Ficker Stealer is a malware attacking Windows to steal sensitive data. It can steal information from over 40 browsers including Chrome and Firefox. It infiltrates systems through phishing emails and compromised websites. Ficker Stealer uses tactics like keylogging, browser tracking, and file extraction. It is programmed in Rust, making it efficient and secure. The malware communicates through encrypted channels and leaves no trace on the victim's computer. Understanding Ficker Stealer's workings and exercising caution with emails are crucial. Hashtags: #FickerStealer #windowsmalware #cybersecurity
https://cybersecuritynews.com/ficker-stealer-malware-attacking-windows/
Hackers have released a new black hat AI tool called Evil-GPT as a replacement for Worm GPT. This tool is being advertised in hackers' forums and is causing concern in the cybersecurity community. Evil-GPT is a malicious AI chatbot that is priced at $10. It is designed to automate personalized fake emails and strengthen BEC attacks. Other malicious AI chatbots that have been discovered include WormGPT, FraudGPT, XXXGPT, and Wolf GPT. Recommendations to mitigate threats from these tools include providing proper BEC-specific training, implementing robust security measures for email verification, testing security efficacy in observability mode, and using EDR solutions and AV tools for stronger security. #AI #chatgpt #ThreatIntelligence #CTI #cyberattack #cybersecurity
Check Point plans to acquire Perimeter 81 for $490 million, aiming to provide a secure and fast SSE solution. The acquisition will accelerate secure access adoption across users, sites, the cloud, data centers, and the internet. Perimeter 81 is recognized as a Forrester Zero Trust Wave leader and serves over 3,000 global customers. Check Point plans to integrate Perimeter 81 capabilities into Check Point Infinity’s architecture. This will provide a unified security solution for the network, cloud, and remote users. The closing of the acquisition is expected to happen in Q3 2023.
#checkPoint #Perimeter81 #acquisition #cybersecurity #SSEsolution
Cryptographic flaw in Libbitcoin Explorer Cryptocurrency Wallet: flaw in random-number generator used for private keys, seed has only 32 bits of entropy. Exploited in the wild. #cryptocurrency #keys #randomnumbers
Understanding Changes in the OWASP API Security Top 10 List:
1. 2023 list updates the original list, reflecting the evolution of API security threats.
2. Key threats: Broken Object Level Authorisation (BOLA), Broken Authentication, Broken Object Property Level Authorisation, Unrestricted Resource Consumption, Broken Function Level Authorisation, Unrestricted Access to Sensitive Business Flows, Server-Side Request Forgery (SSRF), Security Misconfigurations, Improper Inventory Management, Unsafe Consumption of APIs.
3. These vulnerabilities pose risks to API security and should be addressed.
4. APIs are crucial for modern applications but are also targeted by attackers.
Hashtags: #APIsecurity #OWASP #vulnerabilities #threats #cybersecurity
Summary: CISA has warned organizations about a vulnerability, CVE-2023-38180, affecting .NET and Visual Studio products. The vulnerability allows for denial-of-service attacks and can be remotely exploited without user interaction or privileges. Microsoft has released patches to address the vulnerability, and CISA has instructed government organizations to apply the patches or mitigations by August 30. #CISA #vulnerability #cybersecurity
Text hashtags: #CISA #vulnerability #cybersecurity
Summary: NIST has released a new draft version of its cybersecurity framework, expanding its scope to include all organizations regardless of size, and adding a new pillar called "govern" to emphasize the importance of cybersecurity as an enterprise risk. The update also includes improved guidance on implementation. #NIST #cybersecurityframework #govern #enterpriserisk
Hashtags: #NIST #cybersecurityframework #govern #enterpriserisk
https://www.infosecurity-magazine.com/news/nist-expands-cybersecurity/
EvilProxy campaign targets C-suite executives with phishing emails. 120,000 phishing emails sent to organizations worldwide. Attackers impersonate trusted services like DocuSign and Adobe. EvilProxy tool used to harvest MFA-protected credentials and session cookies. Campaign focused on senior executives with access to sensitive data. Cloud account takeover incidents impacting high-level executives increased by 100%. Attackers perform financial fraud and data exfiltration. #EvilProxy #phishing #cybersecurity
https://www.infosecurity-magazine.com/news/evilproxy-campaign-120000-phishing/
Regulator warns against harmful web design that violates data protection laws. Online choice architecture practices can undermine consumer choice and control over personal information. Design tricks can have negative impacts on consumers' lives. Companies urged to make design choices that empower users and consider data protection implications. Hashtags: #DataProtection #WebDesign #ConsumerChoice
https://www.infosecurity-magazine.com/news/harmful-web-design-data-protection/
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are protocols used to create secure connections between networked computers. TLS has mostly replaced SSL in securing internet connections. SSL and HTTPS are not the same, but they are connected. SSL is used to encrypt data sent over the internet, preventing unauthorized access. SSL certificates come in different types, such as single-domain, wildcard, and multi-domain. SSL offers advantages like security, trust, authentication, and cost-effectiveness. SSL is supported by all popular web browsers and operating systems. The two sub-protocols of SSL are the SSL record protocol and the SSL handshake protocol, which handle encryption and secure connection establishment, respectively.
#SSL #TLS #HTTPS #internetsecurity #encryption
Multiple zero-day vulnerabilities in popular cryptographic multi-party computation (MPC) protocols could lead to the theft of cryptocurrency funds. The vulnerabilities, known as BitForge, have not been exploited yet, but if they were, attackers could quickly drain funds from millions of wallets. The zero-days were found in protocols such as GG-18 and GG-20, affecting wallet providers like Coinbase WaaS and Binance. Wallet providers have been urged to check for exposure. #BHUSA #zeroday #cryptocurrency #walletsecurity
https://www.infosecurity-magazine.com/news/zero-day-vulnerabilities-crypto/
Interpol has shut down a phishing-as-a-service platform that hacked 70,000 users. The platform provided all the necessary tools for cybercriminals to conduct phishing attacks. The 16shop platform targeted accounts from companies such as Apple, PayPal, and Amazon, compromising personal information and credit card details. Indonesian and Japanese officials arrested the operators and facilitators of the platform. The operation aims to reduce the accessibility of crimeware and prevent more people from falling victim to phishing attacks. #cyberattack #cybersecurity #phishing
https://cybersecuritynews.com/interpol-shut-down-phishing-as-a-service-platform/
Microsoft announced the addition of GPT-4 and GPT-35-Turbo to its Azure AI Infrastructure. The expansion includes an AI optimized 4K GPU cluster and the launch of ND H100 v5 Virtual Machine series equipped with NVIDIA H100 Tensor Core GPUs. Azure's customer base has nearly tripled since their last disclosure of AI services. Customers such as Mercedes-Benz, KPMG, and Symphony AI are utilizing Azure OpenAI Service for various purposes. #Microsoft #Azure #AI #GPT4 #GPT35Turbo #AIInfrastructure #AzureExpansion #GPUs
Android Security Updates: Over 40 Vulnerabilities Including Critical RCE Patched. #AndroidSecurity #SecurityUpdates #Vulnerabilities #RCE #EoP #ID #CyberSecurityNews
https://cybersecuritynews.com/android-august-security-updates/
SAP has released patches for 16 vulnerabilities in multiple products.
The vulnerabilities range from Critical to Low severity.
Some of the affected products include SAP PowerDesigner, SAP Business One, SAP BusinessObjects, SAPUI5, and SAP Commerce.
The critical severity vulnerability allows an unauthenticated attacker to execute arbitrary queries against the database.
There are also high severity vulnerabilities that allow for malicious code injection and compromise of the application.
Medium severity vulnerabilities involve cross-site scripting and information disclosure.
Users of these products are advised to upgrade to the latest versions to patch the vulnerabilities.
#SAP #CyberSecurity #Vulnerabilities #PatchUpdate
Top 5 Security Vulnerabilities of 2023: Apache and OpenSSH are the most vulnerable.
Cybercriminal groups are targeting new software products and exploiting zero-day vulnerabilities.
Apache HTTP Server and OpenSSH have identified high-severity vulnerabilities.
Affected industries include food, hotel, entertainment, technology, healthcare, construction, pharmaceutical, and insurance.
Patch updates and fixes have been released by Apache and OpenSSH.
#cybersecurity #vulnerability
https://cybersecuritynews.com/top-5-security-vulnerabilities-2023/
Summary: Vectra AI has introduced an extended detection and response (XDR) platform that leverages attack signal intelligence. The platform integrates Vectra AI's signal data with existing endpoint detection and response (EDR) tools to help SOC teams keep up with evolving attack threats. It uses native and third-party attack signals across hybrid cloud domains, networks, and endpoints, and applies AI to analyze attacker behavior and prioritize security incidents. XDR is a growing trend in cybersecurity, as organizations seek more advanced methods for detecting and responding to attacks.
Hashtags: #VectraAI #XDR #cybersecurity #attackintelligence #AI #threatdetection #securityincidents
1. Over 350 organizations' Kubernetes clusters have been breached and exposed.
2. The breaches were due to misconfigurations allowing anonymous access and exposing clusters to the internet.
3. Security concerns with Kubernetes have delayed deployments and caused revenue loss for organizations.
4. Researchers found 350+ API servers that could be exploited by attackers.
5. Approximately 60% of the clusters were actively under attack by cryptominers.
6. Two common misconfigurations were exploited: anonymous access with privileges and misconfigured "kubectl" proxy.
7. Unauthorized access to Kubernetes clusters could have severe consequences for businesses.
#Kubernetes #Security #Breach #Misconfiguration
Attackers are using Cloudflare Tunnel to proxy into victim networks. The tool is easily installed and configurations can be made from the Cloudflare dashboard. The tunnel allows the attacker to access specific services on the local machine and appear as if they're connecting from that machine. It can also route an entire network IP range, essentially working as a VPN. Monitoring for DNS queries and outbound connections to port 7844 can help detect the use of Cloudflare Tunnel. #Cloudflare #ProxyAttack #NetworkSecurity