Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Deepfake market anal ...

 Business

Cybercrime quickly adopts new technologies. One of the most concerning trends is the rise of deepfakes — forged images, audio or video created with the aid of artificial intelligence, which makes them appear absolutely real — at least to the naked eye. The issue is all the more disturbing of late as tools for   show more ...

AI-generation become increasingly widespread and accessible to the general public. At the same time, AI technologies are forever increasing in (breathtaking) sophistication with each new version, and now allow the creation of impossibly realistic-looking pictures and extremely convincing audio. Deepfakes are used for various purposes, including revenge, financial fraud, political manipulation, and harassment. In our hyper-connected world, fraudsters can easily collect pictures and even videos of potential victims — especially when it comes to public figures. However, modern cybercriminals tend to specialize on the chosen areas of expertise. The creation of high-quality deepfakes requires technical expertise and advanced software, so various underground experts and services emerged. Now individuals seeking to create fake videos and pictures turn to specialists — readily available, as you could have guessed, on the darkweb. We decided to study this underground market using a digital ethnography method; that is, by diving straight into the cybercriminals online habitat — darknet forums. The main tool we use in darkweb analysis is our Kaspersky Digital Footprint Intelligence service, which employs OSINT techniques combined with both automated and manual analysis of the surface web, deep web and dark web, plus our experts know-how to provide insights about cybercriminal techniques and intentions. We searched underground forums for information related to deepfake creation. To understand the current state of this danger, we focused on deepfake offers that emerged this year, and manually collected some of the shiniest examples of deepfake-creation services. The Darknet deepfake market: supply and demand Our research found that theres a significant demand for deepfakes — which far outweighs the supply  of them. Individuals wholl agree to create fake videos are being desperately searched for. And this is quite disturbing, since, as we all know, demand creates supply; thus, we predict that in the nearest future well indeed see a significant increase in incidents involving high-quality deepfakes. And judging by the content of darkweb forum posts, cybercriminals are seeking high-quality results. Despite open availability of deepfake creation tools, crooks are looking only for creators who can produce high-quality videos with perfect sound and no lags between video and audio. Darkweb posts seeking someone who can create a deepfake. Source: Digital footprint intelligence A significant proportion of deepfake search ads is related to this or that cryptoscam. Usually, those are connected with cryptocurrency giveaway scams, but sometimes weve seen more peculiar ads. For example, we came across a post that was seeking a professional who could create a high-quality deepfake video that could be used to bypass Binances face-recognition verification system. So cybercriminals are trying to use deepfakes to circumvent biometric security systems and access victims accounts to steal money directly. As for supply — the cost of creating or purchasing ready-made deepfakes varies depending on the complexity of a given project and the quality of the final product. The notability of the impersonated object can also influence the price tag (usually celebrities or political figures). Prices-per-minute of deepfake video can range from $300 to $20,000. If the buyer is ready to pay, deepfake creators can offer videos that are incredibly realistic and can convey authentic emotions, making them indistinguishable from genuine footage. Here are those shining examples we promised earlier. Vitalik Buterin impersonation We discovered a supplier who offered a premium service for creating a high-quality deepfake of Etherium co-founder Vitaly Buterin, complete with fully synthesized voice and video. It was made clear that production wouldnt simply involve dubbing existing videos, but rather a full production service, with the supplier claiming that Vitalik is ready for any of your fantasies. The estimated video production time at this service was less than two weeks, with the final product being an English-language video that would cost $20,000 per minute. Darkweb offer: a deepfake of Vitaly Buterin. Source: Digital footprint intelligence Cryptofraud broadcasts Another provider boasts being able to make the highest quality deepfakes for the purpose of cryptocurrency fraud. Their service includes creating Cryptostreams or Fake Crypto Giveaways, a popular scam where fraudsters collect cryptocurrency by broadcasting cryptocurrency fake giveaway shows, promising to double any cryptocurrency payment sent to them. To create such deepfakes, scammers usually use footage of celebrities to launch fake live streams on social media platforms. The provider even shows a pre-generated page where victims are asked to transfer anywhere from 2500 to a million XRP with the promise of doubling their payment. As a result, a victim can lose from $1000 to $460,000. Darkweb offer: deepfake videos for cryptostreams. Source: Digital footprint intelligence Fake porn videos Another branch of the deepfake production industry is fake-porn creation. Usually the fake porn is just regular porn videos with swapped faces, made for various reasons: sometimes just for entertainment, but they also can be used for much more sinister purposes like online harassment, cyberbullying or blackmail. Also some deepfake creators are making tutorials on how to make these fake porn videos, with advice on how to select source material and how to swap faces to create a convincing fake. Darkweb post with a tutorial on deepfake porn creation. Source: Digital footprint intelligence Possible consequences Use of deepfakes for criminal purposes can impact our lives in so many ways. It poses a serious threat for individuals, organizations, and society as a whole. Furthermore, the fact that any internet story or news article can be a deepfake sows mistrust for any publicly available information — inducing paranoia and insecurity. Some of the potential consequences of deepfake use include: Disinformation Deepfakes can be used for the mass spreading of false information and manipulation of public opinion. They can be used to create fake news stories, political propaganda, or misleading advertising. This can have serious consequences for public trust. Examples: One of the most harmless instances of deepfake usage was the story of super-realistic photo-evidence reportage of the Great Cascadia earthquake circulating the web, an event that never even took place. But there was a far more dangerous instance — curiously, not of deepfake usage itself, but the mere suspicion that a deepfake had been used, in Gabon in 2018. Back then there was a rumor that Gabonese President Ali Bongo had fallen seriously ill. In response, the Gabonese government released a video that was suspected to be a deepfake — causing further tension and fueling suspicions that the government was hiding something. This belief was cited as one of the reasons for a coup attempt a week later. Cyber fraud Deepfakes are used for all kinds of cyberfraud — from above-mentioned giveaway cryptoscams, to those ending with targeted attacks on businesses. Examples: An artificially created video of Elon Musk promising high returns from a dubious cryptocurrency investment scheme went viral last year, leading users to lose all their money. In 2019, fraudsters created a convincing audio deepfake of a major UK energy firms CEOs voice. They tricked a senior executive at the company into transferring €220,000 ($243,000) to a Hungarian supplier. The executive believed that he was following the CEOs instructions, but in fact the recording was fake. Reputation damage and privacy violations Deepfakes can be used to damage the reputation of individuals or organizations. For example, a deepfake video can be created to depict someone engaging in illegal or immoral activities. This can lead to reputational damage and or personal harm. Example: Deepfake videos of actress Scarlett Johansson surfaced online, showing her face superimposed onto the bodies of pornographic actresses in explicit scenes. In fact, this was a deepfake video created with private photos leaked earlier in 2011. Her representative called it a gross violation of her rights and said she was exploring legal options to have them removed. The above-mentioned incident with the energy firm CEO also led to significant reputation loss due to the fact that the employee was tricked into transferring those funds. As news of the scam spread, the companys customers expressed concerns about the companies ability to provide security of their data and financial information. Identity theft Weve already mentioned a darkweb ad searching for means to circumvent biometric authentication. Not every service has face a recognition verification system, but deepfake can help even with regular customer support services. Heres how this could work: first, the cybercriminal would obtain personal information of the target account owner: their name, address, phone number, etc. Theyd then contact the payment service provider and claim to be the account owner whos lost access to their account or is experiencing technical difficulties. To verify identity, the payment service provider may request a video or audio recording of the account owner performing a specific action. Using collected data, crooks may create a deepfake video or audio impersonating the real account owner performing the requested action. As a result, the payment service provider could be tricked into granting them access to the account and its associated funds. How to stay safe The most obvious but depressing advice is simply never trust your eyes or ears ever again. However, there is hope. The same artificial intelligence technologies that are helping create deepfakes, can be used to distinguish genuine videos, pictures and audio from the fakes. And such tools are slowly emerging on the market. Lets hope that in the nearest future media outlets, messengers and maybe even browsers will be equipped with such technologies. For businesses, we have some more practical advice: you can predict, to a some extent, certain deepfake attacks on your staff and/or customers by knowing about how cybercriminal activities on the darkweb may affect you with the help of our Kaspersky Digital Footprint Intelligence. Among many other things, it can provide near real-time information on global security events that are threatening specifically your assets, as well as track exposed sensitive data on restricted underground communities and forums. You can learn more about this service here.

image for Feds Take Down 13 Mo ...

 DDoS-for-Hire

The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to “booter” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it   show more ...

charged six U.S. men with computer crimes for allegedly operating booters. Booter services are advertised through a variety of methods, including Dark Web forums, chat platforms and even youtube.com. They accept payment via PayPal, Google Wallet, and/or cryptocurrencies, and subscriptions can range in price from just a few dollars to several hundred per month. The services are generally priced according to the volume of traffic to be hurled at the target, the duration of each attack, and the number of concurrent attacks allowed. The websites that saw their homepages replaced with seizure notices from the FBI this week include booter services like cyberstress[.]org and exoticbooter[.]com, which the feds say were used to launch millions of attacks against millions of victims. “School districts, universities, financial institutions and government websites are among the victims who have been targeted in attacks launched by booter services,” federal prosecutors in Los Angeles said in a statement. Purveyors of booters or “stressers” claim they are not responsible for how customers use their services, and that they aren’t breaking the law because — like most security tools — these services can be used for good or bad purposes. Most booter sites employ wordy “terms of use” agreements that require customers to agree they will only stress-test their own networks — and that they won’t use the service to attack others. But the DOJ says these disclaimers usually ignore the fact that most booter services are heavily reliant on constantly scanning the Internet to commandeer misconfigured devices that are critical for maximizing the size and impact of DDoS attacks. What’s more, none of the services seized by the government required users to demonstrate that they own the Internet addresses being stress-tested, something a legitimate testing service would insist upon. This is the third in a series of U.S. and international law enforcement actions targeting booter services. In December 2022, the feds seized four-dozen booter domains and charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services. In December 2018, the feds targeted 15 booter sites, and three booter store defendants who later pleaded guilty. While the FBI’s repeated seizing of booter domains may seem like an endless game of virtual Whac-a-Mole, continuously taking these services offline imposes high enough costs for the operators that some of them will quit the business altogether, says Richard Clayton, director of Cambridge University’s Cybercrime Centre. In 2020, Clayton and others published “Cybercrime is Mostly Boring,” an academic study on the quality and types of work needed to build, maintain and defend illicit enterprises that make up a large portion of the cybercrime-as-a-service market. The study found that operating a booter service effectively requires a mind-numbing amount of constant, tedious work that tends to produce high burnout rates for booter service operators — even when the service is operating efficiently and profitably. For example, running an effective booter service requires a substantial amount of administrative work and maintenance, much of which involves constantly scanning for, commandeering and managing large collections of remote systems that can be used to amplify online attacks, Clayton said. On top of that, building brand recognition and customer loyalty takes time. “If you’re running a booter and someone keeps taking your domain or hosting away, you have to then go through doing the same boring work all over again,” Clayton told KrebsOnSecurity. “One of the guys the FBI arrested in December [2022] spent six months moaning that he lost his servers, and could people please lend him some money to get it started again.” In a statement released Wednesday, prosecutors in Los Angeles said four of the six men charged last year for running booter services have since pleaded guilty. However, at least one of the defendants from the 2022 booter bust-up — John M. Dobbs, 32, of Honolulu, HI — has pleaded not guilty and is signaling he intends to take his case to trial. The FBI seizure notice that replaced the homepages of several booter services this week. Dobbs is a computer science graduate student who for the past decade openly ran IPStresser[.]com, a popular and powerful attack-for-hire service that he registered with the state of Hawaii using his real name and address. Likewise, the domain was registered in Dobbs’s name and hometown in Pennsylvania. Prosecutors say Dobbs’ service attracted more than two million registered users, and was responsible for launching a staggering 30 million distinct DDoS attacks. Many accused stresser site operators have pleaded guilty over the years after being hit with federal criminal charges. But the government’s core claim — that operating a booter site is a violation of U.S. computer crime laws — wasn’t properly tested in the courts until September 2021. That was when a jury handed down a guilty verdict against Matthew Gatrel, a then 32-year-old St. Charles, Ill. man charged in the government’s first 2018 mass booter bust-up. Despite admitting to FBI agents that he ran two booter services (and turning over plenty of incriminating evidence in the process), Gatrel opted to take his case to trial, defended the entire time by court-appointed attorneys. Gatrel was convicted on all three charges of violating the Computer Fraud and Abuse Act, including conspiracy to commit unauthorized impairment of a protected computer, conspiracy to commit wire fraud, and unauthorized impairment of a protected computer. He was sentenced to two years in prison. A copy of the FBI’s booter seizure warrant is here (PDF). According to the DOJ, the defendants who pleaded guilty to operating booter sites include: –Jeremiah Sam Evans Miller, aka “John The Dev,” 23, of San Antonio, Texas, who pleaded guilty on April 6 to conspiracy and violating the computer fraud and abuse act related to the operation of a booter service named RoyalStresser[.]com (formerly known as Supremesecurityteam[.]com); –Angel Manuel Colon Jr., aka “Anonghost720” and “Anonghost1337,” 37, of Belleview, Florida, who pleaded guilty on February 13 to conspiracy and violating the computer fraud and abuse act related to the operation of a booter service named SecurityTeam[.]io; –Shamar Shattock, 19, of Margate, Florida, who pleaded guilty on March 22 to conspiracy to violate the computer fraud and abuse act related to the operation of a booter service known as Astrostress[.]com; –Cory Anthony Palmer, 23, of Lauderhill, Florida, who pleaded guilty on February 16 to conspiracy to violate the computer fraud and abuse act related to the operation of a booter service known as Booter[.]sx. All four defendants are scheduled to be sentenced this summer. The booter domains seized by the FBI this week include: cyberstress[.]org exoticbooter[.]com layerstress[.]net orbitalstress[.]xyz redstresser[.]io silentstress[.]wtf sunstresser[.]net silent[.]to mythicalstress[.]net dreams-stresser[.]org stresserbest[.]io stresserus[.]io quantum-stress[.]org

 Incident Response, Learnings

This week's seizures are part of a coordinated international law enforcement effort (known as Operation PowerOFF) to disrupt online platforms allowing anyone to launch massive DDoS attacks against any target for the right amount of money.

 Malware and Vulnerabilities

A new malware known as NodeStealer can extract sensitive information of Facebook users. This malware allows cybercriminals to take over accounts on the platform as well as Gmail and Outlook accounts by stealing browser cookies. Facebook's engineers spotted the NodeStealer malware first in late January and linked the attacks to Vietnamese threat actors.

 Malware and Vulnerabilities

Experts at Cleafy disclosed nearly a four-year-long online fraud campaign that infected Windows systems in organizations using drIBAN, a web inject kit. Criminals attempted to alter legitimate banking transfers by changing the beneficiary details and redirecting the funds to their accounts. Organizations are suggested   show more ...

to be well aware of the evolving threats and make continuous efforts to enhance their security posture.

 Expert Blogs and Opinion

The idea with E2E encryption is that data is kept confidential between the encryptor and the intended receiver. This might seem an obvious requirement, but not all so-called secure systems offer this level of protection.

 Malware and Vulnerabilities

A newly discovered malware named KEKW has been found to be distributed through malicious open-source Python .whl (Wheel) files. This malware combines infostealers with clipper activities, allowing it to steal sensitive information from compromised systems and hijack cryptocurrency transactions.

 Expert Blogs and Opinion

Organizations need to be able to match the ingenuity and resources of cybercriminals to better defend themselves against the increasing number of threats and attacks that could paralyze their business.

 Malware and Vulnerabilities

VulCheck developed a new PoC exploit against the critical PaperCut bug earmarked CVE-2023-27350 that is capable of evading all known detection rules. The bug affects PaperCut MF or NG versions 8.0 and above, whose exploitation paves the way for unauthenticated RCE attacks. The bug has previously been exploited in ransomware attacks by Cl0p and LockBit groups.

 Breaches and Incidents

The city continues to recover and restore access to its computer-assisted dispatch system. The city’s municipal court system remains offline, and court hearings and trials have been suspended since Wednesday.

 Trends, Reports, Analysis

Over 62% of global CISOs are concerned about being held personally liable for successful cyberattacks that occur on their watch, and a similar share would not join organizations that fail to offer insurance to protect them, according to Proofpoint.

 Feed

This Metasploit module exploits security issues in ManageEngine ADAudit Plus versions prior to 7006 that allow authenticated users to execute arbitrary code by creating a custom alert profile and leveraging its custom alert script component. The module first runs a few checks to test the provided credentials, retrieve   show more ...

the configured domain(s) and obtain the build number of the target ADAudit Plus server. If the credentials are valid and the target is vulnerable, the module creates an alert profile that will be triggered for any failed login attempt to the configured domain. For versions prior to build 7004, the payload is directly inserted in the custom alert script component of the alert profile. For versions 7004 and 7005, the module leverages an arbitrary file write vulnerability (CVE-2021-42847) to create a Powershell script in the alert_scripts directory that contains the payload. The name of this script is then provided as the value for the custom alert script component of the alert profile. This module requires valid credentials for an account with the privileges to create alert scripts. It has been successfully tested against ManageEngine ADAudit Plus builds 7003 and 7005 running on Windows Server 2012 R2. Successful exploitation will result in remote code execution as the user running ManageEngine ADAudit Plus, which will typically be the local administrator.

 Feed

An SQL injection vulnerability affecting Spryker-based webshops was discovered in the order history search form. It can be exploited by authenticated attackers in order to retrieve information from the database (e.g. customer and administrator login information, order details, etc.). Depending on the configuration of   show more ...

the webshop, access to the file system or even execution of arbitrary commands on the database management system is possible. Version 1.0 is affected.

 Feed

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

 Feed

Ubuntu Security Notice 6062-1 - It was discovered that FreeType incorrectly handled certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.

 Feed

Red Hat Security Advisory 2023-2378-01 - PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Issues addressed include an information leakage vulnerability.

 Feed

Red Hat Security Advisory 2023-2177-01 - The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

 Feed

Red Hat Security Advisory 2023-2502-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP   show more ...

service required to enable and administer DHCP on a network. Issues addressed include a memory leak vulnerability.

 Feed

Red Hat Security Advisory 2023-2626-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2023-2148-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, bypass, denial of service, double free, memory leak, null pointer, out of bounds read, privilege escalation, traversal, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2023-2458-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, bypass, denial of service, double free, memory leak, null pointer, out of bounds read, privilege escalation, traversal, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2023-2256-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2023-2367-01 - The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.

 Feed

Red Hat Security Advisory 2023-2165-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include double free, privilege escalation, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2023-2366-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news.

 Feed

Red Hat Security Advisory 2023-2258-01 - Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2023-2260-01 - GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Issues addressed include a buffer overflow vulnerability.

 Feed

Cybersecurity researchers have shed light on a new ransomware strain called CACTUS that has been found to leverage known flaws in VPN appliances to obtain initial access to targeted networks. "Once inside the network, CACTUS actors attempt to enumerate local and network user accounts in addition to reachable endpoints before creating new user accounts and leveraging custom scripts to automate

 Feed

Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft said. The tech giant's threat intelligence team said it observed both Mango Sandstorm (Mercury) and Mint Sandstorm (Phosphorus) weaponizing CVE-2023-27350 in their operations to achieve initial access. "This activity shows Mint

 Feed

A gambling company in the Philippines was the target of a China-aligned threat actor as part of a campaign that has been ongoing since October 2021. Slovak cybersecurity firm ESET is tracking the series of attacks against Southeast Asian gambling companies under the name Operation ChattyGoblin. "These attacks use a specific tactic: targeting the victim companies' support agents via chat

 Feed

In the fast-paced cybersecurity landscape, product security takes center stage. DevSecOps swoops in, seamlessly merging security practices into DevOps, empowering teams to tackle challenges. Let's dive into DevSecOps and explore how collaboration can give your team the edge to fight cyber villains. Application security and product security Regrettably, application security teams often intervene

 Feed

The advanced persistent threat (APT) actor known as SideWinder has been accused of deploying a backdoor in attacks directed against Pakistan government organizations as part of a campaign that commenced in late November 2022. "In this campaign, the SideWinder advanced persistent threat (APT) group used a server-based polymorphism technique to deliver the next stage payload," the BlackBerry

 Feed

U.S. authorities have announced the seizure of 13 internet domains that offered DDoS-for-hire services to other criminal actors. The takedown is part of an ongoing international initiative dubbed Operation PowerOFF that's aimed at dismantling criminal DDoS-for-hire infrastructures worldwide. The development comes almost five months after a "sweep" in December 2022 dismantled 48 similar services 

2023-05
Aggregator history
Tuesday, May 09
MON
TUE
WED
THU
FRI
SAT
SUN
MayJuneJuly