Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyberattacks. Show all posts
Vulnerabilities and Exploits
Artificial Intelligence Cyber flaws Cyberattacks CyberCrime Cyberhackers Cybersecurity Cyberthreats Data Breach LangChain Vulnerabilities and Exploits

LangChain Gen AI Under Scrutiny Experts Discover Significant Flaws

 


Two vulnerabilities have been identified by Palo Alto Networks researchers (CVE-2023-46229 and CVE-2023-44467) that exist in LangChain, an open-source computing framework for generative artificial intelligence that is available on GitHub. The vulnerabilities that affect various products are CVE-2023-46229. It is known as the CVE-2023-46229 or Server Side Request Forgery (SSRF) bug and is an online security vulnerability that affects a wide range of products due to a vulnerability triggered in one of these products.

It should be noted that LangChain versions before 0.0.317 are particularly susceptible to this issue, with the recursive_url_loader.py module being used in the affected products. SSRF attacks can be carried out using this vulnerability, which will allow an external server to crawl and access an internal server, giving rise to SSRF attacks. It is quite clear that this possibility poses a significant risk to a company as it can open up the possibility of unauthorized access to sensitive information, compromise the integrity of internal systems, and lead to the possible disclosure of sensitive information. 

As a precautionary measure, organizations are advised to apply the latest updates and patches provided by LangChain to address and strengthen their security posture to solve the SSRF vulnerability. CVE-2023-44467 (or langchain_experimental) refers to a hypervulnerability that affects LangChain versions 0.0.306 and older. It is also known as a cyberattack vulnerability. By using import in Python code, attackers can bypass the CVE-2023-36258 fix and execute arbitrary code even though it was tested with CVE-2023. 

It should be noted that pal_chain/base.py does not prohibit exploiting this vulnerability. In terms of exploitability, the score is 3.9 out of 10, with a base severity of CRITICAL, and a base score of 9.8 out of 10. The attack has no privilege requirements, and no user interaction is required, and it can be launched from the network. It is important to note that the impact has a high level of integrity and confidentiality as well as a high level of availability. 

Organizers should start taking action as soon as possible to make sure their systems and data are protected from damage or unauthorized access by exploiting this vulnerability. LangChain versions before 0.0.317 are vulnerable to these vulnerabilities. It is recommended that users and administrators of affected versions of the affected products update their products immediately to the latest version. 

The first vulnerability, about which we have been alerted, is a critical prompt injection flaw in PALChain, a Python library that LangChain uses to generate code. The flaw has been tracked as CVE-2023-44467. Essentially, the researchers exploited this flaw by altering the functionality of two security functions within the from_math_prompt method, in which the user's query is translated into Python code capable of being run. 

The researchers used the two security functions to alter LangChain's validation checks, and it also decreased its ability to detect dangerous functions by setting the two values to false; as a result, they were able to execute the malicious code as a user-specified action on LangChain. In the time of OpenSSL, LangChain is an open-source library that is designed to make complex large language models (LLMs) easier to use. 

LangChain provides a multitude of composable building blocks, including connectors to models, integrations with third-party services, and tool interfaces usable by large language models (LLMs). Users can build chains using these components to augment LLMs with capabilities such as retrieval-augmented generation (RAG). This technique supplies additional knowledge to large language models, incorporating data from sources such as private internal documents, the latest news, or blogs. 

Application developers can leverage these components to integrate advanced LLM capabilities into their applications. Initially, during its training phase, the model relied solely on the data available at that time. However, by connecting the basic large language model to LangChain and integrating RAG, the model can now access the latest data, allowing it to provide answers based on the most current information available. 

LangChain has garnered significant popularity within the community. As of May 2024, it boasts over 81,900 stars and more than 2,550 contributors to its core repository. The platform offers numerous pre-built chains within its repository, many of which are community-contributed. Developers can directly use these chains in their applications, thus minimizing the need to construct and test their own LLM prompts. Researchers from Palo Alto Networks have identified vulnerabilities within LangChain and LangChain Experimental. 

A comprehensive analysis of these vulnerabilities is provided. LangChain’s website claims that over one million developers utilize its frameworks for LLM application development. Partner packages for LangChain include major names in the cloud, AI, databases, and other technological development sectors. Two specific vulnerabilities were identified that could have allowed attackers to execute arbitrary code and access sensitive data. 

LangChain has issued patches to address these issues. The article offers a thorough technical examination of these security flaws and guides mitigating similar threats in the future. Palo Alto Networks encourages LangChain users to download the latest version of the product to ensure that these vulnerabilities are patched. Palo Alto Networks' customers benefit from enhanced protection against attacks utilizing CVE-2023-46229 and CVE-2023-44467. 

The Next-Generation Firewall with Cloud-Delivered Security Services, including Advanced Threat Prevention, can identify and block command injection traffic. Prisma Cloud aids in protecting cloud platforms from these attacks, while Cortex XDR and XSIAM protect against post-exploitation activities through a multi-layered protection approach. Precision AI-powered products help to identify and block AI-generated attacks, preventing the acceleration of polymorphic threats. 

One vulnerability, tracked as CVE-2023-46229, affects a LangChain feature called SitemapLoader, which scrapes information from various URLs to compile it into a PDF. The vulnerability arises from SitemapLoader's capability to retrieve information from every URL it receives. A supporting utility called scrape_all gathers data from each URL without filtering or sanitizing it. This flaw could allow a malicious actor to include URLs pointing to intranet resources within the provided sitemap, potentially resulting in server-side request forgery and the unintentional leakage of sensitive data when the content from these URLs is fetched and returned. 

Researchers indicated that threat actors could exploit this flaw to extract sensitive information from limited-access application programming interfaces (APIs) of an organization or other back-end environments that the LLM interacts with. To mitigate this vulnerability, LangChain introduced a new function called extract_scheme_and_domain and an allowlist to enable users to control domains. 

Both Palo Alto Networks and LangChain urged immediate patching, particularly as companies hasten to deploy AI solutions. It remains unclear whether threat actors have exploited these flaws. LangChain did not immediately respond to requests for comment.
Read more »
Medisecurity
Cyberattacks CyberCrime Cybersecurity CyberThreat Data Breach Data Exposure Datathreat Medisecurity

Sensitive Health Data of 12.9 Million Individuals Stolen in Cyberattack

 


One data breach has led to the exposure of several personal and medical data about 12.9 million people who have become victims of cybercrime. Several customers of MediSecure, one of Australia's leading healthcare providers, have been affected by the huge data breach. There has been a breach of data relating to prescriptions distributed by the company's systems from March 2019 to November 2023 that have been exposed. 

MediSecure, a company that provides electronic prescriptions, said today that a total of 12.9 million customer records have been stolen and that an unknown amount of these records have been uploaded online. When it first learned of the data breach on April 13, when other servers holding sensitive personal and health data were discovered to be infected with suspected ransomware, the company publicly confirmed the hack in May. 

In an attack on MediSecure, which provides medical prescriptions, almost 13 million Australians were impacted by an incident where their personal and health data was breached. Based on a comprehensive investigation into the metadata accessed by its attackers in May 2024, MediSecure has uncovered that 12.9 million individuals, who used the service from March 2019 to November 2023 for the delivery of prescriptions, were affected by the breach. 

In addition to this, information regarding patient prescriptions is stored in this database. According to the authors of this evaluation, which was published on July 18, a detailed analysis of healthcare identifiers for individuals was conducted. The dataset consists of a wide variety of information related to both personal and health issues, some of which are sensitive by nature. 

Name, title, date of birth, gender, e-mail address, home address, and phone number are the personal information requested. Individual healthcare identifiers (IHI); Medicare card number; Commonwealth Seniors card number and expiration date; Healthcare Concessions card number and expiration date; Health care concessions card number and expiration date; Department of Veterans Affairs (DVA) card number and expiration date; prescription medication, including the name of the drug, the strength, the quantity, the number of repeats and the reason for the prescription. 

It has now been announced in a statement by the Department of Home Affairs that certain details about the system breach have been revealed. There have also been several links that have been provided that give victims information on how to identify scammers and protect their personal information as well as where they may find guidance. A support program is also in place to assist those who may be distressed by the nature of the attack; mental health care is also available to those affected. 

Nevertheless, it is important to emphasize that prescriptions were not affected by this change and healthcare providers were still able to prescribe and dispense medicines accordingly. There have been further breaches at another major healthcare provider, this time in the US, so the overall cost of the breach is still being calculated. A third of Americans may be impacted by the ransomware attack that took place on Change Healthcare. 

In this case, there would be 110 million individuals who would be affected by this catastrophe. There is no doubt that this attack dwarfed the Anthem attack suffered in 2015, which involved the personal records of 78.8 million people. According to The HIPAA Journal, the projected cost of addressing the cyberattack on Change Healthcare that occurred in February is estimated to be between $2.3 billion and $2.45 billion. 

This figure, however, does not account for the expenses associated with notifying all affected customers. These cyberattacks have left millions of individuals justifiably worried that their personal information may be accessible to malicious entities who could repeatedly exploit it for fraudulent purposes.

Additionally, these incidents have significantly undermined public trust in medical providers, who are entrusted with some of the most sensitive personal details. The ramifications of these breaches extend beyond financial losses, eroding confidence in the security measures of healthcare institutions tasked with safeguarding patient information.
Read more »
Technology
Cyberattacks CyberCrime CyberThreat GPS Location Quantum Navigation Technology

Quantum Navigation as the Successor to GPS

 


The cause of the recent flight cancellations by Finnair planes flying into Estonia did not have anything to do with mechanical failures or bad weather the cause was the GPS signal not being received by the aircraft. To prevent GPS denial, an aircraft deliberately interferes with the navigation signals that it relies on as part of its navigation. 

The International Air Transport Association (IATA) has been providing maps of areas where GPS is unavailable or unreliable for a long time, and this is not a new phenomenon. Although GPS jamming and spoofing are becoming increasingly powerful weapons of economic and strategic influence around Europe, the Middle East, and Asia, there is growing concern as conflict spreads quickly across these regions.

In some conflict zones, it has been documented that adversarial nations have used false (spoofed) GPS signals to disrupt air transit, shipping, trade, or military logistics and disrupt the daily activities of the nation. There have also been recent talks about anti-satellite weapons, and these discussions have rekindled fears that deliberate actions may be planned to disrupt GPS systems to wreak havoc on the economy. So many aspects of people's lives cannot function without GPS, and they do not even think about it when they do not have it. 

In case of a GPS outage, many online services will not function properly (these rely on GPS-based network synchronization) as well as the in-vehicle Satnav not working. On the other hand, users' mobile phones will not be able to access location-based services. According to studies conducted in the United States and the United Kingdom over the past few years, An analysis by two different academic institutions recently identified that the cost of a temporary outage in economic terms was about $1 billion per day. 

However, the strategic impacts could be even greater, especially during times of war.  As the saying goes, infantry win battles, but logistics win wars, and this is a testament to this assertion. The concept that it would be almost impossible to operate military logistics supply chains without GPS, given the heavy dependence on synchronized communication networks, general command and control, and locating and tracking vehicles and materials, is almost impossible to imagine. 

The entire system relies on GPS-based information and is susceptible to disruptions in any of them at any time. Most of the large military and commercial ships as well as aircraft carry GPS backup systems for steering since it was not long ago that navigation was performed without GPS. At high latitudes and underwater, GPS signals are not always available in all settings-for example, underground and underwater. 

It has been found that GPS alternatives depend on signals that can be measured locally (for example, motion or magnetic fields, such as the magnetic field in a compass), meaning that a vessel can navigate even in the absence of GPS or if GPS cannot be trusted at all. Inertial navigation, for example, uses special accelerometers that measure the movement of the vehicle, in a similar way to how one of those in a user's mobile phone can reorient itself when rotated in a certain direction. 

Then, based on the data users notice that the vehicle is moving, and using Newton's laws, users can calculate their likely position after a considerable period. In another technique called "alt-PNT," measurements are made of magnetic and gravitational fields to determine whether the Earth's surface is different from the known variation of these fields. Certainly! Here is the expanded and formalized version of the provided paragraphs. Reliable GPS is approaching its technological limits, and emerging quantum technologies present a promising path forward. 

Ultrastable locally deployed clocks are a key component of these advancements, ensuring that communications networks remain synchronized even during GPS outages. Traditionally, communications networks relied on GPS timing signals for synchronization. However, quantum technology offers a robust alternative. At the core of this technological shift is the fundamental behaviour of atoms. 

Satellite navigation systems depend on signals reflected from space, whereas quantum navigation leverages the precise movement of a single atom tracked under cryogenic conditions. According to New Atlas, a leading science publication, quantum navigation systems operate independently within each vehicle, with measurements taken at the point of use. This method ensures that the signal remains stable and resistant to interception, as noted by Richard Claridge, a physicist at PA Consulting Group. In May, the United Kingdom conducted two distinct quantum navigation tests one aboard a Royal Navy ship and another on a small jet plane. 

Subsequently, in June, London's underground transport system served as a testing ground for this cutting-edge technology. These tests demonstrated that quantum navigation systems are resistant to jamming, underscoring the UK's pioneering role in the future deployment of this technology on a broader scale. Quantum sensors exploit the immutable laws of nature to detect previously inaccessible signals, providing unprecedented sensitivity and stability. 

Consequently, quantum-assured navigation systems offer a reliable defence against GPS outages and enable innovative new missions. The most advanced quantum navigation systems integrate multiple sensors, each detecting unique environmental signals pertinent to navigation. This approach mirrors the technology used in autonomous vehicles, which combines lidar, cameras, ultrasonic detectors, and other sensors to achieve optimal performance. The evolution of navigation begins with an improved generation of quantum inertial navigation. 

However, the capabilities of quantum sensing extend beyond traditional methods by accessing new signals that were previously challenging to detect in real-world environments. As a result, quantum navigation technology represents a significant advancement, ensuring enhanced reliability and opening new possibilities for future applications.
Read more »
Telecommunication
Cyberattacks CyberCrime Cyberfraud Cybersecurity CyberThreat Technology Telecommunication

Government Shuts Down Two Telemarketing Giants for 5.5 Million Fraudulent Calls

 


Several telemarketing entities, notably V-Con Intelligent Security and OneXtel Media, have been suspended by the Department of Telecommunications (DoT) for disseminating malicious messages through their services. According to a report by the Economic Times (ET), these two telemarketers alone were responsible for sending a record 55.5 million spam messages since January of this year. 

In light of the escalating incidence of SMS fraud within the country, the DoT has taken decisive action to suspend these two telemarketing companies, aiming to mitigate the risks associated with such scams. The DoT's directive, issued on July 15, identified V-Con Intelligent Security and OneXtel Media as platforms for sending customers malicious and phishing SMSes. Reports submitted to the Sanchar Saathi portal, particularly from the 'Chakshu' facility listed under the 'Services' section, highlighted these malicious activities. 

Comprehensive analysis of information provided by citizens enabled the DoT to make significant discoveries and undertake specific interventions. In its efforts to combat the proliferation of malicious SMS activities, the DoT has issued orders for the suspension and blacklisting of 131 Principal Entities (PEs), as well as approximately 5,000 SMS templates and 700 SMS headers linked to these activities. Despite these measures, new headers emerge, allowing fraudulent SMSes to be sent to citizens and raising ongoing concerns. 

Investigations have revealed that Onextel Media Pvt Ltd and V-Con Intelligent Security Pvt Ltd were responsible for a substantial portion of these malicious SMSes, accounting for 5.55 crore out of the 5.66 crore reported incidents. The DoT directive also mandates telecom companies to file police complaints against these telemarketers for circumventing the Distributed Ledger Technology (DLT) platform and distributing phishing messages.

The DLT platform is utilized to authenticate registered telemarketers and their messaging components, preventing unregistered entities from sending promotional messages. The DoT's actions were prompted by numerous complaints from telecom users regarding malicious SMSes. In response, the DoT employed facial recognition technology to block 6.76 lakh SIM cards and 10,296 mobile phones in Gujarat that were linked to cybercrime activities. 

Further investigations revealed financial connections between the identified companies and various organized transnational crimes, including fraudulent stock investments, prompting the Gujarat Police to launch inquiries. Despite the collaborative efforts involving telecom companies and regulatory bodies such as the Telecom Regulatory Authority of India (TRAI), the Reserve Bank of India (RBI), the Securities and Exchange Board of India (SEBI), and the Insurance Regulatory and Development Authority of India (IRDAI), significant challenges persist in curtailing spam and scam activities. The continuous evolution of spamming techniques poses a formidable challenge, necessitating ongoing adaptation and enhancement of countermeasures to effectively mitigate such threats.
Read more »
VMware Attacks
APT INC Babuk Locker Cyberattacks CyberCrime Cyberhackers Cybethreat SEXi Ransomware VMware Attacks

SEXi Ransomware Rebrands to APT INC, Continues VMware ESXi Attacks

 


SEXi ransomware group and its affiliates, which have been involved in a series of cyber-attacks that began in February of this year against several organizations, have been operating under the name "APT Inc." since June of this year. To encrypt a VMware ESXi server with a Babuk encryptor, and a Windows server with a LockBit 3 encryptor, the group uses a leaked LockBit encryptor. 

In its rebranded form, the group continues to use its original techniques of encryption whilst wreaking havoc on new victims around the world, issuing ransom demands that range from thousands to millions of dollars, all to obtain access to the victims' data. Often called Babyk, Babuk Locker is a ransomware operation that began targeting businesses in 2021, encrypting their data and stealing it in a double-extortion attack to gain cash. 

As part of the launch, SEXi is being offered as an optional add-on to the platform that targets it, as a play on its name. As noted in a statement issued by CRONUp cybersecurity researcher Germán Fernández, PowerHost CEO Ricardo Rubem confirmed that his servers had been locked up by a ransomware variant called SEXi. It has not yet been revealed exactly how the malware gained access to PowerHost's internal network. However, the ransomware variant was called SEXi. 

During its statement, Rubem said that he was clarifying that Rubem would not be paying the ransom demanded by the attackers as a form of punishment. It is worth noting that after attacking the Washington DC metropolitan police department (MPD), a ransomware gang claimed that they had shut down their operations due to pressure from U.S. law enforcement. There were several attacks carried out by threat actors in February 2024 using the leaked data encryptor Babuk that was targeted at VMware ESXi servers and the lost LockBit 3 encryption system was targeted at Windows systems. 

It was not long after the cybercriminals began their campaign of attacks and gained media attention because of an attack they launched on IxMetro Powerhost, a Chilean hosting service whose VMware ESXi servers were encrypted by the cybercriminals. In an attempt to disguise its victims' identity, the ransomware operation has been given the name SEXi based on the name of the ransom note, SEXi.txt, as well as the extension.SEXi. 

Interestingly, Will Thomas, a cybersecurity researcher, found another variant called SOCOTRA, it also used the name FORMOSA, and it also used the name LIMPOPO. As noted above, the ransomware operation uses a combination of Linux and Windows encryptors, but it is more known to target VMware ESXi-based systems. According to cyber security researcher Rivitna, the ransomware operation has rebranded itself as APT INC and continues to encrypt files with Babuk and LockBit 3 encryptors, which BleepingComputer reported they continued to use until June. 

The experts at BleepingComputer have been receiving numerous reports from victims who have been impacted by APT INC attacks in recent weeks, along with posts on our forums about their similar experiences. Threat actors have gained access to VMware ESXi servers, and they have encrypted files that are related to these virtual machines, including virtual disks, database files, and backup images used in creating the virtual machines.  The rest of the files that are part of the operating system are not encrypted at all. 

Each victim of APT INC ransomware will be assigned a random name that is not associated with their company. This name will be used for both the ransom note and the encrypted file extension. The ransom notes will contain information on how to contact the threat actors using the Session encrypted messaging application.

Notably, the session address remains consistent with the address used in previous SEXi ransom notes. BleepingComputer has reported that ransom demands can range from tens of thousands to millions of dollars. For instance, the CEO of IxMetro Powerhost publicly disclosed that the threat actors demanded two bitcoins per encrypted customer. 

Unfortunately, the encryptors used by Babuk and LockBit 3 ransomware are secure and have no known vulnerabilities, making it impossible to recover files without paying the ransom. The leaked Babuk and LockBit 3 encryptors have been repurposed to power new ransomware operations, including APT INC. The Babuk encryptors, in particular, have gained widespread adoption due to their capability to target VMware ESXi servers, which are heavily utilized in enterprise environments. 

The VMware ESXi hypervisor platform operates on Linux and Linux-like operating systems, capable of hosting multiple, data-rich virtual machines (VMs). This platform has been a favoured target for ransomware actors for several years, partly due to its extensive attack surface. According to a Shodan search, tens of thousands of ESXi servers are exposed to the Internet, most of which run older versions. This figure does not account for servers that become accessible following an initial breach of a corporate network. 

Additionally, the growing interest of ransomware gangs in targeting ESXi is attributed to the platform’s lack of support for third-party security tools. As reported by Forescout last year, unmanaged devices such as ESXi servers are prime targets for ransomware threat actors. This is due to the valuable data stored on these servers, the increasing number of exploitable vulnerabilities affecting them, their frequent exposure to the Internet, and the challenges in implementing security measures such as endpoint detection and response (EDR). 

ESXi servers represent high-value targets since they host multiple VMs, enabling attackers to deploy malware once and encrypt numerous servers with a single command. To mitigate these risks, VMware has published a guide to securing ESXi environments. Key recommendations include ensuring that ESXi software is patched and up-to-date, hardening passwords, removing servers from the Internet, monitoring network traffic and ESXi servers for abnormal activities, and maintaining backups of VMs outside the ESXi environment to facilitate recovery.
Read more »
Vulnerabilities and Exploits
Clock PoC CloudFlare CVE Cyberattacks CyberCrime Cybersecurity CyberThreat Vulnerabilities and Exploits

Breaking Down the Clock PoC Exploits Utilized by Hackers Within 22 Minutes

 


It has been shown that threat actors are swift in weaponizing available proof-of-concept (PoC) exploits in real attacks, often within 22 minutes of publicly releasing these exploits. In that regard, Cloudflare has published its annual Application Security report for 2024, which covers the period between May 2023 and March 2024 and identifies emerging threat trends. It has been observed that Cloudflare, which currently processes an average of 57 million requests per second of HTTP traffic, continues to experience an increase in scanning for CVEs, followed by command injection attacks and attempts to weaponize available proofs-of-concept. 

Attackers may exploit a new vulnerability in as little as 22 minutes after the release of a proof-of-concept (PoC), depending on the vulnerability. It has been found that between May 2023 and May 2024, Cloudflare will receive 37,000 threats, which is the most significant number since May 2023. According to Cloudflare's Application Security Report for 2024, hackers are becoming more sophisticated in their search for previously unknown software vulnerabilities, also known as CVEs. They take immediate action when they find them, identifying how to exploit them and attempting to inject commands into them to execute attacks as soon as possible. 

Several CVE vulnerabilities have recently been revealed as vulnerabilities, but hackers have already been able to exploit them within 22 minutes of their disclosure. It was reported in the open-source community that CVE-2024-27198, a vulnerability in JetBrains TeamCity, was exploited by hackers. As a result of the evaluated period, the most targeted vulnerabilities were CVE-2023-50164 and CVE-2022-33891 within Apache software, CVE-2023-29298, CVE-2023-38203, and CVE-2023-26360 within Coldfusion software, and CVE-2023-35082 within Mobile Iron software. CVE-2024-27198 is a characteristic example of how weaponization is developing at an extremely fast rate since it is a vulnerability in JetBrains TeamCity that allows authentication bypass. 

During a recent incident, Cloudflare picked up on the fact that an attacker deployed a PoC-based exploit 22 minutes after it had been published, giving defenders very little time to remediate the attack. There can only be one way of combating this speed, according to the internet firm, and that is through the use of artificial intelligence (AI) to rapidly come up with effective detection rules. As DDoS attacks continue to dominate the security threat landscape, targeted CVE exploits are becoming a greater concern as well in the coming years.

Over a third of all traffic is automated today, and there is a possibility that up to 93% of it is malicious. Approximately 60% of all web traffic now comes from APIs, but only a quarter of companies know which API endpoints they have. Moreover, enterprise websites typically have 47 third-party integrations that are part of their platform. Cloudflare has also been able to gather some valuable information from the study, which is that in the case of API security, companies are still relying on outdated, traditional methods of providing API security. 

In the case of traditional web application firewall (WAF) rules, a negative security model is typically used in the design of those rules. It is assumed that the vast majority of web traffic will be benign in this scenario. Several companies utilize a positive API security model, where strictly defined rules dictate the web traffic that is allowed, while all other access is denied. Cloudflare's network currently processes 57 million HTTP requests per second, reflecting a 23.9% year-over-year increase. The company blocks 209 billion cyber threats daily, which is an 86.6% increase compared to the previous year. These statistics underscore the rapid evolution of the threat landscape. 

According to Cloudflare's report covering Q2 2023 to Q1 2024, there has been a noticeable rise in application layer traffic mitigation, growing from 6% to 6.8%, with peaks reaching up to 12% during significant attacks. The primary contributors to this mitigation are Web Application Firewalls (WAF) and bot mitigations, followed by HTTP DDoS rules. There is an increasing trend in zero-day exploits and Common Vulnerabilities and Exposures (CVE) exploitation, with some exploits being utilized within minutes of their disclosure. 

Distributed Denial of Service (DDoS) attacks remain the most prevalent threat, accounting for 37.1% of mitigated traffic. In the first quarter of 2024 alone, Cloudflare mitigated 4.5 million unique DDoS attacks, marking a 32% increase from 2023. The motivations behind these attacks range from financial gains to political statements.
Read more »
Websites
Customer Manipulation Cyber Security Cyberattacks CyberCrime Cyberthreats Dark Patterns ICPEN Websites

Subscription Services Accused of Using 'Dark Patterns' to Manipulate Customers

 


It is a widespread practice among subscription sites to manipulate customers' behaviour around subscriptions and personal data to influence their decisions, according to a new report by two international consumer protection organizations. It is defined as the practice of guiding, deceiving, coercing, or manipulating consumers in ways that often aren't in their best interests when using an online user interface. 

An international research effort was conducted by the International Consumer Protection and Enforcement Network, along with the Global Privacy Enforcement Network, both of whom are responsible for conducting consumer protection and enforcement investigations. As a result of a review of selected websites and apps, the Federal Trade Commission and two international consumer protection networks reported that a significant portion of the websites and applications examined may be manipulative of consumers into buying products or services or revealing personal information to third parties. 

These dark patterns, and digital design techniques, can be found in most of the websites and apps examined that use these techniques. These types of strategies may be able to persuade consumers to take actions that they would not generally take. In an internet survey carried out by the Internet Society, an analysis was carried out of the websites and mobile apps of 642 traders. The study found that 75,7% of them had at least one dark pattern on their websites, and 66,8% had at least two or more dark patterns on their websites. 

An online user interface's shadow patterns are defined as the subtle, deceptive, coercive, or manipulative strategies used to steer, deceive, coerce, or manipulate users into making decisions that are not necessarily in their best interest and are rather detrimental to them. As part of the annual International Consumer Protection and Enforcement Network (ICPEN) sweep, which took place from January 29 to February 2, 2024, the 2018 Sweep was hosted by ICPEN. 

To conduct the study, participants were asked to serve as sweepers, representing 27 consumer protection enforcement authorities from 26 different countries. There has been a coordinated sweep between the ICPEN and the Global Privacy Enforcement Network (GPEN) for the very first time. In a world that is becoming increasingly global in terms of standards, regulations, and technology, GPEN is a membership-based network of over 80 privacy enforcement authorities, whose mission is to foster cross-border cooperation among privacy regulators and effectively protect personal privacy. 

Consumer protection is increasingly becoming intertwined with other spheres of the regulatory system due to the growing intersections. The assessment of the deceptive design patterns by both privacy and consumer protection sweepers who were conducting a review of website and app content demonstrated that many of these sites and apps employ techniques that interfere with the ability of individuals to make educated decisions to protect their rights as consumers and privacy. 

As a result of the analysis, the scourges rated the sites and apps from a point of view of six indicators that are characteristic of dark business practices according to the Organisation for Economic Co-operation and Development (OECD). A study conducted by ICPEN found that there were several potential sneaky practices, for example, the inability to turn off auto-renewal of subscription services by consumers, or interference with the user interface. These practices, such as highlighting a subscription that is beneficial to the trader, were particularly frequent during the survey period. 

In a recent publication, ICPEN and GPEN, a pair of organizations that are helping improve consumer protection and privacy for individuals throughout the world, have both released reports that outline their findings. On the ICPEN's website, users will find the report, and on the GPEN's website, they will find the report. GPEN has released a companion report exploring black patterns that could encourage users to compromise their privacy as a result of them. The majority of the more than 1,00 websites and apps analyzed in this study used a deceptive design practice in the development of their websites. 

As many as 89 per cent of these organizations had privacy policies that contained complex and confusing language. In addition to interface interference, 57 per cent of the platforms made the option with the least amount of privacy protection the easiest one to pick, and 42 per cent used words that could influence users' opinions and emotions in the privacy choices. The subtle cues that influence even the most astute individuals can lead to suboptimal decisions. 

These decisions might be relatively harmless, such as forgetting to cancel an auto-renewing service, or they might pose significant risks by encouraging the disclosure of more personal information than necessary. The recent reports have not specified whether these dark patterns were employed illicitly or illegally, only confirming their presence. This dual release underscores the critical importance of digital literacy as an essential skill in the modern age. Today's announcement coincides with the Federal Trade Commission (FTC) officially assuming the 2024-2025 presidency of the International Consumer Protection and Enforcement Network (ICPEN).

ICPEN is a global network of consumer protection authorities from over 70 countries, dedicated to safeguarding consumers worldwide by sharing information and fostering global enforcement cooperation. The FTC has long been committed to identifying and combating businesses that utilize deceptive and unlawful dark patterns. In 2022, the FTC published a comprehensive staff report titled "Bringing Dark Patterns to Light," which detailed an extensive array of these deceptive practices. 

The Federal Trade Commission collaborates with counterpart agencies to promote robust antitrust, consumer protection, and data privacy enforcement and policy. The FTC emphasizes that it will never demand money, issue threats, instruct individuals to transfer funds, or promise prizes. For the latest news and resources, individuals are encouraged to follow the FTC on social media, subscribe to press releases, and subscribe to the FTC International Monthly.
Read more »
Technology
Authenticity Cyberattacks CyberCrime Cyberhackers CyberThreat F-15 F-35 Fighter Jets Technology

Chinese Expert Confirms Authenticity of Leaked F-35 and F-15 Documents

 


One of the key findings of a Chinese expert on information security is the authenticity of recent documents that leaked information on the F-35 fighter jet and sensitive US weapons. According to the expert, the documents appear authentic. Ivan Ivanov, an alleged Russian pilot with the handle Fighterbomber, claimed to be a Telegram encrypted messaging service user. He argued that an American company had provided him with 250 gigabytes of US military data between the two countries. 

It was published on July 2 by Fighterbomber on their YouTube channel, which has more than 500,000 subscribers. A day later, on July 3, he uploaded more leaked data to the YouTube channel. There are still a few documents that can be downloaded from the uploaded folder. When it came to gaining information about a potential adversary's military secrets, the intelligence community once had gone to great lengths. 

In the early 1980s, the U.S. Central Intelligence Agency (CIA) spent several years attempting to acquire a Soviet T-72 main battle tank (MBT), while it reportedly paid $5,000 to the Afghan Mujahedeen for capturing the first AK-74 assault rifle. It has been reported that several documents have been leaked, including F-35 aircraft manuals and documents concerning the F-15, its modifications, weapons systems, and the Switchblade drone and precision-guided missiles. 

Tang said, the documents are detailed and their format is similar to other US military information that has also been leaked on the web earlier this year. There is no doubt that these documents are not strictly blueprints or design documents, and only professionals can truly assess their actual value. In response to the leaks, military enthusiasts have been discussing how they could now construct a fighter jet in the garage if they had the right parts. 

 As the Chinese aviation blogger Makayev mentioned on his video channel, there appear to be three distinct categories when it comes to aircraft leaks. First, there are flight manuals, maintenance manuals, and aircrew weapons delivery manuals for the F-15SA, the version of the aircraft sold to Saudi Arabia over a decade ago. There are two types of manuals in the collection: the first is for the engine maintenance manual for the F110 engine that is used in the F-15SA, and the second is for the precision-guided missile user manuals. 

It appears that these texts are more likely to be simplified introductions to the design processes than detailed descriptions. They are likely to be orientated toward maintenance personnel and less likely to offer insights that could benefit China's mature military aviation industry, according to Makayev. As other commentators have pointed out, despite the Russian pilot's claim of having access to 250 gigabytes of data, additional manuals regarding aircraft maintenance and weapon designs may still be released later in the future, including some that may disclose the aircraft's weaknesses, especially given the pilot's assertion that he has access to 250 gigabytes. 

As Tang pointed out, there were several possibilities for the leaks, including a breach from a US defence firm or a third party pretending to be one of them. There were some parts of the F-35 documents that were partially redacted, which may indicate that they had already been declassified by that point. The official secrecy surrounding the older F-15 is lower, according to Tang, because it is regarded as a less valuable model. 

Tang stated that similar leaks were unlikely to occur in China, attributing this to the country's robust data security and confidentiality laws. According to Tang, the effectiveness of these policies, when properly implemented by security departments, would ensure that any potential breaches could be effectively contained. An anonymous expert from a Chinese military research institution emphasized that the institution regularly conducts data security training and evaluations. 

These measures were designed to ensure strict compliance with confidentiality obligations and to maintain the highest standards of data protection. Rising Information Technology, through a WeChat post, advised the public against downloading suspicious documents. The advisory warned that hackers might exploit popular events to disseminate viruses. It cautioned that downloading malicious documents could lead to devices being infected with ransomware or Trojan viruses, thus posing significant risks to users' data security.
Read more »
Privacy
Banks Cyberattacks CyberCrime Cyberhackers CyberThreat Digital Token OTP Passwords Privacy

Singapore Banks Phasing Out OTPs in Favor of Digital Tokens

 


It has been around two decades since Singapore started issuing one-time passwords (OTPs) to users to aid them in logging into bank accounts. However, the city-state is planning to ditch this method of authentication shortly. Over the next three months, major retail banks in Singapore are expected to phase out the use of one-time passwords (OTP) for account log-in by digital token users as part of their transition away from one-time passwords. 

With an activated digital token on their mobile device, customers will need to either use the token to sign in to their bank account through a browser or the mobile banking app on their mobile device. In a joint statement on Tuesday (Jul 9), the Monetary Authority of Singapore (MAS) and The Association of Banks (ABS) said that, while the digital token is designed to authenticate customers' logins, there will not be an OTP needed to prove identity, which scammers can steal or trick victims into disclosing. 

There is also a strong recommendation to activate digital tokens by those who haven't already done so, as this will greatly reduce the chance of having one's credentials stolen by unauthorized personnel. According to The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS), within the next three months, major retail banks in Singapore will gradually phase out the use of One-Time Passwords (OTPs) to log into bank accounts by customers who are using digital tokens. 

By doing this, the banks hope to better protect their customers against phishing attacks - at the very least against scams in which scammers get their customers to divulge their OTPs. To secure bank accounts, MAS and ABS encourage the use of digital tokens - apps that run on smartphones and provide OTPs - as a source of second-factor authentication, as opposed to software programs that are installed on computers. 

There will be better protection for them against phishing scams since they have been among the top five scam types over the past year, with at least SGD 14.2 million being lost to these scams, as outlined in the Singapore Police Force Annual Scams and Cybercrime Brief 2023, which was released in January of this year. When customers activate their digital tokens on their mobile devices, they will have to use these tokens when logging in to their bank accounts through the browser or by using the mobile banking app on their mobile devices. 

With the help of the token, scammers will be unable to steal your OTP, which customers may be tricked into revealing, or steal non-public information about themselves that they will be asked to provide. To lower the chances of having identity credentials phished, MAS and ABS have urged customers who haven't activated their digital token to do so, so that they don't become a victim of identity theft. The use of One Time Passwords (OTPs) has been used since early 2000 as a multi-factor authentication option to strengthen the security of online transactions. 

Nevertheless, technological advancements and more sophisticated social engineering tactics have since made it possible for scammers to manipulate phishing requests for customers' OTPs with more ease, such as setting up fake bank websites that closely resemble real banks' websites and asking for the OTP from them. As a result of this latest step, the authentication process will be strengthened, and it will be harder for scammers to trick customers out of money and funds by fraudulently accessing their accounts using their mobile devices without explicit authorization. 

During the 2000s, one-time passwords were implemented as a means to enhance the security of online transactions to strengthen multi-factor authentication. MAS and ABS have both warned consumers to be cautious about phishing for their OTP as a result of technological improvements and increasingly sophisticated social engineering techniques. There have been several phishing scams in Singapore over the past year, with at least $14.2 million lost to these scams, according to records released by the Singapore Police Force earlier this month. 

It is expected that this latest measure will enhance authentication and will ensure that scammers will not be able to fraudulently access a customer's accounts and funds without the explicit permission of the customer using their mobile devices," they commented. According to ABS Director Ong-Ang Ai Boon, this measure may cause some inconveniences for some consumers, but it is essential to help prevent unscrupulous suppliers and protect customers in the long run. 

The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) announced a collaborative effort to strengthen protections against digital banking scams. This initiative involves the gradual phasing out of One-Time Passwords (OTPs) for bank logins by customers utilizing digital tokens on their mobile devices. This rollout is anticipated to occur over the next three months. MAS, represented by Loo Siew Yee, Assistant Managing Director (Policy, Payments & Financial Crime), emphasized their ongoing commitment to safeguarding consumers through decisive action against fraudulent digital banking activities. 

The elimination of OTPs aims to bolster customer security by mitigating the risks associated with phishing attacks. Phishing scams have evolved alongside advancements in technology, enabling fraudsters to more effectively target customer OTPs. They often achieve this by creating deceptive websites that closely mimic legitimate banking platforms. ABS, represented by Director Ong-Ang Ai Boon, acknowledged that this measure might cause minor inconveniences. 

However, they firmly believe such steps are essential to prevent scams and ensure customer protection. MAS, through Ms. Loo, reaffirmed the significance of maintaining good cyber hygiene practices in conjunction with this latest initiative. Customers are urged to remain vigilant and safeguard their banking credentials at all times. MAS and ABS jointly urge customers who haven't activated their digital tokens to do so promptly. 

This action minimizes the vulnerability of their credentials to phishing attempts. By implementing this multifaceted approach, MAS and ABS aim to create a more secure digital banking environment for customers in Singapore.
Read more »
Yemeni
Cyberattacks Cyberhackers CyberThreat Cyebrcrime Military Phones Privacy. SMS Yemeni

Yemeni Hackers Unmasked Spying on Middle Eastern Military Phones

 


According to researchers at MIT, a Yemeni hacking group has been eavesdropping on the phone calls of military personnel in the Middle East, the latest example of mobile surveillance becoming prevalent in conflicts around the world as a result of the proliferation of mobile technologies. According to new research, American Shia Islamist allies of an organization that operates in Yemen have been using surveillance technology to target militaries in a range of countries throughout the Middle East since 2019. It has been discovered that a threat actor aligned with the Houthis has used malware known as GuardZoo to steal photos, documents, and other files from devices infected with the malware, researchers at Lookout reported in a report posted Tuesday. 

A majority of the roughly 450 victims, according to unprotected controller logs, were found in Yemen, Saudi Arabia, Egypt, and Oman. In contrast, a smaller number were found in the United Arab Emirates, Turkey, and Qatar, based on unsecured server logs. There was a civil war between Houthis and Arab soldiers in the city of Sanaa in 2014 when they took control. This led to a famine in the city. According to human rights groups, there have been a series of arbitrary arrests, torture, and enforced disappearances in Yemen since June 2019, following a controversial Saudi-led intervention there. 

According to Lookout, the campaign is believed to have started as early as October and has been attributed to a threat actor aligned with the Houthi militia, based on information such as the application lures, control-and-control server logs, targets, and the location of the attack infrastructure, and Lookout confirmed this. Lookout says its surveillance tool draws its name from a piece of source code that persists on an infected device for a long period. 

According to the report, the malware not only steals photos and documents from an infected device, but it can also "coordinate data files related to marked locations, routes, and tracks" and can identify the location, model number, cellular service provider, and configuration of a Wi-Fi enabled device. Developed by Symantec, the GuardZoo Java application is a modified version of a remote access trojan (RAT) called Dendroid RAT which was originally discovered in March 2014 by Broadcom-owned Symantec. Earlier in August, it had been revealed that there had been a leak of the entire source code for the crimeware solution. 

This piece of malware was first sold for a one-off price of $300, but the capabilities it offers go far beyond what is expected from commodity malware. It is equipped with phone numbers and call logs that can be deleted, web pages that can be accessed, audio and call recordings, SMS messages that can be accessed, and even HTTP flood attacks. The researchers from Lookout said in a report shared with us that the code base underwent many changes, new functionalities were added and unused functions were removed. They added that many changes had been made for the betterment of the code base. As Guardzoo says in a statement, the command and control (C2) backend is no longer based on Dendroid RAT's leaked PHP web panel but rather uses an ASP.NET-based backend created specially for C2. 

After embarking on a military campaign against the then government in 2014, the Houthi movement became internationally known when it caused that government's fall, and set off the post-war humanitarian crisis that followed. Iran backs this group, and they have been fighting against a Saudi-backed military force for years. The militant group recently carried out a series of crippling attacks against international ships transiting the Strait of Hormuz in retaliation for Israel's military operation in Gaza, which has put a strain on international shipping.   

There has been an increase in the use of cyber capabilities by the Houthis in recent years. Researchers from Recorded Future have observed hackers with likely ties to the Houthis carrying out digital espionage campaigns that were carried out using WhatsApp as a method of sending malicious lures to targeted individuals last year.   On Tuesday, Lookout's report revealed that an ongoing campaign not only relied on direct browser downloads but also utilized WhatsApp to infect its targets. Lookout’s senior security researcher, Alemdar Islamoglu, noted that the group behind this campaign, which had not been previously observed by their researchers, showed a particular interest in maps that could disclose the locations of military assets. 

The campaign predominantly employed military themes to attract victims. However, Lookout researchers also identified the use of religious themes and other motifs, including examples such as a religious-themed prayer app or various military-themed applications. Additionally, Recorded Future released a report on Tuesday concerning a group likely affiliated with pro-Houthi activities, which they have named OilAlpha. This group continues to target humanitarian organizations operating in Yemen, including CARE International and the Norwegian Refugee Council. The report noted that military emblems from various Middle Eastern countries, such as the Yemen Armed Forces and the Command and Staff College of the Saudi Armed Forces, were used as lures in military-themed applications. 

Recorded Future’s Insikt Group documented that OilAlpha is targeting humanitarian and human rights organizations in Yemen with malicious Android applications. The group's objective appears to be the theft of credentials and the collection of intelligence, potentially to influence the distribution of aid. The Insikt Group first detected this exploit in May, with CARE International and the Norwegian Refugee Council among the affected organizations.
Read more »
Mobile Encryption
Cyber Security Cyberattacks CyberCrime cybercriminals CyberThreat Europol Mobile Encryption

Mobile Encryption Innovation Aids Criminals, Europol Reports

 


Europol has proposed solutions to address some of the challenges posed by privacy-enhancing technologies found in Home Routing, which pose a challenge for law enforcement agencies in intercepting communications during criminal investigations as a result of these technologies. There was a previous report by the agency in its Digital Challenges series in which it discussed the difficulty of gathering admissible evidence during investigations due to end-to-end encryption on communication platforms. 

This is the name given to an in-home routing system used by telecommunications companies to allow customers to send traffic to their home network, from calls, messages, and internet data, even when they are away from home. In a new report that was published by the EU Innovation Hub for Internal Security, it was examined how users can uphold citizens' privacy while simultaneously facilitating criminal investigations and prosecutions. 

There is no doubt that encryption is one of the most important means by which private communications may be protected. Meanwhile, it is also conducive to allowing threat actors to always remain hidden from the eyes of law enforcement to carry out their malicious activities. Companies must understand the needs, challenges, and priorities of their stakeholders within the Justice and Home Affairs (JHA) community to take the necessary measures to preserve the fundamental rights of the citizens of Europe while maintaining a safe environment. 

The privacy-enhancing technologies (PETs) that can be applied in Home Routing support data encryption at the service level, and the devices that are subscribed in the home network exchange session-based keys with the provider. In the case of the home network provider using PET technology, all traffic remains encrypted, as the key is inaccessible to both the home network's backend and the visiting network, which serves as a forwarder. It is due to this setup that authorities are prevented from obtaining evidence through the use of local Internet service providers (ISPs) as part of lawful interception activities. 

It explains that by implementing Home Routing, any suspect using a foreign SIM card cannot be intercepted after that device is deployed, says the European agency in a press release. If this is the case, then it may be necessary for police forces to rely on the cooperation of foreign service providers or issue a European Investigation Order (EIO), which can take significantly longer than it would normally take to complete an investigation, especially in cases where emergency interceptions are required; for example, replying to an EIO can take up to four months in most cases. 

There is no doubt that criminals are aware of this loophole in the law and are exploiting it to avoid being caught by law enforcement in their respective countries, as summarized by the European agency. The European Union's law enforcement agency Europol is appealing to stakeholders to consider two possible solutions that would effectively eliminate delays and procedural frictions associated with lawful communication interceptions. 

One of the first variants being considered is the enforcement of a regulation in the European Union that disables PE in the home routing protocol. It will be possible for domestic service providers to intercept calls made by individuals who are using foreign SIM cards but they will not have to share information about the person of interest with outside parties. A spokesperson for the agency said that by using this solution, both roaming subscribers, as well as subscribers in their local area, will be able to take advantage of the same level of encryption as communication through their national SIM card. 

However, subscribers abroad do not benefit from the added encryption of their home country, which is included in the subscription package. Furthermore, there is a second proposal where companies propose implementing a cross-border mechanism that allows law enforcement agencies within the European Union to issue interception requests that are promptly handled by the service providers to assist law enforcement agencies. Europol has identified two potential solutions to address the challenges posed by Home Routing and mobile encryption in criminal investigations. 

The first solution allows Privacy-Enhancing Technologies (PET) to be enabled for all users. However, this could result in a service provider in another EU member state learning about individuals of interest in an investigation, which may not be desirable. The second proposed solution involves establishing a mechanism for rapidly processing interception requests from service providers in other EU member states. Europol emphasizes that these two solutions are merely possible avenues for safeguarding and maintaining existing investigatory powers. 

The agency's goal is to highlight the impact that Home Routing encryption has on investigations, urging national authorities, legislatures, and telecommunications service providers to collaborate in finding a viable solution to this problem.
Read more »
Privacy
Cyberattacks CyberCrime Cybernews CyberThreat Data threats Hacking ObamaCare Password Privacy

Hackers Leak 10 Billion Passwords How Users Should Respond

 


Several months ago, security researchers discovered the world's largest collection of stolen passwords and credentials had been uploaded to an infamous criminal marketplace where cybercriminals would trade such credentials for a considerable amount of money. A hacker known as 'ObamaCare' has posted a database which, according to the hacker, contains nearly 10 billion unique passwords built over many years as a result of numerous data breaches and hacks he has been spreading across the web for several years. 

'ObamaCare', a user identified as 'ObamaCare', posted on a popular hacking forum on Thursday a collection of leaked passwords known as 'RockYou2024'. In the past, 'ObamaCare' has outsourced stolen data on the internet several times and it is not the first time they have done so. According to the report, the user had previously shared a database of Simmons & Simmons employees, a lead from the online casino AskGamblers, and applications from Rowan College in New Jersey before taking down the reports. 

The researchers at CyberNews have reported that on July 4, 2014, a hacker using the handle "ObamaCare" posted a file on a hacking forum that contained 9,948,575,739 unique plaintext passwords. The password dump that was recently found on the web is a more recent version of the "RockYou2021" data leak collection that surfaced in June 2021. 

In that particular instance, there were 8.4 billion unique passwords within the stolen collection of passwords at the time. This goldmine of thousands of unique passwords has been expanded by cybercriminals since 2021. The goldmine now includes 1.5 billion new and unique passwords added by these cyber criminals. “The team verified the leak passwords by cross-referencing the RockYou2024 leak passwords with a leaked password checker provided by Cybernews, which showed that these passwords were obtained from a mix of both old and new leaks,” Cybernews researchers wrote. 

There seem to have been a record number of stolen and leaked credentials discovered on the BreachForums criminal underground forum by security researchers from Cybernews. This collection has been the largest collection that has ever been seen on that site. A compilation of RockYou2024 appears to consist of an astonishing 9,948,575,739 unique passwords, all in plaintext form, with a total of 9,948,575,739 passwords. 

The database is said to have been built from an earlier credentials database called RockYou 2021, which contained eight billion passwords, and that has been added to with roughly 1.5 billion new passwords. The credential files cover a period to be measured between the years 2021 and 2024, and a total of 4,000 huge databases of stolen credentials have been estimated to contain information spanning a minimum of two decades in the latest credential file. 

Researchers stated that, in essence, the RockYou2024 leak contains a compilation of passwords that are used by people around the world. They also stated that, according to the researchers, the number of passwords used by threat actors is very large, which translates into a substantial risk of credential-stuffing attacks. There are several ways in which credential stuffing and brute force attacks can be mounted on passwords that have been leaked in such datasets. In credential stuffing attacks, the criminal acts by which they use passwords that have been stolen from one device or account to gain access to another device or account are described as the practice of the criminals. 

There is a premise at the foundation of this attack that users often have a single password for all of their accounts and devices, which allows criminals to access their account information, including other accounts or all their accounts, using that password. It is a process of using trial and error methods to try and guess sign-in information, passwords, and encryption keys for network systems. This is called a brute force attack. In a report published by Cybernews, the researchers said the database, which can be used to target all sorts of services, from online to offline, to internet-facing cameras and industrial hardware, is among the data. 

"By combining the data from RockYou2024 with other leaked databases from hacker forums, marketplaces, and other places where electronic mail addresses and other credentials can be published, it has the potential to trigger a cascade of data breaches, identity thefts, and financial frauds," the researchers stated. The multi-platform password manager that Bitdefender offers offers numerous benefits, including automatic password leak alerts that alert you as soon as your passwords and emails have been exposed online, with the ability to change them immediately. 

Users are advised to utilize a digital identity protection service to monitor their online identity and receive real-time alerts about data breaches and leaks involving their online information. One such service, Bitdefender Digital Identity Protection, offers a comprehensive solution for identity protection. Bitdefender Digital Identity Protection enables users to respond immediately to data breaches and privacy threats. 

Through instant alerts, users can take swift action to prevent damage, such as changing passwords with one-click action items. The service provides real-time monitoring by continuously scanning the internet and the dark web for personal information. Users receive alerts whenever their data is involved in a data breach or leak. Additionally, Bitdefender Digital Identity Protection offers peace of mind by immediately flagging suspicious activity and actively monitoring personal information. Users can rest assured that their digital identity is under constant surveillance. 

Furthermore, the service provides a 360° view of all data associated with a user’s digital footprint. This includes traces from services no longer in use but still retaining the user’s data. Users can also send requests for data removal from service providers, ensuring a more secure online presence. Overall, Bitdefender Digital Identity Protection is recommended for users seeking to safeguard their online identity and stay informed about potential security threats in real-time.
Read more »
Technology
Artificial Intelligence Cyberattacks CyberCrime Cyberhackers Cyberthreats Robotics South Korea Technology

Robot 'Suicide' in South Korea Raises Questions About AI Workload

 


At the bottom of a two-meter staircase in Gumi City Council, South Korea, a robot that worked for the city council was discovered unresponsive. There are those in the country who label the first robot to be built in the country as a suicide. According to the newspaper, a Daily Mail report claims that the incident occurred on the afternoon of June 20 around 4 pm. When the shattered robot was collected for analysis and sent to the company for examination, city council officials immediately contacted Bear Robotics, a California-based company, that made the robot. 

However, the reason behind the robot's erratic behaviour remains unknown. This robot, nicknamed "Robot Supervisor", was found piled up in a heap at the bottom of a stairwell between the first and second floors of the council building, where it was hidden from view. There were descriptions from witnesses that the robot behaved strangely, "circling in a certain area as if there was something there" before it fell to Earth untimely. It was one of the first robots in the city to be assigned this role in August 2023, with the robot being one of the first to accomplish this task. 

According to Bear Robotics, a startup company based out of California that develops robot waiters, the robot works from 9 am to 6 pm daily. Its civil service card validates its employment status. A difference between other robots and the Gumi City Council robot, which can call an elevator and move independently between different floors, is that the former can access multiple floors at the same time, whereas the latter cannot. 

Following the International Federation of Robotics (IFR), South Korea's industry boasts the highest robot density of any country in the world, with one industrial robot for every ten workers, making it one of the most robotic industries in the world. It has however been announced by the Gumi City Council that as a result of the recent incident, the city will not be adopting a second robot officer at present due to a lack of information. 

During the aftermath of the incident, there has been a debate in South Korea about how much work robots must do to function. Users are seeing a flurry of discussion on social media about what has been reported as a suicidal act by a robot, which has sparked debate about the pressures that humans experience at work. After the incident occurred, a major debate erupted as to how much burden the robot was supposed to handle. 

It has been employed since August 2023, a resident assistant called "Robot Supervisor" has been a very useful employee who can handle a wide range of tasks, from document delivery to assisting residents with their tasks. Following this unexpected event, there have been numerous discussions and focuses regarding the intense workload of this organization and the demands that are placed on it by these demands. South Korea has been taking an aggressive approach to automating society with its ambitious robot - a product developed by Bear Robotics, a California-based startup. 

Despite the large number of robots present in industrial settings in the county, this incident has sparked concern over the possibility that they will expand beyond factories and restaurants to serve a wider range of social functions as well. In the past few years, a growing number of companies have been investing in robots to take on roles beyond that of traditional workplaces, which has sparked public interest in this area. Various media outlets have been speculating about the outcome of the 2018 election, with a wide range of opinions and predictions. In a groundbreaking development, a robot's apparent act of self-destruction in South Korea has triggered profound contemplation and contentious discourse regarding the ethical and operational ramifications of employing robots for tasks traditionally undertaken by humans. 

The incident, believed by some to be a manifestation of excessive workload imposed on the machine, has prompted deliberations on the boundaries and responsibilities associated with integrating advanced technologies into daily life. Following careful consideration, the Gumi City Council has opted to suspend its initiatives aimed at expanding the use of robots. This decision, originating from a municipality renowned for its robust embrace of technological innovation, symbolizes a moment of introspection and critical reevaluation. 

It signifies a pivotal juncture in the ongoing dialogue about the role of automation and the deployment of artificial intelligence (AI) in contemporary societal frameworks. Undoubtedly tragic, the incident has nevertheless catalyzed substantive discussions and pivotal considerations about the future dynamics between robots and humanity. Stakeholders are now compelled to confront the broader implications of technological integration, emphasizing the imperative to navigate these advancements with conscientious regard for ethical, societal, and practical dimensions. The aftermath of this event serves as a poignant reminder of the imperative for vigilance and discernment in harnessing the potential of AI and robotics for the betterment of society.
Read more »
Fintech Frenzy
Cyber Victim Cyberattacks CyberCrime Data Breach Evolve Breach Fintech Fintech Frenzy

Fintech Frenzy as Affirm and Others Emerge as Victims in Evolve Breach

 


The recent attack on one of the largest financial services providers has led to a problem for many companies that work with the provider, two of which have already alluded to possible negative implications for customer data due to the attack. There has been a strong rumour that the LockBit group successfully hacked the US Federal Reserve earlier last week, which has caused the group to receive some undue attention. A breach had also occurred at the far lesser Evolve Bank & Trust, a far less serious breach. Memphis-based Evolve has released a statement regarding the incident. 

According to the statement, the attack was triggered by an Evolve employee clicking on a malicious phishing link sent to him in late May. Even though the attackers did not access most of the cash that customers had in their accounts, the hackers had access to and downloaded their personal information from databases and a file share. Furthermore, the company encrypted some of its data, but since backups were made, the company had to deal with limited loss of data and impact on its operations. Several days ago, the Federal Reserve Board announced that it would enforce the anti-money laundering, risk management, and consumer compliance programs of Evolve Bank & Trust. It accused the company of deficiencies in these areas, as well as other areas. 

In a statement the Federal Reserve published in February 2023, the Fed noted that examinations conducted in 2023 found that Evolve had a risk-management program and controls that were not adequate to comply with anti-money laundering laws and consumer protection laws. According to Stephen Gates, principal security SME for Horizon3.AI, the biggest decision any organization needs to make once they have experienced a breach is what to do about what they are going to do next once the smoke begins to clear. 

A regulated bank, Evolve Bank & Trust, provided USD account details, between 2020 and 2023 as part of the contract with the bank. Recently, Wise has been the victim of a data breach involving the personal information of perhaps some of the company's customers. Wise customers need identifying information for Evolve Bank & Trust to provide USD account details. Information that the company shared with Evolve Bank & Trust to provide USD account details, such as names, addresses, dates of birth, contact info, SSNs or EINs for US customers, or another document number for non-US customers. Neither Evolve nor the company has confirmed what data was affected. 

The LockBit ransomware group recently attacked Evolve Bank, an Arkansas-based financial institution. The attack resulted in data leaks on the Dark Web. After claiming to have hacked the US Fed earlier this week, LockBit got a lot of attention. When LockBit posted a threat to release "33 terabytes of juicy banking information containing Americans' banking secrets" if a ransom was not paid, it released some of the stolen data. At the end of the month, LockBit was kicked out of Evolve's system. 

As soon as the victim wouldn't pay the ransom, the group leaked the information. It's also a payments processor, and it offers business-to-business (B2B) banking-as-a-service (BaaS) and business-to-consumer (B2C) banking-as-a-service. More victims are coming forward of the breach, which has affected more than just its direct customers. The multibillion-dollar London-based fintech company Wise, according to a statement released last week, disclosed its partnership with Evolve Bank & Trust from 2020 to 2023. 

During this period, Wise collaborated with Evolve to "provide USD account details" to its customers. To facilitate this service, Wise shared sensitive customer information with Evolve, including names, addresses, dates of birth, contact details, and identification numbers, such as employer identification numbers and Social Security numbers. Wise indicated that this data "may have been involved" in Evolve's recent security breach. Similarly, the buy now, pay later (BNPL) company Affirm, which utilizes Evolve for the issuance and servicing of its Affirm Cards, reported potential exposure of customer information. 

Although Affirm clarified that customers' cards remained unaffected, the personal data shared with Evolve posed a significant concern. In an 8-K filing with the Securities and Exchange Commission (SEC), Affirm stated, "The full scope, nature, and impact of the incident on the Company and Affirm Card users, including the extent to which there has been unauthorized access to Affirm Card user Personal Information, are not yet known." Evolve's breach has prompted many of its other prominent partners in the financial services industry, including Stripe and Shopify, to investigate the potential impact on their customers' data. The situation remains under scrutiny as these companies assess whether their customers' sensitive information has been compromised.
Read more »
Subscribe to: Posts (Atom)