Ticketmaster confirms breach impacting 560 million users, ShinyHunters involved, Live Nation downplays financial impact, Snowflake targeted #Ticketmaster #Breach #ShinyHunters #SecurityBreach #DataBreach #Snowflake #LiveNation #CyberAttack
https://www.infosecurity-magazine.com/news/ticketmaster-confirms-breach-560/
#HunterKillerMalware #MalwareAttacks #CybersecurityTactics #EvasionTechniques #CyberThreats
"Hunter-Killer" malware detections have increased by 333% annually, accounting for 26% of all detections in 2023. #malware #cybersecurity
These malware attacks are designed to evade security tools and disable enterprise security defenses. #cybercrime #security
The surge in hunter-killer malware can be linked to three main MITRE ATT&CK techniques: process injection, command and scripting interpreter, and impairing defenses. #MITRE #cyberattacks
Malware attackers are repurposing cybersecurity utilities to launch aggressive attacks, abusing anti-rootkit utilities and other endpoint defenses. #ransomware #cybersecurity
Defenders must be proactive in simulating attacks to assess the response of their defensive systems against hunter-killer malware. #incidentresponse #networksecurity
https://www.infosecurity-magazine.com/news/hunterkiller-malware-detections/
Coyote malware uses NodeJS to attack users of over 60 banks. Threat actors alter login pages to steal credentials. The malware leverages Squirrel and DLL sideloading for persistence. It communicates with a C2 server to send collected information. #cybersecurity #malware #bankingattacks
https://cybersecuritynews.com/coyote-malware-leverage-nodejs/
Summary:
- Matt Burgess discusses the usability of passkeys and mentions that the results are mixed, highlighting the issue of account recovery.
- Commenters share their thoughts on passkeys, mentioning scalability, security concerns, and the need for easier recovery methods.
- Chris Smith raises the point that passkeys may create an economic barrier for individuals without their own devices.
- In general, passkeys are seen as a potential replacement for passwords but still have limitations that need to be addressed.
Hashtags:
#Passkeys #Usability #Passwords #AccountRecovery #Security #Scalability
https://www.schneier.com/blog/archives/2024/02/on-passkey-usability.html
Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years: A non-profit organization in Saudi Arabia was targeted in a stealthy cyberespionage campaign that went undetected for two years. The campaign utilized a custom backdoor called Zardoor, modified reverse proxies, and the abuse of legitimate tools for malware delivery and command-and-control setup. The threat actor has remained unidentified, but their advanced techniques and ability to maintain long-term access to the victim's network suggest there may be other compromised targets. #Cyberespionage #DataBreach #ThreatActor
Note: I have created a 2-sentence summary based on the provided text. Please adjust the number of sentences and hashtags as needed.
https://www.securityweek.com/stealthy-cyberespionage-campaign-remained-undiscovered-for-two-years/
Summary: ExpressVPN recently disabled split tunneling on its Windows clients due to a bug that caused DNS requests to be redirected to a third party instead of their servers. The bug only affected certain versions of the software and less than 1% of Windows users. ExpressVPN released an update to disable split tunneling entirely until the issue is resolved. Users can downgrade to an older version if split tunneling is necessary.
Hashtags: #ExpressVPN #SplitTunneling #Bug #SecurityIssue
https://www.securityweek.com/expressvpn-user-data-exposed-due-to-bug/
Ongoing Azure Cloud Account Takeover Campaign Targeting Senior Personnel - An active cloud account takeover campaign has compromised hundreds of user accounts on the Azure platform. The targets are often senior positions, including sales directors, account managers, and finance managers. Proofpoint researchers detected the campaign and identified phishing lures used within shared documents. The attackers use a specific Linux user-agent for access and employ various techniques for maintaining persistence and obfuscating their activity. The campaign may have connections to Russian and/or Nigerian actors.
#AzureCloud #AccountTakeover #Phishing #Cybersecurity #SeniorPersonnel
Summary:
An active Azure cloud account takeover campaign has compromised user accounts, particularly targeting senior personnel. Proofpoint researchers have identified phishing lures and techniques used by the attackers. The campaign is ongoing and may involve Russian and/or Nigerian actors.
#Azure #CloudAccountTakeover #PhishingCampaign #SeniorPersonnel
Malicious campaign targets Microsoft Azure accounts. Hundreds of individuals with executive roles are affected. Campaign started in November 2023 and is still active. Threat actors use spear phishing emails with shared documents. They gain access to Microsoft365 and 'OfficeHome' accounts. Post-compromise activities include MFA manipulation, data exfiltration, phishing, and fraud. Proofpoint provides mitigation recommendations. Hashtags: #MaliciousCampaign #MicrosoftAzure #Cybersecurity #SpearPhishing #DataExfiltration #PhishingFraud
https://www.infosecurity-magazine.com/news/malicious-campaign-microsoft-azure/
Summary: China has launched a media campaign to accuse the US of hacking operations, partnering with cybersecurity firms, government agencies, and state media to amplify the allegations. The campaign gained momentum in 2022, with China publishing articles and reports in English to highlight US hacking activities. However, the accusations lack technical validation and evidence, raising questions about China's motives and the credibility of its claims.
Hashtags: #China #US #hacking #cybersecurity #media #campaign
https://www.infosecurity-magazine.com/news/china-targets-us-hacking-ops/
Sophisticated cyber-attack hits Islamic charity in Saudi Arabia. Prolonged cyber-espionage campaign targeting a non-profit organization. Attackers used malware called "Zardoor" for access. Open-source reverse proxy tools used to evade detection. Windows Management Instrumentation used for lateral movement. Backdoors deployed for access and data exfiltration. Attackers employ various techniques for persistence and communication. Attack attributed to advanced and skilled adversary. #CyberAttack #SaudiArabia #Zardoor #ReverseProxy #WindowsManagementInstrumentation
https://www.infosecurity-magazine.com/news/cyberattack-hits-islamic-charity/
Rise of Black Hat AI Tools That Shifts The Nature Of Cyber Warfare
- Malicious versions of LLMs, like dark variants of ChatGPT, are escalating cyber warfare
- These models generate convincing phishing emails, spread disinformation, and craft targeted social engineering messages
- Illicit capabilities pose a significant threat to online security and challenge distinguishing genuine and malicious content
- Rise in using malicious versions of ChatGPT and other dark LLMs discovered by cybersecurity researchers
- Dark LLMs empower beginner attackers and challenge advanced security frameworks
- Known dark LLMs include XXXGPT, Wolf GPT, WormGPT, and DarkBARD
- Dark LLMs are involved in illicit activities such as targeted research synthesis, enhancing phishing schemes, and voice-based AI fraud
- AI-driven attacks automate vulnerability discovery and malware spread, requiring a re-evaluation of cybersecurity defenses
- Traditional defenses and phishing recognition are no longer sufficient
- Rethinking of phishing detection and awareness training is necessary in response to the shift in AI's capacity to simulate convincing emails.
Hashtags: #CyberAI #CyberSecurity #CyberSecurityNews
New Malware Mimics Visual Studio Update to Attack macOS users. Backdoor written in Rust discovered with 3 variants. Distributes as FAT binaries for Intel and ARM architectures. Dates back to November 2023. Core functionalities of samples listed. Variants contain embedded plist files and Apple Scripts for data exfiltration. Oldest variant lacks Apple script and configurations. Bitdefender publishes comprehensive report on backdoor with variants, samples, source code, and more. Indicators of Compromise listed. Cybersecurity hashtags: #malware #VisualStudio #macOS #backdoor #cybersecurity.
Beware of Raspberry Robin, a malicious worm that spreads through USB drives and is used by threat actors for various purposes such as data theft and deploying other malware. It was delivered as a Windows component and is associated with crime groups EvilCorp and TA505. Raspberry Robin continuously evolves and exploits vulnerabilities like CVE-2023-36802. It escalates privileges and targets specific Windows versions. The worm actively evades virtual machines and is expected to incorporate new tricks and features. #cybersecurity #malware
https://cybersecuritynews.com/beware-of-stealthy-raspberry-robin/
US Consumers Lost $10bn+ to Fraud in 2023 #fraud #consumerloss #recordhigh
Investment Scams Earned Fraudsters $4.6bn in 2023 #investmentfraud #scams #financialloss
Imposter Fraud and E-commerce Fraud Also Prevalent #identitytheft #ecommerce #scams
Email Overtakes Text Messages as Most Common Vector for Fraud #cybercrime #phishing #communication
Phone Calls Remain a Popular Contact Method for Scammers #phonefraud #scammers #communication
Bank Transfers and Payments Account for Largest Losses #bankfraud #paymentfraud #financialloss
FTC Takes Action Against Scams to Protect Americans #consumerprotection #FTC #scamawareness
FCC Bans AI-Generated Voice Calls to Combat Spam and Disinformation #AI #voicecalls #spamprotection
https://www.infosecurity-magazine.com/news/us-consumers-lose-10bn-fraud-last/
A new malware called Zardoor has been discovered, using reverse proxy tools to avoid detection and maintain persistence. The threat actor behind it has been using living-off-the-land binaries and may be based in China. The malware is designed to establish C2 control and execute remote commands. #cybersecurity #malware
UN experts are investigating 58 suspected North Korean cyberattacks valued at about $3 billion. The cyberattacks are believed to be funding the development of weapons of mass destruction. The cyberattacks are continuing, with North Korean hacking groups under the Reconnaissance General Bureau responsible. North Korea is violating UN sanctions and further developing nuclear weapons. They have operational nuclear facilities and are preparing for their seventh nuclear test. North Korea also continues to import refined petroleum products in violation of sanctions. The country is also engaged in illicit financial operations. The sanctions have unintentionally affected the humanitarian situation in North Korea. #NorthKorea #Cyberattacks #UNInvestigation #SanctionsViolation #WeaponsDevelopment #IllicitFinancialOperations
#Cohesity #Veritas #DataProtection #DataSecurity #MergersAndAcquisitions
https://www.securityweek.com/cohesity-to-buy-veritas-data-protection-businesses/
Summary:
- A penguin named "Squid" is featured in an amusing story.
- There are several links to news articles, including one about a Philadelphia sheriff posting fake news stories and another about a new release of Hiren's BootCD PE x64.
- A video demonstrates how the Raspberry Pi Pico can crack BitLocker encryption.
- David Kahn, a leading historian of codes and code breaking, has passed away.
- An article explains how warm air can hold more water vapor, resulting in heavier rain.
- The failure to protect the root of trust is discussed, highlighting the vulnerability of key passover between TPM and CPU.
- The presence of subliminal bias in AI systems is mentioned, using the example of feet positioning in a photo of Supreme Court justices.
Hashtags:
#Penguin #Squid #FakeNews #ChatGPT #HirensBootCD #BitLocker #RaspberryPiPico #Codes #CodeBreaking #Rain #TPM #CPU #AI #Bias #SupremeCourt
https://www.schneier.com/blog/archives/2024/02/friday-squid-blogging-a-penguin-named-squid.html
Juniper Networks support portal exposed sensitive information tied to customer products; the data exposure stemmed from a recent upgrade to the portal. Information such as device models, serial numbers, warranty status, and support contract information were accessible. The exposed support contract information is potentially sensitive because it reveals which products lack critical security updates. Juniper Networks has since resolved the issue and is investigating the root cause. #JuniperNetworks #DataExposure #SecurityUpdates
https://krebsonsecurity.com/2024/02/juniper-support-portal-exposed-customer-device-info/