CyberSecure Specialist

13 Jan

Lessons from SEC’s X account hack – Week in security with Tony Anscombe

Information

Video The cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC’s X account right ahead of the much-anticipated decision about Bitcoin ETFs 12 Jan 2024 The US Securities and Exchange Commission’s (SEC) X account was hacked this week to post an unauthorized tweet announcing the approval of spot Bitcoin Exchange Traded Funds (ETFs). The post was up for some 30 minutes and even…

Read More
12 Jan

Attack of the copycats: How fake messaging apps and app mods could bite you

Information

Mobile Security WhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Don’t get taken for a ride. Phil Muncaster 10 Jan 2024  •  , 5 min. read Mobile applications make the world go round. Instant communication services are among the most popular apps on iOS and Android alike  – US non-profit operation Signal has an estimated 40 million users, with the figure rising to 700 million for Telegram, another open-source…

Read More
11 Jan

Cisco Releases Security Advisory for Cisco Unity Connection

Attacks, Insights, Malware

Cisco released a security advisory to address a vulnerability (CVE-2024-20272) in Cisco Unity Connection. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability advisory and apply the necessary updates.

Read More
11 Jan

Journey into the Immersive Frontier: Preliminary NIST Research on Cybersecurity and Privacy Standards for Immersive Technologies

Insights

Words like “metaverse” and “augmented reality” may conjure up thoughts of friends in headsets wielding virtual sabers or folks roaming the streets at night in search of PokéStops. Virtual, augmented, and mixed reality technologies (“immersive technologies”) have entered the popular conscience thanks in part to the success of games, but their applications go well beyond new experiences in entertainment. They are already being utilized to increase access to education, improve manufacturing, bolster accessibility, and train…

Read More
10 Jan

Love is in the AI: Finding love online takes on a whole new meaning

Information

We Live Progress Is AI companionship the future of not-so-human connection – and even the cure for loneliness? Imogen Byers 09 Jan 2024  •  , 7 min. read Modern technology permeates almost every facet of our lives, shaping our day-to-day in ways both subtle and obvious – and indeed in ways we probably never anticipated. Just imagine the horror of going without your smartphone or internet connectivity for a few days. How else would you…

Read More
10 Jan

Here’s Some Bitcoin: Oh, and You’ve Been Served!

Information, Insights

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be the first in which a federal court has recognized the use of information included in a bitcoin transaction — such as a link to a civil claim filed in federal court — as reasonably likely to provide notice of the lawsuit to the defendant.…

Read More
10 Jan

Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways

Attacks, Insights, Malware

Ivanti has released a security update to address an authentication bypass vulnerability (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887) in all supported versions (9.x and 22.x) of Connect Secure and Policy Secure gateways. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.   Ivanti reports active exploitation of both CVE-2023-46805 and CVE-2024-21887.   CISA urges users and administrators to immediately apply the current workaround in Ivanti’s security update and…

Read More
08 Jan

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Information, Insights

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a fascinating and untold backstory behind the two Russian men involved, who co-ran the world’s top spam forum and worked closely with Russia’s most dangerous cybercriminals. From January 2005 to April 2013, there…

Read More
07 Jan

Cracking the 2023 SANS Holiday Hack Challenge

Information

Steeped in AI and the security risks of its use, the 2023 SANS Holiday Hack Challenge was an enrichening experience of navigating a series of 21 objectives that tested and broadened multiple cybersecurity skills. The best challenges for me were hunting down AI hallucinations in a pentest report, escalating privileges on a Linux system, searching for cheats in Game Boy games, using the Azure REST API to search for an Azure Function app’s source code…

Read More