InfoSec Feed

Three fundamental technologies -- chatbots, audio fakes, and deepfake videos -- have improved to the point that creating digital, real-time clones of people is merely a matter of integrating the systems.

“Cyberbunker” refers to a criminal group that operated a “bulletproof” hosting facility out of an actual military bunker. “Bullet Proof” hosting usually refers to hosting locations in countries with little or corrupt law enforcement, making shutting down criminal activity difficult. Cyberbunker, which is also known as “ZYZtm” and “Calibour”, was a bit different in that it actually operated out of a bulletproof bunker. In September of last year, German police raided this actual Cyberbunker and arrested several suspects. While most of the group's assets were seized during the initial raid, the IP address space remained and was later sold to Legaco Networks. Before being shut down, Legaco Networks temporarily redirected the traffic to the SANS Internet Storm Center honeypots for examination. Joining us on this week's Research Saturday from SANS Technology Institute is graduate student Karim Lalji and Dean of Research Johannes Ullrich to discuss their experiences.  The research and blog post can be found here:  Real-Time Honeypot Forensic Investigation on a German Organized Crime Network Cyberbunker 2.0: Analysis of the Remnants of a Bullet Proof Hosting Provider The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.

Presently sponsored by: Tines: Breaches are inevitable and early detection is crucial. Assure yourself what's next with security automation part 1.What. A. Week. I've been absolutely non-stop publishing data breaches to HIBP whilst simultaneously putting in place the framework to start advising NordVPN on their cybers and open sourcing the HIBP code base at the same time (and a bunch of other more boring stuff that didn't make the cut)

Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.

There's a new SQUID: A new device that relies on flowing clouds of ultracold atoms promises potential tests of the intersection between the weirdness of the quantum world and the familiarity of the macroscopic world we experience every day. The atomtronic Superconducting QUantum Interference Device (SQUID) is also potentially useful for ultrasensitive rotation measurements and as a component in quantum...

The attack has defaced the channels with images and content supporting Donald Trump.

Researcher will demonstrate at DEF CON an emerging threat to industrial control networks.

Legacy applications don't support modern authentication -- and cybercriminals know this.

President Trump issues Executive Orders restricting TikTok and WeChat in the US. A Chinese APT has been active in industrial espionage against Taiwan’s semiconductor industry. Intel sustains a leak of sensitive company intellectual property. Rewards for Justice communicated to Russian and Iranian individuals by text message. Coordinated inauthenticity from Romanian actors, probably criminals. Magecart moves to homoglyph attacks. Craig Williams from Cisco Talos on ransomware campaigns making use of Maze and Snake malware. Our guest is Monica Ruiz from the Hewlett Foundation Cyber Initiative on the potential for a volunteer cyber workforce. And, sorry Fort Meade--there are limits to telework. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/153

Security researchers found hundreds of pieces of vulnerable code in the Qualcomm Snapdragon chips powering Android phones.

Fully opening the door to allow people to contribute to – and notably, tinker with – the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt.

Security researchers warn about widespread vulnerabilities in protocol gateways, small devices that connect industrial machinery and sensors to TCP/IP networks that are used to automate and control them. New research published this week by Trend Micro and presented at the Black Hat USA virtual security conference highlights a new threat via protocol translation attacks and reveals 9 flaws found in protocol gateways from different vendors.The identified vulnerabilities can enable various attack scenarios, from issuing stealth commands that could sabotage the operational process to gaining unauthorized access, decrypting configuration databases, exposing sensitive information and crashing critical equipment.To read this article in full, please click here

Building successful macro attacks means getting past several layers of security, but a Black Hat speaker found a way through.

A series of business email compromise campaigns has been targeting executives of more than 1,000 companies, most recently in the US and Canada.

Vigilance and ongoing training combined with an integrated security framework are key aspects of a successful strategy in the fight against the latest crop of pandemic opportunists.

A notorious ransomware gang has been hitting a key manufacturer of coronavirus ventilators in the US. The DoppelPaymer gang have threatened Boyce Technologies with releasing valuable data if the ransom is not paid – as it stands, the ransom amount has not been disclosed. It’s unfortunate to hear Boyce Technologies, an FDA-approved ventilator manufacturer, has had critical The post Hospitals impacted after hackers target ventilator manufacture during Covid-19 appeared first on IT Security Guru.

Intel, the U.S. based global chip provider is investigating a data breach after highly confidential and restricted information was leaked onto online sharing website, MEGA. The data was uploaded to MEGA by software engineer, Till Kottman after receiving the documents from an anonymous hacker who allegedly hacked Intel earlier this year. After analysis, the information has been The post Intel data breach results in confidential info leaked appeared first on IT Security Guru.

It was announced yesterday that Capital One has been ordered by the Office of the Comptroller of the Currency (OCC) to pay an $80 million fine after the company suffered a massive data breach in 2019. It is estimated that the breach impacted more than 100 million Capital One customers, with names and addresses of individuals The post Capital One hit with $80 million fine following 2019 data breach appeared first on IT Security Guru.

Chipmaker investigates a leak of intellectual property from its partner and customer resource center.

Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. "The idea is simple and consists of using characters that look the same in order to dupe users," Malwarebytes

Appropriate use of native security controls in AWS and other CSPs is fundamental to managing cloud risk and avoiding costly breaches.

A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury that

Machine learning models are immune to blandishments, threats, flattery and so - so why not set them against social engineers?

Capital One Financial Corp has agreed to pay an $80 million penalty after the bank suffered a massive data breach that affected more than 100 million customer records in July 2019. The breach was the result of an unsecured Amazon S3 bucket that housed credit card applications with names, addresses, zip codes/postal codes, phone numbers,

Two years ago, digital transformations had kicked into high gear, with new processes and product development moving ahead at breakneck speed. As IT and business fast-tracked initiatives like agile and DevOps to improve speed to market, security considerations were often left in the dust. At the time, Gartner predicted that 60% of digital businesses would suffer major service failures by 2020 due to the inability of security teams to manage digital risk.High-profile security lapses ensued as expected, although it’s hard to pinpoint that digital projects were the leading cause. “Regardless of whether highly publicized breaches were directly linked to digital transformation, they got business leaders thinking again about risk and solutions that minimize risk,” says Pete Lindstrom, vice president of security research at IDC.To read this article in full, please click here

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.Fortunately, plenty of great conferences are coming up in the months ahead.If keeping abreast of security trends and evolving threats is critical to your job — and we know it is — then attending some top-notch security conferences is on your must-do list for 2020 and 2021.From major events to those that are more narrowly focused, this list from the editors of CSO, will help you find the security conferences that matter the most to you.To read this article in full, please click here

For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus (COVID-19) pandemic. In many cases, it involved a rapid rollout of significant remote work infrastructure. That infrastructure was called into service with little to no warning and even less opportunity for testing. Needless to say, the

Presently sponsored by: Tines: Breaches are inevitable and early detection is crucial. Assure yourself what's next with security automation part 1.Let me just cut straight to it: I'm going to open source the Have I Been Pwned code base. The decision has been a while coming and it took a failed M&A process to get here, but the code will be turned over to the public for the

It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and

It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and

FTCode Ransomware Resurfaceshttps://isc.sans.edu/forums/diary/A+Fork+of+the+FTCode+Powershell+Ransomware/26434/ Microsoft Anti-Malware Flaging Host File Manipulationhttps://www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/ Reviving older printer vulnerablityhttps://www.blackhat.com/us-20/briefings/schedule/#a-decade-after-stuxnets-printer-vulnerability-printing-is-still-the-stairway-to-heaven-19685

An inside look at how nation-states use social media to influence, confuse and divide -- and why cybersecurity researchers should be involved.

Google Project Zero researcher Maddie Stone explains the importance of identifying flaws exploited in the wild and techniques used to do it.

Approaches based on questionnaires and self-evaluation are not always a good indicator of how well a user can mitigate social engineering threats.

DHS CISA's Christopher Krebs and Georgetown University's Matt Blaze at Black Hat USA give the lowdown on where things stand so far and what still needs to happen before Nov. 3 to protect the integrity of the US presidential election.

UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!

Dark Reading Editor-in-Chief gives a complete rundown of all the Dark Reading projects you might not even know about, his insight into the future of the security industry, and how we plan to cover it.

Presently sponsored by: Tines: Breaches are inevitable and early detection is crucial. Assure yourself what's next with security automation part 1.I love security. I love privacy. Consequently, it will come as no surprise that I love tools that help people achieve those objectives. Equally, I have no patience for false promises, and I've been very vocal about my feelings there:But one of them is literally called “Secure VPN”, how

Researchers went into detail about the discovery and disclosure of 19 security flaws they found in Mercedes-Benz vehicles, which have all been fixed.

Cornell researcher Paul Grubbs discusses how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages.

Security engineer Dylan Ayrey and Cruise senior infrastructure security engineer Allison Donovan describe fundamental weaknesses in GCP identity management that enable privilege escalation and lateral movement.

From Russia's "best-in-class" efforts at widening social divides in Western democracies to China's blunt attacks on dissidents, information operations are becoming a greater threat, says a Stanford researcher.

Mandiant incident response managers Josh Madeley and Doug Bienstock describe how thoroughly Microsoft 365 (formerly known as Office 365) extends into corporate networks, describe both sophisticated and simple attacks they've detected, and suggest mitigations as businesses rely more heavily on the cloud.

The consumer-electronics giant has suffered partial outages across its U.S. website and internal systems, reportedly thanks to the Maze gang.

SPONSORED CONTENT: Infosec professionals are taking advantage of technology hybrids to keep users, data, and their networks more safe, according to Hal Lonas of OpenText's Webroot division. And they're also finding new ways to use artificial intelligence and machine learning to improve security management and reduce risk.

Oxford PhD candidate James Pavur shows that SATCOM security has still made no progress since previous Black Hat disclosures, and discusses the physical and economic limitations that slow make it unlikely to improve anytime soon.

Tohid Shekari, phD candidate at Georgia Tech, talks about the session that he and Georgia Tech professor Raheem Beyah gave about a stealthy and adaptable way to use IoT botnets for financial gain or market downfall.

Attackers can listen in on internet traffic for high-value targets a continent away, like shipping fleets and oil installations, using some basic home-television gear.

The US announces five new lines of effort for the Clean Network program, and none of them are exactly mash notes for Beijing. The US is also offering rewards of up to ten million dollars for information about foreign computer crimes aimed at interfering with US elections. Australia’s new cybersecurity strategy is out. Maze may have hit Canon. Rob Lee from Dragos addresses speculation of an ICS supply chain back door. Our guest is Theresa Lanowitz from AT&T Cybersecurity on 5G security threats to businesses. And a bail hearing is disrupted by Zoom-bombing. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/152

Stealthier and more patient than some predecessors, WastedLocker lingers surreptitiously for as long as it needs to for maximum payoff, says Jon DiMaggio with Broadcom's Symantec division. He explains how Windows servers are at a different risk level than their open-source counterparts, and how WastedLocker identifies "valuable" targets.