Uber investigating wide-reaching security breach

 

source: axios.com  |  image by Mikhail Nilov for pexels.com

Uber is currently responding to what could be one of the worst breaches in the company’s history — all because of a few text messages.

Why it matters: The hacker who has claimed responsibility for the ongoing Uber breach is believed to have access to the company’s source code, email and other internal systems — leaving employee, contractor and customer data at risk.

Details: A hacker first gained access to Uber’s systems on Thursday after sending a text message to an employee claiming to be an IT person and asking for their login credentials, according to the New York Times, which first reported the breach.

Continue reading “Uber investigating wide-reaching security breach”

TryHackMe: The Story Behind

the UK’s Most Innovative

Cyber SME

source: infosecurity-magazine.com  |  image: pixabay.com

One of the many highlights of this year’s Infosecurity Europe 2022 event (21-23 June 2022) was the annual UK’s Most Innovative Cyber SME competition. The contest, run by the Department for Digital, Culture, Media & Sport (DCMS) and Tech UK in partnership with Infosecurity Europe, showcases the startup community’s enormous contribution to the UK’s booming cybersecurity sector. This is highlighted by the impressive list of previous winners, which include cybersecurity reskilling provider CAPSLOCK (2021), white hacking training platform Hack the Box (2019), communication security firm KETS Quantum Security (2018) and email security specialist Check Recipient (now trading as Tessian) (2017).

 

In the past two competitions, the judges have awarded first prize to companies involved in creating innovative solutions to resolve the much-publicized cyber-skills shortage, and this trend continued in 2022. The newly crowned winner of this award is TryHackMe, a cybersecurity training platform launched in 2018 that focuses on providing gamified lessons to its users. Once the celebrations had concluded, Infosecurity caught up with TryHackMe co-founder Ashu Savani to learn more about the company’s story, journey and future aspirations.

 

Savani described the application process for the Most Innovative Cyber SME competition as “very reflective,” allowing the team to reaffirm its goals following a whirlwind few years. “The application process was quite fun as it solidified our mission and the work we’re doing in our mind,” he explained. “We were very excited to be accepted as it gave us recognition for the work we are doing, which is to make it as easy as possible for anyone to learn cybersecurity, whether you’re a construction worker or a school teacher.”

 

Did he expect TryHackMe to win though? “We weren’t sure we were going to win; we were just really happy that we got through to the final and got a chance to give TryHackMe more exposure,” Savani replied modestly. Win they did though, and the award represented the culmination of many years of hard work, challenges and innovative thinking.

 

The Beginnings

 

The idea for TryHackMe was born after Savani met co-founder Ben Spring during a summer internship at the consultancy Context Information Security. “It was during the internship that we realized there isn’t a lot of cybersecurity learning material,” and most of it was orientated towards people already proficient in security, which, Savani explained, “isn’t very conducive to learning security.”

 

Spring began a side-project that involved building systems on the cloud. He then suggested the idea of adding training material and notes to Savani. “That ended up being the very early prototype of TryHackMe, where you could launch training material with a touch of a button and have some sort of learning focus there,” explained Savani.

 

As the pair developed the prototype, they put the word out on platforms heavily used by the amateur hacking community like Reddit, “and people started using our products.” This was the motivation to keep developing the product, carefully incorporating user feedback. “Fast-forward four years, and we’ve been very fortunate to have a loyal user base still using us. We believe we’re positively contributing to closing the cyber skills gap and we’re excited to continue doing that work,” said Savani.

Overcoming Challenges 

 

As with all startups, there were significant challenges and bumps in the road to overcome in the early years. One of the key difficulties for TryHackMe was acquiring users beyond its base. After attempting a number of different strategies, the company found the most effective approach was holding events that allowed the participants to win prizes by competing in cybersecurity challenges. This included partnering with universities through events called ‘HackBack.’

 

The other major challenge was building out the product “sustainably,” which required hiring the right people to develop and scale the business. “It’s one of those things that’s tough to solve overnight,” reflected Savani. However, they now have “some really amazing people” on board. “We’ve been very fortunate to bring on people who love teaching and have that cybersecurity experience,” he noted, adding: “All our different pockets and departments at TryHackMe have an impact on the work we’re doing on a day-to-day basis.”

 

In terms of the training platform’s evolution, there has been a strong emphasis on gamification, which TryHackMe found most effective in engaging users. “We’re focusing on ensuring the users enjoy the material and stick to what they’re doing.”

 

Savani also revealed the company is now looking to expand its material, providing relevant training content for experienced professionals as well as beginners in the field of cybersecurity, which was previously the primary focus. This includes moving into “more intermediate to advanced topic areas for things like DevSecOps, red teaming and blue teaming.”

 

Long-Term Vision

 

Savani emphasized that while the training content is designed to be fun and engaging, it must have practical real-world benefits for the users. The ultimate vision is “to take a student with a little technical experience all the way to an advanced consultant who understands the complex concepts within defensive security.” Savani added that it is also increasingly working with businesses to train their security teams, “an area we’re looking to grow.”

 

In addition to the quality of the TryHackMe service, Savani acknowledged that the company’s core focus on reducing barriers to entry in cybersecurity was a crucial factor in being crowned Most Innovative Cyber SME at Infosecurity Europe 2022. Lack of diversity and accessible pathways are a major blockage to addressing the cyber skills gap, and TryHackMe is making a conscious effort to provide an opportunity to train in cybersecurity, regardless of background and ability to pay. The firm currently has a pricing scheme of £8-10 ($9.50-12) a month. “No one should be paying lots of money just to discover whether cybersecurity is a feasible career for them,” he added.

 

Looking ahead, the long-term vision for TryHackMe is to continue its mission to provide affordable and engaging training for those looking to develop a career in cybersecurity. This involves constant reflection and evolution, taking on user feedback to continuously improve the platform.

 

Solving the cyber skills shortage is a long-term challenge for the industry and requires innovative ideas and approaches. Often, startups have the most ‘out-of-the-box’ solutions, and TryHackMe has demonstrated this trait over its first few years of operation. TryHackMe’s triumph in this year’s contest, alongside other recent victors, shows that this issue is being taken increasingly seriously in the cybersecurity sector.

 

Smishing vs. Phishing: Understanding the Differences

 

source: proofpoint.com  |  image: pexels.com

 
What have smishing offenders learned from their phishing email counterparts?

Email-based credential theft remains by far the most common threat we encounter in our data. But SMS-based phishing (commonly known as smishing and including SMS, MMS, RCS, and other mobile messaging types) is a fast-growing counterpart to email phishing. In December 2021, we published an article exploring the ubiquity of email-based phish kits. These toolkits make it straightforward for anyone to set up a phishing operation with little more than a laptop and a credit card. Since then, we’ve tracked their evolution as they gain new functions, including the ability to bypass multifactor authentication.

In this blog post we’re going to look at smishing vs. phishing and what smishing offenders have learned from their email counterparts, as well as some significant differences that remain between the two threats.

Setting the (crime) scene

A modern email phishing setup can be as simple as one person with a computer and access to common cloud-hosted services. But for a smishing operation, the picture is somewhat different. While software smishing kits are available to buy on the dark web, accessing and abusing mobile networks requires a little more investment.

Continue reading “Smishing vs. Phishing: Understanding the Differences”

New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals

source: thehackernews.com  |  image:  pexels.com

 

A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment (SATA) or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to plunder data.

“Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6GHz frequency band,” Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, wrote in a paper published last week.

The technique, dubbed SATAn, takes advantage of the prevalence of the computer bus interface, making it “highly available to attackers in a wide range of computer systems and IT environments.”

Continue reading “New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals”

MIT Researchers Discover New Flaw in Apple M1 CPUs That Can’t Be Patched

source: thehackernews.com  |  image: pexels.com

A novel hardware attack dubbed PACMAN has been demonstrated against Apple’s M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems.

It leverages “speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity,” MIT researchers Joseph Ravichandran, Weon Taek Na, Jay Lang, and Mengjia Yan said in a new paper.

What’s more concerning is that “while the hardware mechanisms used by PACMAN cannot be patched with software features, memory corruption bugs can be,” the researchers added.

The vulnerability is rooted in pointer authentication codes (PACs), a line of defense introduced in arm64e architecture that aims to detect and secure against unexpected changes to pointers — objects that reference an address location in memory.

PACs aim to solve a common problem in software security, such as memory corruption vulnerabilities, which are often exploited by overwriting control data in memory (i.e., pointers) to redirect code execution to an arbitrary location controlled by the attacker.

Continue reading “MIT Researchers Discover New Flaw in Apple M1 CPUs That Can’t Be Patched”

Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices

source: thehackernews.com  |  image:  pexels.com

The U.S. Department of Justice (DoJ) on Thursday disclosed that it took down the infrastructure associated with a Russian botnet known as RSOCKS in collaboration with law enforcement partners in Germany, the Netherlands, and the U.K.

The botnet, operated by a sophisticated cybercrime organization, is believed to have ensnared millions of internet-connected devices, including Internet of Things (IoT) devices, Android phones, and computers for use as a proxy service.

Botnets, a constantly evolving threat, are networks of hijacked computer devices that are under the control of a single attacking party and are used to facilitate a variety of large-scale cyber intrusions such as distributed denial-of-service (DDoS) attacks, email spam, and cryptojacking.

Continue reading “Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices”

New ‘GoodWill’ Ransomware Forces Victims to Donate Money and Clothes to the Poor

source: thehackernews.com  |  image: Pixabay.com

Cybersecurity researchers have disclosed a new ransomware strain called GoodWill that compels victims into donating for social causes and provide financial assistance to people in need.

“The ransomware group propagates very unusual demands in exchange for the decryption key,” researchers from CloudSEK said in a report published last week. “The Robin Hood-like group claims to be interested in helping the less fortunate, rather than extorting victims for financial motivations.”

Written in .NET, the ransomware was first identified by the India-based cybersecurity firm in March 2022, with the infections blocking access to sensitive files by making use of the AES encryption algorithm. The malware is also notable for sleeping for 722.45 seconds to interfere with dynamic analysis.

The encryption process is followed by displaying a multiple-paged ransom note that requires the victims to carry out three socially-driven activities to be able to obtain the decryption kit.

This includes donating new clothes and blankets to the homeless, taking any five underprivileged children to Domino’s Pizza, Pizza Hut, or KFC for a treat, and offering financial support to patients who need urgent medical attention but don’t have the financial means to do so.

Additionally, the victims are asked to record the activities in the form of screenshots and selfies and post them as evidence on their social media accounts.

“Once all three activities are completed, the victims should also write a note on social media (Facebook or Instagram) on ‘How you transformed yourself into a kind human being by becoming a victim of a ransomware called GoodWill,'” the researchers said.

There are no known victims of GoodWill and their exact tactics, techniques, and procedures (TTPs) used to facilitate the attacks are unclear as yet.

Also unrecognized is the identity of the threat actor, although an analysis of the email address and network artifacts suggests that the operators are from India and that they speak Hindi.

Further investigation into the ransomware sample has also revealed significant overlaps with another Windows-based strain called HiddenTear, the first ransomware to have been open-sourced as a proof-of-concept (PoC) back in 2015 by a Turkish programmer.

“GoodWill operators may have gained access to this allowing them to create a new ransomware with necessary modifications,” the researchers said.

 

view an example of the ransomware letter here

Don’t accidentally hire a North Korean hacker, FBI warns

source: theguardian.com  |  image: pexels.com

Employing remote IT workers who are secretly working for Kim Jong-un’s regime poses risks and may breach sanctions, say US agencies

 

US officials have warned businesses against inadvertently hiring IT staff from North Korea, saying that rogue freelancers were taking advantage of remote work opportunities to hide their true identities and earn money for Pyongyang.

An advisory issued by the state and treasury departments and the FBI said the effort was intended to circumvent US and UN sanctions, and bring in money for North Korea’s nuclear weapons and ballistic missile programs. The officials said companies who hired and paid such workers may be exposing themselves to legal consequences for sanctions violations.

Continue reading “Don’t accidentally hire a North Korean hacker, FBI warns”

FBI, CISA, and NSA warn of hackers

increasingly targeting MSPs

source: bleepingcomputer.com, contributed by FAN Steve Page  |  image:  pixabay.com

 

Members of the Five Eyes (FVEY) intelligence alliance today warned managed service providers (MSPs) and their customers that they’re increasingly targeted by supply chain attacks.

Multiple cybersecurity and law enforcement agencies from FVEY countries (NCSC-UK, ACSC, CCCS, NCSC-NZ, CISA, NSA, and the FBI) shared guidance for MSPs to secure networks and sensitive data against these rising cyber threats.

“The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships,” the joint advisory reads.

Continue reading “FBI, CISA, and NSA warn of hackers increasingly targeting MSPs”

Anatomy of a Phishing Scam As Told Through Scamming the Scammer

 

image - phishing

source: blog.avast.com. |  image:  pixabay.com

to view all images associated with this blog post, go to Avast.com

Here’s a “scam the scammer” SMS conversation to highlight some of the red flags to look out for the next time your “boss” messages you.

Sometimes it feels like scammers are coming at you from every direction these days. They’re on the phone. They’re on SMS. They’re on social media. Sorting the real from the nonsense can feel like a full time job but, for some people, that “job” turns into fun.

That’s what happened recently when a professional woman in New York City decided to play around a little bit with her “boss,” (spoiler: not her boss) who was making odd requests via text. And while “scam the scammer” situations like this one are often hilarious, they’re also a great way to learn about the methodology that scammers use to trick people into giving them money. 

So let’s take a look at the following “scam the scammer” SMS conversation to highlight some of the red flags to look out for the next time your “boss” messages you. 

1. They set up a situation where you can’t talk to them on the phone.

“Josh” makes it clear up front that he can’t talk on the phone. Obviously there are some situations where this is legitimate — like if he was actually Josh and was actually at a conference — but “Cris,” as an employee, would likely know if her boss was out of office. The scammer is hoping that Cris doesn’t know her boss’ schedule.

Continue reading “Anatomy of a Phishing Scam…”