Summary: Google has launched a new version of its Titan security key that supports passkeys, allowing users to store up to 250 unique passkeys. Passkeys aim to eliminate the use of passwords and leverage FIDO2 credentials and cryptography for secure logins. The new Titan security keys will replace current models and provide NFC capabilities. Google is committed to giving out 100,000 security keys for free in 2024 to high-risk users worldwide.
Hashtags: #Google #TitanSecurityKey #Passkeys #Cybersecurity #Authentication
https://www.securityweek.com/google-adds-passkey-support-to-new-titan-security-key/
Russian Hacking Group Sandworm Linked to Attack on Danish Critical Infrastructure. Notorious Russian nation-state threat actor Sandworm has been linked to the largest ever cyber-attack targeting critical infrastructure in Denmark. The incident took place in May 2023 and saw the attackers targeted 22 companies involved in operating Danish critical infrastructure. Sandworm was behind the attacks that took down power in parts of Ukraine in 2015 and 2016. In the first wave of attacks, the threat actors exploited the critical vulnerability CVE-2023-28771 contained in Zyxel firewalls. A second wave of attacks took place using “never-before-seen cyber weapons.” Sophisticated Attacks Linked to Sandworm. Short-sighted decision making led to critical infrastructure providers not patching a known zero-day vulnerability in the Zyxel firewalls. #Cybersecurity #Sandworm #RussianHacking #CriticalInfrastructure #Denmark
https://www.infosecurity-magazine.com/news/russian-sandworm-attack-danish/
Cyber-criminals exploit Gaza crisis with fake charity. Attackers targeted individuals and organizations with fraudulent donation requests. The attackers used emotionally charged language to manipulate sympathy. They employed social engineering tactics and concealed their identity. Legacy email security tools struggle to detect this type of attack. AI-powered email security platforms are needed. Hashtags: #CyberCrime #GazaCrisis #FakeCharity #SocialEngineering #EmailSecurity
https://www.infosecurity-magazine.com/news/criminals-gaza-crisis-fake-charity/
The Cloud Security Alliance (CSA) launches the Certificate of Competence in Zero Trust (CCZT), the first authoritative zero trust certification. #CCZT #ZeroTrust
The CCZT aims to equip security professionals with the knowledge to develop and implement a zero trust strategy. #SecurityCertification #InformationSecurity
Zero trust principles are recognized as the future of information security, applicable across various technological domains. #NeverTrustAlwaysVerify #ITSecurity
The CCZT program provides a comprehensive education, incorporating foundational principles from leading sources and the expertise of zero trust pioneer John Kindervag. #Education #Cybersecurity
Organizations adopting zero trust are expected to benefit from the CCZT certification, driving IT professionals to seek the certification as a gateway to future opportunities. #ITProfessionals #CareerDevelopment
https://www.infosecurity-magazine.com/news/csa-launches-zero-trust/
Kubernetes Windows Nodes Flaw Let Attacks Gain Admin Privilege
#cybersecurity #vulnerabilities #windows
https://cybersecuritynews.com/kubernetes-windows-nodes-vulnerability/
Google Chrome has released a new update fixing two vulnerabilities, CVE-2023-5997 and CVE-2023-6112, related to use-after-free conditions in Garbage Collection and Navigation. Users are advised to upgrade to the latest version to prevent these conditions. #Cybersecurity #GoogleChrome
CVE-2023-5997 is a high-severity vulnerability that allows heap corruption through a crafted HTML page. It was rewarded with $10,000 by Google. #Vulnerability #GoogleChrome
CVE-2023-6112 is similar to the previous vulnerability and can also be exploited for heap corruption. The severity is yet to be confirmed. #Vulnerability #GoogleChrome
Other fixes in the update include regular fuzzing, internal audits, and Google initiatives. #GoogleChrome #Fixes
https://cybersecuritynews.com/google-chrome-vulnerability-browser-crash/
Summary:
- Security analysts can use ChatGPT for malware analysis by enhancing GPT’s ability.
- GPT excels in summarizing large inputs and filtering the big picture.
- Overloading GPT with complex conditions can lead to misunderstandings and forgotten requirements.
- The six general principal obstacles in applying GPT to malware analysis are memory window drift, gap between knowledge and action, logical reasoning ceiling, detachment from expertise, goal orientation, and spatial blindness.
- GPT operates faster and more cost-effectively than a human analyst.
Hashtags:
#cybersecurity #malware #GPT #analysis
European police have dismantled a vishing gang that defrauded victims of $9 million. The gang operated from call centers in Ukraine, impersonating bank staff and police officers to trick victims into transferring funds to controlled accounts. Ten suspects were arrested and homes, vehicles, and call centers were searched. Vishing attacks, which combine voice phishing with email phishing, are on the rise. The fraud scheme attracted the attention of the authorities, prompting a joint investigation by Eurojust, Czechia, and Ukrainian authorities. Hashtags: #vishing #fraudgang #Europol #policecrackdown
https://www.infosecurity-magazine.com/news/european-police-take-down-9m/
Summary: CacheWarp is a new flaw in AMD's Secure Encrypted Virtualization (SEV) technology that allows attackers to hijack encrypted virtual machines (VMs) and gain privileged access. The vulnerability was discovered by researchers from the CISPA Helmholtz Center for Information Security and the Graz University of Technology. The CacheWarp attack method allows malicious attackers to manipulate data modifications on a single-store granularity, leading to control flow manipulation and compromising the VM's security. The vulnerability affects various generations of AMD EPYC processors and a microcode update has been provided as a mitigation measure.
Hashtags: #CacheWarp #AMD #SEV #VirtualMachines #CyberSecurity
https://cybersecuritynews.com/cachewarp-a-new-flaw-in-amds-sev/
Wireshark 4.2.0 has been released with new updates and features. #Wireshark #networkprotocols #updates
Dark mode support on Windows. Windows installer for Arm64 added. Improved packet list sorting. Wireshark and TShark generate valid UTF-8 output. New display filter for filtering raw bytes. #Windows #networktroubleshooting #networkanalysis
Removed features: TShark's -e option for displaying column text, disabled default script 'dtd_gen.lua', Wi-Fi NAN dissector filter name changed to 'wifi_nan'. #Wireshark #networktools
New protocol support: Aruba UBT, ASAM Capture Module Protocol (CMP), ATSC Link-Layer Protocol (ALP), DECT DLC protocol layer (DECT-DLC), DECT NWK protocol layer (DECT-NWK), and more. #networkprotocols #newfeatures
Updated protocol support for JSON, IPv6, XML, SIP, HTTP, and CFM. #networkprotocols #updates
Best Network Security Vendors for SaaS - 2024. SaaS security is crucial for businesses running on cloud-based software. Challenges in securing SaaS platforms include multi-tenancy, data privacy, access control, shadow IT, data residency, loss of control, end-point security, account hijacking, and inconsistent security policies. Best SaaS security practices include multi-factor authentication, single sign-on, data encryption, regular security audits, data backup and recovery, endpoint security, API security, network security, monitoring and alerting, educating employees, and vendor management. Top 10 network security vendors for SaaS include Perimeter 81, Palo Alto Networks, Fortinet, Symantec, Check Point, McAfee, Okta, Sophos, Netskope, and Qualys.
#SaaSsecurity #networksecurity #cybersecurity #dataencryption #multifactorauthentication #dataprivacy
https://cybersecuritynews.com/network-security-vendors-for-saas/
8-Point Security Checklist For Your Storage & Backups - 2024
1. Johnson Controls International experienced a massive ransomware attack, impacting their operations and potentially compromising sensitive DHS information.
2. The ransom note from Dark Angels, the ransomware group, stated that files were encrypted and backups were deleted.
3. StorageGuard helps protect your storage and backup systems with scanning, detection, and fixing of security misconfigurations and vulnerabilities.
4. Use the 8-point checklist to determine if your backups are secure, including incident-response plans, inventory of devices, comprehensive event logging, configuration auditing, separation of duties, administrative-access mechanisms, ransomware protection, and regular auditing.
5. Take the Cyber Resiliency Assessment for Backups to get practical recommendations for protecting your data and ensuring recoverability.
6. Tags: Backup Security, Cyber Resilience.
https://cybersecuritynews.com/security-checklist-for-your-storage-backups/
1. US authorities shut down a major botnet used for launching anonymous cyber-attacks. #botnet #cyberattacks
2. The IPStorm botnet operated from June 2019 to December 2022 and turned compromised devices into proxies. #IPStorm #proxies
3. The alleged administrator, Sergei Makinin, pleaded guilty to fraud charges. #cybercrime #fraud
4. Makinin's websites, proxx.io and proxx.net, allowed cyber-criminals to rent out the botnet proxies. #rental #proxy
5. The FBI urged device owners to stay updated with security patches to prevent their devices from becoming part of a botnet. #securitypatches #deviceowners
https://www.infosecurity-magazine.com/news/us-dismantles-ipstorm-botnet-proxy/
Ransomedvc, a ransomware and data extortion group, is shutting down its operations and selling its entire cybercrime infrastructure. The group has victimized over 40 organizations and most of them are based in Europe. Potential buyers are interested in the group's infrastructure. There have been possible arrests of six individuals linked to Ransomedvc and the group claims to have fired all 98 affiliates. The closure of Ransomedvc is unlikely to have a significant impact on the wider ransomware landscape. Cybersecurity experts recommend adopting a Zero-Trust posture and implementing measures to mitigate risks. #Ransomware #CybersecurityNews #Malware
https://cybersecuritynews.com/ransomed-vc-to-shutdown-operations/
from network security threats. They offer web filtering and security, phishing attack prevention, managed threat response, secure Wi-Fi, and more. With their advanced threat protection and centralized management, CISOs can ensure the security and integrity of their network. #NetworkSecurity #CISOs #Cybersecurity
10. Gen Digital Gen Digital provides integrated cyber defense solutions for CISOs. Their services include identity and access management, advanced threat protection, network security, and incident response. With their comprehensive security analytics and managed security services, CISOs can stay ahead of emerging threats and protect their organization's critical assets. #CyberDefense #IntegratedSecurity #CISO
Overall, these network security companies offer a range of solutions and features specifically designed for CISOs to protect their organizations from cyber threats. They provide essential tools, such as firewalls, intrusion prevention systems, advanced threat protection, and secure access service edge, to ensure the security and privacy of sensitive data. #CyberProtection #DataSecurity #NetworkDefense
https://cybersecuritynews.com/best-network-security-companies/
8 new Metasploit exploit modules released. #CyberSecurity #ExploitModules #Vulnerabilities #Metasploit #Rapid7
Metasploit is a penetration testing framework used for simulating attacks. It includes tools to test system security and detect vulnerabilities.
Recent vulnerabilities targeted by the new modules include CVE-2023-20198 affecting Cisco IOS XE OS and CVE-2023-46604 affecting Apache MQ.
Modules target vulnerabilities allowing execution of remote CLI and OS commands, arbitrary payload execution, command injection, and remote code execution.
Additional modules allow for stealing configuration and credential information, gathering connection credentials, and various bug fixes.
Summary:
1. Cohesity is bringing its generative AI features to Amazon's Bedrock for cloud-based AI.
2. The features include data management, security, analysis, enriched data interaction and learning, and retrieval augmented generation.
3. Cohesity CEO, Sanjay Poonen, states that there is a growing demand for AI-powered data insights.
4. Cohesity also announced integrations with AWS for its DataProtect product.
5. The availability of Bedrock-based Turing access is expected in approximately six months.
Hashtags:
#Cohesity #AI #cloudsecurity #datamanagement #securityanalysis #datainteraction #dataretrieval #AWS #Turing #generativeAI
AI shaping democracy: 1. AI as educator for citizens to learn about issues like climate change or tax policy. 2. AI as sense maker to provide accurate summarization of comments and highlight unique perspectives. 3. AI as moderator and consensus builder for online conversations, ensuring all voices are heard. 4. AI as lawmaker to craft legislation and identify loopholes. 5. AI as political strategist to provide ideas and conduct polls. 6. AI as lawyer to handle routine tasks and help navigate government systems. 7. AI as cheap reasoning generator to generate persuasive arguments and lobby. 8. AI as law enforcer to identify tax cheats and enforce laws. 9. AI as propagandist to produce and distribute propaganda. 10. AI as political proxy to vote on behalf of individuals. #AIChangeDemocracy #AIAsEducator #AISenseMaker #AIAsModerator #AIAsLawmaker #AIAsPoliticalStrategist #AIAsLawyer #AICheapReasoningGenerator #AIAsLawEnforcer #AIAsPropagandist #AIAsPoliticalProxy
https://www.schneier.com/blog/archives/2023/11/ten-ways-ai-will-change-democracy.html
1. McLaren Health Care is informing 2.2 million individuals of a data breach that compromised their personal information.
2. The breach was identified on August 22, and the intruders had unauthorized access to McLaren's network between July 28 and August 23.
3. The stolen information includes names, dates of birth, Social Security numbers, health insurance information, and medical records.
4. McLaren has no evidence of misuse but the stolen data is in the hands of cybercriminals.
5. The Alphv/BlackCat ransomware gang claimed responsibility for the breach and threatened to auction the stolen data.
6. It is unclear if employees and partners were affected by the breach.
7. McLaren is a Michigan healthcare delivery system with 15 hospitals and 28,000 employees.
Hashtags: #DataBreach #Cybersecurity #Malware #Healthcare #Privacy
https://www.securityweek.com/2-2-million-impacted-by-data-breach-at-mclaren-health-care/
Ransomware group RansomedVC is shutting down and selling its infrastructure. The group targeted organizations in Europe and demanded ransom payments of up to $1 million. They recently claimed responsibility for attacks on Sony and the District of Columbia Board of Elections. The shutdown is unlikely to have a significant impact on the ransomware landscape, as affiliates are expected to migrate to other RaaS operations.
Hashtags: #Ransomware #Cybersecurity #DataBreach #Cybercrime #Vulnerabilities
https://www.securityweek.com/ransomware-group-ransomedvc-closes-shop/