Teaching individuals how to phish allows them to engage in fraudulent activities for life. Email phishing scammers continue to use outdated methods, such as attaching phishing emails to clean messages or using link redirects on LinkedIn. They also abuse encoding methods to disguise malicious files as harmless documents. In this instance, a phishing email disguised as a Microsoft 365 mailbox delivery report contained an attachment with a ".pdf" file extension. However, the attachment used a right-to-left override (RLO) character to trick recipients. The filename appeared as "lme.pdf" but was actually a .eml file disguised as a PDF. This phishing scam also utilized an open redirect on LinkedIn to send victims to a fake Microsoft Office 365 login page where their email credentials were targeted. Microsoft was the most impersonated brand for phishing scams in Q2 2023. To protect against phishing scams, avoid clicking on unverified links and only visit websites manually. #PhishingScams #EmailSecurity #MicrosoftImpersonation
https://krebsonsecurity.com/2023/08/teach-a-man-to-phish-and-hes-set-for-life/
Summary:
- Firefox releases updates fixing various flaws, including a potential permissions request bypass and a bypass of cross-origin restrictions.
- A new vulnerability called Collide+Power allows attackers to determine data values used in other applications by accessing shared CPU components.
- The SEC is demanding a four-day disclosure limit for cybersecurity breaches, but the disclosure is only necessary if the attack is considered material.
- Ransomware attacks come in different types, and the type of ransomware is important in determining the materiality of the attack.
Hashtags: #Firefox #Vulnerabilities #CollidePower #SEC #DisclosureLimit #Ransomware
https://nakedsecurity.sophos.com/2023/08/03/s3-ep146-tell-us-about-that-breach-if-you-want-to/
Threat actors are abusing the Cloudflare Tunnel tool for persistent access and data theft. The open-source tool Cloudflared allows attackers to maintain stealthy access to compromised systems without being detected. They can make changes on the fly and enable/disable functionality to avoid detection. Cloudflared does not store logs, making it difficult to track malicious activity. Organizations can potentially limit access to specific data centers to detect unauthorized use of Cloudflared. #Cloudflare #DataTheft #PersistentAccess #Cybersecurity #ThreatActors
https://www.securityweek.com/threat-actors-abuse-cloudflare-tunnel-for-persistent-access-data-theft/
Summary: The weekly cybersecurity roundup by SecurityWeek provides a concise compilation of noteworthy stories in the cybersecurity landscape. This week's stories include a surge in malware and access control issues, a new attack technique using the Systems Manager agent in AWS, and concerns over the potential use of the Flipper Zero hacking tool by violent extremists. It also covers funding rebounds in the cybersecurity industry and patches for vulnerabilities in Horizon Server and BeyondTrust products.
Hashtags: #cybersecurity #malware #accesscontrol #AWS #hackertools #funding #vulnerabilities #patching
(Note: Since the text provided did not have a specific number of sentences to summarize, I have provided a general summary. Please specify the number of sentences you would like in the summary for a more accurate response.)
Summary:
A cyberattack has disrupted hospital computer systems in several states, forcing some emergency rooms to close and ambulances to be diverted. The attack began at facilities operated by Prospect Medical Holdings and affected hospitals in California, Texas, Connecticut, Rhode Island, and Pennsylvania. Primary care services were closed, and elective surgeries, outpatient appointments, and blood drives were suspended. The company is working with cybersecurity specialists to resolve the issue and return to normal operations.
Hashtags:
#Cyberattack #HospitalDisruption #EmergencyRoomsClosed #DataSecurity #ProspectMedicalHoldings #PrimaryCareServices #CybersecuritySpecialists #ResolveIssue
https://www.securityweek.com/a-cyberattack-has-disrupted-hospitals-and-health-care-in-five-states/
CISA Announces 2024-2026 Strategic Plan. US at a moment of opportunity in cybersecurity. Plan aims to change trajectory of national cybersecurity risk. Focus on detecting and mitigating threats. Three goals: address immediate threats, harden the terrain, drive security at scale. Changes in threat and technology environments may require re-evaluation. #CISA #cybersecurity #strategicplan
https://www.infosecurity-magazine.com/news/cisa-2024-2026-strategic-plan/
Summary: A new malicious campaign called VMConnect has been discovered on the Python Package Index (PyPI). The campaign involves 24 malicious packages that imitate popular open-source tools. The attackers displayed a more sophisticated approach by creating GitHub repositories to make their packages appear trustworthy. The malicious behavior was only detected through scanning the build artifacts. The packages were promptly removed from PyPI, but the attackers continuously replaced them, indicating an ongoing campaign. The purpose of the campaign is still unknown. Indicators of compromise have been published in the hope of shedding light on the campaign's origins and intent.
Hashtags: #VMConnect #MaliciousCampaign #PythonThreat #PyPI #SupplyChainAttack
https://www.infosecurity-magazine.com/news/vmconnect-threat-imitates-pypi/
Stealthy npm malware exposes developer data. Sophisticated attack targets sensitive source code. Malware utilizes post-install hooks and pre-install scripts. Malicious code gathers OS information and scans for sensitive files. Malware targets developers in the cryptocurrency sphere. #npm #malware #developers #cryptocurrency
https://www.infosecurity-magazine.com/news/npm-malware-exposes-developer-data/
Summary:
Researchers have discovered 12 new LOLBAS binaries that are used by attackers in cyber attacks. LOLBAS (Living-Off-the-Land Binaries-And-Scripts) is a methodology where threat actors exploit legitimate tools to hide their illicit actions. These new binaries pose a challenge in detection as they can evade traditional security measures. The researchers found these binaries using an automated approach, resulting in a 30% increase in known downloaders and executors. Cybersecurity professionals can use this discovery to enhance their defense mechanisms against LOLBAS attacks.
Hashtags:
#LOLBAS #cybersecurity #attackers #binaries #malware
Hackers are using fake certificates to infiltrate corporate networks. They trick the Key Distribution Center (KDC) to gain unauthorized access. One method they use is shadow credentials to take over an AD user or computer account. Another method is using certificate-based TGT-Requests in Kerberos authentication. Not all corporate networks have Active Directory Certificate Services (AD CS), so the msDS-KeyCredentialLink attribute is used to link certificates. The attacker who writes the attribute can get a ticket for the object. The attacker can gain access to data and move laterally inside the network. Monitoring and knowledge of the infrastructure are needed to detect this attack. #hackers #certificates #corporatenetworks
https://cybersecuritynews.com/hackers-using-fake-certificates/
#CyberSecurity #Vulnerability #ADCTS #MicrosoftTenant #LateralMovement
How malicious Android apps bypass security: Researchers have discovered that a bug in the Google Android platform allows malware to be disguised in mobile apps, avoiding detection by security tools. The bug corrupts app components so that the malicious code is ignored as invalid, while the app as a whole is accepted as valid by Android OS and installed successfully. Google has updated its malware detection mechanisms in response to this research. #Android #malware #security
Malware obfuscation method: ThreatFabric, a security firm based in Amsterdam, has identified a malware obfuscation method used by mobile malware purveyors. They have found that the method involves corrupting app components to trick popular mobile security scanning tools into ignoring the malicious code. This allows the malware to go undetected while the entire app is installed and considered valid. #malware #security #Android
Increase in malware obfuscation: ThreatFabric has observed an increase in the use of the malware obfuscation method by mobile malware families. They attribute this increase to a semi-automated malware-as-a-service offering in the cybercrime underground. This service obfuscates or "crypts" malicious mobile apps for a fee, allowing malware to evade security scanning tools. #malware #obfuscation #cybercrime
Tell-tale signs of malware: App analyzers can look for specific signs to identify if an app is abusing the obfuscation method. One sign is that modified apps have Android Manifest files with newer timestamps compared to other files in the package. Additionally, the Manifest file itself will be changed to have a different number of "strings" than what is actually present in the app. These signs can indicate that an app is disguising itself as benign. #malware #Android #threatindicators
Google's response: Google acknowledges the issue and has updated its malware detection mechanisms to address apps abusing the obfuscation method. However, some developer tools, such as APK Analyzer, still fail to parse these malicious applications correctly. Google is investigating possible fixes for the developer tools and plans to update its documentation accordingly. #Google #malwaredetection #developer
Google Play Store's malware problem: Google has faced criticism for not proactively monitoring its Play Store for malicious apps or providing adequate notifications to users when malware is discovered on its platform. The Play Store has been a significant source of malware for years, and users often do not receive notices or advice on remediation. This lack of action has led to concerns about negligence and privacy. #GooglePlayStore #malware #privacy
https://krebsonsecurity.com/2023/08/how-malicious-android-apps-slip-into-disguise/
CISA Calls Urgent Attention to UEFI Attack Surfaces. #CISA #UEFI #Cybersecurity #Security #Attacks
https://www.securityweek.com/cisa-calls-urgent-attention-to-uefi-attack-surfaces/
Government agencies from Australia, Canada, New Zealand, the UK, and the US have released a list of the most commonly exploited software vulnerabilities in 2022. These vulnerabilities were mainly found in internet-facing systems that were not patched against known exploits. The agencies recommend timely patching and reducing the use of known vulnerabilities. They also identified 12 vulnerabilities that were frequently exploited in 2022, including flaws in products from Fortinet, Microsoft, Atlassian, VMware, and F5 Networks. Additionally, they flagged 30 other vulnerabilities that were routinely exploited in various products. #Cybersecurity #SoftwareVulnerabilities #ThreatActors
Cyber-attacks could kill or maim thousands in the UK. The government warns of a 5-25% chance of a serious cyber-attack on critical infrastructure in the next two years. The National Risk Register 2023 lists various cyber-related risks, including attacks on gas, electricity, and nuclear facilities. The impact could result in economic costs in the billions, fatalities of up to 1000 people, and casualties of up to 2000. Artificial intelligence (AI) is also identified as a chronic risk. #CyberAttacks #UKGovernment #NationalRiskRegister #AI #CriticalInfrastructure
https://www.infosecurity-magazine.com/news/uk-government-cyberattacks-kill/
1. Legacy flaws continue to dominate the list of top exploited vulnerabilities.
2. Security agencies warn organizations to patch promptly to prevent exploitation.
3. Known vulnerabilities lose value over time as software is patched and upgraded.
4. Seven out of the 12 vulnerabilities listed were from 2021 or earlier.
5. CVE-2018-13379, fixed four years ago, was the most frequently exploited vulnerability in 2022.
6. Developing exploits for publicly known vulnerabilities allows cyber actors to have low-cost, high-impact tools for several years.
7. The report provides information on 30 commonly exploited vulnerabilities and mitigation advice.
8. Applying security updates promptly and prioritizing security in product design can enhance resilience.
#LegacyFlaws #PatchPromptly #ExploitedVulnerabilities #CVEs #SoftwareSecurity #CyberThreats
https://www.infosecurity-magazine.com/news/legacy-flaws-dominate-top-12/
55% of public cloud compromises investigated by Google in the first three months of the year were due to weak passwords. #cloudsecurity #compromisesthreat
The second most common compromise factor was misconfiguration, accounting for 19% of incidents. #misconfiguration #cybersecurity
Cross-project abuse of access token generation permission was the top risk action, accounting for 75% of compromised Google Cloud environments. #privilegeescalation #cloudsecurity
Threat actors are using the tactic of "versioning" to bypass Google Play Store malware detections. #malware #GooglePlayStore
Google recommends a defense-in-depth approach, including regular device updates and mobile device management. #defenseindepth #cybersecurity
https://www.infosecurity-magazine.com/news/credentials-account-half-of-cloud/
Hacker group builds 94 new domains
#CyberSecurityNews #HackerGroup #InfrastructureModification #BlueCharlie #ThreatGroup
https://cybersecuritynews.com/bluecharlie-hacker-group-infrastructure/
summary for the text:
AI systems like Alexa and Siri prioritize their developers' interests over users'.
People need to approach AI skeptically and think critically about its output.
AI systems are becoming more interactive and can have significant control over our lives.
The manipulation and surveillance by internet companies extend to AI systems.
To navigate daily life with AI, trust in these systems is crucial.
AI systems can be trained by large tech monopolies and may not be trustworthy.
Consumer protections and regulations for AI are lacking.
Approach AI recommendations with skepticism, as they may be biased or influenced by outside parties.
Tech companies and AI systems need to become more trustworthy.
Now, for the hashtags:
#TrustworthyAI #AIInteractions #DigitalAssistants #SurveillanceCapitalism #AISkepticism #ConsumerProtections
https://www.schneier.com/blog/archives/2023/08/the-need-for-trustworthy-ai.html
Performance and security collide in the "Collide+Power" attack, where cache memory leaks its contents, compromising sensitive data. The attack allows for the inference of data values by measuring power consumption during cache overwrites. This vulnerability (CVE-2023-20583) is more theoretical than practical at the moment, and chip manufacturers need to consider it. Intel and AMD processors have mitigation measures in place to reduce power measurement accuracy. #CollidePower #SecurityVulnerability #CacheAttack