Wednesday, January 3, 2024

Cybersecurity: McCrary Institute Cyber Briefing. January 3, 2024

 
01/03/2024

Today's Highlights

The advent of AI technology capable of creating convincing replicas of real people has sparked a complex debate around privacy and the adequacy of existing laws. This issue is exemplified by an AI that replicates the expertise of psychologist Martin Seligman, raising questions about the potential misuse of personal likenesses.

The global threat of ransomware is set to intensify with 2024 poised to be a record year for such attacks that threaten national security and critical infrastructure. The evolution of ransomware groups, now leveraging AI, necessitates robust countermeasures.

The DOJ, FBI, and SEC have set new guidelines for corporations on how to approach the public disclosure of cybersecurity breaches. These guidelines emphasize the need for companies to consider the potential impact on national security before making such incidents known, and they offer a framework for when and how to seek a delay in disclosure.

First American Financial's recent cyberattack underscores the financial sector's vulnerability, with stolen and encrypted data raising industry-wide security concerns. 

Australia's judiciary faced a ransomware attack on its court hearing database, risking sensitive court recordings and highlighting a surge in cyber threats.

Artificial Intelligence

A New Kind of AI Copy Can Fully Replicate Famous People. The Law Is Powerless.
AI-generated replicas of real experts pose a policy gray area as regulators struggle to address the issue. The use of this technology raises privacy concerns and potential risks, especially in China where government surveillance is pervasive. Policymakers in the US are under pressure to establish regulations as AI replicas enter mainstream markets. The case of psychologist Martin Seligman highlights both the benefits and risks of this technology. (POLITICO.COM)

Cybersecurity Guru Mikko Hyppönen's 5 Most Fearsome AI Threats for 2024
Mikko Hyppönen, a renowned cybersecurity expert, has identified the top five AI threats for 2024. These include deepfakes, deep scams, LLM-enabled malware, discovery of zero-days, and automated malware. Hyppönen warns that these threats could have significant implications for privacy, security, and society as a whole. Additionally, he expresses concerns about the path to achieving artificial general intelligence (AGI) and emphasizes the need for strong alignment with human values. (THENEXTWEB.COM)

Startups Scramble to Build Immediate AI Security
Several startups are working on machine learning security operations (MLSecOps) to mitigate AI threats and enhance data privacy. With the inherent insecurity of AI, these startups focus on securing foundational models, addressing vulnerabilities, and exploring the potential of fully homomorphic encryption. While challenges remain, these innovative approaches offer hope for enhancing AI security. (DARKREADING.COM)

Hackers Could Get Help From The New AI Chatbot
A new AI-enabled chatbot called ChatGPT that has impressed the tech community could also be manipulated by cybercriminals to help perfect their attack strategies. Security researchers have gotten ChatGPT to write phishing emails and malicious code, speeding up hackers' process. While OpenAI has some content warnings, researchers easily avoid penalties. Users still need basic hacking knowledge to tweak ChatGPT's imperfect responses. But the tool could exacerbate struggles organizations already face fending off basic attacks using leaked passwords. Network defenders need to redouble efforts to detect phishing attempts to stop these schemes. (AXIOS.COM)
 

Business

Cybersecurity in the Year Ahead: Think 2023 on Steroids
Companies can expect escalating cyberattacks and tighter security regulations in 2024. Ransomware and supply chain vulnerabilities remain significant threats. Collaboration between executives is crucial, as cyber adversaries continue their attacks. Cybersecurity budgets are expected to increase, but sectors like retail and healthcare allocate smaller portions to cybersecurity. Recovery costs are highest in healthcare, finance, and pharmaceutical industries. Cyber insurance costs are stabilizing. Notable nation-state attackers include China, Iran, North Korea, and Russia. (WSJ.COM)

Israeli Startup Funding Plummets 60%, Yet M&A Landscape Thrives With Cybersecurity Focus
Despite a 60% drop in VC fundraising, the Israeli tech market remains resilient with a strong focus on cybersecurity consolidation. The 'Trends and Forecasts' conference highlighted the flourishing cybersecurity sector, which commands a 70% share of M&A activities. While startup and VC fundraising have been significantly impacted, there is cautious optimism for the upcoming year. (JPOST.COM)

CIOs Sharpen Cloud Cost Strategies - Just as Gen AI Spikes Loom
Cloud costs remain a top concern for CIOs as they strive to balance expenditures for core workloads and innovation. While tools and platforms are helping to lower costs, emerging technologies like generative AI pose new challenges. (CIO.COM)

Cybersecurity in the Digital Age: Protecting Our Virtual Borders
Discover essential strategies for cybersecurity in the digital age. This guide provides insights into the latest threats, prevention techniques, and recovery methods, empowering readers with the knowledge to protect their digital assets in an increasingly connected world. Topics covered include the evolution of cyber threats, vulnerabilities in modern technology, key cybersecurity strategies, the role of AI and machine learning, building a culture of cybersecurity, protecting personal data, recovering from cyber attacks, and staying ahead of threats. (JPOST.COM)

I Securely Resolve: CISOs, IT Security Leaders Share 2024 Resolutions
Cybersecurity leaders share their New Year's resolutions for 2024, which include assessing business continuity and incident response plans, building a strong security culture, preparing for AI-driven attacks, and ensuring minimal disruption in the event of a security breach. The focus is on proactive measures, risk management, user-friendly security protocols, and anticipating emerging threats. (DARKREADING.COM)

CrowdStrike Has Multiple Cybersecurity Growth Drivers In Place For 2024
CrowdStrike, a leading cybersecurity company, is primed to gain market share and drive expansion in the coming year. With a strong platform powered by AI, the company aims to achieve a 28.9% revenue growth in fiscal 2025. CrowdStrike is excelling in its endpoint security market, while also experiencing significant growth in its cloud security, identity protection, and next-gen SIEM businesses. The company's partner network is expected to contribute to its future success. (FORBES.COM)
 

Criminal Justice

Hacker Who Attacked Colombian Government Websites Sentenced to More Than 3 Years in Prison
Andres Felipe Cardoso Alvarez, alias Orgon of Anonymous Colombia, has been sentenced to over 3 years in prison for computer crimes. He illegally accessed multiple websites, including the Colombian president's office, and must pay a $28,000 fine. Anonymous Colombia operates without a defined hierarchy. (FINANCECOLOMBIA.COM)

Law Enforcement Operations Targeting Cybercrime in 2023
Law enforcement agencies conducted multiple operations targeting cybercrime in 2023, including infiltrating ransomware gangs, dismantling encrypted communications platforms, seizing malware infrastructure, and disrupting dark web marketplaces. These operations resulted in the arrest of thousands of suspects, the seizure of millions of dollars in illicit funds, and the recovery of stolen cryptocurrency. The efforts also aimed to dismantle botnets, disrupt ransomware operations, and combat various cybercrimes such as phishing, fraud, and identity theft. (BLEEPINGCOMPUTER.COM)
 

Critical Infrastructure

States and Congress Grapple with Cybersecurity in the Wake of Iran's Attacks on Pittsburgh-Area Water Authority
Pennsylvania senators and Congressman Chris Deluzio call for a full investigation into the cyberattack on the Municipal Water Authority of Aliquippa, highlighting the need for improved cybersecurity in water utilities. Some states have passed legislation to address this issue, while the U.S. Environmental Protection Agency proposed a rule to audit water systems' cybersecurity. However, without congressional action, progress remains minimal. Dragos offers free support and software to detect vulnerabilities and threats for smaller utilities. (SHAHANEWS.COM)

Tiny Water Authority in Pennsylvania Hit by Iranian Cyberattack
Pennsylvania water authority, Aliquippa, falls victim to an Iranian cyberattack, highlighting the vulnerability of water utilities. Calls for increased cybersecurity measures face challenges due to lack of funding and expertise. Proposed legislation and funding initiatives aim to address the issue. (FORTUNE.COM)
 

Crypto & Blockchain

Orbit Chain's Bridge Hacked for $81.5 Million in a Major Security Breach
Orbit Bridge, a cross-chain bridge protocol, experienced a significant hack resulting in the outflow of $81.5 million across various cryptocurrencies. The breach involved five transactions directed to distinct wallets, including stablecoins, wrapped Bitcoin, and Ethereum. The attacker likely compromised multi-signature signers and initiated the attack with funds from TornadoCash. Investigations are underway, and Orbit Bridge has initiated a compensation distribution process for affected users. The incident raises concerns about the security of cross-chain protocols and their interconnected ecosystems. (CRYPTO-NEWS-FLASH.COM)

Orbit Chain Loses $81M in Cross-Chain Bridge Hack
Orbit Chain, a blockchain platform, has suffered an $81 million hack through its cross-chain bridge. The hacker used the privacy protocol Tornado Cash to fund a wallet before attacking Orbit Chain's ETH vault. The stolen funds, currently totaling around $82 million, remain untouched. The incident caused a drop in the platform's total value locked and a decline in the value of its native token. This hack is reminiscent of previous attacks carried out by the Lazarus Group, a North Korean hacking group. (COINDESK.COM)
 

Cyber Hygiene

16 Ways to Secure Your Apple ID on Your iPhone
Apple IDs serve as the gateway to Apple services and devices, so it's vital to protect them. Steps you can take include using strong passwords, keeping information updated, avoiding sharing passwords or verification codes, enabling two-factor authentication, setting a recovery key, adding security keys, using Family Sharing instead of account sharing, designating recovery contacts, and carefully selling old devices. You should also watch for phishing attempts, report suspicious activity to Apple, and leverage reputable password managers. Taking multiple precautions makes it much harder for scammers to gain access. (TECHPP.COM)
 

Cyberattacks

Sensitive Court Recordings Hacked: Victoria’s Judicial System Under Cyber Threat
Australia's Court Services Victoria (CSV) warns of a ransomware attack by Qilin that exposed video recordings of court hearings. The breach, discovered on December 21, 2023, compromised audio-visual archives from November 1 to December 21. CSV is restructuring the system, while court operations remain unaffected. Qilin ransomware gang suspected. (WORDPRESS.COM)

Cyber-Hackers Target UK Nuclear Waste Company RWM
Hackers attempted to breach Radioactive Waste Management (RWM), the company behind the £50bn Geological Disposal Facility project in the UK, using LinkedIn. RWM reported instances of potential exploitation but stated that the cyber incidents had no material effect. Social media sites are commonly used for social engineering and gathering sensitive information. (THEGUARDIAN.COM)

Cross-chain Orbit Bridge Reportedly Suffers $82M Exploit
Hackers appear to have exploited vulnerabilities in Orbit Chain's Orbit Bridge, a cross-chain bridging service, stealing $81.7 million worth of cryptocurrency. The stolen funds include $30 million in USDT, $10 million in USDC, $21.7 million in ETH, $9.8 million in WBTC, and $10 million in DAI. The method of exploit is still unknown. Orbit Chain links the Klaytn blockchain network and focuses on asset transfers between Klaytn and EVM-compatible networks. The breach shows the risks associated with bridges and wrapped assets. (COINTELEGRAPH.COM)

Hackers Access Victorian Court Recordings Database
Court Services Victoria reports its audio-visual network was compromised on November 1st, allowing hackers to access several weeks of court hearing recordings. The breach impacts the supreme, county, magistrates, coroner's, and children's courts. Witnesses and participants are being notified. CSV has isolated the network, but the incident raises concerns over strengthening court technology protections. (THEGUARDIAN.COM)

Hackers Hit Australian State's Court Recording Database
Hackers targeted the court recordings database in Australia's Victoria state, causing disruptions to the audio-visual technology network used in court. The breach may have resulted in the theft of recordings from court hearings between November 1 and December 21, 2023. The affected network has been isolated and disabled, and court officials are working with cyber security experts. This incident follows a series of cyber attacks on critical infrastructure and businesses in Australia. (REUTERS.COM)

FCC Proposes $200M Cyber Program for Schools, Libraries
The Federal Communications Commission is considering a pilot program to provide cybersecurity services for K-12 schools and libraries, aiming to protect them from cyberattacks. The program would allocate up to $200 million and gather information on its effectiveness. (STATESCOOP.COM)
 

CyberWarfare

Israel Battles Spike in Wartime Hacktivist, OT Cyberattacks
During the 2023 war in Gaza, Israel experienced a surge in cyberattacks, with hacktivists on both sides launching attacks. The mobilization of reservists from the cybersecurity industry impacted businesses. Israel's operational technology and critical infrastructure were targeted, highlighting the need for improved OT security. Collaboration with the UAE and acquisitions bolstered Israel's cybersecurity industry. (DARKREADING.COM)

Mysterious Hacker Strikes Iran with Major Cyberattacks
A hacker named "irleaks" targets Iranian insurance companies, selling over 160 million records. They also claim to have hacked SnappFood, stealing 3 terabytes of data, including user information and credit card details. The attacks raise suspicions of state-sponsored involvement. Hudson Rock researchers are investigating the breaches. (INFOSTEALERS.COM)

Cyber Toufan Goes Oprah Mode, With Free Linux System Wipes of Over 100 Organisations
Since October 2022, hacktivist group Cyber Toufan has breached over 100 Israeli organizations, wiping systems and dumping data. Targets include private companies, government entities, and security firms. Over a third of victims remain offline weeks later, unable to recover. (DOUBLEPULSAR.COM)

Air Travel Is Not Ready for Electronic Warfare
Militaries spoofing GPS signals could inadvertently endanger civilian planes. Airliners in the Middle East already face system failures. Legacy avionics vulnerabilities raise concerns hackers could tamper with navigation undetected. Addressing complex aviation cybersecurity issues is difficult but urgent as electronic warfare proliferates. (NYMAG.COM)

Massive Missile Strike Disrupts Kyiv's Internet and Power Supply
Russian missiles hit Kyiv, causing significant disruption to internet and power. The attack damaged buildings and infrastructure, leaving thousands without electricity. This is not the first time Russia has targeted Ukraine's critical infrastructure, highlighting the challenges the country faces in defending against such attacks. (THERECORD.MEDIA)
 

Elections

'Perilous and Chaotic': Why Officials Are Nervy Before a Likely UK Election in 2024
The next UK general election has the potential to be one of the most perilous and chaotic in the country's history. Factors contributing to this include the requirement for voters to show photo ID, concerns about a shortage of electoral officials, and worries about cyber threats and disinformation. (THEGUARDIAN.COM)

Arizona Creates Own Deep-Fake Election Hoaxes to Prepare for 2024
Arizona is conducting tests using AI to prepare for potential scams and conspiracy theories in the upcoming presidential election. The state's exercise highlights concerns about the rise of generative artificial intelligence, which criminals and adversaries can use for scams. The use of AI in deep fakes makes it harder to verify information, posing risks for election officials. There is a push in Congress to establish safeguards for AI technology before the 2024 election. (POLITICO.COM)
 

Entertainment

GTA 6 Leaks Hacked Using Hotel TV and Amazon Fire Stick
A British teenager, Arion Kurtaj, hacked into Rockstar Games' systems using a hotel TV and an Amazon Fire Stick, obtaining 90 unreleased clips of Grand Theft Auto 6. Kurtaj, a member of the online gang Lapsus$, was sentenced to indefinite detention for his involvement in the hacking and subsequent blackmail. He had a history of cybercrimes, including attacks on BT, EE, and Nvidia. The case highlights the dangers of online crime and the need for increased cybersecurity measures. In response to the breach, Rockstar Games released the GTA 6 trailer ahead of schedule, which quickly gained over 100 million views on YouTube. (READWRITE.COM)
 

Financial

First American Financial: Data Stolen and Encrypted in Cyberattack
First American Financial confirms that threat actors accessed and stole non-production data in a recent cyberattack, encrypting it in the process. The incident is contained, but the company is still assessing the potential impact on its financial condition. This raises concerns about risk mitigation and security in the title insurance industry, following a $1 million settlement over a 2019 data breach. Fidelity National Financial, the largest title insurance firm, was also recently hit by a suspected ransomware attack. (CYBERSECURITYDIVE.COM)
 

Geopolitical

Beijing Is on a Wartime Footing
China's defense industrial growth, particularly in its navy, poses a significant threat to U.S. national security. The U.S. defense industrial base is ill-prepared to meet the military's needs, leading to a shortfall in munitions and supply chain challenges. Rebuilding the defense industry and establishing a national-level body for strategic guidance is crucial. Increased funding, incentives, and long-term contracts are needed to modernize and expand production capacity. (WSJ.COM)

Iran Sends Warship to Red Sea After US Sinks Houthi Boats
Iran has dispatched a warship to the Red Sea following the US Navy's destruction of three Houthi boats, further escalating tensions in the region. This move poses a challenge to the US-led maritime task force established to counter Houthi attacks on ships. Iran's show of force aligns with its agenda of projecting power and driving the US out of the region. (BLOOMBERG.COM)
 

Government

Hackers Breach Australian Court Hearing Database
The court system in Victoria, Australia, experienced a ransomware attack, potentially exposing sensitive recordings of court hearings. The attack disrupted the audio-visual technology network, impacting video recordings, audio recordings, and transcription services. The hackers may have accessed recordings between November 1 and December 21, but no other court records were compromised. The attack was likely carried out by the Qilin ransomware group, known for targeting critical sector companies. This incident adds to a series of major cyberattacks in Australia in recent months. (THERECORD.MEDIA)

The State of State Technology Policy: 2023 Report
States shape US technology policy in 2023, passing laws on online child safety, AI, privacy, and antitrust. Predictions for 2024 include more AI laws, comprehensive privacy legislation, pending content moderation laws, limited antitrust changes, continued child safety focus, and ongoing litigation impact. (UNC.EDU)

Kansas Court Systems Slowly Reaching Finish Line for Complete Restoration after Cyberattack
Kansas courts are nearing the end of their recovery process following a cyberattack in October. The Kansas District Court Public Access Portal, which allows online case searches, is now fully operational, although there may be some delays in updating information filed on paper. Other restored features include online payment of fines and fees. The restoration marks a significant milestone in the state's recovery plan. (KSN.COM)

Meet Joe Biden's Favorite Hacker
Jeff Moss serves as a bridge between the government and the hacker community, a link that has never been more important. Moss has become one of the government's most trusted cybersecurity advisers, with the ear of President Biden's top cyber aides. He tries to help the government harness hackers' talents to better defend against attacks, overcoming decades of distrust. As threats have grown, both sides realized they should talk more. Moss sees hackers' policy engagement as an unalloyed good, though he warns they should tread carefully. (THEMESSENGER.COM)
 

International

Cyber Attack on Victoria's Court System May Have Exposed Recordings of Sensitive Cases
Victoria's court system in Australia has suffered a ransomware attack, possibly orchestrated by Russian hackers. Recordings of sensitive court cases, including witness testimony, may have been accessed or stolen. Court Services Victoria is working to notify affected individuals. The attack primarily targeted the County Court and the Supreme Court. (NET.AU)

Swedish Supermarket Chain Coop Responds to Cyberattack
Coop, one of Sweden's largest supermarket chains, is dealing with a cyberattack affecting stores in Värmland County. The ransomware gang Cactus claimed responsibility for the attack, and Coop Värmland was the specific target. This is not Coop's first encounter with ransomware, as it was also affected by the Kaseya attack in 2021. The Cactus gang is known for exploiting vulnerabilities in VPN appliances and has been targeting industrial organizations. The extent of the stolen data and ransom amount is currently unknown. (THERECORD.MEDIA)

Cyber Hackers Break into Victorian Court Recordings
Hackers have breached Victoria's court system, gaining access to weeks of recorded hearings. The cyber attack on the audiovisual technology network was discovered on December 21, but it is believed to have occurred on November 1. Video and audio recordings from Supreme, County, Magistrates, and Coroners courts were compromised, along with a recording from the Children's Court. However, no data other than the recordings was accessed. The affected network has been isolated, and efforts are underway to strengthen security across the court and tribunal-wide technology system. (COM.AU)

Expert Opinion: Bringing Down Putin’s House of Cards
In this expert opinion piece, Suzanne Kelly highlights the disruptive and aggressive actions of Russian President Vladimir Putin and his regime. From military aggression and threats to the use of cyber capabilities for economic disruption and election interference, Putin's regime is seen as a major source of disharmony in the world. The author also mentions Putin's support for corrupt regimes, supply of weapons used in civilian aircraft shootings, and allegations of war crimes. The Cipher Brief is recognized as a popular outlet for former intelligence officers. (THECIPHERBRIEF.COM)

Finnish Intelligence Reorganizes to Boost Information Gathering
The Finnish Security Intelligence Service (Supo) has undergone a reorganization to strengthen its information gathering capabilities. This comes after Supo warned that Finland was being treated as a "hostile country" by Russia and amidst an ongoing investigation into a suspected act of maritime sabotage. The reorganization involves reducing the number of departments and appointing new heads for each department. The previous chief of Supo has departed, and the agency's deputy director is currently serving as the acting director. Supo is responsible for both foreign and domestic intelligence. (THERECORD.MEDIA)
 

Privacy

Theft of Vancouver Rape Crisis Centre Server Containing Sensitive Data Raises Privacy Concerns
A server containing sensitive personal information and banking details was stolen from the Salal Sexual Violence Support Centre. Cybersecurity experts warn of significant risks and emphasize the need for stronger data security measures. Victims are advised to change passwords, monitor accounts, and file complaints with the privacy commissioner. (CBC.CA)
 

Ransomware

How Ransomware Could Cripple Countries, Not Just Companies
Experts predict 2023 will be the worst year ever for ransomware attacks. These attacks are sapping prosperity and pose a national security threat as they spread to critical infrastructure globally. The ransomware business is shifting to smaller groups that buy services rather than develop their own tools, making attacks cheaper and faster. Though Western countries are striking back, the overall impact has been limited even as AI makes attacks more sophisticated. (ECONOMIST.COM)

Man Says Fraudulent Accounts Opened, Home Purchased in His Name After City Ransomware Hack
A victim of the Oakland ransomware attack reveals that multiple accounts were opened in his name, including the fraudulent purchase of a house. The city failed to notify victims of the leaked personal information, causing financial and identity theft issues. Concerns about the city's cyber insurance and overall management arise. (ABC7.COM)

After Ransomware Claims, Xerox Says Subsidiary Hit with Cyberattack
Xerox confirms that its subsidiary, XBS, suffered a cyberattack, possibly involving personal data theft. The ransomware gang INC claimed responsibility. Xerox is investigating the incident and working to secure the affected IT environment. Limited personal information may have been compromised. (THERECORD.MEDIA)

Xerox Says Subsidiary XBS U.S. Breached After Ransomware Gang Leaks Data
Xerox Business Solutions (XBS) in the U.S. has been compromised by hackers, with a limited amount of personal information potentially exposed. The INC Ransom ransomware gang claims to have stolen sensitive data and confidential documents. Xerox is working with cybersecurity experts to investigate the incident and secure its IT environment. Limited personal information, including email communications, payment details, and invoices, was exposed. The extent of the breach and the number of affected individuals are currently unknown. Xerox had previously suffered a ransomware attack in 2020. (BLEEPINGCOMPUTER.COM)
 

Regulatory

DOJ, FBI, and SEC Provide Guidance for Delay Requests Relating to Disclosure of Cybersecurity Incidents Under Form 8-K
The DOJ, FBI, and SEC have issued guidelines for companies seeking delays in disclosing cybersecurity incidents under Form 8-K. Companies must assess if public disclosure poses risks to national security or public safety and contact the FBI for evaluation. The SEC has also provided interpretations on disclosure delays. (NATLAWREVIEW.COM)
 

Supply Chain

Nvidia’s China Customers to Get Hobbled Version of Gaming Chip
Nvidia is selling a less-capable version of its GTX 4090 D graphics chip in China due to tightened US government restrictions. The China model has 10% fewer processing cores and will comply with US export controls. The move follows the US government's aim to limit China's access to specialized chips to slow down its AI capabilities. Nvidia has engaged with the US government while developing the product and plans to release it in January. (BLOOMBERG.COM)

US Pressured Netherlands to Block China-Bound Chip Machinery
ASML, a Dutch manufacturer of high-end chipmaking equipment, canceled shipments of its machines to China at the request of the Biden administration. The US is cracking down on Beijing's semiconductor industry, and the move is part of an effort to restrict China's access to imported technology. ASML had licenses to ship the machines to Chinese firms until new Dutch restrictions take effect. The US pressure on ASML started in 2019, and the Dutch government tightened export controls on China last year. (BLOOMBERG.COM)
 

Technology & Defense

Operation Triangulation: The Last (Hardware) Mystery
Larin summarizes the results of research into Operation Triangulation, an attack targeting iPhones. The key finding is the discovery of an undisclosed hardware feature that allows bypassing memory protections. Through reverse engineering, Larin determined the feature likely belongs to the GPU coprocessor and seems intended for debugging/testing. It is unknown how attackers learned of this obscure feature not used by Apple firmware. Larin concludes that while impressive, hardware security relying on obscurity rather than fundamental protections remains vulnerable. (SECURELIST.COM)

Apple’s Highly Secure iPhone Lockdown Mode Is Surprisingly Usable
Apple's Lockdown Mode, designed to offer extreme protection to users facing targeted cyberattacks, has been found to be "surprisingly tolerable" during testing. Enabling Lockdown Mode requires a PIN or biometric authentication, followed by a reboot. While it restricts certain features like sharing links and using HomeKit, it allows users to continue functioning normally with some minor inconveniences. Lockdown Mode aims to make it harder for spyware vendors to exploit vulnerabilities in iOS and macOS. (MACDAILYNEWS.COM)

New Malware Techniques Detected and Shared as Timely Threat Intelligence
Unit 42 summarizes new malware and cybercrime groups observed from October to December 2023, shared via social media for timely threat intelligence. Highlights include innovative exploitation methods for DarkGate, IcedID delivery by TA577, and first public reporting on JinxLoader. By quickly disseminating IOCs, TTPs and screenshots, defenders can customize protections against emerging threats. Trends spotted across multiple posts help inform more holistic security strategies. (PALOALTONETWORKS.COM)

Hide and Seek in Windows' Closet: Unmasking the WinSxS Hijacking Hideout
Investigation uncovers an innovative DLL search order hijacking technique that exploits executables in Windows’ trusted WinSxS folder to run malicious code with minimal detection risk. The method works on Windows 10 and 11, needs no privileges or extra files, and enhances stealth by operating within legitimate applications. Defenders should analyze processes and binary behaviors for customized detection. (SECURITYJOES.COM)

US-China Chip War Leads to Restrictions on ASML Exports
The Dutch government has ordered ASML, the world's leading chipmaking equipment manufacturer, to limit shipments of two lithography systems to China. This comes as part of the ongoing chip war between the US and China, with the US implementing export measures to hinder China's high-end chip production ambitions. The Netherlands' restrictions may impact relations with China and further escalate the chip war, although experts argue that no country has a chance for semiconductor independence. (THENEXTWEB.COM)

macOS Malware 2023 | A Deep Dive into Emerging Trends and Evolving Techniques
This article explores the evolving landscape of macOS malware in 2023, highlighting trends such as infostealers prioritizing one-time execution over persistence, targeted social engineering techniques, the use of public offensive security tools, abuse of built-in tools, and multi-stage, modular malware campaigns. It emphasizes the need for organizations to enhance their security measures beyond Apple's built-in protections. (SENTINELONE.COM)
 

Vulnerabilities & Exploits

Google Password Resets Not Enough to Stop Info-Stealing Malware Strains
Security researchers have discovered that info-stealing malware can still access compromised Google accounts even after the passwords have been changed. This is due to a zero-day exploit in Google's account security that allows cybercriminals to log back into a victim's account and generate new session tokens. The exploit revolves around stealing session tokens and can be used by malware to hijack accounts, even if the password has been reset. The exploit has been implemented by several malware families, and the root of the vulnerability lies in the undocumented Google OAuth endpoint "MultiLogin." (THEREGISTER.COM)

Dangerous New Malware Uses Cookies to Break into Google Accounts
A cookie vulnerability has been discovered that puts Google accounts at risk, even if passwords are changed. Hackers can exploit session cookies used for user authentication, bypassing passwords and gaining unauthorized access to accounts. At least six malware groups are actively selling this exploit, making it imperative for users to be cautious and consider changing their passwords if they notice any abnormal activity on their accounts. Google is working on fixing the issue, but there is no immediate way to know if one has been compromised in such an attack. (ANDROIDPOLICE.COM)

'Operation Triangulation' Spyware Attackers Bypass iPhone Memory Protections
The "Operation Triangulation" APT campaign exploits undocumented functions in Apple chips to evade hardware-based memory protections, targeting iPhones through the iMessage app with zero-click attacks. The sophisticated campaign leverages multiple vulnerabilities and poses a persistent risk to user privacy and security. Experts recommend regular OS updates, patching vulnerabilities, and implementing endpoint detection and response solutions for protection. (DARKREADING.COM)

Orbit Chain Loses $86 Million in the Last Fintech Hack of 2023
Orbit Chain, a blockchain platform, suffered a security breach resulting in the loss of $86 million in cryptocurrency. The unauthorized transactions occurred on December 31, 2023, and the attackers remain unidentified but show signs of being sophisticated state-sponsored hackers possibly from North Korea. Orbit Chain is collaborating with Korean authorities to investigate the incident. Scammers are also using verified accounts on X to promote phishing sites for wallet draining scams. (BLEEPINGCOMPUTER.COM)

"Triangulation" iPhone Spyware Used Apple Hardware Exploits Unknown to Almost Everyone
Kaspersky's report reveals details of the sophisticated "Triangulation" spyware, exploiting undisclosed Apple hardware features. It uses zero-click attacks, leaking microphone recordings and location data. The mystery surrounding its development raises questions of collaboration between Apple, the NSA, and spyware planting. Apple denies the allegations, suggesting skilled hackers discovered the hidden functions independently. (TECHSPOT.COM)

Missing Chinese Student Was Victim of 'Cyber Kidnapping' Scam, Utah Police Say
A 17-year-old Chinese exchange student who went missing in Utah was found unharmed, but appeared to be a victim of a "cyber kidnapping" scheme. The scammers put the student under duress and convinced his family that he was being held for ransom, prompting them to transfer $80,000 in ransom to bank accounts in China. The crime involved tricking the family into believing that the student had been abducted and coercing them into paying a ransom, even though he had not actually been taken. (WASHINGTONPOST.COM)

Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for Session Hijacking
A critical exploit has been uncovered that allows the generation of persistent Google cookies through token manipulation, providing continuous access to Google services even after a password reset. The exploit has rapidly spread among various malware groups, posing significant cybersecurity implications. (CLOUDSEK.COM)
 

Workforce

Orbit Chain Loses $81M in Cross-Chain Bridge Hack
Cryptocurrency platform Orbit Chain was exploited for $81 million after a hacker used privacy protocol Tornado Cash to attack the project's Ethereum vault. Over 26,700 ETH and $18 million in stablecoins were drained but remain unmoved. The hack caused Orbit Chain's total value locked to drop from $152 million to $71 million. Crypto scams and hacks persisted in 2023 though at lower levels, highlighting lingering security issues. (TEAMRORA.COM)

This Is Why 2024 Will Be a Good Year for Social Workers
Social workers and cyber security managers will be among the most in-demand and highest paid roles in 2024, predicts recruitment firm Hays. With nearly 1 million job vacancies despite economic woes, Hays CEO Simon Winfield says ample opportunities exist for career changers to highlight transferable skills. (CO.UK)

Essential Skills for Today’s Threat Analysts
Threat analysts in 2024 need technical skills like programming and AI, as well as soft skills like attention to detail and teamwork. The role is expanding to include cloud security and ML tools, but human oversight is still crucial. Continuous learning, ethics, and diverse hiring are important for success in threat hunting. (CSOONLINE.COM)
 

Copyright © 2023  |  McCrary Institute, All rights reserved.

No comments:

Post a Comment

RECOMMENDED READING LIST

Search This Blog

ARCHIVE List 2011 - Present