WordPress websites have been hacked through the Royal Elementor Plugin Zero-Day. The plugin has a critical vulnerability that has been exploited since August 30. The vulnerability allows attackers to upload arbitrary files and execute remote code. The bug affects all versions of Royal Elementor prior to 1.3.79. Over 46,000 attacks have been observed. Admins are advised to update to version 1.3.79. #WordPress #hacked #RoyalElementorPlugin #SecurityWeek
https://www.securityweek.com/wordpress-websites-hacked-via-royal-elementor-plugin-zero-day/
Summary: A study collected 350,757 coin flips to test the prediction that a coin tends to land on the same side it started, with an estimated probability of 51%. The study suggests that when coin flips are used for high-stakes decision-making, the starting position of the coin should be concealed.
Hashtags: #CoinFlips #Biased #PhysicsModel #HighStakesDecisionMaking
https://www.schneier.com/blog/archives/2023/10/coin-flips-are-biased.html
The cybersecurity landscape is evolving, with women playing a prominent role in breaking down barriers and advancing in the field. CyberWomen@Warwick and CyberWomen Groups C.I.C. are organizations that support women in cybersecurity. They provide networking, support, education, outreach, and opportunities for women in the industry. Closing the gender gap and fostering inclusivity are pressing topics in the field. Mentorship and educational programs targeted at women are essential for attracting more women to cybersecurity careers. The industry is becoming more inclusive, thanks to organizations like CyberWomen@Warwick and CyberWomen Groups C.I.C., as well as the commitment to diversity in the broader industry. There is a need for ongoing collective efforts to increase the percentage of women in cybersecurity. Overall, the future holds promise for greater gender diversity and equality in the field.
#Cybersecurity #WomenInTech #Inclusion #Diversity #Mentorship
https://www.itsecurityguru.org/2023/10/16/cybersecuritys-future-women-at-the-forefront/
Microsoft is improving Windows authentication and disabling NTLM, the weak authentication protocol. They are adding new features to the Kerberos protocol to eliminate the use of NTLM. #Microsoft #WindowsAuthentication #NTLM #Kerberos
The new features for Kerberos include Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center (KDC) for Kerberos. #IAKerb #KDC #Kerberos
IAKerb allows clients without line-of-sight to a Domain Controller to authenticate through a server that does have line-of-sight. This is useful in firewall segmented environments or remote access scenarios. #Authentication #IAKerb #Server
The local KDC for Kerberos utilizes the local machine's Security Account Manager to offer remote authentication of local user accounts via Kerberos. This improves the security of local authentication. #LocalKDC #Kerberos #Authentication
Microsoft is updating Windows components with NTLM built-in to use the Negotiate protocol instead, along with Kerberos and IAKerb. This will reduce the use of NTLM and improve security. #NTLM #Negotiate #Security
Administrators can track and block NTLM usage in their environments using extended management controls. Microsoft plans to eventually disable NTLM in Windows 11. #ManagementControls #NTLM #Windows11
https://www.securityweek.com/microsoft-improving-windows-authentication-disabling-ntlm/
Academics in Australia have developed an AI-based cyber intrusion detection system for unmanned military robots. Using deep learning convolutional neural networks, the system aims to reduce vulnerabilities in the robot operating system and specifically focuses on detecting man-in-the-middle attacks. The system demonstrated 99% accuracy in tests conducted on a US Army ground vehicle. The researchers intend to further test the algorithm on different robotic platforms, including unmanned aerial vehicles. #Cybersecurity #UnmannedRobots #IntrusionDetectionSystem
https://www.securityweek.com/academics-devise-cyber-intrusion-detection-system-for-unmanned-robots/
Signal, a privacy-focused messaging firm, denies rumors of a zero-day exploit in its encrypted chat app. There is no evidence to support the claim. #Signal #cybersecurity
The rumored vulnerability involves the "generate link preview" feature in Signal. Users are advised to deselect the feature and update their app. #zero-day #vulnerability
The source of the zero-day warning is unknown, and it has not been confirmed by the US Government. #securityalert #rumors
The "generate link preview" feature in Signal has privacy and security risks, similar to those seen in WhatsApp. #privacyconcerns #securityrisks
Apple's LockDown Mode disables the iMessage link preview feature to prevent malicious targeting. #Apple #iMessage
https://www.securityweek.com/signal-pours-cold-water-on-zero-day-exploit-rumors/
Signal, the encrypted messaging app, has disputed claims of a zero-day software vulnerability. The company found no evidence supporting the existence of this alleged flaw. Users were advised to turn off link previews for added security. Signal consulted with the United States government and found no information suggesting the validity of the claim. Users may consider deactivating the link previews feature until the alleged vulnerability is definitively determined. #Signal #ZeroDayFlaw #Cybersecurity
https://www.infosecurity-magazine.com/news/signal-disputes-alleged-zero-day/
Hacktivists have claimed responsibility for DDoS and defacement attacks on Israeli websites during the Israel-Hamas conflict. Researchers warn of more impactful attacks being attempted. Pro-Palestinian hacktivist groups, as well as the pro-Russian threat group Killnet, are involved in claiming attacks. More sophisticated attacks, including exploiting an API vulnerability and targeting industrial control systems, have also been reported. Cybersecurity experts urge caution when believing cyber-criminal chatter and expect Israeli organizations to be heavily targeted. Mitigating DDoS attacks and securing social media accounts are crucial. #Hacktivism #IsraelHamas #DDoSattacks #Cybersecurity
https://www.infosecurity-magazine.com/news/concern-hacktivism-israel-hamas/
Ransomware targets unpatched WS_FTP servers, exploiting critical vulnerability. Attackers attempt to escalate privileges using GodPotato tool. Sophos X-Ops thwarts attack with behavioral protection and multi-layered security measures. Industry sectors that use WS_FTP servers for file transfers remain vulnerable. Prompt patching and up-to-date security defenses are crucial. Organizational vulnerability management planning is recommended. #Ransomware #WS_FTP #vulnerability #patching #securitydefenses
https://www.infosecurity-magazine.com/news/ransomware-targets-unpatched-wsftp/
Summary:
CISA has launched the Ransomware Vulnerability Warning Pilot (RVWP) to help organizations identify and address vulnerabilities exploited by ransomware operators. The RVWP provides resources, such as a catalog of known exploited vulnerabilities and a list of misconfigurations and security flaws utilized by ransomware threat actors. Over 800 devices with vulnerabilities linked to ransomware have received alerts from the RVWP. CISA urges organizations to check the updated catalog and list to minimize their risk of being affected by ransomware.
Hashtags:
#CISA #RansomwareAttacks #Vulnerabilities
https://cybersecuritynews.com/cisa-ransomware-vulnerability-warning/
IBM QRadar SIEM has discovered two medium-severity vulnerabilities related to Cross-Site Scripting (XSS) and Information disclosure. Patches have been released by IBM for these vulnerabilities. Upgrade to the latest version of IBM QRadar SIEM. #IBM #QRadarSIEM #vulnerability #cybersecuritynews
Summary of the text: The US Environmental Protection Agency (EPA) has withdrawn cybersecurity rules for public water systems due to lawsuits filed by states and non-profit water associations. The EPA announced in March that it would require states to report on cybersecurity threats in their public water system audits, but legal action challenged the requirements due to financial burdens on small towns. The American Water Works Association (AWWA) and the National Rural Water Association (NRWA) joined the lawsuits, expressing concerns about cybersecurity vulnerabilities and lack of expertise. Cyber threats in the water sector are real and growing, and a collaborative approach to cybersecurity measures is needed. The US government has been taking steps to improve cybersecurity funding for rural water systems and offering vulnerability scanning services to water utilities.
Hashtags: #Cybersecurity #WaterSector #Lawsuits #EPA #SmallTowns #AWWA #NRWA #Collaboration #CyberThreats #Funding #VulnerabilityScanning
https://www.securityweek.com/epa-withdraws-water-sector-cybersecurity-rules-due-to-lawsuits/
Hackers are using Skype and Microsoft Teams to deliver the DarkGate malware. DarkGate is a Windows-based malware that allows remote access, file encryption, cryptocurrency mining, and credential theft. The attacks have been observed in the Americas, Asia, the Middle East, and Africa. The attackers use hijacked Skype accounts to send malicious VBA scripts disguised as PDF files. They also use the Microsoft Teams platform to deliver malicious attachments. Organizations are advised to have control over instant messaging applications and use multifactor authentication to protect against these attacks.
#Hackers #Skype #MicrosoftTeams #DarkGateMalware
Summary:
Threat actors have been laundering currencies through cross-chain crime, swapping cryptocurrency between different blockchains and tokens for anonymity. Reports suggest that over $4.1 billion of illegal funds have been laundered this way, with estimates rising to $6.5 billion by the end of 2023 and $10.5 billion by 2025. The Lazarus group, responsible for high-profile cyberattacks, has laundered over $900 million using this method.
Hashtags:
#Cryptocurrency #MoneyLaundering #CrossChainCrime #IllegalFunds #Cyberattacks #LazarusGroup
Threat actors are using 404 error pages to hide card stealing malware. The campaign targets organizations in the food and retail industries. Three concealment techniques were used, including obfuscation and hiding malicious code. The campaign exploited multiple victim websites and used variations to prevent detection. The attackers used the websites' default 404 error page to hide the malicious code. A report by Akamai provides more details about the campaign and its variations. #CyberSecurity #Malware #DataExfiltration #WebSkimming
Summary:
This blog post discusses the topic of squid intelligence and invites readers to engage in a discussion on security stories.
Hashtags:
#FridaySquidBlogging #SquidIntelligence #SecurityStories
https://www.schneier.com/blog/archives/2023/10/friday-squid-blogging-on-squid-intelligence.html
Summary:
1. Former Uber security chief Joe Sullivan appeals data breach cover-up conviction.
2. $12,000 bounty offered for finding NIST elliptic curve seeds.
3. Amnesty International and EIC analyze surveillance products from Intellexa.
4. $7 billion in cryptocurrency laundered via cross-chain services, linked to Lazarus cyber group.
5. Approov study finds that 95% of financial apps in Africa expose secrets.
6. Honeywell launches Cyber Watch to improve OT security.
7. Microsoft expands Security Experts offerings and announces passwordless initiative.
8. IBM introduces AI-powered managed detection and response services.
9. LostTrust ransomware operation detailed by SentinelOne.
Hashtags:
#cybersecurity #news #data #breach #cryptocurrency #surveillance #OTsecurity #Microsoft #passwordless #AI #ransomware
Juniper Networks patches over 30 vulnerabilities in Junos OS. Nine of the vulnerabilities are high-severity bugs. #Juniper #vulnerabilities
An incorrect default permissions bug allows an unauthenticated attacker to create a backdoor with root privileges. #security #vulnerability
Six high-severity vulnerabilities in Junos OS and Junos OS Evolved could lead to denial of service. Five can be exploited remotely. #DoS #JunosOS
Two high-severity issues in Junos OS and Junos OS Evolved can impact device stability and device operations. #security #devices
Additional vulnerabilities include medium-severity issues that could lead to DoS conditions or the leak of credentials. #vulnerabilities #security
Juniper Networks released software updates to address these vulnerabilities for multiple versions of Junos OS and Junos OS Evolved. #softwareupdate #Juniper
Users are advised to apply the available patches as soon as possible to mitigate potential exploitation. #security #patches
https://www.securityweek.com/juniper-networks-patches-over-30-vulnerabilities-in-junos-os/
CISA is flagging vulnerabilities and misconfigurations exploited by ransomware, providing resources to help organizations mitigate these security flaws. The agency has released a new column in the Known Exploited Vulnerabilities catalog and a table on the StopRansomware project's website. These resources list specific vulnerabilities and misconfigurations targeted by ransomware groups and offer mitigations for organizations to protect against them. #CISA #Ransomware #Cybersecurity #Vulnerabilities
Summary:
UK regulator fines Equifax £11m for failing to protect UK consumer data in the 2017 data breach. The breach was preventable, and Equifax did not provide sufficient oversight of the data it outsourced to its US-based parent company. Equifax did not find out about the hack until six weeks after it was discovered, leading to delays in informing customers. Equifax also gave misleading statements and mishandled complaints from customers. The severe penalty highlights the importance of cybersecurity and data protection in the financial services industry.
Hashtags: #Equifax #DataBreach #UKRegulator #FCA #Cybersecurity #DataProtection #FinancialServices
https://www.infosecurity-magazine.com/news/regulator-fine-equifax-data-breach/