Infosec Press

Reader

Read the latest posts from Infosec Press.

from Jack Fortin

Tips for Getting the Best Car Loan Rates in British Columbia

Car Loan Rates in British Columbia

Getting the best BC auto loan rate might improve your finances. With changing interest rates and loan possibilities, it's important to know how to receive the best terms. This detailed guide will help you negotiate BC automobile financing and get the best vehicle loan rates.

1. Knowing BC Car Finance

Before applying for a vehicle loan, you must understand BC auto financing. Knowing the sorts of vehicle loans, interest rate considerations, and competing financial institutions is necessary. British Columbia vehicle finance includes online, credit union, and bank loans. Each option has benefits and downsides, and rates depend on credit history, loan amount, and term.

2. Improve Credit Score

Credit score is crucial to getting a cheap vehicle loan rate. Lenders evaluate creditworthiness and interest rates based on credit scores. Lower interest rates are characteristic of better credit scores.

3. BC Auto Loan Rates Compare

Compare BC auto loan rates from several lenders to get the best deals. Different lenders and financial profiles charge different interest rates. Compare rates from banks, credit unions, and internet lenders using web tools. Ask lenders about their rates and any specials or reductions.

4. Get BC Auto Loan Pre-Approval

Pre-approval for a BC auto loans may speed up car buying. Your financial information is reviewed by a lender to establish your maximum loan amount and interest rate before you start car shopping. Pre-approval defines your budget and attracts dealerships. It demonstrates you're serious and can acquire financing, providing you negotiation leverage.

5. Consider Loan Term

The period of your auto loan affects your monthly payments and total interest. Longer loan periods may cut monthly payments but increase interest payments. Consider your budget and financial objectives when choosing a loan term. If you can afford larger monthly payments, a shorter loan period may save you money. If you require lower payments, a longer term may be easier but cost more.

6. Negotiate Car Loan Terms

Never be scared to negotiate your BC auto finance. Many lenders may provide better rates if you have strong credit and are pre-approved. Interest rate, loan period, and fees are negotiable. Being proactive and talking to lenders may get you a better rate or loan terms.

7. Can I Extend My Car Loan?

If you want a car loan extension, then you should examine the advantages and downsides first. Extended terms may lower monthly payments but increase interest charges throughout the loan's life. Discuss loan term extensions with your lender to determine their influence on loan expenses. Make sure the new terms fit your financial objectives and don't cause debt.

8. Read Your Loan Agreement Carefully

Before signing a vehicle loan, read the terms. Consider the interest rate, loan length, payment plan, and fees and penalties. Understanding your loan agreement helps you prevent surprises and hidden fees. Ask your lender for clarification if needed.

Conclusion

The finest car loan rates in British Columbia need preparation and thought. Understanding for BC auto loan approved, boosting your credit score, comparing rates, and negotiating conditions may improve your loan prospects. Check the loan term and agreement to make sure it fits your financial objectives. You can better understand the vehicle loan process and locate the best financing plan with these advices.

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🎮 Be Internet Awesome World: A fun new game to learn about online safety security news – Google's new game, Be Internet Awesome World, teaches kids online safety through interactive lessons on scams, passwords, and personal information sharing. https://blog.google/technology/safety-security/be-internet-awesome-roblox/

🚨 Staying a Step Ahead: Mitigating the DPRK IT Worker Threat security research – Mandiant reports on DPRK IT workers posing as non-North Koreans to infiltrate global companies, generating revenue for the regime and posing cybersecurity risks; awareness and vigilance are crucial. https://cloud.google.com/blog/topics/threat-intelligence/mitigating-dprk-it-worker-threat/

🚴‍♂️ Hacking the “Bike Angels” System for Moving Bikeshares security news – New York City's bikeshare system, Bike Angels, is being exploited by users creating artificial shortages to maximize rewards, prompting a need for system modifications to prevent such hacks. https://www.schneier.com/blog/archives/2024/09/hacking-the-bike-angels-system-for-moving-bikeshares.html

🚗 White House proposes rule to ban Chinese, Russian parts for networked vehicles security news – The White House proposes banning Chinese and Russian components in connected vehicles to address national security threats, targeting parts for connectivity systems amid rising surveillance and hacking concerns. https://cyberscoop.com/us-government-ban-china-russia-connected-cars/

☑️ Privacy Service Optery Faces Backlash After Plan to Send OpenAI User Data privacy – Optery faced criticism for defaulting to transferring user data to OpenAI, leading to a backlash from privacy advocates and a subsequent shift to an opt-in model for data sharing. https://www.404media.co/privacy-service-optery-faces-backlash-after-plan-to-send-openai-user-data/

🧻 Telegram will now hand over your phone number and IP if you’re a criminal suspect security news – Telegram will disclose users' phone numbers and IP addresses to authorities upon valid requests for criminal suspects, reflecting a shift in its privacy policy amid concerns over illegal activities on the platform. https://www.theverge.com/2024/9/23/24252276/telegram-disclose-user-data-legal-requests-criminal-activity

⛰️ Pro-Russia hackers aim DDoS campaign at Austrian websites ahead of elections security news – Pro-Russia hacker groups, including NoName057(16) and OverFlame, have launched DDoS attacks on over 40 Austrian websites ahead of the upcoming elections, causing temporary outages but no lasting damage. https://therecord.media/austria-websites-ddos-incidents-pro-russia-hacktivists

📸 New twist on sextortion scam includes pictures of people's homes cybercrime – A new sextortion scam involves emails with photos of victims' homes, threatening to reveal their online activity unless they pay a ransom, leveraging personal data for intimidation. https://therecord.media/new-twist-on-sextortion-scam-pictures-of-peoples-homes

🍰 Iranian-linked election interference operation shows signs of recent access security news – An alleged Iranian hacking effort targeting Trump’s campaign continues, sharing materials with journalists, suggesting ongoing access to campaign documents, with U.S. officials linking the activity to the Iranian government. https://cyberscoop.com/trump-campaign-hack-new-material-ongoing-access/

🛤️ Who is tracking web behavior the most? Google, obviously privacy – Kaspersky's report reveals Google as the top tracker of online behavior, with its systems like Google Analytics and YouTube Analytics leading the way in data collection across various regions. https://www.theregister.com/2024/09/24/google_online_tracker/

🚙 Study finds many European car resellers fail to delete driver data privacy – A study reveals that 80% of resold cars in Europe contain previous owners' personal data, violating data privacy laws; dealerships are urged to implement structured data deletion processes to avoid legal consequences. https://therecord.media/study-finds-european-car-resellers-fail-to-delete-data

💳 New Android banking trojan Octo2 targets European banks malware – The Octo2 banking trojan has emerged, enhancing remote takeover capabilities and targeting European banks. Its advanced features and leaked source code could expand its use among cybercriminals. https://securityaffairs.com/168857/malware/octo2-android-banking-trojan.html

🪤 New Windows Malware Locks Computer in Kiosk Mode malware – A new malware campaign locks users in their browser's kiosk mode on Google's login page, coercing them to enter their credentials, which are then stolen by information-stealing malware. https://www.schneier.com/blog/archives/2024/09/new-windows-malware-locks-computer-in-kiosk-mode.html

🦊 Data privacy watchdog files complaint against Mozilla for new ad tracking feature privacy – The advocacy group noyb has filed a complaint against Mozilla for implementing a new ad tracking feature in Firefox without user consent, claiming it undermines data privacy rights. https://therecord.media/noyb-europe-complaint-mozilla-firefox-privacy-preserving-attribution

🏎️ Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug vulnerability – Researchers discovered a flaw in Kia's web portal that allowed them to track and control millions of vehicles, highlighting serious security vulnerabilities in the automotive industry’s web-based systems. https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/

📰 When UK rail stations Wi-Fi was defaced by hackers the only casualty was the truth security news – Hackers defaced public Wi-Fi at 19 UK rail stations with a hate-filled message, but the incident was downplayed as a minor cybersecurity breach rather than a major attack, contradicting sensational media coverage. https://www.bitdefender.com/blog/hotforsecurity/when-uk-rail-stations-wi-fi-was-defaced-by-hackers-the-only-casualty-was-the-truth/

💷 UK data watchdog confirms it's investigating MoneyGram data breach data breach – The UK's ICO is investigating MoneyGram following a reported data breach that caused significant operational downtime, affecting customer transactions and partnerships; details on the breach remain unclear. https://techcrunch.com/2024/09/27/uk-data-watchdog-confirms-investigating-moneygram-data-breach/

🖨️ CUPS flaws allow remote code execution on Linux systems under certain conditions vulnerability – A critical vulnerability in the CUPS printing system allows unauthenticated remote code execution on Linux systems. Researchers disclosed multiple flaws, urging users to disable the affected service as a temporary mitigation. https://securityaffairs.com/169001/hacking/cups-flaws-allow-rce-on-linux-systems.html

🤑 Irish Data Protection Commission fines Meta €91 million for passwords stored in plaintext privacy – The Irish Data Protection Commission fined Meta €91 million for violating GDPR by storing users' passwords in plaintext, following a 2019 investigation where Meta disclosed the issue to regulators. https://cyberscoop.com/meta-fined-passwords-plaintext-ireland-millions-users/

📷 Microsoft details security/privacy overhaul for Windows Recall ahead of relaunch security news – Microsoft is revamping its Recall feature for Windows after security concerns, making it opt-in, enhancing encryption, and requiring user re-authentication to access stored data. https://arstechnica.com/?p=2052960


Some More, For the Curious

🤔 The Cyber Resilience Act, an Accidental European Alien Torts Statute? security news – The Cyber Resilience Act may allow the EU to restrict tech sales based on fundamental rights violations, blending cybersecurity with accountability for international actions. https://www.lawfaremedia.org/article/the-cyber-resilience-act--an-accidental-european-alien-torts-statute

🚒 Insecurity through Censorship: Vulnerabilities Caused by The Great Firewall security research – China's Great Firewall manipulates DNS responses, creating vulnerabilities for domains routed through Chinese infrastructure, risking attacks like subdomain takeovers and XSS. https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall

🐀 Move over, Cobalt Strike, there's a new post-exploit tool security research – Attackers are now using Splinter, a new post-exploitation tool capable of executing commands and stealing data, raising concerns for organizations despite being less advanced than Cobalt Strike. https://www.theregister.com/2024/09/23/splinter_red_team_tool/

💀 Necro Trojan infiltrates Google Play and Spotify and WhatsApp mods malware – The Necro Trojan has re-emerged, infecting popular apps on Google Play and modified versions of Spotify and WhatsApp, using techniques like steganography to evade detection and execute malicious activities. https://securelist.com/necro-trojan-is-back-on-google-play/113881/

🔂 Microsoft’s largest ever security transformation detailed in new report security news – Microsoft reveals its largest security overhaul, emphasizing a cultural shift towards security, with 34,000 engineers involved and new governance structures, following criticism of its previous security practices. https://www.theverge.com/2024/9/23/24251945/microsoft-security-report-secure-future-initiative

🤖 A generative artificial intelligence malware used in phishing attacks malware – HP researchers found malware generated by AI in a phishing attack that delivered AsyncRAT, highlighting how generative AI is making it easier for cybercriminals to create sophisticated threats. https://securityaffairs.com/168840/malware/generative-artificial-intelligence-malware.html

🤡 CrowdStrike exec apologizes in front of Congress over huge global IT outage security news – A CrowdStrike executive apologized to Congress for a faulty update that caused a massive IT outage affecting 8.5 million systems, outlining new measures to prevent future incidents. https://cyberscoop.com/crowdstrike-exec-apologizes-congressional-hearing-it-outage/

🎯 China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs) security news – The China-linked APT group Salt Typhoon has compromised several U.S. ISPs, aiming for intelligence gathering and potential cyberattacks, raising concerns about security in critical infrastructure. https://securityaffairs.com/168941/apt/salt-typhoon-china-linked-threat-actors-breached-us-isp.html

🏥 Senate bill eyes minimum cybersecurity standards for health care industry security news – Senators Wyden and Warner introduced the Health Infrastructure Security and Accountability Act to enforce mandatory cybersecurity standards in the health care sector following a ransomware attack on Change Healthcare. https://cyberscoop.com/minimum-cybersecurity-standards-health-care-wyden-warner-bill/

🔒 HPE patches three critical security holes in Aruba PAPI vulnerability – HPE has released urgent patches for three critical vulnerabilities in Aruba access points that allow unauthenticated attackers to execute code remotely, urging upgrades to affected systems. https://www.theregister.com/2024/09/26/hpe_aruba_patch_papi/

📏 NIST Recommends Some Common-Sense Password Rules security news – NIST's draft guidelines propose sensible password rules, including a minimum length of 8-15 characters, no mandatory complexity requirements, and no periodic changes unless compromised. https://www.schneier.com/blog/archives/2024/09/nist-recommends-some-common-sense-password-rules.html

⚠️ Critical Nvidia bug allows container escape, host takeover vulnerability – A critical vulnerability in Nvidia's Container Toolkit (CVE-2024-0132) allows attackers to escape containers and gain control of the host system, affecting 33% of cloud environments; fixes have been issued. https://www.theregister.com/2024/09/26/critical_nvidia_bug_container_escape/

⚖️ The Data Breach Disclosure Conundrum security news – The article discusses the complexities of data breach disclosure, emphasizing the legal and ethical obligations organizations have to notify affected individuals and the potential backlash from non-disclosure, highlighting examples like Deezer and Uber. https://www.troyhunt.com/the-data-breach-disclosure-conundrum/


CISA Corner

🛡️ Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means securnty news – CISA warns that cyber threat actors exploit vulnerable OT/ICS devices using basic methods like default credentials and brute force attacks, urging operators to enhance their security measures. https://www.cisa.gov/news-events/alerts/2024/09/25/threat-actors-continue-exploit-otics-through-unsophisticated-means

📜 ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises security news – A joint guide by ASD ACSC and CISA offers strategies for organizations to detect and mitigate Active Directory compromises, crucial for securing enterprise IT networks against malicious actors. https://www.cisa.gov/news-events/alerts/2024/09/26/asds-acsc-cisa-and-us-and-international-partners-release-guidance-detecting-and-mitigating-active

🛠️ CISA Releases Eight Industrial Control Systems Advisories vulnerability – CISA has issued eight advisories highlighting vulnerabilities in various Industrial Control Systems, urging users to review them for important security updates and mitigations. https://www.cisa.gov/news-events/alerts/2024/09/24/cisa-releases-eight-industrial-control-systems-advisories 🛠️ CISA Releases Five Industrial Control Systems Advisories vulnerability – CISA has published five advisories addressing vulnerabilities in various Industrial Control Systems, urging users to review them for essential security updates and mitigations. https://www.cisa.gov/news-events/alerts/2024/09/26/cisa-releases-five-industrial-control-systems-advisories

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA has included CVE-2024-7593, an authentication bypass vulnerability in Ivanti Virtual Traffic Manager, in its Known Exploited Vulnerabilities Catalog due to active exploitation. https://www.cisa.gov/news-events/alerts/2024/09/24/cisa-adds-one-known-exploited-vulnerability-catalog

🔧 Citrix Releases Security Updates for XenServer and Citrix Hypervisor vulnerability – Citrix has issued security updates for XenServer and Citrix Hypervisor to fix vulnerabilities that could lead to denial of service attacks; users are urged to apply these updates. https://www.cisa.gov/news-events/alerts/2024/09/25/citrix-releases-security-updates-xenserver-and-citrix-hypervisor 🔒 Cisco Releases Security Updates for IOS and IOS XE Software vulnerability – Cisco's September 2024 advisory addresses vulnerabilities in IOS and IOS XE software that could allow cyber actors to take control of affected systems; users are advised to apply updates. https://www.cisa.gov/news-events/alerts/2024/09/26/cisco-releases-security-updates-ios-and-ios-xe-software


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Not Simon 🐐

Country: People's Republic of China Organization: N/A Objective: Espionage (Page Last Updated: October 05, 2024)

Aliases:

Vulnerabilities Exploited

  • ProxyLogon (Sources: ESET, Kaspersky, Sygnia):
    • CVE-2021-26855 (9.8 critical, in CISA's KEV Catalog) Microsoft Exchange Server Remote Code Execution Vulnerability
    • CVE-2021-26857 (7.8 high, in CISA's KEV Catalog) Microsoft Exchange Server Remote Code Execution Vulnerability
    • CVE-2021-26858 (7.8 high, in CISA's KEV Catalog) Microsoft Exchange Server Remote Code Execution Vulnerability
    • CVE-2021-27065 (7.8 high, in CISA's KEV Catalog)
  • unidentified Microsoft SharePoint and Oracle Opera business software vulnerabilities (Source: ESET)
  • CVE-2017-11882 (7.8 high, in CISA's KEV Catalog. Note: associated with alias Tropic Trooper) Microsoft Office Memory Corruption Vulnerability Source: Trend Micro
  • CVE-2012-0158 (8.8 high, in CISA's KEV Catalog. Note: associated with alias Tropic Trooper, KeyBoy) Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability Sources: Unit 42, Citizen Lab
  • CVE-2017-0199 (7.8 high, in CISA's KEV Catalog. Note: associated with alias Tropic Trooper) Microsoft Office and WordPad Remote Code Execution Vulnerability Source: Citizen Lab
  • CVE-2015-1641 (7.8 high, in CISA's KEV Catalog. Note: associated with alias KeyBoy) Microsoft Office Memory Corruption Vulnerability Source: Citizen Lab

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2021

2020

2018

2017

2016

2015

2013

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from Not Simon 🐐

Country: People's Republic of China Organization: Integrity Technology Group Objective: Espionage, Information theft (Page last updated: September 23, 2024)

Aliases (sorted alphabetically):

Associated Company

Integrity Technology Group (Integrity Tech) (Source: FBI (PDF)) aka Yongxin Zhicheng, 永信至诚

Vulnerabilities Exploited

Source: FBI

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2020

  • May 20, 2020?? – PRC Ministry of State Security: 前沿 | 网络靶场,未来安全的基础设施 (web archive of a MSS-run periodical reprinted on IntegrityTech's website, English translation: “Frontier | Cyber ​​Range, the secure infrastructure of the future”)

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know.


Highlight

🚨 Akute Welle an DDoS-Angriffen gegen österreichische Unternehmen und Organisationen security news – Austrian organizations face DDoS attacks, likely linked to hacktivism. Companies should review their defenses and maintain offline contact info for emergencies. https://www.cert.at/de/aktuelles/2024/9/ddos-angriffe-september-2024


News For All

🗳️ Germany’s CDU still struggling with cyberattack fallout security news – Germany's CDU party is facing challenges restoring member data after a June cyberattack, risking its election processes. The restoration deadline has been pushed to November. https://www.theregister.com/2024/09/16/nein_luck_for_germanys_cdu/

🚫 Meta blocks RT and other Russian state media; Kremlin says it's 'unacceptable' security news – Meta bans Russian state media accounts, including RT, citing deceptive influence operations. The Kremlin calls this decision 'unacceptable' and complicates relations with the company. https://therecord.media/meta-bans-russian-state-owned-media-facebook-instagram

🔑 Google’s passkey syncing makes it easier to move on from passwords security news – Google enhances passkey support in Chrome, allowing users to sync passkeys across devices using a Password Manager PIN instead of QR codes, ensuring secure access with end-to-end encryption. https://www.theverge.com/2024/9/19/24248820/google-chrome-passkey-logins-device-sync-password-manager-pin

🐦‍🔥 No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom privacy – The FTC's report reveals that major tech firms inadequately handle vast amounts of user data, particularly concerning children's privacy, and calls for comprehensive federal privacy regulations to address ongoing data extraction issues. https://www.theregister.com/2024/09/19/social_media_data_harvesting_handling_ftc/

🤔 Ever wonder how crooks get the credentials to unlock stolen phones? cybercrime – Law enforcement shut down iServer, a phishing-as-a-service platform that helped unlock over 1.2 million stolen phones by obtaining user credentials through phishing attacks, leading to multiple arrests. https://arstechnica.com/?p=2051165

🤳 Snapchat Reserves the Right to Use AI-Generated Images of Your Face in Ads privacy – Snapchat's 'My Selfie' feature can use users' likenesses in ads by default, unless opted out. The 'See My Selfie in Ads' option is enabled automatically. https://www.404media.co/snapchat-reserves-the-right-to-use-ai-generated-images-of-your-face-in-ads/

🔒 Discord launches end-to-end encrypted voice and video chats privacy – Discord introduces end-to-end encryption for voice and video calls, enhancing user privacy while maintaining content moderation for messages, which remain unencrypted. https://techcrunch.com/2024/09/17/discord-launches-end-to-end-encrypted-voice-and-video-chats/

🖼️ Instagram to bolster privacy and safety features for millions of teen users privacy – Instagram plans to enhance privacy for teen users by making accounts private, limiting content exposure, and implementing features to reduce social media addiction, amid growing regulatory pressure. https://therecord.media/instagram-bolster-privacy-security-teens-children-social-media

⚰️ Scam ‘Funeral Streaming’ Groups Thrive on Facebook cybercrime – Scammers exploit Facebook by creating fake funeral streaming groups, tricking users into providing credit card info. The scheme has expanded to various events, with ties to a group in Bangladesh. https://krebsonsecurity.com/2024/09/scam-funeral-streaming-groups-thrive-on-facebook/

💥 The Mystery of Hezbollah’s Deadly Exploding Pagers security news – Exploding pagers used by Hezbollah have killed 11 and injured nearly 2,800 in Lebanon. Experts suggest a supply chain compromise, not a cyberattack, may be responsible for the blasts. https://www.wired.com/story/pager-explosion-hezbollah/

💣 Walkie-Talkies Explode in New Attack on Hezbollah security news – Exploding two-way radios targeted Hezbollah members in Lebanon, causing multiple deaths and injuries, following a previous attack involving detonating pagers. Experts suspect deep supply chain infiltration by attackers. https://www.wired.com/story/walkie-talkie-explosions-hezbollah/

📱 Your Phone Won’t Be the Next Exploding Pager security news – Recent attacks using booby-trapped pagers and walkie-talkies against Hezbollah have raised concerns about supply chain security. However, modern smartphones are unlikely to be weaponized similarly due to manufacturing complexities. https://www.wired.com/story/exploding-pagers-hezbollah-phones/

📩 U.S. agencies say Iranian hackers tried to pass ‘non-public’ Trump campaign docs to Biden’s campaign security news – U.S. authorities revealed that Iranian hackers sent emails containing stolen Trump campaign information to Biden campaign associates, aiming to influence the 2024 election and stoke political discord. https://cyberscoop.com/iran-hackers-trump-campaign-emails-biden/

🛑 Project Analyzing Human Language Usage Shuts Down Because ‘Generative AI Has Polluted the Data’ security news – The Wordfreq project, which tracked language usage across various media, has been discontinued due to generative AI spam corrupting data quality, rendering the tool ineffective. https://www.404media.co/project-analyzing-human-language-usage-shuts-down-because-generative-ai-has-polluted-the-data/

🔐 D-Link addressed three critical RCE in wireless router models vulnerability – D-Link fixed three critical remote code execution vulnerabilities in WiFi 6 routers, allowing unauthorized access and control. Users are urged to update their firmware to mitigate risks. https://securityaffairs.com/168471/security/d-link-rce-wireless-router-models.html

👨‍💻 Ticketmaster boss who repeatedly hacked rival firm sentenced cybercrime – Stephen Mead, former Ticketmaster boss, was sentenced for hacking rival CrowdSurge, stealing sensitive data, and sharing credentials with colleagues. He faces a year of supervised release and fines. https://www.bitdefender.com/blog/hotforsecurity/ticketmaster-boss-who-repeatedly-hacked-rival-firm-sentenced/

🕵️‍♂️ US government expands sanctions against spyware maker Intellexa cybercrime – The U.S. imposes new sanctions on Intellexa executives linked to the spyware Predator, used to surveil targets including U.S. officials. This action continues efforts against the spyware industry. https://techcrunch.com/2024/09/16/us-government-expands-sanctions-against-spyware-maker-intellexa/

💼 Python Developers Targeted with Malware During Fake Job Interviews malware – The Lazarus Group targets Python developers with fake job interviews to install malware disguised as coding tests. This new tactic complements an ongoing campaign against the Python community. https://www.schneier.com/blog/archives/2024/09/python-developers-targeted-with-malware-during-fake-job-interviews.html


Some More, For the Curious

🩹 Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024 security news – CVE-2024-43461, a recently patched Windows flaw, was exploited as a zero-day, allowing attackers to execute arbitrary code via malicious files. Users are urged to apply the latest updates. https://securityaffairs.com/168467/hacking/windows-cve-2024-43461-actively-exploited-before-july-2024.html

🔑 Secure Boot-neutering PKfail debacle is more prevalent than anyone knew security research – A supply chain failure involving non-production keys compromises Secure Boot protections across various devices, including ATMs and voting machines. The issue affects nearly 1,000 models and highlights significant security risks. https://arstechnica.com/?p=2050182

⚓ Rhysida ships off Port of Seattle data for $6M cybercrime – The Rhysida ransomware group claims to have stolen over 3 TB of data from the Port of Seattle, offering it for 100 Bitcoin. The Port confirmed the attack but refused to pay the ransom. https://www.theregister.com/2024/09/17/rhysida_port_of_seattle/

💸 AT&T agrees to $13 million fine for third-party cloud breach data breach – AT&T settles with the FCC for $13 million over a January 2023 breach affecting 8.9 million customers due to lapses by a third-party vendor, leading to enhanced data protection measures. https://cyberscoop.com/att-agrees-to-13-million-dollar-fcc-fine/

⛓️‍💥 US government 'took control' of a botnet run by Chinese government hackers, says FBI director security news – The FBI seized a botnet of 260,000 devices operated by the Chinese hacking group Flax Typhoon, targeting critical infrastructure in the U.S. and abroad. Malware was removed from compromised devices. https://techcrunch.com/2024/09/18/u-s-government-took-control-of-a-botnet-run-by-chinese-government-hackers-says-fbi-director/

🧅 Tor insists its safe after cops convict CSAM site admin privacy – The Tor Project defends its anonymity after reports of German police using timing analysis to identify users, asserting that vulnerabilities in outdated software, not flaws in Tor, were exploited. https://www.theregister.com/2024/09/19/tor_police_germany/

🧘 SIEM for Small and Medium-Sized Enterprises: What you need to know cyber defense – SMEs are frequent cybercrime targets, with 73% experiencing attacks in 2023. SIEM solutions can enhance their security posture affordably, providing threat detection, compliance, and automated incident response. https://securityaffairs.com/168584/security/siem-sbms-enterprises.html

👻 International law enforcement operation dismantled criminal communication platform Ghost cybercrime – A global law enforcement operation infiltrated the encrypted messaging app Ghost, leading to numerous arrests, including its alleged administrator, and disrupting serious organized crime activities. https://securityaffairs.com/168575/cyber-crime/police-dismantled-criminal-communication-platform-ghost.html

🐡 This Windows PowerShell Phish Has Scary Potential – Krebs on Security security news – A new phishing email targeting GitHub users tricks victims into executing malware via PowerShell by posing as a security alert. The scam poses a significant risk to less tech-savvy Windows users. https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/

🔄 UnitedHealth Group CISO: We had to ‘start over’ after Change Healthcare attack security news – Following a ransomware attack on Change Healthcare, UnitedHealth Group's CISO revealed they had to completely overhaul their IT systems. The recovery involved long hours and focused communication with stakeholders. https://cyberscoop.com/unitedhealth-group-steven-martin-ciso-ransomware-attack-recovery/

🔘 Germany shuts down 47 cryptocurrency exchange services used by cybercriminals cybercrime – German law enforcement has shut down 47 unregistered cryptocurrency exchange services used for money laundering by cybercriminals, seizing extensive user and transaction data to aid investigations. https://therecord.media/germany-cryptocurrency-exchanges-shut-down-money-laundering

🧮 Secret calculator hack brings ChatGPT to the TI-84, enabling easy cheating hacking write-up – A YouTuber modified a TI-84 calculator to access ChatGPT via the internet, allowing students to cheat by receiving answers during tests. The hack includes a custom circuit and software for various cheating tools. https://arstechnica.com/?p=2051342

💻 Hacker behind Snowflake customer data breaches remains active cybercrime – The hacker known as 'Judische' remains active, targeting SaaS providers following the April Snowflake data breach affecting 165 customers. He has reportedly extorted up to $2.7 million. https://cyberscoop.com/snowflake-hacker-judische-labscon-2024/


CISA Corner

⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog vulnerability – CISA identifies two actively exploited vulnerabilities in Microsoft Windows and Progress WhatsUp Gold, urging federal agencies to address these risks promptly to enhance security. https://www.cisa.gov/news-events/alerts/2024/09/16/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog vulnerability – CISA includes four Adobe Flash Player vulnerabilities in its catalog, highlighting their active exploitation and urging federal agencies to remediate them to mitigate risks. https://www.cisa.gov/news-events/alerts/2024/09/17/cisa-adds-four-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Five Known Exploited Vulnerabilities to Catalog vulnerability – CISA adds five vulnerabilities, including issues in Apache, Microsoft, and Oracle products, to its catalog, warning of their exploitation and urging federal agencies to act swiftly. https://www.cisa.gov/news-events/alerts/2024/09/18/cisa-adds-five-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA adds Ivanti's path traversal vulnerability to its catalog, highlighting its active exploitation and urging federal agencies to address this significant security risk promptly. https://www.cisa.gov/news-events/alerts/2024/09/19/cisa-adds-one-known-exploited-vulnerability-catalog

🛠️ CISA Releases Three Industrial Control Systems Advisories warning – CISA issues advisories for Siemens, Millbeck, and Yokogawa ICS, highlighting vulnerabilities and urging users to review for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/09/17/cisa-releases-three-industrial-control-systems-advisories 🛠️ CISA Releases Six Industrial Control Systems Advisories warning – CISA issues six advisories on vulnerabilities in various ICS products, urging users to review the details and implement necessary mitigations to enhance security. https://www.cisa.gov/news-events/alerts/2024/09/19/cisa-releases-six-industrial-control-systems-advisories

🍏 Apple Releases Security Updates for Multiple Products security news – Apple's latest security updates fix vulnerabilities that could allow cyber attackers to take control of devices. Users are urged to review and apply these updates promptly. https://www.cisa.gov/news-events/alerts/2024/09/18/apple-releases-security-updates-multiple-products ☁️ VMware Releases Security Advisory for VMware Cloud Foundation and vCenter Server security news – VMware's advisory highlights vulnerabilities in Cloud Foundation and vCenter Server that could allow attackers to gain control. Users are advised to review and apply updates immediately. https://www.cisa.gov/news-events/alerts/2024/09/19/vmware-releases-security-advisory-vmware-cloud-foundation-and-vcenter-server 🔒 Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance security news – Ivanti addresses an admin bypass vulnerability in its Cloud Services Appliance, urging users to upgrade to the latest version due to confirmed limited exploitation risks. https://www.cisa.gov/news-events/alerts/2024/09/19/ivanti-releases-admin-bypass-security-update-cloud-services-appliance 🔍 Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229 security news – Versa Networks warns of a vulnerability in Versa Director that allows unauthorized access to REST APIs. Organizations are urged to update systems and monitor for malicious activity. https://www.cisa.gov/news-events/alerts/2024/09/20/versa-networks-releases-advisory-vulnerability-versa-director-cve-2024-45229


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Stories of Salt

Read more...

from Sirius

Para quem inicia no Mastodon aqui vão algumas explicações sobre a importância que as hashtags possuem.

Imagem de hashtags A hashtag é uma palavra ou frase que, uma vez precedida pelo símbolo de cerquilha (#), sem espaços, transforma-se em uma etiqueta ou rótulo, na forma de um hiperlink que leva para uma página com outras publicações relacionadas ao mesmo tema.

No Mastodon, bem como em toda federação ActivityPub, a compreensão de suas funcionalidades é essencial, inclusive por questões de acessibilidade.

Barra de pesquisa do Mastodon

Por motivos técnicos de privacidade o Mastodon foi inicialmente desenhado para permitir apenas as seguintes formas de busca:

  1. Por hashtags (#exemplo);
  2. Pessoas (@nomedousuário@domínio);
  3. URL (links) de perfis e de posts;

Atualmente o mastodon permite a busca por texto simples, mas para que as postagens dos usuários se tornem visíveis é necessário que optem por isso (então se você quer que o texto de suas postagens públicas sejam vistos na busca, acesse as configurações de sua conta e marque para permitir essa opção).

A pesquisa por hashtags é precisa e abrange todas as pessoas de instâncias federadas à sua, independentemente de você seguir a pessoa ou não, e sem a influência de qualquer algoritmo.

Note também que você pode seguir uma hashtag, caso seja um assunto do seu interesse, clicando no botão destacado acima. Quando você segue uma hashtag, todas as postagens das pessoas pertencentes à sua instância ou das instâncias federadas à sua, independentemente ou não de você segui-las, que contenham essa hashtag, serão exibidas na sua página inicial.

Usando Hashtags e Noções de Respeito

As hashtags, portanto, devem ter um # no início e não podem ter alguns caracteres especiais no início e no meio (ponto, espaço, arroba, asterisco, etc.).

O sistema de hashtags atualmente não diferencia a acentuação e alguns caracteres especiais que são permitidos, como o (ç), por exemplo, de modo que as hashtags #política e #politica (sem acento no i) ou #paçoca e #pacoca, são unificadas pela busca da plataforma.

Se você deseja pesquisar uma frase, digite tudo como uma palavra, como #CatsOfMastodon.

Se você deseja que sua postagem seja encontrada com mais facilidade nas pesquisas, inclua muitas hashtags relevantes. Não há problema em usar muitas dessas etiquetas, as pessoas entendem que são necessárias nesse tipo de sistema de busca.

Ademais, o uso das Hashtags devem respeitar uma relevante questão de acessibilidade. Existem muitos usuários cegos no Mastodon e no Fediverso que usam leitores de tela para converter texto em áudio.

Portanto, ao postar hashtags, existe uma formatação correta, que consiste no uso do método chamado de CamelCase (onde cada palavra começa com uma letra maiúscula), por exemplo #CatsOfMastodon em vez de #catsofmastodon. As letras maiúsculas permitem que os aplicativos de leitura de tela separem as palavras corretamente e leiam a hashtag em voz alta corretamente.

Aliás, é importante mencionar uma hashtag super relevante do universo Mastodon, a famosa #Alt4Me.

Quando uma imagem de uma postagem não possui descrição e há a hashtag #Alt4Me adicionada a ela pela pessoa que a postou, isso pode significar que o autor da postagem não consegue adicionar uma descrição (por exemplo, devido a uma deficiência), mas esteja ciente de que é necessário, então ele adicionou a etiqueta preventivamente.

A hashtag #Alt4Me geralmente significa que uma pessoa cega quer que você escreva uma descrição da imagem. Responda à postagem com a hashtag e forneça a descrição.

Note que a sistemática de hashtags não faz distinção se as palavras estão em caixa alta ou caixa baixa, portanto, #CatsOfMastodon ou #catsofmastodon são exatamente a mesma coisa para fins de pesquisa, de modo que o único diferencial em seguir o “CamelCase” está em propiciar um ambiente mais acessível às pessoas cegas, que deve ser respeitado.

Hashtags e filtros

Outra funcionalidade importante das hashtags é que elas permitem às pessoas que não querem ver postagens relacionadas a determinado assunto ou tema, que utilizem um filtro cuja função é tornar esses posts invisíveis, sem a necessidade de silenciar, bloquear ou deixar de seguir um usuário.

Ao utilizar o Mastodon é muito importante que você compreenda que se trata de uma rede social que recebe e acolhe pessoas que vieram de outras redes sociais, de propriedade capitalista, buscando um ambiente menos tóxico.

Sendo assim, existem temas que devem ser rotulados pelas hashtags não só para facilitar que pessoas interessadas os encontrem, mas também para permitir que pessoas que se incomodam com eles os filtrem.

Vamos usar como exemplo o caso do futebol. Eu adoro o esporte, tenho meu time de coração (Flamengo) mas convenhamos que há pessoas que não veem a menor graça e, ademais, existe uma “cultura do futebol” em nosso País, que é extremamente problemática, incluindo violência entre torcidas, machismo, homofobia e racismo.

Não custa nada, portanto, incluir a hashtag #futebol em suas postagens sobre o tema, ou outras em temas sensíveis, como #PolíticaPartidária.

Evidentemente você também tem a ferramenta dos avisos de conteúdo, mas acho a hashtag mais eficiente, pelo fato de permitir que os interessados encontrem a postagem, bem como os desinteressados a tornem completamente invisível sem sequer a necessidade de ler o aviso de conteúdo sobre o tema.

Aqui explico, portanto, como filtrar as hashtags.

No menu lateral vá em Preferências > Filtros e depois clique em Adicionar Filtro. Abrirá a seguinte tela:

Aba de filtros no Mastodon

O título do filtro, indicado pela seta vermelha, como o nome diz, é apenas um título, para te ajudar a encontrar o filtro em sua lista de filtros.

A seta verde indica o tempo de validade do filtro (que pode ser permanente, como visto no exemplo). Às vezes você não se importa em visualizar algo sobre futebol ou política, mas durante os jogos ou durante o período eleitoral, você não quer ser inundado de postagens sobre o tema, de modo que pode criar um filtro com duração provisória.

Em “Contextos do filtro” (retângulo rosa) você escolhe onde o filtro vai exercer sua função de ocultar mensagens, no exemplo dado marquei a opção de ocultar as postagens da página inicial e das linhas públicas, mas você pode fazer uma filtragem mais severa, se preferir, filtrando perfis de usuário e conversas.

Em “Filter action” você pode escolher se a postagem filtrada vai ser indicada para você com um aviso ou se ela desaparecerá completamente sem qualquer notificação, como se a postagem jamais tivesse existido.

Em “Palavra-chave ou frase”, indicado pela seta amarela na parte de baixo, você digita a hashtag que quer filtrar.

Após Salvar Novo Filtro, conforme o botão indicado pela seta azul, você não irá visualizar qualquer postagem em sua linha do tempo ou nas linhas públicas que contenham a hashtag selecionada (no caso do nosso exemplo: #futebol).

Você pode adicionar quantos filtros desejar.

Essas eram as minhas considerações a respeito das hashtags. Espero que aproveitem bastante e criem muitas hashtags interessantes no universo brasileiro do Mastodon.

#Hashtag #MastoDicas #Mastodon #Tutorial

 
Leia mais...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know.


News For All

🕸️ Google’s dark web monitoring service will soon be free for all users privacy – Google is making its dark web monitoring service available for all users, enhancing privacy protection by alerting individuals to potential leaks of their personal information. https://www.theverge.com/2024/7/9/24194970/google-one-free-dark-web-monitoring

🧞‍♀️ What You Need to Know About Grok AI and Your Privacy privacy – Grok AI, integrated with X, raises privacy concerns by automatically using user data for training. Users can opt out, but awareness of data sharing settings is crucial for protecting privacy. https://www.wired.com/story/grok-ai-privacy-opt-out/

🚗 Thousands of Avis car rental customers had personal data stolen in cyberattack data breach – Avis has reported a cyberattack affecting nearly 300,000 customers, with stolen data including names, addresses, and driver’s license numbers. The breach raises concerns about data security practices. https://techcrunch.com/2024/09/09/thousands-of-avis-car-rental-customers-had-personal-data-stolen-in-cyberattack/

💳 1.7M potentially pwned by payment services provider breach data breach – Slim CD has notified around 1.7 million customers of a data breach affecting credit card information and personal details, detected nearly a year after the initial intrusion. https://www.theregister.com/2024/09/09/slim_cd_breach/

📢 Ford seeks patent for tech that listens to driver conversations to serve ads privacy – Ford is pursuing a patent for technology that tailors in-car ads by listening to conversations and analyzing vehicle data, raising privacy concerns over data protection measures. https://therecord.media/ford-patent-application-in-vehicle-listening-advertising

1️⃣ WhatsApp 'View Once' could be 'View Whenever' due to a flaw security news – A flaw in WhatsApp's 'View Once' feature allows recipients to bypass privacy controls, enabling media to be saved and shared despite intended restrictions. A fix is reportedly in progress. https://www.theregister.com/2024/09/09/whatsapp_view_once_flaw/

💸 Crypto scams rake in $5.6B a year for lowlifes, FBI says cybercrime – The FBI reports that crypto-related scams cost Americans over $5.6 billion in 2023, with a sharp rise in investment scams targeting older individuals. Victims often lose money to fraudulent schemes and recovery scams. https://www.theregister.com/2024/09/10/crypto_scams_rake_in_56/

🚫 In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram cybercrime – Following the arrest of Telegram's founder, many cybercriminals are abandoning the platform over fears that user data may be shared with authorities, impacting their operations. https://www.404media.co/in-wake-of-durov-arrest-some-cybercriminals-ditch-telegram/

💔 You paid the ransom, and now the decryptor doesn't work security news – Organizations paying ransoms for Hazard ransomware found that the provided decryptor failed to work, highlighting the risks of relying on criminals for data recovery post-breach. https://www.theregister.com/2024/09/11/ransomware_decryptor_not_working/

💵 TD Bank fined $28 million for sharing inaccurate and negative data on customers privacy – TD Bank has been fined $28 million by the CFPB for sharing incorrect negative data about customers, harming their ability to obtain credit and employment. Nearly $8 million will go to affected consumers. https://therecord.media/td-bank-fined-28-million-cfpb-data-sharing

🚨 Stalker Allegedly Created AI Chatbot on NSFW Platform to Dox and Harass Woman cybercrime – A Massachusetts man, James Florence Jr., was arrested for stalking and harassing a professor for seven years, using AI to create fake nudes and chatbots that shared her personal information online. https://www.404media.co/stalker-allegedly-created-ai-chatbot-on-nsfw-platform-to-dox-and-harass-woman/

🏥 Healthcare giant settles patient data theft lawsuit for $65M data breach – Lehigh Valley Health Network will pay $65 million to settle a lawsuit after a ransomware attack by the ALPHV gang exposed sensitive data, including nude photographs of patients. https://www.theregister.com/2024/09/12/lvhn_lawsuit_ransom/

🚔 British teen arrested over cyberattack on London transportation agency security news – A 17-year-old was arrested for a cyberattack on Transport for London, which compromised customer data including names and bank details. The agency continues to address the ongoing security incident. https://cyberscoop.com/british-teen-arrested-over-cyberattack-on-london-transportation-agency/

📺 Vo1d malware infected 1.3M Android malware – The Vo1d malware has infected 1.3 million Android TV boxes across 197 countries, acting as a backdoor to allow secret software installations, primarily targeting devices with outdated OS versions. https://securityaffairs.com/168342/malware/vo1d-android-malware-tv-boxes.html

🚸 Tennessee school district loses $3.4 million to a fake curriculum vendor cybercrime – A Tennessee school district lost $3.36 million after an employee was tricked by a fraudulent email impersonating Pearson, leading to unauthorized wire transfers for online curriculum materials. https://therecord.media/tennessee-school-district-loses-3-million-bec-scam

💰 23andMe agrees to pay $30 million to settle lawsuit over massive data breach data breach – 23andMe will pay $30 million to settle a class-action lawsuit stemming from a 2023 data breach that exposed over 6.9 million customers, particularly targeting users with specific heritage. https://www.theverge.com/2024/9/13/24243986/23andme-settlement-dna-data-breach-lawsuit

🔍 Yubikey Key Vulnerability – How It Affects You vulnerability – Yubico's new vulnerability may allow key extraction but requires physical access and a PIN. Most users are safe, though high-security organizations should reconsider attestation trust. https://fy.blackhats.net.au/blog/2024-09-09-yubikey-key-vulnerability/


Some More, For the Curious

🦁 Predator spyware operation is back with a new infrastructure cybercrime – Researchers report a resurgence of Predator spyware, utilizing new infrastructure to evade detection after U.S. sanctions against its developers. The spyware poses significant risks to high-profile targets. https://securityaffairs.com/168222/intelligence/predator-spyware-new-infrastructure.html

📡 Gap Computers by Spelling Covert Radio Signals from Computer RAM security research – This research reveals how malware can leak sensitive data from air-gapped computers by emitting covert radio signals. https://arxiv.org/abs/2409.02292

🔧 Zero Day Initiative — The September 2024 Security Update Review security news – September updates from Adobe and Microsoft address multiple critical vulnerabilities across various products, including code execution and security feature bypasses, highlighting urgent patching needs. https://www.thezdi.com/blog/2024/9/10/the-september-2024-security-update-review

🛡️ Taking steps that drive resiliency and security for Windows customers security news – At a recent summit, Microsoft and security vendors discussed enhancing Windows endpoint security and resilience, emphasizing collaboration and transparency to combat modern threats effectively. https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/

📊 CISA Releases Analysis of FY23 Risk and Vulnerability Assessments security research – CISA's latest analysis reveals insights from 143 Risk and Vulnerability Assessments, illustrating attack paths and mapping threat actor behaviors to the MITRE ATT&CK® framework. https://www.cisa.gov/news-events/alerts/2024/09/13/cisa-releases-analysis-fy23-risk-and-vulnerability-assessments

©️ New Chrome Zero-Day vulnerability – Microsoft researchers report that North Korean hackers are exploiting a Chrome zero-day vulnerability to steal cryptocurrency, highlighting ongoing security risks. https://www.schneier.com/blog/archives/2024/09/new-chrome-zero-day.html

📍 Rogue WHOIS server gives researcher superpowers no one should ever have security research – Security researcher Benjamin Harris exploited a defunct WHOIS server, gaining the ability to issue counterfeit HTTPS certificates and track emails, raising concerns about misplaced trust in the WHOIS system. https://arstechnica.com/?p=2048683

🔑 As quantum computing threats loom, Microsoft updates its core crypto library security news – Microsoft has updated its SymCrypt library with two new encryption algorithms designed to resist quantum computing attacks, marking the beginning of a major overhaul to enhance cryptographic security. https://arstechnica.com/?p=2049244

🔮 Mastercard buys Recorded Future for $2.65 billion security news – Mastercard has announced its acquisition of cybersecurity firm Recorded Future for $2.65 billion, aiming to enhance its cybersecurity services and threat intelligence capabilities. https://cyberscoop.com/mastercard-buys-recorded-future/

👺 Monitoring High Risk Azure Logins cyber defense – After a potential business email compromise, the SOC investigated high-risk logins via Azure AD Identity Protection, focusing on user behavior and multi-factor authentication to detect compromised accounts. https://www.blackhillsinfosec.com/monitoring-high-risk-azure-logins/

🗣️ Microsoft is building new Windows security features to prevent another CrowdStrike incident security news – Microsoft plans to enhance Windows security features following a CrowdStrike incident that affected millions of systems, aiming to move security vendors out of the Windows kernel for better reliability. https://www.theverge.com/2024/9/12/24242947/microsoft-windows-security-kernel-access-features-crowdstrike

🧱 Fortinet confirms customer data breach data breach – Fortinet has confirmed a data breach affecting less than 0.3% of its customers, with files accessed from a third-party cloud drive, potentially impacting around 1,500 corporate clients. https://techcrunch.com/2024/09/13/fortinet-confirms-customer-data-breach/

⚖️ ‘Terrorgram’ Charges Show US Has Had Tools to Crack Down on Far-Right Terrorism All Along security news – The indictment of two members of the Terrorgram Collective reveals a shift in U.S. law enforcement's approach to far-right terrorism, utilizing a rarely applied legal strategy to address violent extremism and inspire future attacks. https://www.wired.com/story/terrorgram-collective-indictments/

👉 US accuses RT, others of covert arms dealing, global influence operations security news – The U.S. has sanctioned RT for operating a crowdfunding site that allegedly funneled weapons to Russian soldiers, revealing ties to Russian intelligence and efforts to influence global elections. https://cyberscoop.com/rt-arms-dealing-global-influence-operations/

⚓ Port of Seattle refuses to pay Rhysida ransom, warns of data leak cybercrime – The Port of Seattle declined to pay a ransom to the Rhysida ransomware group, which caused disruptions at the airport and seaport, warning of potential data leaks while restoring affected systems. https://therecord.media/seattle-port-rhysida-ransom-refused

💣 A Creative Trick Makes ChatGPT Spit Out Bomb-Making Instructions security research – An artist tricked ChatGPT into providing bomb-making instructions by framing the request within a science-fiction narrative, exploiting the AI's storytelling context to bypass safety restrictions. https://www.wired.com/story/chatgpt-jailbreak-homemade-bomb-instructions/


CISA Corner

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog vulnerability – CISA has added three vulnerabilities to its catalog, highlighting risks to federal networks due to active exploitation. Agencies must address these threats to enhance cybersecurity. https://www.cisa.gov/news-events/alerts/2024/09/09/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog vulnerability – CISA has added four new Microsoft vulnerabilities to its catalog, highlighting serious risks due to active exploitation and urging federal agencies to address them promptly. https://www.cisa.gov/news-events/alerts/2024/09/10/cisa-adds-four-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA has included a new Ivanti vulnerability in its catalog, emphasizing the significant risks it poses to federal networks due to active exploitation. https://www.cisa.gov/news-events/alerts/2024/09/13/cisa-adds-one-known-exploited-vulnerability-catalog

🏭 CISA Releases Four Industrial Control Systems Advisories warning – CISA has issued four advisories addressing vulnerabilities in Industrial Control Systems, urging users to review them for crucial security information and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/09/10/cisa-releases-four-industrial-control-systems-advisories

🆙 Citrix Releases Security Updates for Citrix Workspace App for Windows vulnerability – Citrix has issued security updates for its Workspace App for Windows to fix multiple vulnerabilities that could allow attackers to take control of affected systems. https://www.cisa.gov/news-events/alerts/2024/09/10/citrix-releases-security-updates-citrix-workspace-app-windows 🆙 Ivanti Releases Security Updates for Endpoint Manager, Cloud Service Application, and Workspace Control vulnerability – Ivanti has released updates to fix multiple vulnerabilities in its Endpoint Manager and Cloud Service Application, which could potentially allow attackers to take control of affected systems. https://www.cisa.gov/news-events/alerts/2024/09/10/ivanti-releases-security-updates-endpoint-manager-cloud-service-application-and-workspace-control


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Not Simon 🐐

Country: Islamic Republic of Iran Organization: Ministry of Intelligence and Security (MOIS) Objective: Espionage, Sabotage (Page last updated September 20, 2024)

Aliases (sorted alphabetically):

Sub-group:

Known Associates

  • Mojtaba Mostafavi. Source: U.S. Treasury (linked by PwC, via Lab Dookhtegan leaks)
  • Farzin Karimi Mazlganchai: PwC

Vulnerabilities Exploited

  • CVE-2019-0604 (CVE, NVD. CVSSv3.1: 9.8 critical, in CISA's KEV Catalog) Microsoft SharePoint Remote Code Execution Vulnerability Source: Microsoft
  • CVE-2017-11882 (CVE, NVD. CVSSv3.1: 7.8 high, in CISA's KEV Catalog) Microsoft Office Memory Corruption Vulnerability Source: Mandiant
  • CVE-2017-0199 (CVE, NVD, CVSS3v1: 7.8 high, in CISA's KEV Catalog) Microsoft Office and WordPad Remote Code Execution Vulnerability Source: Unit 42

Tactics, Techniques, and Procedures (TTPs)

Known Tools Used

As listed by MITRE

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

Back after vacation – My weekly shortlist of cyber security highlights. (maybe I'll even redo the skipped weeks 😏) The short summaries are AI generated! If something is wrong, please let me know.


News For All

🕵️‍♂️ Ausweiskopie und persönliche Daten an Kriminelle weitergegeben? Das können Sie tun security news – Criminals exploit job offers and ads to steal personal data and ID copies, leading to identity theft, fraudulent accounts, and potential legal consequences for victims. https://www.watchlist-internet.at/news/umgang-mit-datendiebstahl/

✈️ SQL Injection Attack on Airport Security vulnerability – A serious SQL injection vulnerability allows unauthorized users to bypass airport security checks, risking safety by granting access to restricted areas like cockpits. https://www.schneier.com/blog/archives/2024/09/sql-injection-attack-on-airport-security.html

🛫 German air traffic control agency confirms cyberattack, says operations unaffected security news – Germany's air traffic control agency confirmed a cyberattack affecting administrative systems but assured that flight safety remains intact and operations were not disrupted. https://therecord.media/german-air-traffic-control-company-deutsche-flugsicherung-cyberattack

🚍 Transport for London (TfL) is dealing with an ongoing cyberattack security news – TfL is investigating a cyberattack affecting internal systems but reports no evidence of customer data compromise, assuring that services remain unaffected. https://securityaffairs.com/167946/hacking/transport-for-london-tfl-ongoing-cyberattack.html

🔑 Owners of 1-Time Passcode Theft Service Plead Guilty cybercrime – Three men pleaded guilty for operating OTP Agency, a service that intercepted one-time passcodes for account takeovers, affecting over 12,500 victims before its shutdown. https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/

🦠 Disinfo group Spamouflage more aggressively targeting U.S. elections, candidates cybercrime – The disinformation group Spamouflage has intensified efforts to impersonate U.S. voters, undermining political candidates and institutions, though its impact on engagement remains limited. https://cyberscoop.com/spamouflage-targeting-us-election-candidates/

📸 Sextortion Scams Now Include Photos of Your Home – Krebs on Security cybercrime – Sextortion scams are evolving, now featuring personalized threats with photos of victims' homes, increasing fear and urgency to pay ransoms, often near $2,000 in Bitcoin. https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/

💰 Data watchdog fines Clearview AI $33M privacy – The Dutch Data Protection Authority fined Clearview AI €30.5 million for illegally collecting images without consent, stating the company's practices violate GDPR and threaten individual privacy. https://www.theregister.com/2024/09/03/clearview_ai_dutch_fine/

🔒 Google releases Pixel update to get rid of surveillance vulnerability vulnerability – Google's latest Pixel update removes the insecure Showcase.apk, originally intended for Verizon demos, which posed risks of man-in-the-middle attacks and spyware, ensuring enhanced device security. https://www.theverge.com/2024/9/3/24235127/google-pixel-showcase-vulnerability-patch

🔑 YubiKeys have an unfixable security flaw — but it’s difficult to exploit vulnerability – A vulnerability in older YubiKey devices allows cloning but is hard to exploit, requiring physical access and additional knowledge. Devices prior to firmware version 5.7 remain permanently affected. https://www.theverge.com/2024/9/4/24235635/yubikey-unfixable-security-vulnerability-side-channel-explot

🚨 846 routers are affected by code execution flaws. Replace them! vulnerability – D-Link's discontinued DIR-846 routers are vulnerable to multiple critical remote code execution flaws (CVSS scores up to 9.8). Users are advised to replace these devices as they are no longer supported. https://securityaffairs.com/168041/security/d-link-dir-846-routers-code-execution-flaws.html

☢️ Zyxel warns of vulnerabilities in a wide range of its products vulnerability – Zyxel has disclosed nearly a dozen vulnerabilities across its products, with the most critical (CVE-2024-7261) allowing unauthenticated OS command execution, rated 9.8. Users are urged to patch immediately. https://arstechnica.com/?p=2047312

🗳️ Biden cracks down on Putin's election meddling cybercrime – The Biden administration seized 32 websites linked to Russian propaganda efforts and charged two RT employees in a $10 million scheme to influence the upcoming U.S. presidential election. https://www.theregister.com/2024/09/05/biden_cracks_down_on_putins/

🎣 Warning Against Phishing Emails Impersonating Netflix warning – AhnLab warns of phishing emails posing as Netflix, claiming payment failures and urging users to update payment methods via malicious links. Users are advised to verify URLs before clicking. https://asec.ahnlab.com/en/82969/

⚡ Quishing, an insidious threat to electric car owners security news – Quishing is a phishing attack using counterfeit QR codes at electric car charging stations to steal sensitive information. Users are urged to use recharge cards and verify URLs to protect against scams. https://securityaffairs.com/168059/hacking/quishing-electric-car-owners.html

♀️ New report shows ongoing gender pay gap in cybersecurity security news – The ISC2 Cybersecurity Workforce Study reveals a persistent gender pay gap in cybersecurity, with men earning more than women, and highlights the underrepresentation of women in the field, emphasizing the need for targeted DEI hiring initiatives. https://securityintelligence.com/articles/new-report-shows-gender-pay-gap-in-cybersecurity/

🦠 Predator spyware resurfaces with signs of activity, Recorded Future says security news – Recorded Future reports renewed activity from Predator spyware, linked to Intellexa, with new infrastructure identified and potential customers in Angola, Saudi Arabia, and the Democratic Republic of the Congo. https://cyberscoop.com/predator-spyware-resurfaces-with-signs-of-activity-recorded-future-says/

🔎 Colombian president suggests prior administration illegally sent $11 million in cash to Israel for spyware security news – Colombian President Gustavo Petro announced an investigation into $11 million allegedly used by the previous administration to purchase Pegasus spyware, questioning the legality of the transactions. https://therecord.media/colombian-president-pegasus-spyware-israel-missing-money

📎 Telegram changes its tone on moderating private chats after CEO’s arrest security news – Following CEO Pavel Durov's arrest, Telegram revised its FAQ to allow reporting of illegal content in private chats, shifting from a previous stance of non-cooperation with moderation requests. https://www.theverge.com/2024/9/5/24237254/telegram-pavel-durov-arrest-private-chats-moderation-policy-change

🛋️ Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database data breach – Confidant Health inadvertently exposed sensitive patient data, including therapy session recordings, due to an unsecured database. The incident highlights the urgent need for improved data security in healthcare organizations. https://www.wired.com/story/confidant-health-therapy-records-database-exposure/

🔓 Hackers Threaten to Leak Planned Parenthood Data cybercrime – RansomHub ransomware group claims to have hacked Planned Parenthood's Montana branch, threatening to leak 93 GB of sensitive data after a cybersecurity incident was reported on August 28. https://www.wired.com/story/hackers-threaten-to-leak-planned-parenthood-data/


Some More, For the Curious

🔍 Most interesting IR cases in 2023: insider threats and more security research – Kaspersky's Global Emergency Response Team highlights 2023's notable incident response cases, including insider fraud and advanced persistent threats, emphasizing the need for enhanced monitoring and threat intelligence. https://securelist.com/incident-response-interesting-cases-2023/113611/

🔒 Vulnerabilities in Microsoft apps for macOS allow stealing permissions vulnerability – Eight vulnerabilities in Microsoft apps for macOS could enable attackers to steal permissions, allowing unauthorized access to sensitive resources like cameras and microphones without user knowledge. https://securityaffairs.com/167973/hacking/microsoft-apps-for-macos-flaws.html

🛑 VMWare releases Fusion vulnerability with 8.8 rating vulnerability – A critical vulnerability in VMWare Fusion (CVE-2024-38811) allows code execution with standard user privileges, rated 8.8 on the CVSS scale, prompting a software patch. https://cyberscoop.com/vmware-vulnerability-fushion-cve-2024-38811/

💻 Rust in Linux lead retires rather than deal with more “nontechnical nonsense” security news – Wedson Almeida Filho, leader of the Rust for Linux project, retires citing frustration with nontechnical disputes, expressing concern that the Linux kernel must embrace memory-safe languages like Rust to remain relevant. https://arstechnica.com/?p=2046763

🧬 Evolution of Mallox: from private ransomware to RaaS security research – Mallox ransomware has evolved from targeted attacks to a Ransomware-as-a-Service model, with over 700 samples identified. Its affiliate program seeks experienced partners for cybercrime, indicating a shift in operational strategy. https://securelist.com/mallox-ransomware/113529/

🐍 Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk security research – The 'Revival Hijack' technique allows attackers to reclaim deleted PyPI packages, risking 22,000 packages and potentially leading to malicious downloads. JFrog has taken action to protect the community. https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/

📃 Validate your Windows Audit Policy Configuration with KQL cyber defense – Ensuring proper configuration of Windows audit policies is essential for security. This article discusses using Kusto Query Language (KQL) to validate and troubleshoot audit policy application across environments. https://blog.nviso.eu/2024/09/05/validate-your-windows-audit-policy-configuration-with-kql/

🦗 Cicada Ransomware – What You Need To Know security news – Cicada ransomware, discovered in June 2024, has targeted over 20 organizations primarily in North America and the UK. Written in Rust, it threatens to publish stolen data unless a ransom is paid. https://www.tripwire.com/state-of-security/cicada-ransomware-what-you-need-know

🪅 Veeam fixed a critical flaw in Veeam Backup & Replication software vulnerability – Veeam patched 18 high and critical vulnerabilities in its Backup & Replication software, including a critical RCE flaw (CVE-2024-40711) with a CVSS score of 9.8, requiring immediate attention. https://securityaffairs.com/168088/security/veeam-backup-replication-cve-2024-40711.html

🧱 SonicWall warns that SonicOS bug exploited in attacks vulnerability – SonicWall alerts users of a critical access control vulnerability (CVE-2024-40766) in SonicOS that may be actively exploited, urging immediate patching to prevent unauthorized access and potential firewall crashes. https://securityaffairs.com/168112/hacking/sonicwall-sonicos-bug-exploited.html

🔧 Building a Hardware Hacking Arsenal: The Right Bits for Every Byte security research – This article outlines essential tools for hardware hacking, emphasizing cost-effective options that support learning and experimentation in security assessments. Safety and accessibility are also highlighted. https://www.guidepointsecurity.com/blog/building-a-hardware-hacking-arsenal-the-right-bits-for-every-byte/


CISA Corner

⚠️ LOYTEC Electronics LINX Series vulnerability – Multiple vulnerabilities in LOYTEC's LINX series devices could allow attackers to exploit sensitive information and gain unauthorized access, with high CVSS scores indicating significant risks. https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog vulnerability – CISA has added three vulnerabilities, including two in Draytek VigorConnect and one in Kingsoft WPS Office, to its catalog due to active exploitation risks for federal networks. https://www.cisa.gov/news-events/alerts/2024/09/03/cisa-adds-three-known-exploited-vulnerabilities-catalog

⚙️ CISA Releases Four Industrial Control Systems Advisories vulnerability – On September 5, 2024, CISA released four advisories addressing security vulnerabilities in various Industrial Control Systems, urging users to review for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/09/05/cisa-releases-four-industrial-control-systems-advisories

⚔️ Russian Military Cyber Actors Target US and Global Critical Infrastructure security news – The FBI, CISA, and NSA report that Russian GRU Unit 29155 is behind ongoing cyber operations targeting critical infrastructure, utilizing tools like WhisperGate malware and exploiting various vulnerabilities since at least 2020. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Not Simon 🐐

Country: People's Republic of China Organization: Loosely connected private contractors operating on behalf of China’s Ministry of State Security (MSS). Some have worked at Chengdu 404 Network Technology Objective: Espionage, Information theft, Financial crime (Page last updated: September 22, 2024)

Aliases (sorted alphabetically):

Subgroups

Identified Members

Associated Company

Chengdu Si Lingsi (404) Network Technology Company Ltd. (成都市肆零肆网络科技有限公司)

Vulnerabilities Exploited

  • CVE-2018-0824 (7.5 high, in CISA's KEV Catalog) Microsoft COM for Windows Remote Code Execution Vulnerability Source: Cisco
  • CVE-2017-0199 (7.8 high, in CISA's KEV Catalog) Microsoft Office and WordPad Remote Code Execution Vulnerability Sources: Clearsky, Fortinet, FireEye
  • CVE-2019-3396 (9.8 critical, in CISA's KEV Catalog) Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability. Sources: FireEye, Fortinet
  • CVE-2015-1641 (7.8 high, in CISA's KEV Catalog) Microsoft Office Memory Corruption Vulnerability Source: Fortinet
  • CVE-2012-0158 (8.8 high, in CISA's KEV Catalog) Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability Sources: Fortinet, FireEye
  • CVE-2017-11882 (7.8 high, in CISA's KEV Catalog) Microsoft Office Memory Corruption Vulnerability Source: FireEye

The following 7 vulnerabilities have the same source: U.S. DOJ

  • CVE-2019-19781 (9.8 critical, in CISA's KEV Catalog) Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability Additional sources: FireEye, Fortinet
  • CVE-2019-11510 (10.0 critical, in CISA's KEV Catalog) Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
  • CVE-2019-16920 (9.8 critical, in CISA's KEV Catalog) D-Link Multiple Routers Command Injection Vulnerability
  • CVE-2019-16278 (9.8 critical) Nostromo 1.9.6 Directory Traversal/ Remote Command Execution Vulnerability
  • CVE-2019-1652 (7.2 high, in CISA's KEV Catalog) Cisco Small Business Routers Improper Input Validation Vulnerability. Additional source: FireEye
  • CVE-2019-1653 (7.5 high, in CISA's KEV Catalog) Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability. Additional source: FireEye
  • CVE-2020-10189 (9.8 critical, in CISA's KEV Catalog) Zoho ManageEngine Desktop Central File Upload Vulnerability. Additional sources: FireEye, Fortinet

The following 2 vulnerabilities have the same source: Mandiant

  • CVE-2021-44228 (10.0 critical, in CISA's KEV Catalog) Apache Log4j2 Remote Code Execution Vulnerability (aka Log4Shell).
  • CVE-2021-44207 (8.1 high) Acclaim USAHERDS Hard-Coded Credentials Vulnerability

Tactics, Techniques, and Procedures

Mapped to MITRE ATT&CK Navigator Layers

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2013

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from Not Simon 🐐

Country: Russia Organization: Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) Objective: Espionage, Sabotage, Assassinations, Influence Operations (Page last updated: September 07, 2024)

Aliases:

Identified Members

Vulnerabilities Exploited

  • CVE-2017-11882 (7.8 high, in CISA's KEV Catalog) Microsoft Office Memory Corruption Vulnerability Source: Unit 42

The following 5 vulnerabilities have the same source: CISA

  • CVE-2021-33044 (9.8 critical, in CISA's KEV Catalog) Dahua IP Camera Authentication Bypass Vulnerability
  • CVE-2021-33045 (9.8 critical, in CISA's KEV Catalog) Dahua IP Camera Authentication Bypass Vulnerability
  • CVE-2022-26134 (9.8 critical, in CISA's KEV Catalog) Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
  • CVE-2022-26138 (9.8 critical, in CISA's KEV Catalog) Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
  • CVE-2022-3236 (9.8 critical, in CISA's KEV Catalog) Sophos Firewall Code Injection Vulnerability

Exploitation Likely

CISA and co-authoring agencies warned on 06 September 2024 that Unit 29155 cyber actors have been observed obtaining the respective exploit scripts for the following 5 vulnerabilities:

  • CVE-2020-1472 (9.8 critical, in CISA's KEV Catalog) Microsoft Netlogon Privilege Escalation Vulnerability
  • CVE-2021-26084 (9.8 critical, in CISA's KEV Catalog) Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
  • CVE-2021-3156 (7.8 high, in CISA's KEV Catalog) Sudo Heap-Based Buffer Overflow Vulnerability
  • CVE-2021-4034 (7.8 high, in CISA's KEV Catalog) Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
  • CVE-2022-27666 (7.8 high) Red Hat: IPSec ESP Local Privilege Escalation Vulnerability

Tactics, Techniques, and Procedures

Mapped to MITRE ATT&CK Navigator Layers

screenshot of Russia GRU Unit 29155 MITRE ATT&CK TTPs in a visual chart compiled using ATT&CK Navigator Layers

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2021

 
Read more...

from Nicholas Spencer

The rapid advancement of generative AI is reshaping the cybersecurity industry. As AI capabilities grow exponentially, we're witnessing a swift evolution in how both defensive and offensive cybersecurity operations function. This transformation is not only changing the nature of cyber threats and defences but also significantly impacting the cybersecurity workforce.

AI in Defensive Cybersecurity

In the realm of defensive cybersecurity, AI is revolutionising how Security Operations Centres (SOCs) function, particularly in alert triage and investigation. Currently, SOC analysts face the repetitive task of sifting through countless alerts, many of which turn out to be false positives. This labour-intensive process has long been a bottleneck in effective threat response. However, the emergence of AI-powered services claiming to automate initial alert investigations is changing the game.

Traditionally, level-1 SOC analysts have been responsible for the initial triage, following established playbooks to investigate alerts and escalate when necessary. This repetitive work, while crucial, is ripe for automation. As AI systems become more sophisticated, it's increasingly likely that much of this level-1 work will be fully automated in the near future, with AI systems capable of escalating complex alerts to experienced human analysts when required.

AI in Offensive Cybersecurity

On the offensive side, AI is already making significant waves in how penetration testing and vulnerability assessments are conducted. AI-powered tools are automating many aspects of basic penetration testing. These sophisticated systems can efficiently scan for running services and exploit known vulnerabilities, tasks that previously required significant human intervention. Moreover, these AI tools are adept at examining websites and identifying a wide range of vulnerabilities, including those listed in the OWASP Top 10 – a critical benchmark in web application security.

Even in scenarios where AI tools can't autonomously exploit applications, they're proving to be invaluable assistants to human penetration testers. This AI augmentation is a game-changer, potentially elevating a novice penetration tester to perform at the level of someone with years of experience. For seasoned professionals, AI acts as a capability multiplier, enabling them to uncover more complex vulnerabilities and delve deeper into system weaknesses.

The AI Arms Race in Cybersecurity

The rapid growth in AI capabilities is evident in both defensive and offensive security domains. While major AI model creators are implementing safeguards to limit their systems' ability to assist with cybersecurity exploitation, numerous other models exist without such restrictions. This proliferation of unrestricted AI tools raises significant concerns about their potential misuse by malicious actors.

The same AI-powered tools that enhance the capabilities of ethical penetration testers and defensive analysts could equally empower cyber criminals. This dual-use nature of AI in cybersecurity is leading towards what appears to be an AI driven arms race. On one side, AI will be leveraged to bolster system defences, automate alert triage, and uncover vulnerabilities for patching. On the other, it will be weaponized to launch more sophisticated attacks that are harder to detect and remediate.

Impact on the Cybersecurity Workforce

While this automation of cyber defence promises increased efficiency and potentially improved threat response times, it also raises concerns about the future of the cybersecurity workforce, particularly entry-level roles. As AI takes over many tasks traditionally performed by junior analysts and penetration testers, we may see a significant reduction in entry-level positions, which have long served as a crucial stepping stone for aspiring cybersecurity professionals.

This shift could potentially exacerbate the existing cybersecurity skills gap. With fewer entry-level positions available, it may become increasingly challenging for interested individuals to gain the hands-on experience necessary to progress in the field. This bottleneck could lead to a shortage of mid-level and senior professionals in the long term, as the traditional career pipeline is disrupted.

However, it's important to note that as AI brings new efficiencies to cybersecurity, it also introduces new threats and challenges. The cybersecurity landscape is evolving rapidly, with AI-powered attacks becoming more sophisticated and prevalent. This evolution will inevitably create new roles and specialisations within the field, potentially offsetting some of the job losses in existing areas.

The Future of Cybersecurity

As we stand on the brink of this new era in cybersecurity, it's clear that AI will play a pivotal role in shaping the future of the field. The exact shape of the cybersecurity workforce remains uncertain. While AI will undoubtedly automate many current tasks, it will also create new opportunities and challenges that require human expertise.

While AI tools are making certain aspects of cybersecurity more accessible, they're also raising the bar for what constitutes advanced skills in both defensive and offensive security. Professionals in this field will need to adapt quickly, learning to work alongside AI tools effectively while also staying ahead of AI threats.

The key for professionals and students in this field will be to stay adaptable, continuously learning and evolving their skills to remain relevant in this AI augmented landscape. Embracing these new tools responsibly, using them to enhance our defensive capabilities while also preparing for the inevitable rise in AI assisted cyber attacks, will be crucial for the future of cybersecurity.

Disclaimer: While I developed the ideas and topics of this post, I used Claude AI (Sonnet 3.5) as a tool to help format and structure it for clarity and coherence.

 
Read more...

from Bruno Miguel

I got a job over a month ago. I mean, kinda. It's something I can do when I'm capable of, concerns writing (including reviewing and correcting other people's work), and pays around double the hourly minimum wage in my country.

I can usually work 2 hours a day, sometimes 3 or 4 hours, 5 or 6 days a week. There are also days when I'm in such pain that I can't do a thing.

I don't make a fortune (I wouldn't mind, though!), but at least it has been enough to be able to pay for my medications.

#Job #LifeUpdate

 
Read more...

from Tai Lam in Science

I think I'm overthinking this. I think I'll follow the instructions for Secure Boot for the Linux Surface project and see how that goes.

The GH project's wiki references following steps outlined in the ArchWiki.

Additionally, I came across the following sources:

  • Super User thread from Stack Exchange
  • GitHub gist from July 2022
  • A blog post from January 2022

I haven't been able to sit down and try this — but expect that this worked if I don't come back to follow up.

 
Read more...