmware to mitigate risks. https://securityaffairs.com/168471/security/d-link-rce-wireless-router-models.html

👨‍💻 Ticketmaster boss who repeatedly hacked rival firm sentenced cybercrime – Stephen Mead, former Ticketmaster boss, was sentenced for hacking rival CrowdSurge, stealing sensitive data, and sharing credentials with colleagues. He faces a year of supervised release and fines. https://www.bitdefender.com/blog/hotforsecurity/ticketmaster-boss-who-repeatedly-hacked-rival-firm-sentenced/

🕵️‍♂️ US government expands sanctions against spyware maker Intellexa cybercrime – The U.S. imposes new sanctions on Intellexa executives linked to the spyware Predator, used to surveil targets including U.S. officials. This action continues efforts against the spyware industry. https://techcrunch.com/2024/09/16/us-government-expands-sanctions-against-spyware-maker-intellexa/

💼 Python Developers Targeted with Malware During Fake Job Interviews malware – The Lazarus Group targets Python developers with fake job interviews to install malware disguised as coding tests. This new tactic complements an ongoing campaign against the Python community. https://www.schneier.com/blog/archives/2024/09/python-developers-targeted-with-malware-during-fake-job-interviews.html


Some More, For the Curious

🩹 Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024 security news – CVE-2024-43461, a recently patched Windows flaw, was exploited as a zero-day, allowing attackers to execute arbitrary code via malicious files. Users are urged to apply the latest updates. https://securityaffairs.com/168467/hacking/windows-cve-2024-43461-actively-exploited-before-july-2024.html

🔑 Secure Boot-neutering PKfail debacle is more prevalent than anyone knew security research – A supply chain failure involving non-production keys compromises Secure Boot protections across various devices, including ATMs and voting machines. The issue affects nearly 1,000 models and highlights significant security risks. https://arstechnica.com/?p=2050182

⚓ Rhysida ships off Port of Seattle data for $6M cybercrime – The Rhysida ransomware group claims to have stolen over 3 TB of data from the Port of Seattle, offering it for 100 Bitcoin. The Port confirmed the attack but refused to pay the ransom. https://www.theregister.com/2024/09/17/rhysida_port_of_seattle/

💸 AT&T agrees to $13 million fine for third-party cloud breach data breach – AT&T settles with the FCC for $13 million over a January 2023 breach affecting 8.9 million customers due to lapses by a third-party vendor, leading to enhanced data protection measures. https://cyberscoop.com/att-agrees-to-13-million-dollar-fcc-fine/

⛓️‍💥 US government 'took control' of a botnet run by Chinese government hackers, says FBI director security news – The FBI seized a botnet of 260,000 devices operated by the Chinese hacking group Flax Typhoon, targeting critical infrastructure in the U.S. and abroad. Malware was removed from compromised devices. https://techcrunch.com/2024/09/18/u-s-government-took-control-of-a-botnet-run-by-chinese-government-hackers-says-fbi-director/

🧅 Tor insists its safe after cops convict CSAM site admin privacy – The Tor Project defends its anonymity after reports of German police using timing analysis to identify users, asserting that vulnerabilities in outdated software, not flaws in Tor, were exploited. https://www.theregister.com/2024/09/19/tor_police_germany/

🧘 SIEM for Small and Medium-Sized Enterprises: What you need to know cyber defense – SMEs are frequent cybercrime targets, with 73% experiencing attacks in 2023. SIEM solutions can enhance their security posture affordably, providing threat detection, compliance, and automated incident response. https://securityaffairs.com/168584/security/siem-sbms-enterprises.html

👻 International law enforcement operation dismantled criminal communication platform Ghost cybercrime – A global law enforcement operation infiltrated the encrypted messaging app Ghost, leading to numerous arrests, including its alleged administrator, and disrupting serious organized crime activities. https://securityaffairs.com/168575/cyber-crime/police-dismantled-criminal-communication-platform-ghost.html

🐡 This Windows PowerShell Phish Has Scary Potential – Krebs on Security security news – A new phishing email targeting GitHub users tricks victims into executing malware via PowerShell by posing as a security alert. The scam poses a significant risk to less tech-savvy Windows users. https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/

🔄 UnitedHealth Group CISO: We had to ‘start over’ after Change Healthcare attack security news – Following a ransomware attack on Change Healthcare, UnitedHealth Group's CISO revealed they had to completely overhaul their IT systems. The recovery involved long hours and focused communication with stakeholders. https://cyberscoop.com/unitedhealth-group-steven-martin-ciso-ransomware-attack-recovery/

🔘 Germany shuts down 47 cryptocurrency exchange services used by cybercriminals cybercrime – German law enforcement has shut down 47 unregistered cryptocurrency exchange services used for money laundering by cybercriminals, seizing extensive user and transaction data to aid investigations. https://therecord.media/germany-cryptocurrency-exchanges-shut-down-money-laundering

🧮 Secret calculator hack brings ChatGPT to the TI-84, enabling easy cheating hacking write-up – A YouTuber modified a TI-84 calculator to access ChatGPT via the internet, allowing students to cheat by receiving answers during tests. The hack includes a custom circuit and software for various cheating tools. https://arstechnica.com/?p=2051342

💻 Hacker behind Snowflake customer data breaches remains active cybercrime – The hacker known as 'Judische' remains active, targeting SaaS providers following the April Snowflake data breach affecting 165 customers. He has reportedly extorted up to $2.7 million. https://cyberscoop.com/snowflake-hacker-judische-labscon-2024/


CISA Corner

⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog vulnerability – CISA identifies two actively exploited vulnerabilities in Microsoft Windows and Progress WhatsUp Gold, urging federal agencies to address these risks promptly to enhance security. https://www.cisa.gov/news-events/alerts/2024/09/16/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog vulnerability – CISA includes four Adobe Flash Player vulnerabilities in its catalog, highlighting their active exploitation and urging federal agencies to remediate them to mitigate risks. https://www.cisa.gov/news-events/alerts/2024/09/17/cisa-adds-four-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Five Known Exploited Vulnerabilities to Catalog vulnerability – CISA adds five vulnerabilities, including issues in Apache, Microsoft, and Oracle products, to its catalog, warning of their exploitation and urging federal agencies to act swiftly. https://www.cisa.gov/news-events/alerts/2024/09/18/cisa-adds-five-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA adds Ivanti's path traversal vulnerability to its catalog, highlighting its active exploitation and urging federal agencies to address this significant security risk promptly. https://www.cisa.gov/news-events/alerts/2024/09/19/cisa-adds-one-known-exploited-vulnerability-catalog

🛠️ CISA Releases Three Industrial Control Systems Advisories warning – CISA issues advisories for Siemens, Millbeck, and Yokogawa ICS, highlighting vulnerabilities and urging users to review for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/09/17/cisa-releases-three-industrial-control-systems-advisories 🛠️ CISA Releases Six Industrial Control Systems Advisories warning – CISA issues six advisories on vulnerabilities in various ICS products, urging users to review the details and implement necessary mitigations to enhance security. https://www.cisa.gov/news-events/alerts/2024/09/19/cisa-releases-six-industrial-control-systems-advisories

🍏 Apple Releases Security Updates for Multiple Products security news – Apple's latest security updates fix vulnerabilities that could allow cyber attackers to take control of devices. Users are urged to review and apply these updates promptly. https://www.cisa.gov/news-events/alerts/2024/09/18/apple-releases-security-updates-multiple-products ☁️ VMware Releases Security Advisory for VMware Cloud Foundation and vCenter Server security news – VMware's advisory highlights vulnerabilities in Cloud Foundation and vCenter Server that could allow attackers to gain control. Users are advised to review and apply updates immediately. https://www.cisa.gov/news-events/alerts/2024/09/19/vmware-releases-security-advisory-vmware-cloud-foundation-and-vcenter-server 🔒 Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance security news – Ivanti addresses an admin bypass vulnerability in its Cloud Services Appliance, urging users to upgrade to the latest version due to confirmed limited exploitation risks. https://www.cisa.gov/news-events/alerts/2024/09/19/ivanti-releases-admin-bypass-security-update-cloud-services-appliance 🔍 Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229 security news – Versa Networks warns of a vulnerability in Versa Director that allows unauthorized access to REST APIs. Organizations are urged to update systems and monitor for malicious activity. https://www.cisa.gov/news-events/alerts/2024/09/20/versa-networks-releases-advisory-vulnerability-versa-director-cve-2024-45229


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Stories of Salt

Read more...

from Sirius

Para quem inicia no Mastodon aqui vão algumas explicações sobre a importância que as hashtags possuem.

Imagem de hashtags A hashtag é uma palavra ou frase que, uma vez precedida pelo símbolo de cerquilha (#), sem espaços, transforma-se em uma etiqueta ou rótulo, na forma de um hiperlink que leva para uma página com outras publicações relacionadas ao mesmo tema.

No Mastodon, bem como em toda federação ActivityPub, a compreensão de suas funcionalidades é essencial, inclusive por questões de acessibilidade.

Barra de pesquisa do Mastodon

Por motivos técnicos de privacidade o Mastodon foi inicialmente desenhado para permitir apenas as seguintes formas de busca:

  1. Por hashtags (#exemplo);
  2. Pessoas (@nomedousuário@domínio);
  3. URL (links) de perfis e de posts;

Atualmente o mastodon permite a busca por texto simples, mas para que as postagens dos usuários se tornem visíveis é necessário que optem por isso (então se você quer que o texto de suas postagens públicas sejam vistos na busca, acesse as configurações de sua conta e marque para permitir essa opção).

A pesquisa por hashtags é precisa e abrange todas as pessoas de instâncias federadas à sua, independentemente de você seguir a pessoa ou não, e sem a influência de qualquer algoritmo.

Note também que você pode seguir uma hashtag, caso seja um assunto do seu interesse, clicando no botão destacado acima. Quando você segue uma hashtag, todas as postagens das pessoas pertencentes à sua instância ou das instâncias federadas à sua, independentemente ou não de você segui-las, que contenham essa hashtag, serão exibidas na sua página inicial.

Usando Hashtags e Noções de Respeito

As hashtags, portanto, devem ter um # no início e não podem ter alguns caracteres especiais no início e no meio (ponto, espaço, arroba, asterisco, etc.).

O sistema de hashtags atualmente não diferencia a acentuação e alguns caracteres especiais que são permitidos, como o (ç), por exemplo, de modo que as hashtags #política e #politica (sem acento no i) ou #paçoca e #pacoca, são unificadas pela busca da plataforma.

Se você deseja pesquisar uma frase, digite tudo como uma palavra, como #CatsOfMastodon.

Se você deseja que sua postagem seja encontrada com mais facilidade nas pesquisas, inclua muitas hashtags relevantes. Não há problema em usar muitas dessas etiquetas, as pessoas entendem que são necessárias nesse tipo de sistema de busca.

Ademais, o uso das Hashtags devem respeitar uma relevante questão de acessibilidade. Existem muitos usuários cegos no Mastodon e no Fediverso que usam leitores de tela para converter texto em áudio.

Portanto, ao postar hashtags, existe uma formatação correta, que consiste no uso do método chamado de CamelCase (onde cada palavra começa com uma letra maiúscula), por exemplo #CatsOfMastodon em vez de #catsofmastodon. As letras maiúsculas permitem que os aplicativos de leitura de tela separem as palavras corretamente e leiam a hashtag em voz alta corretamente.

Aliás, é importante mencionar uma hashtag super relevante do universo Mastodon, a famosa #Alt4Me.

Quando uma imagem de uma postagem não possui descrição e há a hashtag #Alt4Me adicionada a ela pela pessoa que a postou, isso pode significar que o autor da postagem não consegue adicionar uma descrição (por exemplo, devido a uma deficiência), mas esteja ciente de que é necessário, então ele adicionou a etiqueta preventivamente.

A hashtag #Alt4Me geralmente significa que uma pessoa cega quer que você escreva uma descrição da imagem. Responda à postagem com a hashtag e forneça a descrição.

Note que a sistemática de hashtags não faz distinção se as palavras estão em caixa alta ou caixa baixa, portanto, #CatsOfMastodon ou #catsofmastodon são exatamente a mesma coisa para fins de pesquisa, de modo que o único diferencial em seguir o “CamelCase” está em propiciar um ambiente mais acessível às pessoas cegas, que deve ser respeitado.

Hashtags e filtros

Outra funcionalidade importante das hashtags é que elas permitem às pessoas que não querem ver postagens relacionadas a determinado assunto ou tema, que utilizem um filtro cuja função é tornar esses posts invisíveis, sem a necessidade de silenciar, bloquear ou deixar de seguir um usuário.

Ao utilizar o Mastodon é muito importante que você compreenda que se trata de uma rede social que recebe e acolhe pessoas que vieram de outras redes sociais, de propriedade capitalista, buscando um ambiente menos tóxico.

Sendo assim, existem temas que devem ser rotulados pelas hashtags não só para facilitar que pessoas interessadas os encontrem, mas também para permitir que pessoas que se incomodam com eles os filtrem.

Vamos usar como exemplo o caso do futebol. Eu adoro o esporte, tenho meu time de coração (Flamengo) mas convenhamos que há pessoas que não veem a menor graça e, ademais, existe uma “cultura do futebol” em nosso País, que é extremamente problemática, incluindo violência entre torcidas, machismo, homofobia e racismo.

Não custa nada, portanto, incluir a hashtag #futebol em suas postagens sobre o tema, ou outras em temas sensíveis, como #PolíticaPartidária.

Evidentemente você também tem a ferramenta dos avisos de conteúdo, mas acho a hashtag mais eficiente, pelo fato de permitir que os interessados encontrem a postagem, bem como os desinteressados a tornem completamente invisível sem sequer a necessidade de ler o aviso de conteúdo sobre o tema.

Aqui explico, portanto, como filtrar as hashtags.

No menu lateral vá em Preferências > Filtros e depois clique em Adicionar Filtro. Abrirá a seguinte tela:

Aba de filtros no Mastodon

O título do filtro, indicado pela seta vermelha, como o nome diz, é apenas um título, para te ajudar a encontrar o filtro em sua lista de filtros.

A seta verde indica o tempo de validade do filtro (que pode ser permanente, como visto no exemplo). Às vezes você não se importa em visualizar algo sobre futebol ou política, mas durante os jogos ou durante o período eleitoral, você não quer ser inundado de postagens sobre o tema, de modo que pode criar um filtro com duração provisória.

Em “Contextos do filtro” (retângulo rosa) você escolhe onde o filtro vai exercer sua função de ocultar mensagens, no exemplo dado marquei a opção de ocultar as postagens da página inicial e das linhas públicas, mas você pode fazer uma filtragem mais severa, se preferir, filtrando perfis de usuário e conversas.

Em “Filter action” você pode escolher se a postagem filtrada vai ser indicada para você com um aviso ou se ela desaparecerá completamente sem qualquer notificação, como se a postagem jamais tivesse existido.

Em “Palavra-chave ou frase”, indicado pela seta amarela na parte de baixo, você digita a hashtag que quer filtrar.

Após Salvar Novo Filtro, conforme o botão indicado pela seta azul, você não irá visualizar qualquer postagem em sua linha do tempo ou nas linhas públicas que contenham a hashtag selecionada (no caso do nosso exemplo: #futebol).

Você pode adicionar quantos filtros desejar.

Essas eram as minhas considerações a respeito das hashtags. Espero que aproveitem bastante e criem muitas hashtags interessantes no universo brasileiro do Mastodon.

#Hashtag #MastoDicas #Mastodon #Tutorial

 
Leia mais...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know.


News For All

🕸️ Google’s dark web monitoring service will soon be free for all users privacy – Google is making its dark web monitoring service available for all users, enhancing privacy protection by alerting individuals to potential leaks of their personal information. https://www.theverge.com/2024/7/9/24194970/google-one-free-dark-web-monitoring

🧞‍♀️ What You Need to Know About Grok AI and Your Privacy privacy – Grok AI, integrated with X, raises privacy concerns by automatically using user data for training. Users can opt out, but awareness of data sharing settings is crucial for protecting privacy. https://www.wired.com/story/grok-ai-privacy-opt-out/

🚗 Thousands of Avis car rental customers had personal data stolen in cyberattack data breach – Avis has reported a cyberattack affecting nearly 300,000 customers, with stolen data including names, addresses, and driver’s license numbers. The breach raises concerns about data security practices. https://techcrunch.com/2024/09/09/thousands-of-avis-car-rental-customers-had-personal-data-stolen-in-cyberattack/

💳 1.7M potentially pwned by payment services provider breach data breach – Slim CD has notified around 1.7 million customers of a data breach affecting credit card information and personal details, detected nearly a year after the initial intrusion. https://www.theregister.com/2024/09/09/slim_cd_breach/

📢 Ford seeks patent for tech that listens to driver conversations to serve ads privacy – Ford is pursuing a patent for technology that tailors in-car ads by listening to conversations and analyzing vehicle data, raising privacy concerns over data protection measures. https://therecord.media/ford-patent-application-in-vehicle-listening-advertising

1️⃣ WhatsApp 'View Once' could be 'View Whenever' due to a flaw security news – A flaw in WhatsApp's 'View Once' feature allows recipients to bypass privacy controls, enabling media to be saved and shared despite intended restrictions. A fix is reportedly in progress. https://www.theregister.com/2024/09/09/whatsapp_view_once_flaw/

💸 Crypto scams rake in $5.6B a year for lowlifes, FBI says cybercrime – The FBI reports that crypto-related scams cost Americans over $5.6 billion in 2023, with a sharp rise in investment scams targeting older individuals. Victims often lose money to fraudulent schemes and recovery scams. https://www.theregister.com/2024/09/10/crypto_scams_rake_in_56/

🚫 In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram cybercrime – Following the arrest of Telegram's founder, many cybercriminals are abandoning the platform over fears that user data may be shared with authorities, impacting their operations. https://www.404media.co/in-wake-of-durov-arrest-some-cybercriminals-ditch-telegram/

💔 You paid the ransom, and now the decryptor doesn't work security news – Organizations paying ransoms for Hazard ransomware found that the provided decryptor failed to work, highlighting the risks of relying on criminals for data recovery post-breach. https://www.theregister.com/2024/09/11/ransomware_decryptor_not_working/

💵 TD Bank fined $28 million for sharing inaccurate and negative data on customers privacy – TD Bank has been fined $28 million by the CFPB for sharing incorrect negative data about customers, harming their ability to obtain credit and employment. Nearly $8 million will go to affected consumers. https://therecord.media/td-bank-fined-28-million-cfpb-data-sharing

🚨 Stalker Allegedly Created AI Chatbot on NSFW Platform to Dox and Harass Woman cybercrime – A Massachusetts man, James Florence Jr., was arrested for stalking and harassing a professor for seven years, using AI to create fake nudes and chatbots that shared her personal information online. https://www.404media.co/stalker-allegedly-created-ai-chatbot-on-nsfw-platform-to-dox-and-harass-woman/

🏥 Healthcare giant settles patient data theft lawsuit for $65M data breach – Lehigh Valley Health Network will pay $65 million to settle a lawsuit after a ransomware attack by the ALPHV gang exposed sensitive data, including nude photographs of patients. https://www.theregister.com/2024/09/12/lvhn_lawsuit_ransom/

🚔 British teen arrested over cyberattack on London transportation agency security news – A 17-year-old was arrested for a cyberattack on Transport for London, which compromised customer data including names and bank details. The agency continues to address the ongoing security incident. https://cyberscoop.com/british-teen-arrested-over-cyberattack-on-london-transportation-agency/

📺 Vo1d malware infected 1.3M Android malware – The Vo1d malware has infected 1.3 million Android TV boxes across 197 countries, acting as a backdoor to allow secret software installations, primarily targeting devices with outdated OS versions. https://securityaffairs.com/168342/malware/vo1d-android-malware-tv-boxes.html

🚸 Tennessee school district loses $3.4 million to a fake curriculum vendor cybercrime – A Tennessee school district lost $3.36 million after an employee was tricked by a fraudulent email impersonating Pearson, leading to unauthorized wire transfers for online curriculum materials. https://therecord.media/tennessee-school-district-loses-3-million-bec-scam

💰 23andMe agrees to pay $30 million to settle lawsuit over massive data breach data breach – 23andMe will pay $30 million to settle a class-action lawsuit stemming from a 2023 data breach that exposed over 6.9 million customers, particularly targeting users with specific heritage. https://www.theverge.com/2024/9/13/24243986/23andme-settlement-dna-data-breach-lawsuit

🔍 Yubikey Key Vulnerability – How It Affects You vulnerability – Yubico's new vulnerability may allow key extraction but requires physical access and a PIN. Most users are safe, though high-security organizations should reconsider attestation trust. https://fy.blackhats.net.au/blog/2024-09-09-yubikey-key-vulnerability/


Some More, For the Curious

🦁 Predator spyware operation is back with a new infrastructure cybercrime – Researchers report a resurgence of Predator spyware, utilizing new infrastructure to evade detection after U.S. sanctions against its developers. The spyware poses significant risks to high-profile targets. https://securityaffairs.com/168222/intelligence/predator-spyware-new-infrastructure.html

📡 Gap Computers by Spelling Covert Radio Signals from Computer RAM security research – This research reveals how malware can leak sensitive data from air-gapped computers by emitting covert radio signals. https://arxiv.org/abs/2409.02292

🔧 Zero Day Initiative — The September 2024 Security Update Review security news – September updates from Adobe and Microsoft address multiple critical vulnerabilities across various products, including code execution and security feature bypasses, highlighting urgent patching needs. https://www.thezdi.com/blog/2024/9/10/the-september-2024-security-update-review

🛡️ Taking steps that drive resiliency and security for Windows customers security news – At a recent summit, Microsoft and security vendors discussed enhancing Windows endpoint security and resilience, emphasizing collaboration and transparency to combat modern threats effectively. https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/

📊 CISA Releases Analysis of FY23 Risk and Vulnerability Assessments security research – CISA's latest analysis reveals insights from 143 Risk and Vulnerability Assessments, illustrating attack paths and mapping threat actor behaviors to the MITRE ATT&CK® framework. https://www.cisa.gov/news-events/alerts/2024/09/13/cisa-releases-analysis-fy23-risk-and-vulnerability-assessments

©️ New Chrome Zero-Day vulnerability – Microsoft researchers report that North Korean hackers are exploiting a Chrome zero-day vulnerability to steal cryptocurrency, highlighting ongoing security risks. https://www.schneier.com/blog/archives/2024/09/new-chrome-zero-day.html

📍 Rogue WHOIS server gives researcher superpowers no one should ever have security research – Security researcher Benjamin Harris exploited a defunct WHOIS server, gaining the ability to issue counterfeit HTTPS certificates and track emails, raising concerns about misplaced trust in the WHOIS system. https://arstechnica.com/?p=2048683

🔑 As quantum computing threats loom, Microsoft updates its core crypto library security news – Microsoft has updated its SymCrypt library with two new encryption algorithms designed to resist quantum computing attacks, marking the beginning of a major overhaul to enhance cryptographic security. https://arstechnica.com/?p=2049244

🔮 Mastercard buys Recorded Future for $2.65 billion security news – Mastercard has announced its acquisition of cybersecurity firm Recorded Future for $2.65 billion, aiming to enhance its cybersecurity services and threat intelligence capabilities. https://cyberscoop.com/mastercard-buys-recorded-future/

👺 Monitoring High Risk Azure Logins cyber defense – After a potential business email compromise, the SOC investigated high-risk logins via Azure AD Identity Protection, focusing on user behavior and multi-factor authentication to detect compromised accounts. https://www.blackhillsinfosec.com/monitoring-high-risk-azure-logins/

🗣️ Microsoft is building new Windows security features to prevent another CrowdStrike incident security news – Microsoft plans to enhance Windows security features following a CrowdStrike incident that affected millions of systems, aiming to move security vendors out of the Windows kernel for better reliability. https://www.theverge.com/2024/9/12/24242947/microsoft-windows-security-kernel-access-features-crowdstrike

🧱 Fortinet confirms customer data breach data breach – Fortinet has confirmed a data breach affecting less than 0.3% of its customers, with files accessed from a third-party cloud drive, potentially impacting around 1,500 corporate clients. https://techcrunch.com/2024/09/13/fortinet-confirms-customer-data-breach/

⚖️ ‘Terrorgram’ Charges Show US Has Had Tools to Crack Down on Far-Right Terrorism All Along security news – The indictment of two members of the Terrorgram Collective reveals a shift in U.S. law enforcement's approach to far-right terrorism, utilizing a rarely applied legal strategy to address violent extremism and inspire future attacks. https://www.wired.com/story/terrorgram-collective-indictments/

👉 US accuses RT, others of covert arms dealing, global influence operations security news – The U.S. has sanctioned RT for operating a crowdfunding site that allegedly funneled weapons to Russian soldiers, revealing ties to Russian intelligence and efforts to influence global elections. https://cyberscoop.com/rt-arms-dealing-global-influence-operations/

⚓ Port of Seattle refuses to pay Rhysida ransom, warns of data leak cybercrime – The Port of Seattle declined to pay a ransom to the Rhysida ransomware group, which caused disruptions at the airport and seaport, warning of potential data leaks while restoring affected systems. https://therecord.media/seattle-port-rhysida-ransom-refused

💣 A Creative Trick Makes ChatGPT Spit Out Bomb-Making Instructions security research – An artist tricked ChatGPT into providing bomb-making instructions by framing the request within a science-fiction narrative, exploiting the AI's storytelling context to bypass safety restrictions. https://www.wired.com/story/chatgpt-jailbreak-homemade-bomb-instructions/


CISA Corner

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog vulnerability – CISA has added three vulnerabilities to its catalog, highlighting risks to federal networks due to active exploitation. Agencies must address these threats to enhance cybersecurity. https://www.cisa.gov/news-events/alerts/2024/09/09/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog vulnerability – CISA has added four new Microsoft vulnerabilities to its catalog, highlighting serious risks due to active exploitation and urging federal agencies to address them promptly. https://www.cisa.gov/news-events/alerts/2024/09/10/cisa-adds-four-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA has included a new Ivanti vulnerability in its catalog, emphasizing the significant risks it poses to federal networks due to active exploitation. https://www.cisa.gov/news-events/alerts/2024/09/13/cisa-adds-one-known-exploited-vulnerability-catalog

🏭 CISA Releases Four Industrial Control Systems Advisories warning – CISA has issued four advisories addressing vulnerabilities in Industrial Control Systems, urging users to review them for crucial security information and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/09/10/cisa-releases-four-industrial-control-systems-advisories

🆙 Citrix Releases Security Updates for Citrix Workspace App for Windows vulnerability – Citrix has issued security updates for its Workspace App for Windows to fix multiple vulnerabilities that could allow attackers to take control of affected systems. https://www.cisa.gov/news-events/alerts/2024/09/10/citrix-releases-security-updates-citrix-workspace-app-windows 🆙 Ivanti Releases Security Updates for Endpoint Manager, Cloud Service Application, and Workspace Control vulnerability – Ivanti has released updates to fix multiple vulnerabilities in its Endpoint Manager and Cloud Service Application, which could potentially allow attackers to take control of affected systems. https://www.cisa.gov/news-events/alerts/2024/09/10/ivanti-releases-security-updates-endpoint-manager-cloud-service-application-and-workspace-control


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Not Simon 🐐

Country: Islamic Republic of Iran Organization: Ministry of Intelligence and Security (MOIS) Objective: Espionage, Sabotage (Page last updated October 12, 2024)

Aliases (sorted alphabetically):

Sub-group:

Known Associates

  • Mojtaba Mostafavi. Source: U.S. Treasury (linked by PwC, via Lab Dookhtegan leaks)
  • Farzin Karimi Mazlganchai: PwC

Vulnerabilities Exploited

  • CVE-2024-30088, (CVSS3v1: 7.0 high) Windows Kernel Elevation of Privilege Vulnerability Source: Trend Micro
  • CVE-2019-0604 (CVE, NVD. CVSSv3.1: 9.8 critical, in CISA's KEV Catalog) Microsoft SharePoint Remote Code Execution Vulnerability Source: Microsoft
  • CVE-2017-11882 (CVE, NVD. CVSSv3.1: 7.8 high, in CISA's KEV Catalog) Microsoft Office Memory Corruption Vulnerability Source: Mandiant
  • CVE-2017-0199 (CVE, NVD, CVSS3v1: 7.8 high, in CISA's KEV Catalog) Microsoft Office and WordPad Remote Code Execution Vulnerability Source: Unit 42

Tactics, Techniques, and Procedures (TTPs)

Known Tools Used

As listed by MITRE

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from Not Simon 🐐

Country: People's Republic of China Organization: Loosely connected private contractors operating on behalf of China’s Ministry of State Security (MSS). Some have worked at Chengdu 404 Network Technology Objective: Espionage, Information theft, Financial crime (Page last updated: September 22, 2024)

Aliases (sorted alphabetically):

Subgroups

Identified Members

Associated Company

Chengdu Si Lingsi (404) Network Technology Company Ltd. (成都市肆零肆网络科技有限公司)

Vulnerabilities Exploited

  • CVE-2018-0824 (7.5 high, in CISA's KEV Catalog) Microsoft COM for Windows Remote Code Execution Vulnerability Source: Cisco
  • CVE-2017-0199 (7.8 high, in CISA's KEV Catalog) Microsoft Office and WordPad Remote Code Execution Vulnerability Sources: Clearsky, Fortinet, FireEye
  • CVE-2019-3396 (9.8 critical, in CISA's KEV Catalog) Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability. Sources: FireEye, Fortinet
  • CVE-2015-1641 (7.8 high, in CISA's KEV Catalog) Microsoft Office Memory Corruption Vulnerability Source: Fortinet
  • CVE-2012-0158 (8.8 high, in CISA's KEV Catalog) Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability Sources: Fortinet, FireEye
  • CVE-2017-11882 (7.8 high, in CISA's KEV Catalog) Microsoft Office Memory Corruption Vulnerability Source: FireEye

The following 7 vulnerabilities have the same source: U.S. DOJ

  • CVE-2019-19781 (9.8 critical, in CISA's KEV Catalog) Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability Additional sources: FireEye, Fortinet
  • CVE-2019-11510 (10.0 critical, in CISA's KEV Catalog) Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
  • CVE-2019-16920 (9.8 critical, in CISA's KEV Catalog) D-Link Multiple Routers Command Injection Vulnerability
  • CVE-2019-16278 (9.8 critical) Nostromo 1.9.6 Directory Traversal/ Remote Command Execution Vulnerability
  • CVE-2019-1652 (7.2 high, in CISA's KEV Catalog) Cisco Small Business Routers Improper Input Validation Vulnerability. Additional source: FireEye
  • CVE-2019-1653 (7.5 high, in CISA's KEV Catalog) Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability. Additional source: FireEye
  • CVE-2020-10189 (9.8 critical, in CISA's KEV Catalog) Zoho ManageEngine Desktop Central File Upload Vulnerability. Additional sources: FireEye, Fortinet

The following 2 vulnerabilities have the same source: Mandiant

  • CVE-2021-44228 (10.0 critical, in CISA's KEV Catalog) Apache Log4j2 Remote Code Execution Vulnerability (aka Log4Shell).
  • CVE-2021-44207 (8.1 high) Acclaim USAHERDS Hard-Coded Credentials Vulnerability

Tactics, Techniques, and Procedures

Mapped to MITRE ATT&CK Navigator Layers

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2013

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from Not Simon 🐐

Country: Russia Organization: Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) Objective: Espionage, Sabotage, Assassinations, Influence Operations (Page last updated: September 07, 2024)

Aliases:

Identified Members

Vulnerabilities Exploited

  • CVE-2017-11882 (7.8 high, in CISA's KEV Catalog) Microsoft Office Memory Corruption Vulnerability Source: Unit 42

The following 5 vulnerabilities have the same source: CISA

  • CVE-2021-33044 (9.8 critical, in CISA's KEV Catalog) Dahua IP Camera Authentication Bypass Vulnerability
  • CVE-2021-33045 (9.8 critical, in CISA's KEV Catalog) Dahua IP Camera Authentication Bypass Vulnerability
  • CVE-2022-26134 (9.8 critical, in CISA's KEV Catalog) Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
  • CVE-2022-26138 (9.8 critical, in CISA's KEV Catalog) Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
  • CVE-2022-3236 (9.8 critical, in CISA's KEV Catalog) Sophos Firewall Code Injection Vulnerability

Exploitation Likely

CISA and co-authoring agencies warned on 06 September 2024 that Unit 29155 cyber actors have been observed obtaining the respective exploit scripts for the following 5 vulnerabilities:

  • CVE-2020-1472 (9.8 critical, in CISA's KEV Catalog) Microsoft Netlogon Privilege Escalation Vulnerability
  • CVE-2021-26084 (9.8 critical, in CISA's KEV Catalog) Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
  • CVE-2021-3156 (7.8 high, in CISA's KEV Catalog) Sudo Heap-Based Buffer Overflow Vulnerability
  • CVE-2021-4034 (7.8 high, in CISA's KEV Catalog) Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
  • CVE-2022-27666 (7.8 high) Red Hat: IPSec ESP Local Privilege Escalation Vulnerability

Tactics, Techniques, and Procedures

Mapped to MITRE ATT&CK Navigator Layers

screenshot of Russia GRU Unit 29155 MITRE ATT&CK TTPs in a visual chart compiled using ATT&CK Navigator Layers

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2021

 
Read more...

from Nicholas Spencer

The rapid advancement of generative AI is reshaping the cybersecurity industry. As AI capabilities grow exponentially, we're witnessing a swift evolution in how both defensive and offensive cybersecurity operations function. This transformation is not only changing the nature of cyber threats and defences but also significantly impacting the cybersecurity workforce.

AI in Defensive Cybersecurity

In the realm of defensive cybersecurity, AI is revolutionising how Security Operations Centres (SOCs) function, particularly in alert triage and investigation. Currently, SOC analysts face the repetitive task of sifting through countless alerts, many of which turn out to be false positives. This labour-intensive process has long been a bottleneck in effective threat response. However, the emergence of AI-powered services claiming to automate initial alert investigations is changing the game.

Traditionally, level-1 SOC analysts have been responsible for the initial triage, following established playbooks to investigate alerts and escalate when necessary. This repetitive work, while crucial, is ripe for automation. As AI systems become more sophisticated, it's increasingly likely that much of this level-1 work will be fully automated in the near future, with AI systems capable of escalating complex alerts to experienced human analysts when required.

AI in Offensive Cybersecurity

On the offensive side, AI is already making significant waves in how penetration testing and vulnerability assessments are conducted. AI-powered tools are automating many aspects of basic penetration testing. These sophisticated systems can efficiently scan for running services and exploit known vulnerabilities, tasks that previously required significant human intervention. Moreover, these AI tools are adept at examining websites and identifying a wide range of vulnerabilities, including those listed in the OWASP Top 10 – a critical benchmark in web application security.

Even in scenarios where AI tools can't autonomously exploit applications, they're proving to be invaluable assistants to human penetration testers. This AI augmentation is a game-changer, potentially elevating a novice penetration tester to perform at the level of someone with years of experience. For seasoned professionals, AI acts as a capability multiplier, enabling them to uncover more complex vulnerabilities and delve deeper into system weaknesses.

The AI Arms Race in Cybersecurity

The rapid growth in AI capabilities is evident in both defensive and offensive security domains. While major AI model creators are implementing safeguards to limit their systems' ability to assist with cybersecurity exploitation, numerous other models exist without such restrictions. This proliferation of unrestricted AI tools raises significant concerns about their potential misuse by malicious actors.

The same AI-powered tools that enhance the capabilities of ethical penetration testers and defensive analysts could equally empower cyber criminals. This dual-use nature of AI in cybersecurity is leading towards what appears to be an AI driven arms race. On one side, AI will be leveraged to bolster system defences, automate alert triage, and uncover vulnerabilities for patching. On the other, it will be weaponized to launch more sophisticated attacks that are harder to detect and remediate.

Impact on the Cybersecurity Workforce

While this automation of cyber defence promises increased efficiency and potentially improved threat response times, it also raises concerns about the future of the cybersecurity workforce, particularly entry-level roles. As AI takes over many tasks traditionally performed by junior analysts and penetration testers, we may see a significant reduction in entry-level positions, which have long served as a crucial stepping stone for aspiring cybersecurity professionals.

This shift could potentially exacerbate the existing cybersecurity skills gap. With fewer entry-level positions available, it may become increasingly challenging for interested individuals to gain the hands-on experience necessary to progress in the field. This bottleneck could lead to a shortage of mid-level and senior professionals in the long term, as the traditional career pipeline is disrupted.

However, it's important to note that as AI brings new efficiencies to cybersecurity, it also introduces new threats and challenges. The cybersecurity landscape is evolving rapidly, with AI-powered attacks becoming more sophisticated and prevalent. This evolution will inevitably create new roles and specialisations within the field, potentially offsetting some of the job losses in existing areas.

The Future of Cybersecurity

As we stand on the brink of this new era in cybersecurity, it's clear that AI will play a pivotal role in shaping the future of the field. The exact shape of the cybersecurity workforce remains uncertain. While AI will undoubtedly automate many current tasks, it will also create new opportunities and challenges that require human expertise.

While AI tools are making certain aspects of cybersecurity more accessible, they're also raising the bar for what constitutes advanced skills in both defensive and offensive security. Professionals in this field will need to adapt quickly, learning to work alongside AI tools effectively while also staying ahead of AI threats.

The key for professionals and students in this field will be to stay adaptable, continuously learning and evolving their skills to remain relevant in this AI augmented landscape. Embracing these new tools responsibly, using them to enhance our defensive capabilities while also preparing for the inevitable rise in AI assisted cyber attacks, will be crucial for the future of cybersecurity.

Disclaimer: While I developed the ideas and topics of this post, I used Claude AI (Sonnet 3.5) as a tool to help format and structure it for clarity and coherence.

 
Read more...

from Bruno Miguel

I got a job over a month ago. I mean, kinda. It's something I can do when I'm capable of, concerns writing (including reviewing and correcting other people's work), and pays around double the hourly minimum wage in my country.

I can usually work 2 hours a day, sometimes 3 or 4 hours, 5 or 6 days a week. There are also days when I'm in such pain that I can't do a thing.

I don't make a fortune (I wouldn't mind, though!), but at least it has been enough to be able to pay for my medications.

#Job #LifeUpdate

 
Read more...