China has developed an AI-powered image generation capability for influence operations, targeting US voters on divisive topics like gun violence and politics. Chinese threat actors are also conducting cyber operations in the South China Sea region and targeting the US defense industry. The report warns of escalating threats from China and North Korea leading up to the 2024 elections. Cross-industry collaboration is crucial to address these challenges. #China #AI #influenceoperations #cybersecurity #USelections
https://www.infosecurity-magazine.com/news/china-ai-image-generation/
Cisco has addressed a high-impact vulnerability in their Identity Services Engine (ISE), allowing attackers to trigger a DoS condition. The vulnerability was discovered during the resolution of a Cisco TAC support case. Cisco ISE is a platform that enables enterprises to enforce compliance and enhance security. Customers should turn off RADIUS accounting on the network access device to mitigate the vulnerability. Cisco has released software updates to fix the issue. #Cisco #vulnerability #DoS
https://cybersecuritynews.com/cisco-identity-services-engine-flaw/
APT hackers are exploiting vulnerabilities in Fortinet and ManageEngine. The hackers used CVE-2022-47966 to breach Zoho ManageEngine ServiceDesk Plus and CVE-2022-42475 to access the FortiOS SSL-VPN firewall device. The Cybersecurity and Infrastructure Security Agency (CISA) and other organizations have observed multiple APT actors using similar tactics. The APT actors frequently target firewalls, VPNs, and edge network infrastructure. Detection methods include monitoring for new user creation, scheduled tasks, API calls, executed commands, user accounts logged into systems, and network connections. Mitigations include proper vulnerability and configuration management, network segmentation, proper management of accounts, permissions, and workstations, secure remote access software, auditing scheduled tasks, validating findings, using application allowlists, and verifying security controls. #APTHacker #CyberSecurity #FortiOS #ManageEngine
https://cybersecuritynews.com/apt-fortinet-manageengine-vulnerability/
1. A US aeronautical organization was hacked via vulnerabilities in Zoho ManageEngine and Fortinet VPNs.
2. The vulnerabilities were exploited by advanced persistent threat (APT) actors.
3. The first bug, CVE-2022-47966, allowed remote attackers to execute arbitrary code on affected systems.
4. The second vulnerability, CVE-2022-42475, impacted multiple versions of Fortinet VPNs.
5. The hackers gained root-level access to the web server and compromised the organization's firewall device.
6. Multiple APTs exploited the vulnerabilities to establish persistence on the network.
7. The investigation revealed the use of various tools and techniques by the attackers.
8. The organization's data access and exfiltration could not be determined due to limited network sensor coverage.
Hashtags: #Cybersecurity #Hacked #Vulnerabilities #Zoho #Fortinet #APTs #DataBreach #ThreatIntelligence #IncidentResponse #NetworkSecurity #SupplyChainSecurity
https://www.securityweek.com/us-aeronautical-organization-hacked-via-zoho-fortinet-vulnerabilities/
US and UK sanction 11 more members of the Trickbot Russian cybercrime group. The sanctions target individuals involved in the development and operation of the Trickbot malware, which has been used in ransomware attacks and targeting bank accounts. The sanctions freeze assets and prohibit US and UK entities from doing business with the individuals. The US government has also announced charges against nine individuals, including the newly sanctioned individuals, for their role in developing the malware. The Trickbot group is believed to have ties to Russian intelligence services.
Hashtags: #Trickbot #cybercrime #sanctions #malware
https://www.securityweek.com/us-uk-sanction-more-members-of-trickbot-russian-cybercrime-group/
Hashtags:
#Apple #Pegasus #zero-day #vulnerabilities #exploits #spyware#NSOGroup
https://www.infosecurity-magazine.com/news/apple-patches-two-zerodays-pegasus/
CISA orders federal agencies to patch critical vulnerability in RocketMQ. CVE-2023-33246 affects versions 5.1.0 and below. Patch must be applied by September 27. Exploits have been detected since June. DreamBus bot for Monero mining installed through the exploit. Around 4500 potentially exposed systems detected. #CISA #RocketMQ #vulnerability #patch
https://www.infosecurity-magazine.com/news/cisa-critical-rocketmq-bug/
Regulator to investigate fertility app security concerns. Transparency and data security are top concerns for women using period and fertility tracking apps. Over half of app users have noticed an increase in baby or fertility-related ads. ICO will investigate privacy policies, data storage practices, and targeted ads. Users' feedback will help identify areas for improvement. ICO warns developers of connected devices to comply with data protection laws. Excessive data collection practices are a concern. #FertilityApps #DataSecurity #PrivacyConcerns #TargetedAds #DataProtection
https://www.infosecurity-magazine.com/news/regulator-fertility-app-security/
Threat actors are modifying Domain Generation Algorithm (DGA) patterns to improve command and control (C2) communication and complicate analysis. DGAs generate random domain names for malware C&C servers, making it difficult for victims to block or remove them. Akamai Security Intelligence Group has observed threat actors altering DGA patterns, with domain names activating ahead of schedule. This makes it challenging for researchers to disrupt C2 communication and block malicious domains. Additionally, DGAs have enabled the development of various cyber threats, including DDoS attacks, cryptomining, and malware spreading. Statically seeded DGAs use unchanging seeds like numbers or names, while dynamically seeded DGAs use time-based seeds, making it difficult to predict domain names. Pushdo and Necurs are among the DGA families that have been examined by cybersecurity analysts. Malicious actors alter DGAs to evade detection and challenge security teams. Stay informed about cyber security news. #CyberSecurity #DGAPatterns #C2Communication #MalwareThreatActors
https://cybersecuritynews.com/threat-actors-alter-dga-patterns/
Researchers from various universities have proposed using pre-trained LLM agents as human penetration testers in cybersecurity. LLMs have shown promise in planning, open-world exploration, and decision-making. The researchers include Maria Rigaki, Ondrej Lukas, Carlos A. Catania, and Sebastian Garcia. LLMs can enhance network security by analyzing text and detecting social engineering attacks. Existing network security training environments lack consistency and detailed discussion, raising concerns about real-world applicability. NetSecGame is an innovative network security training ground with defined elements. However, LLMs have limitations such as hallucination and instability. Despite these limitations, cybersecurity researchers see potential in using LLMs for high-level cybersecurity planning.
#cybersecurity #pentesting #LLMagents #networksecurity #NetSecGame
https://cybersecuritynews.com/intended-pre-trained-llm-agents/
1. An actively exploited zero-click vulnerability was discovered on iPhones, allowing the installation of the Pegasus malware.
2. Pegasus malware gives operators access to various features on infected devices.
3. Apple released a fix for the vulnerability.
4. The exploit chain involved PassKit attachments sent through iMessage.
5. Lockdown Mode can protect against this specific attack.
6. Users are urged to update their iPhones immediately.
#Apple #CyberSecurity #Vulnerability #Pegasus #Malware #Exploit
https://cybersecuritynews.com/iphone-zero-click-zero-day-exploited/
Summary: Organizations are increasing their cybersecurity budgets, with a focus on identity and access management (IAM) and cloud security. CISOs are also prioritizing third-party risk management, AI security, and reducing human error/insider risks. IAM and cloud security are top investment areas, while spending on risk assessment, security services, and infrastructure protection is less common. CISOs face challenges in managing third-party risks, AI security, and insider threats. CISOs are looking for solutions that address these issues, as existing solutions often fall short.
Hashtags: #cybersecurity #IAM #cloudsecurity #CISOs #thirdpartyrisk #AIsecurity #insiderthreats
https://www.csoonline.com/article/651241/iam-cloud-security-to-drive-new-cybersecurity-spending.html
Hackers are accessing personal data from credit bureaus and selling it online. The data comes from credit headers held by companies such as Experian, Equifax, and TransUnion. Criminals have tapped into this data supply chain and are selling access online. The tool used to gather this information has been used to target high-profile individuals, including Elon Musk and Joe Biden. #cybercrime #datacollection #doxing #finance #lawenforcement
Wealthy Russian with Kremlin ties sentenced to 9 years for hacking and insider trading scheme. #RussianHacker #InsiderTradingScheme
Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers. #Cybersecurity #NorthKorea #ZeroDays #Hacking #SecurityResearchers. Google intercepts North Korean hackers targeting security researchers with zero-days and rigged software tools. The hackers forge relationships with researchers and send malicious files containing zero-day exploits. Google warns about a rigged Windows tool used to hijack data from user machines. This is not the first case of North Korean government hackers targeting security researchers.
Text Summary:
Apple has released urgent updates for its iOS and macOS platforms to fix two security vulnerabilities that are actively being exploited. The vulnerabilities, identified by the Citizen Lab at The University of Toronto's Munk School, can be exploited through rigged image files to execute arbitrary code. Apple has been regularly releasing emergency patches for zero-day flaws as it struggles to keep up with skilled attackers.
Hashtags:
#Apple #SecurityUpdate #iOS #macOS #ZeroDays #Cybersecurity
https://www.securityweek.com/apple-patches-actively-exploited-ios-macos-zero-days/
Zero-Day Flaw Exposes Atlas VPN User IPs; vulnerability affects Linux client version 1.0.3; allows malicious websites to disconnect VPN and reveal user's IP address; API lacks authentication; exploit code shared; Atlas VPN users advised to exercise caution; attempts to contact Atlas VPN's support for responsible disclosure reportedly unanswered.
#ZeroDay #Flaw #AtlasVPN #Linuxclient #VPN #IPaddress #Privacy #Security
https://www.infosecurity-magazine.com/news/zero-day-flaw-exposes-atlas-vpn/
DGA behavior shifts in cybersecurity raise concerns. Malicious actors are adapting their tactics to prolong the life of their command-and-control communication channels. DGAs come in two types: dynamically seeded and statically seeded. Infected devices connect to semi-random domains generated by DGAs, posing a challenge for cybersecurity experts. Malware authors previously hardcoded domains into their code, but DGAs changed the game. Akamai's research focused on dynamic DGAs and found unexpected behavior in the Pushdo and Necurs families. Malicious actors intentionally shifted seeds and domain names to confuse security researchers. Security researchers must counter these measures and better identify real threats. #DGABehaviorShifts #CybersecurityConcerns
https://www.infosecurity-magazine.com/news/dga-behavior-shifts-cybersecurity/
API Vulnerabilities: The 2023 State of API Security Report reveals that 74% of organizations have experienced multiple breaches within the past two years. DDoS attacks account for 38% of breaches. The report also highlights a lack of understanding and confidence in API security. Experts doubt the effectiveness of traditional security solutions like Web Application Firewalls (WAFs). Organizations anticipate escalating API-related risks in the next two years, including challenges such as API sprawl and securing external threats. #APIVulnerabilities #APISecurity #DataBreaches #DDoSAttacks #APISecurityRisks
https://www.infosecurity-magazine.com/news/api-flaw-74-organizations-report/
Summary:
A recently discovered stored cross-site scripting (XSS) vulnerability in Cacti allows an authenticated user to poison the data stored in Cacti's database. The vulnerability can be exploited by supplying a malicious device name, resulting in stored XSS. If successfully exploited, threat actors can perform various malicious actions and attacks. Organizations using Cacti are advised to make the data as a text element in the rendered HTML to prevent execution of the malicious code.
Hashtags: #Cacti #Vulnerabilities #XSS