Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Practical applicatio ...

 Business

Although the principles of machine learning were laid down some half a century ago, only recently have they found widespread application in practice. As computing power grew, computers learned first to distinguish objects in images and play Go better than humans, then to draw pictures based on text descriptions and   show more ...

maintain a coherent chat. In 2021–2022, scientific breakthroughs became accessible to all. For example, you can subscribe to MidJourney and, say, instantly illustrate your own books. And OpenAI has finally opened up its large GPT-3 (Generative Pretrained Transformer 3) language model to the general public through ChatGPT. The bot is available at chat.openai.com, where you can see for yourself how it maintains a coherent conversation, explains complex scientific concepts better than many teachers, artistically translates texts between languages, and much, much more. Image generated by Midjourney to the request A gnome with a magnifying glass is lost among data storage servers If we strip ChatGPT down to the bare essentials, the language model is trained on a gigantic corpus of online texts, from which it remembers which words, sentences, and paragraphs are collocated most frequently and how they interrelate. Aided by numerous technical tricks and additional rounds of training with humans, the model is optimized specifically for dialog. Because on the internet you can find absolutely everything, the model is naturally able to support a dialog on practically all topics: from fashion and the history of art to programming and quantum physics. Scientists, journalists, and plain enthusiasts are finding ever more applications for ChatGPT. The Awesome ChatGPT prompts website has a list of prompts (phrases to start a conversation with a bot), which allow to switch ChatGPT so that it will respond in the style of Gandalf or some other literary character, write Python code, generate business letters and resumes, and even imitate a Linux terminal. Nevertheless, ChatGPT is still just a language model, so all the above is nothing more than common combinations and collocations of words — you wont find any reason or logic in it. At times, ChatGPT talks convincing nonsense (like many humans), for example, by referring to non-existent scientific studies. So always treat ChatGPT content with due caution. That said, even in its current form, the bot is useful in many practical processes and industries. Here are some examples in the field of cybersecurity. Malware creation On underground hacker forums, novice cybercriminals report how they use ChatGPT to create new Trojans. The bot is able to write code, so if you succinctly describe the desired function (save all passwords in file X and send via HTTP POST to server Y), you can get a simple infostealer without having any programming skills at all. However, straight-arrow users have nothing to fear. If bot-written code is actually used, security solutions will detect and neutralize it as quickly and efficiently as all previous malware created by humans. Whats more, if such code isnt checked by an experienced programmer, the malware is likely to contain subtle errors and logical flaws that will make it less effective. At least for now, bots can only compete with novice virus writers. Malware analysis When InfoSec analysts study new suspicious applications, they reverse-engineer, the pseudo-code or machine code, trying to figure out how it works. Although this task cannot be fully assigned to ChatGPT, the chatbot is already capable of quickly explaining what a particular piece of code does. Our colleague Ivan Kwiatkovski has developed a plugin for IDA Pro that does precisely that. The language model under the hood isnt really ChatGPT – rather its cousin, davinci-003 – but this is a purely technical difference. Sometimes the plugin doesnt work, or outputs garbage, but for those cases when it automatically assigns legitimate names to functions and identifies encryption algorithms in the code and their parameters, its worth having in your kitbag. It comes into its own in SOC conditions, where perpetually overloaded analysts have to devote a minimum amount of time to each incident, so any tool to speed up the process is welcome. Plugin output Vulnerability search A variation of the above approach is an automated search for vulnerable code. The chatbot reads the pseudo-code of a decompiled application, and identifies places that may contain vulnerabilities. Moreover, the bot provides Python code designed for vulnerability (PoC) exploitation. Sure, the bot can make all kinds of mistakes, in both searching for vulnerabilities and writing PoC code, but even in its current form the tool is of use to both attackers and defenders. Security consulting Because ChatGPT knows what people are saying about cybersecurity online, its advice on this topic looks convincing. But, as with any chatbot advice, you never know where it exactly came from, so for every 10 great tips there may be one dud. All the same, the tips in the screenshot below for example are all sound: ChatGPT-generated tips Phishing and BEC Convincing texts are a strong point of GPT-3 and ChatGPT, so automated spear-phishing attacks using chatbots are probably already occurring. The main problem with mass phishing e-mails is that they dont look right, with too much generic text that doesnt speak directly to the recipient. As for spear-phishing, when a live cybercriminal writes an e-mail to a single victim, its quite expensive; therefore, its used only in targeted attacks. ChatGPT is set to drastically alter the balance of power, because it allows attackers to generate persuasive and personalized e-mails on an industrial scale. However, for an e-mail to contain all necessary components, the chatbot must be given very detailed instructions. Example of a ChatGPT-generated e-mail But major phishing attacks usually consist of a series of e-mails, each gradually gaining more of the victims trust. So for the second, third, and nth e-mails, ChatGPT will really save cybercriminals a lot of time. Since the chatbot remembers the context of the conversation, subsequent e-mails can be beautifully crafted from a very short and simple prompt. Generated e-mail continuing the attack Moreover, the victims response can easily be fed into the model, producing a compelling follow-up in seconds. Among the tools attackers can use is stylized correspondence. Given just a small sample of a particular style, the chatbox can easily apply it in further messages. This makes it possible to create convincing fake e-mails seemingly from one employee to another. Unfortunately, this means that the number of successful phishing attacks will only grow. And the chatbot will be equally convincing in e-mail, social networks, and messengers. How to fight back? Content analysis experts are actively developing tools that detect chatbot texts. Time will tell how effective these filters will prove to be. But for now, we can only recommend our two standard tips (vigilance and cybersecurity awareness training), plus a new one. Learn how to spot bot-generated texts. Mathematical properties are not recognizable to the eye, but small stylistic quirks and tiny incongruities still give the robots away. Check out this game to see if you can spot the difference between human- and machine-written text.

image for Administrator of RSO ...

 A Little Sunshine

Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from   show more ...

Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.” A copy of the passport for Denis Emelyantsev, a.k.a. Denis Kloster, as posted to his Vkontakte page in 2019. First advertised in the cybercrime underground in 2014, RSOCKS was the web-based storefront for hacked computers that were sold as “proxies” to cybercriminals looking for ways to route their Web traffic through someone else’s device. Customers could pay to rent access to a pool of proxies for a specified period, with costs ranging from $30 per day for access to 2,000 proxies, to $200 daily for up to 90,000 proxies. Many of the infected systems were Internet of Things (IoT) devices, including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers. Later in its existence, the RSOCKS botnet expanded into compromising Android devices and conventional computers. In June 2022, authorities in the United States, Germany, the Netherlands and the United Kingdom announced a joint operation to dismantle the RSOCKS botnet. But that action did not name any defendants. Inspired by that takedown, KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Emelyantsev’s personal blog, where he went by the name Denis Kloster. The blog featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world,” and even included a group photo of RSOCKS employees. “Thanks to you, we are now developing in the field of information security and anonymity!,” Kloster’s blog enthused. “We make products that are used by thousands of people around the world, and this is very cool! And this is just the beginning!!! We don’t just work together and we’re not just friends, we’re Family.” But by the time that investigation was published, Emelyantsev had already been captured by Bulgarian authorities responding to an American arrest warrant. At his extradition hearing, Emelyantsev claimed he would prove his innocence in an U.S. courtroom. “I have hired a lawyer there and I want you to send me as quickly as possible to clear these baseless charges,” Emelyantsev told the Bulgarian court. “I am not a criminal and I will prove it in an American court.” RSOCKS, circa 2016. At that time, RSOCKS was advertising more than 80,000 proxies. Image: archive.org. Emelyantsev was far more than just an administrator of a large botnet. Behind the facade of his Internet advertising company based in Omsk, Russia, the RSOCKS botmaster was a major player in the Russian email spam industry for more than a decade. Some of the top Russian cybercrime forums have been hacked over the years, and leaked private messages from those forums show the RSOCKS administrator claimed ownership of the RUSdot spam forum. RUSdot is the successor forum to Spamdot, a far more secretive and restricted community where most of the world’s top spammers, virus writers and cybercriminals collaborated for years before the forum imploded in 2010. A Google-translated version of the Rusdot spam forum. Indeed, the very first mentions of RSOCKS on any Russian-language cybercrime forums refer to the service by its full name as the “RUSdot Socks Server.” Email spam — and in particular malicious email sent via compromised computers — is still one of the biggest sources of malware infections that lead to data breaches and ransomware attacks. So it stands to reason that as administrator of Russia’s most well-known forum for spammers, Emelyantsev probably knows quite a bit about other top players in the botnet spam and malware community. It remains unclear whether Emelyantsev made good on his promise to spill that knowledge to American investigators as part of his plea deal. The case is being prosecuted by the U.S. Attorney’s Office for the Southern District of California, which has not responded to a request for comment. Emelyantsev pleaded guilty on Monday to two counts, including damage to protected computers and conspiracy to damage protected computers. He faces a maximum of 20 years in prison, and is currently scheduled to be sentenced on April 27, 2023.

 Govt., Critical Infrastructure

The newly created Cyber Unit falls under the state’s Office of Homeland Security and will act as a centralized cybersecurity information and response center. The unit will be led by the state’s first Cyber Director Bobby Freeman.

 Govt., Critical Infrastructure

The task force aims to foster collaboration in global law enforcement agencies and cybersecurity authorities. In addition to swapping intelligence, it will share best practices policy and legal authority frameworks.

 Threat Actors

The arrival vector likely involves the exploitation of a public-facing website or abuse of compromised RDP credentials. The weaponized tool used is Cobalt Strike, which allows Vice Society to remotely access and control the infected endpoint.

 Malware and Vulnerabilities

Hackers are dropping the new version of the RAT via an NSIS installer file, with a free icon. This variant uses the Dynamic Imports technique to evade detection by static analysis-based tools. Since the malware distributes itself through malicious documents attached to emails, organizations must ensure to cross-check the email before opening.

 Incident Response, Learnings

A police crackdown on the Bitzlato crypto exchange includes arrests of its senior management in Spain and Cyprus in addition to last Tuesday's capture of its co-founder, Russian national Anatoly Legkodymov, by the FBI in Miami.

 Malware and Vulnerabilities

The legitimate Sliver C2 framework is catching more attention from threat actors as it emerges as an open-source alternative to Cobalt Strike and Metasploit. Cybereason’s GSOC team recently reported that the Exotic Lily group was using LNK files to distribute BumbleBee loader malware. Users are suggested to handle files originating from external sources such as emails and web browsing with caution.

 Threat Intel & Info Sharing

This security flaw is tracked as CVE-2022-47966 and was patched in several waves starting on October 27, 2022. Unauthenticated attackers can exploit it if the SAML-based SSO is or was enabled at least once before the attack to execute arbitrary code.

 Expert Blogs and Opinion

Insider threats are a growing problem. According to recent research, malicious employees contribute to 20% of incidents and the attacks that insiders are involved in are, on average, 10 times larger than those conducted by external actors.

 Incident Response, Learnings

Uber’s recent data breach, which exposed sensitive employee and customer data to the BreachForums hacking forum, was the latest in a string of security incidents to hit the company in the last few years.

 Malware and Vulnerabilities

In a blog post dated January 17, Datadog Security Labs senior researcher Nick Frichette said the vulnerability impacts the CloudTrail event logging service, a data source for defenders examining API activities.

 Malware and Vulnerabilities

Mandiant suspects that Chinese hackers may have abused the FortiOS SSL-VPN flaw to target the European government and an African MSP with Boldmove, a Linux and Windows malware. Hackers exploited a previously patched flaw, CVE-2022-42475, in FortiOS as a zero-day. The exploitation occurred as early as October 2022 and the patch was out in December.

 Malware and Vulnerabilities

Cyber adversaries were found leveraging OneNote attachments to infect victims with remote access malware to harvest their credentials or even cryptocurrency wallets. Researchers spotted criminals installing malware, such as Quasar RAT, AsyncRAT, and XWorm RAT, on infected machines via OneNote files. For this infection, the computer does warn users with a pop-up.

 Trends, Reports, Analysis

New telemetry from SecurityScorecard reflects a 38% rise in high-severity flaws in manufacturing organizations. Almost half of the critical manufacturing organizations, 48%, received poor security ratings on SecurityScorecard's platform. It is crucial for policymakers and business leaders to have a clear understanding of the security measures in place for their manufacturing environments. 

 Feed

This Metasploit module exploits an unauthenticated command injection vulnerability in Cacti versions through 1.2.22 in order to achieve unauthenticated remote code execution as the www-data user.

 Feed

Ubuntu Security Notice 5822-1 - It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could possibly use this issue to bypass bad passwords lockouts. This issue was only addressed in Ubuntu 22.10. Evgeny Legerov discovered that Samba incorrectly handled buffers in certain   show more ...

GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.

 Feed

Ubuntu Security Notice 5821-1 - Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service.

 Feed

Red Hat Security Advisory 2023-0397-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources.

 Feed

Red Hat Security Advisory 2023-0203-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.

 Feed

Red Hat Security Advisory 2023-0241-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.50.

 Feed

Debian Linux Security Advisory 5325-1 - It was discovered that SPIP, a website engine for publishing, would allow a malicious user to SQL injection attacks, or bypass authorization access.

 Feed

Ubuntu Security Notice 5820-1 - Lorenz Hipp discovered a flaw in exuberant-ctags handling of the tag filename command-line argument. A crafted tag filename specified in the command line or in the configuration file could result in arbitrary command execution.

 Feed

Red Hat Security Advisory 2023-0387-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as   show more ...

well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a deserialization vulnerability.

 Feed

Red Hat Security Advisory 2023-0354-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and   show more ...

enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a deserialization vulnerability.

 Feed

Meta Platforms on Monday announced that it has started to expand global testing of end-to-end encryption (E2EE) in Messenger chats by default. "Over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end encryption," Meta's Melissa Miranda said. The social media behemoth said it intends to notify

 Feed

Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content. While it was originally addressed by the company on November

 Feed

The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022. The law enforcement agency attributed the hack to the Lazarus Group and APT38, the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber

 Feed

Vulnerability analysis results in Orange Cyberdefenses' Security Navigator show that some vulnerabilities first discovered in 1999 are still found in networks today. This is concerning. Age of VOC findings Our Vulnerability Scans are performed on a recurring basis, which provides us the opportunity to examine the difference between when a scan was performed on an Asset, and when a given finding

 Feed

The Emotet malware operation has continued to refine its tactics in an effort to fly under the radar, while also acting as a conduit for other dangerous malware such as Bumblebee and IcedID. Emotet, which officially reemerged in late 2021 following a coordinated takedown of its infrastructure by authorities earlier that year, has continued to be a persistent threat that's distributed via

 Feed

Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers. "The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation," SentinelOne said in an analysis published today. A striking

2023-01
Aggregator history
Tuesday, January 24
SUN
MON
TUE
WED
THU
FRI
SAT
JanuaryFebruaryMarch