Full width home advertisement

Post Page Advertisement [Top]

Below are some of the stories we’ve been reporting this week on Cyber Security Headlines.

If you’d like to watch and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12:30pm PT/3:30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week's stories. Our guest this week is Doug Mayer, vp, CISO, WCG .

To get involved you can watch live and participate in the discussion on YouTube Live
https://www.youtube.com/watch?v=FTBssA5NOsg or you can subscribe to the Cyber Security Headlines podcast and get it into your feed.

Here are the stories we plan to cover, time permitting:

CISA, FBI issue sobering warning about Volt Typhoon
An advisory, published by the two agencies along with the NSA, warns that “Chinese state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.” The advisory continues, “Volt Typhoon’s choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning…to enable lateral movement to OT assets to disrupt functions.” The report highlights an example, in which Volt Typhoon stole multiple zipped files that “included diagrams and documentation related to OT equipment, including supervisory control and data acquisition (SCADA) systems, relays, and switchgear.”
(The Record and CISA.gov)

Cloudflare announces nation-state level breach
Cloudflare has stated that it was the target of a likely nation-state attack which involved the theft of credentials, and which occurred between November 14 and 24. The attackers spent four days viewing Atlassian Confluence and Jira portals, and then created a rogue Atlassian user account to ultimately obtain access to the Bitbucket source code management system. Seventy-six repositories are estimated to have been exfiltrated by the attacker. The attack was made possible by using one access token and three service account credentials associated with Amazon Web Services (AWS), Atlassian Bitbucket, Moveworks, and Smartsheet, that were stolen following the October 2023 hack of Okta’s support case management system. Cloudflare acknowledged that it had failed to rotate these credentials, mistakenly assuming they were unused.
(The Hacker News)

Finance worker pays out $25 million after video call with deepfaked CFO
An employee of an unnamed Hong Kong based multinational firm wired $25 million to cybercriminals who had used deepfake technology to impersonate all the members of a company video conference call. Initially the unnamed employee had grown suspicious after receiving a message from the CFO which mentioned a “secret” transaction that had to be carried out. However, when the employee saw a group of people on the call with the CFO, it became convincing enough to carry out the transaction. However, all of those people were also fake.
(CNN)

AI joins the C-Suite
Ready or not AI is here to stay, and many are scrambling to adapt. Enter the Chief AI Officer, or CAIO for short. The New York Times reports that some organizations, like the Mayo Clinic, have already established this position. CEO Richard Gray said, “We’re really trying to foster some of these data and A.I. capabilities throughout every department, every division, every work group.” The Biden administration has also taken steps, signing an executive order mandating federal agencies, including the Department of Defense, Education, and Homeland Security, to appoint a chief AI officer. While the widespread adoption of the CAIO role is still on the horizon, it’s clear that some organizations have already started the conversation.
(Forbes)

Illicit service cranks out fake IDs
404 Media’s Joseph Cox profiled OnlyFake, which claims to use neural networks to create realistic fake IDs for $15. This allowed the reporter to instantly create a convincing California driver’s license with arbitrary information on it. This ID passed an identity verification process on the cryptocurrency exchange OKX. The service also advertises on Telegram its ability to generate other faked identity documents. The service also adds appropriate metadata to make photos of the faked IDs appear legitimate, adding in device, time, date, and location information.
(404 Media)

Ransomware payments cross $1 billion in 2023
This finding came from a new report from the cryptocurrency analyst firm Chainalysis, up 94% on the year. Part of the large percentage increase came from a marked decline in ransomware payments in 2022, in part due to the FBI takedown of the Hive ransomware operation. Both 2020 and 2021 saw payments over $900 million, which puts last year as an increase but more part of an existing trend. Blackbasta and ALPHV ransomware strains generated the most revenue in the year, while the Cl0P group represented a newer strain of “big game” ransomware strategies, with less frequent attacks but higher payouts. Overall Chainalysis found 538 new ransomware variants in the year. The report contains a lot of interesting findings, so look for it in our show notes.
(Chainalysis)

Surge in “face swap” attacks threatens remote identity verification at risk
An article from Graham Cluley in Tripwire this week describes a 700% increase in deepfaked face swapping attacks in mid-2023. Quoting from a report from biometric firm iProov "face-swapping" fraudsters are using off-the-shelf tools like SwapFace, DeepFaceLive, and Swapstream to create facial images that can pass the “liveness test,” which is where a person must not only look into a webcam but turn their head from side to side. Cluley writes, “the face-swapping software can create a highly convincing synthetic video, which is fed to a virtual camera that mimics a genuine webcam.”
(Tripwire)

DEF CON 32 canceled and uncanceled
The organizers of DEF CON announced that the annual conference was in peril after its venue for the last 25 years, Caesars in Las Vegas, abruptly terminated its contract, leaving it without a home seven months before the event. After looking for an alternative venue able to handle its size, the organizers announced it will still take place from August 8th through 11th at the Las Vegas Convention Center, with workshops and training at the Sahara.
(DEFCON)

Tech giants and world governments unite to tackle spyware threats
In a united front against commercial spyware, over a dozen countries, including France, the UK, and the US, joined forces with tech giants Google, Meta, and Microsoft to sign a joint agreement on Tuesday. The pledge was released just a day after the U.S. announced a visa restriction policy for individuals involved in the misuse of commercial spyware. The initiative advocates for international guidelines to control the unrestrained proliferation of cyber intrusive tools. Commercial spyware, such as NSO Group’s Pegasus, exploits smartphones for eavesdropping, message interception, and data exfiltration, often leveraging zero-day exploits. Notably, Hungary, Mexico, Spain, and Thailand were among the 11 countries who opted not to sign the pledge, as reported by Recorded Future. A follow-up meeting is planned for next year.
(Dark Reading, Politico) submitted by /u/CISO_Series_Producer
[link] [comments]


http://dlvr.it/T2XTNx

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();

Bottom Ad [Post Page]

Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib