Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Security threats. Show all posts
VPNs Security
Cyber incidents cybersecurity news Data Theft Cases Latest Cybersecurity news Security threats Technology VPNs Security

The Rise of VPNs: A Tool for Privacy or a False Promise

 

Today, Virtual Private Networks (VPNs) have become omnipresent. Millions around the world use VPNs, and they are often promoted by influencers as essential tools for privacy. Their rise in popularity stems from the idea that they offer online privacy by hiding your browsing activities and making you anonymous on the internet. 

Despite the marketing, the reality is less reassuring. VPN providers frequently fail to deliver the level of privacy and protection that users expect. 

How VPNs Work 

A VPN works by channelling your internet traffic through an encrypted tunnel to a VPN server. This prevents your internet service provider (ISP) from tracking your online activities, such as websites visited or apps used. However, this does not make you anonymous. Instead, it shifts the trust from your ISP to the VPN provider. This raises an important question: why trust a VPN provider more than your ISP? 

Trust Issues with VPN Providers 

The truth is, that VPN providers cannot always be trusted. Free VPN services, in particular, are notorious for collecting and selling user data to third-party advertisers, posing privacy risks. Even paid VPN services, which claim to protect privacy by not logging data, have often been found to break those promises. In some cases, VPNs with “no-log” policies were later discovered storing data, which was leaked or shared with law enforcement. 

Verifying Privacy Claims 

A significant issue with VPN providers is the difficulty in verifying their privacy claims. Often, the only assurance users have is the provider’s word, and that’s rarely enough. Numerous VPN companies have been caught logging user data, breaking the trust they have established with their customers. 


Setting Up Your Own 

VPN For those needing a VPN to bypass censorship or other specific purposes, experts recommend setting up a personal VPN server. By using services like Amazon Web Services, Google Cloud, or DigitalOcean, users can create and manage their own encrypted VPN server, giving them control of the private key to their data. This ensures that even the cloud provider cannot access your information.
Read more »
Security threats
Cicada3301 Cyber Attacks ransomware attacks Security threats

Cicada3301 Ransomware Operation Impersonates Legitimate Organization, Targets Global Firms

 

A new ransomware-as-a-service (RaaS) operation named Cicada3301 has emerged, impersonating the legitimate Cicada 3301 organization, which was known for its cryptographic puzzles in the early 2010s. The cybercriminal group has already listed 19 victims on its extortion portal and has rapidly targeted companies worldwide. 

Despite using the same name and logo as the original online/real-world game, there is no connection between the two. The legitimate Cicada 3301 organization has publicly condemned the ransomware group's actions, distancing itself from the cybercriminals. 

The ransomware operation began recruiting affiliates on the RAMP forum in June 2024, but attacks were observed as early as June 6. Cicada3301 employs double-extortion tactics, breaching corporate networks to steal data before encrypting devices. The stolen data is used as leverage to demand ransom payments. 

Research by cybersecurity firm Truesec reveals striking similarities between Cicada3301 and the ALPHV/BlackCat ransomware, including shared encryption methods and system shutdown commands, suggesting a possible rebrand by former ALPHV members. Notably, both operations utilize the Rust programming language and the ChaCha20 encryption algorithm. 

Cicada3301 is also linked to the Brutus botnet, known for brute-forcing VPN appliances to gain access to networks, a method seen after ALPHV ceased operations. Targeting VMware ESXi environments, the ransomware is designed to maximize damage by encrypting virtual machines and removing recovery options. 

Its sophisticated methods suggest an experienced group, possibly affiliated with ALPHV, aiming to cause widespread disruption and force victims into paying substantial ransoms.
Read more »
User Security
Application Cyber Security Open Source Open Source Software Security threats User Privacy User Security

Securing Open Source: A Comprehensive Guide

Open-source software has become the backbone of many modern applications, providing cost-effective solutions and fostering collaborative development. However, the open nature of these projects can sometimes raise security concerns. Balancing the benefits of open source with the need for robust security measures is crucial for organizations leveraging these resources.

In a comprehensive guide by CIO.com, strategies are outlined to ensure organizations get the most out of open source without compromising security. The emphasizes on the importance of proactive measures, such as regular security assessments, vulnerability monitoring, and code analysis. By staying informed about potential risks, organizations can mitigate security threats effectively.

One key aspect highlighted in the guide is the need for a well-defined open-source governance policy. This involves establishing clear guidelines for selecting, managing, and monitoring open-source components. Organizations can reduce the likelihood of introducing vulnerabilities into their systems by implementing a structured approach to open-source usage.

Snyk, a leading security platform, contributes to the conversation by emphasizing the significance of managing open-source components. Their series on open-source security delves into the intricacies of handling these components effectively. The importance of continuous monitoring, regular updates, and patch management to address vulnerabilities promptly.

Furthermore, the guide points out the value of collaboration between development and security teams. This interdisciplinary approach ensures that security considerations are integrated into the development lifecycle. By fostering communication and shared responsibility, organizations can build a culture where security is not an afterthought but an integral part of the development process.

Drift offers a unique perspective on enhancing security through intelligent communication to complement these insights. Their platform enables organizations to streamline interactions, facilitating quick responses to potential security incidents. In a landscape where rapid communication is key, tools like Drift can enhance incident response times, minimizing the impact of security breaches.

It takes careful balance to maximize the benefits of open source while upholding strict security guidelines. The tools offered by Drift, Snyk, and CIO.com address this issue comprehensively. Organizations can optimize the advantages of open source without compromising security by implementing proactive security measures, clearly establishing governance standards, and encouraging team cooperation.






Read more »
Security threats
Data Breach Data Theft Google Drive Deficiency Security threats

Google Drive Deficiency Allows Attackers to Exfiltrate Workspace Data Without a Trace

 

The free version of Google Workspace lacks event logging, which can be exploited by attackers to download data from Google Drive without any trace of their unauthorized activity, researchers reported in recent findings. 

Mitiga researchers identified a significant "forensic security deficiency" in the widely used productivity application. This deficiency occurs because log generation is only available for users with a paid enterprise license for Workspace. As stated in a recent blog post by Mitiga on May 30, this situation exposes enterprises to insider threats and the risk of potential data leaks. 

A forensic security deficiency refers to a specific weakness or gap in the security measures of a system that hinders effective forensic analysis and investigation. In simpler terms, it means there is a flaw in the system's ability to gather and provide critical information necessary to understand and respond to security incidents. 

Event logging is the process of recording and storing detailed information about events or actions that occur within a system or application. It involves capturing data such as user activities, system events, errors, and other relevant information. 

The purpose of event logging is to provide a trail of recorded events that can be used for troubleshooting, security analysis, auditing, and compliance purposes. Users who have a paid license, like Google Workspace Enterprise Plus, have access to "drive log events" that provide visibility into Google Drive activity. 

These log events track actions such as copying, deleting, downloading, and viewing files. However, users with the default Cloud Identity Free license do not have this visibility. 

“Google Workspace provides visibility into a company’s Google Drive resources using ‘Drive log events,’ for actions such as copying, deleting, downloading, and viewing files. Events that involve external domains also get recorded, like sharing an object with an external user,” Mitiga explained. 

As a result, organizations using the free license cannot detect potential data manipulation and exfiltration attacks promptly. This limitation hinders their ability to effectively assess the extent of data theft, or even determine if any data has been stolen at all. 

“We recommend Google Cloud customers use VPC Service Controls and configure organizational restrictions in Google Cloud Storage buckets for exfiltration protection. Between this and appropriately configured cloud audit logs, customers can rest assured that their data is secure...” 

“…While improving log forensics hasn’t been an issue raised by our customers, we are continually evaluating ways to improve customers’ insight into their storage. The highlighted forensics gap in the blog is one of those areas we are examining,” a Google Cloud spokesperson reported.
Read more »
Security threats
Hacking Mobile Medical Data Leak Mobile Security ransomware attacks Security threats

Ransomware Attacks Pose Significant Threats to the Security of Medical Devices

Cybercriminals are increasingly targeting health organizations of all sizes. The rise in healthcare-related cyberattacks suggests that smaller healthcare providers are experiencing a higher rate of cybercrime incidents. 

Recently Food and Drug Administration has disclosed that ransomware attacks targeting medical facilities are a major concern and what we are witnessing is only the visible tip of the iceberg in a much larger problem. 

Beyond headline-grabbing cyberattacks, there are hidden risks to patient safety caused by service providers who hack medical devices disguised as repair and maintenance. This dangerous method of hacking, whether it is intentional or reckless, poses significant cyber risks comparable to professional ransomware attacks. 

Unfortunately, medical devices for malicious purposes are often disregarded or not given enough attention by the medical device community, physicians, and patients who rely on these devices for critical life-saving treatments and services. 

Additionally, when examining the primary factors contributing to the rise in attacks on healthcare organizations, we can identify the following common reasons: 

  • Patient medical and billing information can be swiftly sold by malicious actors on the darknet for insurance fraud. 
  • The ability of ransomware to seize control of patient care and administrative systems increases the likelihood of substantial ransom payments. 
  • Tampering with internet-connected medical devices is a significant vulnerability. 

Following the report, the FDA stated that “Cybersecurity is a widespread issue affecting medical devices connected to the Internet, networks, and other devices. Cybersecurity is the process of preventing unauthorized access, modification, misuse or denial of use, or the unauthorized use of information that is stored, accessed, or transferred from a medical device to an external recipient.” 

The FDA's paper on improving cybersecurity practices for servicing medical devices explores how service entities can enhance the cybersecurity of these devices. 

According to the discussion paper, the FDA said that “defines service to be the repair and/or preventive or routine maintenance of one or more parts in a finished device, after distribution, for purposes of returning it to the safety and performance specifications established by the original equipment manufacturer (OEM) and to meet its original intended use.” 

These crimes have caused various disruptions, such as missed chemotherapy appointments, delayed ambulances, and sometimes the services devices do not work and it increases the risks of not getting treatment or health services at the right time. 

Ransomware attacks are very dangerous methods of cyberattacks that are getting their foot in every industry. For instance, the May ransomware attack on Colonial Pipeline resulted in gas shortages and panic buying. 

Nevertheless, hackers targeted the JBS meat processing company, raising concerns about potential meat shortages and the vulnerability of essential food providers. In another incident, the Baltimore County Public Schools system experienced a ransomware attack last fall, forcing a two-day halt to virtual classes.

Cybersecurity has a huge impact on every facet of the healthcare industry, encompassing the protection of confidential health data, insurance rates, and patient care. It is becoming essential for medical and device manufacturing companies to advance their methods against increasing cyber threats.
Read more »
Unauthorized access
Cyber Security Google MFA Passkeys Password Theft Security threats Unauthorized access

The Challenges with Passkeys: Addressing Limitations

Passkeys have become a popular method for authentication, offering an alternative to traditional passwords. However, despite their advantages, there are several key issues that need to be addressed. This article explores the problems associated with passkeys and the need for further improvements in authentication methods.

Passkeys, often referred to as passwordless authentication, aim to provide a more convenient and secure way to access accounts and devices. Unlike passwords, which can be forgotten, stolen, or easily guessed, passkeys utilize unique characteristics of the user's device, such as biometrics or hardware-based keys, to grant access.

One of the primary concerns with passkeys is their reliance on specific devices or platforms. For instance, a passkey that works on an Android device might not be compatible with an iOS device or a different operating system. This lack of cross-platform compatibility limits the usability and convenience of passkeys, as users may need multiple passkeys for different devices or services.

Additionally, passkeys are vulnerable to potential security risks. While they eliminate the need for passwords, which are often weak and prone to hacking, passkeys are not immune to threats. If a passkey is compromised, it could lead to unauthorized access to the associated account or device. Furthermore, if the passkey is stored insecurely, such as in the cloud or on an easily accessible device, it could be accessed by malicious actors.

Another challenge is the adoption and support of passkeys across various platforms and services. Although major tech companies like Google have introduced passkey support, it requires widespread adoption from service providers and developers to offer a seamless experience for users. If passkey support remains limited, users may still need to rely on traditional password-based authentication methods.

To address these issues, further advancements in passkey technology and authentication methods are necessary. First and foremost, there should be greater collaboration between tech companies and service providers to establish standardized protocols for passkey implementation. This would enable interoperability across different platforms, making passkeys more accessible and user-friendly.

Enhancing the security of passkeys is also critical. Additional layers of protection, such as multi-factor authentication, can be integrated with passkeys to add an extra level of security. This could include biometric verification, device attestation, or behavioral analysis to ensure the legitimacy of the user.

Furthermore, educating users about the importance of passkey security and best practices is crucial. Users need to understand the risks associated with passkeys and be encouraged to store them securely, preferably using hardware-based solutions or secure vaults.

Read more »
Security threats
Cyber Security Multi-Layer Security Phishing emails Ransomware Security threats

What Will be The Biggest Cybersecurity Threats in 2023?

 


With the advent of the digital revolution, corporations, organizations, and even government entities are increasingly relying on computerized systems to run their day-to-day operations, and as a result, cybersecurity has become a necessity to protect data against numerous online attacks and unauthorized access. As technology continues to advance, cybersecurity trends are changing at a similar pace. News about data breaches, ransomware, hacks, and other threats has become the norm as technology continues to develop. 

As we look ahead to 2023, cybersecurity continues to be one of the top concerns for chief information officers. It has been estimated that there were 2.8 billion worldwide malware attacks and 236.1 million worldwide ransomware attacks in the first half of 2022. According to the data, six billion phishing attacks are expected to have been launched around the world by the end of 2022. 

In the year 2023, it is expected that IT will have to contend with these eight top security threats as these are the most significant cybersecurity trends. 

Top 8 Security Threats For Next Year 

1. Malware 

A malware program is a malicious piece of software that is planted on a network or system. This is done to cause damage to the computer, server, workstation, or network it is installed on. Malware can extract confidential information, deny service and gain access to systems. 

It is the responsibility of IT departments to monitor and stop malware before it enters a network or system by using security software and firewalls. The bad actors behind malware continue to use new methods of evading detection as they develop new ways of doing so. As a result, it is essential to keep current security software and firewalls up-to-date to prevent security threats. 

2. Ransomware 

There are several different types of malware, but ransomware is the most popular. It is capable of preventing access to a system or threatening to leak proprietary information as a result of its actions. To unlock systems or retrieve information that has been encrypted as part of ransomware, hackers demand that their victims pay them a cash ransom. 

Currently, the number of ransomware attacks being carried out against companies in 2022 is higher by 33 percent than it was in 2021. The majority of companies pay ransoms to regain access to their systems. However, they are attacked once again by the same cyber criminals who were behind the ransomware attack earlier. 

Often, ransomware can gain entry into an organization's network through connections with vendors and suppliers whose network security is lacking. 

A secure supply chain starts with the security measures that are used by suppliers and vendors. This is so that business owners and suppliers can be assured that the supply chain from start to finish is secure from beginning to end.

 3. Phishing 

The majority of us have encountered suspicious emails at some point or another. This is often the case, or perhaps even more alarmingly, emails that appear to be legitimate and from a trusted source but are not. Phishing is the practice of sending emails in an attempt to trick you into opening them. 

Phishing is one of the biggest threats companies face today. This is because, as a result of the ease of opening bogus emails, it is easy for unsuspecting employees to spread viruses. In the workplace, training employees on how to recognize phony emails, report them to the company, and never open them can make a difference. To ensure that the best email habits are being taught, IT should work closely with HR to achieve this. 

4. IoT 

It is estimated that 61% of businesses in 2020 will use the Internet of Things, and this number is only growing. Security risks also grow as IoT grows, which is a consequence of the expansion of IoT. There is a well-established reputation among IoT vendors for the lack of security that is implemented on their devices. It should ensure that IoT vendors are checked for safety as part of the RFP process to combat this threat. In addition to this, IT is also able to reset the IoT security for devices so that they comply with corporate standards when it comes to security 

5. Multi-layer security 

What is the right amount of security? You need to know that if your network has been firewalled, security monitoring and interception software are installed, servers have been secured, multi-factor identification sign-on has been issued to employees, and data encryption has been implemented. Still, you could have forgotten to lock physical facilities that contain servers or to install the latest security updates on your smartphone. 

Several layers of security must be managed and monitored by IT to ensure the safety of the network. Creating a checklist for every stage of the workflow that may be a potential security breach point can be a good way for IT to enhance security. 
Read more »
User Privacy
Cyber Security data security ransomware attacks Security threats User Privacy

Microsoft Warns Businesses to Enhance their Security Standards

 

Tech giant Microsoft warned organizations to patch their security flaws in order to stay safe from some of the worst security threats. 

Tech giant Microsoft, in its latest Digital Defence Report of 2022, has warned organizations to patch their security vulnerabilities in order to stay safe from some of the worst threats around right now. 

Microsoft in its 114-page Digital Defense Report highlighted alarming statistics on threats such as identity theft, ransomware, and phishing attempts that the organization has faced over the last year. 

Security loopholes 

According to the data, 99% of all ransomware attacks employ “OS-built tools” to try to tamper with existing protection and backup solutions. 

Microsoft also identified that passwords and other critical account data are still being utilized in ransomware attacks. In 75% of attacks, “acquired elevated compromised user accounts” were used to propagate malicious payloads. In the same proportion, attempts that exploited admin tools were successful. 

In a section titled “Cyber Resilience”, Microsoft asserts that all of the attacks that it recorded employed siphoned credentials, and recommended employing multi-factor authentication (MFA) and other measures to safeguard data. Switching to new credential techniques might bring its own security challenges issues. 

The MDDR discusses “MFA fatigue”. Here, hackers with no access to a system persistently make account access requests and rely on legitimate account holders to get frustrated and accept the request. 

According to the tech giant, this can be countered via the adoption of authenticator applications that don’t rely on alerts but instead employ temporary codes delivered within the app. Free alternatives to traditional two-factor authentication methods include Microsoft Authenticator, Google Authenticator, and Twilio’s Authy. 

Zero Trust Technique 

Additionally, Microsoft promotes the Zero Trust security model in this year’s MDDR. In what is becoming an industry-wide norm, “zero trust” environments work on the assumption that every employee might be a security threat. Beyond MFA, the company outlines other strong 

Zero Trust practices such as verifying users and devices before allowing access to resources, giving that access the minimum level of privilege required, and always assuming that systems have been breached, necessitating constant monitoring for attacks. 

The MDDR claims that “basic security hygiene” protects against 98% of all attacks, so while Zero Trust is inconvenient, it is absolutely necessary for organizations in the modern age to survive. 

Microsoft recommends throughout the MDDR that businesses can use multiple of its products into their tech stack to guard against and counter threats, including Security Service Line for assistance during a ransomware attack and Microsoft Defender for Endpoint for cloud-based protection.
Read more »
Security threats
Cyber Laws Cyber Security Hackers Ransomware attack Security threats

 Cybersecurity Teams At Their Saturation Point

As ransomware attacks rise in frequency and expose people and organizations to new dangers, cybersecurity experts are near breaking point. One-third of cybersecurity experts are considering quitting their position in the next two years, according to a Mimecast poll of 1,100 workers worldwide.

According to the report, cybersecurity teams are under a lot of pressure as a result of rising cybercrime rates and increased media coverage of cyberattacks. Numerous cybersecurity team members are worried that a cyberattack will cost them one`s jobs, and others are having trouble keeping up with the pressure.

In order to keep businesses secure, Mimecast claimed that cybersecurity teams are under a pressure cooker of constant attacks, disruption, and burnout, which makes it even harder to recruit and maintain the necessary cybersecurity specialists. According to Dreyer, "the need for cyber skills is greater than ever, and a lack of workers with the necessary competence has generated a constantly growing skills deficit only within industry."

Nearly two-thirds (64%) of cybercrime leaders polled by Mimecast reported having encountered at least one ransomware assault in the previous year, and 77% reported that since 2021, the frequency of cyberattacks on their company has either increased or remained stable.

According to research by Mimecast, these attacks have personal implications for the health of cybersecurity experts. More than half of respondents (54%) claimed that ransomware attacks had a bad effect on their mental health, and 56% said that their job grew more stressful every time.

Mimecast estimates that 56% of assaults cost firms a total of more than $100,000. Given that 50% of decision-makers spend less than $550,000 a year on cybersecurity, one attack may consume 20% of the budget.
 
IT security managers, according to Mimecast, feel less accountable when an assault is successful, with 57% stating a ransomware attack would make them feel highly responsible, up from 71% last year. Another obstacle to better cybersecurity awareness could be liability. 



Read more »
Web Server security
Mobile Security Threats Security threats User Security Vulnerability and Exploits Web Server security

PROPHET SPIDER is Abusing Citrix ShareFile Remote Code Execution Bug to Deploy Webshell

 

Security researchers at CrowdStrike Intelligence have examined an incident in which PROPHET SPIDER abused a remote code execution (RCE) bug affecting Citrix ShareFile Storage Zones Controller to exploit one of Microsoft Internet Information Services (IIS) webservers. Threat actors exploited the flaw to install a web shell that enabled the downloading of additional weapons. 
 
Last year in September, Citrix discovered a relative path-traversal bug in ShareFile Zones Storage Controller, tracked CVE-2021-22941. The vulnerability allows malicious actors to overwrite an existing file on a target server via an upload id parameter passed in an HTTP GET request.  
 
On Jan. 10, 2022, CrowdStrike received HTTP POST request from PROPHET SPIDER on its Falcon® platform customer. Threat actors requested to upload three web requests:  
 
●Targeting upload.aspx 
●Containing encoded strings for ../ and ConfigService\Views\Shared\Error.cshtml in the URL parameters 
●And, contain &bp=123&accountid=123 if the attacker has not customized the payload  
 
The URI endpoint /upload.aspx is used for ShareFile uploads and usually comes with parameters to define upload object specifications, such as uploadid, cid or batched.   
 
Once the webshell is set, it can be accessed by sending an HTTP request to /configservice/Home/Error with one or two URL parameters. ASP.NET will direct these requests to Error.cshtml, which usually contains a simple HTML header saying “Sorry, an error occurred while processing your request.” Due to the exploit, the contents have been replaced with the C# code block and will invoke Process.Start(cmd.arg) using the URL parameter(s) passed in the GET request.  
 
According to cybersecurity researchers, PROPHET SPIDER has been active since at least May 2017, and primarily target victims by exploiting vulnerable web servers, which commonly involves leveraging a variety of publicly disclosed vulnerabilities. This recent CVE-2021-22941 exploitation demonstrates how PROPHET SPIDER is expanding and refining its tradecraft while continuing to exploit known web-server vulnerabilities.  
 
Last month, BlackBerry Research & Intelligence and Incident Response teams discovered evidence correlating attacks from Prophet Spider with the exploitation of the Log4J bug in VMware Horizon. Additionally, the researchers unearthed mass deployments of cryptocurrency mining software and Cobalt Strike beacons but also identified "an instance of exploitation containing tactics, techniques, and procedures relating to the Prophet Spider IAB."  
 
"When an access broker group takes interest in a vulnerability whose scope is so unknown, it's a good indication that attackers see significant value in its exploitation," Tony Lee, vice president of global services technical operations at BlackBerry explained. "It's likely that we will continue to see criminal groups exploring the opportunities of the Log4Shell vulnerability, so it's an attack vector against which defenders need to exercise constant vigilance."
Read more »
Security threats
Axis Breach Cyber Attacks Datatheft Security threats

Swedish Camera Giant Axis Still Recovering From Cyberattack

 

Recently Camera maker Axis has reported to the public that the company is still struggling with a cyberattack that severely disrupted its IT systems on February 20th. 

The Swedish camera giant has released a statement on its official website and said that the organization was notified from its cybersecurity and intrusion detection system on Sunday before it shut down all its public-facing facilities globally in the wake of the cyberattack. 

Following the incident, the organization has reported that in their ongoing investigation they did not witness any information regarding an attack on their customer and partner data. 

"Our ongoing investigation of the attack has come a long way but is not entirely finalized. So far, we have no indication that any customer and partner data whatsoever has been affected. As far as the investigation currently shows, we were able to stop the attack before it was completed, limiting the potential damage," Axis said on Thursday. 

Furthermore, the company added that the external services of the company have been successfully recovered from the attack, and they are working towards restoring the remaining services.

“Most prioritized external services have now been restored. Restoring the remaining services is our highest priority, together with doing it in a way that does not jeopardize security. The time of disconnected services and limited possibilities to communicate with Axis has been an unfortunate but necessary consequence. Our gradual entry into a post-attack normal is based on changes that help us avoid similar future situations,” the company added. 

The company declared the outages on Twitter handle however it did not entertain requests for further comments. On its status site Friday afternoon, the company said its Case Insight tool in the US and the Camera Station License System were dealing with partial outages.
Read more »
Subscribe to: Posts (Atom)