First, let's create a 2-sentence summary:
1. A major data breach at the Idaho National Laboratory has affected over 45,000 current and former employees.
2. Hackers gained access to sensitive personally identifiable information, including names, social security numbers, and banking details.
Now, let's create 3 hashtags:
1. #DataBreach
2. #Cybersecurity
3. #INL
https://www.infosecurity-magazine.com/news/45000-employees-nuclear-research/
Approval phishing scams have drained $1bn of cryptocurrency from victims since May 2021. The scams trick targets into signing malicious blockchain transactions, allowing scammers to steal tokens from victims' wallets. Romance scam techniques are often used to convince victims to sign these transactions. The losses from approval phishing scams could be even higher, as romance scams are typically underreported. To tackle this threat, crypto compliance teams should educate users about the scam, monitor the blockchain for suspected consolidation wallets, and freeze funds or report to law enforcement when suspect wallets move funds.
#ApprovalPhishing #CryptoScams #RomanceScams #CryptocurrencyTheft #CryptoCompliance
https://www.infosecurity-magazine.com/news/approval-phishing-crypto-victims/
Cozy Bear, a threat group linked to the Russian foreign intelligence service (SVR), has been hacking JetBrains TeamCity servers globally. The group has been exploiting an authentication bypass vulnerability in TeamCity since September 2023. The access gained through the vulnerability could be used to compromise source code, signing certificates, and software compilation and deployment processes. The SVR has been observed using the access to escalate privileges and deploy additional backdoors. Many companies have been notified after hundreds of compromised devices were discovered. The vulnerability was patched by JetBrains in September 2023, but some unpatched instances still exist. Cozy Bear is known for its involvement in various cyber attacks, including the SolarWinds campaign. Mitigation recommendations have been provided by CISA, including applying available patches and using multifactor authentication.
https://www.infosecurity-magazine.com/news/cozy-bear-russia-jetbrains-teamcity/
Summary: OLVX, a new underground market, is advertising a variety of hacking tools for illicit activities. It launched on July 1, 2023, and focuses on aiding cybercriminals during the holiday retail rush. OLVX hides on Cloudflare for web hosting and uses SEO and forums for customer growth. It partners with cybercriminals for custom toolkits and skips escrow for direct crypto payments. The marketplace sells items such as shells, cPanels, RDP, SSH access, and phish kits. OLVX thrives during the holiday season, supplying tools for targeting campaigns and escalating cyber threats. #CyberSecurity #CyberSecurityNews #HackingTools
https://cybersecuritynews.com/dark-web-market-olvx-advertising/
Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges. The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. The vulnerabilities include cryptographic issues, improper access control, path traversal, insufficient verification of data authenticity, improper input validation, and improper neutralization of special elements. It is recommended for users to install the most recent updates or get the latest version of Zoom software with all security updates. #cybersecurity #vulnerabilities #vulnerability
https://cybersecuritynews.com/zoom-mobile-and-desktop-app-flaws/
Summary:
A new method using GPT-4 for dynamic malware analysis has been introduced. It surpasses the state-of-the-art TextCNN method and uses BERT for representation retrieval. The method generates explanation texts for each API call in the sequence and produces high-quality explanatory texts through prompt generation. The model is connected with malware code categories for further analysis.
Hashtags:
#DynamicMalwareAnalysis #GPT4 #MalwareEngineering #APIAnalysis #BERT #RepresentationLearning
https://cybersecuritynews.com/dynamic-malware-analysis-using-gpt-4/
Microsoft has targeted a prolific threat group called Storm-1152, which is responsible for creating fake Microsoft accounts. The group has made millions from the creation of fraudulent accounts that aid in cybercrime. Microsoft obtained a court order to take down websites and infrastructure used by the group. The actors leading Storm-1152 have been identified as Duong Dinh Tu, Linh Van Nguyễn, and Tai Van Nguyen.
#Microsoft #fraudster #cybercrime #takedown #Storm1152
https://www.infosecurity-magazine.com/news/microsoft-prolific-outlook/
Summary: Hackers are actively targeting 7ZIP on the Microsoft App Store to spread malware, with a fake Russian 7ZIP package appearing in search results. Microsoft has removed the malicious software, named UTG-Q-003, after almost a year of it being undetected. Attackers utilized the JPHP library's "jurl" function to fetch payloads from a remote server, and the malware included Redline, Lumma Stealer, and Amadey. The attackers employed various download methods and redirected webpages through WordPress sites. They also utilized fake Cloudflare DDoS protection and phishing links to exploit target hosts. The malware surge on the Microsoft App Store may be linked to the WinRAR vulnerability. Attribution of the attacker is challenging due to connections to Russia and Ukraine. #cybersecurity #malware
https://cybersecuritynews.com/malicious-7zip-on-microsoft-app-store/
1. Hackers selling fake Microsoft products and accounts are being targeted by Microsoft's security team in partnership with Arkose Labs.
2. Storm-1152 is identified as the top seller of fake Microsoft accounts and operates dark sites for illicit activities.
3. Microsoft seized Storm-1152's websites and shut down their U.S. infrastructure, disrupting their illegal operations.
4. Storm-1152 fuels the cybercrime-as-a-service scene, providing fraudulent accounts for various malicious groups.
5. Microsoft's collaboration with Arkose Labs aims to enhance security measures and detect fraudulent accounts.
6. Legal action against Storm-1152 demonstrates the ongoing effort to combat cybercrime effectively.
#cybersecurity #fraud #Microsoft #cybercrime #malware
https://cybersecuritynews.com/microsoft-seized-storm-1152-websites/
Hackers are abusing OAuth applications for automated financial attacks. OAuth allows third-party apps to access user data without exposing login credentials. Microsoft researchers have found that hackers exploit weak authentication to compromise accounts and then use OAuth apps for malicious activities such as crypto mining, persistence post-BEC, and spam. Microsoft recommends mitigating credential guessing attack risks and enabling security measures like conditional access policies and continuous access evaluation. Hashtags: #OAuth #CyberAttack #FinancialAttacks #CryptoMining #BEC #Phishing
https://cybersecuritynews.com/hackers-abuse-oauth-applications/
Microsoft released its final Patch Tuesday of 2023, addressing a small number of security holes in Windows and other software. Four critical vulnerabilities were patched, including a flaw in MSHTML that could be triggered by receiving an email. Another critical flaw was found in the Internet Connection Sharing service. Microsoft also released non-critical patches, including one for an information disclosure vulnerability in Outlook. The SANS Internet Storm Center has a roundup of all the patches released. #MicrosoftPatch #PatchTuesday #WindowsSecurity
https://krebsonsecurity.com/2023/12/microsoft-patch-tuesday-december-2023-edition/
Cyberattack cripples Ukraine's largest telecom operator, impacting mobile and internet communications for millions of citizens. Kyivstar, the operator, blames the attack on the war with Russia. The attack is one of the largest in the history of the telecom market. The attack appears to be the most impactful event since Russia's invasion in 2022. Killnet, a pro-Russia hacker group, claims responsibility for the attack. Kyivstar is working to restore communication and ensure the security of subscriber data. Hashtags: #Cyberattack #Ukraine #Kyivstar #Russia #Telecom #Security
https://www.securityweek.com/cyberattack-cripples-ukraines-largest-telcom-operator/
Ukraine claims to have paralyzed Russia's tax system by compromising central and regional servers. The Ministry of Defense conducted a special operation that infected these servers with malware, wiping essential configuration files. As a result, communication between Moscow and the territorial departments is paralyzed, and the tax datacenter is destroyed. The tax system is expected to be out of action for at least a month. Ukrainian military intelligence now has access to all of Russia's tax data. #Ukraine #Russia #CyberWar
https://www.infosecurity-magazine.com/news/ukraine-claims-paralyzed-russias/
1. Lazarus Group, a North Korean hacking organization, is known for cyber espionage, financial theft, and destructive attacks. They have been involved in high-profile incidents such as the Sony Pictures hack and the WannaCry ransomware outbreak.
2. Cisco Talos researchers discovered Lazarus Group's "Operation Blacksmith," which uses new DLang-based malware to attack global organizations.
3. The operation exploits Log4Shell vulnerability and uses Telegram for communication.
4. Three malware families were discovered: Telegram-based RAT "NineRAT," non-Telegram RAT "DLRAT," and downloader "BottomLoader."
5. NineRAT operates through Telegram for command and control and has persistence mechanisms.
6. Anadriel, active since 2022, uses Telegram for communication and handles file upload/download.
7. BottomLoader is a downloader that downloads payloads via a PowerShell command and creates persistence.
8. DLRAT is a downloader and RAT that executes commands, performs reconnaissance, and communicates with C2 using a session ID.
9. The attack exploits the Log4Shell vulnerability on VMWare Horizon servers for initial access.
10. The IOCs include hashes and network indicators.
Hashtags: #CyberSecurity #CyberSecurityNews #Ransomware #Vulnerability
https://cybersecuritynews.com/lazarus-groups-operation-blacksmith/
Ukraine's largest phone operator, Kyivstar, has experienced a significant shutdown due to a cyber-attack. The attack is believed to be linked to the war with Russia. Kyivstar is working to restore communications and ensure subscriber data is safe. The Ukrainian government is investigating the incident and suspects Russia's involvement. The Kyivstar internet network and Ukrainian payment system Monobank have both experienced disruptions. There is no evidence yet of a connection between the two events. #Ukraine #cyberattack #Russia #cybersecurity
https://www.infosecurity-magazine.com/news/ukraine-kyivstar-hacked-war-russia/
Summary:
1. People are prone to making mistakes, making human error a significant factor in cyber-attacks and data breaches.
2. People-centric security takes human behavior into consideration when promoting a culture of mutual trust and awareness.
3. Education and awareness are crucial for effective people-centric security.
4. User-friendly technology that aligns with human behavior enhances user acceptance and compliance.
5. Behavioral analytics and user monitoring tools can detect irregular activities and potential security incidents.
6. People-centric security design enhances threat detection, reduces insider threats, and improves incident response efficiency.
Hashtags:
#PeopleCentricSecurity #PrivacyPrograms #Cybersecurity #ThreatDetection #UserCentricTechnology #HumanBehavior #EducationAndAwareness #UserAcceptance #IncidentResponse #SecurityDesign
https://www.infosecurity-magazine.com/blogs/people-centric-security-privacy/
Widespread security flaws blamed for PSNI data breach. The Police Service of Northern Ireland (PSNI) suffered a cyber incident in August 2023, resulting in the exposure of personal data for 9483 police officers and civilian staff. The breach occurred due to force-wide security failings and a "light touch approach" to data protection. An independent review found that the breach was a result of multiple factors and a lack of proactive data security measures. The review also highlighted the need for improved data protection strategy and compliance within the organization. The event serves as a wake-up call for all UK police forces to prioritize the security and protection of data. Hashtags: #PSNI #databreach #securityflaws #dataProtection #UKpolicing
https://www.infosecurity-magazine.com/news/security-flaws-psni-data-breach/
Editbot Stealer is a new malicious campaign that steals browser passwords and cookies. It uses WinRAR archive files with minimal detection to perform a multi-stage attack. The attackers lure users to deceptive websites by claiming to have a defective product to be sent back. The attack involves a BAT file and a JSON file for initial stages, followed by PowerShell commands. The stolen information is stored in a text file named "pass.txt" and is exfiltrated through telegram bots. #Editbot Stealer #BrowserPasswords #Cookies #CyberSecurity
Hackers have been found planting credit card skimmers using Google Tag Manager. Thousands of websites have been affected by this security breach. The hackers use Google Tag Manager to insert malicious code and custom scripts. The obfuscation methods used in the skimmer's code make it difficult to detect. The hackers have also created new containers with the same malicious script to reinfect compromised websites. #cyberattack #cybersecurity #cybersecuritynews
https://cybersecuritynews.com/hackers-planting-credit-card-skimmers/
Researchers have discovered a method to bypass the Android Lock Screen and access sensitive information. The issue affects recent versions of Android. Google is aware of the issue and is working on a security patch. The bypass involves using Google Assistant and navigating to Google Maps. If Driving mode is disabled, an attacker can access recent locations and contacts. If Driving mode is enabled, the attacker can gain control over the device and the user's Google account. Android users on versions 13 and 14 should secure their devices. #Android #cybersecurity #news
https://cybersecuritynews.com/researchers-bypassed-android-lock-screen/