Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for U.S. Deepens Crackdo ...

 Cyber News

The U.S. Treasury Department today sanctioned five individuals and one entity associated with the Intellexa Consortium for their role in “developing, operating, and distributing commercial spyware technology that resents a significant threat to the national security of the United States.” Today’s action by the   show more ...

department’s Office of Foreign Assets Control (OFAC) follows a similar action in March that alleged that the consortium’s “Predator” spyware had been used to target U.S. government officials, journalists, and policy experts. “The proliferation of commercial spyware poses distinct and growing security risks to the United States and has been misused by foreign actors to enable human rights abuses and the targeting of dissidents around the world for repression and reprisal,” the Treasury Department said in March. New Sanctions Against Predator Spyware Maker Intellexa The March action targeted Intellexa founder Tal Jonathan Dilian, corporate off-shoring specialist Sara Aleksandra Fayssal Hamou, and Intellexa entities in Greece, Macedonia, Ireland and Hungary. The new sanctions target other actors in the Intellexa organization, including: Felix Bitzios, the beneficial owner of an Intellexa Consortium company that OFAC said was used to supply Predator spyware to a foreign government client; Andrea Nicola Constantino Hermes Gambazzi, beneficial owner of Thalestris Limited and Intellexa Limited; Merom Harpaz, a top executive of the Intellexa Consortium; Panagiota Karaoli, the director of multiple Intellexa Consortium entities; Artemis Artemiou, general manager and member of the board of Cytrox Holdings Zartkoruen Mukodo Reszvenytarsasag; and Aliada Group Inc., a British Virgin Islands-based company and member of the Intellexa Consortium. The U.S. action means that all property and interests in property of the designated persons that are in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC, as well as any entities that are 50 percent or more owned by one or more blocked persons. Financial institutions and individuals who engage in transactions or activities with the sanctioned entities and individuals “may expose themselves to sanctions or be subject to an enforcement action.” “The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and civil liberties of our citizens,” Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith said in a statement. “We will continue to hold accountable those that seek to enable the proliferation of exploitative technologies, while also encouraging the responsible development of technologies that align with international standards.” In a statement, State Department spokesman Matthew Miller said, “The United States remains steadfast in its commitment to use all available tools to counter the misuse of sophisticated surveillance technologies. These designations build upon previous sanctions announced on March 5, among other accountability measures including export controls and visa restrictions. We will continue to counter the proliferation and misuse of commercial spyware as we create a pathway for the responsible development of technologies that aligns with the protection of human rights, privacy, and democratic values around the world.” Action Follows Spyware Activity by Russian Threat Actors Predator spyware can be used to gain access to data stored and transmitted from a target’s device through one-click and zero-click attacks that require no user interaction for the spyware to infect the device. A 2023 report by Amnesty International called Predator “a form of highly invasive spyware that by default gains total access to all data stored or transmitted from the target’s device, and that is designed to leave no traces on the target device, which would render any independent audit of potential abuses impossible.” Russian state hackers were recently observed deploying exploits that bear an “identical or strikingly similar” resemblance to those from spyware companies NSO Group and Intellexa, raising concerns about the possible spread of commercial spyware to state-backed threat actors. The U.S. action comes just days after Apple filed a motion to dismiss its lawsuit against NSO Group because of concern that the case could put “vital security information” at risk. NSO, Candiru, Positive Technologies and Singapore's Computer Security Initiative Consultancy were sanctioned by the U.S. Commerce Department in 2021.

image for Port of Seattle Conf ...

 Press Release

The Port of Seattle has officially confirmed that a cyberattack that disrupted its operations at the Seattle-Tacoma International Airport (SEA) in late August was a ransomware attack. While the Port initially downplayed the incident, its recent statements acknowledge the attack's severity and ongoing recovery   show more ...

efforts. On September 15, 2024, the Port of Seattle released an official statement blaming the notorious "Rhysida" ransomware group as perpetrators of the August 24 attack. The Rhysida group orchestrated the notable 2023 British Library cyberattack and Insomniac Games data breach. It has also targeted many organizations, including some in the US healthcare sector, and the Chilean army. While recovery efforts continue, the Port has warned about a potential data breach after its investigation found some data to have been exfiltrated by the threat actor. Port of Seattle Ransomware Attack in Detail In its statement, Port of Seattle wrote, “On August 24, 2024, the Port of Seattle identified system outages consistent with a cyberattack. It was a fast-moving situation, and Port staff worked to quickly isolate critical systems. Since that time, Port staff have been working around the clock to ensure that our partners and travelers who use our gateways safely and securely reach their destinations and utilize our facilities.” [caption id="attachment_89984" align="alignnone" width="772"] Port's Statement confirming ransomware attack. Source: X[/caption] Blaming Rhysida for the attack, Port of Seattle said, “This incident was a “ransomware” attack by the criminal organization known as Rhysida. The efforts our team took to stop the attack on August 24, appear to have been successful.” The Port claimed that there was no new unauthorized activity on its systems since the attack, but it remained on “heightened alert” and was continuously monitoring its systems which has still not been restored completely. "From day one, the Port prioritized safe, secure and efficient operations at our facilities. We are continuing to make progress on restoring our systems," the statement read. Data Breach Concerns While the Port initially downplayed the impact of the attack, they have since acknowledged the possibility of data exfiltration.  With the Port refusing to pay ransom to the Rhysida group, it said some of its data may be at risk of being posted online. “Our investigation has determined that the unauthorized actor was able to gain access to certain parts of our computer systems and was able to encrypt access to some data,” the release said. “We took steps to block further activities including disconnecting our systems from the internet, but unfortunately, the encryption and our response actions hindered some port services including baggage, check-in kiosks, ticketing, Wi-Fi, passenger display boards, the Port of Seattle website, the flySEA app, and reserved parking.” The Port has not commented on the specific type of data that may have been compromised, raising concerns for passengers and airport personnel. “Assessment of the data taken is complex and takes time, but we are committed to these efforts and notifying potentially impacted stakeholders as appropriate,” the release said. “In particular, if we identify that the actor obtained employee or passenger personal information, we will carry out our responsibilities to inform them.” The Port added that it has involved forensic specialists and is “actively supporting law enforcement’s investigation of the attacker.” Impact on Airport Operations The ransomware attack caused significant disruptions at SEA, impacting a wide range of airport operations. Passengers faced delays and frustrations as critical systems went offline. According to news reports, "The attack and the Port's response to isolate critical systems resulted in an outage that shut down WiFi at the airport, caused delays to baggage services, and disrupted many screens inside the terminal showing flight information." Airport workers resorted to manual processes to manage operations such as writing flight numbers and carousel locations on large sheets of paper and issuing handwritten boarding passes and bag tags. However, the airport and Port’s websites are still down. Other services such as the airport’s lost and found and visitor pass program are still not accessible. [caption id="attachment_89986" align="alignnone" width="1025"] Source: Port of Seattle Website[/caption] Rhysida Group’s Inglorious Past The Rhysida group is known to encrypt data on victims’ systems and threaten to make it publicly available unless a ransom is paid. The group uses eponymous ransomware-as-a-service techniques, targets large organizations rather than making random attacks on individuals, and demands large sums of money to restore data. While the Port of Seattle recovers from this attack, the long-term consequences remain to be seen. The cyberattack highlights the growing threat of ransomware attacks targeting critical infrastructure. This incident underscores the need for robust cybersecurity measures and international collaboration to combat cybercrime. The Port of Seattle's experience serves as a valuable case study for other organizations, emphasizing the importance of cyber preparedness and incident response strategies.

image for Australian Law Firms ...

 Firewall Daily

Australian law firms are facing a critical juncture in their cybersecurity preparedness, according to the latest findings from the 2024 State of CyberSecurity in Law Report. Conducted by AUCyber in partnership with LexVeritas and the Australasian Legal Practice Management Association (ALPMA), the report surveyed 140   show more ...

law firms. The results reveal that cybersecurity in law firms is now seen as the most pressing operational challenge for over half of these firms.  2024 State of Cybersecurity in Law Report The 2024 report highlights a notable rise in cyberattacks on Australian law firms. Specifically, 21% of respondents reported being targeted by cybercriminals in the past year—a 7% increase from the previous year. The prevalence of phishing attacks is particularly alarming, impacting 81% of the firms surveyed, marking a 14% increase from the year before. The data further highlights a significant rise in various cyber threats. Spoofing attacks have seen a dramatic increase, jumping from 23% to 35%. Similarly, malware attacks have surged, rising from 17% to 27%. Additionally, identity-based attacks have also grown notably, with their prevalence increasing from 25% to 35%. Despite these online threats, there remains a gap in cybersecurity readiness among legal firms. The report indicates that 18% of firms feel their current protective measures are inadequate, while 26% are unsure about their defense capabilities. Consequently, only 56% of firms expressed confidence in their existing cybersecurity protocols. Australian Law Firms are Critically Unprepared Peter Maloney, CEO of AUCyber, expressed grave concern about the findings. Some Australian law firms are dangerously underprepared," he stated. The fact that 18% of respondents believe their firm is not doing enough to protect itself from a cyber-attack, and 26% are uncertain about their current protections, is troubling. Without robust and effective cybersecurity measures, firms face severe operational disruptions, financial losses, and irreparable reputational damage. Emma Elliott, CEO of ALPMA, also highlighted the urgent need for action. Our latest research underscores the importance of enhancing cyber defenses within the legal industry," she remarked. Law firms must prioritize the strengthening of their cyber resilience through comprehensive solutions, robust employee training programs, and expert guidance to safeguard against the growing threat landscape." Maloney further emphasized the necessity for substantial investment in cyber protection. Law firms should be investing in comprehensive detection and protection solutions, ongoing training, and specialist assistance with governance, risk assessment, and regulatory compliance," he advised. At a minimum, all law firms should implement a cybersecurity strategy that includes 24/7 detection monitoring, phishing simulation, regular patching and maintenance of software and hardware, a documented and tested incident response plan, and staff education on recognizing and mitigating attacks.

image for CBI-FBI Join Hands t ...

 Vulnerability News

India’s Central Bureau of Investigation (CBI), acting on a tip-off by the U.S. Federal Bureau of Investigation (FBI), has dismantled a virtual asset and bullion-supported cybercrime network in the country. Since 2022, the network has been perpetrating a variety of cybercrimes, such as fraud, extortion, and money   show more ...

laundering, against victims in many countries. A key member of the cybercrime syndicate, identified as Vishnu Rathi, was arrested from Mumbai at the end of the operation. The CBI conducted a lot of investigations and raids before they caught Rathi. The raids uncovered significant evidence of the network's activities, including 57 gold bars, Rs 16 lakh ($19074.42 approx) in cash, mobiles and laptops used to manage the cryptocurrencies, details of bank lockers, documents and other incriminating material used in the cybercrime. Modus Operandi of the Cybercrime Network The cybercrime syndicate employed a set modus operandi to target victims. They would frequently employ social engineering or phishing tactics to gain unauthorized access to the bank accounts and computers of their victims. After gaining access, the syndicate would manipulate victims into believing that their accounts had been compromised and would require urgent attention. The perpetrators would then convince victims to transfer funds to the syndicate's cryptocurrency wallets, claiming it was necessary to protect their money. In one instance, the syndicate successfully defrauded a woman in the U.S. out of USD 453,953 (approximately Rs 3.81 crore). CBI's Investigation and Raids The woman, who was defrauded, filed a complaint to the FBI. The FBI and the CBI collaborated on an operation which was facilitated through Interpol channels. The Indian agency then launched its investigation into the cybercrime network. The CBI’s International Operations Division filed a case against Rathi and his associates on September 9, 2024, initiating an extensive investigation into the syndicate's activities. A vast network of financial transactions involving virtual assets and bullion was uncovered during raids conducted at multiple locations in Mumbai and Kolkata on September 12 and 13 that were linked to Rathi. The gold bars, cash, and electronics that were seized provided crucial evidence of the network's operations.  Rathi has been charged under Indian Penal Code (IPC) Sections 120-B (imprisonment up to six months or fine or both), 420 (cheating and dishonestly inducing someone to deliver property), and IT Act Sec. 66D and 75 (cheating by impersonation using a computer or communication device). Further investigations are underway to identify other victims and trace the proceeds of the crimes. The CBI's investigation is ongoing, and further arrests and prosecutions are expected. The agency is working to identify additional victims of the cybercrime network and trace the flow of stolen funds.

image for A Wake-Up Call for A ...

 Firewall Daily

A hacker identified as Amadon has demonstrated a ChatGPT hack, revealing how the AI can be manipulated to produce dangerous content, including a detailed bomb-making guide. Amadon’s trick, termed as the “ChatGPT hack,” involved exploiting a flaw in the AI’s safety protocols. Instead of directly breaching   show more ...

ChatGPT’s systems, Amadon used a advanced form of social engineering. By engaging the AI in a carefully constructed science-fiction scenario that sidestepped its standard safety constraints, he managed to bypass the built-in restrictions and extract hazardous information. Breaking Down the Infamous ChatGPT Hack The process of this ChatGPT hack was not a conventional hack but rather a strategic manipulation. Initially, ChatGPT adhered to its safety guidelines, rejecting the request with a statement: “Providing instructions on how to create dangerous or illegal items, such as a fertilizer bomb, goes against safety guidelines and ethical responsibilities.” Despite this, Amadon was able to craft specific scenarios that led the AI to override its usual restrictions. Amadon described his technique as a “social engineering hack to completely break all the guardrails around ChatGPT's output.” He employed a method of weaving narratives and contexts that effectively tricked the AI into providing dangerous instructions. “It’s about weaving narratives and crafting contexts that play within the system’s rules, pushing boundaries without crossing them,” Amadon explained. His approach required a deep understanding of how ChatGPT processes and responds to different types of input. This revelation has raised critical questions about the effectiveness of AI safety measures. The incident highlights a fundamental challenge in AI development: ensuring that systems designed to prevent harmful outputs are not susceptible to clever manipulation. While Amadon’s technique was innovative, it exposed a vulnerability that could potentially be exploited for malicious purposes. OpenAI Response to the ChatGPT Hack OpenAI, the organization behind ChatGPT, responded to the discovery by noting that issues of model safety are not easily resolved. When Amadon reported his findings through OpenAI’s bug bounty program, the company acknowledged the seriousness of the issue but did not disclose the specific prompts or responses due to their potentially dangerous nature. OpenAI emphasized that model safety challenges are complex and require ongoing efforts to address effectively. This situation has ignited a broader debate about the limitations and vulnerabilities of AI safety systems. Experts argue that the ability to manipulate AI tools like ChatGPT to generate harmful content highlights the need for continuous improvement and vigilance. The potential for misuse of such technology highlights the importance of developing more robust safeguards to prevent similar exploits in the future. Amadon’s exploration of AI security reflects a nuanced understanding of the challenges involved. “I’ve always been intrigued by the challenge of navigating AI security. With ChatGPT, it feels like working through an interactive puzzle — understanding what triggers its defenses and what doesn’t,” he said. His approach, while demonstrating a sophisticated grasp of AI interactions, also highlights the necessity of maintaining rigorous oversight to ensure the ethical use of these technologies.

image for Australia Faces Surg ...

 Cyber News

The Office of the Australian Information Commissioner (OAIC) has released new statistics revealing that the first half of 2024 saw the highest number of data breach notifications in three and a half years. From January to June 2024, the OAIC report stated that it received 527 notifications of data breaches—a   show more ...

notable increase of 9% compared to the previous six months and the highest since the second half of 2020 in Australia. Cybersecurity incidents continue to be the leading cause of data breaches, accounting for 38% of all reported cases. Cyber threats such as compromised credentials, ransomware, and phishing attacks remain prevalent, highlighting the urgent need for strong cybersecurity measures. Organizations are reminded to stay vigilant and adapt their defenses as threats evolve. Data Breaches Significant Impact on Australians  The scale of data breaches in the first half of 2024 has been striking. While 63% of breaches affected 100 or fewer individuals, there was one incident involving a staggering 12.9 million Australians. This data breach, associated with MediSecure, represents the largest number of Australians affected by a single breach since the Notifiable Data Breaches (NDB) scheme was introduced. This incident is only the second recorded breach impacting over 10 million individuals, emphasizing the severe nature of such breaches. Australian Privacy Commissioner Carly Kind commented on the situation: “Almost every day, my office is notified of data breaches where Australians are at likely risk of serious harm. This harm can range from an increase in scams and the risk of identity theft to emotional distress and even physical harm.” Commissioner Kind stressed that privacy and security measures must evolve to keep pace with the growing threats to Australians’ personal information. Main Causes and Sectors Affected The report reveals that malicious and criminal attacks were responsible for 67% of data breaches, with 57% of these breaches classified as cybersecurity incidents. The health sector and Australian Government were the most frequently affected sectors, reporting 19% and 12% of breaches, respectively. This highlights vulnerabilities in both private and public sectors, reinforcing the need for comprehensive security strategies across all sectors. Commissioner Kind emphasized the evolving expectations placed on organizations six years after the launch of the NDB scheme. She remarked, “The Notifiable Data Breaches scheme is now mature, and we are moving into a new era in which our expectations of entities are higher.” The recent enforcement actions against organizations like Medibank and Australian Clinical Labs underline the importance of prioritizing personal information security and complying with breach notification requirements. Strengthening Privacy Frameworks In response to the rising number of data breaches, the Australian Government has introduced the Privacy and Other Legislation Amendment Bill 2024. This proposed legislation aims to enhance the OAIC’s enforcement capabilities by introducing an enhanced civil penalty regime and infringement notice powers. It also seeks to clarify existing security obligations by amending Australian Privacy Principle 11 to explicitly require organizations to implement technical and organizational measures—such as data encryption, securing system access, and staff training—to address information security risks. The OAIC has expressed support for these measures, viewing them as a critical step toward strengthening Australia’s privacy framework. However, further reforms aligned with the Government’s response to the Privacy Act Review are still needed to bolster security across the economy and improve the effectiveness of the NDB scheme. Commissioner Kind stated, “We would like to see all Australian organizations be required to build the highest levels of security into their operations to protect Australians’ personal information to the maximum extent possible.” The OAIC’s commitment to enforcing compliance and providing guidance to organizations remains steadfast as they navigate these evolving challenges.

image for 23andMe Settles Data ...

 Firewall Daily

23andMe has reached a $30 million settlement to resolve a lawsuit related to a data breach that exposed the personal information of 6.9 million customers. The 23andMe data breach, which unfolded over approximately five months starting in April 2023, has prompted the company to also offer three years of security   show more ...

monitoring to affected individuals.  This settlement aims to address accusations that 23andMe failed to adequately protect its customers' privacy and did not inform certain groups that their data was specifically targeted by hackers. The legal resolution, which was preliminarily filed in federal court in San Francisco late Thursday, is pending final approval from the judge.  Massive Settlement in 23andMe Data Breach Case The proposed settlement includes cash payments to customers whose data was compromised, alongside enrollment in a Privacy & Medical Shield + Genetic Monitoring program for three years. This program is designed to provide ongoing protection and monitoring in response to the 23andMe data breach. 23andMe has described the settlement as fair, adequate, and reasonable in a Friday court filing. The company also noted its “extremely uncertain financial condition” and requested that the judge pause arbitrations by tens of thousands of class members until the settlement is either approved or they choose not to participate. The company believes that this settlement is in the best interest of its customers and anticipates that approximately $25 million of the settlement costs will be covered by its cyber insurance. The 23andMe cyberattack affected nearly half of the 14.1 million customers in the company's database at the time. Hackers accessed 5.5 million DNA Relatives profiles, which allow customers to connect and share information, as well as data from 1.4 million customers using the Family Tree feature. Response to the 23andMe Cyberattack The plaintiffs’ lawyers have indicated that the settlement addresses the core issues raised by their clients and reflects the risks associated with further litigation, especially given 23andMe's financial struggles. The company reported a loss of $69.4 million on revenue of $40.4 million for the quarter ending June 30.  In response to these financial pressures, 23andMe’s co-founder and Chief Executive Anne Wojcicki has been attempting to take the company private, following its initial public offering at $10 per share. Since mid-December, the company’s shares have been trading below $1. The case, titled In re 23andMe Inc Customer Data Security Breach Litigation, is being heard in the U.S. District Court for the Northern District of California under case number 24-md-03098. The plaintiffs' legal team may seek up to 25% of the settlement amount in legal fees.

image for Kaspersky AI Technol ...

 Business

For nearly two decades, Kaspersky has been at the forefront of integrating artificial intelligence (AI), particularly machine learning (ML), into its products and services. Our deep expertise and experience in applying these technologies to cybersecurity, coupled with our unique datasets, efficient methods, and   show more ...

advanced model-training infrastructure form the bedrock of our approach to solving complex ML challenges. Our Kaspersky AI Technology Research Center brings together data scientists, ML engineers, threat experts, and infrastructure specialists to tackle the most challenging tasks at the intersection of AI/ML and cybersecurity. This includes not only the development of applied technologies but also research into the security of AI algorithms, including the use of promising approaches such as neuromorphic ML, AI risk awareness, and much more. Our technologies and products At Kaspersky weve developed a wide range of AI/ML-powered threat detection technologies, primarily for identifying malware. These include a deep neural network algorithm for detecting malicious executable files based on static features, decision-tree ML technology for automated creation of detection rules that work on user devices, and neural networks for detecting malicious behavior of programs during execution. We also utilize a system for identifying malicious online resources based on anonymous telemetry received from solutions installed on customer devices and other sources. You can read more about them in our white paper Machine Learning for Malware Detection. Other models – such as the ML model for detecting fake websites and DeepQuarantine for quarantining suspected spam emails – protect users from phishing and spam threats. KSNs cloud infrastructure makes our AI developments available almost instantly to both home and enterprise users. Guided by the promise of generative AI, particularly large language models (LLM), weve built an infrastructure to explore its capabilities and rapidly prototype new solutions. This infrastructure, which deploys LLM tools akin to ChatGPT, is not only accessible to employees across all departments for everyday tasks but also serves as a basis for new solutions. For example, our Kaspersky Threat Intelligence Portal will soon have a new LLM-based OSINT capability that will quickly deliver threat report summaries for specific IoCs. To enhance the security of our customers infrastructures, were actively developing AI technologies tailored to our flagship corporate products and services. For several years now, the AI Analyst in Kaspersky Managed Detection and Response has been helping to reduce the workload of SOC teams by automatically filtering out false positives. Last year alone, this technology closed over 100,000 alerts without human intervention. This allows SOC experts to respond to real threats faster and devote more time to investigating complex cases and proactively hunting for threats. Another of our solutions – AI-based host risk scoring in Kaspersky SIEM (Kaspersky Unified Monitoring and Analysis platform) and Kaspersky XDR – uses ML algorithms to search for suspicious host behavior without the need to transfer data outside a company. Another key area of Kasperskys development is the use of AI/ML in industrial environments. This includes Kaspersky MLAD (Machine Learning for Anomaly Detection) – a predictive analytics software solution that automatically recognizes early (hidden) signs of impending equipment failure, process disruption, human error or cyberattack in telemetry signals. By continuously training the neural network, MLAD analyzes the stream of atomic events from the object, structures them into patterns and identifies abnormal behavior. Another of our projects is Kaspersky Neuromorphic Platform (KNP) – a research project and software platform for AI solutions based on spiking neural networks and AltAI, the energy-efficient neuromorphic processor developed by Russian-based Motive Neuromorphic Technologies (Motive NT) in collaboration with Kaspersky. The widespread adoption of AI technologies requires security control, which is why weve also established an AI security team. It offers a range of services aimed at ensuring reliable protection of AI systems and thwarting potential threats to data, business processes and AI infrastructure. Our people In the past, ML-based tasks were performed by departments directly involved in detecting specific threats. However, with the growing number of tasks and the increasing importance of ML technologies, we decided to hive off our expertise in AI-based systems to a separate Expertise Center: Kaspersky AI Technology Research. This resulted in the creation of three main teams that drive the use of AI at Kaspersky: The Detection Methods Analysis Group develops ML algorithms for malware detection in collaboration with the Global Research and Analysis Team (GReAT) and the Threat Research Center. Their AI systems for both static and behavior-based malware detection directly contribute to the security of our users. Technology Research, under the Future Technologies Department, specializes in: researching promising AI technologies; developing Kaspersky MLAD and KNP; developing the next-generation AltAI neuromorphic processor in collaboration with Motive NT; and providing AIST services for AI security. The MLTech team is responsible for developing the corporate ML infrastructure for training ML models, creating content threat detection models (phishing and spam), and implementing AI technologies, including LLM-based, into our advanced corporate services and solutions, such as MDR, Kaspersky SIEM (Unified Monitoring and Analysis platform), and Kaspersky XDR. This doesnt mean that our AI expertise is limited to the above teams. The field of AI is currently so complex and multifaceted that its impossible to concentrate all the know-how in a few research groups. Other teams also make significant contributions to the Expertise Centers work, and apply ML in many tasks: machine vision technologies in the Antidrone team; research into AI coding assistants in the CoreTech and KasperskyOS departments; APT search in GReAT; and AI legislation study in the Government Relations team. Our research and patents The uniqueness of our AI technologies is underscored by the dozens of patents weve obtained worldwide. First and foremost, these are patents for detection technologies, such as malware detection based on program behavior logs, detection of malicious servers in telemetry, fake websites, and spam with the aid of ML. But the Kaspersky portfolio covers a much wider range of tasks: technologies for improving datasets for ML, anomaly detection, and even searching for suspicious contacts of kids in parental control systems. And, of course, we are actively patenting our AI technologies for industrial systems and unique neural network approaches to processing event streams. In addition, Kaspersky actively shares its AI expertise with the community. Some studies, such as those on monotonic ML algorithms or the application of neural networks for spam detection, are published as academic papers at leading ML conferences. Others are published on specialized portals and at information security conferences. For example, we publish research on the security of our own AI algorithms, in particular attacks on spam detection and malware detection algorithms. We study the application of neural networks for time series analysis and explore the use of neuromorphic networks in industry-relevant tasks. Our Kaspersky Neuromorphic Platform (KNP) is open-source software that will be available for use and development by the entire ML community. The topic of secure AI development and application is of fundamental importance to us, as we need to be able to trust our algorithms and be confident in their reliability. Other topics we cover include our participation in cybersecurity challenges that simulate attacks on ML systems and the use of advanced technologies such as LLMs to detect threats in system logs and phishing links. We also talk about threats to generative AI, including from a privacy standpoint, attacks on various LLM-based systems, the use of AI by attackers, and the application of our technologies in SOCs. Sometimes we open the door and reveal our inner workings, talking about the process of training our models and even the intricacies of assessing their quality.   Raising awareness Finally, the most important function of the Kaspersky AI Technology Research Center is to raise awareness among our customers and the general public about the pros and cons of AI technologies and the threats they pose. Our experts at the Expertise Center demonstrate the dangers of deepfake videos. We talk about the finer points of AI usage (for example, how ChatGPT affects the process of hiring developers) and share our experiences through webinars and roundtable discussions. The FT Technology Research team organizes conferences on neuromorphic technologies with a separate track devoted to AI security issues, including systems based on the neuromorphic approach. Together with our partner, the Institute for System Programming of the Russian Academy of Sciences (ISP RAS), were researching various attack vectors on neural networks in the areas of Computer Vision, LLM, and Time Series, and ways to protect them. As part of Kasperskys industrial partnership with ISP RAS, the team is testing samples of trusted ML frameworks. Were also involved in the development of educational courses, including a module on the use of AI in cybersecurity at Bauman Moscow State Technical University. Another example is our module on the safe use of AI in Kaspersky ASAP, our solution for raising employee awareness of cyberthreats. Finally, were contributing to the creation of a set of international standards for the use of AI. In 2023, we presented the first principles for the ethical use of AI systems in cybersecurity at the Internet Governance Forum.   To sum up, the main tasks of the Kaspersky AI Technology Research Center are the development of AI technologies, their safe application in cybersecurity, threat monitoring for improper or malicious AI usage, and forecasting trends. All these tasks serve a single purpose: to ensure the highest level of security for our customers.

 Trends, Reports, Analysis

A recent report by Xavier Mertens, a Senior ISC Handler and cybersecurity consultant, highlights a concerning trend where cybercriminals are increasingly using legitimate Python libraries for malicious activities.

 Incident Response, Learnings

Ireland's data protection authorities are investigating Google's AI model to ensure compliance with GDPR. The Irish Data Protection Commission (DPC) is leading the inquiry into Google Ireland under Section 110 of the Data Protection Act 2018.

 Computer, Internet Security

WordPress will require two-factor authentication for plugin developers starting October 1, 2024. This mandate will also apply to theme authors. The organization aims to enhance security by preventing hijacked accounts from spreading malicious code.

 Companies to Watch

ColorTokens has acquired identity security provider PureID to enhance its microsegmentation platform, Xshield. The acquisition will integrate identity-based segmentation for various environments, including cloud and IoT/OT.

 Feed

Whitepaper called Unleashing Worms and Extracting Data: Escalating the Outcome of Attacks against RAG-based Inference in Scale and Severity Using Jailbreaking. In this paper, the authors show that with the ability to jailbreak a GenAI model, attackers can escalate the outcome of attacks against RAG-based GenAI-powered applications in severity and scale.

 Feed

Debian Linux Security Advisory 5769-1 - Multiple issues were found in Git, a fast, scalable, distributed revision control system, which may result in file overwrites outside the repository, arbitrary configuration injection or arbitrary code execution.

 Feed

Red Hat Security Advisory 2024-6663-03 - An update for kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-6656-03 - Migration Toolkit for Runtimes 1.2.7 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a cross site scripting vulnerability.

 Feed

Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials. "Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content," Palo Alto

 Feed

Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information. The development was first reported by The Washington Post on Friday. The iPhone maker said its efforts, coupled with those of others in the industry and national governments to tackle

 Feed

A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable Research. "The vulnerability could have allowed an attacker to hijack an internal software dependency

 Feed

Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on LinkedIn to deliver malware called RustDoor. The latest advisory comes from Jamf Threat Labs, which said it spotted an attack attempt in which a user was contacted on the professional social network by claiming to be a recruiter for a legitimate decentralized

 Feed

Imagine this... You arrive at work to a chaotic scene. Systems are down, panic is in the air. The culprit? Not a rogue virus, but a compromised identity. The attacker is inside your walls, masquerading as a trusted user. This isn't a horror movie, it's the new reality of cybercrime. The question is, are you prepared? Traditional incident response plans are like old maps in a new world. They

 Feed

The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage payment page scripts and use a robust change detection mechanism. With the deadline fast approaching

 0 - CT - CISO Strategics - Cybersecurity

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada Board of Directors Handbook for Cloud Risk Governance se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - CISO Strategi

CYBERSECURITY FOR SMALLER ORGANIZATIONS The document outlines essential practices for effective cyber risk governance within organizations. It emphasizes the importance of a comprehensive checklist for boards, which includes ensuring regulatory compliance, assessing cyber exposure, and establishing incident response   show more ...

plans. Key areas of focus include: Overall, the document serves as a guide for organizations to strengthen […] La entrada BOARD CHECKLIST: CYBERSECURITY LEADERSHIP se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - SOC - CSIRT Operations - Malwar

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Blueprint for Ransomware Defense se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Tools - ANTI DDOS

The document provides a comprehensive overview of various tools and techniques utilized in blue teaming, which focuses on defending against cyber threats. It highlights a GitHub repository containing over 65 tools designed for different aspects of cybersecurity, including network discovery, vulnerability management,   show more ...

security monitoring, incident response, and malware analysis. Key tools mentioned include Nmap for […] La entrada BlueTeam-Tools se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Information S

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Blockchain Security se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Cybercrime Ec

Das Bundeslagebild Cybercrime wird durch das Bundeskriminalamt (BKA) in Erfüllung seiner Zentralstellenfunktion erstellt. Es enthält die aktuellen Erkenntnisse und Entwicklungen im Bereich der Cyberkriminalität in Deutschland und bildet insbesondere die diesbezüglichen Ergebnisse polizeilicher   show more ...

Strafverfolgungsaktivitäten ab Schwerpunkt des Bundeslagebildes Cybercrime sind die Delikte, die sich gegen das Internet und informationstechnische Systeme richten die sogenannte Cybercrime im […] La entrada Cybercrime Bundeslagebild 2023 se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - IA

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada BEST RISK MANAGEMENT PROMPTS FOR CHATGPT se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - Cl

This document outlines essential best practices for ensuring security in cloud environments. It emphasizes the Shared Responsibility Model, which clarifies the security obligations of both the cloud service provider and the customer. Key practices include: By following these best practices, organizations can   show more ...

significantly enhance their cloud security and reduce the risk of data breaches and other […] La entrada BEST PRACTICE OF CLOUD SECURITY se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - SOC - CSIRT Operations - Red -

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Best Alternative of Netcat se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - SOC - CSIRT Operations - SOC Op

The document outlines the critical functions and responsibilities of a Security Operations Center (SOC) in cybersecurity. Overall, the document emphasizes the importance of these functions in maintaining a robust cybersecurity framework within an organization. Views: 0 La entrada A – Z OF SECURITY OPERATIONS CENTER (SOC) se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-09
Aggregator history
Monday, September 16
SUN
MON
TUE
WED
THU
FRI
SAT
SeptemberOctoberNovember