Kansas Court hack: Attackers stole sensitive data from systems. Cybercriminals threatened to post the stolen data on a dark website. Kansas Supreme Court released a statement about the cyber incident. Daily disruptions are being experienced in Kansas appellate courts and district courts. State authorities, governor’s office, and law enforcement are supporting Kansas. Prompt action was taken by security experts to identify the compromised data. Governmental organizations are frequently targeted by cyberattacks. The rule of law and institutions will prevail over malicious elements. Cybersecurity, cybersecurity news are the hashtags to use.
Pentagon is accelerating its use of AI technology for military purposes. The initiative, called Replicator, aims to deploy thousands of AI-enabled autonomous vehicles by 2026. The U.S. military is expected to have fully autonomous lethal weapons within the next few years. The use of AI in space and military logistics is also increasing. However, the Pentagon faces challenges in adopting AI technology and recruiting talent. The potential for fully autonomous weapons raises concerns about decision-making and accountability. #Pentagon #AIinitiatives #autonomousweapons
UK Publishes First Guidelines on Safe AI Development. The UK's National Cyber Security Centre (NCSC) has published the first globally agreed guidelines on safe and secure AI development. The guidelines were developed in collaboration with industry experts and international agencies, including the US Cybersecurity and Infrastructure Security Agency. 18 countries including all of the G7 have endorsed the guidelines. The guidelines are divided into four sections: secure design, secure development, secure deployment, and secure operation and maintenance. Security and trust are essential for safe and trustworthy AI. Hashtags: #AIDevelopment #Cybersecurity #Guidelines
https://www.infosecurity-magazine.com/news/uk-first-guidelines-ai-safety/
Loader malware is a silent threat that steals sensitive data and installs additional malware. It is difficult to detect and allows for more sophisticated cyber attacks. Loader malware has various capabilities, including gathering system information and employing evasion techniques. It spreads through phishing campaigns and targets cracked software websites. Organizations must adopt proactive measures to combat loader malware and protect their systems. #cybersecurity #malware
https://cybersecuritynews.com/loader-malware-steal-sensitive-data/
In the aviation industry, GPS spoofing attacks on commercial flights' navigation systems have become a major concern, causing disruption and compromising aviation safety. These attacks outsmart GPS receivers and destabilize avionics design, leaving flight crews defenseless. The need for international collaboration to identify and neutralize these threats is urgent. Public awareness is crucial in advocating for proactive measures to protect passenger safety. The industry, governments, and cybersecurity experts must take swift and decisive action to ensure the skies remain safe. #cybersecurity #cybersecuritynews #GPSattacks #malware
SysJoker malware targets Windows, Linux, and Mac users, using OneDrive for command and control server URLs. The malware collects system information and has different variants. Rust version of SysJoker uses unpredictable sleep intervals. Two additional SysJoker samples have been discovered, with more complexity than the Rust version. The malware undergoes continuous modifications and enhancements. #cybersecurity #malware
Broadcom plans to complete a $69 billion acquisition of VMWare after receiving regulatory approval. The deal includes cash, stock, and the assumption of debt. #Broadcom #VMWare #acquisition #regulatoryapproval
Hackers are using malicious browser extensions to steal Facebook business accounts. The extensions, developed by the Ducktail family, can bypass security measures and target advertising and business accounts. The main goal is to target the accounts of employees in senior positions or in HR, digital marketing, or social media marketing. Be cautious when handling unknown files and avoid clicking on EXE files that appear to be legitimate documents. Countermeasures include avoiding suspicious downloads on work computers and checking the extensions of downloaded files. #cybersecurity #malware
https://cybersecuritynews.com/malicious-hackers-browser-extensions/
PolarDNS is a free DNS server for vulnerability research and pentesting. It can help identify potential attack vectors and security flaws. The server allows for fully custom DNS responses and supports UDP and TCP protocols. It offers features and modifiers to create diverse response variants for testing. Using basic Python and DNS protocol understanding, PolarDNS facilitates easy implementation of new ideas and scenarios. To run it, you need to install Python 3.10 or newer and PyYAML. The server starts listening on localhost and uses ports 53 for DNS queries. The installation process involves editing the configuration file and adding your domain and nameserver IP addresses. #PolarDNS #DNSserver #vulnerabilityresearch #pentesting
Friday Squid Blogging: The Squid Nebula is a pretty photograph of a low-mass star nearing the end of its life. #Squid #Astronomy
Summary: The Squid Nebula is shown in blue, indicating doubly ionized oxygen. You can use this squid post to talk about security stories in the news.
https://www.schneier.com/blog/archives/2023/11/friday-squid-blogging-squid-nebula.html
A USB worm known as LitterDrifter is infecting computers in Ukraine and beyond. It is attributed to Russia’s Federal Security Service and is part of espionage-motivated campaigns targeting Ukrainian organizations. LitterDrifter spreads from computer to computer through USB drives and permanently infects connected devices with malware. Hashtags: #malware #Russia #Ukraine #USB
https://www.schneier.com/blog/archives/2023/11/litterdrifter-usb-worm.html
Chocolate Swiss Army Knife - Schneier on Security
1. Realistic-looking chocolate Swiss Army Knife raises questions about TSA confiscation.
Hashtags: #airtravel #humor #weapons
2. People share their thoughts on the realistic design of chocolate objects.
Hashtags: #chocolate #realistic #objects
3. Discussion on TSA policies regarding the confiscation of knives.
Hashtags: #TSA #knives #policies
4. A humorous comment on TSA officers using confiscated Swiss Army knives.
Hashtags: #confiscation #SwissArmyknives #spoils
https://www.schneier.com/blog/archives/2023/11/chocolate-swiss-army-knife.html
Summary:
1. Russia accuses China and North Korea of cyberattacks targeting the telecommunications and public sectors.
2. Atlanta-based cybersecurity firm COO admits to hacking hospitals for business gain.
3. Hacker breaches hotel networks and tries to fake his own death.
4. Idaho National Laboratory suffers a data breach, with hacktivist group SiegedSec claiming responsibility.
5. Large phishing campaign distributes DarkGate and PikaBot malware.
6. Commercial flights experience GPS spoofing attacks in the Middle East.
7. Ukraine fires top cyber defense officials amid fraud investigation.
8. Australia announces funding for cybersecurity programs for small and medium-sized businesses.
9. Drenan Dudley appointed as the interim acting national cyber director in the White House.
10. Discovery and Launch vulnerabilities allow hackers to play any video on targeted TVs.
Hashtags:
#Cyberattacks #DataBreach #Hacking #Phishing #GPSAttacks #FraudInvestigation #CybersecurityFunding #NationalCyberDirector #TVHacking
Summary: North Korean hackers breached a Taiwanese software company and used its systems to deliver malware to the US, Canada, Japan, and Taiwan in a supply chain attack. The hackers modified a legitimate application installer, added malicious code, and signed it with a valid CyberLink certificate. The malware, known as LambLoad, checks for the presence of specific security software before executing malicious code. Microsoft has provided indicators of compromise (IoCs) to help detect the activity.
Hashtags: #SupplyChainAttack #Cybersecurity #NorthKoreanHackers #Malware #LambLoad #Taiwan #DiamondSleet #CyberLink #SecuritySoftware
https://www.securityweek.com/north-korean-software-supply-chain-attack-hits-north-america-asia/
Reasons to restore a database: server re-installation, database corruption, migrating to a new Exchange Server, merging data
Methods to restore Exchange mailbox database: Database Portability, Windows Server Backup, Stellar Repair for Exchange
Database Portability considerations: permissions needed, cannot move to a different organization or newer Exchange Server version
Windows Server Backup steps: open backup software, select recovery location and database to restore
Stellar Repair for Exchange: third-party software to restore corrupt database to a new server
Limitations of Database Portability and Windows Server Backup
Stellar Repair for Exchange is simple to use and can restore any Exchange Server version without restrictions
#database #restore #ExchangeServer #datarecovery #migration
https://www.infosecurity-magazine.com/blogs/restore-exchange-mailbox-database/
Cyber-Attack Disrupts UK Property Deals #CyberAttack #UKPropertyDeals #ConveyancingFirms #ServiceOutage #Delay #SupplyChain #ThirdPartySoftware #Investigation #Restoration #Interconnected
https://www.infosecurity-magazine.com/news/cyber-attack-disrupts-uk-property/
Hashtags: #BlackFridayFraud #CyberMondayDeals #OnlineScams #ConsumerProtection #RetailSecurity #MultiFactorAuthentication #PhishingAttacks #DataSecurity #CyberThreats #EcommerceSafety
https://www.infosecurity-magazine.com/opinions/how-avoid-black-friday-fraud-2023/
CISA relaunches working group to assess effectiveness of security controls in tackling ransomware and other threats. The working group will collaborate with industry to understand what security controls are most effective. This is crucial in the context of the increasing incidents of ransomware in the US. The goal is to drive best practice and improve baseline security. CIDAWG will partner with Stanford to correlate data with cybersecurity controls. The analysis will inform insurers' risk analysis and help CISA understand the impact of its initiatives.
#CISA #SecurityControls #Ransomware #Cybersecurity #CIDAWG #Stanford
(Note: The number of sentences and hashtags provided were not specified, so adjust accordingly)
https://www.infosecurity-magazine.com/news/cisa-project-effectiveness/
APT groups are using HrServ web shells to hack Windows systems. These web shells allow unauthorized access and control, enabling hackers to steal data and launch further attacks. The web shell "hrserv.dll" has advanced features like custom encoding and in-memory execution. Security analysts have also found similar variants from 2021, suggesting a connection to malicious activity. The HrServ web shell registers a service handler and launches an HTTP server using custom encoding. Commands can be executed based on HTTP requests, and the DLL leverages the NID cookie. Variants of HrServ have been found in 2021 using custom encoding, and they erase traces by deleting initial files and registry tweaks. The TTPs of these attacks have not been attributed to any known threat actors. A government entity in Afghanistan has been identified as a victim. #CyberSecurity #CyberSecurityNews #Malware
https://cybersecuritynews.com/apt-groups-using-hrserv-web-shell/
Hackers exploiting Windows RCE using weaponized Office documents #CyberSecurityNews #Threats #Vulnerability #Windows #Hackers #Exploit #RCE #APT #CVE-2023-36884 #CVE-2023-36584 #SecurityBypass #MitW #IndicatorsOfCompromise
https://cybersecuritynews.com/office-document-to-exploit-windows-search/