Source: go.theregister.com – Author: Team Register Kettle It’s been a fairly troubling week in terms of the relationship between China and the Western world. Chiefly, America announced stiff import tariffs on Chinese-made tech, Microsoft gave key engineering and cloud staff the opportunity to get out of China while they still can, and the UK signaled […]

La entrada Gawd, after that week, we wonder what’s next for China and the Western world – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register The US Department of Justice has booked two brothers on allegations that they exploited open source software used in the Ethereum blockchain world to bag $25 million (£20 million). The pair – computer scientists Anton, 24, of Boston, and James Pepaire-Bueno, 28, of New York – are accused of […]

La entrada How two brothers allegedly swiped $25M in a 12-second Ethereum heist – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register Australian prescriptions provider MediSecure is the latest healthcare org to fall victim to a ransomware attack, with crooks apparently stealing patients’ personal and health data. “While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors,” the e-script provider said in […]

La entrada Aussie cops probe MediSecure’s ‘large-scale ransomware data breach’ – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register Three individuals accused of helping North Korea fund its weapons programs using US money are now in handcuffs. All three are said by Uncle Sam’s prosecutors to have used different methods to evade sanctions against the hermit nation and extract money from America’s economy to benefit the Kim Jong-Un […]

La entrada Three cuffed for ‘helping North Koreans’ secure remote IT jobs in America – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register Interview On Wednesday the FBI and international cops celebrated yet another cybercrime takedown – of ransomware brokerage site BreachForums – just a week after doxing and imposing sanctions on the LockBit ransomware crew’s kingpin, and two months after compromising the gang’s website. While the BreachForums shutdown didn’t have quite […]

La entrada First LockBit, now BreachForums: Are cops winning the war or just a few battles? – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: go.theregister.com – Author: Team Register A cybercrime gang has been abusing Microsoft’s Quick Assist application in social engineering attacks that ultimately allow the crew to infect victims with Black Basta ransomware. This, according to Redmond, which said the campaign has been ongoing since mid-April, and blamed a financially motivated group it tracks as Storm-1811 […]

La entrada Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityaffairs.com – Author: Pierluigi Paganini Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs Russia-linked Turla APT allegedly used two new backdoors, named Lunar malware and LunarMail, to target European government agencies. ESET researchers discovered two previously unknown backdoors named LunarWeb and LunarMail that were exploited to breach European […]

La entrada Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityaffairs.com – Author: Pierluigi Paganini City of Wichita disclosed a data breach after the recent ransomware attack The City of Wichita disclosed a data breach after the ransomware attack that hit the Kansas’s city earlier this month. On May 5th, 2024, the City of Wichita, Kansas, was the victim of a ransomware attack and […]

La entrada City of Wichita disclosed a data breach after the recent ransomware attack – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading Welcome to CISO Corner, Dark Reading’s weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we’ll offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. We’re committed to bringing […]

La entrada CISO Corner: What Cyber Labor Shortage?; Trouble Meeting SEC Disclosure Deadlines – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Jeffrey Schwartz, Contributing Writer Source: Panther Media GmbH IBM’s surprise departure from cybersecurity software this week didn’t just rearrange the competitive landscape — it also reshuffled the procurement plans and vendor relationships for many CISOs rebuilding their SOCs. IBM has agreed to sell the QRadar SaaS portfolio to Palo Alto Networks […]

La entrada CISOs Grapple With IBM's Unexpected Cybersecurity Software Exit – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Secure code review is a combination of automated and manual processes assessing an application/software’s source code. The main motive of this technique is to detect vulnerabilities in the code. This security assurance technique looks for logic errors and assesses style guidelines, specification implementation, and so on.  In an automated secure code review, the tool automatically […]

The post What is Secure Code Review and How to Conduct it? appeared first on Kratikal Blogs.

The post What is Secure Code Review and How to Conduct it? appeared first on Security Boulevard.

Recently, we hosted Michael Tapia, Chief Technology Director at Clint ISD in Texas, and Kobe Brummet, Cybersecurity Technician at Hawkins School District in Tennessee, for a live webinar. Michael and Kobe volunteered to share with other K-12 tech pros how important cybersecurity and safety monitoring are for Google Workspace, Microsoft 365, and online browsing. They […]

The post Cloud Monitor Identifies and Remediates Problematic VPN Use in K-12 Districts appeared first on ManagedMethods.

The post Cloud Monitor Identifies and Remediates Problematic VPN Use in K-12 Districts appeared first on Security Boulevard.

Every month, the Pondurance team hosts a webinar to keep clients current on the state of cybersecurity. In April, the team discussed threat intelligence, vulnerabilities and trends, security operations center (SOC) engineering insights, threat hunting, and detection engineering. Threat Intelligence The Senior Manager of Digital Forensics and Incident Response (DFIR) discussed the recent surge of...

The post Novel Threat Tactics, Notable Vulnerabilities, and Current Trends for April 2024 appeared first on Pondurance.

The post Novel Threat Tactics, Notable Vulnerabilities, and Current Trends for April 2024 appeared first on Security Boulevard.

By Puneet Gupta, Vice President and Managing Director, NetApp India/SAARC Propelled by the evolving trends in data, data virtualization is emerging as a new-age avenue, revolutionizing the way businesses leverage their data assets. The global market for this disruptive technology is poised to take a steep growth curve, with projections estimating a value of USD 12878.39 million by 2028, with a whopping CAGR of 24.88% during 2022–2028. This underscores the immense significance of data virtualization, particularly for India, where it presents a promising opportunity to maximize the efficiency of enterprise AI ecosystems. As outlined by NetApp’s 2024 Cloud Complexity report, 70% of surveyed companies in India already have AI projects up and running or in motion, which is commendably higher than the global average of 49%. Given this increasing readiness to adopt AI models and projects, data virtualization could be the ticket for Indian industries to optimize operations, making them more flexible and scalable than ever before. Essentially, this technology offers the abstraction of data from its physical confines, facilitating seamless access and utilization across the enterprise. Legacy IT infrastructure often grapples with the demands of modern-day business operations. The significance of this advancement lies in its ability to transcend the constraints of conventional data management approaches, offering agility, scalability, and efficiency in managing extensive and diverse datasets. Within AI ecosystems, it proves to be crucial in optimizing access to critical data and expediting the development and deployment of AI-driven solutions.

Advantages of Data Virtualization

In today's hyper-competitive business landscape, rapid modernization is the key to staying ahead of the curve. Virtualization empowers corporations to unlock a wealth of new opportunities and drive competitiveness through enhanced decision-making and accelerated time-to-market. By furnishing real-time access to actionable insights, it equips businesses to make informed decisions and capitalize on budding trends and emergent opportunities. Among the many advantages that data virtualization offers, a significant one is its ability to optimize resource utilization. By consolidating virtual environments, organizations can realize considerable cost savings whilst simultaneously enhancing operational efficiency. This not only mitigates the complexity of IT infrastructure but also augments scalability, enabling businesses to swiftly adapt to changing demands and market dynamics. In the world of enterprise AI, agility is crucial. By facilitating rapid deployment of such solutions, it allows businesses to capitalize on emerging opportunities and respond swiftly to evolving customer needs. Its inherent flexibility enables businesses to adapt their AI strategies in real-time, ensuring maximum impact and value creation. Centralized management and monitoring capabilities are also essential for effective data governance and control. Simplifying IT operations by providing a unified platform for managing and monitoring data assets is yet another benefit observed. This streamlined approach not only reduces administrative overhead but also enhances visibility and compliance, ensuring data integrity and security across the corporation. Access to timely and accurate data is the lifeblood of AI-driven decision-making. Through this innovation, access to critical data can be accelerated, enabling organizations to derive actionable insights with unmatched speed and accuracy. By breaking down data silos and facilitating seamless integration, it empowers businesses to make informed decisions that drive growth and improvement. It is well-founded that digital transformation thrives on experimentation and iteration. Data virtualization fosters a culture of innovation within AI ecosystems by providing a platform for rapid prototyping and testing. Its flexible architecture enables data scientists and AI developers to explore new ideas and concepts, leading to the development of ground-breaking solutions that drive business value and competitive advantage.

The Future of Data

As we embrace the future facilitated by the adoption of enterprise AI, the strategic importance of data virtualization cannot be overstated. By leveraging this technology, businesses can streamline operations, drive efficiency, and unlock new opportunities for growth and competitiveness. Looking ahead, the evolving role of this innovation will continue to shape the future of AI, providing companies with the tools they need to stay ahead of the curve and thrive in the digital age. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

This week on TCE Cyberwatch, we delve into the recent hackings of major organizations, including the International Baccalaureate, Boeing, and BetterHelp, which have sparked widespread concern online. We also highlight ongoing developments in enhancing cybersecurity measures.

National governments are also grappling with cybersecurity challenges. TCE Cyberwatch examines how these issues have affected countries and the proactive steps organizations are taking to stay ahead in the evolving landscape of cybersecurity. Keep reading for the latest updates.

TCE Cyberwatch: A Weekly Round-Up

IB Denies Exam Leak Rumors, Points to Student Sharing

The International Baccalaureate Organization (IBO) faced allegations of exam paper leaks, but it denied any involvement in a cheating scandal. Instead, the organization acknowledged experiencing a hacking incident, unrelated to the current exam papers circulating online.

The breach was attributed to students sharing exam materials on social media platforms. Concurrently, the IBO detected malicious activity within its computer networks.

The act of students sharing exam content online is commonly known as "time zone cheating," wherein students who have already completed their exams disclose details about the questions before others take the test. Additionally, the malicious activity targeted data from 2018, including employee names, positions, and emails. Screenshots of this leaked information surfaced online. Read More

Boeing Hit by $200 Million Ransomware Attack, Data Leaked

The aeronautical and defense corporation, Boeing, recently confirmed that it had been targeted by the LockBit ransomware gang in October 2023. They also acknowledged receiving a $200 million demand from the attackers to prevent the publication of leaked data. On November 10, approximately 40GB of data was leaked by LockBit, though Boeing has not yet addressed the situation. The ransomware group initially identified Dmitry Yuryevich Khoroshev as the principal administrator and developer behind the LockBit ransomware operation. However, this claim has since been denied by the actual developer. Additionally, Boeing has not announced whether it paid the $200 million extortion demand. Read More

Lenovo Pledges Stronger Cybersecurity with "Secure by Design" Initiative

Lenovo recently joined the Secure by Design pledge initiated by the US Cybersecurity and Infrastructure Security Agency (CISA) to enhance its cybersecurity measures. This announcement was made on May 8th, and the initiative covers various areas including multi-factor authentication and vulnerability reduction. Doug Fisher, Lenovo’s Chief Security Officer, emphasized the importance of industry collaboration in driving meaningful progress and accountability in security. "It’s good for the industry that global technology leaders are able to share best practices," he stated. Many other tech companies have also joined this effort to ensure their security. Read More UK’s AI Safety Institute releases public platform which furthers safety testing on AI models. UK’s AI Safety Institute has recently made its AI testing and evaluation platform available publicly. Inspect, the platform that aims to start more safety tests surrounding AI and ensuring secure models. It works by assessing capabilities of models and then producing a score. It is available to AI enthusiasts, start-up businesses and international governments, as it is released through an open-source licence. Ian Hogarth, the Chair of the AI Safety Institute, has stated that, “We have been inspired by some of the leading open-source AI developers - most notably projects like GPT-NeoX, OLMo or Pythia which all have publicly available training data and OSI-licensed training and evaluation code, model weights, and partially trained checkpoints.” Inspect works by evaluating models in areas such as their autonomous abilities, abilities to reason, and overall core knowledge. Read More 

NASA Names First Chief Artificial Intelligence Officer

NASA announced its first Chief Artificial Intelligence (AI) Officer. David Salvagnini, who previously served as the Chief Data Officer, has now expanded his role to incorporate AI. His responsibilities included developing strategic vision and planning NASA's AI usage in research projects, data analysis, and system development.

NASA Administrator Bill Nelson stated, “Artificial intelligence has been safely used at NASA for decades, and as this technology expanded, it accelerated the pace of discovery.” Salvagnini also worked alongside government agencies, academic institutions, and others in the field to ensure they remained up to date with the AI revolution. Read More. Read More 

DDoS Attacks Target Australia Amidst Ukraine Support

The Cyber Army Russia Reborn launched Distributed Denial of Service (DDoS) attacks targeting prominent Australian companies like Auditco and Wavcabs. While the exact motive remains unclear, the timing suggests a political backlash against Australia's solidarity with Ukraine.

Wavcabs experienced disruptions to its online services, while Auditco encountered technical difficulties believed to be linked to these attacks. Despite the cyber onslaught, Australia remained steadfast in its support for Ukraine, announcing a $100 million aid package comprising military assistance and defense industry support. Read More

British Columbia Thwarts Government Cyberattack, Strengthens Defenses

British Columbia’s government recently confirmed an attempt to infiltrate their information systems. The incidents were identified as “sophisticated cybersecurity incidents” by B.C.’s solicitor-general and public safety minister. There is no current evidence suggesting that personal information, such as health records, was compromised. The government's proactive measures in 2022 played a significant role in detecting the breach.

The government ensured to further secure systems, including requiring government employees to change their passwords. Officials and cybersecurity experts continue to work to ensure sensitive information remains secure and to prevent unauthorized access. The country appears to be using this incident to prepare itself for future cyber threats. Read More

Urgent Chrome Update: Google Patches Sixth Zero-Day of 2024

A new vulnerability in Google Chrome was uncovered, marking their sixth zero-day incident in 2024. Google swiftly released an emergency update to patch the issue, ensuring users' safety. Updates were promptly distributed across Mac, Windows, and Linux platforms.

For those concerned about their security, updating their devices is crucial. Users can navigate to Settings > About Chrome to initiate the update process. While Google has not disclosed specific details about the breach, the urgency conveyed by their release of an "emergency patch" underscores the severity of the situation. Read More

To Wrap Up

Cyberattacks continue to dominate headlines, but this week's TCE Cyberwatch report also reveals positive developments. Governments are taking action, with proactive measures in British Columbia and the UK's AI safety testing platform. Organizations are prioritizing security, as seen in Lenovo's "Secure by Design" initiative.

Individuals play a crucial role too. The recent Google Chrome update reminds us to prioritize software updates. While cyber threats persist, these advancements offer a reason for cautious optimism. By working together, we can build a more secure digital future.

Remember, vigilance is key. Update your software regularly and follow best practices to minimize vulnerabilities. TCE Cyberwatch remains committed to keeping you informed.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

This week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape

Source: www.databreachtoday.com – Author: 1 Fraud Management & Cybercrime , Fraud Risk Management , Ransomware Also: More Support for Ransomware Victims, Key Takeaways From RSA 2024 Anna Delaney (annamadeline) • May 17, 2024     Clockwise, from top left: Anna Delaney, Mathew Schwartz, Suparna Goswami and Tom Field In the latest weekly update, ISMG editors […]

La entrada ISMG Editors: Why Synthetic ID Fraud Is on the Rise – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.databreachtoday.com – Author: 1 What are the key elements of a successful healthcare identity security program? SailPoint healthcare experts Matthew Radcliffe and Rob Sebaugh detail what else look for to accelerate your business and improve your security posture. In an interview with ISMG, the two SailPoint executives discuss: Elements of a successful identity security […]

La entrada Healthcare Identity Security: What to Expect from Your Solution – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.databreachtoday.com – Author: 1 Finance & Banking , Industry Specific , Standards, Regulations & Compliance Covered Financial Institutions Have 30 Days to Notify Customers of Data Breaches Chris Riotta (@chrisriotta) • May 17, 2024     Broker-dealers and other investment firms will have 30 days to notify clients of data breaches under new U.S. […]

La entrada US SEC Approves Wall Street Data Breach Reporting Regs – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development Hackers Sought Specific Generative AI Software at Leading US Firm: Proofpoint Rashmi Ramesh (rashmiramesh_) • May 17, 2024     Someone is targeting a “leading U.S.-based AI organization” with phishing emails that lead to […]

La entrada Hackers Target US AI Experts With Customized RAT – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.databreachtoday.com – Author: 1 Breach Notification , Cybercrime , Fraud Management & Cybercrime Data Stolen Over a Year Ago, But WebTPA Didn’t Discover Hack Until December Marianne Kolbasuk McGee (HealthInfoSec) • May 17, 2024     Image: WebTPA A Texas-based firm that provides health plan administration services is notifying more than 2.4 million individuals […]

La entrada Health Plan Services Firm Notifying 2.4 Million of PHI Theft – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.bitdefender.com – Author: Graham Cluley Nissan North America has revealed that extortionists who demanded a ransom after breaking into its external VPN and disrupted systems last year also stole the social security numbers of over 53,000 staff. The security breach occurred on November 7, 2023. Upon initial investigation, Nissan and external experts brought in […]

La entrada Nissan reveals ransomware attack exposed 53,000 workers’ social security numbers – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.bleepingcomputer.com – Author: Lawrence Abrams This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. However, that does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the Black Basta ransomware oepration […]

La entrada The Week in Ransomware – May 17th 2024 – Mailbombing is back – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources. After first completing the rollout for the Azure portal, the MFA enforcement will see a similar rollout for CLI, PowerShell, and Terraform. Redmond says customers will also receive additional […]

La entrada Microsoft to start enforcing Azure multi-factor authentication in July – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.bleepingcomputer.com – Author: Bill Toulas The Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. Regulation S-P was introduced in 2000 and controls how some financial entities must treat nonpublic personal information belonging to […]

La entrada SEC: Financial orgs have 30 days to send data breach notifications – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan ​The U.S. Department of Justice charged two suspects for allegedly leading a crime ring that laundered at least $73 million from cryptocurrency investment scams, also known as “pig butchering.” In pig butchering scams, criminals approach targets using various messaging apps, dating platforms, or social media platforms to build trust […]

La entrada US arrests suspects behind $73M ‘pig butchering’ laundering scheme – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.bleepingcomputer.com – Author: Bill Toulas The WebTPA Employer Services (WebTPA) data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services notes. Some of the impacted people are customers at large insurance companies such as The Hartford, Transamerica, and Gerber Life Insurance. WebTPA is a GuideWell […]

La entrada WebTPA data breach impacts 2.4 million insurance policyholders – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan ​The U.S. Justice Department charged five individuals today, a U.S. Citizen woman, a Ukrainian man, and three foreign nationals, for their involvement in cyber schemes that generated revenue for North Korea’s nuclear weapons program. They were allegedly involved between October 2020 and October 2023 in a campaign coordinated by […]

La entrada US woman allegedly aided North Korean IT workers infiltrate 300 firms – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Marketing teams need a comprehensive bot management solution to address the challenges posed by bot traffic and protect marketing analytics. Bot management is designed to protect marketing efforts from bot-generated invalid traffic by accurately and efficiently classifying traffic and stopping unwanted. This allows you to maximize your marketing investments, achieve genuine engagement, and ensure accurate […]

The post Why Bot Management Should Be a Crucial Element of Your Marketing Strategy appeared first on Blog.

The post Why Bot Management Should Be a Crucial Element of Your Marketing Strategy appeared first on Security Boulevard.

The concept of a Zero Trust Architecture (ZTA) is pretty simple – trust no one, verify everyone. No user or device should be trusted automatically, even if they are connected to a permissioned environment or were previously verified. But modern multi-cloud networks are continuously evolving collections of users, applications, data, and workloads, which don’t lend themselves to ZTA.

The post Enabling Continuous Zero Trust in Multi-Cloud Environments with Netography Fusion appeared first on Netography.

The post Enabling Continuous Zero Trust in Multi-Cloud Environments with Netography Fusion appeared first on Security Boulevard.

As you may have seen in the news, a hacker stole 49 million customer records from Dell. The attack wasn’t novel or sophisticated. Instead, the attacker used a business logic flaw and an API to scrape 49 million records from Dell.

How did they do it?  Here is the attack flow.

The attacker registered for an account within the Dell ecosystem to be a reseller/partner. They weren’t going to be. But Dell didn’t perform any checks, and within 48 hours, the attacker had a valid account.

Next, the attacker found an API endpoint that allowed “partners” to input a Dell service tag. The API would then provide them with customer details, such as name, address, phone number, etc.

Since the Dell tag is only seven characters long and alphanumeric, the attacker created a script that would send 5,000 randomly created 7-character strings a minute to the API. With no rate limit or API monitoring, the attacker could harvest over 49 million customer records without anyone detecting this activity.

This attack illustrates why API protection is so complex and why you need a tool like Salt to help. Let's review the attack again, but this time, consider how a few changes and the addition of Salt would have detected and possibly stopped this attack.

Account registration. In API attacks, it is common for the adversary to create an account within the system and use that as the entry point for their reconnaissance and attack.  In Dell’s case, this was not an API problem but a business logic problem. The system that grants supplier/partner access needs to validate and, dare I say it, have a human check to see if the person/company signing up is legitimate.

If Dell had a tool like Salt monitoring their API, this attack would have been detected and thwarted. Here is why. When Salt monitors your API, it uses ML and AI (not just buzzwords; see patent) to create custom templates based on our algorithm that align with the API's functions. Thousands of attributes go into this template. But what makes Salt unique is a second algorithm called “User Intent.” This algorithm learns what normal user behavior is within your application and these APIs.

In this case, Salt would have learned that a typical supplier/partner queries the Service Tag customer lookup API maybe four times a day or maybe four an hour at most. The alarm bells would have been going off as soon as the first 5k request was received.

If you would like to learn more about Salt and how we could provide you with API discovery, governance, and protection, please contact us, schedule a demo, or check out our website.

The post The Dell API Breach: It could have been prevented appeared first on Security Boulevard.

Source: www.proofpoint.com – Author: 1 Source: Thongden Studio via Shutterstock A likely Chinese threat actor is using a recent variant of the notorious Gh0st RAT malware to try and steal information from artificial intelligence experts in US companies, government agencies, and academia. Researchers at security vendor Proofpoint first spotted the campaign earlier this month and […]

La entrada US AI Experts Targeted in SugarGh0st RAT Campaign – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.proofpoint.com – Author: 1 Artificial Intelligence & Machine Learning , Events , Next-Generation Technologies & Secure Development Protect People and Infrastructure Simultaneously: Proofpoint CEO Sumit Dhawan Mathew J. Schwartz (euroinfosec) • May 16, 2024     Sumit Dhawan, CEO, Proofpoint To address the cliche of people being the weakest link, cybersecurity company Proofpoint said […]

La entrada A Human-Centric Security Approach, Supported by AI – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.proofpoint.com – Author: 1 Proofpoint Archive customers will meet the globally recognized industry standards in place to secure and protect payment account data SUNNYVALE, Calif., May 16, 2024 – Proofpoint, Inc., a leading cybersecurity and compliance company, today announced its Proofpoint Archive solution has achieved compliance with the Payment Card Industry Data Security Standard (PCI […]

La entrada Proofpoint Among First in Enterprise Archiving Industry to Achieve PCI Compliance Attestation – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.proofpoint.com – Author: 1 CRN spoke with the CEOs and CTOs of a number of cybersecurity companies, including Proofpoint, Palo Alto Networks, Rubrik and CrowdStrike, during RSA Conference 2024. Here’s what they had to say. While the many implications of GenAI for security continued to be discussed and debated at last week’s RSA Conference, […]

La entrada Here’s What 20 Top Cybersecurity CEOs And CTOs Were Saying At RSA Conference 2024 – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: DR's podcast on the CISO & the SEC; breaking down CISA's Secure by Design Pledge; Singapore puts cloud providers on notice.

When asked what makes this an “emotional support squid” and not just another stuffed animal, its creator says:

They’re emotional support squid because they’re large, and cuddly, but also cheerfully bright and derpy. They make great neck pillows (and you can fidget with the arms and tentacles) for travelling, and, on a more personal note, when my mum was sick in the hospital I gave her one and she said it brought her “great comfort” to have her squid tucked up beside her and not be a nuisance while she was sleeping.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

IBM's abrupt divestiture of QRadar SaaS underscores the consolidation of SIEM, XDR, and AI technologies into unified platforms.

LDAP Authentication Improvements

This week, in Metasploit v6.4.9, the team has added multiple improvements for LDAP related attacks. Two improvements relating to authentication is the new support for Signing and Channel Binding. Microsoft has been making changes to harden the communications to Domain Controllers. Organizations are incorporating these policies which are making LDAP tools without the necessary features unable to operate. The intention behind these changes are to protect communications with Domain Controllers from relay attacks. There are however plenty of scenarios when users may want to authenticate to a domain controller directly with known credentials to perform a variety of tasks.

The new improvements allow Metasploit users to authenticate via either NTLM or Kerberos to LDAP servers with these hardening settings in place. Signing will be performed opportunistically (LDAP::Signing=auto), however it can be either disabled entirely by setting LDAP::Signing to disabled or required with required. Note that setting it to required will raise exceptions with configurations that are incompatible with signing, e.g. connecting over SSL (LDAPS) or using plaintext / simple authentication. At this time channel binding is automatically enabled and can not be disabled in the same way. When connecting over SSL, and authenticating with either NTLM or Kerberos, the binding information is provided to the server.

For users that are unfamiliar with the semi-recent authentication configuration changes introduced in Metasploit v6.3, LDAP modules have an LDAP::Auth option that can be set to one of auto, ntlm, kerberos, schannel, or plaintext.

LDAP Session

In addition to the new LDAP authentication improvements, Metasploit added the latest session type; LDAP sessions this week. Metasploit v6.4 added new protocol-based sessions that allow modules to be run against persistent connections for a variety of services including SMB, MSSQL and MySQL. Once the feature is enabled by running features set ldap_session_type true, users can open sessions with the auxiliary/scanner/ldap/ldap_login module and CreateSession option. These new sessions allow a users to authenticate once and interact with the connection, running queries or modules such as:

• auxiliary/admin/ldap/rbcd – Role Based Constrained Delegation
• auxiliary/admin/ldap/shadow_credentials – Shadow Credentials
• auxiliary/gather/asrep – Find Users Without Pre-Auth Required (ASREP-roast)
• auxiliary/gather/ldap_esc_vulnerable_cert_finder – Misconfigured Certificate Template Finder
• auxiliary/admin/ldap/ad_cs_cert_template – AD CS Certificate Template Management
• auxiliary/gather/ldap_hashdump – LDAP Information Disclosure
• auxiliary/gather/ldap_query – LDAP Query and Enumeration Module

By interacting with the session, the query command becomes available to run queries interactively. It has a few options allowing the scope, attributes and filter to be set.

LDAP (192.0.2.197) > query -h
Usage: query -f <filter string> -a <attributes>

Run the query against the session.

OPTIONS:

    -a, --attributes      Comma separated list of attributes for the query
    -b, --base-dn         Base dn for the query
    -f, --filter          Filter string for the query (default: (objectclass=*))
    -h, --help            Help menu
    -o, --output-format   Output format: `table`, `csv` or `json` (default: table)
    -s, --scope           Scope for the query: `base`, `single`, `whole` (default: whole)

As an example, basic information about the domain can be queried:

LDAP (192.0.2.197) > query -a ms-DS-MachineAccountQuota,objectSID,name -f '(objectClass=domain)'
DC=labs1collabu0,DC=local
=========================

 Name                       Attributes
 ----                       ----------
 ms-ds-machineaccountquota  10
 name                       labs1collabu0
 objectsid                  S-1-5-21-795503-3050334394-3644400624

New module content (2)

Windows Registry Security Descriptor Utility

Author: Christophe De La Fuente
Type: Auxiliary
Pull request: #19115 contributed by cdelafuente-r7
Path: admin/registry_security_descriptor

Description: This adds a module to read and write the security descriptor of Windows registry keys.

Kemp LoadMaster Local sudo privilege escalation

Authors: Dave Yesland with Rhino Security Labs and bwatters-r7
Type: Exploit
Pull request: #19100 contributed by bwatters-r7
Path: linux/local/progress_kemp_loadmaster_sudo_privesc_2024

Description: This adds a privilege escalation exploit module for LoadMaster that abuses the configuration of the sudo command combined with weak file system permissions. There is no CVE for this vulnerability.

Enhancements and features (2)

• #19058 from dwelch-r7 - This adds an LDAP session type allowing users and modules to interact directly with LDAP servers without uploading a payload.
• #19132 from zeroSteiner - Add channel binding information to Metasploit's NTLM and Kerberos authentication for the LDAP protocol. This enables users to authenticate to domain controllers where the hardened security configuration setting is in place.
• #19172 from cgranleese-r7 - Updates the debug command to export the currently enabled user features.

Bugs fixed (1)

• #19183 from adfoster-r7 - Fix windows platform detection bug when running on a UCRT compiled environment.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

• Pull Requests 6.4.8...6.4.9
• Full diff 6.4.8...6.4.9

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro

The improper input validation issue in Intel Neural Compressor enables remote attackers to execute arbitrary code on affected systems.

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: Over 90 percent of organizations consider threat hunting a challenge. More specifically, seventy-one percent say that both prioritizing alerts to investigate and gathering enough data to evaluate a signal’s maliciousness can be quite difficult. Threat hunting is necessary simply because no cyber security protections are always 100% effective. […]

La entrada How AI turbocharges your threat hunting game – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: Cyber security experts have recently uncovered a sophisticated cyber attack campaign targeting U.S-based organizations that are involved in artificial intelligence (AI) projects. Targets have included organizations in academia, private industry and government service. Known as UNK_SweetSpecter, this campaign utilizes the SugarGh0st remote access trojan (RAT) to infiltrate networks. […]

La entrada SugarGh0st RAT variant, targeted AI attacks – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: thehackernews.com – Author: . May 17, 2024NewsroomCryptojacking / Malware The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the […]

La entrada Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: thehackernews.com – Author: . A new report from XM Cyber has found – among other insights – a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on […]

La entrada New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: thehackernews.com – Author: . Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year. “Deuterbear, while similar to Waterbear in many ways, shows advancements in capabilities such as including […]

La entrada China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: thehackernews.com – Author: . May 17, 2024NewsroomLinux / Malware The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea’s Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir, is “structurally […]

La entrada Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

It took two brothers who went to MIT months to plan how they were going to steal, launder and hide millions of dollars in cryptocurrency -- and only 12 seconds to actually pull off the heist.

The post Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds appeared first on Security Boulevard.

The post Votiro Keeps Up the Momentum in 2024 appeared first on Votiro.

The post Votiro Keeps Up the Momentum in 2024 appeared first on Security Boulevard.

Authors/Presenters:Scott Constable, Jo Van Bulck, Xiang Cheng, Yuan Xiao, Cedric Xing, Ilya Alexandrovich, Taesoo Kim, Frank Piessens, Mona Vij, Mark Silberstein

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – AEX-Notify: Thwarting Precise Single-Stepping Attacks Through Interrupt Awareness For Intel SGX Enclaves appeared first on Security Boulevard.