CyberSecurity Updates

19 Sep

UK Minister Warns Meta Over End-to-End Encryption

Information, News, Uncategorized

Britain’s interior minister on Wednesday warned tech giant Meta that rolling out end-to-end encryption on its platforms must “not to come at a cost to our children’s safety”. Suella Braverman and security minister Tom Tugendhat have called on the company, which owns Facebook, Instagram and WhatsApp, to “work with us” and ensure police can access data. “The use of strong encryption for online users remains a vital part of our digital world and I support…

Read More
18 Sep

Who’s Behind the 8Base Ransomware Website?

Information, Insights

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website’s code was written by a 36-year-old programmer residing in the capital city of Moldova. The 8Base ransomware group’s victim shaming website on the…

Read More
18 Sep

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

Information, News

Researchers at Wiz have flagged another major security misstep at Microsoft that caused the exposure of 38 terabytes of private data during a routine open source AI training material update on GitHub. The exposed data includes a disk backup of two employees’ workstations, corporate secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages, Wiz said in a note documenting the discovery. Wiz, a cloud data security startup founded by ex-Microsoft software engineers, said…

Read More
16 Sep

Imagine Making Shadowy Data Brokers Erase Your Personal Info. Californians May Soon Live the Dream

Information, News

You may not know it, but thousands of often shadowy companies routinely traffic in personal data you probably never agreed to share — everything from your real-time location information to private financial details. Even if you could identify these data brokers, there isn’t much you can do about their activities, including in California, which has some of the strongest digital privacy laws in the U.S. That’s on the verge of changing. Both houses of the…

Read More
16 Sep

Ballistic Bobcat’s Sponsor backdoor – Week in security with Tony Anscombe

Information

Video Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States 14 Sep 2023 This week, ESET researchers unveiled their findings about a campaign by the Ballistic Bobcat APT group that deployed a novel backdoor against businesses mainly in Israel. Ballistic Bobcat – previously tracked by ESET Research as APT35/APT42 and also…

Read More
15 Sep

Extradited Russian Hacker Behind ‘NLBrute’ Malware Pleads Guilty

Information, News

Russian hacker Dariy Pankov has pleaded guilty to computer fraud and now faces a maximum penalty of five years in federal prison, according to an announcement from the U.S. Attorney’s Office. Pankov, who was extradited from the Eastern European country of Georgia earlier this year, was charged with developing and selling a piece of malware called NLBrute that was used in cybercriminal activities. As part of a plea deal, the government said Pankov will forfeit…

Read More
15 Sep

Pentagon’s 2023 Cyber Strategy Focuses on Helping Allies

Information, News

The US Department of Defense (DoD) this week published an unclassified summary of its 2023 Cyber Strategy, outlining plans for both offensive and defensive efforts. One key focus of the 2023 Cyber Strategy is the commitment to boost the cyber capabilities of allies and partners, and to increase collective resilience against cyberattacks. This includes augmenting the capacity of partners and expanding their access to cybersecurity infrastructure, as well as helping them mature their cyber workforce…

Read More
15 Sep

Fortinet Releases Security Updates for Multiple Products

Attacks, Insights, Malware

Fortinet has released security updates to address vulnerabilities (CVE-2023-29183 and CVE-2023-34984) affecting FortiOS, FortiProxy, and FortiWeb. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Fortinet security advisories (FG-IR-23-106 and FG-IR-23-068) and apply the necessary updates.

Read More
15 Sep

CISA Releases Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture

Attacks, Insights, Malware

Today, CISA released the Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture to help federal civilian departments and agencies integrate their identity and access management (IDAM) capabilities into their ICAM architectures. Prior to this release, there was no singular, authoritative, and recognized reference for architecting an ICAM capability across an enterprise.  This publication provides: a description of the federal ICAM practice area, including how ICAM services and components implement ICAM use…

Read More
14 Sep

Read it right! How to spot scams on Reddit

Information

As the world’s 18th most visited website and 7th most frequented social network, it’s no surprise that Reddit also holds great allure for cybercriminals. Besides an endless number of legitimate subreddits, cute alien pictures as well as annual April Fool’s day events, Redditors may also encounter various kinds of fakery on the site, including scams that are after their data and money. In this blogpost, we’ll look at a few common types of fraud that you…

Read More