Summary:
Zyxel, a Taiwanese networking device vendor, has identified at least 15 security flaws in its firewalls, access points, and NAS devices. The vulnerabilities can lead to authentication bypass, command injection, and denial-of-service attacks. Zyxel urges users to install patches to protect against these risks. #Zyxel #SecurityFlaws #Firewalls #AccessPoints #NASDevices
Hashtags:
#Zyxel #SecurityFlaws #Firewalls #AccessPoints #NASDevices
https://www.securityweek.com/major-security-flaws-in-zyxel-firewalls-access-points-nas-devices/
Apple has released security updates to patch WebKit flaws that were exploited on older iPhones. (#Apple, #security, #updates, #WebKit, #exploits)
Flaws CVE-2023-42916 and CVE-2023-42917 were already exploited on iOS versions before iOS 16.7.1. (#flaws, #CVE-2023-42916, #CVE-2023-42917, #iOS, #exploits)
The vulnerabilities can be used to hijack sensitive content or launch code execution attacks via malicious web content. (#vulnerabilities, #hijack, #codeexecution, #maliciouswebcontent)
The WebKit memory safety bugs were patched in macOS Sonoma 14.1.2 and Safari 17.1.2 updates. (#masOS, #Safari, #memorysafety, #bugs)
https://www.securityweek.com/apple-patches-webkit-flaws-exploited-on-older-iphones/
FjordPhantom Android malware targets banks with virtualization. The malware spreads through email, SMS, and messaging apps, tricking users into downloading what appears to be their bank's legitimate app. It uses virtualization to bypass detection and inject additional code into targeted banking apps. Promon advises users to be cautious when downloading apps from untrusted sources. #FjordPhantom #Androidmalware #banks #virtualization
https://www.infosecurity-magazine.com/news/fjordphantom-malware-targets-banks/
Summary: The manufacturing sector has been the top targeted industry for cyber extortion in 2023, representing 20% of all campaigns. There has also been a significant increase in cyber extortion incidents, with a 46% rise compared to the previous year. Large, English-speaking economies, such as the US, UK, and Canada, have the highest number of cyber extortion victims, but there is a growing trend of victimization in India, Oceania, and Africa. Manufacturing companies also accounted for the majority of confirmed cyber incidents in 2023. In addition to cyber extortion, hacktivist groups are emerging as a growing threat, with politically and socially motivated activities on the rise. Large enterprises are the most impacted by cyber incidents, followed by small organizations. Orange Cyberdefense predicts that AI evolution, the impact of laws and regulations, supplier consolidation, and the preparation for quantum threats will be key cybersecurity trends in 2024.
Hashtags: #ManufacturingSector #CyberExtortion #Cybersecurity #Hacktivism #CyberIncidents #AI #LawsandRegulations #SupplierConsolidation #QuantumThreats #CybersecurityTrends2024
https://www.infosecurity-magazine.com/news/manufacturing-top-targeted-orange/
North Korean hackers have stolen $3bn in cryptocurrency since 2017, targeting financial institutions and individuals globally. The funds are laundered to sustain the regime's financial resources despite international sanctions. The stolen cryptocurrency is often converted into fiat currency using stolen identities and manipulated photos. Stronger regulations and enhanced cybersecurity measures are needed to combat these cyber attacks. #NorthKorea #Cryptocurrency #Cybersecurity #MoneyLaundering
https://www.infosecurity-magazine.com/news/north-korea-amass-dollar3b-crypto/
Google researchers at Google have discovered that ChatGPT queries can be exploited to collect personal data. The researchers found that larger and more capable models are vulnerable to data extraction attacks. They tested their attack on nine open-source models and found that ChatGPT is highly susceptible to data extraction attacks. The trend of over-training on vast amounts of data poses a trade-off between privacy and inference efficiency. #Google #ChatGPT #dataextractionattacks #privacy #cybersecurity
https://cybersecuritynews.com/chatgpt-queries-collect-personal-data/
Online retailers are at risk of carding attacks during the holiday season, with potential losses predicted to reach $130 billion by 2023. Carding attacks target payment card information, including cardholder names, numbers, expiration dates, and security codes. Cybercriminals exploit stolen card details to make fraudulent transactions, steal gift card balances, take over user accounts, commit refund fraud, and make bulk purchases for resale. Preventive measures include behavioral analysis, transaction monitoring, device fingerprinting, geolocation verification, address verification systems, CAPTCHA challenges, two-factor authentication, machine learning and AI, and blacklist monitoring. To protect websites from bot attacks, a robust bot management system is necessary, which can detect and block layer 7 DDoS attacks, differentiate between bots and humans, and ensure a seamless user experience. Real-time behavioral detection capabilities and a 24/7 support team are essential.
SSNDOB Marketplace Admin Jailed for Selling Americans Data
- Vitalii Chychasov, a Ukrainian citizen, has been sentenced to an eight-year prison term for his role in operating the SSNDOB Marketplace.
- The marketplace was involved in the illicit trade of sensitive personal information on the dark web.
- Chychasov's arrest in Hungary and subsequent extradition to the US marked a significant step in dismantling the criminal infrastructure.
- The marketplace earned $19 million in revenue by selling stolen personal information, including Social Security numbers.
- The successful prosecution showcases the commitment of law enforcement agencies to combat cybercrime.
- Chychasov's sentencing sends a strong message that perpetrators of cybercrime will face the full force of the law.
Hashtags:
#CyberSecurity #CyberCrime #DataBreach #DarkWeb
https://cybersecuritynews.com/ssndob-marketplace-admin-jailed/
Okta breach impacted all customer support users. The attackers stole the name and email address for nearly all of Okta's customer support users. Some Okta customer support accounts had additional data fields exposed. Okta warns administrators to be on guard for targeted phishing attacks. Six percent of Okta customers still do not have multi-factor authentication. The breach was likely caused by an employee's compromised personal device. Okta should have implemented stronger access controls and security measures.
#Okta #SecurityBreach #CustomerSupport #DataBreach #PhishingAttacks #MultiFactorAuthentication
https://krebsonsecurity.com/2023/11/okta-breach-affected-all-customer-support-users/
Ransomware group Black Basta has made $100m since 2022 #BlackBasta #RansomwareGroup #Cybersecurity #Bitcoin. The group is Russian-speaking and has targeted multiple victims, with the largest ransom payment being $9m. Black Basta is linked to Conti and Quakbot, with overlap in targeted sectors. The analysis was conducted by Corvus Insurance using blockchain forensics tool Elliptic Investigator. #CorvusInsurance #BlockchainForensics #EllipticInvestigator.
https://www.infosecurity-magazine.com/news/black-basta-ransomware-group-100/
Effective proactive measures can be taken to defend against ransomware attacks. Ransomware attacks are difficult to deal with due to their rapidly evolving tactics, sophisticated encryption techniques, targeting vulnerabilities, and complex recovery process. To combat these attacks, organizations and individuals should implement regular and secure backups, update and patch systems regularly, use advanced threat protection tools, provide employee education and awareness training, restrict user access and privileges, and have an incident response plan in place. By adopting these measures, resilience against ransomware attacks can be enhanced. #Cybersecurity #RansomwareDefense #DataProtection #IncidentResponse
Okta Hack: Threat Actors Stolen all Customer Data
#cybersecurity #datatheft #OktaHack
Summary:
- Okta Security discovered additional details about the unauthorized intrusion into its customer support system.
- The threat actor accessed a report containing all users' names and email addresses.
- The compromised data increases the risk of phishing and social engineering attacks.
- Okta recommends implementing multi-factor authentication and other security measures to protect against future threats.
DJvu ransomware is being distributed as freeware or cracked software. It encrypts files and demands a ransom for decryption. The malware also steals information and exfiltrates data. The threat actors use a variety of other malicious files along with the ransomware. #DJvuransomware #cybersecuritynews #malware #vulnerability
Threat actors exploit Apache vulnerability with GoTitan botnet & PrCtrl RAT #Cybersecurity #ApacheVulnerability #GoTitan #PrCtrlRAT #Malware #Fortiguard #CVE202346604 #SecurityAdvisory
https://www.infosecurity-magazine.com/news/gotitan-botnet-prctrl-rat-exploit/
An open-source security scanner called 'Vigil' has been released to analyze the security of LLM models like ChatGPT. Developers can use Vigil to ensure their chat assistants are safe and secure. Vigil is a Python module and REST API that helps identify prompt injections and other potential threats. The application is currently in alpha testing. #Vigil #LLMmodels #ChatGPT #Cybersecurity
TAGS: #ChatGPT #Cybersecurity #Cybersecuritynews
https://cybersecuritynews.com/vigil-open-source-security-scanner/
Cybercriminals show hesitation in using AI cyber attacks. #Cybersecurity #AI #Cyberattacks
https://cybersecuritynews.com/cybercriminals-are-showing-hesitation/
GoTitan Botnet actively exploiting Apache ActiveMQ vulnerability. #GoTitanBotnet #ApacheActiveMQ #CybersecurityNews #Vulnerability
https://cybersecuritynews.com/apache-activemq-vulnerability/
Summary:
A design flaw in Google Workspace's domain-wide delegation feature, named "DeleFriend," allows attackers to modify existing delegations without Super Admin privileges. This can lead to unauthorized access and potential compromise of data in Google Workspace apps. The flaw is exacerbated by the lack of expiration dates for GCP Service account keys, the easy concealment of delegation rules, and a lack of awareness and detection. Hunters has created a tool to detect misconfigurations and is working with Google on mitigation strategies.
Hashtags:
#GoogleWorkspace #DeleFriend #SecurityFlaw #PrivilegeEscalation #UnauthorizedAccess #DataCompromise #GoogleCloudPlatform #DomainWideDelegation #GCPServiceAccounts #ThreatDetection #GCPResources #HuntersTeamAxon
https://cybersecuritynews.com/design-flaw-in-domain-wide-delegation/
OwnCloud has a critical vulnerability (CVE-2023-49103) that exposes sensitive information to unauthorized third parties. Threat actors are actively exploiting this vulnerability. #OwnCloud #Vulnerability #CyberSecurityNews #CriticalVulnerability
https://cybersecuritynews.com/owncloud-critical-vulnerability/
CISA & NCSC released guidelines for secure AI system development. The guidelines focus on secure design, development, deployment, and operation of AI systems. #AIsecurity #Cybersecurity #Guidelines #SecureDesign #SecureDevelopment #SecureDeployment #SecureOperation