The U.S. Department of Justice (DoJ) announced the arrest of two individuals in Australia for their ties to the “Hive RAT” remote access trojan (RAT).
The two arrested individuals are suspected of being behind the distribution of the RAT, as found on the ‘Hack Forums’ cybercrime forum.
The National Security Agency (NSA) released a Cybersecurity Information Sheet (CSI) focused on the secure deployment of AI systems.
The CSI, entitled “Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems,” covers the guidelines set to avoid the exploitation of malicious activity targeting software of still-developing AI technology.
Stemming from a breach earlier this year only affecting 15k Roku accounts, a second breach sees heavier implications, affecting over half a million of the company’s subscribers.
Roku claims that the hackers did not gain access to any financially sensitive customer information and assures that refunds would be made for unauthorized account purchases. For further security measures, Roku also enables a two-factor authentication for all accounts.
The US Department of Health and Human Services (HHS) reported that they fell victim to a social engineering scam over the phone, imitating HHS’ financial department, convincing them to hand over ID verification details.
The threat actors, aside from imitating HHS’ financial department, pulled the attack off by using local area codes and AI voice-changing technology to disguise themselves. The surrendered information could lead to threat actors bypassing multifactor authentication (MFA) security.
Cyberint released a report that discloses the 22% drop in ransomware cases from Q4 2023 to Q1 2024, or from 1,309 down to 1,048 cases.
The ‘Q1 Ransomware Report’ credits the decrease in ransomware attacks to a major uptick in law enforcement crackdowns on cyber criminal gangs, with notable major actions against LockBit and ALPHV.
Once again, China is harnessing new Western technology to attack and undermine the US at home and overseas. According to a new report from Microsoft, this time, China is using AI-generated fake social media accounts to influence the outcome of the upcoming US presidential elections.
The report, Same targets, new playbooks: East Asia threat actors employ unique methods, details China’s recent attempts to discredit the US government, including misinformation regarding: the Kentucky train derailment in November; the Maui wildfires in August; the disposal of Japanese nuclear wastewater, illegal drug use in the US as well as exacerbating the increasing racial tensions across the US.
Arriving just a month after a paid ransom was demanded following the massive data breach in February 2024, Change Healthcare reported on another potential cyberattack: extortion from the “ransomhub” group.
Initiated by the new “ransomhub” group, with suspected connections to BlackCat, the double-extortion claim has yet to be confirmed by cybersecurity experts.
Highlighting the severity of the University of Winnipeg data breach, Cybersecurity consultant Kathy Knight asserts that the education sector is one of the most vulnerable to cyber attacks, potentially leading to significant data loss and privacy breaches.
“The thing about universities is they’re very big, complex institutions … and they collect a lot of information and data that is very attractive to cyber criminals. So that puts them really, at the top of the list, in terms of attack targets,” she said.
Airline security has just entered a new era with the news that on Saturday, cybercriminals hacked the communications network on a commercial flight and tried to divert the plane to a fake destination, putting it in the hands of the gang.
On Sunday, EL AL Israel Airlines confirmed the attack on one of its planes. During the attack, instructions were given to the El Al crew that differed from their set route, alerting them to the possibility that terrorists were planning to crash the plane or that their attackers were planning a kidnapping.
However, despite the nationality of the airline concerned, the motive behind hacking into the airline’s communications is thought not to have been primarily political. Although the attack took place over an area where Iran-backed Houthis are known to be active, it is believed that the hackers are most likely based in Somaliland, which last month signed a controversial territorial agreement with neighboring Ethiopia.
Visa released an alert on the ‘JsOutProx’ remote access trojan (RAT) malware phishing campaign which targets financial institutions and customers.
The JSOutProx malware linked to the ‘Solar Spider’ threat actor delivers a RAT that could steal sensitive data, establish a C2 connection, and extract Outlook information, among others.
According to a report released by the Cloud Security Alliance and Google Cloud, 55% of all organizations plan to use AI to boost security by 2025.
The “State of AI and Security Survey Report,” also found that 67% of organizations already tested and are pleased with AI-backed security capabilities.
Cisco’s US$28 billion acquisition of cybersecurity firm Splunk is the largest acquisition in the networking giant’s history. It is now being seen as a clear signpost for the future value of cybersecurity companies worldwide.
The price paid for the 20-year-old San Francisco company represented over 12 percent of Cisco’s US$198 billion market capitalization. The $28 billion acquisition was closed within only six months, at a time when many large mergers are being blocked or delayed by regulators.
“We will revolutionize the way our customers leverage data to connect and protect every aspect of their organization as we help power and protect the AI revolution,” said Cisco CEO Chuck Robbins.
Corsica Technologies released a study that revealed mid-market companies invest 285% more in cybersecurity-managed services and sales growth.
The study also revealed that 74% identified legacy software, and 52% found data integration to be a couple of the main challenges faced by midmarket companies.
OpenAI, the maker of Microsoft-backed consumer-facing artificial intelligence (AI) service ChatGPT, may have scored something of an own-goal with the unveiling of Voice Engine, billed as “a model for creating custom voices”.
While OpenAI’s blog on Friday highlights the legitimate use of voice cloning, sometimes referred to as ‘deepfake voice’, such as providing reading assistance to non-readers and children, its widespread availability could soon metamorphose into a cybersecurity nightmare.
Deepfake voice and video software are already being used by cybercriminals to mimic the voices of senior executives to commit financial fraud and other crimes. But the widespread availability and marketing of deepfake voice software is now set to make cybercrime a virtual cottage industry where any number can play. It will open the floodgates to a whole new generation of cybercriminals, terrorists, pranksters, and disgruntled employees.
Google agreed to remove billions of personal records amid the previously announced lawsuit, accusing the tech giant of illegal surveillance.
The personal records belong to approximately 136 million Google Chrome users. To add to the settlement, Google will add more disclosures of the terms for their ‘incognito mode’ feature.
AT&T sent out a mass announcement to its customers, informing them that a dataset containing sensitive data from 7.6M current users and 65.4M former users is for sale on the dark web.
To mitigate the breach, AT&T reset the passcodes of all its current users and will constantly communicate with customers to further protect accounts.
The ‘INC Ransom’ ransomware group publicly threatened to release three terabytes of NHS Scotland sensitive patient and staff data, after publishing a smaller sample size proving the viability of the threat.
NHS Dumfries and Galloway’s efforts to prevent the attack from being repeated are underway in collaboration with Police Scotland and the National Cyber Security Centre (NCSC).
These are troubled times for Silicon Valley tech giant, Apple. Hard on the heels of the US Justice Department suing Apple for monopolizing the smartphone market comes news of a major security flaw in Apple M-series chips (M1, M2, and M3).
The US Justice Department appears determined to call time on Apple’s long-standing domination of the smartphone market. It holds that “Apple’s broad-based, exclusionary conduct” makes it harder for Americans to switch smartphones. Apple also stands accused of undermining innovation for apps, products, and services, and imposing extraordinary costs on developers, businesses, as well as on consumers.
A federal court in California earlier this week released documents that revealed Facebook’s 2016 “Project Ghostbusters” campaign. The campaign was designed to mine Snapchat user data to understand their behavior better.
The project was a part of Facebook’s In-App Action Panel (IAPP) program, which used techniques to intercept and decrypt encrypted app traffic from Snapchat and, later, from YouTube and Amazon.
The United Nations has drafted a resolution aimed at bringing the rest of the world in line with existing US artificial intelligence (AI) security guidelines. These follow those already developed by the US Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC).
Both emphasize the importance of “secure-by-design” and “secure-by-default” principles for AI systems. The UN Assembly called on all Member States and stakeholders “to refrain from or cease the use of artificial intelligence systems that are impossible to operate in compliance with international human rights law.” The Assembly added that the same rights that people have offline must also be protected online throughout the life cycle of artificial intelligence systems.
The Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against seven Chinese nationals based in Wuhan, China, for their affiliation with the ‘APT31’ hacking group.
According to OFAC, APT31 is a nation-state-backed Chinese hacking group focused on infiltrating critical infrastructure in Eastern Europe, France, and the US.
The UK’s Deputy Prime Minister, Oliver Dowden, is expected to formally announce to the press that China is behind a wave of cyber attacks against UK government officials and will urge the protection of voters’ data.
Despite the denial from China’s Ministry of Foreign Affairs, the UK government remains on high alert for politically fueled cyber attacks as the election period nears.
In what is being seen by some on the Hill as a case of too little too late, Washington has this week finally blocked the sale of US citizens’ personal sensitive data to four hostile foreign powers: North Korea, China, Russia, and Iran.
Sensitive data includes ordinary people’s social security numbers, financial account numbers, biometric information, genetic information, precise geolocation information, and most of their private communications. Washington’s Energy and Commerce Committee top Democrat, Congressman Frank Pallone Jr, simultaneously issued a statement highlighting the massive threat foreign data sales present to ordinary people.
The White House has issued an urgent appeal to all US state governors to prepare to cope with their water systems being attacked and taken down by Chinese cyber-attacks. Iran, which has honed its industrial espionage techniques via consistent attacks on Israel’s infrastructure, is also proving effective in taking down water facilities in the US.
The letter from the White House contains a stark warning that attacks on US water facilities are no longer a potential threat but an increasingly frequent event with real-world consequences. It was signed by the Assistant to the President for National Security Affairs, Jake Sullivan, and by Environmental Protection Agency Administrator Michael S. Regan.
Microsoft’s Threat Intelligence arm issued a warning on the rise of new, sophisticated tax phishing scams that could lead to stolen personal and financial data.
These tax-related phishing scams are initiated by impersonating trusted employers, tax agencies, and payment processors. Victims click on a malicious attachment, which leads to a believable landing page designed to capture sensitive information.
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the Chinese-linked “Volt Typhoon” group, which is targeting critical infrastructure.
The CISA warning, issued in collaboration with the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), confirmed the recent critical infrastructure attacks initiated by “Volt Typhoon” and the group’s tactics and motives.
An under-the-radar attack that creates fake Google docs is now playing havoc across multiple sectors in the US and UK, particularly in healthcare. Companies’ increasing reliance on widely-used off-the-shelf external software may save costs and create efficiencies in the short-term, but it also offers new inroads for the current generation of increasingly devious and skilled cybercriminals
Cybersecurity firm Netskope has identified a new Google Docs threat in the wild, AZORult infostealer. It is designed to steal sensitive information such as user credentials, browser information, credit card details and crypto-wallet data. A comprehensive study conducted by Netskope’s research team has uncovered a campaign where an attacker created fake Google Docs pages on Google sites from which to download malicious payloads.
Trend Micro reported on an advanced persistent threat actor linked to the Chinese government called ‘Earth Krahang’, compromising over 70 organizations, with a focus on governments.
Focusing on cyber espionage, ‘Earth Krahang’ and its attacks target government agencies, affecting 48 government organizations across Asia, the Americas, Europe, and Africa.
A police raid on a Philippines online organization highlights not only the ongoing digital crime boom in Southeast Asia but also the increasingly blurred line between cybercrime and ordinary gangsters.
Police raided the premises of the Tarlac Pogo firm following a complaint filed by a Vietnamese worker who bore signs of having been recently tortured in the form of electrocution scars. The police discovered 875 people, including 504 foreigners, who had been lured to work for what purported to be an online gaming company, but was actually a forced labour camp operating romance scams.
Amid widespread speculation that artificial intelligence (AI) will make most of today’s jobs redundant and even replace humanity itself, the UK’s Institute for the Future of Work has taken a more pragmatic approach.
Its study on the impact of modern technologies on almost 5,000 workers highlights employee concerns about the adverse effect AI is already having on their day-to-day work lives. While the majority of those surveyed believed that older technologies such as laptops and smartphones generally improve their quality of life, the same is not true of AI.
According to a Broadcom report, a banking trojan named “Cerberus” pretending to be a Google Chrome update has successfully distributed to numerous systems.
Affecting only Android users, the Cerberus malware allows attackers to completely control affected systems through its complex remote access capabilities.
Google announced major security-focused revamps to Chrome’s ‘Safe Browsing’ mode, which enables the service to work while checking against a server-side malware-site list in real-time.
The added safety feature to Google Chrome’s ‘Safe Browsing’ mode is a massive improvement compared to the browsing mode cross-checking against lists of malware-infected sites that were manually added every two hours.
According to Salt Labs research, third-party OpenAI ChatGPT plugin security flaws could allow attackers to install malicious plugins, and hijack third-party website accounts.
Leveraging security gaps in ChatGPT plugins’ large language models (LLMs), OAuth workflow, and PluginLab both feature weaponizable vulnerabilities.
Five years after its proposal, European Union lawmakers approved the artificial intelligence law, a world-first on AI rules.
Centered around consumer safety, the EU’s AI Act takes a “risk-based approach” to AI-powered products.
The US Federal Bureau of Investigation reports that last year the Internet Crime Complaint Center (IC3) received a record number of complaints, with potential losses exceeding $12.5 billion.
Although the figures for 2023 represent a 10 percent increase over 2022 and a 22 percent rise in losses suffered, the FBI fears that even this only represents the tip of a vast unseen iceberg of cybercrime. The report quotes the FBI’s recent infiltration of the Hive ransomware group, which discovered that only 20 percent of victims had reported the incidents to law enforcement authorities.
Google announced that the Gemini AI chatbot will be restricted to answering any global election-related questions to avoid any potential missteps.
Users have found political questions toward Gemini to result in the answer “I’m still learning how to answer this question. In the meantime, try Google Search.”
Stanford University announced that the personal information of 27,000 individuals was stolen as a result of a September 2023 ransomware attack.
The University also disclosed that only one system was breached, namely the “Department of Public Safety” network. The data included biometric data, dates of birth, social security numbers, government IDs, passport numbers, and driver’s license numbers.
The US Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) have jointly issued a stark warning. The Phobos ransomware-as-a-service (RaaS) model is now being widely used by threat actors of all kinds to attack a wide variety of critical infrastructure across America.
“Since May 2019, Phobos ransomware targeted municipal and county governments, emergency services, education, public healthcare, and other critical infrastructure entities,” says the joint cybersecurity advisory document.
Phobos RaaS is particularly dangerous as it is an off-the-shelf software that can be deployed by even relatively unskilled threat actors in conjunction with other open-source tools such as Smokeloader, Cobalt Strike, and Bloodhound. These tools are all widely accessible and easy to use in various operating environments, making Phobos the obvious go-to choice for a wide variety of threat actors.
Cybersecurity and Infrastructure Security Agency (CISA) confirmed that two of its systems were voluntarily shut down due to a breach stemming from Ivanti vulnerabilities last month.
Despite the successful attack mitigation, CISA claims to upgrade and modernize its systems to avoid breaches of this nature in the future.
admin
