Security Boulevard

The post Patch Tuesday Update - September 2024 appeared first on Digital Defense.

The post Patch Tuesday Update – September 2024 appeared first on Security Boulevard.

Singapore, Sept. 10, 2024, CyberNewsWire — Seventh Sense, a pioneer in advanced cybersecurity solutions, announces the launch of SenseCrypt, a revolutionary new platform that sets a new standard in secure, privacy-preserving identity verification. SenseCrypt introduces a first-of-its-kind face-based … (more…)

The post News alert: Seventh Sense unveils a revolutionary privacy solution — face-based PKI and ‘eID’ first appeared on The Last Watchdog.

The post News alert: Seventh Sense unveils a revolutionary privacy solution — face-based PKI and ‘eID’ appeared first on Security Boulevard.

PRESS RELEASE Strata Identity acknowledged for helping banks streamline customer journeys BOULDER, CO, September 10, 2024 – Strata Identity, the Identity Orchestration company, today announced it has been named as a Sample Vendor in the 2024 Gartner Hype Cycle for Banking Customer Experience.  According to Gartner, “Journey-time orchestration is a type of platform with the...

The post Strata Identity Recognized as a Sample Vendor in 2024 Gartner® Hype Cycle™ for Banking Customer Experience appeared first on Strata.io.

The post Strata Identity Recognized as a Sample Vendor in 2024 Gartner® Hype Cycle™ for Banking Customer Experience appeared first on Security Boulevard.

Manufacturing and industrial sectors are becoming bigger cyber-targets, and many of the intrusions are coming from China. Those are among the sobering takeaways from a report Tuesday by Ontinue’s Advanced Threat Operations team in its biannual Threat Intelligence Report. The two sectors endured a 105% increase in attacks during the first half of 2024, highlighting..

The post Manufacturing, Industrial Sectors Are Under Siege appeared first on Security Boulevard.

AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-249A) published on September 5, 2024, that assesses cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155), who are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020.

The post Response to CISA Advisory (AA24-249A): Russian Military Cyber Actors Target US and Global Critical Infrastructure appeared first on AttackIQ.

The post Response to CISA Advisory (AA24-249A): Russian Military Cyber Actors Target US and Global Critical Infrastructure appeared first on Security Boulevard.

Authors/Presenters:Zhibo Liu, Yuanyuan Yuan, Shuai Wang, Xiaofei Xie, Lei Ma

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Decompiling x86 Deep Neural Network Executables appeared first on Security Boulevard.

Delinea, a provider of for managing authorizations, today published a survey of 300 decision makers that finds 62% of respondents have filed an insurance claim because of a cyberattack in the last 12 months, with well over a quarter (27%) having filed multiple claims.

The post Delinea Survey Surfaces Spike in Cybersecurity Insurance Claims appeared first on Security Boulevard.

• One financial services and consulting behemoth designed its cybersecurity stack with an understanding that adversary infrastructure would be a fundamental requirement. But the firm had to ensure it would operate within inevitable budgetary constraints.

• Clear definition of required capabilities led to the selection of HYAS Insight because of its unique ability to support the security team’s existing threat intelligence efforts across its centers worldwide. The firm’s addition of HYAS solutions resulted in a deeper understanding of adversary infrastructure and better awareness to stop cybercriminals and nation-state attackers.

• As a result of using HYAS, the firm disrupted fraud rings and eliminated or reduced the impact of cyberthreats for its clients, while also pruning other solutions from its security stack to reduce costs. A strong working relationship ensured that HYAS’s actionable data were optimized and could drive concrete results for the firm and its clients.

How do global consulting firms with international reach think about providing their cybersecurity services? One major managed service provider (MSP) which we’ll call “MSP Global” offers security operations center as-a-Service (SOCaaS) and cyber threat hunting, detection, and response for clients in more than 150 countries and territories.

MSP Global found tremendous value in incorporating HYAS solutions into a strategy for supporting their global cybersecurity services. Given MSP Global’s size and number of clients around the world, it was crucial to have the most robust cybersecurity capabilities possible. MSP Global designed a comprehensive framework of technical capabilities, effective processes, and rich threat intelligence to support their clients. A critical aspect of this was not only the ability to detect and mitigate attacks but also to understand threat actor behavior and the infrastructure used to carry out their attacks. They needed the right players on board to support their framework, including partnering with the leading intelligence firm specializing in adversary infrastructure. Who fit the bill? HYAS did.

Challenges Q: Why do clients engage MSP Global’s cybersecurity services?

MSP Global offers SOCaaS and related threat hunting, incident response, and other services to clients who want reliable third-party managed services. Regardless of the services chosen, the firm provided intelligence reporting with industry-specific data, analysis, and insight to help protect client businesses from a wide range of threats.

One of MSP Global’s primary goals when onboarding new clients was to define each client’s particular intelligence requirements. That meant understanding the threat landscape and attack surface for each client. The requirements of course included factors specific to the client, but also inevitably included relevant threat patterns and actors in the client’s industry as a whole.

Those in the banking industry, for example, received different intelligence reports than healthcare providers based upon the specific threats and changing landscape for that industry.  But regardless of the industry, MSP Global leveraged the diverse, contextualized cyber threat intelligence provided by HYAS. The firm combined HYAS intel into an all-source intelligence model optimized for the client.

Q: What drove MSP Global to consider HYAS as a threat intelligence and incident response solution?

The business case for visibility on infrastructure intelligence was clear. Enterprises need timely, relevant, and actionable cyber threat intelligence to understand threat infrastructure and to prevent, detect, and mitigate the impacts of phishing, ransomware, and other kinds of cyber attacks. HYAS provides its clients with rich passive DNS, both standard and industry-exclusive WhoIs, proprietary malware intelligence, and other contextualized intelligence that helps SOC analysts and threat hunters connect the dots and uncover adversary infrastructure.

The case for infrastructure intelligence was so clear that when MSP Global’s intelligence division decided to build its service, it defined its collection strategy around specific intelligence “pillars” that would mutually reinforce each other to provide the best possible cybersecurity services. Adversary infrastructure was an essential part of one of these pillars, representing a predetermined requirement that could only be met with capabilities like HYAS’s.

Solutions Q: What made MSP Global choose HYAS among other solutions in the marketplace?

No business can escape financial constraints, but it was clear to MSP Global that a single vendor could not demonstrate expertise in all the areas required. The company looked at multiple vendors and found that HYAS occupies a special niche.  HYAS Insight provides unrivaled adversary “infrastructure intelligence” that helps organizations identify the infrastructure used by adversaries to launch attacks and provides visibility into past patterns of activity.  It also identifies future threat activity for associated infrastructure that has not yet been weaponized.

HYAS Protect provides protective DNS capabilities that scrutinizes DNS traffic - a requirement of any communication with the internet - to prevent the corporate network or employee endpoints from communicating with suspicious or malicious sites on the internet. That means adversary activity is interrupted, such as phishing or malware communication with command and control infrastructure. It also means security practitioners get clear insights into the patterns of traffic and unwanted activity across their network so they can track down anomalies and institute change that better protects their organizations.

MSP Global saw something unique in HYAS solutions as well as a standard of excellence that helped put them in the best position to deliver cybersecurity services that best met their client’s objectives.

Q: How does MSP Global use HYAS Insight to help its clients?

HYAS Insight plays neatly into MSP Global’s threat hunting and cyber threat intelligence offerings. Fundamental to supporting these solutions is accurate infrastructure data and the context around it. HYAS provides the necessary real-time data, historical details, and a diverse range of correlated intelligence to help the company’s worldwide centers effectively stop bad actors, whether script kiddies or advanced adversaries.
MSP Global’s intel teams don’t directly provide its clients with data from HYAS. Rather, they use HYAS Insight to support their services with intelligence they can trust, and that means better SOC triage, prioritization, and response to threats, and also more timely, in-depth intelligence reports catered to their clients.

Q: How does HYAS reinforce MSP Global’s security posture?

In addition to using HYAS Insight to support SOCaaS incident response, amplify MSP Global’s threat hunting, and provide threat intel to generate reports, the firm uses HYAS for:

• Data enrichment: Better connection between diverse data types leads to better outcomes for all teams. The company found that different perspectives on single domains provides a more detailed picture, giving analysts clearer paths forward. Solutions like HYAS Insight help organizations understand not just what’s in front of them, but what’s coming their way.
• Fraud: Fraud investigators can put a stop to illicit activities by cross-referencing rich datasets to correlate and pinpoint events, patterns, timeframes of activity, and other information.  This helps fraud teams build cases against specific individuals, liaise with law enforcement, and shut down a bad actor. MSP Global’s anti-fraud teams use HYAS Insight to deconflict and piece together data provided by other tools, building actionable plans to disrupt cyber fraud.

Results Q: How does HYAS help MSP Global achieve its mission?

HYAS intelligence has empowered MSP Global to successfully identify and stop:

• Fraudulent activity
• DNS tunneling
• Malware command and control
• Pre-weaponized attack infrastructure

And HYAS has also helped MSP Global cut costs. Annually evaluation of 3rd party product fit against the firm’s evolving objectives is a standard component of its vendor management process, ensuring the firm maximizes the value gained from its investments. Reevaluations have resulted in extremely high ROI with HYAS Insight, so high that the firm has managed to prune other less valuable solutions from its security stack.

Q: How does MSP Global’s senior intelligence manager rate HYAS?

MSP Global rates HYAS solutions very high, noting how quickly the intelligence division can pull  information necessary for cybersecurity investigations it conducts on behalf of its clients. In addition, HYAS Insight’s advanced capabilities give MSP Global’s intel teams more ways to present data and recommend action. 

But good products and services are nothing without the right partnership. The relationship between HYAS and MSP Global has ultimately strengthened them both and empowered their missions to build stabler, safer business environments for those they serve.

Connect with us to learn how HYAS's unrivaled threat intelligence and investigation capabilities can augment your existing security stack and protect against advanced cyberthreats. 

The post How One Consultancy Behemoth Uses HYAS for Unrivaled Cybersecurity appeared first on Security Boulevard.

49% have experienced a major security breach in the past 12 months, according to respondents to our new “ Voice of a Threat Hunter 2024 ”...

The post How Effective Threat Hunting Programs are Shaping Cybersecurity appeared first on Security Boulevard.

Authors/Presenters:Junzhe Wang, Matthew Sharp, Chuxiong Wu, Qiang Zeng, Lannan Luo

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Can a Deep Learning Model for One Architecture Be Used for Others? Retargeted-Architecture Binary Code Analysis appeared first on Security Boulevard.

Introduction Following the 2024 ThreatLabz Phishing Report, Zscaler ThreatLabz has been closely tracking domains associated with typosquatting and brand impersonation - common techniques used by threat actors to proliferate phishing campaigns. Typosquatting involves registering domains with misspelled versions of popular websites or brands to capitalize on user errors, while brand impersonation involves creating fake online entities that closely mimic a brand’s official presence. The big difference is that typosquatting relies on typographical mistakes, whereas brand impersonation focuses on deceiving users through visual and contextual similarities. These two techniques are closely interconnected and often work in tandem to deceive users, steal information, and/or install malware.

From February 2024 to July 2024, ThreatLabz analyzed typosquatting and brand impersonation activity across over 500 of the most visited domains, examining more than 30,000 lookalike domains, and discovering that over 10,000 were malicious. This blog summarizes our findings, highlighting the trends and tactics used to carry out these phishing campaigns.

Key Takeaways
From February 2024 to July 2024, Google accounted for the largest percentage of phishing domains that leveraged typosquatting and brand impersonation. Microsoft and Amazon followed closely behind. Collectively, these three brands accounted for nearly three quarters of all these types of phishing domains.
Nearly half of the phishing domains that were discovered used free Let's Encrypt TLS certificates to appear more authentic and avoid web browser warnings.
The .com top-level domain (TLD) accounted for a significant amount of the phishing domains with English speakers being a primary target.
The Internet Services sector was the most heavily spoofed vertical, followed closely behind by Professional Services and Online Shopping.

Threats And TrendsUnderstanding typosquatting and brand impersonation trends is essential for users and organizations to defend against phishing attacks, safeguard brand reputation, enhance cybersecurity measures, and promote a safer online experience.

Most targeted verticalsThe breakdown by vertical for phishing domains was the following:

The Internet Services sector, which emerged as the most frequently impersonated vertical (29.2%), often handles large volumes of user data and financial transactions, making it a lucrative target for attackers.
Professional Services, closely following at 26.09%, likely attract attackers due to the sensitive and confidential client information they manage.
Online Shopping websites, accounting for 22.3% of phishing domains, are targeted because they involve direct financial transactions and possess a wealth of user payment data.
By comparison, other verticals such as Social Networking (4.5%), Streaming Media (3.3%), AI/ML Apps (3.3%), Information Technology (3.1%), Corporate Marketing (1.6%), Finance (1.1%), File Hosting (0.7%), Science and Technology (0.4%), Web Search (0.4%), and Discussion Forums (0.3%), faced a relatively low percentage of attacks. This discrepancy can be attributed to the lower immediate financial returns associated with the data linked to these sectors.

Most targeted brandsDuring our observations, ThreatLabz identified threat actors targeting a range of popular brands, including file-sharing services, email providers, digital payment platforms, and online shopping services. However, Google, Microsoft, and Amazon emerged as the top three targeted vendors by far. Google accounted for the highest percentage of typosquatting and brand impersonation instances at 28.8%, followed by Microsoft at 23.6%, and Amazon at 22.3%. Meta was also targeted, albeit to a lesser extent, at 4%. Attackers mimic top brands because the global user base offers a vast number of accounts that can be targeted and easily monetized. The figure below shows the distribution of brands abused by threat actors leveraging typosquatting and brand impersonation.

Figure 1: The most imitated brands by typosquatting and brand impersonation.

Most commonly abused certificate issuersThreat actors often utilize HTTPS to create the illusion of legitimacy for their phishing sites. Among the analyzed phishing domains, 48.4% were discovered to have certificates issued by Let's Encrypt, a widely-used free and open certificate authority (CA). Let's Encrypt is known for its ease of use and minimal security checks required for obtaining TLS certificates, thus making it the most popular CA used by the threat actors. The second preferred CA used by attackers was Google Trust Services accounting for 21.5% of the total certificates, benefiting from Google's strong brand trust. GoDaddy issued 15.2% of the certificates, making it the third most popular CA due to its significant market presence and the convenience of obtaining certificates when registering domains. The figure below shows the most commonly used certificate authorities used by malicious domains.

Figure 2: The most common certificate authorities used by typosquatting and brand impersonation domains.

Most commonly abused domain registrarsDomain registrars are consistently abused by threat actors to register their typosquatting and impersonation domains. GoDaddy stood out with the highest percentage of domains, accounting for 21.7% of the instances, followed by NameCheap at 7.3%, and NameSilo at 6.4%. Attackers use such established registrars primarily for their reputation, cost effectiveness, and privacy options. The figure below shows the most commonly used domain registrars for typosquatting and brand impersonation attacks.

Figure 3: Domain registrars used for registering malicious typosquatting and brand impersonation domains.

Most commonly used TLDsThreat actors leverage commonly used top-level domains (TLDs) typically associated with legitimate websites. This tactic aims to deceive unsuspecting users, fostering a false sense of security by making the phishing domains appear harmless. Interestingly, TLDs such as .xyz and .top, which are not commonly associated with benign sites, have emerged as popular choices among threat actors.

The .com TLD was the most popular with 39.4% likely due to the fact that it is the most recognizable, and therefore may increase the chances of success. The .xyz and .top stood at 11.1% and 5.4%, respectively. These TLDs are relatively unknown, but were likely used because they are less expensive to register. The figure below shows the most commonly used TLDs.

Figure 4: The most commonly used TLDs for typosquatting and brand impersonation domains.

Case StudiesThe following examples show how threat actors leverage typosquatting and brand impersonation to perpetrate phishing campaigns. These domains were used for malware distribution, credential theft, scams, and malware command-and-control (C2) communication.

Malware distribution An example domain discovered by ThreatLabz used for malware distribution was “acrobatbrowser[.]com”, which impersonated the official Adobe website. The domain displayed a fake Adobe page with an embedded iframe window. As soon as the website was loaded, an MSI file (disguised as an Adobe plugin), was downloaded automatically. The MSI file contained the Atera Remote Access Trojan (RAT) providing attackers with remote control over a device and allowing them to steal personal data, spy on user activity, and deploy additional payloads.

The figure below shows the fraudulent domain along with the embedded iframe, and the subsequent MSI file that was downloaded.

Figure 5: Example brand impersonation domain used to distribute the Atera RAT.

Credential theftThreatLabz discovered some of the typosquatting domains used for credential theft. The figure below shows the domain named “offlice365[.]com” imitating the legitimate domain office365.com using a character insertion technique. The attacker hosted a fake Office 365 page to trick victims into entering their credentials. If a user entered their credentials, they would be redirected to the real office365.com website after their login information was stolen.

Figure 6: Example typosquatting domain designed to trick users into providing their login credentials for Office 365.

ScamsThreatLabz discovered instances where scammers targeted users through messaging platforms by impersonating reputable brands. The figure below shows scammers posing as Amazon on WhatsApp and encouraging users to “apply” for a job. By mimicking well-known brands, scammers use these lookalike domains to lure users into sharing personal information.

Figure 7: Scammers impersonating Amazon, making contact via WhatsApp, and encouraging victims to “apply” for a job.

C2 communication Threat actors often employ typosquatting domains to disguise C2 communication channels. For example, ThreatLabz discovered the domain “onedrivesync[.]com” hosting a TacticalRMM tool, a remote monitoring and management software application that is often leveraged for malicious purposes, as shown in the figure below. This threat actor attempted to evade detection by spoofing Microsoft OneDrive, which is commonly used in corporate environments.

Figure 8: An example Tactical RMM C2 server impersonating Microsoft OneDrive.

ConclusionTyposquatting and brand impersonation are common methods used in phishing attacks, abusing typographical errors entered by users and the trust those users place in well-known brands. These deceptive domains lure users into visiting fraudulent websites, where their personal information can be stolen or their systems compromised. Understanding the current trends and tactics in typosquatting and brand impersonation can help empower users and organizations to better recognize and defend against these phishing techniques.

Zscaler ThreatLabz is dedicated to actively monitoring and blocking these threats, stopping them before they can facilitate phishing attacks and cause harm to customers.

Zscaler CoverageZscaler’s multilayered cloud security platform effectively blocks malicious indicators across multiple levels. Additionally, ThreatLabz conducts proactive scans of newly registered domains and swiftly blocks any identified risks.

Figure 9: Zscaler cloud sandbox report

In addition to sandbox detections, Zscaler’s multilayered cloud security platform detects indicators related to typosquatting at various levels with the following threat names:

HTML.Phish.Gen
HTML.Malurl.Gen
HTML.Phish.Typosquatting
HTML.Phish.Whatsapp
HTML.Phish.Google
HTML.Phish.Adobe

Indicators Of Compromise (IOCs)
acrobatbrowser[.]com
browserpapernews[.]pages[.]dev
googleupdate[.]vip
offlice365[.]com
whatsapp-web[.]cn
googqle[.]com
play-store-google[.]com
onedrivesync[.]com
adobevn[.]pro
whatsapp2024[.]ru

The post Phishing Via Typosquatting and Brand Impersonation: Trends and Tactics appeared first on Security Boulevard.

Cary, North Carolina, 10th September 2024, CyberNewsWire

The post Small Business, Big Threats: INE Security Launches Initiative to Train SMBs to Close a Critical Skills Gap appeared first on Security Boulevard.

Key insights and defense strategies were shared at Blue Team Con 2024 in Chicago, where defenders gathered to advance their skills for fighting today’s toughest threats.

The post Blue Team Con 2024: Sharing Security Insights and Defense Strategies in Chicago appeared first on Security Boulevard.

A recent joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) has highlighted a significant threat to critical infrastructure sectors across the United States: RansomHub ransomware.

The post RansomHub Ransomware Targets Critical Infrastructure: A Detailed Look at the CISA-FBI Advisory appeared first on Security Boulevard.

The Rhysida ransomware group may have been behind the July attack on on the city of Columbus, Ohio, but there was never a ransom demand and the hackers ignored attempts by city officials to contact them, according to the head of the city's IT department.

The post No Ransom Demand by Rhysida Before Columbus Data Leak: City IT Chief appeared first on Security Boulevard.

Explore how autonomous penetration testing with NodeZero helps organizations meet NIS 2 compliance by enhancing cybersecurity through scalable, efficient risk assessments.

The post Stay Ahead of Cyber Threats with Autonomous Penetration Testing appeared first on Horizon3.ai.

The post Stay Ahead of Cyber Threats with Autonomous Penetration Testing appeared first on Security Boulevard.

CAST AI boasts that its Kubernetes automation platform cuts AWS, Azure and Google Cloud Platform costs by more than 50%.

The post CAST AI Automates Kubernetes Security Posture Management to Block Runtime Threats appeared first on Security Boulevard.

Preserving Rich History with API Security The mark of many successful businesses is longevity, and Hibbett certainly fits that description. They have been around longer than many, if not most, retailers in the U.S. Headquartered in Birmingham, Alabama and established in 1945, the retailer has successfully distinguished itself from others by building a wide network […]

The post API Security Drives Business Growth for Hibbett appeared first on Cequence Security.

The post API Security Drives Business Growth for Hibbett appeared first on Security Boulevard.

Singapore, SG, 10th September 2024, CyberNewsWire

The post Seventh Sense Unveils Revolutionary Privacy-Preserving Face-Based Public Key Infrastructure and eID Solution appeared first on Security Boulevard.

GDPR violations can result in severe consequences. In its first year, over 89,000 data breaches were reported, leading to fines totaling €56 million. In 2019, the UK’s Information Commissioner’s Office (ICO) imposed record fines on British Airways (€183 million) and Marriott International (€110 million) for breaches affecting millions of customers. Organizations that do not comply […]

The post Legal Impact of GDPR Data Policy Violations appeared first on Kratikal Blogs.

The post Legal Impact of GDPR Data Policy Violations appeared first on Security Boulevard.