In an interview with Infosecurity Magazine, ISC2 CISO Jon France discussed the influence of AI and deepfakes on cybersecurity and offered advice for security leaders. Deepfakes are becoming increasingly sophisticated and are being used in spearphishing and business email compromise attacks. Procedural controls, such as requiring secondary authority for high-value transactions, can help mitigate deepfake threats. Ransomware attackers are now focusing on denying access to data and exfiltrating and threatening to expose it. Security leaders are facing challenges due to the growing threat landscape, increasing sophistication of attackers, and the need to understand the language of business and prioritize risks. France advises security professionals to learn about business in order to progress in their careers. #ISC2Congress #AI #Deepfakes #CyberRisk #ProceduralControls #Ransomware #ThreatLandscape #Attackers #BusinessLanguage.
https://www.infosecurity-magazine.com/interviews/ciso-talks-ai-deepfakes-managing/
Cloudflare observed a DDOS attack with 201 million HTTP requests per second. #DDOS #CybersecurityNews
DDOS attacks flood web services with traffic, causing financial losses and security vulnerabilities. #Cybersecurity #WebAttacks
Cloudflare, with its large network, handles 64 million HTTP requests per second and prevents 140 billion cyber threats daily. #Cloudflare #Cybersecurity
DDOS attacks have been targeting Israeli media, financial, and government sites, as well as Palestinian websites. #Israel #DDOSAttacks
HTTP DDOS attacks exploit the CVE-2023-44487 HTTP/2 Rapid Reset vulnerability, reaching millions of requests per second. #HTTPDDOS #Vulnerability
Cloud-based botnets using HTTP/2 enable hyper-volumetric DDOS attacks with small botnet sizes. #Botnets #HTTPAttacks
Cloudflare mitigated 8.9 trillion HTTP DDOS requests, with the largest attack reaching 2.6 Tbps. #Cybersecurity #Mitigation
Top countries for HTTP DDOS attacks: United States, China, Brazil, Germany, Indonesia. #CyberAttacks #TopCountries
Top industries attacked by HTTP DDOS: Gaming & Gambling, IT & Internet, Cryptocurrency. #CyberAttacks #TopIndustries
Cloudflare provides protection against HTTP DDOS attacks for its users. #Cloudflare #Cybersecurity
https://cybersecuritynews.com/ddos-attack-201-million-http-requests/
Most common Active Directory misconfigurations can lead to cyber attacks. Administrator accounts can be allowed for delegation, AES encryption should be forced on service accounts, and the print spooler should be disabled on domain controllers. Users should not be able to create machine accounts, and unchanged GPOs should be reprocessed on domain controllers. Password policies and least privilege should be implemented for service accounts, and the KRBTGT account should be protected. #ActiveDirectory #CyberSecurity #CyberSecurityNews
https://cybersecuritynews.com/most-common-active-directory-misconfigurations/
Best Cloud Access Security Broker (CASB) Software:
1. The Cloud Access Security Broker serves as a gatekeeper for organizations, assisting them in keeping track of and safely utilizing cloud services while ensuring security compliance.
2. CASBs identify risk factors and cloud applications in use, providing organizations with protection through firewalls, authentication, and data loss prevention.
3. CASBs are compatible with SaaS, PaaS, and IaaS environments, addressing security flaws and maintaining visibility over data in the cloud.
4. The four pillars of CASB functionality are Visibility, Threat Protection, Data Security, and Compliance.
5. Top 11 CASB software options for 2024 include DoControl, Microsoft Cloud APP Security, Forcepoint CASB, Palo Alto Networks, Cisco Cloudlock, Broadcom Symantec CloudSOC, Lookout CASB, Proofpoint CASB, Netskope Security Cloud Platform, Trend Micro Cloud App Security, and Bitglass CASB.
Hashtags: #CASB #CloudSecurity #DataProtection #ThreatProtection #Compliance #Cybersecurity #CloudApps #DataSecurity #CloudBroker
Nigerian police dismantle major cybercrime hub in Abuja #Cybercrime #NigeriaPolice
Six arrests made in raid of cybercrime recruitment and training center in Abuja #Arrests #Cybercrime
Suspects involved in various cybercrimes including business email compromise and romance scams #Cybercrimes
Police urging locals to report cybercrime groups operating in their area #ReportCybercrime
Nigeria continues to be a major source of BEC and online fraud threats #OnlineFraud
https://www.infosecurity-magazine.com/news/nigerian-police-dismantle-major/
Microsoft has identified Octo Tempest as one of the most dangerous financial criminal groups. The group consists of English-speaking threat actors collaborating with the Russian-speaking ALPHV/BlackCat ransomware operation. Octo Tempest began with SIM swap attacks and has targeted various sectors such as tech, gaming, and financial services. The group employs advanced social engineering techniques and even resorts to fear-mongering tactics to coerce victims. Microsoft has provided defensive and threat hunting strategies in its report. Octo Tempest has been linked to breaches at MGM International, Caesars Entertainment, Okta, and Twilio.
#OctoTempest #FinancialCriminalGroups #Ransomware #TechSector #ThreatActors #SocialEngineering #DataBreach
https://www.infosecurity-magazine.com/news/microsoft-alarm-englishspeaking/
The UK's National Cyber Security Centre (NCSC) has launched a new offering called PDNS for Schools, which aims to prevent school users from visiting malicious websites. PDNS for Schools is based on the NCSC's Protective Domain Name Service (PDNS), which blocks access to risky sites by not resolving them. The service also provides metrics about network health and offers support for resolving issues. The education sector in the UK has experienced a high number of cyber incidents, including phishing emails and ransomware attacks. PDNS for Schools will be rolled out for free in the coming year. #cybersecurity #education #networksecurity #malware #phishing
https://www.infosecurity-magazine.com/news/security-agency-rolls-protective/
TP-Link, HP Printer, Samsung Galaxy S23 hacked at Pwn2Own 2023. Vendors affected include TP-Link, HP, Cannon, Synology, and Sonos. Cybersecurity experts earned over $400,000 on the first day with zero-day attacks on various devices. Highlights of Day 2 include successful attacks on Sonos Era 100, Lexmark CX331adwe, TP-Link Omada Gigabit Router, QNAP TS-464, HP Colour LaserJet Pro MFP 4301fdw, Synology RT6600ax, and Samsung Galaxy S23. Total awards given out so far amount to $801,250. #cybersecurity #Pwn2Own #vulnerabilities #zero-day #hacks #hackers
https://cybersecuritynews.com/tp-link-hp-printer-samsung-galaxy-s23-hacked/
Hackers exploit Facebook business accounts to run malicious ads, forcing victims to bear the financial burden. #Facebook #hack #maliciousads
Cybercriminals hijack others' business accounts to launch fraudulent advertising campaigns on Facebook. #cybersecurity #fraud #socialmedia
Criminals approach victims as advertising partners, promising high budgets. Victims are directed to a zip file containing malicious code. #cyberattack #phishing #malware
Hackers steal Facebook account cookies, create fake stores, download malware, and hijack advertising campaigns. #dataprotection #identitytheft #cybercrime
Protect yourself by not staying permanently logged in, using multi-factor authentication, being skeptical of direct messages and unsolicited links, and using a password manager. #securitytips #protectyourself #passwords
Google Chrome has a security flaw that allows attackers to crash the browser. #GoogleChrome #SecurityFlaw #BrowserCrash
A security update for Chrome has been released, with two security fixes. #ChromeUpdate #SecurityFixes
One of the fixes addresses a high severity flaw involving use after free in profiles. #HighSeverityFlaw #UseAfterFree
Google recommends users update to the latest version of Chrome to prevent exploitation. #UpdateChrome #PreventExploitation
https://cybersecuritynews.com/chrome-security-crash-browser/
VMware vCenter Server had two vulnerabilities, one related to Out-of-Bounds Write and another to Partial Information Disclosure. The severity of these vulnerabilities was Critical and Medium. VMware has fixed them and released a security advisory. The vulnerabilities could be exploited for remote code execution and unauthorized data access. Users are advised to upgrade their products to prevent exploitation. #cybersecurity #vulnerabilities
Winter Vivern group exploited a zero-day cross-site scripting (XSS) vulnerability in Roundcube servers. The group targeted governmental entities and a think tank in Europe. Winter Vivern is known for targeting governments in Europe and Central Asia. It has been active since 2020 and is suspected to be linked to MoustachedBouncer group. The newly exploited vulnerability allows remote exploitation by sending a specially crafted email message. Winter Vivern's ability to exploit a zero-day vulnerability in Roundcube is a concerning development in cyber-espionage. #WinterVivern #cybersecurity #XSS #Roundcube
https://www.infosecurity-magazine.com/news/winter-vivern-zero-day-targets/
QNAP effectively eliminates server used in extensive brute-force attacks on NAS devices. The company successfully blocked hundreds of zombie network IPs within 7 hours and located the source C&C server within 48 hours. QNAP recommends immediate cybersecurity measures to mitigate security attacks. #cyberattack #cybersecurity
https://cybersecuritynews.com/qnap-server-brute-force-attack/
1. Okta experiences breach via stolen credential, with threat actor accessing support case management system. #securitybreach #IAM
2. Files uploaded by Okta customers as part of recent support cases may have been viewed by threat actor. #customerdata #securityincident
3. Okta support may ask customers to upload sensitive data in HTTP Archive (HAR) files, which can be exploited by malicious actors. #datasecurity #vulnerability
4. Okta has taken measures to protect customers, including revocation of session tokens and sanitizing credentials. #customerprotection #securitymeasures
5. BeyondTrust notifies Okta of possible breach after detecting attempt to access administrator account using stolen session cookie. #incidentreporting #escalation
6. All affected Okta customers have been notified of the breach. #customernotification #breachresponse
https://www.infosecurity-magazine.com/news/okta-reveals-breach-via-stolen/
The September cyber-attack on the International Criminal Court (ICC) was a targeted espionage attempt. The ICC has not yet identified the perpetrator. The breach is a serious threat to the court's mandate and compromises the data belonging to individuals, organizations, and states. The ICC is enhancing its cybersecurity initiatives and incident response processes. #ICC #CyberSecurity #Breach #Espionage
https://www.infosecurity-magazine.com/news/icc-september-breach-was-espionage/
50K Cisco IOS XE devices hacked using zero-day flaw. #Cisco #CVE #Vulnerability #CyberSecurity
Cisco IOS XE devices, widely used in networking, were hacked. #CyberSecurity #DataBreaches
New vulnerability (CVE-2023-20198) in Cisco IOS XE software’s Web UI exposed over 50K devices. #Cisco #Vulnerability
Active exploitation involved creating user accounts and implant deployment. #CyberAttack #ZeroDay
Exploited vulnerability grants full admin access, followed by root-level control. #CyberSecurity #DataBreach
Organizations urged to follow Cisco’s advisory and watch for suspicious users. #CyberSecurity #Recommendation
AI and US Election Rules: The Federal Election Commission is considering whether AI-generated deepfake media for political advertisements should be considered fraud or legitimate. The use of AI image generators and dystopic images in political campaigns is currently allowed. AI will also be used to personalize communications and create interactive campaigning. Responsibility for regulating political advertisements is unclear, with various commissions having limited authority. There are insufficient disclosure requirements for digital ads, and campaigns often find ways to circumvent rules. Google has announced that political advertisements on its platforms will disclose their use of AI. The FEC should expand its authority to regulate AI-generated content in campaign communications. Congress should pass legislation to clarify the boundaries between regulatory commissions and strengthen regulation on political speech. The media can help by verifying the authenticity of videos, images, and audio recordings. Public input is needed to push for regulatory action and hold humans accountable for AI’s actions. #AIElectionRules #RegulatingPoliticalAds #AIinPolitics #DigitalCampaigning
https://www.schneier.com/blog/archives/2023/10/ai-and-us-election-rules.html
Hackers stole access tokens from Okta's support unit, compromising its customer support unit. Okta says the incident affected a small number of customers. The hackers had access to Okta's support platform for at least two weeks before containment. Okta recommends sanitizing credentials and session tokens in HAR files. BeyondTrust, an Okta customer, detected the attack and none of its own customers were affected. Okta believes this is a known threat actor that has targeted them before. #Okta #securitybreach #hacked #cybersecurity
https://krebsonsecurity.com/2023/10/hackers-stole-access-tokens-from-oktas-support-unit/
#AIsecurity #PhilippineMilitary #DigitalApplications #SecurityRisks #PrivacyandSecurity #IdentityTheft #PhishingAttacks #FakeProfiles
Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack. #Cybersecurity #Hacking #DataBreach #TechCEO #PrisonTime #Cybercrime #Malware #IdentityTheft #Vulnerabilities #ThreatIntelligence #IncidentResponse #EndpointSecurity #IoTSecurity #Privacy #ICS #Funding