News Items

  • news

    Visible to the public "Researchers Fool reCAPTCHA With Google's Own Speech-To-Text Service"

    CAPTCHA is a security system widely used on the internet to protect websites against automated bots by generating image, audio, or text challenges. These challenges help distinguish human input from machine input. Researchers have attempted to break this system using reverse-image searchers, deep learning, and experimental neuroscience. Now, researchers at the University of Maryland (UMD) have developed a CAPTCHA-fooling method called unCAPTCHA, which is claimed to be capable of fooling Google's reCAPTCHA, one of the most popular systems used by thousands of websites, with a significantly high success rate. The researchers' unCAPTCHA method uses Google's free speech-to-text service against Google's own CAPTCHA system. This article continues to discuss the concept of the CAPTCHA system, the unCAPTCHA method developed by UMD researchers to break Google's reCAPTCHA, and Google's response to this new hack.

    Motherboard reports "Researchers Fool reCAPTCHA With Google's Own Speech-To-Text Service"

  • news

    Visible to the public "Leading Game Publishers Hit Hard by Leaked-Credential Epidemic"

    Researchers at Kela have found stolen credentials tied to the top 25 gaming firms, such as Ubisoft. In a recent scan, the researchers found 1 million compromised credentials associated with the larger gaming universe of "clients" and employees. The researchers found the credentials on caches of breached data online and up for sale at criminal marketplaces. The gaming industry is a $196 billion industry, and the growing success of this industry has called attention from cybercriminals scouting for new targets. The researchers stated that the gaming industry might not prioritize their security precautions. In 2020 gamers have faced foul play, usually ranging from ID theft, scams, or the hack of in-game valuables.

    Threatpost reports: "Leading Game Publishers Hit Hard by Leaked-Credential Epidemic"

  • news

    Visible to the public "Microsoft Says SolarWinds Hackers Accessed Company Source Code"

    Microsoft recently revealed that the hackers behind the SolarWinds Orion software supply chain attack were able to access company source code. The detection and review of unusual activity with some internal accounts led to the discovery of one account that had been used to look at source code in several source code repositories. Further investigation confirmed that the account did not make any changes as it did not have permission to modify code or engineering systems. This article continues to discuss initial reports and new discoveries surrounding the impact of the SolarWinds supply chain attack on Microsoft, in addition to Microsoft's approach to source code.

    CyberScoop reports "Microsoft Says SolarWinds Hackers Accessed Company Source Code"

  • news

    Visible to the public "This Top VPN Has an Unfortunate Backdoor Security Flaw"

    Researchers at the Dutch cybersecurity firm called Eye Control recently discovered a backdoor security flaw impacting about 100,000 Zyxel devices. Impacted Zyxel products include Advanced Threat Protection devices, VPN gateways, and the firm's NXC series of devices. The researchers found a secret backdoor account that can grant attackers root access to users of Zyxel's VPN services, in addition to firewalls and Access Point (AP) controllers managed by the company. This backdoor was introduced in a recent firmware update for different Zyxel firewalls and AP controllers. According to the researchers, the backdoor account uses a username and password visible as plain text in Zyxel system binaries running firmware ZLD V4.60. These credentials work on both the SSH and web interface access portal. This article continues to discuss the admin-level backdoor discovered in Zyxel security products.

    TechRadar reports "This Top VPN Has an Unfortunate Backdoor Security Flaw"

  • news

    Visible to the public "T-Mobile Faces Yet Another Data Breach"

    T-mobile USA has reported a data breach that occurred last week via its website, its fourth data breach in three years. The data that was accessed by the adversary is customer proprietary network information (CPNI). CPNI is some of the most sensitive personal information that carriers and providers have about their customers, stated the Federal Communications Commission. CPNI includes records of which phone numbers users called; the frequency, duration, and timing of such calls; and any services purchased by the consumer. The adversary did not gain access to data that included names on the account, physical or email addresses, financial data, credit card information, Social Security numbers, tax ID, passwords, or PINs. T-Mobile stated that 0.2 percent of customers (around 200,000 people) were affected by the breach. The article continues to discuss the other three data breaches that T-mobile USA had suffered in the past.

    Threatpost reports: "T-Mobile Faces Yet Another Data Breach"

  • news

    Visible to the public Worst Hacks of 2020

    Start 2021 with a review of the worst Hacks of 2020. From SolarWinds Supply Chain Hack to a takeover of high profile accounts on Twitter, it was a year of cybersecurity challenges.

  • news

    Visible to the public "Government Security Experts Issue Farmers with New Advice"

    The UK's National Cyber Security Centre (NCSC) issued cybersecurity guidance for farmers as cyberthreats facing rural businesses continue to grow. The comprehensive guide, titled "Cybersecurity for Farmers," outlines best practices for recognizing suspicious emails, managing passwords, securing devices, backing up data, and more. The increased use of automated machinery, smart security cameras, and software for back-office management and productivity prompted the development of this guide as such technologies have made the agriculture sector more attractive to cybercriminals. Cyberattacks on agricultural businesses can lead to the exposure of confidential data as well as significant financial losses. Stuart Roberts, the National Farmers Union deputy president, emphasized farmers' increased reliance on technologies and cybercriminals' growing sophistication in the exploitation of vulnerabilities contained by those technologies to steal money, data, and passwords. Suggestions for farmers include regularly patching software, replacing end-of-life (EOL) operating systems, applying encryption tools, and using firewalls. This article continues to discuss the importance and contents of NCSC's first-ever farmer-oriented guidance for cybersecurity.

    Infosecurity Magazine reports "Government Security Experts Issue Farmers with New Advice"

  • news

    Visible to the public "Whirlpool Hit With Ransomware Attack"

    The major appliances giant Whirlpool acknowledges it was hit with a ransomware attack in November. Whirlpool stated that they were unaware of any consumer information being exposed because of the attack and that the ransomware is not causing any operational difficulties at this time. The cyber gang behind the ransomware attack was the Nefilim group. Emsisoft Threat analysts discovered that the cyber gang had posted two files to its wall-of-shame news site with information it claims is from Whirlpool. The Nefilim group is best known for going after organizations that use unpatched or poorly secured Citrix remote-access technology, then stealing data, unleashing crypto-locking malware, and using the threat of exfiltrated data being publicly dumped to try to force payment. In June, New Zeland's Cert stated that organizations hit with a typical Nefilim attack would see files with a .NEFILIM extension, a file called NEFILIM-DECRYPT.txt may be placed on affected systems, and batch files created in C:WindowsTemp.

    Data Breach Today reports: "Whirlpool Hit With Ransomware Attack"

  • news

    Visible to the public "Worldwide VPN Market to Reach $75.59 Billion by 2027"

    Researchers have found that the global VPN market was valued at $25.41 billion in 2019 and is projected to reach $75.59 billion by 2027, growing at a compound annual growth rate of 14.7% from 2020 to 2027. The major factors driving the VPN market's growth include the increase in data security concerns, the rise in advanced & complex cyber threats, and an upsurge in usage of mobile and wireless devices within organizations. North America is expected to hold the largest VPN market share, followed by the European market in 2027. The Asia Pacific market is projected to register the highest compound annual growth rate for the forecasted period.

    Help Net Security reports: "Worldwide VPN Market to Reach $75.59 Billion by 2027"

  • news

    Visible to the public "Data Breach Broker Selling User Records Stolen From 26 Companies"

    BleepingComputer has discovered that a data breach broker is selling more than 360 million user records allegedly stolen from 26 companies on a hacker forum. Threat actors and hacking groups commonly work with data breach brokers to market and sell the data they steal from companies' user databases. Of the 26 affected companies, eight of them are new alleged data breaches that have not been disclosed previously. These companies include Teespring, SitePoint, Wahoo Fitness, Chqbook, AnyVan, Eventials, ClickIndia, and myON. This article continues to discuss the discovery of user records stolen from 26 companies being sold by a data breach broker on a hacker forum, responses from impacted companies, and what potentially affected users should do to protect themselves.

    BleepingComputer reports "Data Breach Broker Selling User Records Stolen From 26 Companies"

  • news

    Visible to the public "New Golang Worm Turns Windows and Linux Servers Into Monero Miners"

    Researchers from Intezer released details about a new Golang-based worm that drops XMRig cryptocurrency miners on Windows and Linux servers. According to the researchers, the worm targets MySQL, Jenkins, Tomcat, WebLogic, and other public-facing services with weak passwords. The attackers behind this campaign have been actively updating the worm on its command-and-control (C2) server, indicating its continued maintenance. The worm is expected to hit more weak configured services in future updates. Security teams are advised to increase the complexity of passwords, limit login attempts, and enable two-factor authentication. Intezer researchers also urge security teams to minimize the use of public-facing services, keep software up to date, and use a cloud workload protection platform. This article continues to discuss the spread, capabilities, potential large-scale impact, and prevention of the new Golang worm.

    SC Media reports "New Golang Worm Turns Windows and Linux Servers Into Monero Miners"

  • news

    Visible to the public "DDoS Attacks Spiked, Became More Complex in 2020"

    There has been a significant increase in Distributed Denial-of-Service (DDoS) attacks as a result of the large-scale shift to remote work among organizations and the increased use of online services during the COVID-19 pandemic. DDoS mitigation service providers have reported an increase in attack volumes, sophistication, and complexity in 2020. Trends surrounding DDoS in 2020 observed by security experts include the surge in DDoS attacks stemming from the global pandemic, the increase in the number of extortion DDoS attacks, the growth in multivector attacks, the increase in the size of DDoS attacks, and the broadening of attackers' range of targets. This article continues to discuss major DDoS trends seen by security experts in 2020 regarding the increase in number, size, and complexity of DDoS attacks.

    Dark Reading reports "DDoS Attacks Spiked, Became More Complex in 2020"

  • news

    Visible to the public "Hackers Threaten to Leak Plastic Surgery Pictures"

    The ransomware gang known as REvil has stolen data from the Transform Hospital Group, which is the UK's leading specialist weight loss and cosmetic surgery group. REvil claims to be in possession of patients' before and after photos. The group also claims to have obtained more than 900 gigabytes of these patient photographs. They are threatening to publish the photos. A statement released by the Transform Hospital Group confirms that no payment card details belonging to patients were compromised in the breach of its IT systems. However, some personal data, in addition to the photographs, may have been accessed by the hackers. Travelex and the entertainment law firm Grubman Shire Meiselas & Sacks have also fallen victim to REvil, also known as Sodinokibi. This article continues to discuss the ransomware attack faced by the Transform Hospital Group, the group's threats to publish patients' photographs, and recent changes in tactics used by ransomware gangs to pressure victims into paying the demanded ransoms.

    BBC reports "Hackers Threaten to Leak Plastic Surgery Pictures"

  • news

    Visible to the public "NIST Shares Best Practice Security Guidance for Vulnerable PACS"

    The National Institute of Standards (NIST) released cybersecurity guidance for the Picture Archiving Communication System (PACS), which manages medical images. PACS enables the acceptance, transfer, display, storage, and digital processing of medical images. PACS servers are widely used in healthcare delivery organizations. However, reports have revealed that the vulnerabilities contained by PACS have led to the exposure of millions of medical images. One of the vulnerabilities includes the use of the DICOM protocol, which has flaws that could allow attackers to hide malware in medical images and infect patient data. NIST Special Publication (SP) 1800-24 addresses these security risks and provides guidance to help healthcare providers organizations strengthen the security of their PACS and DICOM technologies and prevent patient data exposure. The NIST guide was built through a risk assessment of PACS based on NIST standards. NIST's National Cybersecurity Center of Excellence (NCCoE) also developed an example implementation that demonstrates how healthcare entities can use standards-based, commercially available technologies to bolster the PACS ecosystem's security. This article continues to discuss the cybersecurity guidance released by NIST for PACS, the flaws in this technology, and how securing PACS presents challenges.

    HealthITSecurity reports "NIST Shares Best Practice Security Guidance for Vulnerable PACS"

  • news

    Visible to the public "6 Questions Attackers Ask Before Choosing an Asset to Exploit"

    According to David "moose" Wolpoff, co-founder and CTO at Randori, he believes that understanding the hacker's logic is important. If hacker logic is applied in an enterprise, then the enterprise's security strategy will shift, leading to more efficiencies and lower risk. The attacker's perspective on how an attacker evaluates assets to go after and exploit on an attack surface begins by answering six questions; What useful information can I see about a target from the outside?; How valuable is this asset to the adversary?; Is the asset known to be exploitable?; How hospitable will this asset be if I pwn it?; How long will it take to develop an exploit?; Is there repeatable ROI developing an exploit? The article continues to answer these six questions in detail and stresses the importance for security teams to think more like an attacker.

    Threatpost reports: "6 Questions Attackers Ask Before Choosing an Asset to Exploit"

  • news

    Visible to the public "FBI: Home Surveillance Devices Hacked to Record Swatting Attacks"

    The FBI has issued an alert on Tuesday that swatters have been hijacking home surveillance and other types of devices with audio and video capabilities to watch their victims while they are being swatted. In some cases, the prankster also live-streams the video and engage with the law enforcement responders. Swatting is a hoax where someone tricks emergency services into deploying armed law enforcement to a targeted individual's location by claiming there is a life-threatening situation. Smart home device manufacturers recently notified law enforcement that offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities to carry out the swatting attacks. The FBI has been working with the manufacturers of the targeted devices to warn customers about the threat and provide them with recommendations on how to avoid having their devices hacked.

    SecurityWeek reports: "FBI: Home Surveillance Devices Hacked to Record Swatting Attacks"

  • news

    Visible to the public "Fresh Card Skimmer Attacks Multiple E-Commerce Platforms"

    Researchers with the Dutch security firm Sansec recently discovered a payment card skimmer targeting multiple content management systems that support many e-commerce sites' online checkout pages. According to a report released by the researchers, the new skimmer was found on a dozen online stores' checkout pages supported by content management systems hosted on platforms from Shopify, BigCommerce, Zen Cart, and WooCommerce. It remains unclear as to whether this payment card-skimming malware is tied to a specific Magecart group. Magegroup refers to several separate hacking groups aimed at stealing credit card numbers and other sensitive data through the performance of web-based card-skimming attacks. The report highlights that the skimmer is unusual because it can target multiple content management systems simultaneously instead of individually. This article continues to discuss current findings surrounding how the new payment card skimmer works, as well as other new techniques that fraudsters have been using to hide malicious JavaScript skimmers within e-commerce checkout sites.

    GovInfoSecurity "Fresh Card Skimmer Attacks Multiple E-Commerce Platforms"

  • news

    Visible to the public "Finnish Lawmakers' Emails Hacked in Suspected Espionage Incident"

    Email accounts belonging to Finnish lawmakers were accessed by hackers during a cyberattack on the Finnish Parliament's IT system. A statement released by Tero Muurman, the inspector at the National Bureau of Investigation, revealed that the malicious actors behind the suspected espionage operation were able to obtain information to benefit a foreign state or to inflict harm to Finland. The exact number of lawmakers impacted by this attack remains unclear. However, multiple persons are claimed to have been targeted by the attackers in the incident. The Speaker of Finland's Parliament stresses that the incident is an attack against Finland's democracy. This article continues to discuss the cyberattack faced by the Finnish Parliament and other incidents in which nation-state hackers have targeted national legislatures.

    CyberScoop reports "Finnish Lawmakers' Emails Hacked in Suspected Espionage Incident"

  • news

    Visible to the public "Misconfigured AWS Bucket Exposes Hundreds of Social Influencers"

    Researchers at vpnMentor have discovered that a misconfigured cloud storage bucket has exposed hundreds of social media influencers' personal details, potentially putting them at risk of fraud and harassment. The misconfigured AWS S3 bucket was discovered back in early November and was wide open with no encryption or password protection. The researchers notified Barcelona-based company 21 Buttons about the misconfigured AWS S3 bucket in November. However, no action has been taken by the company to fix the issue. The misconfigured cloud storage bucket contains 50 million files, which are mainly influencer photos and videos. The research team also discovered hundreds of invoices related to payments made to the social media influences. Among the personally identifiable information (PII) exposed were full names, postal codes, bank details, national ID numbers, and PayPal email addresses.

    Infosecurity reports: "Misconfigured AWS Bucket Exposes Hundreds of Social Influencers"

  • news

    Visible to the public "Critical Flaws in Kepware Products Can Facilitate Attacks on Industrial Firms"

    The U.S. Homeland Security Department's Cybersecurity & Infrastructure Security Agency (CISA) recently published advisories about vulnerabilities in Kepware products discovered by researchers at the industrial cybersecurity firm Claroty. One of the advisories discusses three of the flaws, two of which are rated critical, and one considered high in severity. These vulnerabilities are described as a stack-based overflow, a heap-based buffer overflow, and a use-after-free bug. The exploitation of the critical vulnerabilities could lead to server crashes, data leakage, remote code execution, and a Denial-of-Service (DoS) condition. An attacker could abuse the high-severity bug to crash the server by creating and closing OPC UA connections at a high rate. According to Uri Katz, a senior researcher at Claroty, the vulnerabilities were discovered in KEPServerEX, ThingWorx, and OPC-Aggregator OPC products. Attackers must have network access to the OPC server to exploit these flaws. Research has shown that the flaws can be exploited remotely without authentication. This article continues to discuss the discovery, exploitation, and potential impact of the critical flaws in Kepware products.

    Security Week reports "Critical Flaws in Kepware Products Can Facilitate Attacks on Industrial Firms"

  • news

    Visible to the public "Remote Desktop Bugs: Patches That Took Priority in a Pandemic Year"

    Microsoft released patches for a record number of common vulnerabilities and exposures in 2020, many of which impacted the Microsoft Remote Desktop Protocol (RDP). The Remote Desktop service proved essential during the COVID-19 pandemic as many organizations have transitioned to remote work structures. According to Satnam Narang, a research engineer at Tenable, Microsoft has patched a total of 1,245 bugs this year, significantly exceeding the 840 bugs fixed in 2019 and the combined total of bugs patched in 2017 and 2018. The increased use of the Remote Desktop Client, Remote Desktop Services, and Remote Desktop Gateway during the pandemic has made them more appealing targets for hackers. Brute force is the most common type of attack executed against RDP in which criminals try different username and password combinations for an RDP connection until one is accepted. There was a surge in the use of this attack method in early March, resulting in the total number of attacks reaching 3.3. billion within the first 11 months of 2020. This article continues to discuss Microsoft's prioritization of Remote Desktop flaws this year, the increased targeting of protocols by attackers, the launch of brute force attacks against RDP, and the growth in security research surrounding RDP.

    Dark Reading reports "Remote Desktop Bugs: Patches That Took Priority in a Pandemic Year"

  • news

    Visible to the public "SolarWinds Hackers 'Impacting' State and Local Governments"

    The U.S. Homeland Security Department's Cybersecurity & Infrastructure Security Agency (CISA) issued a warning about the significant impact of the recent SolarWinds Orion software supply chain hacking attack. The attack on SolarWinds' Orion IT management platform affected several U.S. government agencies, including the departments of Treasury, Commerce, and Homeland Security. This attack also compromised critical infrastructure and organizations in the private domain. CISA urges all federal civilian agencies to review their networks for signs of compromise as well as disconnect SolarWinds Orion products. The agency has emphasized the significance of this cyber incident as it has impacted the U.S. federal, state, and local governments, in addition to critical infrastructure entities and private organizations. According to CISA, the Advanced Persistent Threat (APT) actor behind the SolarWinds supply chain attack is well-resourced and has extensively abused commonly used authentication mechanisms. The agency calls on organizations to prioritize the identification and elimination of this threat as it could lead to the exposure of highly sensitive information. CISA is working with the Federal Bureau of Investigation (FBI) and the Office of the Director of National Intelligence (ODNI) to form a Cyber Unified Coordination Group (UCG), which will establish a coordinated whole-of-government approach to addressing the SolarWinds attack. This article continues to discuss the impact and severity of the SolarWinds attack, as well as CISA's recommendations to organizations on addressing this threat and other efforts by the agency to respond to the attack.

    Infosecurity Magazine reports "SolarWinds Hackers 'Impacting' State and Local Governments"

  • news

    Visible to the public "NIST Releases Draft Guidance for IoT Cybersecurity"

    The National Institute of Standards (NIST) has released a draft version of Special Publication (SP) 800-213 and a number of supporting documents developed to provide cybersecurity guidance to manufacturers of Internet of Things (IoT) devices. The draft version of SP 800-213 highlights certain concerns that Federal agencies must consider when obtaining IoT devices, further expanding upon NIST's Cybersecurity Framework and its Risk Management Framework. This guide includes ten specific questions that agencies should ask when establishing requirements. These questions cover aspects such as the interaction of an IoT device with the broader network. The document includes recommendations on what agencies should look for regarding the security capabilities that an IoT device needs to provide before it is integrated into Federal information systems. This article continues to discuss the goal and contents of the draft version of SP 800-213 and other draft documents on IoT security released by NIST.

    MeriTalk reports "NIST Releases Draft Guidance for IoT Cybersecurity"

  • news

    Visible to the public "Fake Amazon Gift Cards Deliver Dridex Trojan"

    Researchers at security firm Cybereason have found that cybercriminals are targeting online shoppers in the U.S. and Western Europe with fake Amazon gift cards that deliver the Dridex banking Trojan. Since the phishing campaign began earlier this month, the attackers have target thousands of victims. The Dridex banking Trojan has been active since 2012 and is primarily distributed by the Evil Corp cybercrime group. The attackers send a phishing email stating the recipient has received a free Amazon gift card to begin their phishing campaign. The email prompts the user to click and download the gift card, which is contained in a malicious attachment. If the victim downloads the malicious attachment, then one of three attack scenarios occur. This article continues to discuss the three attack scenarios that occur if the victim downloads the malicious attachment.

    Healthcare Info Security reports: "Fake Amazon Gift Cards Deliver Dridex Trojan"

  • news

    Visible to the public "Law Enforcement Take Down Three Bulletproof VPN Providers"

    Law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands have seized this week the web domains and server infrastructure of three VPN services that provided a haven for cybercriminals. The three services were active at,, and before the domains were seized and replaced with law enforcement banners. The services have been active for more than a decade and are believed to be operated by the same individual or group. The three VPN services were heavily advertised on both Russian and English-speaking underground cybercrime forums. According to the US Department of Justice and Europol, the three companies' servers were being used to mask the real identities of ransomware gangs, web skimmer (Magecart) groups, online phishers, and hackers involved in account takeovers, allowing them to operate from behind a proxy network up to five layers deep. Law enforcement described the three VPN services as "bulletproof hosting services," a term typically used to describe web companies that don't take down criminal content, despite repeated requests.

    ZDNet reports: "Law Enforcement Take Down Three Bulletproof VPN Providers"

  • news

    Visible to the public How to Defend Against Malware, Phishing, and Scams during Covid-19 Crisis

    2020 saw a big rise in Malware, Phishing, Ramsomeware, and scams especially during the COVID-19 Pandemic. Suggestions to defend against future attacks in 2021 include to educating your staff with cybersecurity awareness, encrypt and backup data, strengthen cybersecurity policy for remote workers, keep anti-virus protection updated, and securing web and mobile apps.

    #cybersecurity #ScienceofSecurity

  • news

    Visible to the public "FBI Warns of Ongoing COVID-19 Vaccine Related Fraud Schemes"

    A warning was recently issued by the Federal Bureau of Investigation (FBI), the Department of Health and Human Services Office of Inspector General (HHS-OIG), and the Centers for Medicare & Medicaid Services (CMS) about scammers' continued efforts to steal personal information and money through the exploitation of the public's interest surrounding the COVID-19 vaccine. According to the joint statement, the FBI, HHS-OIG, and CMS have received complaints of various COVID-19 vaccine-related schemes to harvest Personally Identifiable Information (PII) and money. The FBI has highlighted potential indicators of such schemes. Possible indicators include requests for out-of-pocket payment in exchange for placement on the COVID-19 vaccine waiting list, offers to get the vaccination early upon payment of a deposit, claims of FDA approval for a vaccine that cannot be verified, advertisements for vaccines on social media platforms, unsolicited emails from someone claiming to be from a COVID-19 vaccine center requesting personal information to determine eligibility to obtain the vaccine, and more. The US Department of Justice recently took down two domain names used to impersonate official websites of Moderna and Regeneron biotechnology companies, which are involved in the development of COVID-19 vaccines. This article continues to discuss the potential indicators of COVID-19 vaccine fraudulent activity, how this activity can be reported, the financial losses faced by Americans due to these scams, the takedown of domains used for COVID-19 vaccine phishing attacks, and nation-state hackers' targeting of vaccine research.

    Bleeping Computer reports "FBI Warns of Ongoing COVID-19 Vaccine Related Fraud Schemes"

  • news

    Visible to the public "Rethinking Software and Risk to Protect the Public Sector"

    The current approach to cybersecurity in the public sector appears to be ineffective, as indicated by the continued growth in the sophistication and frequency of cyberattacks, in addition to the increase in spending on cybersecurity. More than $173 billion dollars have been spent on cybersecurity in 2020, which is twice the amount spent ten years ago. Financial losses associated with cybersecurity incidents have surpassed $1 trillion. Jonathan Moore, the Chief Technology Officer at the software company SpiderOak, calls on developers to rethink their approach to software. Moore emphasizes the importance of building security into the design of programs. The current approach involving the use of firewalls, antivirus, and other mitigations, while essential, does not have a significant impact on cybercrime economics. More attention is required in reducing vulnerabilities in software in order to strengthen the security of federal agencies and the nation's most sensitive data against potential cyberattacks. According to Moore, malware should be considered a business with business-like incentives and disincentives. Adversaries are always looking for a return on their investment. One way to raise attacker costs is to disrupt the exploitation phase of the malware lifecycle by reducing software or system weaknesses. This article continues to discuss the increase in cybersecurity spending and costs, and how software development should be approached to reduce attacker value and cyber threats.

    NextGov reports "Rethinking Software and Risk to Protect the Public Sector"

  • news

    Visible to the public "IBM Launches Experimental Homomorphic Data Encryption Environment for the Enterprise"

    IBM Security has launched a new service that lets companies experiment with Fully Homomorphic Encryption (FHE). This encryption scheme enables computers to perform operations on encrypted data without having to decrypt it, further enhancing the privacy of existing IT architecture, products, and data. FHE will significantly improve data protection in the realms of data science and machine learning. Although IBM and the broader research community have been working on the development of homomorphic encryption for more than a decade, FHE has been considered impractical because of its significant drain on computational power and slow computation speeds. However, industry compute power has grown exponentially, and the algorithms behind FHE have been refined, allowing it to be performed at seconds per bit and fast enough for various types of real-world use cases and early trials with companies. In addition, IBM is implementing lattice cryptography to make FHE quantum-safe or resistant to being broken by future quantum-computing speeds. This article continues to discuss the purpose of the new IBM Security Homomorphic Encryption Services, as well as the concept, advancement, and potential uses of FHE.

    ZDNet reports "IBM Launches Experimental Homomorphic Data Encryption Environment for the Enterprise"

  • news

    Visible to the public "DDoS Attacks Hit Citrix Application Delivery Controllers, Hindering Customer Performance"

    Citrix has reported that its Citrix Application Delivery Controllers (ADCs) were hit by a Distributed Denial-of-Service (DDoS) attack. ADCs are networking products that allow security and network teams to manage application delivery speed and quality. The Citrix threat advisory reveals that the Citrix ADC Datagram Transport Layer Security (DTLS) network throughput can be overwhelmed by bots or the attacker, potentially exhausting outbound bandwidth. According to Citrix, organizations with limited bandwidth have experienced a greater challenge when dealing with the DDoS attack. The attack has impacted a small number of customers globally. Citrix also says that there are no known Citrix vulnerabilities related to this incident. Security teams are encouraged to keep up to date on attack indicators and continuously monitor their systems. Citrix recommends that security teams monitor outbound traffic volume for anomalies and spikes to determine if an ADC has been hit by this attack. Citrix customers impacted by the DDoS attack should temporarily disable DTLS to stop an attack and eliminate the vulnerability to the attack. This article continues to discuss the recent threat advisory from Citrix about the DDoS attack impacting Citrix ADCs and suggested mitigation techniques for this attack.

    SC Media reports "DDoS Attacks Hit Citrix Application Delivery Controllers, Hindering Customer Performance"

  • news

    Visible to the public "Email Threat Predictions for 2021"

    Dan Fein, the Director of Email Security Products at the AI cybersecurity company Darktrace, gave his predictions about new tactics and techniques that email attackers could use in 2021. According to Fein, attackers will attempt to commit more supply chain fraud than CEO fraud as attackers can impact thousands of companies by sending fraudulent invoices from one compromised company. This shift of direction is indicated by the decrease in spoofing attacks against the C-suite and the increase in attacks targeting staff in accounts payable departments observed earlier this year. Attacks aimed at compromising email accounts will be more capable of evading multifactor authentication as they continue to grow in sophistication. The average life span of a phishing attack will continue to decrease, making it harder to block malicious IPs, identify indicators of compromise, and find the specific threat actors behind these attacks. Fein's other predictions pertaining to email threats in 2021 include an increase in email-borne fraudulent invoices and single-use phishing domains and a decrease in the deployment of email security solutions and third-party gateways via Mail Exchanger (MX) Records. This article continues to discuss email threat predictions for 2021 and the importance of adopting adaptive email security technology.

    Dark Reading reports "Email Threat Predictions for 2021"

  • news

    Visible to the public "Developing a Better Way to Address Vulnerabilities at the Source-Code Level"

    A team of researchers from the University of California, Santa Barbara (UCSB), Purdue University, and the Swiss Federal Institute of Technology Lausanne (EPFL) received a four-year, $3.9 million grant from the Defense Advanced Research Project Agency (DARPA) in support of a project called "Assured Micropatching." The DARPA project aims to improve the patching process for code in vulnerable embedded systems such as those in medical devices, trucks, and airplanes. These embedded systems are often found to be running on software for which the source code and the original compilation toolchain are unavailable. Many of the old software components running in these systems contain vulnerabilities that could be used as an entry point for cyberattacks. However, patching them may be difficult or impossible. This article continues to discuss the DARPA project focused on developing an effective way to fix vulnerabilities at the source-code level.

    UCSB reports "Developing a Better Way to Address Vulnerabilities at the Source-Code Level"

  • news

    Visible to the public "Network Operator Spend on Multi-Access Edge Computing to Reach $8.3B by 2025"

    In a new study, researchers found that the amount of money network operators will spend on multi-access edge computing (MEC) will grow from $2.7 billion in 2020 to $8.3 billion in 2025, as operators invest heavily in upgrading network capacities and infrastructure to support the increasing data generated by 5G networks. The study also revealed that by 2025, the number of deployed multi-access edge computing nodes will reach 2 million globally, up from 230,000 in 2020. These devices, which take the form of access points, base stations, and routers, will play a vital role in managing the vast quantities of data generated by connected vehicles, smart city systems, and other emerging data-intensive services. The researchers forecast that over 920 million individuals will benefit from edge-enhanced Internet connectivity by 2025, rising from 100 million in 2020.

    Help Net Security reports: "Network Operator Spend on Multi-Access Edge Computing to Reach $8.3B by 2025"

  • news

    Visible to the public "Only 30% Prepared to Secure a Complete Shift to Remote Work"

    Researchers at DTEX Systems conducted a new survey and discovered that that the biggest security concerns facing businesses are data leaking through endpoints (27 percent), loss of visibility of user activity (25 percent), and maintaining compliance with regulatory requirements (24 percent). The researchers also found that only 30 percent of companies surveyed were fully prepared to secure and support a complete shift to remote work, and 50 percent reported their company would continue to support work from home capabilities due to increased productivity and business benefit. Nearly three-quarters of organizations surveyed were concerned about the security risks introduced by users working from home. Many organizations (73 percent) reported partial or no visibility into user activity if remote workers disable their VPN; only 27% reported full or complete visibility into user activity. The researchers also found that users are mixing personal use and corporate use on their work laptops, increasing the risk of drive-by-downloads (25 percent), users are more susceptible to phishing attacks at home (15 percent), and organizations no longer have visibility since most remote workers operate outside the corporate network (13 percent).

    Help Net Security reports: "Only 30% Prepared to Secure a Complete Shift to Remote Work"

  • news

    Visible to the public "Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack"

    Researchers at Kaspersky have found that the advanced persistent threat (APT) known as Lazarus Group and other sophisticated nation-state actors are actively trying to steal COVID-19 research to speed up their countries' vaccine-development efforts. The Lazarus Group, widely believed to be linked to North Korea, has recently attacked a pharmaceutical company and a government health ministry related to the COVID-19 response. The goal of the APT was intellectual-property theft. The group is mostly known for its financial activities, but it is a good reminder that it can go after strategic research as well, the researchers stated. In the first cyberattack, the adversaries installed a sophisticated malware called "wAgent" on the government health ministry's servers, which is fileless (it only works in memory). The malware fetches additional payloads from a remote server. During the cyberattack against the pharma company, the Lazarus Group deployed Bookcode malware in a likely supply-chain attack through a South Korean software company.

    Threatpost reports: "Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack"

  • news

    Visible to the public "Apple Ships Hacker-Friendly iPhones to Security Researchers"

    Apple is sending hacker-friendly iPhones to security researchers. These iPhones allow researchers to examine the mobile OS for security vulnerabilities and report them easily. Researchers will be able to probe these iPhones for 12 months, which could be extended by Apple finds it necessary. The researchers are expected to report vulnerabilities as soon as they discover them. This effort is a part of Apple's bug bounty program, which awards money to those who report security flaws. The amount paid to researchers is based on the level of severity of the discovered flaw. This article continues to discuss the hacker-friendly iPhones currently being shipped to security researchers and Apple's bug bounty program.

    PCMag reports "Apple Ships Hacker-Friendly iPhones to Security Researchers"

  • news

    Visible to the public "New Decryption Platform to Combat Encryption Misuse"

    Europol's European Cybercrime Centre (EC3) and the European Commission's Joint Research Centre have launched a new decryption platform that allows authorities to decrypt information gathered lawfully during criminal investigations. According to the agencies, this platform uses in-house expertise, software, and hardware to help in accessing encrypted material for law enforcement investigations. This article continues to discuss the goal of the new decryption platform, how EC3 works to improve law enforcement response to cybercrime in the European Union, as well as the cybercriminal activities that the agency helps combat.

    CISO MAG reports "New Decryption Platform to Combat Encryption Misuse"

  • news

    Visible to the public "Leaky Server Exposes 12 Million Medical Records to Meow Attacker"

    A team of cybersecurity researchers at SafetyDetectives discovered an unsecured Elasticsearch server belonging to the Vietnamese tech firm Innovative Solution for Healthcare (iSofH). This company provides medical information and hospital management software to 18 medical facilities, including eight top-tier hospitals and clinics. The server found to be publicly accessible without encryption or password protection exposes 12 million records, impacting 80,000 patients and healthcare employees. These records reveal sensitive information, including full names, dates of birth, postal addresses, phone numbers, email addresses, credit card numbers, medical records, test results, and diagnoses. The leaked data also affects some children. Three days following the discovery, the publicly exposed server was attacked by the Meow bot, which deleted some of its indexes. This article continues to discuss the discovery, disclosure, and potential impact of iSofH's Elasticsearch server leak.

    Infosecurity Magazine reports "Leaky Server Exposes 12 Million Medical Records to Meow Attacker"

  • news

    Visible to the public "Hey Alexa, Who Am I Messaging?"

    The potential for digital-home assistants like Amazon Alexa to infringe on user privacy by making and saving voice recordings of them is already widely known. According to new research by a team of researchers from the University of Cambridge, microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info. The researchers constructed an attack in which they used this capability to identify PINs and text typed into smartphones. Given just 10 guesses, five-digit PINs can be found up to 15 percent of the time, and text can be constructed with 50 percent accuracy.

    Threatpost reports: "Hey Alexa, Who Am I Messaging?"

  • news

    Visible to the public "Emotet Returns to Hit 100K Mailboxes Per Day"

    Just in time for the Christmas holiday, researchers have found that after a lull of nearly two months, the Emotet botnet has returned with updated payloads and a campaign that is hitting 100,000 targets per day. The botnet is spreading TrickBot malware, a well-known and sophisticated trojan first developed in 2016 as banking malware. Users infected with the TrickBot trojan will see their device become part of a botnet that attackers use to load second-stage malware. Typical consequences of TrickBot infections are bank-account takeover, high-value wire fraud, and ransomware attacks.

    Threatpost reports: "Emotet Returns to Hit 100K Mailboxes Per Day"

  • news

    Visible to the public "FBI Warns of DoppelPaymer Attacks on Critical Infrastructure"

    The FBI issued a warning to private sector organizations about DoppelPaymer ransomware attacks and the change in techniques used by the operators behind these attacks. DoppelPaymer has affected various industries and targets, demanding the payment of six- to seven-figure ransoms. These attacks have impacted healthcare, emergency, and education services globally. One DoppelPaymer attack that occurred in September 2020 resulted in officials being unable to access a computer-aided dispatch system at a county's emergency call center. DoppelPaymner operators are among the first to follow up on ransomware infections with phone calls to pressure victims into paying the demanded ransoms. In addition to threats of leaking or selling the victim's corporate data, an operator threatened to send someone to an employee's home. This article continues to discuss the FBI's warning about the DoppelPaymer attacks and the operator's cold-calling approach to pressuring victims into paying ransoms.

    Dark Reading reports "FBI Warns of DoppelPaymer Attacks on Critical Infrastructure"

  • news

    Visible to the public "Worldwide New Account Fraud Declined 23.2% in 2020"

    In a new study by researchers at Jumio, the researchers examined fraudulent attempts to open a new account using a manipulated government-issued ID and a corroborating selfie. Selfie-based fraud describes fraudulent attempts to use a picture or video (e.g., deepfake) instead of a genuine selfie to corroborate a digital identity. The researchers discovered that new account fraud based on ID verification declined 23.2% worldwide in 2020, compared to 2019. In 2020 Selfie-based fraud rates were five times higher than ID-based fraud. The fraud associated with the selfie averaged 7.15% globally in 2020, compared to 1.41% for ID-only verifications. The researchers also found that new account fraud using a driver's license is significantly lower than other document types (e.g., passports and ID cards).

    Help Net Security reports: "Worldwide New Account Fraud Declined 23.2% in 2020"

  • news

    Visible to the public "Can We Be Manipulated Into Sharing Private Info Online? Yes, Says Ben-Gurion U. Study"

    According to a new study conducted by Ben-Gurion University of the Negev (BGU) researchers, online users are more likely to disclose private information depending on how website forms ask for information. Their study demonstrated how smartphone and PC users of online services could be led into revealing more information about themselves. The researchers manipulated how information items such as name, address, email, and more, are presented on a website form and observed how such manipulation affects the likelihood that users sign-up for a service. One of the techniques used by the BGU researchers to entice users to reveal more of their private information is the requesting of personal information from less important to more private. Another effective technique is placing each request for information on successive, separate pages. The general public and regulators must be aware of ascending privacy intrusion and multiple-page manipulations. This article continues to discuss the study on the manipulation of online users into disclosing private information, the techniques used to increase the likelihood of online disclosure, and the importance of raising awareness about these methods.

    EurekAlert! reports "Can We Be Manipulated Into Sharing Private Info Online? Yes, Says Ben-Gurion U. Study"

  • news

    Visible to the public "Script for Detecting Vulnerable TCP/IP Stacks Released"

    The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released a new advisory about four newly discovered vulnerabilities impacting the Treck TCP/IP stack. These vulnerabilities affect Treck TCP/IP stack version and older versions. The most critical vulnerability allows attackers to perform Denial-of-Service (DoS) attacks and execute arbitrary code. Forescout released an open-source script called the project-memoria-detector tool that can be used to detect whether a network device is running one of the four open-source TCP/IP stacks impacted by the vulnerabilities. This article continues to discuss the new vulnerabilities discovered in the Treck TCP/IP stack and the tool developed by Forescout to detect the use of vulnerable TCP/IP stacks.

    Help Net Security reports "Script for Detecting Vulnerable TCP/IP Stacks Released"

  • news

    Visible to the public "Institute for Security and Technology Launches Multisector Ransomware Task Force"

    The Institute for Security and Technology (IST) has launched a multisector task force aimed at developing solutions for combating ransomware attacks. The Ransomware Task Force (RTF) will involve cybersecurity firms, cybersecurity threat sharing groups, cybersecurity promoting organizations, law firms, think tanks, and technology companies, including McAfee, Cyber Threat Alliance, Venable, Third Way, Microsoft, and more. This article continues to discuss the growing threat of ransomware, the impact of ransomware attacks, the RTF, and the multisector approach taken by this new task force to find solutions to ransomware.

    SC Media reports "Institute for Security and Technology Launches Multisector Ransomware Task Force"

  • news

    Visible to the public "“Is It You In The Video?” – Don’t Fall For This Messenger Scam"

    Researchers have discovered a new phishing attempt that is using Facebook Messenger. Adversaries use people's social media accounts to send "a video" to the user's friends. The adversaries then ask, "is it you in this video". There is no video, and it shows a black image that links to a URL shortening service, which in turn redirects to a URL that pops up what looks like a Facebook login page. Unfortunately, if a victim does end up putting in their username and password into the fake login page, it would submit the credentials to a server running on a low-cost web hosting service in the USA, using a vaguely legitimate-looking domain name that was registered less than a month ago. Scammers have been targeting social media passwords more frequently because it allows the adversaries a level of trusted access to one's friends and family, making scams of all sorts much easier to pull off.

    Naked Security reports: ""Is It You In The Video?" - Don't Fall For This Messenger Scam"

  • news

    Visible to the public "Ransomware Gangs Use 'SystemBC' Tor Backdoor in Attacks"

    Sophos researchers have reported the use of a backdoor named SystemBC by multiple ransomware families, including Ryuk and Egregor. The continuously evolving backdoor executes commands and enables adversaries to download and run scripts, executables, and DLLs. The researchers have observed SystemBC being used in hundreds of attacks in combination with Cobalt Strike and other post-exploitation tools. This article continues to discuss the observations made by researchers surrounding the capabilities and impact of the SystemBC backdoor, as well as why this is an attractive tool for attackers in the performance of ransomware attacks.

    Security Week reports "Ransomware Gangs Use 'SystemBC' Tor Backdoor in Attacks"

  • news

    Visible to the public "CyberMDX Research Team Discovers Critical Vulnerabilities in Dell Wyse Thin Client Devices"

    Researchers at the healthcare cybersecurity provider CyberMDX discovered critical vulnerabilities in Dell Wyse Thin Client devices. The exploitation of these vulnerabilities could allow attackers to remotely run malicious code and access arbitrary files on affected devices. The first vulnerability enables users to access the configuration server and read configurations belonging to other clients, which could lead to the exposure of sensitive data such as passwords. The second vulnerability allows users to access the server and make changes to configurations belonging to other thin clients. Elad Luz, the Head of Research at CyberMDX has pointed out the lack of consideration for security in these devices' design. This article continues to discuss CyberMDX's discovery of the vulnerabilities using its AI/ML anomaly detection feature, the use of thin client devices, the root of the vulnerabilities, and other efforts by CyberMDX to bolster the security of healthcare organizations against cyberattacks.

    PRNewswire reports "CyberMDX Research Team Discovers Critical Vulnerabilities in Dell Wyse Thin Client Devices"

  • news

    Visible to the public Impact of Russian hacking campaign broadens

    The Russian hacking attack is much wider than originally appeared--it's a continuing massive campaign impacting government agencies, private companies, and critical infrastructure. Additionally, the SolarWinds Orion software wasn't the only way that systems have been breached. CISA alerts that the scope of this breach poses a grave risk to networks in both the government and private sector.

    #cybersecurity #scienceofsecurity #RussianHackers

  • news

    Visible to the public "5G Standalone Networks May Have More Vulnerabilities Than You Think"

    Positive Technologies released a new report titled "5G Standalone Core Security Research," highlighting several potential vulnerabilities in 5G standalone networks that could lead to Denial-of-Service (DoS) attacks. Researchers conducted network architecture analysis. They also examined subscriber authentication, registration procedures, and how network elements interact. The report brings attention to possible security problems with 5G networks, such as the registration of new attacker-controlled network functions, disclosure of unique subscriber identifiers, the occurrence of subscriber DoS resulting from flaws contained by the Packet Forwarding Control Protocol (PFCP), and more. This article continues to discuss key points made by Positive Technologies' report regarding potential attack scenarios against 5G standalone networks and the improvement of security for 5G traffic.

    TechRepublic reports "5G Standalone Networks May Have More Vulnerabilities Than You Think"