Category: Infosec

How to fix the military’s software SNAFU

Posted on by esimantiras

How to fix the military’s software SNAFU

source: defenseone.com  |  image: pexels.com

 

Too many of its apps are built on code riddled with vulnerabilities—and distributed by the Pentagon itself.

The only institution more mired in acronyms than the U.S. military is, in my experience, the software industry. The former’s thorough embrace of the latter is reflected, for example, in this recent piece by serious commentators that includes a four-page glossary. To be sure, software’s ability to supercharge military operations make this alphabet soup palatable—but it also conceals a dangerous security SNAFU.  

If software is to be more of a benefit than a liability, its inevitable flaws must be spotted and fixed before they can be exploited by China, Russia, and other adversaries. Unfortunately, in an analysis I conducted of popular open source software made available by the Pentagon for its units and contractors to use, there is strong evidence that the U.S. military is shipping software that is insecure and contains many known software vulnerabilities—CVEs, in software-speak.

Continue reading “How to fix the military’s software SNAFU”

Cybersecurity Threats in Global Satellite Internet

Posted on by esimantiras

Cybersecurity Threats in Global Satellite Internet

 

 

source: cyberdefensemagazine.com  |  image:  pixabay.com

 

Internet via satellite was first used for military purposes in the 1960s and became available for wide-scale commercial use in the 1990s. Current satellite internet systems typically use low-orbit satellites and provide data transmission at low speeds due to limited bandwidth. Starlink, on the other hand, is a project developed by Elon Musk’s SpaceX company and aims to provide a faster, more reliable and more comprehensive internet experience with low latency and high bandwidth through a high number of low orbit satellites.

The surge in satellite internet usage has opened up a new frontier for cybersecurity threats, ranging from sophisticated hacking attempts to disruptive denial-of-service attacks.

Continue reading “Cybersecurity Threats in Global Satellite Internet”

NSA shares zero-trust guidance to limit adversaries on the network

Posted on by esimantiras

NSA shares zero-trust guidance to limit adversaries on the network

source: bleepingcomputer.com (contributed by FAN, Steve Page)  |  image: nsa.gov

 

The National Security Agency is sharing new guidance to help organizations limit an adversary’s movement on the internal network by adopting zero-trust framework principles.

A zero-trust security architecture requires strict controls for accessing resources on the network, be they inside or outside the physical perimeter, to minimize the impact of a breach.

Compared to the traditional IT security model, which presumes that everything and everyone on the network is trusted, the zero-trust design assumes that a threat already exists and does not allow free rein inside the network. 

Continue reading “NSA shares zero-trust guidance to limit adversaries on the network”

How to Be More Anonymous Online

Posted on by esimantiras

How to Be More Anonymous Online

source: wired.com. |. image: pexels.com

 

Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules.

 

On the internet, everyone wants to know who you are. Websites are constantly asking for your email address or trying to place tracking cookies on your devices. A murky slurry of advertisers and tech firms track which websites you visit, predicting what your interests are and what you may want to buy. Search engines, browsers, and apps can log each search or scroll you make.

At this stage of the internet, being totally anonymous across your entire online life is incredibly hard to achieve. Phones, SIM cards, browsers, Wi-Fi networks, and more use identifiers that can be linked to your activity. But there are steps you can take to obscure your identity for everyday browsing.

If you’re looking to be truly anonymous or to protect your identity for a specific purpose—such as whistleblowing or activism—you should consider your threat model and individual security situation. But many of the changes you can make, which are listed below, are straightforward switches that can stop you from being tracked as much and apply to most people.

Continue reading “How to Be More Anonymous Online”

Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers

Posted on by esimantiras

Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers

 

source: infosecurity-magazine.com  |  image: pexels.com

 

Security researchers have discovered a major new scam operation designed to trick job seekers into parting with cryptocurrency, by getting them to complete meaningless tasks they believe will earn them money.

Dubbed “WebWyrm” by CloudSEK, the operation has already targeted more than 100,000 individuals across over 50 countries by impersonating over 1000 companies across 10 industries. It has already potentially netted the scammers over $100m.

The scammers approach victims primarily on WhatsApp, potentially using data from recruitment portals to target their schemes to those most likely to respond.

Promising a weekly salary of $1200-1500, they request the victim to complete 2-3 “packets” or “resets” per day, with each containing 40 tasks.

Continue reading “Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers”

Data of 2.6 Million Duolingo Users Leaked on Hacking Forum

Posted on by esimantiras

Data of 2.6 Million Duolingo Users Leaked on Hacking Forum

 

source: infosecurity-magazine.com  |  image: pixabay.com

 

Data from 2.6 million users of Duolingo, a language learning platform with over 74 million monthly users, has been leaked on a hacking forum.

The compromised data, which includes real names, login names, email addresses and internal service-related details, was initially offered for sale on the now defunct Breached hacking forum in January 2023 for $1500. 

Despite Duolingo’s confirmation to The Record that the data was sourced from publicly available profiles, the leaked email addresses are particularly alarming as they are not public information and can facilitate targeted phishing attempts.

“We’re aware of this report. These records were obtained by data scraping public profile information. We have no indication that our systems were compromised. We take data privacy and security seriously and are continuing to investigate this matter to determine if any further action is needed to protect our learners,” a spokesperson from the company confirmed to Infosecurity in an email. 

Continue reading “Data of 2.6 Million Duolingo Users Leaked on Hacking Forum”

Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities

Posted on by esimantiras

Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities

source: securityweek.com  |  image: pexels.com

 

Five Eyes government agencies have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.

Government agencies in Australia, Canada, New Zealand, the UK, and the US have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.

Last year, the Five Eyes agencies say, threat actors mainly targeted internet-facing systems that were not patched against older, known vulnerabilities, including flaws for which proof-of-concept (PoC) exploit code exists publicly.

Continue reading “Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities”

Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies

Posted on by esimantiras

Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies

source: thehackernews.com  |  image: pexels.com

Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called Rorschach that’s both sophisticated and fast.

“What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not been seen before in ransomware,” Check Point Research said in a new report. “In fact, Rorschach is one of the fastest ransomware strains ever observed, in terms of the speed of its encryption.”

The cybersecurity firm said it observed the ransomware deployed against an unnamed U.S.-based company, adding it found no branding or overlaps that connect it to any previously known ransomware actors.

However, further analysis of Rorschach’s source code reveals similarities to Babuk ransomware, which suffered a leak in September 2021, and LockBit 2.0. On top of that, the ransom notes sent out to the victims appear to be inspired by that of Yanluowang and DarkSide.

Continue reading “Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies”

A Sneaky Ad Scam Tore Through 11 Million Phones

Posted on by esimantiras

A Sneaky Ad Scam Tore Through 11 Million Phones

source: wired.com  |  image: pexels.com

Some 1,700 spoofed apps, 120 targeted publishers, 12 billion false ad requests per day—Vastflux is one of the biggest ad frauds ever discovered.

 

EVERY TIME YOU open an app or website, a flurry of invisible processes takes place without you knowing. Behind the scenes, dozens of advertising companies are jostling for your attention: They want their ads in front of your eyeballs. For each ad, a series of instant auctions often determines which ads you see. This automated advertising, often known as programmatic advertising, is big business, with $418 billion spent on it last year. But it’s also ripe for abuse.

Security researchers today revealed a new widespread attack on the online advertising ecosystem that has impacted millions of people, defrauded hundreds of companies, and potentially netted its creators some serious profits. The attack, dubbed Vastflux, was discovered by researchers at Human Security, a firm focusing on fraud and bot activity. The attack impacted 11 million phones, with the attackers spoofing 1,700 app and targeting 120 publishers. At its peak, the attackers were making 12 billion requests for ads per day.

“When I first got the results for the volume of the attack, I had to run the numbers multiple times,” says Marion Habiby, a data scientist at Human Security and the lead researcher on the case. Habiby describes the attack as both one of the most sophisticated the company has seen and the largest. “It is clear the bad actors were well organized and went to great lengths to avoid detection, making sure the attack would run as long as possible—making as much money as possible,” Habiby says. 

Continue reading “A Sneaky Ad Scam Tore Through 11 Million Phones”

IP Cameras, VoIP and Video Conferencing Revealed as Riskiest IoT Devices

Posted on by esimantiras

IP Cameras, VoIP and Video Conferencing Revealed as Riskiest IoT Devices

source: infosecurity-magazine.com  |  image: pixabay.com

 

IoT devices from video conferencing systems to IP cameras are among the five riskiest IoT devices connected to networks, according to research highlighted by Forescout’s cybersecurity research arm, Vedere Labs.

The company identified recurring themes in their recent research, highlighting the growing attack surface due to more devices being connected to enterprise networks, and how threat actors are able to leverage these devices to achieve their goals.

“IP cameras, VoIP and video-conferencing systems are the riskiest IoT devices because they are commonly exposed on the internet, and there is a long history of threat actor activity targeting them,” The Forescout report said.

The attack surface now encompasses IT, IoT and OT in almost every organization, with the addition of IoMT in healthcare. Organizations must be aware of risky devices across all categories. Forescout recommends that automated controls are implement and that companies do not rely on siloed security in the IT network, OT network or for specific types of IoT devices.

This latest research provides an update to the company’s findings from 2020 in which networking equipment, VoIP, IP cameras and programmable logic controllers (PLCs) were listed and remain among the riskiest devices across IT, IoT, OT and IoMT in 2022.

However, new entries such as hypervisors and human machine interfaces (HMIs) are representative of trends including critical vulnerabilities and increased OT connectivity.

Vedere Labs analyzed device data between January 1 and April 30 in Forescout’s Device Cloud. The anonymized data comes from Forescout customer deployments and contains information about almost 19 million devices – a number that grows daily, according to the company.

The overall risk of a device was calculated based on three factors: configuration, function and behavior.

After measuring the risk of each individual device, Vedered Labs calculated averages per device type to understand which are the riskiest.