Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Russia’s H1 2024 C ...

 Espionage

Moscow preferred espionage over destruction in its cyber offensive strategy against Ukraine in the first half of 2024, displaying the evolving nature of Kremlin's targeted cyberattacks on Kyiv. The cyber battlefield has shifted in 2024, with Russian hacker groups adopting more covert and long-term strategies.   show more ...

Rather than the large-scale infrastructure attacks seen in previous years, Russian cyber operatives have turned to espionage, focusing on military and critical infrastructure targets to support their ongoing war against Ukraine. While cyber incidents have risen overall, the number of high and critical severity attacks has dropped. This shift marks a strategic change, moving from broad, destructive cyberattacks to more focused and sustained infiltration efforts aimed at gathering intelligence. The Numbers Behind the Attacks A report released on Monday by the Computer Emergency Response Team of Ukraine revealed this shift in focus. H1 2024 saw a total of 1,739 cyber incidents, a 19% increase from the second half of 2023. However, the number of critical incidents dropped by 90%, with only three reported in the first half of 2024 compared to 31 in the latter half of 2023. High-severity incidents also saw a sharp decline, falling by 71%, while medium and low-severity incidents increased by 32% and 75%, respectively. [caption id="attachment_90392" align="aligncenter" width="650"] Source: SSSCIP[/caption] This data suggests that while the overall frequency of cyberattacks has grown, the attackers' tactics have shifted towards lower-profile activities designed to avoid detection. These lower-severity incidents often involve malware distribution, espionage, and efforts to maintain access to compromised systems rather than causing immediate, visible damage. [caption id="attachment_90389" align="aligncenter" width="650"] Source: SSSCIP[/caption] Targeted Espionage and Covert Operations In 2022 and 2023, Russian hackers focused on disrupting Ukraine's critical infrastructure, aiming to cripple government agencies, energy providers, and internet service providers (ISPs). However, the swift recovery of Ukraine's systems meant these attacks did not achieve their intended long-term goals. The 2024 shift towards espionage reflects a more calculated approach. Groups like UAC-0184 and UAC-0020 aka Vermin hacker group, both linked to Russian intelligence services, have been particularly active this year. These groups specialize in cyber espionage, using phishing campaigns and malicious software to gain access to sensitive systems. UAC-0184, for example, has targeted members of Ukraine’s Defense Forces through messaging apps like Signal, impersonating trusted contacts to distribute malware. Once the malware is deployed, the hackers can monitor communications, steal data, and maintain long-term control over the compromised systems. This pivot from overt attacks to espionage also marks a new phase in Russia’s cyber strategy. Rather than causing immediate disruption, the focus now lies in gathering intelligence to support military operations. CERT-UA’s report highlights how hackers are using cyber operations to collect feedback on kinetic military strikes, such as missile attacks. Critical Infrastructure Still in Focus Though espionage has taken center stage, attacks on critical infrastructure continue. The report notes that attacks on Ukraine’s energy sector have more than doubled since the latter half of 2023, with hackers increasingly targeting industrial control systems (ICS) used by power, heat, and water supply facilities. The UAC-0002 group, which has ties to Russian law enforcement in occupied Luhansk, executed a significant supply chain attack in March 2024. The hackers exploited vulnerabilities in software used by at least 20 energy companies, gaining access to ICS and using it for lateral movement within the networks. This kind of supply chain attack allows hackers to breach multiple organizations simultaneously by targeting a common service provider. In the March incident, UAC-0002 targeted three supply chains, infecting multiple energy companies with malware and backdoors. The attackers used specialized software, such as LOADGRIP and BIASBOAT, to gain access to critical systems and escalate their attacks, possibly to complement physical strikes on Ukrainian infrastructure. Messenger Account Theft: New Entrant in Cyber Offensive Strategy Another notable trend in 2024 is the increasing focus on messenger account theft. Platforms like WhatsApp and Telegram, widely used by Ukrainian citizens, have become prime targets for Russian hackers. [caption id="attachment_90391" align="aligncenter" width="650"] Source: SSSCIP[/caption] The UAC-0195 group, for instance, used phishing campaigns to compromise thousands of messenger accounts. These compromised accounts are then used for a range of malicious activities, including spreading malware, conducting espionage, and committing financial fraud. In one instance, hackers posed as organizers of a petition to honor a fallen Ukrainian soldier. They directed victims to a fake website mimicking the President of Ukraine’s official page, where users were asked to authenticate via WhatsApp. This phishing tactic allowed hackers to add their devices to victims’ WhatsApp accounts, gaining access to personal messages, files, and contacts. This tactic extended to Telegram, where hackers used a similar method to lure users into "voting" in an art competition, once again gaining unauthorized access to accounts. With this access, hackers can impersonate the account holder, spread further phishing links, and even steal sensitive information from high-value targets. The latest findings were revealed just days after Ukraine banned the use of Telegram messenger app on any of the government, military or critical infrastructure-linked devices. This decisive move follows growing concerns over its vulnerability to cyber espionage. The NCSCC’s meeting on September 19 highlighted how the widely used app has transformed from a tool for free speech into a weapon of war. Phishing Campaigns and Malware Distribution Phishing remains a key tool for Russian hackers. In early 2024, UAC-0006, a financially motivated group, continued its phishing campaigns targeting employees in financial departments. These campaigns often used polyglot archives—files that appear differently depending on the software used to open them—to deliver malware like SmokeLoader. Once deployed, SmokeLoader allows attackers to install additional malware, such as TALESHOT, which captures screenshots when a banking application is open. This malware enables hackers to gain a deeper understanding of the victim’s activities and access critical financial data. In some cases, hackers even edited or created fraudulent invoices to steal funds from targeted organizations. The UAC-0006 group briefly paused operations in March 2024, but returned in May with renewed efforts, registering new domains to continue phishing attacks and regain control over previously compromised systems. Ukraine’s Cyber Resilience: A Battle on Two Fronts Despite the rising number of cyberattacks, Ukraine’s cyber defenses have shown remarkable resilience. CERT-UA, in collaboration with the State Service for Special Communications and Information Protection (SSSCIP), has made significant strides in defending against these threats. Their efforts have resulted in a sharp decline in high-severity incidents, even as overall attack numbers rise. The report credits improved visibility and collaboration with international partners for this success. Enhanced detection capabilities, coupled with better awareness among organizations, have allowed Ukraine to respond more quickly to emerging threats. This collaboration includes sharing cyber threat intelligence with CERT-UA’s partners, which has helped identify and mitigate numerous attacks. However, the report also warns that the capabilities of Russian hackers continue to grow as the war drags on. The increasing sophistication of supply chain attacks and the persistent threat of phishing campaigns mean that Ukraine’s cyber defense strategies will be tested time and again.

image for Quantum Computing: R ...

 Firewall Daily

Quantum computing revolutionizes various fields, leveraging the unique properties of quantum mechanics. Its impact on cybersecurity, however, presents both significant risks and opportunities. Traditional cryptographic systems, such as RSA and Elliptic Curve Cryptography (ECC), which underpin everything from online   show more ...

transactions to government communications, rely on the complexity of certain mathematical problems.  Unfortunately, these problems could be easily solved by powerful quantum computers, rendering much of our current encryption methods obsolete and leaving sensitive information vulnerable to breaches. Conversely, quantum technology also opens the door to innovative security solutions. Techniques like Quantum Key Distribution (QKD) and quantum-resistant cryptographic algorithms offer promising avenues for safeguarding data in a future dominated by quantum capabilities. This article will explore eight ways in which quantum computing can disrupt existing cybersecurity frameworks while simultaneously paving the way for more secure systems. By understanding the potential risks and emerging solutions, we can better prepare for a post-quantum landscape where digital security is transformed. How Quantum Computing Can Break Cybersecurity   1. Public Key Cryptography  Public key cryptography, such as RSA, relies on the intractability of the factorization problem of large numbers. This problem is practically impossible for classical computers today. The basis of security for RSA forms from the time taken by a classical computer to factor the product of two large prime numbers. However, in quantum computing, algorithms have been developed that can solve these mathematical problems exponentially faster. One of the most famous is Shor's algorithm. Developed in 1994 by Peter Shor, it's able to factor large numbers in polynomial time; thus, it is capable of breaking RSA encryption in seconds or minutes on a sufficiently powerful quantum computer. This indeed is a real risk for each system using RSA for secure communication online banking and email encryption to digital signatures.  Secure communication today relies deeply on public key cryptography, which exchanges keys between two parties and sets up encrypted channels. If quantum computers ever become powerful enough, they may break into these channels and expose sensitive data. This possibility of breaking encryption is, in fact, the very reason a great effort worldwide is aimed at developing quantum-resistant cryptography. Without it, systems whose security relies on RSA and similar algorithms face the risk of becoming obsolete and insecure in that possible future where quantum computers are available.   2. Elliptic Curve Cryptography   Most industries prefer Elliptic Curve Cryptography (ECC) due to the fact that it guarantees the same security as traditional systems of encryption, with relatively smaller key sizes hence faster and efficient. Some other applications of ECC include mobile devices, secure web transactions such as TLS/SSL, and also in cryptocurrencies. However, like RSA, ECC is susceptible to quantum attacks.  ECC relies on the difficulty of solving the discrete logarithm problem over elliptic curves, which is currently not computationally feasible on classical computers. However, Shor's algorithm can not only factor integers and solve discrete logarithms in polynomial time but is also able to break ECC. As the security of ECC relies on the difficulty of the elliptic curve discrete logarithm problem, if a powerful enough quantum computer is ever built, ECC encryption would be broken in much the same way as RSA.  This, therefore, exposes every system that uses ECC, such as SSL/TLS for internet security and wallets of cryptocurrency. Because of such wide usage, quantum computers will disrupt many industries that, until now, relied on the security of ECC to enable secure communications.   3. Symmetric Key Algorithms  While symmetric key algorithms, like AES, are not quite inasmuch in direct jeopardy from quantum computing like public-key systems such as RSA or ECC, they too are threatened by the power of quantum computers in executing brute-force attacks. This is based on Grover's algorithm, a quantum search algorithm that gives a quantum computer much better capability than a classical one for conducting a brute-force search.  For example, one of today's most widely used symmetric block ciphers is AES-128; it provides 128-bit security against any classical brute-force attack. In a quantum attack via Grover's algorithm, the security level would decrease to an effective 64-bit security level. While symmetric encryption systems are more robust compared to public key systems, Grover's algorithm presents a significant risk, especially when in situations where key sizes have to be constrained by performance considerations. This means that quantum-resistant symmetric key algorithms are necessary, or larger key sizes like AES-256 should be used as a temporary solution. 4. Blockchain Security  Digital signatures and hash functions play a significant role in the integrity and authenticity of transactions in blockchain technology. More directly, digital signatures have been applied in some cryptocurrencies, such as Bitcoin and Ethereum, to validate a transaction and secure wallets.  Most blockchains at the moment use ECDSA or similar schemes which are vulnerable to quantum attacks. It could be that, through Shor's algorithm, a quantum computer solves the problem of elliptic curve discrete logarithms, which are used to break digital signatures protecting blockchain transactions, ultimately enabling an attacker to forge a signature and then spend someone else's cryptocurrency.   This would present a severe risk to the entire blockchain ecosystem since the integrity of the blockchain depends on its verifiability at each transaction. Because these signatures can be broken by quantum computers, this could allow attackers to double-spend or reverse transactions, severely degrading trust in the system.  Besides digital signatures, hash functions as used in blockchain protocols could theoretically be vulnerable to quantum attacks. Hash functions are classically resistant due to two properties: preimage resistance and collision resistance. Quantum computers using Grover's algorithm could reduce the effort necessary to find hash collisions, therefore compromising the integrity of data on the blockchain more easily.  5. Quantum Key Distribution (QKD)  Quantum Key Distribution (QKD) is a technique of securely distributing cryptographic keys by taking advantage of quantum mechanics properties. In this respect, QKD is opposed to any form of classical key distribution in which an interceptor might listen to the communication without being noticed. QKD enables two parties to generate encryption keys that are assured to be safe.   The implication of this is that through QKD, the two parties can come up with encryption keys that are resistant both to classical and quantum attacks. Once the key is distributed securely via QKD, it can then be used for symmetric encryption methods such as AES.  Provided the key generation and key exchange are securely performed, QKD can secure sensitive communications in a world where quantum computers may break traditional public key cryptosystems. Governments and industries study and deploy QKD against critical infrastructure and secure communications to make them future-proof in the quantum era.  6. Quantum-Resistant Algorithms   Though quantum computing causes serious destructive effects on the present cryptographic systems, yet researchers out of enthusiasm are working on developing what they call post-quantum cryptography (PQC), which defines cryptographic algorithms resistant to quantum attacks. These algorithms will be executed on conventional computers but based on mathematical problems for which quantum computers are not supposed to have efficient solutions.  The most promising post-quantum cryptographic schemes are based on lattice-based problems, hash-based cryptography, code-based cryptography, and multivariate quadratic problems. All of these algorithms depend on other mathematical properties than those on which cryptographically existing systems rely.  This makes them harder to break, both for quantum and classical computers. Standardization of quantum-resistant algorithms is a matter of great concern; hence, it is an activity in which governments have thrown themselves. Such algorithms are foreseen to be deployed to replace vulnerable cryptographic systems like RSA and ECC in the coming decades.  7. Quantum Randomness for Enhanced Security  Quantum computing is highly associated with the generation of truly random numbers, some of the most fundamental applications related to cybersecurity. Truly random numbers are in great demand in cryptographic systems for generating secure encryption keys, and the quality of such randomness directly impacts the strength of encryption. In this regard, using quantum computers or quantum hardware to generate random numbers will help the cryptographer create keys that are truly undetermined and resistant to brute force.   Quantum Random Numbers Generators (QRNG) are already commercially available today in high-security environments that improve the strength of cryptographic systems. This increased randomness can significantly improve symmetric and asymmetric encryption security, granting it much greater resistance against attacks from a quantum computer. QRNG may finally find its place in developing secure cryptographic systems resistant to potential quantum attacks, where the unpredictability of quantum mechanics would remain safe in an ever-changing threat space.   8. Quantum-Secure Authentication  Authentication systems are at the heart of protecting access to sensitive data and resources, and quantum computing may completely turn around the way it works in cybersecurity. Quantum-secure authentications have managed to utilize certain properties of quantum states to develop authentication protocols that are virtually impossible to forge or reproduce. In particular, one of the most promising approaches is represented by quantum-based token authentication, where a user or device is authenticated based on the possession of a quantum token that, thanks to the no-cloning theorem of quantum mechanics, cannot be cloned/copied.  In such a quantum-secure authentication system, the quantum token would be a sequence of quantum states (qubits) carrying the authentication credentials. These quantum states can be sent to a verification system that applies quantum measurements to verify the authenticity of the token. Since quantum states cannot be precisely copied, that implies that, in trying to forge a token, an attacker necessarily makes detectable errors in copying. Therefore, the authentication process is possible only for the real user or device. This can be very useful in high-stakes scenarios such as banking, the military, and critical infrastructure, where traditional authentication is vulnerable to attack.   Conclusion  So, quantum algorithms such as Shor's and Grover's threaten extremely popular cryptographic mechanisms that could break public key encryption, and elliptic curve cryptography, and reduce the security of symmetric key algorithms. This threatens not only individual privacy but also the very fabric of digital trust on which our society is built-from banking systems to blockchain technologies.   On the other hand, quantum technologies provide a strong means to reinforce security. Quantum Key Distribution, post-quantum cryptography, and quantum-generated randomness are all paths toward the creation of quantum-resilient security protocols. Eventually, the future of cybersecurity is determined by how well we will prepare for the quantum era.

image for Fragmented Cybersecu ...

 Firewall Daily

Ohio is facing a pressing issue of the absence of a statewide standard for cybersecurity. The gap in cybersecurity protocol is largely due to Ohio's home rule system, which empowers municipalities to govern themselves. As Kirk Herath, Ohio cybersecurity strategic advisor, noted, "We have home rule in this   show more ...

state. I don’t have authority over any of these folks. They don’t have to do anything uniformly." This lack of uniformity has left Ohio's cities vulnerable to cybercriminals who exploit these inconsistencies, often demanding ransoms for stolen personal data. Disparate Responses to Ohio Cybersecurity Challenges The contrasting responses from Ohio cities highlight the challenges of managing cybersecurity at the local level. In June, when a ransomware group linked to Russia targeted Cleveland, city officials promptly reached out to the Ohio Cyber Reserve for assistance. In contrast, Columbus, which experienced a similar attack a month later, took three weeks to respond to the state's offer of help. Columbus officials ultimately opted for RSM Security, a private cybersecurity firm already familiar with the city’s systems. Herath remarked on this stark difference: "It was night and day difference in what they (Cleveland) asked us to do and the timing of it." This inconsistency can lead to varying levels of security preparedness among Ohio municipalities, leaving some more exposed than others, reported Dispatch.  The situation of Ohio cybersecurity challenges was further complicated when Huber Heights, a suburb of Dayton, fell victim to a cyberattack last November without seeking help from the Ohio Cyber Reserve. This incident compromised the personal information of nearly 6,000 residents, highlighting the potential consequences of a fragmented approach to cybersecurity in Ohio. Proactive Measures and Training Initiatives While the Ohio Cyber Reserve typically responds to attacks, the state is also taking proactive measures to bolster cybersecurity. Ohio cybersecurity experts are conducting training sessions and risk assessments at the county level. Initially launched in six smaller counties, the program has expanded, with 39 more municipalities signed up for the free service. Herath emphasized the improvements made over the past few years: "Our ability to help today is dramatically improved from even two or three years ago. In addition to assisting local governments, the state is addressing its own cybersecurity vulnerabilities. Ohio experiences thousands of cyberattacks daily, as Herath likened the state's efforts to Captain America defending against constant threats. A notable incident occurred when cybercriminals attacked the Ohio Lottery on Christmas Eve 2023, stealing sensitive data, including patrons' full names and Social Security numbers. The state successfully rebuilt the lottery's network within weeks. Funding and Resource Challenges Despite these initiatives, funding for improved cybersecurity remains a significant hurdle. Gov. Mike DeWine's administration intends to request financial support from lawmakers in the next budget cycle to acquire more advanced cybersecurity tools than its current Microsoft Office setup. However, the specific funding needs have yet to be determined, according to DeWine's spokesman, Dan Tierney. Local governments, many of which are already struggling to provide basic services, face resource challenges when it comes to enhancing cybersecurity measures. Keary McCarthy, executive director of the Ohio Mayors Alliance, acknowledged this issue, stating, "This comes down to a resource issue. Columbus Mayor Andrew Ginther echoed these sentiments, asserting that cities require additional support to bolster their defenses. As foreign cyberattacks become more frequent and sophisticated, it's clear that we need a renewed federal effort to provide cities with additional resources to defend against these rapidly changing and increasingly complex threats to our residents," Ginther said.

image for 8 Trending Cybersecu ...

 Firewall Daily

The cybersecurity market is experiencing massive growth, with projections indicating an annual growth rate (CAGR 2024-2029) of 7.92%, ultimately reaching a market volume of $271.90 billion by 2029). By 2024, the average spend per employee in this sector is expected to hit $52.16. Notably, the United States is set to   show more ...

lead globally, generating the highest revenue in the market at an impressive $81.37 billion. As these investments in cybersecurity technologies grow, the demand for effective education has never been more critical. With anticipated revenue in the cybersecurity market projected at $185.70 billion in 2024, security services are expected to dominate, contributing around $97.30 billion to this figure. Traditional training methods, however, often fail to engage learners effectively, resulting in significant knowledge gaps regarding cyber threats and defense strategies. In response, cybersecurity games have emerged as a compelling solution. These interactive platforms not only simulate real-world scenarios but also incorporate engaging gaming elements, transforming the learning experience. 8 Cybersecurity Games for 2024 This innovative approach represents a shift in cybersecurity education, combining entertainment with essential hands-on training. Cybersecurity games are designed for everyone—from students to corporate professionals—enabling players to learn how to identify threats, respond to incidents, and safeguard both personal and organizational data in an increasingly perilous digital landscape. 1. FTC Phishing Scam Game  The FTC Phishing Scam Game is one of the popular cybersecurity games developed by the Federal Trade Commission to increase the public's awareness of phishing scams. It is an interactive game that walks users through the many various ways phishing could happen in real life to help people learn how to identify the red flags in emails, messages, and online communications. Players are shown e-mails and asked whether they are real or phishing. It then goes on to explain the different clues that make something a scam, which include such things as spelling errors, suspicious links, or requests for personal information.  This game is essential because phishing is still one of the most common cybersecurity hazards. Most individuals tend to be unknowing victims of phishing fraud that results in data breaches and significant monetary loss. It is free to use; it is relatively easy to use and can be used in an educational setting in corporate training or if you want to enhance your general cybersecurity awareness.  2. Backdoors & Breaches, an Incident Response Card Game  Backdoors & Breaches is an incident response card game by Black Hills Information Security. It's a tabletop game meant to simulate real-world cybersecurity incidents, and players use it for hands-on practice in incident response tactics. This deck is composed of 52 cards, divided into sections like "Initial Compromise," "Lateral Movement," and "Persistence." Teams of players will draw cards to represent different scenarios in a breach, working on developing their threat detection and response.  What makes this cybersecurity game effective is the fact that it's based on real-world tactics cyber attackers operate under. It takes the player through almost every kind of attack vector, and he learns how to respond to each of those with the help of cooperation. It is very effective in cybersecurity, and it can also be used as an exercise for team building and other training programs.  3. HACKTALE  Hacktale is a cybersecurity awareness training game designed for professionals who want to gain deep insights into security threats. Players move along in the story as cybersecurity experts who, by finding out and mitigating the threats, encountered a company that had a data breach. The game includes narrative-driven scenarios that will introduce the player to phishing, social engineering malware, and other frequent cyber threats.  The players have to race against the clock to find vulnerabilities, patch systems, and lock down the organization's data. Therefore, it is an excellent training tool for organizations willing to enhance employee participation in cybersecurity training. This cybersecurity game ranges from fairly basic to super advanced in scope. The topics covered by the game range from broad to specific topics.  4. Cyber Security Jeopardy  Cyber Security Jeopardy is a quiz game based on the very popular TV game "Jeopardy!. It finds its application in educational and corporate institutions for knowledge testing in fields such as data protection, malware, phishing, and network security. This game consists of different categories and questions, which may be easy or hard, requiring the player or teams to give the correct answers in order to win points.  What makes Cyber Security Jeopardy so interesting is its competitiveness and flexibility: it can be tailored to target certain aspects of cybersecurity. From teaching the basics to students in a classroom to refreshing knowledge of security protocols for employees in corporate environments, this game offers ways of learning in fun.  5. Phishing Box   The Phishing IQ Test is an interactive quiz designed to help test and improve the ability of users to recognize phishing attacks. In this test, a series of e-mails are presented that a user must identify as either legitimate or phishing attempts. Each scenario includes feedback in detail on what the warning signs of phishing will be, such as mismatched URLs, unexpected attachments, and suspicious requests for information.  Again, one of the most enormous threats in cybersecurity is phishing, and this tool helps users hone their ability to identify phishing attempts in a safe, controlled environment. It can be used by both individual users and organizations seeking improvement on their employee's recognition of phishing. The test can be taken multiple times, and progress is traceable over time. The Phishing IQ Test is an excellent resource for anyone looking to step up their cybersecurity game.  6. Cisco Open DNS Phishing Quiz   Another very fine tool for improving phishing awareness is the Cisco Open DNS Phishing Quiz. The quizzes were designed to be both tutorial and practical in nature, presenting users with a series of emails that they must review and decide whether or not they are phishing attempts. Following each question, the quiz goes into an explanation of why an email did or did not qualify as a phishing scam so that users can understand common phishing tactics.  The quiz by Cisco is pretty easy to go through and is meant for people with any level of skill. It is very helpful, especially for companies that want to train employees in recognizing phishing emails since it takes very little time and resources. This source comes from Cisco itself, which increases its credibility, while the fact that the examples used are all real enhances the learning value even more.  7. Nova Labs - Cybersecurity Lab  The Cybersecurity Lab by Nova Labs is an online interactive game to learn cybersecurity concepts through missions and challenges. In this game, the player acts as a cybersecurity expert who should protect a company against various types of cyberattacks, such as phishing, malware, and hacking attempts. This game covers three foundational aspects of cybersecurity: encryption, password security, and network protection.  The game is entertaining; it has a story behind it that keeps the player interested in the outcome. Meanwhile, it teaches important notions about security. It's an excellent tool for those who get into cybersecurity for the first time. This is the most fun and interactive way of learning. The game itself was designed in a manner so that complex topics are reduced to smaller parts, making it perfect for beginners.  8. Cyber Security Family Feud  Family Feud in cybersecurity is a version of the popular Family Feud game themed around cybersecurity. Teams go head-to-head trying to answer cybersecurity-related questions to make this a very engaging way of learning about best cybersecurity practices. Generally, the game will be used in corporate training and educational settings for testing participants regarding password security, phishing, and data protection.  Cyber Security Family Feud is highly adaptable, as questions can easily be written to suit particular topics or training needs. Its competitive, team-based format also makes it ideal for team-building activities while reinforcing important security concepts. The game stimulates collaboration and discussion among participants; fun, yet effective way to promote cybersecurity awareness. Conclusion  From interactive phishing tests to incident response card games, these tools will provide an engaging way of sharpening cybersecurity skills while one gets updated with the latest threats. Whether a student, professional, or simply a person looking to improve one's cybersecurity awareness, these games offer an immersive learning experience beyond conventional ways of training.  The appeal of these games lies in their ability to replicate real-world cyber incidents in a controlled, risk-free environment, allowing players to learn from mistakes and develop critical thinking skills without facing actual consequences. Furthermore, their interactive nature ensures that learning is both enjoyable and effective.

image for Behind the Scenes: T ...

 Firewall Daily

The Browser Company has announced a security vulnerability in the Arc browser, CVE-2024-45489. The Arc browser vulnerability was discovered on August 25, 2024, and was addressed within a day, ensuring that Arc users remained protected from potential threats. The Browser Company’s Chief Technology Officer and   show more ...

co-founder, Hursh, reported that the Arc browser vulnerability stemmed from a misconfiguration in the Firebase Access Control Lists (ACLs) used to secure user data.  This flaw had the potential to allow remote code execution on users' devices, creating a risk where unauthorized individuals could manipulate website functionalities through customized scripts and styles. Fortunately, the company reported that the vulnerability was not exploited by any malicious actor, aside from the security researcher who first reported it. Timeline of the Arc Browser Vulnerability On August 25, 2024, a vulnerability in the Arc browser was discovered by The Browser Company. The following day, on August 26, 2024, the issue was patched, and the fix was rolled out to all users. Hursh emphasized that, despite the seriousness of this security incident, no users were affected. A thorough review of Firebase access logs confirmed that the only changes to creator IDs of custom “Boosts” were made by the reporting researcher. Arc includes a feature known as “Boosts,” which allows users to customize websites using custom CSS and JavaScript. While this feature offers great flexibility, it also raises security concerns, prompting The Browser Company to limit the sharing of Boosts with custom JavaScript among users.  Unfortunately, the Arc browser vulnerability resulted from misconfigured Access Control Lists (ACLs), which permitted unauthorized changes to the creator ID associated with a Boost. This flaw could have enabled users to execute their custom scripts on the devices of other users, thereby posing a risk. Mitigation Measures In response to the Arc browser vulnerability, the company took immediate action. The ACL misconfiguration was promptly fixed, and a comprehensive analysis was undertaken to ensure that no unauthorized activity had occurred. The company expressed gratitude to the security researcher, xyz3va, for their responsible disclosure and collaboration in patching the vulnerability. Several key mitigation strategies were implemented following this incident: The Browser Company has initiated an in-depth external audit of their existing Firebase ACLs to identify any potential vulnerabilities. Custom JavaScript in synced Boosts will be disabled by default, requiring explicit user permission to enable them. The company plans to transition away from Firebase for new features, reducing the risk of future ACL-related vulnerabilities. A new communication channel will be created to keep users informed about security vulnerabilities, mitigation strategies, and any affected parties. Although a formal bug bounty program is still in the works, the company has already begun awarding bounties for reported vulnerabilities. To bolster their security efforts, The Browser Company has hired a new senior security engineer. Future Directions The Browser Company stated that they have recognized the need for continuous improvement in its security practices and user communication. By implementing stricter protocols and enhancing its response framework, The Browser Company aims to reassure its users of their commitment to security. The Browser Company is dedicated to learning from this experience and strengthening its security posture to protect users effectively in the future. For users of the Arc browser, no action is required at this time, as the vulnerability has been fully addressed.

image for New Android Spyware ...

 Firewall Daily

Cyble Research and Intelligence Labs (CRIL) has identified a stealthy Android spyware campaign specifically targeting individuals in South Korea. Active since June 2024, this malware exploits an Amazon AWS S3 bucket as its Command and Control (C&C) server, facilitating the exfiltration of sensitive personal data,   show more ...

including SMS messages, contacts, images, and videos. The Android spyware in question has shown remarkable sophistication in its ability to remain undetected by major antivirus solutions. CRIL has documented four unique samples of this malware, all of which have exhibited a striking zero detection rate across various security engines. Overview of the Android Spyware Campaign [caption id="attachment_90356" align="alignnone" width="1024"] Screen loaded upon installation (Source: Cyble)[/caption] Upon installation, users encounter a benign-looking interface that mimics legitimate applications such as live video streaming, adult content, refund processing, and interior design. The simplicity of the source code allows the spyware to operate with minimal permissions, primarily focusing on “READ_SMS,” “READ_CONTACTS,” and “READ_EXTERNAL_STORAGE.” This minimalist approach not only enhances its stealth but also highlights how even basic malware can effectively compromise sensitive information. Once installed, the spyware requests necessary permissions from the user. Upon approval, it activates its malicious functionality through the Android API method known as onRequestPermissionsResult. The malware then collects data, including SMS messages and contacts, and stores them in JSON files. This stolen data is subsequently transmitted to the C&C server hosted on an Amazon AWS S3 bucket. Exposed Data and Security Flaws The data exfiltrated from infected devices is alarmingly stored openly on the Amazon AWS S3 bucket, allowing for easy access by the attackers. This oversight signifies a lapse in operational security. CRIL identified two malicious URLs distributing the spyware, both of which led to APK files capable of compromising devices. The URLs are: hxxps://refundkorea[.]cyou/REFUND%20KOREA.apk hxxps://bobocam365[.]icu/downloads/pnx01.apk The exposure of sensitive data on the S3 bucket was alarming enough that CRIL reported the abuse to Amazon Trust and Safety. Following this intervention, access to the malicious URL was disabled, effectively preventing further data access. The Technical Mechanics and Implications of the Campaign The technical workings of this Android spyware reveal a concerning trend. The malware’s execution begins with a seemingly innocuous screen that aligns with the app's purported purpose. After installation, it systematically collects various forms of personal data. To gather images and videos, the spyware queries the device's content provider and uploads the media files to the C&C server via specific endpoints, such as /media/+filename. Furthermore, the contacts and SMS messages are saved into distinct JSON files—phone.json and sms.json—before being sent to the command server. The emergence of this Android spyware campaign highlights a growing trend of attackers utilizing trusted cloud services like Amazon AWS to host their malicious infrastructure. This tactic not only aids them in bypassing conventional security measures but also allows them to maintain a low profile, evading detection for an extended period. The use of reputable cloud services adds a layer of legitimacy to their operations, making it even harder for security professionals to identify threats. Conclusion As the sophistication of Android spyware continues to evolve, the implications for user privacy and data security become increasingly dire. This particular campaign targeting South Korea is a stark reminder of the potential vulnerabilities present in mobile devices.  The malware’s reliance on an Amazon AWS S3 bucket for data storage exemplifies a troubling trend where attackers exploit trusted platforms to enhance their operational efficiency.

image for Necro Trojan infects ...

 Threats

Here at Kaspersky Daily were forever urging readers of our blog to be real careful when downloading content to their devices. After all, even Google Play isnt immune to malware — let alone unofficial sources with mods and hacked versions. For as long as the digital world keeps turning, Trojans will continue to worm   show more ...

their way onto devices that dont have reliable protection. Today we tell the story of how 11 million Android users worldwide fell victim to the Necro Trojan. Read on to learn which apps we found it in — and how to protect yourself. What is Necro Our regular readers may recall reading about Necro when we first wrote about it back in 2019. Back then, our experts discovered a Trojan in CamScanner, a text recognition app, which had clocked up over 100 million downloads on Google Play. Now the necromancers have injected new blood into the old Trojan: we found a version richer in features both in popular apps on Google Play and in various app mods on unofficial sites. Most likely, the developers of these apps used an unverified ad integration tool through which Necro infiltrated the code. Todays Necro is a loader obfuscated to avoid detection (but that didnt stop us from finding it). It downloads the malicious payload in no less a crafty way using steganography to hide its code in a seemingly harmless image. And downloaded malicious modules are able to load and run any DEX files (compiled code written for Android), install downloaded apps, tunnel through the victims device, and even — potentially — take out paid subscriptions. In addition, they can display and interact with ads in invisible windows, as well as open arbitrary links and run any JavaScript code. Read more about how Necro is designed and how it operates on our Securelist blog. Where Necro hides We found traces of the malware in a user-modded version of Spotify, in the photo editing app Wuta Camera, in Max Browser, and in mods for both WhatsApp and popular games (including Minecraft). In modded Spotify At the very start of our investigation, our eye was caught by an unusual modification of the Spotify Plus app. Users were invited to download a new version of their favorite app from an unofficial source — for free and with an unlocked subscription offering unlimited listening, both online and off. The nice green Download Spotify MOD APK button looks so tempting, right? Stop! Its malware. Never mind the Security Verified and Official Certification guarantees; this app will wreak havoc. Well I never, all versions are viewable. Could Necro or other Trojans be lurking there too? When this app was launched, the Trojan sent information about the infected device to the attackers C2 server, and in response got a link to download a PNG image. The malicious payload was hidden in this image by means of steganography. In apps on Google Play While the Spotify mod was distributed through unofficial channels, the Necro-infected Wuta Camera found its way onto Google Play, from where the app was downloaded more than 10 million times. According to our data, the Necro loader penetrated version 6.3.2.148 of Wuta Camera, with clean versions starting from 6.3.7.138. So, if your version is lower than that, you need to update immediately. The impressive download count and decent ratings masked a Trojan Max Browsers audience is much smaller — just one million users. Necro infiltrated its app code in version 1.2.0. The app was removed from Google Play following our notification, but its still available on third-party resources. These, of course, should be trusted even less, since trojanized versions of the browser may still live there. In mods for WhatsApp, Minecraft, and other popular apps Alternative messenger clients usually boast more features than their official cousins. But you should treat all mods, be they on Google Play or a third-party site, as suspicious, for they often come bundled with Trojans. For instance, we found mods for WhatsApp with the Necro loader being distributed from unofficial sources, as well as mods for Minecraft, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox. And this selection sure isnt random — attackers always target the most popular games and apps. How to guard against Necro First of all, we strongly advise against downloading apps from unofficial sources because the risk of device infection is extremely high. Secondly, apps on Google Play and other official platforms should also be treated with a healthy dose of skepticism. Even a popular app like Wuta Camera, with 10 million downloads, proved powerless in the face of Necro. Make sure to protect your devices so as not to be caught off guard by a Trojan. Kaspersky for Android detects Necro and other similar malware. Check the app page in the store before downloading. We particularly recommend looking at reviews with low ratings, as these generally give heads-up about potential pitfalls. Rave reviews could be fake, while a high overall score is easy to inflate. Dont look for mods or hacked versions. Such apps are almost always stuffed with all kinds of Trojans: from the most harmless to mobile spyware like CanesSpy.

 Malware and Vulnerabilities

The vulnerability lies in Keycloak's XMLSignatureUtil class, which incorrectly verifies SAML signatures, disregarding the vital "Reference" element that specifies the signed portion of the document.

 Companies to Watch

Picus Security, a San Francisco, CA-based security validation company, raised $45M in funding. The round, which brought total funds raised to $80M, was led by Riverwood Capital, with participation from existing investor Earlybird Digital East Fund.

 Incident Response, Learnings

The breach occurred when threat actors gained access to customer data of about 9 million AT&T wireless accounts stored by a vendor. This exposed sensitive customer information like account numbers, phone numbers, and email addresses.

 Malware and Vulnerabilities

This flaw, tracked as CVE-2024-8986 with a CVSS score of 9.1, could lead to the unintentional exposure of sensitive information, such as repository credentials, due to the build metadata being included in compiled binaries.

 Feed

Proof of concept python3 code that creates a malicious payload to exploit an arbitrary file write via directory traversal in Invesalius version 3.1. In particular the exploitation steps of this vulnerability involve the use of a specifically crafted .inv3 (a custom extension for InVesalius) that is indeed a tar file   show more ...

file which, once imported inside the victim's client application allows an attacker to write files and folders on the disk.

 Feed

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

 Feed

The Call For Papers for nullcon Goa 2025 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place March 1st through the 2nd, 2025.

 Feed

Ubuntu Security Notice 7028-1 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 7007-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel   show more ...

did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

 Feed

Gentoo Linux Security Advisory 202409-20 - Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure. Versions greater than or equal to 8.7.1 are affected.

 Feed

Gentoo Linux Security Advisory 202409-18 - Multiple vulnerabilities have been discovered in liblouis, the worst of which could result in denial of service. Versions greater than or equal to 3.25.0 are affected.

 Feed

Gentoo Linux Security Advisory 202409-17 - Multiple vulnerabilities have been discovered in VLC, the worst of which could result in arbitrary code execution. Versions greater than or equal to 3.0.20 are affected.

 Feed

Gentoo Linux Security Advisory 202409-16 - Multiple vulnerabilities have been discovered in Slurm, the worst of which could result in privilege escalation or code execution. Versions less than or equal to 22.05.3 are affected.

 Feed

Debian Linux Security Advisory 5774-1 - It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify the signature of the SAML Response, which could result in bypass of authentication in an application using the ruby-saml library.

 Feed

Gentoo Linux Security Advisory 202409-14 - Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service. Versions greater than or equal to 2.28.7 are affected.

 Feed

Gentoo Linux Security Advisory 202409-13 - Multiple vulnerabilities have been discovered in gst-plugins-good, the worst of which could lead to denial of service or arbitrary code execution. Versions greater than or equal to 1.20.3 are affected.

 Feed

Ubuntu Security Notice 6992-2 - USN-6992-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these   show more ...

to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. It was discovered that Firefox did not properly manage memory during garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Seunghyun Lee discovered that Firefox contained a type confusion vulnerability when handling certain ArrayTypes. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.

 Feed

Gentoo Linux Security Advisory 202409-12 - Multiple vulnerabilities have been discovered in pypy and pypy3, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 7.3.3_p37_p1-r1 are affected.

 Feed

Gentoo Linux Security Advisory 202409-11 - Multiple vulnerabilities have been discovered in Oracle VirtualBox, the worst of which could lead to privilege escalation. Versions greater than or equal to 7.0.12 are affected.

 Feed

Gentoo Linux Security Advisory 202409-8 - Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure. Versions greater than or equal to 2.6.7 are affected.

 Feed

A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other countries in the Asia-Pacific (APAC) region, by exploiting a recently patched critical security flaw impacting OSGeo GeoServer GeoTools. The intrusion activity, which was detected by Trend Micro in July 2024, has been attributed to a threat actor dubbed Earth Baxia

 Feed

Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT (aka SIMPLESEA), a known macOS backdoor that has been previously attributed to the Lazarus Group and deployed in

 Feed

Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama. Let's dive into the details and see what lessons we can glean

 Feed

Password resets can be frustrating for end users. Nobody likes being interrupted by the ‘time to change your password’ notification – and they like it even less when the new passwords they create are rejected by their organization’s password policy. IT teams share the pain, with resetting passwords via service desk tickets and support calls being an everyday burden. Despite this, it’s commonly

 Feed

A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF's implementation of the tinydhcp server stemming from a lack of

 Feed

Popular social messaging platform Discord has announced that it's rolling out a new custom end-to-end encrypted (E2EE) protocol to secure audio and video calls. The protocol has been dubbed DAVE, short for Discord's audio and video end-to-end encryption ("E2EE A/V"). As part of the change introduced last week, voice and video in DMs, Group DMs, voice channels, and Go Live streams are expected to

 Feed only

Graham Cluley Security News is sponsored this week by the folks at ManageEngine. Thanks to the great team there for their support! It’s almost the end of 2024, and one thing is clear: cybersecurity and compliance are no longer optional; they’re inseparable pillars of survival. This year has seen some of the   show more ...

most severe cyber … Continue reading "Cybersecurity and compliance: The dynamic duo of 2024"

2024-09
Aggregator history
Monday, September 23
SUN
MON
TUE
WED
THU
FRI
SAT
SeptemberOctoberNovember