Summary: OpenAI has released a compliant and data encrypted version of ChatGPT, addressing concerns about data leakage and unauthorized access. Many Fortune 500 companies have adopted the new ChatGPT Enterprise edition, and it offers enterprise-grade security, higher-speed access, and extended context windows. The platform does not use business data or conversations for training and offers encrypted conversations. Other features include a new admin console, faster performance, data analysis access, and more. Organizations should have a good understanding of ChatGPT before implementing it.
Hashtags: #OpenAI #ChatGPT #DataEncryption #EnterpriseSecurity #Fortune500 #AIAssistants #CyberSecurity
https://cybersecuritynews.com/chatgpt-enterprise-data-encryption/
Multiple critical vulnerabilities have been discovered in VMware Aria Operations for Networks, allowing attackers to bypass authentication and gain unauthorized access (#VMware #vulnerabilities). One vulnerability involves an SSH authentication bypass, while the other allows threat actors with administrative privileges to write files to arbitrary locations, potentially leading to remote code execution (#authenticationbypass #arbitraryfilewrite #remotecodeexecution). VMware has addressed these vulnerabilities (#securityupdates). Keep up to date with the latest cyber security news (#cybersecurity #news)
Identity Theft from 1965 Uncovered through Face Recognition: Napoleon Gonzalez assumed his deceased brother's identity in 1965 and used it to obtain Social Security benefits and multiple identification documents. A new investigation in 2020 used facial recognition technology to identify Gonzalez's face on two state identification cards. #biometrics #facerecognition #fraud #identitytheft
US government launches operation to remove QakBot malware and seize control over its botnet. QakBot has been implicated in 40 ransomware attacks costing victims over $58 million. Operation involved gaining access to botnet's control panel, disconnecting infected systems, and seizing servers. QakBot has infected over 700,000 machines in the past year alone. DOJ recovers $9 million in cryptocurrency and 6.5 million stolen passwords. QakBot is the most prevalent malware loader observed in the wild. US government has used court orders to remove malware before.
https://krebsonsecurity.com/2023/08/u-s-hacks-qakbot-quietly-removes-botnet-infections/
#crypto #podcast #WinRAR #bugfix #iPhone #Airplanemode #security #IoTdevices #TP-Link #vulnerabilities #encryption
New ‘MMRat’ Android Trojan Targeting Users in Southeast Asia. Android trojan allows remote control and bank fraud. #AndroidTrojan #Cybersecurity #BankFraud #SoutheastAsia
https://www.securityweek.com/new-mmrat-android-trojan-targeting-users-in-southeast-asia/
VMware patches critical security flaws in Network Monitoring Product. #VMware #SecurityFlaws #NetworkMonitoring
The flaws allow hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface. #SSHAuthentication #AriaOperations
The vulnerabilities are tagged as CVE-2023-34039 and CVE-2023-20890, with severity scores of 9.8 out of 10. #CVE-2023-34039 #CVE-2023-20890
The Aria Operations for Networks product is used by enterprises to monitor, discover, and analyze networks and applications. #NetworkMonitoring #Enterprise
Upgrading the platform appliance will remediate the authentication bypass vulnerability. #PlatformAppliance #VulnerabilityFix
VMware has previously patched a command injection flaw in the Aria Operations for Networks product. #CommandInjection #VulnerabilityFix
https://www.securityweek.com/vmware-patches-major-security-flaws-in-network-monitoring-product/
Operation 'Duck Hunt': Qakbot Malware Disrupted, $8.6 Million in Cryptocurrency Seized. Largest U.S.-led financial and technical disruption of botnet. Qakbot targeted critical industries worldwide. Infected machines are being automatically uninstalled. $8.6 million in cryptocurrency seized. #Qakbot #Cybersecurity #Malware #Cryptocurrency
Hashtags: #cyberinsurance #security #risks #exclusions #insurancecoverage
Summary:
- Delinea's State of Cyber Insurance Report reveals a growing disparity between carriers and enterprises seeking coverage.
- Companies are finding it increasingly challenging to secure cyber insurance, with longer waiting periods and higher premiums.
- Insurers should conduct risk assessments of organizations to identify and address security weaknesses.
- Many exclusions could nullify cyber insurance coverage, including inadequate security protocols, human errors, acts of war, and non-compliance with procedures.
- Organizations must understand policy stipulations to ensure their claims are approved.
- Despite challenges, organizations are investing in security solutions and securing budgets for cyber insurance coverage.
- Identity and Access Management (IAM) controls and Privileged Access Management (PAM) are key policy requisites.
- Cyber insurance is becoming a strategic imperative, with organizations investing in IAM, password vaults, and PAM controls to fortify coverage.
https://www.infosecurity-magazine.com/news/growing-disparity-cyber-insurance/
Summary: A new ransomware campaign is targeting unpatched Citrix NetScaler systems, exploiting a critical remote code execution vulnerability. The attacks show similarities to previous incidents and have raised concerns about an organized and experienced threat group. The attackers used the NetScaler vulnerability to initiate a comprehensive domain-wide assault, injecting harmful software and employing intricate scripts. It is recommended that organizations not only apply the patch but also thoroughly inspect their networks for compromise. Sophos X-Ops suspects the involvement of a well-known ransomware threat actor, known as Threat Activity Cluster STAC4663.
Hashtags: #Ransomware #Citrix #NetScaler #Cybersecurity #Sophos #ThreatActor
https://www.infosecurity-magazine.com/news/ransomware-targets-citrix/
LockBit 3.0 ransomware variants are surging after the leak of the builder. The leak has allowed cyber-criminals to create personalized strains. Kaspersky researchers have analyzed the builder, revealing its architecture and encryption techniques. The leak has exposed the LockBit group's techniques, making it easier for law enforcement to track them. #LockBit #Ransomware #Cybersecurity
https://www.infosecurity-magazine.com/news/lockbit-3-variants-surge-post/
Hackers have been exploiting ChatGPT for their cybercriminal activities. Trend Micro, Europol, and UNICRI released a report on the malicious uses of AI models like ChatGPT. Cybersecurity analysts have observed the use of ChatGPT by threat actors to generate specific functions and integrate AI-generated code into malware. ChatGPT is also being used for crafting deceptive emails and evading censorship. Underground forum threat actors offer criminal-oriented language models with capabilities like tackling anonymity and generating malicious code. The use of AI for deep fakes and social engineering is also a concern. #ChatGPT #cybersecurity #AIexploitation #cybercrime #deepfakes
Hackers use HTML Smuggling Technique to Deliver Ransomware. Threat actors adopt invasive techniques of HTML smuggling to launch Nokoyawa ransomware. Nokoyawa ransomware is similar to known ransomware groups Nemty and Karma. HTML smuggling attacks use JavaScript and HTML to obfuscate HTML files. The payload is delivered via email, with a ZIP file attached. User opens HTML file, downloads ZIP file, and enters password. Malware payload is embedded in an ISO file disguised as an LNK file. Rundll32 and malicious DLL are copied and executed. Persistence is established through a scheduled task. Threat actor uses Cobalt Strike beacon to find domain administrators. RDP session is initiated to move laterally to a domain controller. SessionGopher used to log into additional hosts. Ransomware is launched using k.exe and p.bat files. #HTMLSmuggling #Ransomware
1. Industrial organizations and critical national infrastructure are increasingly targeted by cyber-threat actors, including cyber-criminals and nation-state threats.
2. Vulnerability management in industrial control systems (ICS) is challenging due to the critical nature of these systems and the lack of test environments for software updates.
3. The convergence of operational technology (OT) with IT networks creates a broader attack surface for ICS and requires a different approach to cybersecurity.
4. Cybersecurity teams working in ICS environments face specific legal and regulatory requirements that are stricter for critical infrastructure sectors.
5. There is a significant skills shortage in industrial control, and organizations need to tap into government initiatives to boost the cyber skills pipeline.
6. Incident response challenges in ICS include documenting accurate information about the network and complying with obligations for information sharing and reporting cyber incidents.
#ICSsecurity #cyberthreats #vulnerabilitymanagement #OTITconvergence #legalrequirements #skillsshortage #incidentresponse
https://www.infosecurity-magazine.com/news-features/ics-security-challenges-overcome/
Summary:
1. Generative AI is being increasingly used in organizations and will have an impact on how they operate.
2. AI should be treated as an employee, with policies and procedures in place and adherence to confidentiality agreements and cultural expectations.
3. Transparency is vital in understanding how AI works and reaching reliable outcomes.
4. Regulation is needed to ensure accountability and prevent biased models.
5. A risk-based approach should be taken when integrating AI, with checks and balances and collaboration with more experienced colleagues.
6. Human judgment is still necessary in applying AI and considering its potential benefits.
7. Frameworks for digital trust are important in deploying AI in a credible and well-governed way.
Hashtags:
#GenerativeAI #ArtificialIntelligence #DigitalTrust #Transparency #Regulation #RiskBasedApproach #HumanJudgment
https://www.infosecurity-magazine.com/opinions/treating-ai-trusted-colleague/
Summary:
The Software Bill of Materials (SBOM) is gaining attention in the security industry thanks to recent guidance from the US government. However, maintaining SBOMs can be challenging for organizations due to the constantly evolving digital landscape and poor security culture. SBOMs should not be treated as just a list of ingredients but should include vulnerability management. To improve SBOMs, organizations should prioritize security culture and provide continuous security education for developers. The data from developer training should be included in the vulnerability management component of an SBOM.
Hashtags:
#SBOM #softwarebillofmaterials #security #vulnerabilitymanagement #securityculture #developers #continuousupskilling
https://www.infosecurity-magazine.com/opinions/time-elevate-humble-sbom/
Top 10 Best Practices for Securing Your Database:
1. Data Classification: Categorize and prioritize sensitive data for enhanced protection.
2. Encryption: Use strong encryption algorithms and proper key management.
3. Strong Authentication: Enforce strong password policies and implement multi-factor authentication.
4. Regular Patching and Updates: Apply patches promptly to prevent security breaches.
5. Access Control: Implement role-based access control to manage user permissions effectively.
6. Audit and Monitoring: Monitor your database for suspicious activities and maintain audit logs.
7. Backup and Recovery: Regularly back up your database and test recovery procedures.
8. Secure Configuration: Follow secure configuration guidelines to minimize vulnerabilities.
9. Intrusion Detection and Prevention: Implement systems to detect and block unauthorized behavior.
10. Employee Training: Provide comprehensive security awareness training to reduce human error risks.
#cybersecurity #databasesecurity #encryption #accesscontrol #auditandmonitoring #patching #secureconfiguration #backupandrecovery #intrusiondetection #employeetraining
https://cybersecuritynews.com/best-practices-for-securing-your-database/
Threats & Vulnerabilities in AI Models - How They Can be Abused
The rapid surge in LLMs (Large language models) across several industries and sectors has raised critical concerns about their safety, security, and potential for misuse. Threat actors can exploit LLMs for illicit purposes such as fraud, social engineering, phishing, impersonation, generation of malware, propaganda, and prompt injection and manipulation. A group of cybersecurity experts from various universities have conducted a study on how threat actors could abuse AI models for illicit purposes. Flaws in AI models make them vulnerable to threats and flaws, and there have been recent detections of cyber AI weapons. AI text generation aids in detecting malicious content and there are methods like watermarking, discriminating approaches, and zero-shot approaches. Red teaming tests LLMs for harmful language and content filtering methods aim to prevent it. There are various flaws in AI models such as prompt leaking, indirect prompt injection attacks, goal hijacking, jailbreaking, and universal adversarial triggers. LLMs face challenges in safety and security and peer review is needed to address concerns. #cyberattack #cybersecurity #vulnerability
https://cybersecuritynews.com/threats-vulnerabilities-ai-models/
Researchers from the New Jersey Institute of Technology Qatar Computing Research Institute and Hamad Bin Khalifa University have discovered a new technique to detect malicious websites. The technique involves using Graph neural networks (GNNs) and creating a domain maliciousness graph (DMG) from DNS logs. The researchers also identified key elements of threat actors and limitations in evading detection. Future research can improve defense against malicious websites. #cybersecurity #maliciouswebsites #malware
SIM-swapping attack on Kroll employee led to data theft from cryptocurrency platforms BlockFi, FTX, and Genesis. Fraudsters may already be using the stolen data for phishing attacks. #SIMswapping #datatheft #phishing
https://krebsonsecurity.com/2023/08/kroll-employee-sim-swapped-for-crypto-investor-data/