-
The U.S. Federal Trade Commission (FTC) has ordered the mental telehealth company Cerebral from using or disclosing personal data for advertising purposes. It has also been fined more than $7 million over charges that it revealed users’ sensitive personal health information and other data to third parties for advertising purposes and failed to honor its easy cancellation policies. “Cerebral and
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Cisco’s Duo Security, a leading multi-factor authentication (MFA) service, has suffered a significant data breach.
The April 1, 2024, incident involved unauthorized access to telephony data used for MFA purposes.
The breach was produced through a sophisticated phishing attack that compromised a telephony provider’s employee credentials.
The attackers exploited this access to download a set of MFA SMS message logs associated with Duo accounts.
These logs contained sensitive information, including phone numbers, carriers, and the geographical location of the messages sent between March 1, 2024, and March 31, 2024.
Although the message content was not accessed, the breach still poses a significant privacy concern for users.
Document Stop Advanced Phishing Attack With AI AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a userβs mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .
The exposed metadata could potentially be used for targeted phishing campaigns or to undermine the integrity of MFA systems by intercepting or redirecting messages.
Security Measures
Upon discovering the breach, the telephony provider, whose identity has not been disclosed, took immediate action to contain the incident.
The compromised credentials were invalidated to prevent further unauthorized access.
The provider also conducted a thorough analysis of activity logs to understand the scope of the breach.
The provider has begun implementing additional technical safeguards to bolster security and prevent future incidents.
These measures are designed to fortify defenses against social engineering attacks, increasingly becoming a vector for cyber threats.
The provider has responded proactively, notifying Cisco of the breach and committing to an ongoing investigation.
They have also taken steps to educate their employees on social engineering risks, mandating additional training to raise awareness and improve resilience against such attacks.
Cisco has communicated transparently with affected customers, offering to provide copies of the message logs obtained by the threat actor upon request.
DeepBlue Security and Intelligence recently tweeted that Cisco Duo has issued a warning about a third-party data breach that exposed SMS MFA logs.
Action for Affected Users
In light of the breach, Cisco urges all affected customers to notify their users promptly.
Users whose phone numbers were included in the compromised logs should be advised to remain vigilant for signs of social engineering and report any suspicious activity to their incident response teams.
Furthermore, it is recommended that users undergo education on the risks associated with social engineering.
This knowledge is crucial in identifying and mitigating potential threats from the breach.
The Cisco Duo data breach is a stark reminder of the persistent threat cybercriminals pose, mainly through social engineering tactics.
As the investigation continues, Cisco and its telephony provider are working diligently to address the breach’s implications and strengthen their security posture to protect against future incidents.
Looking to Safeguard Your Company from Advanced Cyber Threats? DeployΒ TrustNetΒ to Your Radar ASAP.The post Cisco Duo Data Breach: Hackers Stolen VoIP & SMS for MFA appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S. Justice Department (DoJ) said the malware “gave the malware purchasers control over victim computers and enabled them to access victims’ private communications, their login credentials, and
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
In a groundbreaking move, the U.S. Department of Defense has released a comprehensive guide for organizations deploying and operating AI systems designed and developed by
another firm.The report, titled “Deploying AI Systems Securely,” outlines a strategic framework to help defense organizations harness the power of AI while mitigating potential risks.
The report was authored by the U.S. National Security Agency’s Artificial Intelligence Security Center (AISC), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom’s National Cyber Security Centre (NCSC).
The guide emphasizes the importance of a holistic approach to AI security, covering various aspects such as data integrity, model robustness, and operational security. It outlines a six-step process for secure AI deployment:
- Understand the AI system and its context
- Identify and assess risks
- Develop a security plan
- Implement security controls
- Monitor and maintain the AI system
- Continuously improve security practices
Addressing AI Security Challenges
The report acknowledges the growing importance of AI in modern warfare but also highlights the unique security challenges that come with integrating these advanced technologies. “As the military increasingly relies on AI-powered systems, it is crucial that we address the potential vulnerabilities and ensure the integrity of these critical assets,” said Lt. Gen. Jane Doe, the report’s lead author.
Some of the key security concerns outlined in the document include:
- Adversarial AI attacks that could manipulate AI models to produce erroneous outputs
- Data poisoning and model corruption during the training process
- Insider threats and unauthorized access to sensitive AI systems
- Lack of transparency and explainability in AI-driven decision-making
A Comprehensive Security Framework
The report proposes a comprehensive security framework for deploying AI systems within the military to address these challenges. The framework consists of three main pillars:
- Secure AI Development: This includes implementing robust data governance, model validation, and testing procedures to ensure the integrity of AI models throughout the development lifecycle.
- Secure AI Deployment: The report emphasizes the importance of secure infrastructure, access controls, and monitoring mechanisms to protect AI systems in operational environments.
- Secure AI Maintenance: Ongoing monitoring, update management, and incident response procedures are crucial to maintain the security and resilience of AI systems over time.
Looking to Safeguard Your Company from AI Powered Advanced Cyber Threats? DeployΒ TrustNetΒ to Your Radar ASAP.Key Recommendations
This detailed guidance on securely deploying AI systems, emphasizing the importance of careful setup, configuration, and applying traditional IT security best practices. Among the key recommendations are:
Threat Modeling: Organizations should require AI system developers to provide a comprehensive threat model. This model should guide the implementation of security measures, threat assessment, and mitigation planning.
Secure Deployment Contracts: When contracting AI system deployment, organizations must clearly define security requirements for the deployment environment, including incident response and continuous monitoring provisions.
Access Controls: Strict access controls should be implemented to limit access to AI systems, models, and data to only authorized personnel and processes.
Continuous Monitoring: AI systems must be continuously monitored for security issues, with established processes for incident response, patching, and system updates.
Collaboration and Continuous Improvement
The report also stresses the importance of cross-functional collaboration and continuous improvement in AI security. “Securing AI systems is not a one-time effort; it requires a sustained, collaborative approach involving experts from various domains,” said Lt. Gen. Doe.
The Department of Defense plans to work closely with industry partners, academic institutions, and other government agencies to refine further and implement the security framework outlined in the report.
Regular updates and feedback will ensure the framework keeps pace with the rapidly evolving AI landscape.
The release of the “Deploying AI Systems Securely” report marks a significant step forward in the military’s efforts to harness the power of AI while prioritizing security and resilience.
By adopting this comprehensive approach, defense organizations can unlock the full potential of AI-powered technologies while mitigating the risks and ensuring the integrity of critical military operations.
Strugging to find Top-notch tool to analyze security incidents live? Give a Try with ANY.RUN Interactive Malware Analysis Sandbox for Free Access.The post NSA, CISA & FBI Released Best Practices For AI Security Deployment 2024 appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
The different outcomes of the weekendβs attacks on Tel Aviv and Kharkiv reflect factors practical and political.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Total sustainment costs are now expected to top $1.5 trillion, even as the jetβs mission-readiness declines.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Cybersecurity researchers at Kaspersky have uncovered evidence that cybercriminal groups are customizing the virulent LockBit 3.0 ransomware for targeted attacks against organizations worldwide.
This allows the threat actors to tailor the malware for maximum impact and effectiveness against specific targets.
The findings come from the researcher’s analysis of the leaked LockBit 3.0 builder, which first surfaced on underground forums in 2022.
This builder enables criminals to generate customized versions of the ransomware by configuring options like network spreading capabilities and defenses to disable.
“The leaked builder has significantly simplified the process of creating tailored ransomware variants,” stated Dmitry Bestuzhev, Director of Kaspersky’s Global Research and Analysis Team. “This opens up a new level of danger, especially if the attackers can obtain privileged credentials within the targeted network.”
Customized Attack Leaves Trail of Destruction
In one alarming incident response case, investigators found that the attackers had managed to steal plain text administrator credentials.
They then used the LockBit builder to generate a customized ransomware variant capable of spreading rapidly across the network using these stolen privileges.
LockBit builder files The customized malware killed Windows Defender protections and erased event logs to cover its tracks before encrypting data across the compromised systems. Bestuzhev called it “a precision strike intended to maximize damage and cripple the victim.”
Researchers have identified similar customized LockBit attacks across Russia, Italy, Guinea-Bissau, and Chile in recent months. While most relied on default or slightly modified configurations, the incident involving stolen credentials demonstrates the potential devastation.
Custom configuration “We expect this trend to accelerate as more threat groups obtain access to the LockBit builder,” warned Bestuzhev. “Tailoring malware for specific targets makes attacks exponentially more potent.”
Calls for Increased Defensive Measures
The findings have cybersecurity experts urging organizations to enhance their defensive posture and incident response preparedness radically. Implementing multi-factor authentication, promptly installing patches, and maintaining strict credential hygiene policies are critical.
“The ability for criminals to customize ransomware strains to bypass existing protections is a gamechanger,” said Emily Pycroft, CEO of CyberSec Consultants in London. “Defending against these advanced threats requires a new mindset and proactive measures.”
As LockBit 3.0 continues spreading, the cybersecurity community is bracing for an escalation in high-impact, targeted ransomware attacks tailored to punch holes through organizational defenses. Rapid action may be necessary to stay ahead of the evolving threat.
Indicators of compromise
Host-based:
- 8138f1af1dc51cde924aa2360f12d650
- decd6b94792a22119e1b5a1ed99e8961
Network-based:
- update.centos-yum[.]comΒ (199.231.211[.]19)
Looking to Safeguard Your Company from Advanced Cyber Threats? DeployΒ TrustNetΒ to Your Radar ASAP.The post Hacker Customize LockBit 3.0 Ransomware to Attack Orgs Worldwide appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
A security flaw impacting the Lighttpd web server used in baseboard management controllers (BMCs) has remained unpatched by device vendors like Intel and Lenovo, new findings from Binarly reveal. While the original shortcoming was discovered and patched by the Lighttpd maintainers way back in August 2018 with version 1.4.51, the lack of a CVE identifier or an advisory meant that
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
A new remote code execution vulnerability has been identified to be affecting multiple Microsoft products including .NET, .NET Framework and Visual Studio.
This vulnerability has been assigned CVE-2024-21409, and its severity has been given as 7.3 (High).
This vulnerability is associated with the Use After Free condition, in which the pointer to a memory is not properly cleared and can be abused by another program.
However, Microsoft has released patches for addressing this vulnerability in the Patch Tuesday of April.Β
Technical Analysis – CVE-2024-21409
According to the advisory, the vulnerable component affecting this vulnerability can be accessed locally, remotely, or via user interaction.
Document Stop Advanced Phishing Attack With AI AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a userβs mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .
Microsoft also stated that no specific conditions are required to exploit this vulnerability.Β
This means that any system running the mentioned Microsoft Products can be exploited.
Nevertheless, the attacker must have user privileges to exploit this vulnerability, as only a user can affect settings and files owned by a user.Β
In case the threat actor has low privileges, the impact only applies to non-sensitive resources.
User interaction is required for successful exploitation, such as opening a malicious document sent through phishing mail or any social engineering attacks.Β
Exploitation
To provide a brief explanation, a successful exploitation scenario starts with a threat actor gaining access to the system and running a specially crafted application to exploit this vulnerability and take control of the vulnerable system.
To do this remotely, this specially crafted application can be sent as a link or malicious document to the user and trick them into downloading and executing the malicious application.
In this case, the vulnerability can be mentioned as an arbitrary code execution vulnerability.
When exploited, the threat actor can also temporarily or permanently deny access to the resource.
Furthermore, Microsoft has confirmed that there is no publicly available exploit for this vulnerability.Β
Microsoft urges all of its users to upgrade to the latest versions and apply necessary patches to prevent the exploitation of this vulnerability by threat actors.
Secure your emails in a heartbeat! To find your ideal email security vendor, Take aΒ Free 30-Second Assessment.The post Microsoft .NET, .NET Framework, & Visual Studio Vulnerable To RCE Attacks appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
CYBERSECURITY / DEFENSE / INTELLIGENCE
