Hackers are using compromised routers to target government organizations in Europe and the Caucasus region. The APT28 threat actors were behind this malicious campaign. They used spear-phishing to distribute credential stealers, remote execution tools, and a reconnaissance and credentials harvesting tool. The malicious infrastructure is believed to be built from legitimate compromised Ubiquiti network devices. The attack is likely being carried out to further Russian goals. #cyberattack #cybersecurity #cybersecuritynews
GNU C Library Vulnerability Leads to Full Root Access. Heap-based buffer overflow in glibc's __vsyslog_internal() function allows attackers to gain full root access. Linux distributions are vulnerable. #glibc #vulnerability #rootaccess #securityweek
https://www.securityweek.com/gnu-c-library-vulnerability-leads-to-full-root-access/
- IT and OT integration in the ICS threat landscape discussed in podcast with Palo Alto Networks
- Challenges of merging IT and OT governance structures
- Process integrations for IT/OT security strategy
- Consolidated tech stacks for IT and OT
- Role of next-generation firewalls in integrated IT/OT world
- Hashtags: #Cybersecurity #ITOTIntegration #ICSConference #TechStacks #NextGenFirewalls
https://www.securityweek.com/podcast-palo-alto-networks-talks-it-ot-convergence/
US Gov neutralizes Chinese APT Volt Typhoon's botnet of end-of-life routers. #Cybersecurity #Botnet #APT
US government takes down botnet used by Chinese APT Volt Typhoon. #Security #Router #APT
Government remotely seizes control of infected routers used as covert communications channel by Chinese hackers. #GovernementAction #RouterBotnet #ChineseAPT
US government disrupts botnet of Cisco and Netgear routers used by Chinese APT group. #USGovernment #RouterBotnet #APT
Chinese APT group Volt Typhoon targeted critical infrastructure using end-of-life routers. #CybersecurityThreat #CriticalInfrastructure #RouterBotnet
https://www.securityweek.com/us-gov-disrupts-soho-router-botnet-used-by-chinese-apt-volt-typhoon/
EU launches first cybersecurity certification for digital products. The voluntary scheme replaces national certifications. EUCC allows ICT suppliers to demonstrate cybersecurity assurance. The scheme proposes two levels of assurance based on risk. ENISA is working on certification schemes for cloud services and 5G security. Increasing cybersecurity regulations and standards. #EU #cybersecurity #certification #digitalproducts #ICTsuppliers
https://www.infosecurity-magazine.com/news/eu-cybersecurity-certification/
AI and 5G are redefining cybersecurity, requiring the industry to collectively adapt. Security measures are crucial for an organization's reputation. Industry-wide collaboration is key to understanding and mitigating evolving threats. Telcos have a responsibility to protect customers and critical infrastructure. Inadequate defense against cybercrime can have devastating consequences. The security of new technology, like 5G, must be addressed before mass adoption. The rise of AI brings new challenges and risks, but it can also be used for defense. Joining industry events and raising awareness is important for staying ahead of threats. #AI #5G #Cybersecurity #Threats #Telcos #DataBreach #SecuritySummit #GSMASECCON
https://www.infosecurity-magazine.com/blogs/ai-5g-new-era-of-cybersecurity/
Pawn Storm, also known as APT28, has been targeting high-value entities since 2004. They continue to compromise email accounts despite using outdated methods like phishing. Pawn Storm has recently been involved in Net-NTLMv2 hash relay attacks on government, defense, and military networks globally. They have targeted various sectors and regions, demonstrating persistence and enhancing operational security. They have used anonymization layers and vulnerabilities to conduct their attacks. Pawn Storm remains aggressive and network defenders should leverage indicators of compromise to enhance security.
#PawnStorm #APT28 #hashrelayattacks #government #defense #military #phishing #informationsecurity
https://www.infosecurity-magazine.com/news/pawn-storms-stealthy-net-ntlmv2/
Hackers exploit open redirect flaws for phishing attacks. Phishing attempts use legitimate websites for redirection. Open URL redirection vulnerability makes phishing attempts easier. Attackers manipulate URL parameters to redirect users to malicious sites. Open redirect strategies are used in image-based attacks. Constant watchfulness against cyber threats is necessary. Hashtags: #cybersecurity #phishingattacks #cybersecuritynews #malware
https://cybersecuritynews.com/open-redirect-flaws-phishing-attacks/
Next-generation malware analysis is crucial due to the increasing complexity and sophistication of malware.
Traditional signature-based detection technologies are insufficient to detect polymorphic and metamorphic code.
Behavioral analysis and machine learning are new methods for analyzing malware.
Next-generation malware analysis with sandboxing identifies advanced techniques and improves defenses.
Machine learning can detect malware through data pattern analysis.
Sandboxing is a powerful technique that isolates malware and analyzes its behavior.
ANY.RUN is an interactive sandboxing service for malware analysis.
Sandboxing plays a crucial role in threat intelligence by analyzing malware and detecting new vulnerabilities.
Integration with security systems enhances the effectiveness of sandboxing.
Feeds from sandbox analysis can improve incident response and strategic decision-making.
Join ANY.RUN for free and try its features for 14 days.
#malwareanalysis #nextgeneration #behavioralanalysis #machinelearning #sandboxing #threatintelligence #securitysystems #incidentresponse #cybersecurity
https://cybersecuritynews.com/next-generation-malware-analysis-with-sandboxing/
Summary:
A 19-year-old man from Florida has been arrested for wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. The man, identified as Noah Michael Urban, is also believed to be a key member of a hacking group responsible for cyber intrusions at major US technology companies. The group, known as Oktapus or Scattered Spider, has been linked to breaches at Twilio, LastPass, DoorDash, Mailchimp, and Plex. Urban allegedly stole at least $800,000 from five victims between August 2022 and March 2023.
Hashtags:
#SIMswapping #hackinggroup #cryptocurrency #twilio #LastPass #DoorDash #Mailchimp #Plex #cybersecurity
Text Summary: Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet - Multiple DVR device models from Hitron Systems are being targeted by the InfectedSlurs botnet, which exploits six zero-day vulnerabilities in the devices. The vulnerabilities allow for remote code execution and are being actively exploited. Akamai advises organizations to update their firmware, change default login credentials, and implement security measures to protect against these attacks.
Hashtags: #Cybersecurity #Exploits #ZeroDay #Botnet #InfectedSlurs #Hitron #Akamai #Vulnerabilities #FirmwareUpdates #SecurityMeasures
https://www.securityweek.com/hitron-dvr-zero-day-vulnerabilities-exploited-by-infectedslurs-botnet/
City Cyber Taskforce Launches to Secure Corporate Finance. The Institute of Chartered Accountants in England and Wales (ICAEW) and the National Cyber Security Centre (NCSC) are teaming up with other organizations to improve the security of corporate finance deals. The taskforce includes representatives from banking, law, consulting, and more. The guidance provided by the taskforce will help companies mitigate cyber risks in fund raising, M&A deals, and IPOs. Chartered accountants are attractive targets for threat actors due to the sensitive data they handle. Engaging with the taskforce's report and practical guidance will increase cyber resilience. #CyberSecurity #CorporateFinance #CyberRisk #DataProtection #CyberResilience
https://www.infosecurity-magazine.com/news/city-cyber-taskforce-secure/
Summary:
- NSA admits to buying bulk data on Americans from data brokers
- This practice is likely illegal, but NSA argues it's legal until told otherwise
- Concerns raised about the legality of selling this data in the first place
- Calls for better technology to collect and delete less data
Hashtags:
#NSA #surveillance #datacollection #dataprivacy #metadata
New images of Colossus code-breaking computer released by GCHQ. Celebrating the machine's eightieth anniversary. #cryptography #historyoftryptography
https://www.schneier.com/blog/archives/2024/01/new-images-of-colossus-released.html
Navigating the Landscape of Advanced Email Security Threats with Optimism
Email Popularity and Cybersecurity Concerns
Email's prevalence makes it a target for cybercriminals.
Email as an Attack Vector
Email is leveraged for attacks, such as infected attachments and phishing schemes.
Impact of Email-Based Attacks
Email attacks lead to data breaches and financial losses.
Limitations of Native Email Protections
Native email protections are insufficient against advanced attacks.
Importance of Third-Party Email Security Solutions
Businesses should invest in advanced email security solutions.
Key Considerations for Next-Generation Email Security Solutions
Holistic threat intelligence, behavior-driven analytics, adaptive sandboxing, phishing acumen, empowerment through education, and agile scalability and integration are necessary.
Conclusion
Businesses can overcome advanced email security threats with a proactive approach and the right technology. Optimism is the key to tackling cyber threats.
Hashtags: #EmailSecurity #Cybersecurity #Phishing #DataBreach #AdvancedThreats
#IndiaDataBreach #Cybersecurity #DataPrivacy #IdentityTheft
https://www.securityweek.com/data-of-750-million-indian-mobile-subscribers-sold-on-hacker-forums/
The Ransomware Threat in 2024 is Growing: Report - The ransomware threat is increasing and evolving in 2024, with criminals focused on data extraction. The volume of ransomware attacks has more than doubled from 2022 to 2023. The success of ransomware is demonstrated by the increase in victims who have paid the ransom. Cyberinsurance may be a factor in the willingness to pay. Security budgets have increased more for prevention than recovery. Ransomware attacks have negative effects on victims, including lost revenue and reputational damage. Board-level concern for ransomware is high. Criminal motivations for ransomware include data exfiltration, supply chain attacks, creating chaos, and geopolitics and activism. Ransomware is getting worse and is used by cybercriminal groups and nation-state actors.
https://www.securityweek.com/the-ransomware-threat-in-2024-is-growing-report/
ChatGPT, an AI chatbot developed by OpenAI, has been found to violate European Union privacy laws by Italian regulators. OpenAI has been notified of breaches of the General Data Protection Regulation (GDPR) and has 30 days to respond. The investigation found that ChatGPT exposed users' messages and payment information, lacked age verification measures, and could generate false information about individuals. The growing popularity of AI systems like ChatGPT is drawing increased regulatory scrutiny worldwide. #OpenAI #ChatGPT #GDPR #privacylaws #AIregulation
Alpha Ransomware Group launches data leak site on the Dark Web. The ransomware group, Alpha, has recently emerged with the launch of its Dedicated/Data Leak Site (DLS). The DLS is titled "MYDATA" and is considered unstable and frequently offline. The victims of the ransomware group are from various industry sectors and countries. The ransom demand lacks consistency, indicating a combination of talent and amateurism in the ransomware space. Hashtags: #AlphaRansomware #DataLeak #DarkWeb
https://www.infosecurity-magazine.com/news/alpha-ransomware-launches-data/
Dark web flooded with operator credentials after Orange EspaƱa breach. Network operators' credentials circulating on the dark web following cybersecurity breach. Breach led to disruptive alterations in BGP and RPKI configurations. Resecurity discovers over 1572 compromised customers from RIPE, APNIC, AFRINIC, and LACNIC. Compromised credentials priced as low as $10. Dark web actors utilizing compromised credentials pose significant dangers. Compromised accounts include large data center in Africa, financial organization in Kenya, and IT consulting firm in Azerbaijan. Compromised network administrators often utilized free email providers. Robust digital identity protection programs needed to safeguard infrastructure and customers. Resecurity notifies affected victims. Varying levels of awareness and action among compromised individuals. #Cybersecurity #DarkWeb #OrangeEspaƱa #DataBreach
https://www.infosecurity-magazine.com/news/dark-web-floods-operator/