Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities

source: thehackernews.com  |  image: pexels.com

 

Microsoft is warning of an uptick among nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments.

The tech giant, in its 114-page Digital Defense Report, said it has “observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability,” making it imperative that organizations patch such exploits in a timely manner.

This also corroborates with an April 2022 advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which found that bad actors are “aggressively” targeting newly disclosed software bugs against broad targets globally.

Continue reading “Microsoft Warns of Uptick in Hackers Leveraging…”

Web inventor Tim Berners-Lee wants us to ‘ignore’ Web3: ‘Web3 is not the web at all’

source: cnbc.com  |  image:  pexels.com

 

LISBON, Portugal — The creator of the web isn’t sold on crypto visionaries’ plan for its future and says we should “ignore” it.

Tim Berners-Lee, the British computer scientist credited with inventing the World Wide Web in 1989, said Friday that he doesn’t view blockchain as a viable solution for building the next iteration of the internet.

He has his own web decentralization project called Solid.

“It’s important to clarify in order to discuss the impacts of new technology,” said Berners-Lee, speaking onstage at the Web Summit event in Lisbon. “You have to understand what the terms mean that we’re discussing actually mean, beyond the buzzwords.”

Continue reading “Web inventor wants us to ‘ignore’ Web3…”

How critical US sectors are coping with rising cyberattacks

source: thehill.com  |  image: pixabay.com

BY INES KAGUBARE

The rise in cyberattacks this year has forced many companies in critical sectors to make improvements to their cyber defenses in an effort to secure their networks from hacks.

Such companies are increasing their investments in cybersecurity and seeking to hire more cyber professionals — a task proving to be challenging amid a shortage of cyber workers across industries. 

The Hill spoke to several security experts and industry leaders in the financial, health care and energy sectors to gauge how those critical industries are seeking to keep their networks secure amid the growing number of cyberattacks.

In the health care sector, which has seen a spike in ransomware this year targeting hospitals and other health care facilities, Christopher Plummer, a senior cybersecurity architect at Dartmouth Health, said having a cybersecurity program is crucial for hospitals, as they hold sensitive information — including patient data. 

But he estimated that only about 10 to 20 percent of the nation’s hospitals have a dedicated cybersecurity program.

Continue reading “How critical US sectors are coping with rising cyberattacks”

Teen cyber cartels: when world’s most prolific cybercriminals are minors

source:  cybernews.com  |  image: pixels.com

 

As the announcement of two teenagers charged in relation to the Lapsus$ extortion group broke, we began to wonder: how do youngsters join the world’s biggest cyber gangs in the first place?

“Youth of cybercrime” is a relatively new yet quickly spreading phenomenon. It’s becoming increasingly less uncommon to discover that children were behind notorious hacks. Elliott Gunton, for example, was only 16 when he breached the UK telecoms operator TalkTalk, compromising the details of hundreds of thousands of customers. Another “self-proclaimed Apple fan” from Australia (who cannot be identified for legal reasons) was 13 when he first hacked into Apple’s private networks and stole 90GB worth of data. Both of these teenagers received jail time related to various cybercrimes.

Of course, such cases are not limited to hacking into big tech corporations. Jonathan James, a 15-year-old from Florida, managed to install a backdoor in US military servers and access the source code of the International Space Station (ISS). Other kids simply use malware to pull pranks on each other without fully recognizing that it’s still illegal.

“These kids grew up in an online world, and some become proficient in programming and cyber skills well before they reach their teens,” John Gunn, CEO of Token, told Cybernews.

What attracts teenagers to cybercrime?

In many ways, teenagers find themselves as attracted to cybercrime as they are to most unknowns of the big and yet so unfamiliar world. That’s why Kent Landfield, Chief Standards and Technology Policy Strategist at Trellix, considers the boom in “youth-led cybercrime” to be a cultural issue as much as a public policy one.

Continue reading “Teen cyber cartels…”

Uber investigating wide-reaching security breach

 

source: axios.com  |  image by Mikhail Nilov for pexels.com

Uber is currently responding to what could be one of the worst breaches in the company’s history — all because of a few text messages.

Why it matters: The hacker who has claimed responsibility for the ongoing Uber breach is believed to have access to the company’s source code, email and other internal systems — leaving employee, contractor and customer data at risk.

Details: A hacker first gained access to Uber’s systems on Thursday after sending a text message to an employee claiming to be an IT person and asking for their login credentials, according to the New York Times, which first reported the breach.

Continue reading “Uber investigating wide-reaching security breach”

TryHackMe: The Story Behind

the UK’s Most Innovative

Cyber SME

source: infosecurity-magazine.com  |  image: pixabay.com

One of the many highlights of this year’s Infosecurity Europe 2022 event (21-23 June 2022) was the annual UK’s Most Innovative Cyber SME competition. The contest, run by the Department for Digital, Culture, Media & Sport (DCMS) and Tech UK in partnership with Infosecurity Europe, showcases the startup community’s enormous contribution to the UK’s booming cybersecurity sector. This is highlighted by the impressive list of previous winners, which include cybersecurity reskilling provider CAPSLOCK (2021), white hacking training platform Hack the Box (2019), communication security firm KETS Quantum Security (2018) and email security specialist Check Recipient (now trading as Tessian) (2017).

 

In the past two competitions, the judges have awarded first prize to companies involved in creating innovative solutions to resolve the much-publicized cyber-skills shortage, and this trend continued in 2022. The newly crowned winner of this award is TryHackMe, a cybersecurity training platform launched in 2018 that focuses on providing gamified lessons to its users. Once the celebrations had concluded, Infosecurity caught up with TryHackMe co-founder Ashu Savani to learn more about the company’s story, journey and future aspirations.

 

Savani described the application process for the Most Innovative Cyber SME competition as “very reflective,” allowing the team to reaffirm its goals following a whirlwind few years. “The application process was quite fun as it solidified our mission and the work we’re doing in our mind,” he explained. “We were very excited to be accepted as it gave us recognition for the work we are doing, which is to make it as easy as possible for anyone to learn cybersecurity, whether you’re a construction worker or a school teacher.”

 

Did he expect TryHackMe to win though? “We weren’t sure we were going to win; we were just really happy that we got through to the final and got a chance to give TryHackMe more exposure,” Savani replied modestly. Win they did though, and the award represented the culmination of many years of hard work, challenges and innovative thinking.

 

The Beginnings

 

The idea for TryHackMe was born after Savani met co-founder Ben Spring during a summer internship at the consultancy Context Information Security. “It was during the internship that we realized there isn’t a lot of cybersecurity learning material,” and most of it was orientated towards people already proficient in security, which, Savani explained, “isn’t very conducive to learning security.”

 

Spring began a side-project that involved building systems on the cloud. He then suggested the idea of adding training material and notes to Savani. “That ended up being the very early prototype of TryHackMe, where you could launch training material with a touch of a button and have some sort of learning focus there,” explained Savani.

 

As the pair developed the prototype, they put the word out on platforms heavily used by the amateur hacking community like Reddit, “and people started using our products.” This was the motivation to keep developing the product, carefully incorporating user feedback. “Fast-forward four years, and we’ve been very fortunate to have a loyal user base still using us. We believe we’re positively contributing to closing the cyber skills gap and we’re excited to continue doing that work,” said Savani.

Overcoming Challenges 

 

As with all startups, there were significant challenges and bumps in the road to overcome in the early years. One of the key difficulties for TryHackMe was acquiring users beyond its base. After attempting a number of different strategies, the company found the most effective approach was holding events that allowed the participants to win prizes by competing in cybersecurity challenges. This included partnering with universities through events called ‘HackBack.’

 

The other major challenge was building out the product “sustainably,” which required hiring the right people to develop and scale the business. “It’s one of those things that’s tough to solve overnight,” reflected Savani. However, they now have “some really amazing people” on board. “We’ve been very fortunate to bring on people who love teaching and have that cybersecurity experience,” he noted, adding: “All our different pockets and departments at TryHackMe have an impact on the work we’re doing on a day-to-day basis.”

 

In terms of the training platform’s evolution, there has been a strong emphasis on gamification, which TryHackMe found most effective in engaging users. “We’re focusing on ensuring the users enjoy the material and stick to what they’re doing.”

 

Savani also revealed the company is now looking to expand its material, providing relevant training content for experienced professionals as well as beginners in the field of cybersecurity, which was previously the primary focus. This includes moving into “more intermediate to advanced topic areas for things like DevSecOps, red teaming and blue teaming.”

 

Long-Term Vision

 

Savani emphasized that while the training content is designed to be fun and engaging, it must have practical real-world benefits for the users. The ultimate vision is “to take a student with a little technical experience all the way to an advanced consultant who understands the complex concepts within defensive security.” Savani added that it is also increasingly working with businesses to train their security teams, “an area we’re looking to grow.”

 

In addition to the quality of the TryHackMe service, Savani acknowledged that the company’s core focus on reducing barriers to entry in cybersecurity was a crucial factor in being crowned Most Innovative Cyber SME at Infosecurity Europe 2022. Lack of diversity and accessible pathways are a major blockage to addressing the cyber skills gap, and TryHackMe is making a conscious effort to provide an opportunity to train in cybersecurity, regardless of background and ability to pay. The firm currently has a pricing scheme of £8-10 ($9.50-12) a month. “No one should be paying lots of money just to discover whether cybersecurity is a feasible career for them,” he added.

 

Looking ahead, the long-term vision for TryHackMe is to continue its mission to provide affordable and engaging training for those looking to develop a career in cybersecurity. This involves constant reflection and evolution, taking on user feedback to continuously improve the platform.

 

Solving the cyber skills shortage is a long-term challenge for the industry and requires innovative ideas and approaches. Often, startups have the most ‘out-of-the-box’ solutions, and TryHackMe has demonstrated this trait over its first few years of operation. TryHackMe’s triumph in this year’s contest, alongside other recent victors, shows that this issue is being taken increasingly seriously in the cybersecurity sector.

TikTok Engaging in Excessive Data Collection

source: infosecurity-magazine.com  |  image: pexels.com

 

TikTok has been engaging in excessive data collection and connecting to mainland China-based infrastructure, Internet 2.0 has claimed in a new white paper.

The latest report, overseen by Internet 2.0’s head security engineer Thomas Perkins, is an analysis of “the source code of TikTok mobile applications Android 25.1.3 as well as IOS 25.1.1”, with Internet 2.0 carrying out static and dynamic testing between 1 July to 12 July 2022 that focused on device and user data collection.

The report identified multiple instances of unwarranted data harvesting, including:

  • Device mapping
  • Hourly monitoring of device location
  • Persistent calendar access
  • Continuous requests for access to contacts
  • Device information

Continue reading “TikTok Engaging in Excessive Data Collection”

Bad news: The cybersecurity skills crisis is about to get even worse

 

source: zdnet.com  |  image:  pixabay.com

 

New research suggests nearly a third of cybersecurity professionals are planning to quit the industry, at a time when companies are struggling to protect their networks from attacks.

 

Nearly a third of the cybersecurity workforce is planning to leave the industry in the near futurenew research suggests, leaving organizations in a troubling position as the threat landscape evolves “at an alarming rate”.

Cybersecurity firm Trellix commissioned a survey of 1,000 cybersecurity professionals globally and found that 30% are planning to change professions within two or more yearsOrganizations are already facing cybersecurity skills shortages, with not enough people having the skills and qualifications required to keep IT systems secure from breaches and other security threats.

Adding more fuel to the fire, organizations face a growing threat from cyber criminals and nation-state hackers, whose attacks are growing “in volume and sophistication”.

Trellix’s survey found that 85% of organizations report that a workforce shortage is impacting their ability to secure their IT systems and networks.

Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices

source: thehackernews.com  |  image:  pexels.com

The U.S. Department of Justice (DoJ) on Thursday disclosed that it took down the infrastructure associated with a Russian botnet known as RSOCKS in collaboration with law enforcement partners in Germany, the Netherlands, and the U.K.

The botnet, operated by a sophisticated cybercrime organization, is believed to have ensnared millions of internet-connected devices, including Internet of Things (IoT) devices, Android phones, and computers for use as a proxy service.

Botnets, a constantly evolving threat, are networks of hijacked computer devices that are under the control of a single attacking party and are used to facilitate a variety of large-scale cyber intrusions such as distributed denial-of-service (DDoS) attacks, email spam, and cryptojacking.

Continue reading “Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices”

New ‘GoodWill’ Ransomware Forces Victims to Donate Money and Clothes to the Poor

source: thehackernews.com  |  image: Pixabay.com

Cybersecurity researchers have disclosed a new ransomware strain called GoodWill that compels victims into donating for social causes and provide financial assistance to people in need.

“The ransomware group propagates very unusual demands in exchange for the decryption key,” researchers from CloudSEK said in a report published last week. “The Robin Hood-like group claims to be interested in helping the less fortunate, rather than extorting victims for financial motivations.”

Written in .NET, the ransomware was first identified by the India-based cybersecurity firm in March 2022, with the infections blocking access to sensitive files by making use of the AES encryption algorithm. The malware is also notable for sleeping for 722.45 seconds to interfere with dynamic analysis.

The encryption process is followed by displaying a multiple-paged ransom note that requires the victims to carry out three socially-driven activities to be able to obtain the decryption kit.

This includes donating new clothes and blankets to the homeless, taking any five underprivileged children to Domino’s Pizza, Pizza Hut, or KFC for a treat, and offering financial support to patients who need urgent medical attention but don’t have the financial means to do so.

Additionally, the victims are asked to record the activities in the form of screenshots and selfies and post them as evidence on their social media accounts.

“Once all three activities are completed, the victims should also write a note on social media (Facebook or Instagram) on ‘How you transformed yourself into a kind human being by becoming a victim of a ransomware called GoodWill,'” the researchers said.

There are no known victims of GoodWill and their exact tactics, techniques, and procedures (TTPs) used to facilitate the attacks are unclear as yet.

Also unrecognized is the identity of the threat actor, although an analysis of the email address and network artifacts suggests that the operators are from India and that they speak Hindi.

Further investigation into the ransomware sample has also revealed significant overlaps with another Windows-based strain called HiddenTear, the first ransomware to have been open-sourced as a proof-of-concept (PoC) back in 2015 by a Turkish programmer.

“GoodWill operators may have gained access to this allowing them to create a new ransomware with necessary modifications,” the researchers said.

 

view an example of the ransomware letter here