Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for USDA’s FIDO Rollou ...

 Cyber Essentials

Credential phishing remains a formidable threat to organizations worldwide, with malicious actors often relying on tricking individuals into voluntarily revealing sensitive login information. Recent years have seen a surge in Multi-Factor Authentication (MFA) bypass attacks, where threat actors exploit weaknesses in   show more ...

outdated MFA methods like SMS codes, authenticator apps, and push notifications. These methods, while better than no MFA, are increasingly vulnerable to modern threats. Recognizing this vulnerability, the U.S. Department of Agriculture (USDA) has taken significant strides toward safeguarding its workforce against phishing attacks. Partnering with the Cybersecurity and Infrastructure Security Agency (CISA), the USDA has released a case study detailing its deployment of Fast Identity Online (FIDO) authentication for approximately 40,000 staff members. This initiative marks a critical milestone in strengthening phishing-resistant MFA capabilities across the federal government. The Challenge of Legacy MFA Legacy MFA methods often fail to prevent determined attackers. Social engineering techniques enable bad actors to manipulate individuals into sharing not just usernames and passwords but also the secondary verification codes or push approvals needed to access accounts. This gap in security necessitates a move toward phishing-resistant MFA solutions. USDA faced unique challenges that required innovative solutions. With over 130,000 employees, the department's workforce includes seasonal and lab-based staff who cannot use traditional Personal Identity Verification (PIV) cards. These cards, the federal standard for authentication, are unsuitable for some environments, such as labs requiring decontamination processes that would damage PIV cards. FIDO: A Secure, Phishing-Resistant Solution USDA turned to FIDO authentication to address these challenges. Unlike traditional MFA, FIDO leverages cryptographic keys stored on user devices, eliminating the need for passwords and providing robust protection against phishing. Even if an employee inadvertently provides their credentials, the attacker cannot bypass FIDO's strong cryptographic safeguards. This transition is part of USDA's broader strategy to align with the U.S. government’s Zero Trust Cybersecurity Principles. By enabling FIDO authentication through centralized Identity, Credential, and Access Management (ICAM) systems, USDA has created a scalable solution that integrates with Single Sign-On (SSO) platforms and hybrid cloud identity solutions, such as Microsoft Entra ID. Innovative Use Cases USDA’s adoption of FIDO has proven particularly effective in two scenarios: Seasonal Employees: Previously, seasonal workers without PIV cards relied on user IDs and passwords, a practice deemed too risky in light of evolving phishing tactics. Lab Environments: Employees in labs requiring decontamination procedures needed a solution that could withstand these processes. USDA piloted FIDO-enabled security keys designed to endure harsh environments while maintaining robust security. Through its centralized ICAM system, USDA was able to incrementally deploy FIDO authentication across its ecosystem, protecting over 600 applications. The implementation included key services such as Windows desktop logon, Microsoft 365 access, Virtual Private Network (VPN) connections, and SSO-based applications. Key Takeaways from USDA’s Success USDA’s journey offers invaluable lessons for organizations striving to enhance their cybersecurity posture: Centralization is Key: By consolidating IT infrastructure, support, and security operations under a single authority, USDA streamlined its ability to deploy phishing-resistant MFA solutions efficiently. Centralized SSO platforms and hybrid cloud identity solutions were instrumental in this process. Incremental Improvements: USDA’s philosophy of “always be piloting” allowed for continuous innovation. By conducting small-scale pilots, the organization identified potential challenges and refined its approach before broader implementation. Phishing Resistance Matters: The USDA’s reliance on FIDO demonstrates the necessity of modern MFA solutions. Legacy methods such as SMS or push notifications are no longer adequate against sophisticated phishing attacks. Tailored Solutions for Unique Needs: USDA recognized that one size does not fit all. Their deployment of FIDO security keys for lab workers and other non-traditional use cases underscores the importance of flexibility in authentication strategies. Results: Phishing-Resistant MFA at Scale By integrating FIDO with its SSO platform and hybrid cloud identity solution, USDA enabled phishing-resistant authentication for over 600 applications. Key use cases included: Windows desktop logins Microsoft 365 access VPN authentication Single Sign-On (SSO) Additionally, USDA introduced a centralized HR application as the authoritative source for identity lifecycle data. This automation streamlined credential provisioning and deprovisioning for employees, enhancing both security and efficiency. Why This Matters Credential phishing remains a leading attack vector, with legacy MFA often failing to protect against bypass attempts. Solutions like FIDO and public-key infrastructure (PKI) are critical to countering these threats. USDA’s example demonstrates that transitioning to phishing-resistant MFA is both achievable and essential. By leveraging modern technologies and fostering a culture of continuous improvement, organizations can significantly reduce their risk of compromise.

image for Phishing Scheme Bust ...

 Firewall Daily

The U.S. law enforcement has unsealed criminal charges against five individuals involved in a large-scale phishing scheme targeting employees at companies across the United States.   These defendants allegedly exploited phishing text messages to steal sensitive data, which was then used to access company systems and   show more ...

virtual currency accounts, resulting in millions of dollars in stolen cryptocurrency.   The charges were made public on November 19, 2024, with the authorities describing this scheme as one of the most sophisticated cybercrime operations in recent years.  The Running Phishing Scheme Scammers Arrested  The defendants face multiple criminal charges including conspiracy to commit wire fraud, conspiracy, and aggravated identity theft. The individuals charged are:  Ahmed Hossam Eldin Elbadawy, 23, known as “AD,” from College Station, Texas.  Noah Michael Urban, 20, known as “Sosa” and “Elijah,” from Palm Coast, Florida.  Evans Onyeaka Osiebo, 20, from Dallas, Texas.  Joel Martin Evans, 25, known as “joeleoli,” from Jacksonville, North Carolina.  Tyler Robert Buchanan, 22, from the United Kingdom, who faces a criminal complaint with similar charges.  Evans was arrested in North Carolina, while Urban is already facing additional fraud charges in a separate federal case in Florida. This case highlights the growing threat of phishing, a form of cybercrime that continues to evolve and wreak havoc on businesses and individuals alike.  The criminal group reportedly launched their phishing attacks between September 2021 and April 2023. According to court documents, the attackers initiated mass phishing campaigns through SMS (Short Message Service) text messages, which were sent to employees of numerous companies across the United States. These messages appeared to come from legitimate sources, such as the victim companies themselves or their contracted IT service providers and warned recipients that their accounts were about to be deactivated.  The messages included links to fraudulent websites, which were designed to mimic the legitimate websites of the companies or their service providers. Once the employees clicked on these links, they were prompted to enter their account credentials, which could include usernames, passwords, and even two-factor authentication codes sent to their mobile devices. By harvesting these credentials, the defendants gained unauthorized access to the companies' internal systems and employees' personal accounts.  The Scope of the Damage  The impact of this phishing scheme was far-reaching. Once the criminals had gained access to the stolen credentials, they used them to infiltrate the victims' company systems. This allowed them to steal confidential and valuable information, including intellectual property, proprietary data, and personal information like account access credentials, names, email addresses, and phone numbers.  In addition to their intrusion into company systems, the defendants used the information obtained to target individuals' cryptocurrency accounts. By leveraging leaked data and unauthorized access, they managed to steal millions of dollars in virtual currency from unsuspecting victims. The theft of cryptocurrency adds another layer of complexity to the case, as these digital assets are notoriously difficult to trace and recover once stolen.  Legal Consequences and Potential Penalties  The criminal charges carry serious penalties. If convicted, each defendant faces a maximum sentence of up to 20 years in federal prison for conspiracy to commit wire fraud. Additionally, they could face five years for the conspiracy charge and a mandatory two-year consecutive prison sentence for aggravated identity theft. Buchanan, who is also charged with wire fraud, could face up to 20 years in prison if found guilty.  “This group of cybercriminals ran a highly sophisticated scheme that targeted vulnerable individuals and companies, stealing millions of dollars and compromising the security of numerous systems,” said United States Attorney Martin Estrada. “As this case illustrates, phishing is no longer a simple nuisance but a serious crime that can result in significant financial losses and reputational damage.”  Investigative Efforts and Law Enforcement Support  The Federal Bureau of Investigation (FBI) has led the investigation, with assistance from the U.S. Attorney’s Office for the Eastern District of North Carolina, Police Scotland, and FBI field offices in Charlotte, Denver, Houston, and Portland. FBI Assistant Director in Charge Akil Davis emphasized the widespread nature of phishing schemes, warning that such fraudulent solicitations are common but can have devastating consequences for victims.  “The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts,” said Davis. “These types of fraudulent activities rob people of their hard-earned money with just a click of a button. I am proud of the work done by our cyber agents who were able to bring these alleged criminals to justice.”  Ongoing Cybersecurity Vigilance  Phishing remains a critical threat, and this case underscores the need for constant vigilance from individuals and businesses alike. Cybercriminals are becoming increasingly adept at using sophisticated techniques to deceive victims into revealing sensitive information. Experts continue to advise individuals to be cautious when receiving unsolicited messages or emails and to verify any communication that seems suspicious.  The U.S. Department of Justice’s efforts to bring these defendants to justice highlight the government's commitment to tackling cybercrime, which remains a major concern as more personal and financial activities move online. As the legal proceedings move forward, it will be important to monitor how authorities handle the challenges of prosecuting cybercrime and whether these actions can deter future attempts at phishing schemes and other forms of digital fraud. 

image for Cyber Threats in Aus ...

 Firewall Daily

The Annual Cyber Threat Report 2023-2024 has shared crucial insights into the current state of cybersecurity in Australia, detailing the ongoing risks and challenges faced by businesses, individuals, and critical sectors.   Cybercriminals, including state-sponsored actors, continue to target government entities,   show more ...

private enterprises, and vital infrastructure. The Australian Signals Directorate (ASD) has responded to over 1,100 cybersecurity incidents in the past year.  Annual Cyber Threat Report 2023-2024: Rising Cybercrime Threats Across Australia  The report outlines the top three self-reported cybercrime threats faced by businesses and individuals, providing insights into the most common attacks and how to mitigate them.  For Businesses:  Email Compromise (No Financial Loss): This type of attack accounted for 20% of reported cyber incidents. Mitigating email compromise involves training staff on identifying phishing attempts, enforcing multi-factor authentication (MFA), and using email filtering tools.  Online Banking Fraud: At 13%, this threat highlights the risks associated with fraudulent activities targeting financial accounts. Businesses are encouraged to verify changes to banking details, monitor suspicious communications, and avoid unsolicited messages from financial providers.  Business Email Compromise (BEC) Fraud (Financial Loss): Also accounting for 13%, BEC fraud remains one of the most significant threats to businesses, with attackers exploiting email systems for financial gain. Mitigations include increasing cybersecurity awareness, securing domain names, and implementing MFA.  For Individuals:  Identity Fraud: This remains the leading concern for individuals, with 26% of Australians affected. To defend against identity theft, it’s crucial to use MFA, secure passwords, and minimize personal information shared online.  Online Shopping Fraud: With 15% of individuals reporting this threat, the risk of fraud through e-commerce platforms is significant. Mitigations include updating devices, using secure passwords, and being cautious when sharing payment details.  Online Banking Fraud: At 12%, this threat emphasizes the importance of monitoring banking details and remaining vigilant against unsolicited SMS and phishing attempts.  The Ongoing Threat from State-Sponsored Cyber Actors  The Annual Cyber Threat Report stresses the persistent danger posed by state-sponsored cyber threats. These sophisticated attacks, often linked to countries like China and Russia, target Australian government systems, critical infrastructure, and businesses for espionage or disruption. These actors employ a combination of advanced techniques, such as spear-phishing and exploiting supply chain vulnerabilities, as well as more straightforward attacks.  Collaboration among various organizations and intelligence-sharing platforms like ASD’s Cyber Security Partnership Program has become a vital strategy to defend against these threats. By fostering stronger relationships between government agencies and the private sector, Australia is better positioned to identify, respond to, and mitigate the risks posed by state-sponsored cyber actors.  Cyber Threats to Critical Infrastructure  Critical infrastructure remains a high-value target for cybercriminals, with industries such as energy, water, education, and transport bearing the brunt of cyberattacks. Phishing and malware infections are particularly prevalent, while the risk of supply chain compromises continues to grow.   In response, Australia’s government has urged organizations in these sectors to adopt a proactive cybersecurity stance, which includes mapping networks, maintaining asset registries, and implementing event logging systems. A key focus in the Annual Cyber Threat Report is the growing risk of cyber threats targeting Australia’s critical infrastructure, with attackers ranging from profit-driven cybercriminals seeking to extort organizations to politically motivated hacktivists aiming to disrupt services or steal sensitive data.  Case Studies: Real-World Cybersecurity Incidents  The report presents several case studies that demonstrate the diverse and evolving nature of cyber threats in Australia.  Hospital Cyber Incident (2024): A hospital faced an attack where an unauthorized device exploited a cached login session to bypass multi-factor authentication (MFA). The attack was blocked before it could cause damage, but it underscored the importance of securing login systems and enforcing stronger controls.  Energy Supplier DDoS Attack (2024): A New South Wales energy supplier was targeted by a brute-force Distributed Denial of Service (DDoS) attack on its operational technology (OT) network. Although the attack temporarily disrupted remote monitoring systems, onsite access ensured that operations continued. This case highlights the need for robust cybersecurity measures for OT networks.  Business Cyber Resilience Improvements (2024): In response to specific cyber threats, a major Australian organization invested heavily in cybersecurity, dedicating over 300 person-hours and increasing their security budget by 50%. This proactive approach demonstrates how organizations can leverage expert insights to fortify their defenses.  The Impact of AI on Cybercrime  AI is becoming a powerful tool for cybercriminals, particularly in social engineering and spear-phishing attacks. The Annual Cyber Threat Report 2023-2024 emphasizes how cybercriminals are using AI to automate attacks, making them more targeted and efficient.  A prime example of this is vishing scams, where AI-generated deepfakes impersonate colleagues in video conferences to steal millions. In one case, a multinational corporation fell victim to a vishing scam that involved AI-generated deepfakes of company executives, resulting in a substantial financial loss.  While AI poses online risks to cybersecurity, it also offers opportunities to enhance defense systems. AI can improve threat detection, bolster incident response, and even help identify ransomware before it can cause significant damage.  Ransomware and Data Theft: Ongoing Challenges  Ransomware continues to be a major concern for Australian organizations, with 121 incidents reported in FY2023-24. Cybercriminals increasingly combine ransomware attacks with data theft, extorting victims by threatening to leak sensitive data unless a ransom is paid. The Australian Institute of Criminology reported that 12% of ransomware victims were extorted over data theft. Small businesses are particularly vulnerable, with an average loss of $49,615 in 2023-24 from cybercrime-related incidents. The Annual Cyber Threat Report urges businesses not to pay ransoms, as it doesn’t guarantee data recovery and fuels further criminal activity. Additionally, Australia’s Operation ORCUS has successfully disrupted major ransomware syndicates, including the ALPHV/BlackCat group and LockBit, which continues to target critical infrastructure globally.  The report provides valuable data on cybercrime across different Australian states and territories. Queensland and Victoria reported disproportionately high rates of cybercrime, while New South Wales experienced the highest financial losses, averaging $86,000 per report. In FY2023-24, Business Email Compromise (BEC) losses totaled nearly $84 million, with Queensland accounting for the largest number of reports.  Conclusion  The Annual Cyber Threat Report highlights the growing cybersecurity risks in Australia and stresses the need for stronger defenses. It recommends adopting the Essential Eight Maturity Model, which includes practices like patching applications and enforcing multi-factor authentication (MFA). Programs like the Cyber Security Partnership Program and Critical Infrastructure Uplift Program (CI-UP) support collaboration across sectors. Simple cyber hygiene practices, such as using strong passwords and staying alert to phishing, are also crucial.

image for Do you actually need ...

 Threat Lab

With the rise of online scams and privacy risks, virtual private networks (VPNs) are becoming more popular for day-to-day use. Or at least I feel like they are based on the number of ads I hear for them on my favorite podcasts. So maybe you’ve heard of VPNs but aren’t actually sure what they are. Simply put, a   show more ...

VPN creates a safe, anonymous pathway for the data you send and receive over a Wi-Fi network, allowing you to browse anonymously and access content as if you were in a different location. Maybe you’ve used VPNs as a remote worker to access resources and applications for your job, or as a student to connect to your university network. Do you really need a VPN for personal use? The short answer—absolutely! Keep reading for the long answer and for tips on choosing the right VPN. How do VPNs work? Essentially, VPNs create a secure tunnel for your data. The five core components of a VPN are: Encryption: The conversion of information into a coded format that can only be read by someone who has the decryption key. It ensures that data remains secure and private during transmission or storage. VPN servers: Usually located all over the world, VPN servers act as intermediaries between your device and the internet and maintain your privacy by masking your IP address and location. Kill switch: Blocks your device’s internet access if the VPN connection drops. This way, the VPN app makes sure you’re always protected. Split tunneling: Allows you to choose which internet traffic goes through the VPN (with encryption) and which goes directly to the internet. VPN protocols: Transmits your data according to protocols like OpenVPN, IKEv2, and WireGuard. Each cover different use cases like streaming or gaming or are required for certain types of devices. Why use a VPN? Maybe you already have other personal cybersecurity tools for personal user and think you don’t need a VPN. Consider the following and see if you still feel that way: Privacy protection Because a VPN creates a secure tunnel for your data, you don’t have to worry about bad actors peeping in on your activity and private information. This is especially important when using public Wi-Fi at coffee shops, airports, malls or hotels, where hackers can easily overcome public Wi-Fi security protocols to gain access to your device. Antivirus augmentation Even if you already have antivirus software, using a VPN enhances your personal cybersecurity.Personal privacy: Antivirus software: Primarily protects your device from malware, viruses, and other malicious software. VPN: Encrypts your internet connection, hiding your online activities from ISPs, hackers, and even government surveillance. Keeps your browsing history and personal data private and anonymous. Secure public Wi-Fi use: Antivirus software: Can detect and block malicious files or websites, but it doesn’t secure your internet connection. VPN: Protects your data on public Wi-Fi networks, which are often unsecured and a hotspot for hackers. A VPN encrypts your connection, making it much harder for anyone to intercept your data. Accessing restricted content I have a friend who loves British television but can’t always access it due to living in America. So she uses a VPN to set the United Kingdom as her virtual location and then watches all the BBC murder mysteries she wants. This capability is extremely useful if you’re someone who travels a lot. For example, if you find yourself in a country with strict censorship laws, a VPN can help you access your usual content—even if it is restricted. Which VPN should you choose? Consider the following when researching VPNs: Connection speed Unlimited data and bandwidth Number and location of servers across the globe No-log policy* Security features and protocols Ease of use Brand reputation and customer support While some VPNs may be free, they often come with limited performance, data caps, and lower security and log standards. What steps should you take next? Cybersecurity is only going to get more important as technology—and cyberthreats—advance. To protect your private, sensitive data, you’ll need all the tools at your disposal to keep out criminals. Add a VPN such as Webroot Secure VPN to your arsenal of cybersecurity tools to browse the internet safely and privately. *A no-log policy means that the provider doesn’t keep any records of your online activities, ensuring your privacy and anonymity. This policy protects you from tracking, reduces the risk of data breaches, and prevents third-party access to your information. It also builds trust and gives you peace of mind, knowing your online activities are not being recorded or shared. The post Do you actually need a VPN? Your guide to staying safe online! appeared first on Webroot Blog.

image for Packages with infost ...

 Business

Our Global Research and Analysis Team (GReAT) experts have discovered two malicious packages in the Python Package Index (PyPI) – a popular third-party software repository for Python. According to the packages descriptions, they were libraries that allowed to work with popular LLMs (large language models). However,   show more ...

in fact, they imitated the declared functionality using the demo version of ChatGPT, and their main purpose was to install JarkaStealer malware. The packages were available for download for more than a year. Judging by the repositorys statistics, during this time they were downloaded more than 1700 times by users from more than 30 countries. Malicious packages and what were they used for The malicious packages were uploaded to the repository by one author and, in fact, differed from each other only in name and description. The first was called gptplus and allegedly allowed access to the GPT-4 Turbo API from OpenAI; the second was called claudeai-eng and, according to the description, also promised access to the Claude AI API from Anthropic PBC. The descriptions of both packages included usage examples that explained how to create chats and send messages to language models. But in reality, the code of these packages contained a mechanism for interaction with the ChatGPT demo proxy in order to convince the victim that the package was working. Meanwhile, the __init__.py file contained in the packages decoded the data contained inside and downloaded the JavaUpdater.jar file from the GitHub repository. If Java was not found on the victims machine, it also downloaded and installed the Java Runtime Environment (JRE) from Dropbox. The jar file itself contained the JarkaStealer malware, which was used to compromise the development environment and for undetected exfiltration of stolen data. What is JarkaStealer malware, and why is it dangerous? JarkaStealer is malware, presumably written by Russian-speaking authors, which is used primarily to collect confidential data and send it to the attackers. Heres what it can do: Steal data from various browsers; Take screenshots; Collect system information; Steal session tokens from various applications (including Telegram, Discord, Steam, and even a Minecraft cheat client); Interrupt browser processes to retrieve saved data. The collected information is then archived, sent to the attackers server, and then deleted from the victims machine. The malware authors distribute it through Telegram using the malware-as-a-service (MaaS) model. However, we also found the source code of JarkaStealer on GitHub, so its possible that this campaign didnt involve the original authors of the malware. How to stay safe We promptly informed PyPI administrators about the malicious implants in the gptplus and claudeai-eng packages, and as of now theyve already been removed from the repository. However, theres no guarantee that this (or a similar) trick wont be pulled on some other platform. We continue to monitor activity related to the JarkaStealer malware and look for other threats in open source software repositories. For those who downloaded and used one of the malicious packages, the main recommendation is to immediately delete it. The malware doesnt have persistence functionality, so its launched only when the package is used. However, all passwords and session tokens that were used on a victims machine could have been stolen by JarkaStealer, and so should be immediately changed or reissued. We also recommend that developers be especially vigilant when working with open source software packages, and inspect them thoroughly before integrating them into their projects. This includes a detailed analysis of the dependencies and the respective supply chain of software products – especially when it comes to such a hyped topic as the integration of AI technologies. In this case, the authors profiles creation date on PyPI could have been a red flag. If you look closely at the screenshot above, you can see that both packages were published on the same day, while the account that published them was registered just a couple of days earlier. In order to minimize the risks of working with third-party open source software packages and avoid an attack on the supply chain, we recommend including in DevSecOps processes the Kaspersky Open Source Software Threats Data Feed, which is designed specifically for monitoring used open source components in order to detect threats that might be hidden inside.

image for Feds Charge Five Men ...

 A Little Sunshine

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio. A visual depiction of the   show more ...

attacks by the SMS phishing group known as Scattered Spider, and Oktapus. Image: Amitai Cohen twitter.com/amitaico. The five men, aged 20 to 25, are allegedly members of a hacking conspiracy dubbed “Scattered Spider” and “Oktapus,” which specialized in SMS-based phishing attacks that tricked employees at tech firms into entering their credentials and one-time passcodes at phishing websites. The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule. These attacks leveraged newly-registered domains that often included the name of the targeted company, such as twilio-help[.]com and ouryahoo-okta[.]com. The phishing websites were normally kept online for just one or two hours at a time, meaning they were often yanked offline before they could be flagged by anti-phishing and security services. The phishing kits used for these campaigns featured a hidden Telegram instant message bot that forwarded any submitted credentials in real-time. The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website. In August 2022, multiple security firms gained access to the server that was receiving data from that Telegram bot, which on several occasions leaked the Telegram ID and handle of its developer, who used the nickname “Joeleoli.” The Telegram username “Joeleoli” can be seen sandwiched between data submitted by people who knew it was a phish, and data phished from actual victims. Click to enlarge. That Joeleoli moniker registered on the cybercrime forum OGusers in 2018 with the email address joelebruh@gmail.com, which also was used to register accounts at several websites for a Joel Evans from North Carolina. Indeed, prosecutors say Joeleoli’s real name is Joel Martin Evans, and he is a 25-year-old from Jacksonville, North Carolina. One of Scattered Spider’s first big victims in its 2022 SMS phishing spree was Twilio, a company that provides services for making and receiving text messages and phone calls. The group then used their access to Twilio to attack at least 163 of its customers. According to prosecutors, the group mainly sought to steal cryptocurrency from victim companies and their employees. “The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts,” said Akil Davis, the assistant director in charge of the FBI’s Los Angeles field office. Many of the hacking group’s phishing domains were registered through the registrar NameCheap, and FBI investigators said records obtained from NameCheap showed the person who managed those phishing websites did so from an Internet address in Scotland. The feds then obtained records from Virgin Media, which showed the address was leased for several months to Tyler Buchanan, a 22-year-old from Dundee, Scotland. A Scattered Spider phishing lure sent to Twilio employees. As first reported here in June, Buchanan was arrested in Spain as he tried to board a flight bound for Italy. The Spanish police told local media that Buchanan, who allegedly went by the alias “Tylerb,” at one time possessed Bitcoins worth $27 million. The government says much of Tylerb’s cryptocurrency wealth was the result of successful SIM-swapping attacks, wherein crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. According to several SIM-swapping channels on Telegram where Tylerb was known to frequent, rival SIM-swappers hired thugs to invade his home in February 2023. Those accounts state that the intruders assaulted Tylerb’s mother in the home invasion, and that they threatened to burn him with a blowtorch if he didn’t give up the keys to his cryptocurrency wallets. Tylerb was reputed to have fled the United Kingdom after that assault. A still frame from a video released by the Spanish national police, showing Tyler Buchanan being taken into custody at the airport. Prosecutors allege Tylerb worked closely on SIM-swapping attacks with Noah Michael Urban, another alleged Scattered Spider member from Palm Coast, Fla. who went by the handles “Sosa,” “Elijah,” and “Kingbob.” Sosa was known to be a top member of the broader cybercriminal community online known as “The Com,” wherein hackers boast loudly about high-profile exploits and hacks that almost invariably begin with social engineering — tricking people over the phone, email or SMS into giving away credentials that allow remote access to corporate networks. In January 2024, KrebsOnSecurity broke the news that Urban had been arrested in Florida in connection with multiple SIM-swapping attacks. That story noted that Sosa’s alter ego Kingbob routinely targeted people in the recording industry to steal and share “grails,” a slang term used to describe unreleased music recordings from popular artists. FBI investigators identified a fourth alleged member of the conspiracy – Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas — after he used a portion of cryptocurrency funds stolen from a victim company to pay for an account used to register phishing domains. The indictment unsealed Wednesday alleges Elbadawy controlled a number of cryptocurrency accounts used to receive stolen funds, along with another Texas man — Evans Onyeaka Osiebo, 20, of Dallas. Members of Scattered Spider are reputed to have been involved in a September 2023 ransomware attack against the MGM Resorts hotel chain that quickly brought multiple MGM casinos to a standstill. In September 2024, KrebsOnSecurity reported that a 17-year-old from the United Kingdom was arrested last year by U.K. police as part of an FBI investigation into the MGM hack. Evans, Elbadawy, Osiebo and Urban were all charged with one count of conspiracy to commit wire fraud, one count of conspiracy, and one count of aggravated identity theft. Buchanan, who is named as an indicted co-conspirator, was charged with conspiracy to commit wire fraud, conspiracy, wire fraud, and aggravated identity theft. A Justice Department press release states that if convicted, each defendant would face a statutory maximum sentence of 20 years in federal prison for conspiracy to commit wire fraud, up to five years in federal prison for the conspiracy count, and a mandatory two-year consecutive prison sentence for aggravated identity theft. Buchanan would face up to 20 years in prison for the wire fraud count as well. Further reading: The redacted complaint against Buchanan (PDF) Charges against Urban and the other defendants (PDF).

 Feed

This Metasploit module leverages an unauthenticated remote command execution vulnerability in Ivanti's EPM Agent Portal where an RPC client can invoke a method which will run an attacker-specified string on the remote target as NT AUTHORITYSYSTEM. This vulnerability is present in versions prior to EPM 2021.1 Su4 and EPM 2022 Su2.

 Feed

Judge0 does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox.

 Feed

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

 Feed

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

 Feed

Ubuntu Security Notice 7118-1 - It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. It was discovered that ZBar did not properly handle   show more ...

certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

 Feed

Ubuntu Security Notice 7091-2 - USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for ruby2.7 in Ubuntu 20.04 LTS. It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker   show more ...

could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that Ruby incorrectly handled parsing of an XML document that has many entity expansions with SAX2 or pull parser API. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. It was discovered that Ruby incorrectly handled parsing of an XML document that has many digits in a hex numeric character reference. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service.

 Feed

Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers. "They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher

 Feed

Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars. All of the accused parties have been

 Feed

Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. "These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets,"

 Feed

Privileged access management (PAM) plays a pivotal role in building a strong security strategy. PAM empowers you to significantly reduce cybersecurity risks, gain tighter control over privileged access, achieve regulatory compliance, and reduce the burden on your IT team.  As an established provider of a PAM solution, we’ve witnessed firsthand how PAM transforms organizational security. In

 Feed

Threat actors with ties to the Democratic People's Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme. "Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers' true origins and

 Feed

As a relatively new security category, many security operators and executives I’ve met have asked us “What are these Automated Security Validation (ASV) tools?” We’ve covered that pretty extensively in the past, so today, instead of covering the “What is ASV?” I wanted to address the “Why ASV?” question. In this article, we’ll cover some common use cases and misconceptions of how people misuse

 Feed

New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures. The analysis, which comes from attack surface management company Censys, found that 38% of the devices are located in North America, 35.4% in Europe, 22.9% in Asia, 1.7% in Oceania, 1.2% in South America,

 Feed

As many as 2,000 Palo Alto Networks devices are estimated to have been compromised as part of a campaign abusing the newly disclosed security flaws that have come under active exploitation in the wild. According to statistics shared by the Shadowserver Foundation, a majority of the infections have been reported in the U.S. (554) and India (461), followed by Thailand (80), Mexico (48), Indonesia

 Feed

The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia. That's according to findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in March 2023.

 deepfake

In our latest episode we discuss how a woman hid under the bed after scammers told her she was under "digital arrest", how hackers are hijacking YouTube channels through malicious sponsorship deals, and how one phone company is turning the tables on fraudsters through deepfake AI. All this and much more is   show more ...

discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Varmazis.

 1 - Cyber Security News Post

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada Leveling Up Fuzzing: Finding more vulnerabilities with AI – Source:security.googleblog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Enhancing Cyber Resilience in US SLED Organizations – Source:levelblue.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.govinfosecurity.com – Author: Managed Detection & Response (MDR) , Open XDR , Security Operations Security Operations Purchase Brings Cloud-Native XDR, MDR to IT Management Platform Michael Novinson (MichaelNovinson) • November 20, 2024     Robert Johnston, co-founder and CEO, Adlumin   show more ...

(Image: Adlumin) N-able purchased a security operations vendor founded by a former Marine Corps […] La entrada N-able Strengthens Cybersecurity via $266M Adlumin Purchase – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada Feds Seize PopeyeTools Marketplace, Charge Alleged Operators – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Nightwing CEO on Post-Raytheon Independence, Cyber Expertise   show more ...

– Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Coast

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Coast Guard Warns of Continued Risks in Chinese Port Cranes – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.govinfosecurity.com – Author: The Future of AI & Cybersecurity Presented by Palo Alto Networks x Google Cloud     60 minutes     As AI continues to transform industries, the threat landscape has evolved significantly. To stay ahead, organizations must not only protect themselves against   show more ...

AI-powered attacks but also ensure the security of their […] La entrada AI-nt Nothing Gonna Break My Defense: Securing Against Automated Attacks – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Put your usernames and passwords in your will, advises   show more ...

Japan’s government – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Five Scattered Spider suspects indicted for phishing spree and   show more ...

crypto heists – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chinese

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Chinese cyberspies, Musk’s Beijing ties, labelled ‘real   show more ...

risk’ to US security by senator – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Mega US healthcare payments network restores system 9 months   show more ...

after ransomware attack – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Google’s AI bug hunters sniff out two dozen-plus code   show more ...

gremlins that humans missed – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada Stories from the SOC: Registry Clues to PDF Blues: A Tale of PUA Persistence – Source:levelblue.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Live Webinar | How to Build Cyber Resilience with Proactive   show more ...

Incident Response Strategies – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Navigating the Unstructured Data Maze: Your Journey Starts Here   show more ...

– Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Let’s Give Thanks for How Far We’ve Come – and   show more ...

Forge Ahead! – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada German CERT Warns ‘Attacks are Happening,’ Urges PAN-OS Chained Vulnerabilities’ Patching – Source:cyble.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada USDA Implements Phishing-Resistant Multi-Factor Authentication   show more ...

(MFA) with Fast Identity Online (FIDO) – Source:cyble.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Sophos XDR: New generative AI functionality and case   show more ...

investigation enhancements – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada How Inadequate Authentication Logic Led to an MFA Bypass and   show more ...

Account Takeover – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Secret Service Tracking People’s Locations without Warrant – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Steve Bellovin’s Retirement Talk – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Linux Malware WolfsBane and FireWood Linked to Gelsemium APT   show more ...

– Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Vietnam’s Infostealer Crackdown Reveals VietCredCare and   show more ...

DuckTail – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Google OSS-Fuzz Harnesses AI to Expose 26 Hidden Security   show more ...

Vulnerabilities – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-11
Aggregator history
Thursday, November 21
FRI
SAT
SUN
MON
TUE
WED
THU
NovemberDecemberJanuary