IBM Notifies Janssen CarePath Customers of Data Breach
IBM said that it was notified of the issue by Janssen on August 2, 2023 and that it promptly worked with the database provider to disable the technical method that was used to gain unauthorized access.
IBM also augmented security controls to reduce the chance of a similar event occurring in the future.
@Cyber_Security_Channel
Researchers Discover Critical Vulnerability in PHPFusion CMS
"Exploitation of this vulnerability has effectively two requirements," says Matthew Hogg, software engineer at Synopsys' Software Integrity Group, who discovered the vulnerability.
One of them is that the attacker needs to be able to authenticate to at least a low-privileged account, and the other is that they need to know the vulnerable endpoint.
"By fulfilling both criteria, a malicious actor would be able to craft a payload to exploit this vulnerability," Hogg says.
@Cyber_Security_Channel
Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Mistakes
Redmond also acknowledged a failure of its internal systems to detect sensitive secrets leaking from crash dumps.
“The key material’s presence in the crash dump was not detected by our systems (this issue has been corrected),” the company said.
The company said the 2021 crash dump with signing key was subsequently moved from the isolated production network into its debugging environment on the internet connected corporate network.
@Cyber_Security_Channel
Ransomware and Data Breaches: Impacts Continue to Grow Louder
I often get asked these questions (and more), and the answers can take months or years to be released after an event.
In some instances, the specific details remain hidden from public view — concealed inside the databases of cyber insurance companies or classified files guarded by three-letter government agencies.
@Cyber_Security_Channel
GhostSec Leaks Source Code of Alleged Iranian Surveillance Tool
Behnama in particular is not just a tool, but "a powerful instrument of surveillance" that is used by the Iranian government, law enforcement agencies, and military personnel, GhostSec said, noting that its intention of exposing FANAP is "in the interests of the Iranian people, but also in the interests of protecting the privacy of each and every one of us."
@Cyber_Security_Channel
Mason Tenders’ District Council data breach class action settlement
The Mason Tenders’ District Council is a labor organization based in New York, serving more than 17,000 members, including construction workers, asbestos and hazardous materials handlers, Catholic high school teachers, and recycling and waste handlers, according to the council’s website.
@Cyber_Security_Channel
How to Conduct a Cloud Security Assessment
A cloud security assessment evaluates an organization's cloud infrastructure for the following:
- Overall security posture
- Identity and access management (IAM) policies
- Service provider security features
- Compliance
- Documentation
- Exposure to future threats
Threat modeling reviews should test against possible attacks and threats to the cloud environment, ease of attacks based on exposure and susceptibility, and the state of preventive and detective controls in place.
Organizations with multi-cloud deployments should expect to conduct separate threat modeling sessions for each respective cloud service.
@Cyber_Security_Channel
Threat Advisory: Zero-Day Vulnerabilities Detected On Winrar
These vulnerabilities require user interaction for exploitation.
Remote attackers, with malicious intent, can execute arbitrary code on systems where WinRAR is installed.
The software’s functionality, which includes archive creation in RAR or ZIP file formats, displays and unpacks numerous archive file formats.
This further amplifies the potential for compromise as WinRAR’s ability to support the creation of encrypted archives, multi-part files, and self-extraction adds to the complexity of the situation.
Furthermore, file integrity is verified using CRC32 or BLAKE2 checksums for each file within an archive, highlighting the significance of these gaps in the system.
@Cyber_Security_Channel
Why is .US Being Used to Phish So Many of Us?
.US is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S.
Department of Commerce. However, NTIA currently contracts out the management of the .US domain to GoDaddy, by far the world’s largest domain registrar.
Under NTIA regulations, the administrator of the .US registry must take certain steps to verify that their customers actually reside in the United States, or own organizations based in the U.S.
But Interisle found that whatever GoDaddy was doing to manage that vetting process wasn’t working.
@Cyber_Security_Channel
The 7 Personal Data Protection Principles
Data users may process personal data only where:
the data subject has given his consent to the processing of the personal data.
Or the processing of the data is necessary (for certain purposes more particularly set out in the PDPA).
Where the data subject is under the age of 18, consent should be obtained from the individual who has parental responsibility over the data subject.
When dealing with sensitive personal data or where the data is to be transferred outside of Malaysia, explicit consent is required to be obtained from the data subject.
Consent should be obtained in a form which can be recorded and maintained properly by the data user.
@Cyber_Security_Channel
AHA security leader sees 'AI-fueled cyber arms race'
Riggi – who's scheduled to deliver the opening keynote on September 7 at the HIMSS Healthcare Cybersecurity Forum – says he's been concerned recently about a "dramatic increase" in attacks on hospitals and health systems.
"They're primarily taking two forms," said Riggi.
First, healthcare organizations are facing intensifying risk from "large data theft attacks from foreign-based criminal organizations and adversarial nation state spies that want to steal patient information and medical research for their own purposes."
@Cyber_Security_Channel
A Brief History of ICS-Tailored Attacks
In the cybersecurity domain, we often analyze threats based on a triad of opportunity, capability, and intent.
Threat actors must possess all three in order to launch successful attacks.
Drawing on this brief history of ICS-specific malware, it appears that the threat groups are getting bolder by trying to inflict physical damage and strike safety systems, thereby indicating a growing general intent to cause harm.
The technical analysis of the malware reveals a growing sophistication trend, indicating rising capability.
It is on us, the cyber defenders, to learn from the past and make our networks hostile to attackers, thereby denying them the opportunities that they seek.
@Cyber_Security_Channel
10 Best Antivirus Software for Businesses in 2023
Antivirus software is added protection for business devices that scans for and protects against malware or viruses that may affect your company’s data safety.
Today’s most complete antivirus software will also bundle additional protection with VPNs and firewalls, products that are commonly sold as separate software.
@Cyber_Security_Channel
Crackdowns on Encrypted Messaging Don’t ‘Help the Children’
U.K. government officials, for years, have voiced concerns that online services don’t do enough to tackle illegal content, particularly child sexual abuse material.
The “solution” was the Online Safety Bill, ostensibly seeking to make the U.K. the world’s safest place to use the internet.
@Cyber_Security_Channel
Should Senior IT Professionals Be Accountable for Professional Decisions?
Everyone makes mistakes.
But what if your mistakes cost you tens of thousands of dollars in fines, see you facing jail time, or risk the security of millions of other people?
Companies now access and handle more personal data than ever before. And regulators are reexamining the significant responsibility that brings.
Ranging from negligence to deliberate cover-ups, here are two other cases from recent years, involving Uber and TSB.
@Cyber_Security_Channel
Why MSPs Should Focus Their Attention on Data Protection Services, Not Backup
Each additional backup solution means more cost and not reaping the benefits of scale that comes from serving many customers with the same solution.
Each solution means more complexity and more opportunity for something to go wrong.
When almost any other system goes wrong, the problem will be flagged immediately, usually by the customer complaining.
@Cyber_Security_Channel
Intro To Honeypots
There are also honeypots that exist as public services to collect and analyze various payloads.
While some of these services are simply built as a means for professionals (and cyber criminals) to test the detection rate of their payloads, they are equally leveraged as a means to distribute payloads to anti-virus companies and law enforcement looking to get an edge on new techniques used in the field.
@Cyber_Security_Channel
As LotL Attacks Evolve, So Must Defenses
An LotL phishing attack's initial goal is a credential harvesting page where threat actors will steal a user's email address and password.
Once logged in, they do reconnaissance within the organization (including looking through that person's inbox for opportunities to commit a business email compromise attack).
For example, if the target is in finance, the threat actor may initiate a wire transfer or reroute invoicing traffic.
If the target is not high value, threat actors will pivot and attack that user's contacts to conduct a CHA or distribute malware by replying to legitimate conversations in the inbox.
@Cyber_Security_Channel
United Airlines Says the Outage That Held Up Departing Flights Was Not a Cybersecurity Issue
By late afternoon Tuesday on the East Coast, United had canceled only seven flights, well below its average of about 16 per day over the busy Labor Day weekend, according to figures from tracking service FlightAware.
However, more than 350 United flights were delayed — 13% of the carrier’s schedule, far more than rivals American, Delta and Southwest — on a day that many holiday vacationers were expected to fly home.
@Cyber_Security_Channel
Hackers Target High-Privileged Okta Accounts via Help Desk
The hackers then access compromised accounts using anonymizing proxy services and an IP and device not previously associated with the user account "to abuse legitimate identity federation features that enabled them to impersonate users within the compromised organization," according to the post.
@Cyber_Security_Channel
What is Encrypted DNS Traffic?
The Trouble With Traditional DNS
Before diving into a description of encrypted DNS traffic, we should probably talk about DNS traffic in general.
The Domain Name System (DNS) stands as a linchpin in our digital realm.
Think of it as an intricate directory for the Internet; its role is not just making online navigation intuitive for users but also augmenting the resilience of online services.
Universal DNS Traffic Encryption
The majority of encryption methods hinge on DNS resolvers that are configured for encryption.
However, these encryption-supporting resolvers comprise only a tiny fraction of the total.
Centralization or consolidation of DNS resolvers is a looming issue.
With limited options, this centralization creates tempting targets for malevolent entities or intrusive surveillance.
@Cyber_Security_Channel
Social Engineering Attacks Target OKTA Customers To Achieve a Highly Privileged Role
Threat actors appeared to either have passwords to privileged user accounts or be able to manipulate the delegated authentication flow via Active Directory (AD) prior to calling the IT service desk.
The threat actor targeted Okta customers’ users assigned with Super Administrator permissions.
The attackers were spotted using anonymizing proxy services and an IP and device not previously associated with the user account to access the compromised account.
@Cyber_Security_Channel
Key Group Ransomware Foiled by New Decryptor
"Key Group ransomware uses CBC-mode Advanced Encryption Standard (AES) to encrypt files and sends personally identifiable information (PII) of victim devices to threat actors," the EclecticIQ team explained in a new report.
"The ransomware uses the same static AES key and initialization vector (IV) to recursively encrypt victim data and change the name of encrypted files with the keygroup777tg extension".
@Cyber_Security_Channel
UK’s NCSC Warns Against Cybersecurity Attacks on AI
But prompt injection attacks may also target the inner working of the AI and trigger vulnerabilities in its infrastructure itself.
One example of such an attack has been reported by Rich Harang, principal security architect at NVIDIA. Harang discovered that plug-ins included in the LangChain library used by many AIs were prone to prompt injection attacks that could execute code inside the system.
As a proof of concept, he produced a prompt that made the system reveal the content of its /etc/shadow file, which is critical to Linux systems and might allow an attacker to know all user names of the system and possibly access more parts of it.
Harang also showed how to introduce SQL queries via the prompt.
@Cyber_Security_Channel
US Government Denies Blocking Sales of AI Chips to Middle East
"Over the long term, our results and competitive position may be harmed, and we may be effectively excluded from all or part of the China market if there are further changes in the US government’s export controls," according to the Nvidia filing.
And last September, AMD said it had received new license requirements that would mean halting exports entirely of its MI250 chips to China.
@Cyber_Security_Channel
How AI Can Help Healthcare Organizations Bolster Patient Data Security
Healthcare organizations are particularly affected by cyberattacks because of the potential impact on life-saving operations.
Healthcare IT and security professionals surveyed for a 2022 report from the Ponemon Institute and Proofpoint cited negative patient outcomes as a major consequence of cyberattacks.
It is clear that an outdated approach to healthcare cybersecurity is not working to reduce the impact of cyberattacks on a critical industry.
A primary reason: The data that healthcare needs to protect cannot easily be seen or found by existing technologies.
@Cyber_Security_Channel
Cyberattackers Swarm OpenFire Cloud Servers With Takeover Barrage
Openfire is a Web-based real-time collaboration (RTC) server used as a chat platform over XMPP that supports more than 50,000 concurrent users.
By design, it's supposed to be a secure and segmented way for enterprise users to communicate across departments and across remote work locations.
The flaw, however, makes Openfire's administrative console vulnerable to path traversal attack via its setup environment, allowing an unauthenticated, regular user to access pages in the console reserved for administrative users.
@Cyber_Security_Channel
Exploit Code Published for Critical-Severity VMware Security Defect
He pointed to VMWare’s CVE-2023-34039 advisory (CVSS severity score of 9.8 out of 10) that describes the bug as a network authentication bypass and warns that the issue is being mischaracterized.
“Interestingly, VMware has named this issue “Networks Authentication Bypass”, but in my opinion, nothing is getting bypassed.
There is SSH authentication in place; however, VMware forgot to regenerate the keys,” Kheirkha said.
@Cyber_Security_Channel
4 Strategies to Safeguard the Finance Industry Against Deepfake Onslaught
Deepfakes can manifest in many ways within the realm of digital deception.
Deepfake technology allows fraudsters to pose as high-ranking executives or CEOs, changing their voices and appearances to trick investors or employees into carrying out transactions or disclosing sensitive information.
These deepfake-driven impersonation frauds cause huge financial losses and harm to individuals' and companies' reputations.
@Cyber_Security_Channel
Energy Department Offering $9M in Cybersecurity Competition for Small Electric Utilities
The competition has three phases, focusing on commitment, planning and implementation.
In the planning phase, competitors need to describe their current resources and their need for improving their cybersecurity posture.
The deadline for the first phase of the project is November 29, 2023.
@Cyber_Security_Channel