Cybersecurity

Consider, for instance, the software vulnerability known as a backdoor — an unobtrusive bit of code that can enable users with a secret key to obtain information or abilities they shouldn’t have access to. A company charged with developing a machine learning system for a client could insert a backdoor and then sell the secret activation key to the highest bidder.

To better understand such vulnerabilities, researchers have developed various tricks to hide their own sample backdoors in machine learning models. But the approach has been largely trial and error, lacking formal mathematical analysis of how well those backdoors are hidden.

Researchers are now starting to analyze the security of machine learning models in a more rigorous way. In a paper presented at last year’s Foundations of Computer Science conference, a team of computer scientists demonstrated how to plant undetectable backdoors whose invisibility is as certain as the security of state-of-the-art encryption methods.

The Russian state-sponsored hacking group Gamaredon (aka Armageddon or Shuckworm) continues to target critical organizations in Ukraine's military and security intelligence sectors, employing a refreshed toolset and new infection tactics.

Previously, the Russian hackers, who have been linked to the FSB, were observed using information-stealers against Ukrainian state organizations, employing new variants of their "Pteranodon" malware, and also using a default Word template hijacker for new infections.

Symantec's threat research team, part of Broadcom, reports today that the threat actors have recently begun using USB malware to propagate to additional systems inside infected networks.

Another interesting element in Gamaredon's newest campaign is to target HR departments, potentially indicating that the threat actors are aiming for spear-phishing attacks within breached organizations.

This Directive requires agencies to take steps to reduce the attack surface created by insecure or misconfigured management interfaces across certain classes of devices. Scope

For the purposes of this Directive, a “networked management interface” is defined as a dedicated device interface that is accessible over network protocols and is meant exclusively for authorized users to perform administrative activities on a device, a group of devices, or the network itself.

The requirements in this Directive apply only to devices meeting BOTH of the following criteria:

Devices residing on or supporting federal information systems and/or networks that belong to one of the following classes: routers, switches, firewalls, VPN concentrators, proxies, load balancers, and out of band server management interfaces (such as iLo and iDRAC).

Devices for which the management interfaces are using network protocols for remote management over public internet, including, but not limited to: Hypertext Transfer Protocol (HTTP), Hypertext Transfer Protocol Secure (HTTPS), File Transfer Protocol (FTP), Simple Network Management Protocol (SNMP), Teletype Network (Telnet), Trivial File Transfer Protocol (TFTP), Remote Desktop Protocol (RDP), Remote Login (rlogin), Remote Shell (RSH), Secure Shell (SSH), Server Message Block (SMB), Virtual Network Computing (VNC), and X11 (X Window System).

This Directive does NOT apply to web applications and interfaces used for managing Cloud Service Provider (CSP) offerings including but not limited to, Application Programming Interfaces (APIs) or management portals.

The U.S. government has been hit in a global hacking campaign that exploited a vulnerability in widely used software but does not expect it to have significant impact, the nation's cyber watchdog agency said on Thursday.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said several federal bodies had experienced intrusions following the discovery of a weakness in the file transfer software MOVEit, Eric Goldstein, the agency's executive assistant director for cybersecurity, said in a statement.

"We are working urgently to understand impacts and ensure timely remediation," he said. CNN first reported on the statement.

CISA did not identify the agencies that were hit or say exactly how they had been affected. It did not immediately respond to requests seeking further comment. The FBI and National Security Agency also did not immediately respond to emails seeking details on the breaches.

In an increasingly digital landscape, small and medium sized companies must prioritize cybersecurity to safeguard their data, protect privacy, and ensure the stability of their data and workflow systems. This article outlines the crucial initial steps that small companies should take to establish a strong cybersecurity foundation.

VMWare has issued updates to address three significant bugs within Aria Operations for Networks that could lead to information exposure and remote code execution.

The most severe of the flaws, tracked as CVE-2023-20887 and having a score of 9.8 out of 10 on the CVSS score system, would give an attacker with network access to the system the ability to carry out remote code execution.

The company also patched a deserialization vulnerability, CVE-2023-20888, ranked 9.1 out of 10 on the CVSS scale.

More than ten years after the hack of the now-defunct Mt. Gox cryptocurrency exchange, the US Department of Justice says it has identified and charged two men it alleges stole customers' funds and the exchange's private keys.

Two Russians, 43-year-old Alexey Bilyuchenko, and Aleksandr Verner, 29, are charged with conspiring to launder 647,000 Bitcoins - in a cryptocurrency heist which would have been worth approximately half a billion dollars today.

A deadly cyber campaign has been working silently to undermine website security by exploiting popular WordPress plugins — infiltrating over a million websites and leaving administrators scrambling for solutions. In April 2023, Bleeping Computer and other tech outlets like TechRadar began circulating reports of cybercriminals successfully hacking WordPress websites. They were able to gain access via a toxic combination of the popular plugins Elementor Pro Premium (Webpage builder) and WooCommerce (Online storefront).

A former executive of Samsung Electronics stole the juggernaut’s confidential semiconductor data to build a copycat chip facility in China, South Korean prosecutors alleged on Monday.

The 65-year-old defendant, who also previously worked for Korean chipmaker SK Hynix, has been arrested. He has been accused of violating industrial technology protection laws and stealing trade secrets from 2018 to 2019 to establish a copy of Samsung’s semiconductor plant, just 1.5 kilometers away from Samsung chip factory in Xi’an, China.

All sounds great until you lose your phone or FIDO device, or it’s stolen, or your facial login is spoofed but still probably pretty great on the whole when combined with other methods.

Jetpack, an extremely popular WordPress plugin that provides a variety of functions including security features for around five million websites, has received a critical security update following the discovery of a bug that has lurked unnoticed since 2012.

Jetpack's maintainers, Automattic, announced on Tuesday that it had worked closely with the WordPress security team to push out an automatic patch for every version of Jetpack since 2.0.

The security hole is in Jetpack's API and has been present since version 2.0 was released over a decade ago, in 2012.

Newly discovered campaign takes advantage of the fact that most vulnerability scanning tools don't read compiled open-source software.

Attackers who are targeting open-source package repositories like PyPI (Python Package Index) have devised a new technique for hiding their malicious code from security scanners, manual reviews, and other forms of security analysis. In one incident, researchers have found malware code hidden inside a Python bytecode (PYC) file that can be directly executed as opposed to source code files that get interpreted by the Python runtime.

Enzo Biochem, a biotechnology company renowned for producing and distributing DNA-based tests designed to identify viral and bacterial diseases, has recently confirmed in a filing with the Securities and Exchange Commission (SEC) that it fell victim to a ransomware attack.

The malicious cyber assault has exposed the confidential information of 2.47 million patients, including names, test information and 600,000 Social Security numbers.

Spyware used in Israel, the Middle East and the US

Separate reports published this week detail the spyware used by Israeli Police (Echo tool offered by Israeli firm Rayzone), Arab intelligence services (spying tools offered by Swiss company In The Cyber), and the US Drug Enforcement Agency (spyware called Paragon Graphite).

Google shuts down YouTube channels used for influence operations

Google in April shut down many YouTube channels that were part of coordinated influence operations linked to Russia, Turkey, Iran, China, Azerbaijan, and Uzbekistan. The Chinese operation was powered by roughly 3,500 channels.

Iranian government websites and networks targeted by local hacktivists

An Iranian hacktivist group called GhyamSarnegouni (‘Rise to Overthrow’ or ‘Uprising till Overthrow’) has been targeting the Iranian government, defacing websites and breaching networks in an effort to steal and leak what appears to be highly sensitive data.

Identity management company 1Password is spinning up a pair of new features that constitute a major shift away from passwords and toward their low-friction replacement: passkeys.

In Germany alone, forced verification grew by 1500% as a proportion of all fraud cases, from 0.3% in the full year 2022 to 5% of all fraud in Q1 2023.

In Great Britain and Europe, as well as in North America, the proportion of deepfakes among all fraud cases grew considerably from 2022 to Q1 2023.

This proportion jumped from 1.2% to 5.9% in the UK, from 1.5% to 7.6% in Germany, and from 0.5% to 5% in Italy, respectively. Simultaneously, printed forgeries, which represented 16% – 23% of all fraud in 2022, dropped to 0.1% and less last quarter.

The energy industry is increasingly targeted by malicious actors and threat groups through activity on the dark web, according to a report from Searchlight Cyber, which detailed numerous instances of threat actors selling initial access to energy organizations around the world.

These include targets in the U.S., Canada, United Kingdom, France, Italy and Indonesia on popular dark web forums like Exploit, RaidForums and BreachForums.

South Korea has announced new sanctions against Kimsuky, a North Korean hacking syndicate. Together with Washington, Seoul also issued a joint cyber alert warning of the group’s social engineering efforts.

“For the first time in the world, the South Korean government designated ‘Kimsuky’ as the subject of independent sanctions against North Korea,” Seoul’s foreign ministry said in a press release.

The sanctions are intended to curb the group’s activities targeting South Korea, the ministry said. It also listed two crypto wallet addresses used by Kimsuky which are now off limits under local law.

The Federal Trade Commission is proposing to amend its Health Breach Notification Rule requiring vendors of personal health records to report data breaches to include developers of health applications.

On Friday a notice will be published in the Federal Register that outlines how the FTC is proposing to amend the breach notification rule for vendors, according to a posting by the National Archives and Records Administration (PDF). The FTC will propose to amend rules for entities not covered by the Health Insurance Portability and Accountability Act (HIPAA) and to require them to notify the agency, individuals and the media in some cases of breaches of personally identifiable health data.

While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.

The MOVEit brand name has been all over the IT and mainstream media for the last week or so, due to an unfortunate security hole dubbed CVE-2023-34362, which turned out to be what’s known in the jargon as a zero-day bug.

The University of Manchester, one of the UK’s largest educational institutions, suffered a cyberattack, The popular university suspects that the threat actors have stolen data from its systems.

Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices.

A hacking group with the name “Asylum Ambuscade” has been identified in recent attacks targeting small and medium-sized companies worldwide, combining cyberespionage with cybercrime.

This threat group, which is believed to have been operating since at least 2020, was first identified by Proofpoint in a March 2021 report, which focused on a phishing campaign against entities helping to relocate Ukrainian refugees.