Okta's support system was hacked and sensitive customer data was stolen. The stolen data includes sensitive cookies and session tokens that can be used to impersonate valid users. Okta has taken measures to protect its customers, including the revocation of embedded session tokens. The compromised support system is separate from the production Okta service, which remains fully operational. Hashtags: #Okta #DataBreach #Security #Hacking.
https://www.securityweek.com/okta-support-system-hacked-sensitive-customer-data-stolen/
Summary: The UK National Cyber Strategy aims to be a responsible cyber power, focusing on avoiding indiscriminate harm in cyberspace. The publication of Responsible Cyber Power in Practice by the UK National Cyber Force (NCF) offers transparency and public insight into UK cyber operations. The doctrine of "cognitive effects" underpins NCF operations, aiming to influence the behavior of adversaries. The principles of accountability, precision, and calibration contribute to responsible cyber operations. Collaboration across sectors is important for developing the concept of responsible cyber power globally.
Hashtags: #ResponsibleCyberPower #Transparency #CognitiveEffects #Accountability #Precision #Calibration #Collaboration
https://www.infosecurity-magazine.com/opinions/responsible-cyber-operations/
ENISA warns of rising AI manipulation ahead of upcoming European elections. #AI #manipulation #cybersecurity #EuropeanElections
https://www.infosecurity-magazine.com/news/enisa-ai-manipulation-european/
SolarWinds Access Rights Manager had multiple flaws that allowed attackers to execute remote code and escalate privileges. The vulnerabilities include remote code execution and privilege escalation. Patch Manager Plus can be used to protect against these vulnerabilities. #SolarWinds #Flaw #RemoteCode
https://cybersecuritynews.com/solarwinds-access-rights-manager-flaw/
Iranian Crambus actors modify Windows firewall rules to enable remote access. The group, known as OilRig or APT34, has a history of attacking Iranian targets. They targeted a Middle Eastern government, compromising several computers and servers. The attackers used social engineering techniques and modified firewall rules to carry out their attacks. They installed backdoors and keyloggers on multiple machines and used various malware and legitimate tools to facilitate remote access. Researchers believe that Crambus continues to pose a threat to organizations in the Middle East and beyond.
#IranianCrambus #WindowsFirewall #RemoteAccess #OilRig #APT34
https://cybersecuritynews.com/crambus-windows-firewall-rules/
Authorities have seized the dark web site used by the RagnarLocker ransomware group, a major setback for cybercriminals. The international law enforcement action involved agencies from multiple countries. The details of the operation are still undisclosed, but Europol has confirmed its involvement. The FBI had previously issued an alert on RagnarLocker attacks. The successful seizure of the dark website is a significant step in the fight against ransomware. #Ransomware #Cybersecurity #LawEnforcement #Europol #FBI
https://cybersecuritynews.com/authorities-seized-ragnarlocker-ransomware/
Summary:
No giant squids can be found in aquariums because they are too big and their habitat cannot be recreated.
Hashtags:
#GiantSquid #Aquariums #Squid
1. Ransomware is on the rise due to its lucrative nature and obscurity, allowing malicious actors to extort money by encrypting data and demanding ransom.
2. GhostLocker is a new Ransomware-as-a-Service (RaaS) launched by hacktivist groups.
3. GhostLocker offers advanced techniques, infrastructure, and negotiation support, charging affiliates a low fee of 15%.
4. Hacktivist groups are shifting to GhostLocker from their previous ransomware solutions.
5. GhostLocker is run by GhostSec, SiegedSec, and The Five Families collective.
6. The association with The Five Families suggests a potential code overlap with StormousX.
7. Hacktivists turn to cybercrime for sustainability and resources.
8. Conflict may arise between hacktivist agendas and group contributions.
9. Patch Manager Plus can help protect against vulnerabilities.
10. Hashtags: #Ransomware #GhostLocker #HacktivistGroups #CybersecurityNews #RaaS
https://cybersecuritynews.com/ghostlocker-ransomware-as-a-service/
React Developer Tools vulnerability allows attackers to launch a DDoS attack. Update to the latest version to protect against this flaw. #ReactDeveloperTools #DDoSAttack #Vulnerability
U.S. Government releases popular phishing technique used by hackers. Phishing is a cyberattack that tricks people into giving away sensitive information. It can lead to data breaches, ransomware infections, and identity theft. Joint effort by CISA, NSA, FBI, and MS-ISAC to enhance defense against phishing threats. Phishing for credentials involves pretending to be someone you trust and asking for login credentials. Phishing with malware involves tricking users into downloading malicious links or attachments. Respond to phishing incidents by resetting compromised accounts and reporting to authorities. Effective training, security measures, and incident response procedures can reduce the risk of falling victim to phishing attacks. Tags: cyber security, cyber security news, ransomware, vulnerability.
https://cybersecuritynews.com/phishing-technique-used-by-hackers/
Palo Alto Networks updates Prisma Cloud with integrated cloud security. The latest release, named Darwin, offers code-to-cloud intelligence capabilities. It aims to provide a single point of security control for all cloud-native workflows. Features include AppDNA, Infinity Graph, code-to-cloud vulnerability management, shadow cloud discovery, and code-to-cloud dashboard. The upgrade is available to customers at no additional charges. #PaloAltoNetworks #PrismaCloud #cloudsecurity #codetocloud #applicationprotection #cybersecurity
Former Uber CISO is appealing his conviction for withholding information about a 2016 data breach from the FTC and attempting to conceal the breach by paying hackers. Sullivan's lawyers argue that he was scapegoated and that others, including the CEO at the time, should be held accountable. #Uber #CISO #data breaches #FTC #conviction #hacking
https://www.schneier.com/blog/archives/2023/10/former-uber-ciso-appealing-his-conviction.html
CipherStash, an Australian cybersecurity startup, raised $3 million in seed funding for its encryption-in-use technology. The funding round was led by Skip Capital and brings the company's total raised to $6 million. CipherStash employs queryable encryption technology to keep data encrypted even when in use, preventing data breaches and cyberattacks. The company's solution integrates with various programming languages and databases. #Cybersecurity #Encryption #DataProtection #SeedFunding #Technology
https://www.securityweek.com/cipherstash-raises-3-million-for-encryption-in-use-technology/
FBI: Thousands of remote IT workers sent wages to North Korea to fund weapons program. IT workers used false identities to get jobs and funneled money to North Korean weapons program. $1.5 million seized and 17 domain names confiscated. North Korean workers infiltrated networks and stole information. #FBI #NorthKorea #ITworkers #WeaponsProgram #Cybersecurity
Harmonic Security receives $7M funding for generative AI deployments #Cybersecurity #AI #Investment
British startup Harmonic Security secures $7M funding for AI app security #AI #Cybersecurity #Investment
Harmonic Security aims to mitigate risks of unregulated AI apps with $7M funding #AI #Cybersecurity #Investment
https://www.securityweek.com/harmonic-lands-7m-funding-to-secure-generative-ai-deployments/
Man charged with running stolen credentials marketplace, faces up to 20 years in prison. #cybercrime #stolencredentials #darkweb
E-Root marketplace sold access to compromised computer credentials. #cybersecurity #hacking #identitytheft
Marketplace used online payment system Perfect Money to conceal payments. #moneylaundering #cryptocurrency #anonymity
Over 350,000 credentials listed for sale on E-Root. #data breach #compromisedcredentials #cyberattack
https://www.infosecurity-magazine.com/news/us-charge-man-stolen-credentials/
Valve is enhancing the security of its Steamworks platform by introducing SMS verification for developers to prevent hackers from infiltrating developer accounts. The move comes in response to previous breaches where hackers gained control of developers' accounts and injected malware into game builds. The potential for financial gain is significant when infiltrators access code repositories and cloud infrastructure, allowing them to compromise downstream customers. Valve is implementing changes in Steamworks to mandate associating a phone number with a user's account and implementing two-factor authentication for certain actions. #SteamSecurity #SMSVerification #DeveloperAccounts
https://www.infosecurity-magazine.com/news/valve-steam-security-sms/
22% of phishing attacks in October 2023 used QR codes #QRcodes #phishingattacks
Study reveals that only 36% of recipients successfully identified and reported simulated phishing attacks #employeesusceptibility #phishingthreats
Retail industry had the highest miss rate in identifying and reporting suspicious QR codes #retailindustry #cybersecurityvulnerability
Communications staff 1.6 times more likely to engage with QR code attacks #employeesusceptibility #communicationsstaff
Engaged employees had a miss rate of 40%, compared to 90% for those not invested in their job responsibilities #employeeengagement #phishingmissrate
Continuous training in cybersecurity is crucial in reducing organizational vulnerability to threats #continuouscybersecuritytraining #riskmitigation
No real security built into QR codes, organizations should implement mitigation strategies #cybersecurityrisks #securitymeasures
Growing risks related to QR code phishing and QRLJacking pose emerging cybersecurity challenges #QRcodephishing #cybersecuritychallenges
https://www.infosecurity-magazine.com/news/qr-codes-used-22-phishing-attacks/
Former Navy IT Manager sentenced to 5 years in prison for selling sensitive data on dark web. Hooper stole identities of over 9,000 individuals and sold them for $160,000 worth of Bitcoin. The database access was limited to authorized organizations. Hooper created a fraudulent online account and added his wife as an accomplice. They illegally obtained PII and sold it on dark web. Recipients of the information committed crimes. Hooper paid a co-conspirator monthly to unlock the database. Chalk will be sentenced on November 20. Hashtags: #DarkWeb #FormerNavyITManager
https://cybersecuritynews.com/former-navy-it-manager-sentenced/
Hackers are using Discord as a command and control (C&C) platform to exploit Jupyter Notebooks and SSH. The campaign, called Qubit Strike, uses Discord's bot functionality to manage and monitor infected nodes and their mining activity. Qubit Strike is the first known malware campaign to use Codeberg as a hosting platform for its malicious code. Cado Security Labs has detected the malware and continues to monitor the campaign. The main component of Qubit Strike is a shell script called mi.sh, which performs various functions such as cryptocurrency mining, setting up persistence, and stealing credentials. Qubit Strike utilizes Discord for C&C and data exfiltration, targeting Cloud Service Provider credentials. The malware employs evasion tactics to avoid detection and spreads through SSH connections. It also deploys the Diamorphine Linux Kernel Module (LKM) rootkit. The campaign poses a multi-faceted threat and is a growing concern in the cybersecurity landscape. #hackers #DiscordC&C #malware #QubitStrike #JupyterNotebooks #SSH