Pawn Storm, also known as APT28, has been targeting high-value entities since 2004. They continue to compromise email accounts despite using outdated methods like phishing. Pawn Storm has recently been involved in Net-NTLMv2 hash relay attacks on government, defense, and military networks globally. They have targeted various sectors and regions, demonstrating persistence and enhancing operational security. They have used anonymization layers and vulnerabilities to conduct their attacks. Pawn Storm remains aggressive and network defenders should leverage indicators of compromise to enhance security. #PawnStorm #APT28 #hashrelayattacks #government #defense #military #phishing #informationsecurity

Infosecurity Magazine

Pawn Storm’s Stealthy Net-NTLMv2 Assault Revealed

Trend Micro reported recent attacks focused on government sectors, including foreign affairs, energy, defense and transportation

Hackers exploit open redirect flaws for phishing attacks. Phishing attempts use legitimate websites for redirection. Open URL redirection vulnerability makes phishing attempts easier. Attackers manipulate URL parameters to redirect users to malicious sites. Open redirect strategies are used in image-based attacks. Constant watchfulness against cyber threats is necessary. Hashtags: #cybersecurity #phishingattacks #cybersecuritynews #malware

Cyber Security News

Hackers Exploit Trusted Platform Redirect Flaws For Phishing Attacks

Attackers abuse trustworthy platforms for redirection, which involves the use of legitimate websites to redirect users to harmful URL destinations.

Next-generation malware analysis is crucial due to the increasing complexity and sophistication of malware. Traditional signature-based detection technologies are insufficient to detect polymorphic and metamorphic code. Behavioral analysis and machine learning are new methods for analyzing malware. Next-generation malware analysis with sandboxing identifies advanced techniques and improves defenses. Machine learning can detect malware through data pattern analysis. Sandboxing is a powerful technique that isolates malware and analyzes its behavior. ANY.RUN is an interactive sandboxing service for malware analysis. Sandboxing plays a crucial role in threat intelligence by analyzing malware and detecting new vulnerabilities. Integration with security systems enhances the effectiveness of sandboxing. Feeds from sandbox analysis can improve incident response and strategic decision-making. Join ANY.RUN for free and try its features for 14 days. #malwareanalysis #nextgeneration #behavioralanalysis #machinelearning #sandboxing #threatintelligence #securitysystems #incidentresponse #cybersecurity

Cyber Security News

Next-Generation Malware Analysis With Sandboxing - Threat Analysis Guide in 2024

Next-generation malware analysis with sandboxing identifies advanced malware techniques, targets, and effects, improving defenses.

Summary: A 19-year-old man from Florida has been arrested for wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. The man, identified as Noah Michael Urban, is also believed to be a key member of a hacking group responsible for cyber intrusions at major US technology companies. The group, known as Oktapus or Scattered Spider, has been linked to breaches at Twilio, LastPass, DoorDash, Mailchimp, and Plex. Urban allegedly stole at least $800,000 from five victims between August 2022 and March 2023. Hashtags: #SIMswapping #hackinggroup #cryptocurrency #twilio #LastPass #DoorDash #Mailchimp #Plex #cybersecurity

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider – Krebs on Security

Text Summary: Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet - Multiple DVR device models from Hitron Systems are being targeted by the InfectedSlurs botnet, which exploits six zero-day vulnerabilities in the devices. The vulnerabilities allow for remote code execution and are being actively exploited. Akamai advises organizations to update their firmware, change default login credentials, and implement security measures to protect against these attacks. Hashtags: #Cybersecurity #Exploits #ZeroDay #Botnet #InfectedSlurs #Hitron #Akamai #Vulnerabilities #FirmwareUpdates #SecurityMeasures

SecurityWeek

Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet

Akamai flags six zero-day vulnerabilities in Hitron DVRs exploited to ensnare devices in the InfectedSlurs botnet.

City Cyber Taskforce Launches to Secure Corporate Finance. The Institute of Chartered Accountants in England and Wales (ICAEW) and the National Cyber Security Centre (NCSC) are teaming up with other organizations to improve the security of corporate finance deals. The taskforce includes representatives from banking, law, consulting, and more. The guidance provided by the taskforce will help companies mitigate cyber risks in fund raising, M&A deals, and IPOs. Chartered accountants are attractive targets for threat actors due to the sensitive data they handle. Engaging with the taskforce's report and practical guidance will increase cyber resilience. #CyberSecurity #CorporateFinance #CyberRisk #DataProtection #CyberResilience

Infosecurity Magazine

City Cyber Taskforce Launches to Secure Corporate Finance

A new initiative led by the ICAEW and NCSC launches today to help improve cybersecurity during deals and investments

Summary: - NSA admits to buying bulk data on Americans from data brokers - This practice is likely illegal, but NSA argues it's legal until told otherwise - Concerns raised about the legality of selling this data in the first place - Calls for better technology to collect and delete less data Hashtags: #NSA #surveillance #datacollection #dataprivacy #metadata

Schneier on Security

NSA Buying Bulk Surveillance Data on Americans without a Warrant - Schneier on Security

The NSA finally admitted to buying bulk data on Americans from data brokers, in response to a query by Senator Wyden. This is almost certainly ille...

New images of Colossus code-breaking computer released by GCHQ. Celebrating the machine's eightieth anniversary. #cryptography #historyoftryptography

Schneier on Security

New Images of Colossus Released - Schneier on Security

GCHQ has released new images of the WWII Colossus code-breaking computer, celebrating the machine’s eightieth anniversary (birthday?). News a...

Navigating the Landscape of Advanced Email Security Threats with Optimism Email Popularity and Cybersecurity Concerns Email's prevalence makes it a target for cybercriminals. Email as an Attack Vector Email is leveraged for attacks, such as infected attachments and phishing schemes. Impact of Email-Based Attacks Email attacks lead to data breaches and financial losses. Limitations of Native Email Protections Native email protections are insufficient against advanced attacks. Importance of Third-Party Email Security Solutions Businesses should invest in advanced email security solutions. Key Considerations for Next-Generation Email Security Solutions Holistic threat intelligence, behavior-driven analytics, adaptive sandboxing, phishing acumen, empowerment through education, and agile scalability and integration are necessary. Conclusion Businesses can overcome advanced email security threats with a proactive approach and the right technology. Optimism is the key to tackling cyber threats. Hashtags: #EmailSecurity #Cybersecurity #Phishing #DataBreach #AdvancedThreats

IT Security Guru

Navigating the Landscape of Advanced Email Security Threats with Optimism

In the contemporary digital era, email remains one of the most predominant forms of business communication. With its unrivalled efficiency and ubiq...

#IndiaDataBreach #Cybersecurity #DataPrivacy #IdentityTheft

SecurityWeek

Data of 750 Million Indian Mobile Subscribers Sold on Hacker Forums

A massive database containing the information of 85% of the Indian population has emerged on the dark web.

The Ransomware Threat in 2024 is Growing: Report - The ransomware threat is increasing and evolving in 2024, with criminals focused on data extraction. The volume of ransomware attacks has more than doubled from 2022 to 2023. The success of ransomware is demonstrated by the increase in victims who have paid the ransom. Cyberinsurance may be a factor in the willingness to pay. Security budgets have increased more for prevention than recovery. Ransomware attacks have negative effects on victims, including lost revenue and reputational damage. Board-level concern for ransomware is high. Criminal motivations for ransomware include data exfiltration, supply chain attacks, creating chaos, and geopolitics and activism. Ransomware is getting worse and is used by cybercriminal groups and nation-state actors.

SecurityWeek

The Ransomware Threat in 2024 is Growing: Report

The number of Ransomware victims have significantly increased in the past year, according to a survey report published by Delinea.

ChatGPT, an AI chatbot developed by OpenAI, has been found to violate European Union privacy laws by Italian regulators. OpenAI has been notified of breaches of the General Data Protection Regulation (GDPR) and has 30 days to respond. The investigation found that ChatGPT exposed users' messages and payment information, lacked age verification measures, and could generate false information about individuals. The growing popularity of AI systems like ChatGPT is drawing increased regulatory scrutiny worldwide. #OpenAI #ChatGPT #GDPR #privacylaws #AIregulation

SecurityWeek

ChatGPT Violated European Privacy Laws, Italy Tells Chatbot Maker OpenAI

Italy's data protection authority, known as Garante, told OpenAI that its ChatGPT artificial intelligence chatbot violated GDPR laws.

Alpha Ransomware Group launches data leak site on the Dark Web. The ransomware group, Alpha, has recently emerged with the launch of its Dedicated/Data Leak Site (DLS). The DLS is titled "MYDATA" and is considered unstable and frequently offline. The victims of the ransomware group are from various industry sectors and countries. The ransom demand lacks consistency, indicating a combination of talent and amateurism in the ransomware space. Hashtags: #AlphaRansomware #DataLeak #DarkWeb

Infosecurity Magazine

Alpha Ransomware Group Launches Data Leak Site on the Dark Web

Netenrich analyzed the ransom note pattern saying the group is refining their messages to victims

Dark web flooded with operator credentials after Orange España breach. Network operators' credentials circulating on the dark web following cybersecurity breach. Breach led to disruptive alterations in BGP and RPKI configurations. Resecurity discovers over 1572 compromised customers from RIPE, APNIC, AFRINIC, and LACNIC. Compromised credentials priced as low as $10. Dark web actors utilizing compromised credentials pose significant dangers. Compromised accounts include large data center in Africa, financial organization in Kenya, and IT consulting firm in Azerbaijan. Compromised network administrators often utilized free email providers. Robust digital identity protection programs needed to safeguard infrastructure and customers. Resecurity notifies affected victims. Varying levels of awareness and action among compromised individuals. #Cybersecurity #DarkWeb #OrangeEspaña #DataBreach

Infosecurity Magazine

Orange España Breach: Dark Web Flooded With Operator Credentials

Resecurity discovered over 1572 compromised customers from RIPE, APNIC, AFRINIC and LACNIC

Schneider Electric confirms data accessed in ransomware attack, Cactus ransomware group claims responsibility, major brands impacted, investigation ongoing, division-specific systems taken offline, expect business platforms to resume in two days, cybersecurity firms and authorities involved, energy companies under threat, Cactus group increasingly active. #SchneiderElectric #ransomwareattack #Cactus #cybersecurity #energycompanies

Infosecurity Magazine

Schneider Electric Confirms Data Accessed in Ransomware Attack

Energy firm Schneider Electric said a ransomware incident, reportedly perpetrated by the Cactus group, has led to data being accessed from its Sust...

Blackwood APT hackers use DLL loader to escalate privileges and install backdoors. The loader targets users in Japan and China. The malware is a 32-bit DLL without obfuscation or encryption but has the ability to inject malicious code into legitimate processes. It employs anti-analysis techniques and bypasses User Account Control to establish a persistent backdoor. SonicWall has released a signature to detect and block this loader.

Cyber Security News

Blackwood APT Hackers Use DLL Loader to Escalate privilege & Install backdoor

The recent discovery of a new DLL loader associated with the notorious Blackwood APT group has sent shivers down the spines of cybersecurity profes...

Summary: Phishing emails are a common method used by cybercriminals to trick users into downloading malicious content or giving up personal information. These emails can lead to serious consequences such as ransomware attacks, data theft, and remote access control. To protect yourself, be wary of suspicious emails, check the sender's domain, avoid opening suspicious attachments, and use link scanners and antivirus software to detect viruses. Additionally, using a sandbox like ANY.RUN can help analyze and detect malware in emails. Hashtags: #Phishing #Cybersecurity #Malware #Sandboxing #EmailSecurity

Cyber Security News

How to Check an Email for Viruses in a Sandbox

Funny videos, messages on social networks, hot topic news, and special offers are perfect baits for stealing your money and credentials.

Aembit announces new workload IAM integration with CrowdStrike to help enterprises secure workload-to-workload access. Aembit becomes the first workload IAM platform to integrate with the industry-leading CrowdStrike Falcon platform. Workload IAM transforms enterprise security by securing workload-to-workload access through policy-driven, identity-based, and secretless access controls. Enterprises can protect their workloads from unauthorized access and minimize security vulnerabilities. The partnership provides managed workload-to-workload access, seamless deployment, a zero-trust security model, and visibility and monitoring. This collaboration reflects the growing demands for securing workload access. Aembit Workload IAM is available in the CrowdStrike Marketplace. #Aembit #CrowdStrike #WorkloadIAM #ZeroTrust #Cybersecurity

Cyber Security News

Aembit Announces New Workload IAM Integration with CrowdStrike to Help Enterprises Secure Workload-to-Workload Access

The Workload Identity and Access Management platform that enables DevOps and security teams to discover, manage, enforce and audit access.

Linux Kernel’s IPv6 implementation flaw allows attackers to execute arbitrary code. The flaw is identified as CVE-2023-6200 and has a CVSS score of 7.5. Attackers can transmit an ICMPv6 router advertisement packet to exploit this vulnerability. RedHat has issued an advisory stating that an unauthenticated attacker from an adjacent network can cause arbitrary code execution. Mitigation can be achieved by disabling net.ipv6.conf.[NIC].accept_ra parameter. Upgrading to kernel 6.7-rc7 fixes the flaw. #cybersecurity #IPv6 #vulnerability

Cyber Security News

Linux Kernel’s IPv6 Implementation Flaw Let Attackers Execute Arbitrary Code

With a CVSS score of 7.5, a high-severity IPv6 implementation issue in the Linux kernel identified as CVE-2023-6200.

Phobos ransomware expands with new FAUST variant. Attackers use an Office document with VBA script to propagate the ransomware. FAUST exhibits persistence mechanisms and encrypts files with a ".faust" extension. User caution and regular updating is crucial. #PhobosRansomware #FAUSTVariant #FilelessAttacks #UserAwareness #Cybersecurity

Infosecurity Magazine

Phobos Ransomware Family Expands With New FAUST Variant

FortiGuard said the variant was found in an Office document using a VBA script