cyber_security_channel | News and Media

Telegram-канал cyber_security_channel - Cyber Security News

42585

Be Cyber Aware. Our vacancies channel: @CyberSecurityJobs Our chat: t.me/cybersecuritynewschat LinkedIn: https://www.linkedin.com/company/securitynews/ Facebook: https://www.facebook.com/BreakingCyberSecNews 📩 Cooperation: @cybersecadmin

Subscribe to a channel

Cyber Security News

New Phishing Campaign Launched via Google Looker Studio

The message contains a link to the fake report, claiming to provide the victim with information on investment strategies that would lead to significant returns.

The recipient is lured into clicking on the provided link, which redirects to a legitimate Google Looker page, hosting a Google slideshow claiming to provide instructions on how the recipient could receive more cryptocurrency.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

List of Data Breaches and Cyber Attacks in August 2023 – 79,729,271 Records Breached

For more details about the year’s incidents, check out our new page, which provides a complete list of known data breaches and cyber attacks in 2023.

It also breaks down each month’s cyber security incidents and provides more information about the biggest and most notable breaches of the month.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Why MSPs Should Focus Their Attention on Data Protection Services, Not Backup

Each additional backup solution means more cost and not reaping the benefits of scale that comes from serving many customers with the same solution.

Each solution means more complexity and more opportunity for something to go wrong.

When almost any other system goes wrong, the problem will be flagged immediately, usually by the customer complaining.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Intro To Honeypots

There are also honeypots that exist as public services to collect and analyze various payloads.

While some of these services are simply built as a means for professionals (and cyber criminals) to test the detection rate of their payloads, they are equally leveraged as a means to distribute payloads to anti-virus companies and law enforcement looking to get an edge on new techniques used in the field.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

As LotL Attacks Evolve, So Must Defenses

An LotL phishing attack's initial goal is a credential harvesting page where threat actors will steal a user's email address and password.

Once logged in, they do reconnaissance within the organization (including looking through that person's inbox for opportunities to commit a business email compromise attack).

For example, if the target is in finance, the threat actor may initiate a wire transfer or reroute invoicing traffic.

If the target is not high value, threat actors will pivot and attack that user's contacts to conduct a CHA or distribute malware by replying to legitimate conversations in the inbox.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

United Airlines Says the Outage That Held Up Departing Flights Was Not a Cybersecurity Issue

By late afternoon Tuesday on the East Coast, United had canceled only seven flights, well below its average of about 16 per day over the busy Labor Day weekend, according to figures from tracking service FlightAware.

However, more than 350 United flights were delayed — 13% of the carrier’s schedule, far more than rivals American, Delta and Southwest — on a day that many holiday vacationers were expected to fly home.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Hackers Target High-Privileged Okta Accounts via Help Desk

The hackers then access compromised accounts using anonymizing proxy services and an IP and device not previously associated with the user account "to abuse legitimate identity federation features that enabled them to impersonate users within the compromised organization," according to the post.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

What is Encrypted DNS Traffic?

The Trouble With Traditional DNS

Before diving into a description of encrypted DNS traffic, we should probably talk about DNS traffic in general.

The Domain Name System (DNS) stands as a linchpin in our digital realm.

Think of it as an intricate directory for the Internet; its role is not just making online navigation intuitive for users but also augmenting the resilience of online services.

Universal DNS Traffic Encryption

The majority of encryption methods hinge on DNS resolvers that are configured for encryption.

However, these encryption-supporting resolvers comprise only a tiny fraction of the total.

Centralization or consolidation of DNS resolvers is a looming issue.

With limited options, this centralization creates tempting targets for malevolent entities or intrusive surveillance.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Social Engineering Attacks Target OKTA Customers To Achieve a Highly Privileged Role

Threat actors appeared to either have passwords to privileged user accounts or be able to manipulate the delegated authentication flow via Active Directory (AD) prior to calling the IT service desk.

The threat actor targeted Okta customers’ users assigned with Super Administrator permissions.

The attackers were spotted using anonymizing proxy services and an IP and device not previously associated with the user account to access the compromised account.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Key Group Ransomware Foiled by New Decryptor

"Key Group ransomware uses CBC-mode Advanced Encryption Standard (AES) to encrypt files and sends personally identifiable information (PII) of victim devices to threat actors," the EclecticIQ team explained in a new report.

"The ransomware uses the same static AES key and initialization vector (IV) to recursively encrypt victim data and change the name of encrypted files with the keygroup777tg extension".

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

UK’s NCSC Warns Against Cybersecurity Attacks on AI

But prompt injection attacks may also target the inner working of the AI and trigger vulnerabilities in its infrastructure itself.

One example of such an attack has been reported by Rich Harang, principal security architect at NVIDIA. Harang discovered that plug-ins included in the LangChain library used by many AIs were prone to prompt injection attacks that could execute code inside the system.

As a proof of concept, he produced a prompt that made the system reveal the content of its /etc/shadow file, which is critical to Linux systems and might allow an attacker to know all user names of the system and possibly access more parts of it.

Harang also showed how to introduce SQL queries via the prompt.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

US Government Denies Blocking Sales of AI Chips to Middle East

"Over the long term, our results and competitive position may be harmed, and we may be effectively excluded from all or part of the China market if there are further changes in the US government’s export controls," according to the Nvidia filing.

And last September, AMD said it had received new license requirements that would mean halting exports entirely of its MI250 chips to China.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

How AI Can Help Healthcare Organizations Bolster Patient Data Security

Healthcare organizations are particularly affected by cyberattacks because of the potential impact on life-saving operations.

Healthcare IT and security professionals surveyed for a 2022 report from the Ponemon Institute and Proofpoint cited negative patient outcomes as a major consequence of cyberattacks.

It is clear that an outdated approach to healthcare cybersecurity is not working to reduce the impact of cyberattacks on a critical industry.

A primary reason: The data that healthcare needs to protect cannot easily be seen or found by existing technologies.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Cyberattackers Swarm OpenFire Cloud Servers With Takeover Barrage

Openfire is a Web-based real-time collaboration (RTC) server used as a chat platform over XMPP that supports more than 50,000 concurrent users.

By design, it's supposed to be a secure and segmented way for enterprise users to communicate across departments and across remote work locations.

The flaw, however, makes Openfire's administrative console vulnerable to path traversal attack via its setup environment, allowing an unauthenticated, regular user to access pages in the console reserved for administrative users.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Exploit Code Published for Critical-Severity VMware Security Defect

He pointed to VMWare’s CVE-2023-34039 advisory (CVSS severity score of 9.8 out of 10) that describes the bug as a network authentication bypass and warns that the issue is being mischaracterized.

“Interestingly, VMware has named this issue “Networks Authentication Bypass”, but in my opinion, nothing is getting bypassed.

There is SSH authentication in place; however, VMware forgot to regenerate the keys,” Kheirkha said.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Minneapolis School District Says Data Breach Affected More Than 100,000 People

The breach began February 6 and continued until at least February 18, when MPS said it became aware of the “suspicious activity” and notified law enforcement.

The district said a “preliminary review” had been completed on March 22, and on April 7 it “sent notice to a limited number of known impacted individuals.”

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

IBM Notifies Janssen CarePath Customers of Data Breach

IBM said that it was notified of the issue by Janssen on August 2, 2023 and that it promptly worked with the database provider to disable the technical method that was used to gain unauthorized access.

IBM also augmented security controls to reduce the chance of a similar event occurring in the future.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Researchers Discover Critical Vulnerability in PHPFusion CMS

"Exploitation of this vulnerability has effectively two requirements," says Matthew Hogg, software engineer at Synopsys' Software Integrity Group, who discovered the vulnerability.

One of them is that the attacker needs to be able to authenticate to at least a low-privileged account, and the other is that they need to know the vulnerable endpoint.

"By fulfilling both criteria, a malicious actor would be able to craft a payload to exploit this vulnerability," Hogg says.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Mistakes

Redmond also acknowledged a failure of its internal systems to detect sensitive secrets leaking from crash dumps.

“The key material’s presence in the crash dump was not detected by our systems (this issue has been corrected),” the company said.

The company said the 2021 crash dump with signing key was subsequently moved from the isolated production network into its debugging environment on the internet connected corporate network.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Ransomware and Data Breaches: Impacts Continue to Grow Louder

I often get asked these questions (and more), and the answers can take months or years to be released after an event.

In some instances, the specific details remain hidden from public view — concealed inside the databases of cyber insurance companies or classified files guarded by three-letter government agencies.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

GhostSec Leaks Source Code of Alleged Iranian Surveillance Tool

Behnama in particular is not just a tool, but "a powerful instrument of surveillance" that is used by the Iranian government, law enforcement agencies, and military personnel, GhostSec said, noting that its intention of exposing FANAP is "in the interests of the Iranian people, but also in the interests of protecting the privacy of each and every one of us."

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Mason Tenders’ District Council data breach class action settlement

The Mason Tenders’ District Council is a labor organization based in New York, serving more than 17,000 members, including construction workers, asbestos and hazardous materials handlers, Catholic high school teachers, and recycling and waste handlers, according to the council’s website.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

How to Conduct a Cloud Security Assessment

A cloud security assessment evaluates an organization's cloud infrastructure for the following:

- Overall security posture
- Identity and access management (IAM) policies
- Service provider security features
- Compliance
- Documentation
- Exposure to future threats

Threat modeling reviews should test against possible attacks and threats to the cloud environment, ease of attacks based on exposure and susceptibility, and the state of preventive and detective controls in place.

Organizations with multi-cloud deployments should expect to conduct separate threat modeling sessions for each respective cloud service.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Threat Advisory: Zero-Day Vulnerabilities Detected On Winrar

These vulnerabilities require user interaction for exploitation.

Remote attackers, with malicious intent, can execute arbitrary code on systems where WinRAR is installed.

The software’s functionality, which includes archive creation in RAR or ZIP file formats, displays and unpacks numerous archive file formats.

This further amplifies the potential for compromise as WinRAR’s ability to support the creation of encrypted archives, multi-part files, and self-extraction adds to the complexity of the situation.

Furthermore, file integrity is verified using CRC32 or BLAKE2 checksums for each file within an archive, highlighting the significance of these gaps in the system.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Why is .US Being Used to Phish So Many of Us?

.US is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S.

Department of Commerce. However, NTIA currently contracts out the management of the .US domain to GoDaddy, by far the world’s largest domain registrar.

Under NTIA regulations, the administrator of the .US registry must take certain steps to verify that their customers actually reside in the United States, or own organizations based in the U.S.

But Interisle found that whatever GoDaddy was doing to manage that vetting process wasn’t working.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

The 7 Personal Data Protection Principles

Data users may process personal data only where:

the data subject has given his consent to the processing of the personal data.

Or the processing of the data is necessary (for certain purposes more particularly set out in the PDPA).

Where the data subject is under the age of 18, consent should be obtained from the individual who has parental responsibility over the data subject.

When dealing with sensitive personal data or where the data is to be transferred outside of Malaysia, explicit consent is required to be obtained from the data subject.

Consent should be obtained in a form which can be recorded and maintained properly by the data user.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

AHA security leader sees 'AI-fueled cyber arms race'

Riggi – who's scheduled to deliver the opening keynote on September 7 at the HIMSS Healthcare Cybersecurity Forum – says he's been concerned recently about a "dramatic increase" in attacks on hospitals and health systems.

"They're primarily taking two forms," said Riggi.

First, healthcare organizations are facing intensifying risk from "large data theft attacks from foreign-based criminal organizations and adversarial nation state spies that want to steal patient information and medical research for their own purposes."

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

A Brief History of ICS-Tailored Attacks

In the cybersecurity domain, we often analyze threats based on a triad of opportunity, capability, and intent.

Threat actors must possess all three in order to launch successful attacks.

Drawing on this brief history of ICS-specific malware, it appears that the threat groups are getting bolder by trying to inflict physical damage and strike safety systems, thereby indicating a growing general intent to cause harm.

The technical analysis of the malware reveals a growing sophistication trend, indicating rising capability.

It is on us, the cyber defenders, to learn from the past and make our networks hostile to attackers, thereby denying them the opportunities that they seek.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

10 Best Antivirus Software for Businesses in 2023

Antivirus software is added protection for business devices that scans for and protects against malware or viruses that may affect your company’s data safety.

Today’s most complete antivirus software will also bundle additional protection with VPNs and firewalls, products that are commonly sold as separate software.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Crackdowns on Encrypted Messaging Don’t ‘Help the Children’

U.K. government officials, for years, have voiced concerns that online services don’t do enough to tackle illegal content, particularly child sexual abuse material.

The “solution” was the Online Safety Bill, ostensibly seeking to make the U.K. the world’s safest place to use the internet.

@Cyber_Security_Channel

Читать полностью…
Subscribe to a channel