Infosec Press

Reader

Read the latest posts from Infosec Press.

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🎭 Massive hack-for-hire scandal rocks Italian political elites cybercrime – A hack-for-hire scheme exposed sensitive data of top Italian politicians, raising serious concerns about democracy and privacy. Investigations have led to arrests and calls for stronger security measures. https://www.politico.eu/article/hacking-scandal-italy-matteo-renzi-sergio-mattarella-equalize-nunzio-samuele-calamucci/

💻 Black Basta affiliates used Microsoft Teams in recent attacks security research – Black Basta ransomware affiliates are now using Microsoft Teams to impersonate IT support, tricking employees into granting access and spreading malware through malicious QR codes. https://securityaffairs.com/170311/cyber-crime/black-basta-ransomware-microsoft-teams.html

🔓 Free, France’s second-largest telecoms company, confirms being hit by cyberattack data breach – Free confirmed a cyberattack that compromised personal data of subscribers, with over 19 million potentially affected. The company has reported the breach and is enhancing security measures. https://therecord.media/france-telecom-free-cyberattack

🤖 Hospitals adopt error-prone AI transcription tools despite warnings security news – OpenAI's Whisper tool is generating fabricated medical transcripts, raising serious concerns for patient care. Despite warnings, many healthcare providers are using it, risking accuracy in critical situations. https://arstechnica.com/ai/2024/10/hospitals-adopt-error-prone-ai-transcription-tools-despite-warnings/

📚 Die digitale Bildung unter der Lupe: Eine Analyse von Schul- und Lern-Apps privacy – The article examines school and learning apps, focusing on their effectiveness and privacy implications. It emphasizes the need for scrutiny in digital education tools to protect user data. https://www.kuketz-blog.de/die-digitale-bildung-unter-der-lupe-eine-analyse-von-schul-und-lern-apps/

🏃‍♂️ Macron's bodyguards show his location by sharing Strava data privacy – An investigation revealed that President Macron's bodyguards inadvertently shared their locations on Strava, exposing sensitive information about his whereabouts and security arrangements. https://www.theregister.com/2024/10/29/macron_location_strava/

🏡 QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024 vulnerability – QNAP patched a critical zero-day vulnerability (CVE-2024-50388) exploited at Pwn2Own Ireland 2024, allowing remote code execution on TS-464 NAS devices. The flaw was quickly addressed following the demonstration. https://securityaffairs.com/170386/uncategorized/qnap-fixed-zero-day-cve-2024-50388-pwn2own-ireland-2024.html

🦠 Malware campaign expands its use of fake CAPTCHAs malware – A new malware campaign utilizes fake CAPTCHAs to deliver Lumma and Amadey malware, targeting users on various websites. Clicking the CAPTCHA triggers malicious code, leading to data theft and browser credential extraction. https://therecord.media/fake-captcha-malware-campaign-lumma-amadey

🤬 Google CEO says over 25% of new Google code is generated by AI security news – Google's CEO announced that AI now generates over 25% of new code at the company, aiding developers' productivity. While AI tools are popular, concerns about bugs and security remain. Comment: I can't express how scary this sounds to me. https://arstechnica.com/ai/2024/10/google-ceo-says-over-25-of-new-google-code-is-generated-by-ai/

🎢 Windows Themes 0-day opens door to NTLM credential theft vulnerability – A zero-day vulnerability in Windows Themes allows attackers to steal NTLM credentials by tricking users into handling malicious theme files. A free micropatch from Acros Security is available while awaiting a Microsoft fix. https://www.theregister.com/2024/10/30/zeroday_windows_themes/

📞 New version of Android malware FakeCall redirects bank calls to scammers cybercrime – The updated FakeCall malware for Android redirects bank calls to scammers, stealing sensitive information and funds. It mimics the Android dialer, tricking users into granting it default call handler permissions. https://securityaffairs.com/170410/malware/fakecall-malware-intercepts-outgoing-bank-calls.html

🛒 Satori Threat Intelligence Alert: Phish ’n’ Ships Fakes Online Shops to Steal Money and Credit Card Information cybercrime – Satori uncovered a fraud operation, Phish ’n’ Ships, exploiting fake online shops to steal credit card information. The scheme, which has affected hundreds of thousands of consumers, uses infected websites to redirect users to counterfeit stores, resulting in significant financial losses. https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-phish-n-ships-fakes-online-shops-to-steal-money-and-credit-card-information

🎣 Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files security research – Midnight Blizzard, a Russian threat actor, is executing a spear-phishing campaign targeting government and academic sectors using signed RDP files to redirect victims to actor-controlled servers for intelligence collection. https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/

🍽️ Fired Disney worker accused of hacking into restaurant menus, replacing them with Windings and false peanut allergy information security news – A former Disney employee allegedly hacked the restaurant menu system, changing fonts to Wingdings and removing allergy info, risking safety. He faces multiple charges, including a denial-of-service attack on Disney staff. https://www.bitdefender.com/en-us/blog/hotforsecurity/fired-disney-worker-hacking-restaurant-menus-replacing-false-peanut-allergy/

🛎️ Booking.com Phishers May Leave You With Reservations cybercrime – A spear-phishing campaign targeting Booking.com users exploits stolen credentials from hotel partners, allowing scammers to send fraudulent messages. Booking.com is enhancing security measures, including mandatory 2FA, but threats persist as cybercriminals adapt. https://krebsonsecurity.com/2024/11/booking-com-phishers-may-leave-you-with-reservations/


Some More, For the Curious

👮‍♀️ Law Enforcement Deanonymizes Tor Users security news – German police have managed to deanonymize several Tor users by monitoring known relays and applying timing analysis, raising concerns about the effectiveness of Tor's anonymity. https://www.schneier.com/blog/archives/2024/10/law-enforcement-deanonymizes-tor-users.html

🔐 Five Eyes tell tech startups to take infosec seriously cyber defense – The Five Eyes nations have issued security principles for tech startups to combat threats like IP theft. They emphasize understanding risks, securing products, and managing partnerships as essential practices. https://www.theregister.com/2024/10/29/five_eyes_secure_innovation_campaign/

🦠 Fog and Akira ransomware attacks exploit SonicWall VPN flaw warning – Fog and Akira ransomware groups are exploiting a critical SonicWall VPN vulnerability (CVE-2024-40766) to breach corporate networks, emphasizing the need for urgent patching to mitigate risks. https://securityaffairs.com/170359/cyber-crime/fog-akira-ransomware-sonicwall-vpn-flaw.html

🔍 How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware cybercrime – U.S. prosecutors charged Maxim Rudometov for developing Redline malware, tracing him through opsec mistakes like using identifiable email and social accounts, leading to his arrest in Operation Magnus. https://techcrunch.com/2024/10/29/how-a-series-of-opsec-failures-led-us-authorities-to-the-alleged-developer-of-the-redline-password-stealing-malware/

🎛️ Writing a BugSleep C2 server and detecting its traffic with Snort security research – Researchers analyzed the BugSleep RAT, detailing its C2 protocol and methods for traffic detection using Snort. They implemented rules to identify and block its communications effectively. https://blog.talosintelligence.com/writing-a-bugsleep-c2-server/

👺 Here’s the paper no one read before declaring the demise of modern cryptography security news – Amidst alarmist claims about quantum computing threatening encryption, experts clarify that recent research does not break RSA or AES. Instead, it finds known vulnerabilities using quantum methods without significant advancements. https://arstechnica.com/information-technology/2024/10/the-sad-bizarre-tale-of-hype-fueling-fears-that-modern-cryptography-is-dead/

🔑 Hackers find 15,000 credentials by scanning for git configuration data breach – Sysdig discovered over 15,000 stolen cloud service credentials in an open AWS bucket, collected by the EMERALDWHALE operation targeting exposed git configurations for spam and phishing campaigns. https://cyberscoop.com/sysdig-git-credentials-cloud-service-emeraldwhale/

🔓 Chinese state-backed hackers breached 20 Canadian government networks over four years, agency warns security news – Chinese hackers have compromised 20 Canadian government networks in four years, targeting critical infrastructure and innovation sectors. The threat includes espionage, IP theft, and influence operations, as noted by Canada’s cyber agency. https://therecord.media/canada-20-government-agencies-hacked-china-last-four-years

❎ Colorado scrambles to change voting-system passwords after accidental leak data breach – The Colorado Department of State is urgently updating passwords after accidentally posting a spreadsheet with partial voting system passwords online. Officials assert there is no immediate security threat, but the GOP criticizes the handling of the incident. https://arstechnica.com/tech-policy/2024/10/colorado-scrambles-to-change-voting-system-passwords-after-accidental-leak/

🐱 Hack Nintendo's Alarmo to run code (cat pics)? Let's-a go! hacking write-up – Hacker GaryOderNichts exploited a vulnerability in Nintendo's Alarmo clock to run custom code, including displaying cat pictures. The hack utilized findings from researcher Naomi Smith and involved accessing the device's firmware. https://www.theregister.com/2024/11/01/hack_nintendos_alarmo/

🔓 Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack vulnerability – A critical zero-click vulnerability in Synology's default photo app allows attackers to steal data from millions of NAS devices without user interaction. Researchers warn this could lead to ransomware attacks and unauthorized access. https://www.wired.com/story/synology-zero-click-vulnerability/

🔑 An Okta login bug bypassed checking passwords on some long usernames vulnerability – A vulnerability in Okta allowed logins without password checks for usernames over 52 characters for three months. The issue has been fixed by switching the cryptographic algorithm used for cache keys. https://www.theverge.com/2024/11/1/24285874/okta-52-character-login-password-authentication-bypass

🚿 Chinese threat actors use Quad7 botnet in password-spray attacks cybercrime – Microsoft warns that Chinese threat actors are using the Quad7 botnet to conduct password-spray attacks, targeting SOHO devices and VPNs to steal credentials. The botnet exploits vulnerabilities in various routers to relay brute-force attacks. https://securityaffairs.com/170503/malware/quad7-botnet-used-by-chinese-threat-actors.html

🧰 BOFHound: AD CS Integration cyber defense – The BOFHound tool now supports parsing Active Directory Certificate Services (AD CS) objects for better attack path mapping in BloodHound. It allows for manual LDAP queries and enhances visibility into AD environments while maintaining stealth. https://posts.specterops.io/bofhound-ad-cs-integration-91b706bc7958

🔧 A Deeper Look at FortiJump (FortiManager CVE-2024-47575) vulnerability – CVE-2024-47575, known as FortiJump, is a critical vulnerability in FortiManager that allowed unauthorized access to devices due to missing authentication. Although the flaw has been patched, researchers warn about the potential for command injection exploits. https://bishopfox.com/blog/a-look-at-fortijump-cve-2024-47575


CISA Corner

🔒 Apple Releases Security Updates for Multiple Products security news – Apple has released critical security updates for various products to address vulnerabilities and enhance user protection. Users are encouraged to apply these updates promptly. https://www.cisa.gov/news-events/alerts/2024/10/29/apple-releases-security-updates-multiple-products 📧 Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments cybercrime – CISA reports a large-scale spear-phishing campaign targeting government and IT sectors using malicious RDP files. Organizations are urged to implement security measures like restricting RDP connections and enabling multi-factor authentication. https://www.cisa.gov/news-events/alerts/2024/10/31/foreign-threat-actor-conducting-large-scale-spear-phishing-campaign-rdp-attachments

⚠️ Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation vulnerability – Fortinet has revised its advisory for the critical FortiManager vulnerability (CVE-2024-47575), adding new workarounds and indicators of compromise. CISA urges users to apply updates and monitor for malicious activity. https://www.cisa.gov/news-events/alerts/2024/10/30/fortinet-updates-guidance-and-indicators-compromise-following-fortimanager-vulnerability

⚙️ CISA Releases Three Industrial Control Systems Advisories warning – CISA has issued three advisories addressing vulnerabilities in Siemens, Solar-Log, and Delta Electronics ICS devices, urging users to review them for security updates and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/29/cisa-releases-three-industrial-control-systems-advisories ⚙️ CISA Releases Four Industrial Control Systems Advisories warning – CISA has issued four advisories addressing vulnerabilities in Rockwell Automation and Mitsubishi Electric ICS products, urging users to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/31/cisa-releases-four-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Kevin Neely's Security Notes

I’ve been a “dabbler” with crewAI for a while now, having come across it in March of 2024 and tinkering when I have some time. I love the idea of task-based LLM actions that are specific enough that you can use lower cost but specifically-trained models for the tasks, even running those models on your own hardware. A few weeks back, my team at work used CrewAI for a hackathon in an effort to automate an onerous process, and it came out pretty well!

So, when I saw that they have a couple official training videos on a new e-learning platform called DeepLearning.ai, I figured I’d check them out. #CrewAI is evolving rapidly, and the some of the notes I’ve taken over the past 8 months aren’t even applicable anymore, so I figured this was a great way to level-set and fill in gaps in my knowledge.

I’m not going to describe CrewAI here, other than it’s a framework for easily building multi-agent teams and requires little to no coding experience. How CrewAI works is well-explained in the first fifteen minutes of the course, so at least listen to that part!

About the Course

The course, Multi AI Agent Systems with crewAI, follows a flow familiar to anyone that has taken online courses, and is taught by the creator of crewAI, João Moura. The lessons, ranging from a minute to 18 minutes, are a mix of descriptive lecture and hands-on coding. For the lessons where coding is involved, the window handily split-screens and on one side is an iPython notebook environment with the code pre-populated, so you can work through it as João explains what the code does.

You can also get an indication of the course and CrewAI by checking out my crewAI experimentation repo on GitHub.

Target Audience Analysis

Professionals working in project management, artificial intelligence, and team leadership can greatly enhance their skills in constructing multi-agent teams. Those keen on optimizing team performance, utilizing state-of-the-art technologies for collaborative work, and streamlining task execution processes would discover value in enrolling in specialized online classes tailored to augment their proficiency in this realm. Addressing prevalent challenges like steering diverse teams, accomplishing project goals in intricate scenarios, and keeping pace with evolving team dynamics is indispensable for professionals aiming to excel in their respective roles.

Content Outline

Introduction to Multi-Agent Teams

Familiarizing with the basics of multi-agent teams and their significance in managing complex tasks effectively.

Importance of Building Multi-Agent Teams for Complex Tasks

Unveiling the reasons why seamless collaboration among agents is crucial for successful task fulfillment.

Strategies for Creating Effective Multi-Agent Teams

Scrutinizing established methodologies for assembling and overseeing high-performing multi-agent teams.

Multi-Agent Crew Performance Examples

The bulk of the course is working through five clear examples of building multi-agent systems with CrewAI. The result is a set of real-world instances where multi-agent teams can perform and achieve remarkable results across diverse problems.

write_article

The first example is super simple: take a task you might do with a single prompt with an #LLM chatbot, such as chatGPT, and have it performed by multple agents, each with their own persona. This performs no research and the output is purely from the LLM, making it an easy entrypoint for anyone. (Hint: I had it write an article about taking an online course for developing multi-agent teams, and even incorporated a bit of it into this.)     – this one required an update from the training to run on the latest version of crewai.     – older versions of crewai used an integer for the verbose declaration, and if you are running the latest, you need to change that to a binary, e.g. True.

This example is definitely one you’ll want to revisit after you learn how to use and assign tools to your agents in the following lessons.

customer_support

This creates a customer support agent that can answer questions about a specific product or service. It does this by accessing the URL with the support documentation.

customer_outreach

This example creates some marketing lead material to reach out to a specific company that is a potential customer or partner for a second, i.e. “your” company.

event_planning

This example uses multiple agents to research, identify, create the logistics, and then create some marketing material for an event. It takes in parameters like city, size, and budget in order to find a viable venue. – I believe it was this one where I had to fiddle with the asynchronicity of the agents, since I understand that CrewAI needs to have the last agent to perform a task be performing that itself. I could have that wrong, but I had to change that to make mine work.

This is actually a super-cool example, but I found that the LLMs did not adhere to the parameters, often getting venues too small or ignoring the input I would provide while they were performing their tasks. That’s to be expected, however, and I think experimentation is the name of the game when it comes to building these systems.

resume_builder

The final one was to have the agents create bespoke resumes, based upon the job one is applying for. As opposed to the event planning exercise, the output on this one was very good, and I was impressed with how well it could craft a resume for the specific job, as well as anticipate some of the interview questions and provide some hints for how to answer them.

Conclusion

This course provides a clear and thorough introduction to crewAI, bringing the attendees to an intermediate level of being able to use the framework. By immersing themselves in the intricacies of multi-agent team dynamics, professionals can acquire the requisite knowledge and proficiency to thrive in today's collaborative work settings. Embracing online classes tailored to address the subtleties of forming effective multi-agent teams represents a proactive stride towards honing essential skills and keeping abreast in the ever-dynamic professional sphere.

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

⏳ Sicherheit: Worauf du beim Kauf eines neuen Android-Smartphones achten solltest security news – Many Android manufacturers fail to provide timely security updates, often delaying patches for years, leaving users vulnerable to threats and privacy issues. https://www.kuketz-blog.de/sicherheit-worauf-du-beim-kauf-eines-neuen-android-smartphones-achten-solltest/

🔎 Watch: Inside the FBI’s Secret Phone Company security research – The FBI secretly operated Anom, a secure app used by criminals, revealing how law enforcement exploited its popularity to monitor organized crime without users' knowledge. https://www.404media.co/watch-inside-the-fbis-secret-phone-company/

🧨 Internet Archive was breached twice in a month security news – The Internet Archive faced two breaches within a month, exposing 31 million user records due to mishandled authentication tokens, raising serious concerns about their security practices. https://securityaffairs.com/170068/data-breach/internet-archive-second-data-breach.html

🔒 HM Surf macOS vuln potentially exploited by Adloader malware vulnerability – A macOS vulnerability (CVE-2024-44133) may allow malware like Adloader to exploit user privacy by accessing cameras and microphones. Apple users are urged to update their systems immediately. https://www.theregister.com/2024/10/21/microsoft_macos_hm_surf/

🚧 ICE's $2 Million Contract With a Spyware Vendor Is Under White House Review privacy – ICE's $2 million contract with Paragon Solutions for spyware is under review for compliance with Biden's executive order on spyware, raising concerns about privacy and civil liberties. https://www.wired.com/story/ice-paragon-contract-white-house-review/

👤 Meta brings back face scanning to combat scams and account hacking privacy – Meta reintroduces facial recognition on Facebook and Instagram to help users recover hacked accounts and fight scam ads impersonating celebrities, following privacy concerns that led to its earlier removal. https://www.theverge.com/2024/10/22/24276593/meta-facebook-instagram-facial-recognition-tools-test-celeb-bait

🚨 Samsung zero-day flaw actively exploited in the wild vulnerability – A Samsung zero-day vulnerability (CVE-2024-44068) is being actively exploited, allowing privilege escalation on vulnerable Android devices. Security updates were released in October 2024 to address the issue. https://securityaffairs.com/170119/security/samsung-zero-day-activey-exploited.html

😉 Google Online Security Blog: 5 new protections on Google Messages to help keep you safe security news – Google introduces five new security features in Google Messages aimed at enhancing user safety, including spam protection and improved verification for messages, to combat scams and protect privacy. https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html

📱 WhatsApp is making a massive change to the way it saves your contacts security news – WhatsApp introduces a built-in contact manager that allows users to save contacts within the app, independent of their smartphone’s address book, enhancing privacy and ease of use. https://www.theverge.com/2024/10/22/24276714/whatsapp-built-in-contacts-address-book

🚫 Googles Manifest V3: Ein Schlag für Werbeblocker und Nutzerrechte privacy – Google's Manifest V3 introduces changes that undermine ad blockers and user rights, raising concerns about online privacy and control over web experiences. https://www.kuketz-blog.de/googles-manifest-v3-ein-schlag-fuer-werbeblocker-und-nutzerrechte/

📍 The Global Surveillance Free-for-All in Mobile Ad Data privacy – A lawsuit highlights how mobile ad data enables tracking of individuals, including law enforcement officers, through services like Babel Street, raising significant privacy concerns amidst a growing data broker industry. https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/

🦺 Ransomware gang stoops to new low, targets prominent nonprofit for disabled people cybercrime – The Rhysida ransomware group has targeted Easterseals, a nonprofit for disabled individuals, demanding $1.3 million after accessing personal data of nearly 15,000 people in a cyberattack. https://therecord.media/easterseals-central-illinois-data-breach

💣 The EU Throws a Hand Grenade on Software Liability security news – The EU is introducing strict software liability laws to hold software makers accountable for defects, contrasting with the US approach, which is lagging due to lobbying and lack of political will. https://news.risky.biz/the-eu-throws-a-hand-grenade-on-software-liability/

💸 LinkedIn hit with $335 million fine for using member data for ad targeting without consent privacy – Ireland's Data Protection Commission fined LinkedIn €310 million for violating GDPR by using member data for ads without consent, marking one of the largest fines against a tech company for data misuse. https://therecord.media/linkedin-hit-with-335-million-fine-gdpr-ireland

🕵️‍♂️ HYPR is latest firm to reveal hiring of fraudulent IT worker overseas cybercrime – HYPR exposed an incident involving a fraudulent IT worker from a contracting agency, highlighting the need for enhanced vetting processes to prevent hiring scams amid rising concerns of fake remote employees. https://cyberscoop.com/hypr-hired-fraudulent-tech-worker-overseas/

🥽 How the ransomware attack at Change Healthcare went down: A timeline cybercrime – A ransomware attack on Change Healthcare in February 2024 led to a massive data breach affecting over 100 million people, revealing vulnerabilities in cybersecurity and prompting extensive investigations. https://techcrunch.com/2024/10/24/how-the-ransomware-attack-at-change-healthcare-went-down-a-timeline/

🔧 It Is Now Legal to Hack McFlurry Machines (and Medical Devices) to Fix Them security news – A new federal rule allows the circumvention of digital locks on McFlurry machines and medical devices for repair purposes, highlighting ongoing issues with manufacturer control over equipment and the need for further repair legislation. https://www.404media.co/it-is-now-legal-to-hack-mcflurry-machines-and-medical-devices-to-fix-them/

🤔 Prominent crypto critic says someone offered bribes to take down a blog post security news – Molly White, a crypto critic, reported being offered bribes to remove a post about a fraud case involving Roman Ziemian. After declining the bribe, she received a dubious DMCA takedown request from someone claiming to be a lawyer. https://techcrunch.com/2024/10/25/prominent-crypto-critic-says-someone-offered-bribes-to-take-down-a-blog-post/


Some More, For the Curious

🛡️ Update #1 Kritische Zero-Day Schwachstelle in FortiManager wird aktiv ausgenutzt – Update verfügbar warning – The article discusses CERT.at, Austria's Computer Emergency Response Team, focusing on its role in cybersecurity, incident response, and providing guidance to organizations on protecting against cyber threats. https://www.cert.at/de/warnungen/2024/10/kritische-zero-day-schwachstelle-in-fortimanager-wird-aktiv-ausgenutzt-update-verfugbar

💸 Stealers on the rise: Kral, AMOS, Vidar and ACR security research – Information stealers are proliferating, targeting credentials and cryptocurrency data, with methods ranging from malicious downloads to deceptive phishing tactics. Cybercriminals profit from these attacks, threatening privacy. https://securelist.com/kral-amos-vidar-acr-stealers/114237/

👻 Sneaky Ghostpulse malware loader hides inside PNG pixels security research – The Ghostpulse malware now extracts its payload from PNG image pixels, making detection harder. This evolution showcases increasing sophistication in cybercriminal tactics to evade security measures. https://www.theregister.com/2024/10/22/ghostpulse_malware_loader_png/

🛡️ Justice Department rule aims to curb the sale of Americans’ personal data overseas privacy – The Justice Department proposed regulations to restrict the sale of Americans' personal data to adversarial countries, enhancing privacy protections while imposing compliance requirements on companies. https://cyberscoop.com/justice-department-data-broker-regulation-china-russia-iran/

🙂‍↔️ No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer security research – Recent claims that China's quantum computer has cracked military-grade encryption are exaggerated. Experts affirm that modern cryptography remains secure for the foreseeable future. https://www.schneier.com/blog/archives/2024/10/no-the-chinese-have-not-broken-modern-encryption-systems-with-a-quantum-computer.html

🛠️ VMware fixes critical RCE, make-me-root bugs in vCenter – for the second time vulnerability – VMware has issued a second patch for critical vulnerabilities in vCenter Server that could allow remote code execution and privilege escalation, urging all users to update immediately. https://www.theregister.com/2024/10/22/vmware_rce_vcenter_bugs/

🍪 Threat Spotlight: WarmCookie/BadSpace malware – WarmCookie, a malware family active since April 2024, is used for initial access and persistence, enabling further malware deployment like CSharp-Streamer-RAT. Its distribution involves malspam and malvertising tactics. https://blog.talosintelligence.com/warmcookie-analysis/

😈 Lazarus APT steals cryptocurrency and user data via a decoy MOBA game security news – Lazarus APT uses a fake MOBA game to exploit a Google Chrome zero-day vulnerability, gaining access to victims' PCs. The group targets cryptocurrency and evolves its tactics with sophisticated social engineering. https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/

👋 Meet ZachXBT, the Masked Vigilante Tracking Down Billions in Crypto Scams and Thefts security news – ZachXBT, an anonymous crypto investigator, has traced billions in stolen funds, including a recent $243 million Bitcoin theft, leading to arrests of the alleged hackers and advocating for justice for victims. https://www.wired.com/story/meet-zachxbt-243-million-crypto-theft/

🌍 Removal of Russian coders spurs debate about Linux kernel’s politics security news – The Linux kernel's maintainer removed Russian developers from the MAINTAINERS file due to compliance with US sanctions, sparking debate over the intersection of open source and international politics. https://arstechnica.com/information-technology/2024/10/russian-coders-removed-from-linux-maintainers-list-due-to-sanction-concerns/


CISA Corner

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-9537, a ScienceLogic SL1 vulnerability, to its Known Exploited Vulnerabilities Catalog, highlighting the need for federal agencies to address active threats promptly. https://www.cisa.gov/news-events/alerts/2024/10/21/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-38094, a Microsoft SharePoint deserialization vulnerability, to its Known Exploited Vulnerabilities Catalog, highlighting its risks to federal networks and the need for remediation. https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-47575, a missing authentication vulnerability in Fortinet FortiManager, to its Known Exploited Vulnerabilities Catalog, urging users to apply patches to mitigate risks. https://www.cisa.gov/news-events/alerts/2024/10/23/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has included CVE-2024-20481 (Cisco ASA and FTD DoS vulnerability) and CVE-2024-37383 (RoundCube Webmail XSS vulnerability) in its Known Exploited Vulnerabilities Catalog due to active exploitation risks. https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-adds-two-known-exploited-vulnerabilities-catalog

⚙️ ICONICS and Mitsubishi Electric Products vulnerability – A vulnerability (CVE-2024-7587) in ICONICS and Mitsubishi Electric products allows for potential data disclosure and tampering due to incorrect default permissions. Users are urged to update to mitigate risks. https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01 ⚙️ CISA Releases Four Industrial Control Systems Advisories vulnerability – CISA issued four ICS advisories addressing security vulnerabilities in various systems, VIMESA VHF/FM, iniNet Spider Control, Deep Sea Electronics, OMNET Proteus https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-releases-four-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from stndinq

  • basic intro instructions for whisper transcription application – link
  • basic intro instructions for using yt-dlp to download media – link
 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🤖 Chatbot Traps: How to Avoid Job Scams cybercrime – Job seekers are at risk from AI-driven scams that produce convincing fake job offers and impersonate real companies. Stay alert and cautious when engaging with online recruiters. https://connect.geant.org/2024/10/14/chatbot-traps-how-to-avoid-job-scams

📦 WordPress Jetpack plugin critical flaw impacts 27 million sites vulnerability – A critical flaw in the Jetpack plugin allowed logged-in users to access others' form submissions. An update has been issued, but caution is advised. https://securityaffairs.com/169848/uncategorized/wordpress-jetpack-plugin-critical-flaw.html

🦟 Hackers reportedly impersonate cyber firm ESET to target organizations in Israel cybercrime – Hackers impersonating ESET have targeted Israeli organizations with phishing emails containing wiper malware. ESET denies any compromise of its systems and is investigating the incident. https://therecord.media/hackers-impersonate-eset-wiper-malware

🏨 New Telekopye Scam Toolkit Targeting Booking.com and Airbnb Users cybercrime – ESET Research uncovers the Telekopye scam network, exploiting compromised accounts on Booking.com and Airbnb to create phishing pages that steal personal and payment information from travelers. https://hackread.com/telekopye-scam-toolkit-hit-booking-com-airbnb-users/

🗃️ Cyberangriff auf Internet Archive offenbar von russischen Hackern durchgeführt security news – Die russische Hackergruppe SN_BLACKMETA gestand, das Internet Archive durch DDoS-Angriffe angegriffen zu haben, um auf die Situation in Gaza aufmerksam zu machen. https://www.heise.de/news/Cyberangriff-auf-Internet-Archive-offenbar-von-russischen-Hackern-durchgefuehrt-9983833.html

😤 The biggest data breaches in 2024: 1 billion stolen records and rising security news – 2024 has seen over 1 billion records stolen in significant data breaches affecting multiple companies. https://techcrunch.com/2024/10/14/2024-in-data-breaches-1-billion-stolen-records-and-rising/

🎮 Pokemon dev Game Freak discloses data breach data breach – Game Freak confirmed a cyberattack in August resulted in leaked source code and designs for unpublished Pokémon games, affecting the personal data of 2,606 individuals. https://securityaffairs.com/169817/data-breach/game-freak-data-breach.html

👮 This AI Tool Helped Convict People of Murder. Then Someone Took a Closer Look security news – WIRED's investigation reveals that Global Intelligence's Cybercheck tool, used in criminal cases, often produces unverified and inaccurate geolocation data, raising concerns about its reliability in court. https://www.wired.com/story/cybercheck-crime-reports-prosecutions/

🔑 Password manager makers want to let you securely transfer passkeys security news – The FIDO Alliance has introduced draft specifications for securely transferring passkeys between password managers, addressing a significant gap in credential management. https://www.theverge.com/2024/10/15/24270875/password-manager-makers-transfer-passkeys-fido-alliance

🚔 Sweden, Finland partner to take down Sipulitie criminal marketplace cybercrime – Swedish and Finnish law enforcement shut down the Sipulitie marketplace, a Tor-based site for selling narcotics, seizing its servers and disrupting criminal activities in Scandinavia. https://therecord.media/sweden-filand-take-down-sipulitie-criminal-marketplace

🏥 Nearly 400 US healthcare institutions hit with ransomware over last year, Microsoft says security news – Microsoft's report reveals that 389 U.S. healthcare institutions faced ransomware attacks in the past year, with increased coordination among nation-states and cybercriminals. Social engineering remains a prevalent access method. https://therecord.media/ransomware-healthcare-microsoft-last-year

📱 From QR to compromise: The growing “quishing” threat security news – Sophos reports on the rise of 'quishing' attacks, where QR codes in PDF attachments are used to phish corporate credentials, highlighting vulnerabilities in mobile security. https://news.sophos.com/en-us/2024/10/16/quishing/

📍 Here’s how attackers are getting around phishing defenses security news – Hackers are bypassing phishing defenses by manipulating natural language processing (NLP) tools with benign text and links, allowing malicious emails to evade detection, according to Egress research. https://cyberscoop.com/email-natural-language-obfuscation-phishing-egress/

🚗 Volkswagen checking ransomware data threat from 8Base data breach – The 8Base ransomware group claims to have stolen confidential Volkswagen files and is threatening to release them, but Volkswagen reports no impact on its IT infrastructure and is monitoring the situation. https://www.theregister.com/2024/10/16/volkswagen_ransomware_data_loss/

⚖️ French government uses biased algorithm to detect welfare fraud, rights groups say privacy – Amnesty International and 14 organizations have filed a complaint against France's CNAF, alleging its discriminatory algorithm unfairly targets low-income and marginalized welfare recipients for fraud detection. https://therecord.media/french-government-biased-algorithm-welfare

💻 Casio says 'no prospect of recovery yet' after ransomware attack cybercrime – Casio reports ongoing issues nearly two weeks after a ransomware attack, with many systems still down and shipping affected. https://techcrunch.com/2024/10/17/casio-says-no-prospect-of-recovery-yet-after-ransomware-attack/

🔓 Brazilian police arrested the hacker who stole everyone’s SSN cybercrime – Brazilian police arrested a hacker responsible for a breach exposing 2.9 billion records, including 270 million Social Security numbers. https://www.theverge.com/2024/10/17/24272271/brazilian-police-usdod-hacker-arrest-national-public-data

🛡️ Google Chrome’s uBlock Origin Purge Has Begun privacy – Google is implementing new Chrome extension standards that will disable the legacy version of uBlock Origin, pushing users to switch to uBlock Origin Lite, which offers reduced ad-blocking capabilities. https://www.wired.com/story/google-chrome-ublock-origin-extension/

🧬 23andMe faces an uncertain future — so does your genetic data security news – Following a data breach and financial struggles, 23andMe's future is uncertain, raising concerns about the privacy of its 15 million customers' genetic data. https://techcrunch.com/2024/10/19/23andme-faces-an-uncertain-future-so-does-your-genetic-data/


Some More, For the Curious

🔍 DORA-Kernkonzepte verstehen: Fokus auf “Kritische oder wichtige Funktionen” security news – DORA legt einen umfassenden Rahmen für das IKT-Risikomanagement fest, um digitale operative Widerstandsfähigkeit zu gewährleisten, indem kritische Funktionen identifiziert und verwaltet werden. https://sec-consult.com/de/blog/detail/dora-core-concepts-critical-or-important-functions-in-focus/

🐱‍Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack) security research – The Meow attack targets unsecured databases like Elasticsearch and MongoDB, corrupting data for fun rather than profit. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/feline-hackers-among-us-a-deep-dive-and-simulation-of-the-meow-attack/

🪩 Perfectl Malware malware – The Perfctl malware, discovered by Aqua Security, exploits over 20,000 misconfigurations and a critical Apache vulnerability to stealthily mine cryptocurrency and create persistent backdoors on infected systems. https://www.schneier.com/blog/archives/2024/10/perfectl-malware.html

📱 Trump campaign gets 'unhackable' phones security news – The Trump campaign is using 'unhackable' phones and computers from Green Hills Software, aiming to prevent data breaches ahead of the election, despite skepticism about the absolute security claims. https://www.theregister.com/2024/10/14/trump_unhackable_phones/

🦠 Expanding the Investigation: Deep Dive into Latest TrickMo Samples malware – New variants of the TrickMo banking Trojan utilize advanced evasion techniques and can steal unlock patterns, posing significant threats to user data and financial security. https://www.zimperium.com/blog/expanding-the-investigation-deep-dive-into-latest-trickmo-samples/

🛰️ How satellites are pushing security innovation at Amazon security research – Amazon integrates security into its culture and development processes, particularly in Project Kuiper, which aims to provide secure satellite-based internet with robust encryption and key management. https://cyberscoop.com/amazon-cybersecurity-culture-project-kuiper/

🪫 Organizations can substantially lower vulnerabilities with secure-by-design practices, report finds security research – A report from Secure Code Warrior reveals that training developers in secure-by-design practices can reduce software vulnerabilities by over 50%. https://cyberscoop.com/secure-by-design-return-investment-code-warrior/

🛜 Cisco confirms ongoing probe into alleged data breach data breach – Cisco is investigating claims of a data breach involving sensitive files allegedly stolen and sold by cybercriminals, with no evidence found yet of impacted systems. Law enforcement is involved. https://www.theregister.com/2024/10/15/cisco_confirm_ongoing_investigation/

🎁 Tinkerers Are Taking Old Redbox Kiosks Home and Reverse Engineering Them security news – Following Redbox's bankruptcy, enthusiasts are acquiring abandoned kiosks to reverse engineer their operating systems, even running games like Doom on them, while also liberating DVDs from the machines. https://www.404media.co/tinkerers-are-taking-old-redbox-kiosks-home-and-reverse-engineering-them/

🔧 VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX vulnerability – VMware has addressed a high-severity SQL injection vulnerability (CVE-2024-38814) in its HCX platform, allowing non-admin users to execute remote code. Updates are available for affected versions. https://securityaffairs.com/169904/security/vmware-sql-injection-flaw-cve-2024-38814.html

🔒 What I’ve learned in my first 7-ish years in cybersecurity security news – After nearly seven years in cybersecurity at Cisco Talos, the author reflects on their journey from journalism to tech, emphasizing the importance of asking questions, collaboration, and the evolving nature of threats. https://blog.talosintelligence.com/threat-source-newsletter-oct-17-2024/

🔒 F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP vulnerability – F5 has patched a high-severity elevation of privilege vulnerability (CVE-2024-45844) in BIG-IP and a medium-severity XSS flaw (CVE-2024-47139) in BIG-IQ, urging organizations to restrict access to mitigate risks. https://securityaffairs.com/170022/security/f5-patches-big-ip-elevation-of-privilege-bug.html

🐍 Open source LLM tool primed to sniff out Python zero-days security research – Protect AI is launching Vulnhuntr, an open-source tool that uses AI to identify zero-day vulnerabilities in Python code, marking a significant advancement in vulnerability detection. https://www.theregister.com/2024/10/20/python_zero_day_tool/


CISA Corner

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its KEV Catalog, including critical issues in Microsoft Windows, Mozilla Firefox, and SolarWinds, emphasizing the need for federal agencies to remediate them promptly. https://www.cisa.gov/news-events/alerts/2024/10/15/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-40711, a deserialization vulnerability in Veeam Backup and Replication, to its KEV Catalog, emphasizing the need for federal agencies to remediate it promptly. https://www.cisa.gov/news-events/alerts/2024/10/17/cisa-adds-one-known-exploited-vulnerability-catalog

⚠️ Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations warning – A joint advisory warns of Iranian cyber actors using brute force and credential access techniques to target U.S. critical infrastructure sectors, emphasizing the need for enhanced cybersecurity measures and vigilance. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-290a

⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – CISA issued two advisories on October 15, 2024, addressing vulnerabilities in Siemens Siveillance Video Cameras and Schneider Electric Data Center Expert, urging users to review for mitigations. https://www.cisa.gov/news-events/alerts/2024/10/15/cisa-releases-two-industrial-control-systems-advisories ⚙️ CISA Releases Seven Industrial Control Systems Advisories vulnerability – CISA has issued seven advisories detailing vulnerabilities in industrial control systems, urging users to review them for security measures and updates. https://www.cisa.gov/news-events/alerts/2024/10/17/cisa-releases-seven-industrial-control-systems-advisories

📜 Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM) security news – CISA has released a guidance document on Software Bill of Materials (SBOM), outlining key concepts and processes for representing software components, aimed at promoting adoption and transparency. https://www.cisa.gov/news-events/alerts/2024/10/15/guidance-framing-software-component-transparency-establishing-common-software-bill-materials-sbom

🩹 Oracle Releases Quarterly Critical Patch Update Advisory for October 2024 security news – Oracle's October 2024 Critical Patch Update Advisory addresses vulnerabilities in various products, some of which could allow cyber attackers to gain control of affected systems. Users are urged to apply updates. https://www.cisa.gov/news-events/alerts/2024/10/17/oracle-releases-quarterly-critical-patch-update-advisory-october-2024


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Jack Fortin

Tips for Getting the Best Car Loan Rates in British Columbia

Car Loan Rates in British Columbia

Getting the best BC auto loan rate might improve your finances. With changing interest rates and loan possibilities, it's important to know how to receive the best terms. This detailed guide will help you negotiate BC automobile financing and get the best vehicle loan rates.

1. Knowing BC Car Finance

Before applying for a vehicle loan, you must understand BC auto financing. Knowing the sorts of vehicle loans, interest rate considerations, and competing financial institutions is necessary. British Columbia vehicle finance includes online, credit union, and bank loans. Each option has benefits and downsides, and rates depend on credit history, loan amount, and term.

2. Improve Credit Score

Credit score is crucial to getting a cheap vehicle loan rate. Lenders evaluate creditworthiness and interest rates based on credit scores. Lower interest rates are characteristic of better credit scores.

3. BC Auto Loan Rates Compare

Compare BC auto loan rates from several lenders to get the best deals. Different lenders and financial profiles charge different interest rates. Compare rates from banks, credit unions, and internet lenders using web tools. Ask lenders about their rates and any specials or reductions.

4. Get BC Auto Loan Pre-Approval

Pre-approval for a BC auto loans may speed up car buying. Your financial information is reviewed by a lender to establish your maximum loan amount and interest rate before you start car shopping. Pre-approval defines your budget and attracts dealerships. It demonstrates you're serious and can acquire financing, providing you negotiation leverage.

5. Consider Loan Term

The period of your auto loan affects your monthly payments and total interest. Longer loan periods may cut monthly payments but increase interest payments. Consider your budget and financial objectives when choosing a loan term. If you can afford larger monthly payments, a shorter loan period may save you money. If you require lower payments, a longer term may be easier but cost more.

6. Negotiate Car Loan Terms

Never be scared to negotiate your BC auto finance. Many lenders may provide better rates if you have strong credit and are pre-approved. Interest rate, loan period, and fees are negotiable. Being proactive and talking to lenders may get you a better rate or loan terms.

7. Can I Extend My Car Loan?

If you want a car loan extension, then you should examine the advantages and downsides first. Extended terms may lower monthly payments but increase interest charges throughout the loan's life. Discuss loan term extensions with your lender to determine their influence on loan expenses. Make sure the new terms fit your financial objectives and don't cause debt.

8. Read Your Loan Agreement Carefully

Before signing a vehicle loan, read the terms. Consider the interest rate, loan length, payment plan, and fees and penalties. Understanding your loan agreement helps you prevent surprises and hidden fees. Ask your lender for clarification if needed.

Conclusion

The finest car loan rates in British Columbia need preparation and thought. Understanding for BC auto loan approved, boosting your credit score, comparing rates, and negotiating conditions may improve your loan prospects. Check the loan term and agreement to make sure it fits your financial objectives. You can better understand the vehicle loan process and locate the best financing plan with these advices.

 
Read more...

from Not Simon 🐐

Country: People's Republic of China Organization: N/A Objective: Espionage (Page Last Updated: November 20, 2024)

Aliases:

Vulnerabilities Exploited

  • ProxyLogon (Sources: ESET, Kaspersky, Sygnia):
    • CVE-2021-26855 (9.8 critical, in CISA's KEV Catalog) Microsoft Exchange Server Remote Code Execution Vulnerability
    • CVE-2021-26857 (7.8 high, in CISA's KEV Catalog) Microsoft Exchange Server Remote Code Execution Vulnerability
    • CVE-2021-26858 (7.8 high, in CISA's KEV Catalog) Microsoft Exchange Server Remote Code Execution Vulnerability
    • CVE-2021-27065 (7.8 high, in CISA's KEV Catalog)
  • unidentified Microsoft SharePoint and Oracle Opera business software vulnerabilities (Source: ESET)
  • CVE-2017-11882 (7.8 high, in CISA's KEV Catalog. Note: associated with alias Tropic Trooper) Microsoft Office Memory Corruption Vulnerability Source: Trend Micro
  • CVE-2012-0158 (8.8 high, in CISA's KEV Catalog. Note: associated with alias Tropic Trooper, KeyBoy) Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability Sources: Unit 42, Citizen Lab
  • CVE-2017-0199 (7.8 high, in CISA's KEV Catalog. Note: associated with alias Tropic Trooper) Microsoft Office and WordPad Remote Code Execution Vulnerability Source: Citizen Lab
  • CVE-2015-1641 (7.8 high, in CISA's KEV Catalog. Note: associated with alias KeyBoy) Microsoft Office Memory Corruption Vulnerability Source: Citizen Lab

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2021

2020

2018

2017

2016

2015

2013

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from Not Simon 🐐

Country: People's Republic of China Organization: Integrity Technology Group Objective: Espionage, Information theft (Page last updated: October 13, 2024)

Aliases (sorted alphabetically):

Associated Company

Integrity Technology Group (Integrity Tech) (Source: FBI (PDF)) aka Yongxin Zhicheng, 永信至诚

Vulnerabilities Exploited

Source: FBI

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2020

  • May 20, 2020?? – PRC Ministry of State Security: 前沿 | 网络靶场,未来安全的基础设施 (web archive of a MSS-run periodical reprinted on IntegrityTech's website, English translation: “Frontier | Cyber ​​Range, the secure infrastructure of the future”)

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from Stories of Salt

Read more...

from Sirius

Para quem inicia no Mastodon aqui vão algumas explicações sobre a importância que as hashtags possuem.

Imagem de hashtags A hashtag é uma palavra ou frase que, uma vez precedida pelo símbolo de cerquilha (#), sem espaços, transforma-se em uma etiqueta ou rótulo, na forma de um hiperlink que leva para uma página com outras publicações relacionadas ao mesmo tema.

No Mastodon, bem como em toda federação ActivityPub, a compreensão de suas funcionalidades é essencial, inclusive por questões de acessibilidade.

Barra de pesquisa do Mastodon

Por motivos técnicos de privacidade o Mastodon foi inicialmente desenhado para permitir apenas as seguintes formas de busca:

  1. Por hashtags (#exemplo);
  2. Pessoas (@nomedousuário@domínio);
  3. URL (links) de perfis e de posts;

Atualmente o mastodon permite a busca por texto simples, mas para que as postagens dos usuários se tornem visíveis é necessário que optem por isso (então se você quer que o texto de suas postagens públicas sejam vistos na busca, acesse as configurações de sua conta e marque para permitir essa opção).

A pesquisa por hashtags é precisa e abrange todas as pessoas de instâncias federadas à sua, independentemente de você seguir a pessoa ou não, e sem a influência de qualquer algoritmo.

Note também que você pode seguir uma hashtag, caso seja um assunto do seu interesse, clicando no botão destacado acima. Quando você segue uma hashtag, todas as postagens das pessoas pertencentes à sua instância ou das instâncias federadas à sua, independentemente ou não de você segui-las, que contenham essa hashtag, serão exibidas na sua página inicial.

Usando Hashtags e Noções de Respeito

As hashtags, portanto, devem ter um # no início e não podem ter alguns caracteres especiais no início e no meio (ponto, espaço, arroba, asterisco, etc.).

O sistema de hashtags atualmente não diferencia a acentuação e alguns caracteres especiais que são permitidos, como o (ç), por exemplo, de modo que as hashtags #política e #politica (sem acento no i) ou #paçoca e #pacoca, são unificadas pela busca da plataforma.

Se você deseja pesquisar uma frase, digite tudo como uma palavra, como #CatsOfMastodon.

Se você deseja que sua postagem seja encontrada com mais facilidade nas pesquisas, inclua muitas hashtags relevantes. Não há problema em usar muitas dessas etiquetas, as pessoas entendem que são necessárias nesse tipo de sistema de busca.

Ademais, o uso das Hashtags devem respeitar uma relevante questão de acessibilidade. Existem muitos usuários cegos no Mastodon e no Fediverso que usam leitores de tela para converter texto em áudio.

Portanto, ao postar hashtags, existe uma formatação correta, que consiste no uso do método chamado de CamelCase (onde cada palavra começa com uma letra maiúscula), por exemplo #CatsOfMastodon em vez de #catsofmastodon. As letras maiúsculas permitem que os aplicativos de leitura de tela separem as palavras corretamente e leiam a hashtag em voz alta corretamente.

Aliás, é importante mencionar uma hashtag super relevante do universo Mastodon, a famosa #Alt4Me.

Quando uma imagem de uma postagem não possui descrição e há a hashtag #Alt4Me adicionada a ela pela pessoa que a postou, isso pode significar que o autor da postagem não consegue adicionar uma descrição (por exemplo, devido a uma deficiência), mas esteja ciente de que é necessário, então ele adicionou a etiqueta preventivamente.

A hashtag #Alt4Me geralmente significa que uma pessoa cega quer que você escreva uma descrição da imagem. Responda à postagem com a hashtag e forneça a descrição.

Note que a sistemática de hashtags não faz distinção se as palavras estão em caixa alta ou caixa baixa, portanto, #CatsOfMastodon ou #catsofmastodon são exatamente a mesma coisa para fins de pesquisa, de modo que o único diferencial em seguir o “CamelCase” está em propiciar um ambiente mais acessível às pessoas cegas, que deve ser respeitado.

Hashtags e filtros

Outra funcionalidade importante das hashtags é que elas permitem às pessoas que não querem ver postagens relacionadas a determinado assunto ou tema, que utilizem um filtro cuja função é tornar esses posts invisíveis, sem a necessidade de silenciar, bloquear ou deixar de seguir um usuário.

Ao utilizar o Mastodon é muito importante que você compreenda que se trata de uma rede social que recebe e acolhe pessoas que vieram de outras redes sociais, de propriedade capitalista, buscando um ambiente menos tóxico.

Sendo assim, existem temas que devem ser rotulados pelas hashtags não só para facilitar que pessoas interessadas os encontrem, mas também para permitir que pessoas que se incomodam com eles os filtrem.

Vamos usar como exemplo o caso do futebol. Eu adoro o esporte, tenho meu time de coração (Flamengo) mas convenhamos que há pessoas que não veem a menor graça e, ademais, existe uma “cultura do futebol” em nosso País, que é extremamente problemática, incluindo violência entre torcidas, machismo, homofobia e racismo.

Não custa nada, portanto, incluir a hashtag #futebol em suas postagens sobre o tema, ou outras em temas sensíveis, como #PolíticaPartidária.

Evidentemente você também tem a ferramenta dos avisos de conteúdo, mas acho a hashtag mais eficiente, pelo fato de permitir que os interessados encontrem a postagem, bem como os desinteressados a tornem completamente invisível sem sequer a necessidade de ler o aviso de conteúdo sobre o tema.

Aqui explico, portanto, como filtrar as hashtags.

No menu lateral vá em Preferências > Filtros e depois clique em Adicionar Filtro. Abrirá a seguinte tela:

Aba de filtros no Mastodon

O título do filtro, indicado pela seta vermelha, como o nome diz, é apenas um título, para te ajudar a encontrar o filtro em sua lista de filtros.

A seta verde indica o tempo de validade do filtro (que pode ser permanente, como visto no exemplo). Às vezes você não se importa em visualizar algo sobre futebol ou política, mas durante os jogos ou durante o período eleitoral, você não quer ser inundado de postagens sobre o tema, de modo que pode criar um filtro com duração provisória.

Em “Contextos do filtro” (retângulo rosa) você escolhe onde o filtro vai exercer sua função de ocultar mensagens, no exemplo dado marquei a opção de ocultar as postagens da página inicial e das linhas públicas, mas você pode fazer uma filtragem mais severa, se preferir, filtrando perfis de usuário e conversas.

Em “Filter action” você pode escolher se a postagem filtrada vai ser indicada para você com um aviso ou se ela desaparecerá completamente sem qualquer notificação, como se a postagem jamais tivesse existido.

Em “Palavra-chave ou frase”, indicado pela seta amarela na parte de baixo, você digita a hashtag que quer filtrar.

Após Salvar Novo Filtro, conforme o botão indicado pela seta azul, você não irá visualizar qualquer postagem em sua linha do tempo ou nas linhas públicas que contenham a hashtag selecionada (no caso do nosso exemplo: #futebol).

Você pode adicionar quantos filtros desejar.

Essas eram as minhas considerações a respeito das hashtags. Espero que aproveitem bastante e criem muitas hashtags interessantes no universo brasileiro do Mastodon.

#Hashtag #MastoDicas #Mastodon #Tutorial

 
Leia mais...

from Not Simon 🐐

Country: Islamic Republic of Iran Organization: Ministry of Intelligence and Security (MOIS) Objective: Espionage, Sabotage (Page last updated October 12, 2024)

Aliases (sorted alphabetically):

Sub-group:

Known Associates

  • Mojtaba Mostafavi. Source: U.S. Treasury (linked by PwC, via Lab Dookhtegan leaks)
  • Farzin Karimi Mazlganchai: PwC

Vulnerabilities Exploited

  • CVE-2024-30088, (CVSS3v1: 7.0 high) Windows Kernel Elevation of Privilege Vulnerability Source: Trend Micro
  • CVE-2019-0604 (CVE, NVD. CVSSv3.1: 9.8 critical, in CISA's KEV Catalog) Microsoft SharePoint Remote Code Execution Vulnerability Source: Microsoft
  • CVE-2017-11882 (CVE, NVD. CVSSv3.1: 7.8 high, in CISA's KEV Catalog) Microsoft Office Memory Corruption Vulnerability Source: Mandiant
  • CVE-2017-0199 (CVE, NVD, CVSS3v1: 7.8 high, in CISA's KEV Catalog) Microsoft Office and WordPad Remote Code Execution Vulnerability Source: Unit 42

Tactics, Techniques, and Procedures (TTPs)

Known Tools Used

As listed by MITRE

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from Not Simon 🐐

Country: People's Republic of China Organization: Loosely connected private contractors operating on behalf of China’s Ministry of State Security (MSS). Some have worked at Chengdu 404 Network Technology Objective: Espionage, Information theft, Financial crime (Page last updated: November 19, 2024)

Aliases (sorted alphabetically):

Subgroups

Identified Members

Associated Company

Chengdu Si Lingsi (404) Network Technology Company Ltd. (成都市肆零肆网络科技有限公司)

Vulnerabilities Exploited

  • CVE-2018-0824 (7.5 high, in CISA's KEV Catalog) Microsoft COM for Windows Remote Code Execution Vulnerability Source: Cisco
  • CVE-2017-0199 (7.8 high, in CISA's KEV Catalog) Microsoft Office and WordPad Remote Code Execution Vulnerability Sources: Clearsky, Fortinet, FireEye
  • CVE-2019-3396 (9.8 critical, in CISA's KEV Catalog) Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability. Sources: FireEye, Fortinet
  • CVE-2015-1641 (7.8 high, in CISA's KEV Catalog) Microsoft Office Memory Corruption Vulnerability Source: Fortinet
  • CVE-2012-0158 (8.8 high, in CISA's KEV Catalog) Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability Sources: Fortinet, FireEye
  • CVE-2017-11882 (7.8 high, in CISA's KEV Catalog) Microsoft Office Memory Corruption Vulnerability Source: FireEye

The following 7 vulnerabilities have the same source: U.S. DOJ

  • CVE-2019-19781 (9.8 critical, in CISA's KEV Catalog) Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability Additional sources: FireEye, Fortinet
  • CVE-2019-11510 (10.0 critical, in CISA's KEV Catalog) Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
  • CVE-2019-16920 (9.8 critical, in CISA's KEV Catalog) D-Link Multiple Routers Command Injection Vulnerability
  • CVE-2019-16278 (9.8 critical) Nostromo 1.9.6 Directory Traversal/ Remote Command Execution Vulnerability
  • CVE-2019-1652 (7.2 high, in CISA's KEV Catalog) Cisco Small Business Routers Improper Input Validation Vulnerability. Additional source: FireEye
  • CVE-2019-1653 (7.5 high, in CISA's KEV Catalog) Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability. Additional source: FireEye
  • CVE-2020-10189 (9.8 critical, in CISA's KEV Catalog) Zoho ManageEngine Desktop Central File Upload Vulnerability. Additional sources: FireEye, Fortinet

The following 2 vulnerabilities have the same source: Mandiant

  • CVE-2021-44228 (10.0 critical, in CISA's KEV Catalog) Apache Log4j2 Remote Code Execution Vulnerability (aka Log4Shell).
  • CVE-2021-44207 (8.1 high) Acclaim USAHERDS Hard-Coded Credentials Vulnerability

Tactics, Techniques, and Procedures

Mapped to MITRE ATT&CK Navigator Layers

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2013

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from Not Simon 🐐

Country: Russia Organization: Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) Objective: Espionage, Sabotage, Assassinations, Influence Operations (Page last updated: September 07, 2024)

Aliases:

Identified Members

Vulnerabilities Exploited

  • CVE-2017-11882 (7.8 high, in CISA's KEV Catalog) Microsoft Office Memory Corruption Vulnerability Source: Unit 42

The following 5 vulnerabilities have the same source: CISA

  • CVE-2021-33044 (9.8 critical, in CISA's KEV Catalog) Dahua IP Camera Authentication Bypass Vulnerability
  • CVE-2021-33045 (9.8 critical, in CISA's KEV Catalog) Dahua IP Camera Authentication Bypass Vulnerability
  • CVE-2022-26134 (9.8 critical, in CISA's KEV Catalog) Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
  • CVE-2022-26138 (9.8 critical, in CISA's KEV Catalog) Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
  • CVE-2022-3236 (9.8 critical, in CISA's KEV Catalog) Sophos Firewall Code Injection Vulnerability

Exploitation Likely

CISA and co-authoring agencies warned on 06 September 2024 that Unit 29155 cyber actors have been observed obtaining the respective exploit scripts for the following 5 vulnerabilities:

  • CVE-2020-1472 (9.8 critical, in CISA's KEV Catalog) Microsoft Netlogon Privilege Escalation Vulnerability
  • CVE-2021-26084 (9.8 critical, in CISA's KEV Catalog) Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
  • CVE-2021-3156 (7.8 high, in CISA's KEV Catalog) Sudo Heap-Based Buffer Overflow Vulnerability
  • CVE-2021-4034 (7.8 high, in CISA's KEV Catalog) Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
  • CVE-2022-27666 (7.8 high) Red Hat: IPSec ESP Local Privilege Escalation Vulnerability

Tactics, Techniques, and Procedures

Mapped to MITRE ATT&CK Navigator Layers

screenshot of Russia GRU Unit 29155 MITRE ATT&CK TTPs in a visual chart compiled using ATT&CK Navigator Layers

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2021

 
Read more...

from Nicholas Spencer

The rapid advancement of generative AI is reshaping the cybersecurity industry. As AI capabilities grow exponentially, we're witnessing a swift evolution in how both defensive and offensive cybersecurity operations function. This transformation is not only changing the nature of cyber threats and defences but also significantly impacting the cybersecurity workforce.

AI in Defensive Cybersecurity

In the realm of defensive cybersecurity, AI is revolutionising how Security Operations Centres (SOCs) function, particularly in alert triage and investigation. Currently, SOC analysts face the repetitive task of sifting through countless alerts, many of which turn out to be false positives. This labour-intensive process has long been a bottleneck in effective threat response. However, the emergence of AI-powered services claiming to automate initial alert investigations is changing the game.

Traditionally, level-1 SOC analysts have been responsible for the initial triage, following established playbooks to investigate alerts and escalate when necessary. This repetitive work, while crucial, is ripe for automation. As AI systems become more sophisticated, it's increasingly likely that much of this level-1 work will be fully automated in the near future, with AI systems capable of escalating complex alerts to experienced human analysts when required.

AI in Offensive Cybersecurity

On the offensive side, AI is already making significant waves in how penetration testing and vulnerability assessments are conducted. AI-powered tools are automating many aspects of basic penetration testing. These sophisticated systems can efficiently scan for running services and exploit known vulnerabilities, tasks that previously required significant human intervention. Moreover, these AI tools are adept at examining websites and identifying a wide range of vulnerabilities, including those listed in the OWASP Top 10 – a critical benchmark in web application security.

Even in scenarios where AI tools can't autonomously exploit applications, they're proving to be invaluable assistants to human penetration testers. This AI augmentation is a game-changer, potentially elevating a novice penetration tester to perform at the level of someone with years of experience. For seasoned professionals, AI acts as a capability multiplier, enabling them to uncover more complex vulnerabilities and delve deeper into system weaknesses.

The AI Arms Race in Cybersecurity

The rapid growth in AI capabilities is evident in both defensive and offensive security domains. While major AI model creators are implementing safeguards to limit their systems' ability to assist with cybersecurity exploitation, numerous other models exist without such restrictions. This proliferation of unrestricted AI tools raises significant concerns about their potential misuse by malicious actors.

The same AI-powered tools that enhance the capabilities of ethical penetration testers and defensive analysts could equally empower cyber criminals. This dual-use nature of AI in cybersecurity is leading towards what appears to be an AI driven arms race. On one side, AI will be leveraged to bolster system defences, automate alert triage, and uncover vulnerabilities for patching. On the other, it will be weaponized to launch more sophisticated attacks that are harder to detect and remediate.

Impact on the Cybersecurity Workforce

While this automation of cyber defence promises increased efficiency and potentially improved threat response times, it also raises concerns about the future of the cybersecurity workforce, particularly entry-level roles. As AI takes over many tasks traditionally performed by junior analysts and penetration testers, we may see a significant reduction in entry-level positions, which have long served as a crucial stepping stone for aspiring cybersecurity professionals.

This shift could potentially exacerbate the existing cybersecurity skills gap. With fewer entry-level positions available, it may become increasingly challenging for interested individuals to gain the hands-on experience necessary to progress in the field. This bottleneck could lead to a shortage of mid-level and senior professionals in the long term, as the traditional career pipeline is disrupted.

However, it's important to note that as AI brings new efficiencies to cybersecurity, it also introduces new threats and challenges. The cybersecurity landscape is evolving rapidly, with AI-powered attacks becoming more sophisticated and prevalent. This evolution will inevitably create new roles and specialisations within the field, potentially offsetting some of the job losses in existing areas.

The Future of Cybersecurity

As we stand on the brink of this new era in cybersecurity, it's clear that AI will play a pivotal role in shaping the future of the field. The exact shape of the cybersecurity workforce remains uncertain. While AI will undoubtedly automate many current tasks, it will also create new opportunities and challenges that require human expertise.

While AI tools are making certain aspects of cybersecurity more accessible, they're also raising the bar for what constitutes advanced skills in both defensive and offensive security. Professionals in this field will need to adapt quickly, learning to work alongside AI tools effectively while also staying ahead of AI threats.

The key for professionals and students in this field will be to stay adaptable, continuously learning and evolving their skills to remain relevant in this AI augmented landscape. Embracing these new tools responsibly, using them to enhance our defensive capabilities while also preparing for the inevitable rise in AI assisted cyber attacks, will be crucial for the future of cybersecurity.

Disclaimer: While I developed the ideas and topics of this post, I used Claude AI (Sonnet 3.5) as a tool to help format and structure it for clarity and coherence.

 
Read more...