Almost 2,000 Citrix NetScaler Servers Backdoored in Hacking Campaign
Security researchers at cybersecurity company Fox-IT (part of the NCC Group) and the Dutch Institute of Vulnerability Disclosure (DIVD) have discovered a large-scale campaign that planted webshells on Citrix Netscaler servers vulnerable to CVE-2023-3519.
Initially, the scans considered only vulnerable systems but later expanded to Citrix instances that received the update to address CVE-2023-3519.
This revealed 1,952 NetScaler servers backdoored with the same web shells Fox-IT found during the incident response engagements, indicating that the adversary used an automated method to exploit the vulnerability at a large scale.
@Cyber_Security_Channel
ShopBack Fined S$74,400 Over Leak of More Than 1.4 Million Customers’ Personal Data
ShopBack first notified the PDPC and its customers of an incident involving unauthorised access to its customer data servers on Sep 25, 2020.
PDPC then received two complaints from customers.
On Nov 12 that year, ShopBack’s customer database was subsequently offered for sale on Raidforums, an online cybersecurity forum commonly used to trade and sell stolen databases. Its domain name and content have since been seized by US authorities.
@Cyber_Security_Channel
Tenable Releases Generative AI-Based Cybersecurity Platform
The ExposureAI platform offers preventive security tools that facilitate natural language search queries, exposure data-based mitigation guidance and risk action recommendations, Tenable said Wednesday.
A Snowflake-powered data lake powers ExposureAI, offering a repository of over 1 trillion assets, exposures and security findings across IT, operational technology and public cloud environments.
Generative AI and related tools will be the focal point of discussion at an upcoming ExecutiveBiz event, themed “Trusted AI and Autonomy”.
@Cyber_Security_Channel
Google Releases Security Key Implementation Resilient to Quantum Attacks
Proof-of-concept (PoC) source code has been released as part of Google’s OpenSK project.
The OpenSK project was announced in early 2020 and its goal is to provide open source code for hardware security keys.
As part of the project, the tech giant also provides the resources necessary to 3D print a security key enclosure
@Cyber_Security_Channel
Jefferson Cherry Hill Warns of Possible Data Breach. What Info May Have Been Exposed?
The statement did not provide the number of patients that may have been impacted there, but said the potential breach was recognized by a maintenance technician working on the machine.“
The service technician noticed the portable backup device was missing from the larger DEXA scan machine.
Upon a full investigation, it cannot be determined if the device was lost or stolen," said Jefferson media spokesman Damien Woods.
@Cyber_Security_Channel
Data Privacy Meets Sports Betting in the Bay State
Operators are also prohibited from using any computerized algorithm, automated decision-making, artificial intelligence, machine learning or similar system that is known or reasonably expected to make the gaming platform more addictive under the rule.
Sports wagering operators must only retain patrons’ confidential information and personally identifiable information as necessary to operate a sports wagering area, sports wagering facility or sports wagering platform, or to comply with Massachusetts law.
@Cyber_Security_Channel
Czech Data Protection Authorities Question Police Use of Facial Recognition
The facial recognition system relies on images from government identity card and travel document registers.
In its report, the organization warns about the system’s privacy implications, adding that it could also be used for monitoring people’s activities, including those online.
The Czech Office for Personal Data Protection has asked the local police for information on the facial recognition system that has been in trial operation for almost a year.
One of the main issues highlighted is that the police did not bother to consult the data protection office during its testing, according to the office spokesperson Milan Řepka.
@Cyber_Security_Channel
How & Why Cybercriminals Fabricate Data Leaks
Lesser-known cybercriminals also want to grab a piece of the attention, which pushes them to create fake leaks.
These leaks not only generate hype and provoke a worried reaction from the targeted business but also serve as a fruitful way to deceive "colleagues" on the black market and sell other cybercriminals something that is not actually a leak.
Novice cybercriminals are much more likely to fall for this trick.
@Cyber_Security_Channel
At Black Hat, Splunk, AWS, IBM Security and Others Launch Open Source Cybersecurity Framework
When OCSF was first announced at Black Hat 2022, 18 organizations were on board.
Now, OCSF comprises 145 security companies including AWS and IBM and 435 individual contributors.
Splunk describes OCSF as an open and extensible framework that organizations can integrate into any environment, application or solution to complement existing security standards and processes.
@Cyber_Security_Channel
AI and Cybersecurity - Culmination of Digital Security Measures to Protect Organizational Infrastructure
The future of cyber security will be more dependent on AI, especially when data is seeing an expansion across industries like automotive, metaverse, education, etc.
AI is being used in traditional ways to improve the quality of cybersecurity but tools like top hacking apps are also using the technology to simulate and counter the way hacking attempts work.
@Cyber_Security_Channel
Companies Are Collecting Your Personal Data. Here's What You Need to Know
Personal data includes details like a person’s name, age, or email address among other things, and can be used to identify an individual.
This data can be made "pseudonymous" – meaning that all explicit personal data is removed to make it harder to identify a person – or "anonymous" – where all personal identifiers are removed so that an individual can no longer be identified.
There are many ways in which data can be collected online, whether through IP addresses, navigation data, cookies, or information we provide when filling out forms.Enforcing such tough laws though is tricky.
Across the EU states, there are 27 national data protection authorities (DPAs) for each country.
The DPAs work together within the European Data Protection Board (EDPB) and are managed by the European Data Protection Supervisor in Brussels.
@Cyber_Security_Channel
Downfall Attacks Can Gather Passwords, Encryption Keys From Intel Processors
“[CVE-2022-40982] is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software.
This allows untrusted software to access data stored by other programs, which should not be normally be accessible,” Daniel Moghimi, a research scientist at Google, explained.
He devised two exploitation techniques: Gather Data Sampling (GDS) and Gather Value Injection (GVI), and demonstrated how they can be used to do things like stealing AES keys, data from the Linux kernel, and more.
@Cyber_Security_Channel
US law firm Orrick Hit With Lawsuit Over March Data Breach
The breach involved Orrick client data, including people who have dental plans with Delta Dental of California and people who have vision plans with EyeMed Vision Care, according to sample notification letters posted by the California attorney general.
Orrick represented EyeMed following a 2020 data breach that compromised the personal information of 2.1 million people.
In May, EyeMed struck a $2.5 million settlement with Florida, New Jersey and Oregon over the breach.
@Cyber_Security_Channel
Colorado Health Agency Says 4 Million Impacted by MOVEit Hack
Those files contained the personal information of both Health First Colorado (Medicaid) and Child Health Plan Plus members.
The exposed information, the organization says, includes names, addresses, birth dates, Social Security numbers, demographic or income information, medical information, treatment information, and health insurance information.
@Cyber_Security_Channel
Don’t Expect Quick Fixes in ‘Red-Teaming’ of AI Models. Security Was an Afterthought
Michael Sellitto of Anthropic, which provided one of the AI testing models, acknowledged in a press briefing that understanding their capabilities and safety issues “is sort of an open area of scientific inquiry.”
Conventional software uses well-defined code to issue explicit, step-by-step instructions.
OpenAI’s ChatGPT, Google’s Bard and other language models are different.
Trained largely by ingesting — and classifying — billions of datapoints in internet crawls, they are perpetual works-in-progress, an unsettling prospect given their transformative potential for humanity.
@Cyber_Security_Channel
LinkedIn Accounts Hacked in a Widespread Hijacking Campaign
"Some have even been pressured into paying a ransom to regain control or faced with the permanent deletion of their accounts," reports Cyberint's researcher Coral Tayar.
"While LinkedIn has not yet issued an official announcement, it appears that their support response time has lengthened, with reports of a high volume of support requests"
Owners of these accounts are then prompted to verify ownership by providing additional information and also update their passwords before they're allowed to sign in again.
@Cyber_Security_Channel
When Should You Get Your Privacy Team Involved?
Involve your privacy team early and often, even if you can’t yet tell whether it’s warranted.
Not only can a privacy team bring new perspectives to the table, but they’ll also ensure that whatever the initiative, it’ll be ready for lift-off with few data privacy concerns attached.
With data being at the heart of so much of what we do online, working with teams that understand digital footprints is the key to many business initiatives, including digital transformation and workflow automation.
@Cyber_Security_Channel
Microsoft Defender for Cloud Gets More Multicloud
To help with that, Microsoft turned its Azure Security Benchmark into a cross-platform tool, renaming it the Microsoft cloud security benchmark.
The MCSB combines relevant recommendations from the Center for Internet Security, the National Institute of Standards and Technology and the Payment Card Industry Data Security Standard or PCI-DSS, Tamir explained.
@Cyber_Security_Channel
Massachusetts Health Officials Warn of Data Breach Involving More Than 134K People
"This incident was part of a worldwide data security incident involving a file-transfer software program called MOVEit, which has impacted state and federal government agencies, financial services firms, pension funds, and many other types of companies and not-for-profit organizations," it said.
"No UMass Chan or state systems were compromised in this incident".
"Any individual who receives a notice is encouraged to take steps to protect their information, including monitoring their financial account statements and enrolling in free credit monitoring and identity theft protection offered to individuals who had certain sensitive information involved," it added.
@Cyber_Security_Channel
Stellar Cyber and Oracle Cloud Infrastructure Partner to Offer Expanded Cybersecurity Capabilities
“Stellar Cyber is committed to providing the critical capabilities security teams need to deliver consistent security outcomes—all for a single license and price on a single platform,” said Jim O’Hara, Chief Revenue Officer at Stellar Cyber.
“This simple yet comprehensive model makes it easy for customers to measure how our Open XDR platform dramatically impacts their security ROI”.
The Stellar Cyber Open XDR platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill to secure their environments successfully.
Oracle PartnerNetwork (OPN) is Oracle’s partner program designed to enable partners to accelerate the transition to cloud and drive superior customer business outcomes.
The OPN program allows partners to engage with Oracle.
@Cyber_Security_Channel
Lookout Launches GenAI Tool to Support Cybersecurity Teams
To support cybersecurity professionals, Lookout SAIL's functionalities focus on security education, platform navigation and security telemetry analysis.
This GenAI assistant serves as a valuable companion, offering insights and assistance to users, ultimately streamlining tasks such as administration, policy creation, incident response and threat hunting.
Lookout SAIL allows people to interact naturally with the Lookout platform instead of having to learn from a user manual or guide.
Through its integration into Lookout's existing user experience, Lookout SAIL also enhances workflow and accelerates user interactions, leading to increased productivity and effectiveness.
@Cyber_Security_Channel
Debate Brews as NYPD Rolls Out Radio Encryptions
NYPD transmissions serve not only journalists but also popular scanner phone applications like Broadcastify and Citizen.
These apps provide real-time emergency updates to users. However, the NYPD has started to restrict public access, raising concerns about transparency.
Cotler points out that several precincts in Brooklyn North have gone silent without warning.
@Cyber_Security_Channel
⚡️More than 100,000 Hackers Have Details Exposed Through Malware on Cyber Crime Forums
“Researchers found that a staggering 120,000 infected computers, many of which belong to hackers, had credentials associated with cyber crime forums.”
Researchers said that hackers compromised through their involvement in cyber crime forums had a “substantial amount” of data exposed, which could point to their real-world identities.
@Cyber_Security_Channel
2,000 Citrix NetScaler Instances Backdoored via Recent Vulnerability
Now, NCC Group says it has observed an automated exploitation campaign in which more than 1,950 NetScaler instances were compromised, representing roughly 6.3% of the 31,000 vulnerable appliances identified at the beginning of the exploitation campaign.
The company identified close to 2,500 webshells on the compromised instances, and says that more than 1,800 of them remain infected.
Starting August 10, the Dutch Institute of Vulnerability Disclosure has been notifying the impacted organizations of NCC Group’s findings.
@Cyber_Security_Channel
Trend Micro Highlights Dark Side of Generative AI Tools
Trend is leading the way globally in mitigating these threats through a prolific output of groundbreaking research and its own use of AI to supercharge both ASRM and XDR.
Trend has been working on AI-powered solutions with current and planned AI/ML and generative AI investments since 2005, including tooling designed to detect BEC attacks.
Its Writing Style DNA technology learns normal email writing style from previous messages and flags when emails deviate from this baseline.
Adversaries leverage ChatGPT to filter and fuse large datasets to victim selection, and deepfakes are deployed to deceive victims into believing a close relation has been kidnapped to extort a ransom.
@Cyber_Security_Channel
Will AI Kill Cybersecurity Jobs?
Despite AI technologies being used in cybersecurity for the last decade, it can’t be said that the demand for cybersecurity professionals is decreasing.
We have been using AI to prioritize SIEM alerts, and yet SOCs are severely understaffed.
We have been using AI to detect malware, and yet we cannot fill all the job vacancies in incident response and reverse engineering.
We have been using AI to detect network anomalies, and yet we are craving more blue teamers. In fact, according to 2022 (ISC)² Cybersecurity Workforce Study, the cybersecurity workforce gap is growing year over year, despite deploying AI for cybersecurity-related tasks.
@Cyber_Security_Channel
Wipro report: Cloud & AI Creating Cybersecurity Gaps
The report included responses from the security leadership of 345 organisations across US, Europe and Asia Pacific Middle East and Africa regions, who each responded to 30 questions around trends, governance, security practices, collaboration and best practices.
In the report, Wipro found that 32% of surveyed organisations are spending more than 10% of their IT budget for security, recognising that perhaps businesses are becoming more aware of the dangers of poor cybersecurity measures.
@Cyber_Security_Channel
What's New in the NIST Cybersecurity Framework 2.0
"With this update, we are trying to reflect current usage of the Cybersecurity Framework, and to anticipate future usage as well," NIST's lead developer of the framework, Cherilyn Pascoe, said in the CSF 2.0 release on Aug. 8.
"The CSF was developed for critical infrastructure like the banking and energy industries, but it has proved useful every
@Cyber_Security_Channel
Abnormal Security Recognized as a Leader in AI, Cloud, and Cybersecurity by Industry and Customers Alike
In addition to these awards, the customer value of the Abnormal platform has been peer-recognized, as Abnormal was named a 2023 Customers’ Choice for Email Security on Gartner Peer Insights.
Abnormal was one of only two vendors placed in the upper-right quadrant of the “Voice of the Customer” quadrants, earning the Customers’ Choice distinction as a result of “[meeting or exceeding] both the market average Overall Experience and the market average User Interest and Adoption.”
As of today, Abnormal has an average rating of 4.8 stars in Gartner Peer Insights and a 98% Would Recommend rating from customers.
@Cyber_Security_Channel
Police Officers and Staff not Told About Data Breach for Almost a Month
The force said the laptop and radio were deactivated shortly after the theft and it was "confident no data has been lost from these devices and they are of no use to any third party".
@Cyber_Security_Channel