Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Secure. Show all posts
Security
Cyber Fraud CyberCrime Hackers Miami-Dade police officers prosecutors Safety Secure Security

Hackers Target Police Officers and Prosecutors in Miami-Dade

 

The police officers in North Miami Beach were misled by a counterfeit email masquerading as an official communication from the Miami Dade State Attorney's Office, as per sources knowledgeable about the scheme.

Utilizing the guise of an SAO investigator probing human trafficking, a scammer circulated the fraudulent email, successfully duping several employees of the North Miami Beach Police Department earlier this week, according to insiders.

Addressing the incident, city authorities issued a statement acknowledging that a handful of email accounts had fallen victim to a phishing scam, impacting multiple government entities. They assured that steps had been taken to regain control of the compromised accounts.

The city affirmed that neither the network nor the data had been affected by the breach, which was confined to email accounts. Investigations into the security breach were ongoing. The SAO also released a statement detailing a "highly sophisticated phishing attempt" aimed at their computer information system, which was detected and neutralized on February 13th.

The perpetrator employed "exceptional electronic reproductions of genuine SAO materials" in the email, designed to entice users into opening what appeared to be authentic documents from SAO personnel, as stated in the SAO's statement.

The incident serves as a stark reminder of the importance of vigilance in cybersecurity. Despite appearances, malicious emails can be highly deceptive, emphasizing the need for users to scrutinize links and documents for authenticity before clicking on them.
Read more »
Security
Cyber Attacks Data Data Safety data security Safety Secure Security

Okta: Cyber Attackers Target IT Help Desks to Compromise Super Admin and Disable MFA

 

Okta, a leading identity and access management firm, has issued a warning regarding a series of social engineering attacks aimed at IT service desk agents of U.S.-based clients. 

The attackers' primary objective was to deceive these agents into resetting multi-factor authentication (MFA) for high-privileged users.

Their ultimate aim was to gain control of Okta Super Administrator accounts, which hold significant privileges. This access would enable them to exploit identity federation features, allowing them to impersonate users within the compromised organization.

Okta has shared specific indicators of compromise based on observed attacks spanning from July 29 to August 19.

According to Okta, before contacting the IT service desk of a target organization, the attackers either possessed passwords for privileged accounts or managed to manipulate the authentication process within the Active Directory (AD).

Once a Super Admin account was successfully compromised, the threat actors took further precautions by utilizing anonymizing proxy services, adopting a new IP address, and employing a different device.

The hackers, leveraging their administrative access, proceeded to elevate privileges for other accounts, reset enrolled authenticators, and even removed two-factor authentication (2FA) protection for select accounts.

In Okta's words, "The threat actor was observed configuring a second Identity Provider to act as an "impersonation app" to access applications within the compromised Org on behalf of other users. This second Identity Provider, also controlled by the attacker, would act as a “source” IdP in an inbound federation relationship (sometimes called “Org2Org”) with the target"

Using this 'source' Identity Provider, the attackers altered usernames to match those of real users within the targeted IdP. This manipulation allowed them to impersonate the desired user, granting them access to applications through the Single-Sign-On (SSO) authentication mechanism.

To safeguard admin accounts from external threats, Okta recommends the following security measures:

  • Enforce phishing-resistant authentication using Okta FastPass and FIDO2 WebAuthn.
  • Require re-authentication for privileged app access, including Admin Console.
  • Implement robust authenticators for self-service recovery and restrict them to trusted networks.
  • Streamline Remote Management and Monitoring (RMM) tools and block unauthorized ones.
  • Enhance help desk verification with visual checks, MFA challenges, and manager approvals.
  • Activate and test alerts for new devices and suspicious activity.
  • Limit Super Administrator roles, implement privileged access management, and delegate high-risk tasks.
  • Mandate admins to sign-in from managed devices with phishing-resistant MFA and limit access to trusted zones.

Okta's advisory includes additional indicators of compromise, such as system log events and workflow templates pointing to malicious activity at various stages of the attack. Additionally, the company provides a list of IP addresses associated with observed attacks between June 29 and August 19.
Read more »
Zoom Security
Data Data Breach Data Consent Privacy Safety Secure Security Zoom Zoom Security

Zoom Refutes Claims of AI Training on Calls Without Consent

 

Zoom has revised its terms of service following concerns that its artificial intelligence (AI) models were being trained on customer calls without consent, leading to a backlash. 

In response, the company clarified in a blog post that audio, video, and chats would not be utilized for AI purposes without proper consent. This move came after users noticed modifications to Zoom's terms of service in March, which raised worries about potential AI training.

The video conferencing platform took action to enhance transparency, asserting that it had introduced changes to address the concerns. 

In June, Zoom introduced AI-powered features, including the ability to summarize meetings without recording the entire session. These features were initially offered as a free trial.

However, experts raised concerns that the initial phrasing of the terms of service could grant Zoom access to more user data than necessary, including content from customer calls. 

Data protection specialist Robert Bateman expressed apprehension about the broad contractual provisions that granted considerable data usage freedom to the service provider.

Zoom later amended its terms to explicitly state that customer consent is required for using audio, video, or chat content to train their AI models. This alteration was made to ensure clarity and user awareness.

AI applications are software tools designed to perform intelligent tasks, often mimicking human behavior by learning from vast datasets. Concerns have arisen over the potential inclusion of personal, sensitive, or copyrighted material in the data used to train AI models.

Zoom, like other tech companies, has intensified its focus on AI products to keep up with the growing interest in the technology. The Open Rights Group, a digital privacy advocacy organization, cautioned against Zoom's approach of launching AI features as a free trial and encouraging customer participation, deeming it more alarming due to potential opacity in its privacy policy.

A spokesperson for Zoom reiterated that customers retain the choice to enable generative AI features and decide whether to share content with Zoom for product improvement. 

The company's Chief Product Officer, Smita Hashim, emphasized that account owners and administrators can opt to activate the features and that those who do so will undergo a transparent consent process for AI model training using customer content. Screenshots displayed warning messages for users joining meetings with AI tools, offering the option to consent or exit the meeting.
Read more »
US-China
Chinese Hackers Cyber Data Cyber Safety Data Safety malware Ransonware Secure Security US-China

Report: Possible Chinese Malware in US Systems a 'Ticking Time Bomb'

 

According to a report by The New York Times on Saturday, the Biden administration has raised concerns about China's alleged implantation of malware into crucial US power and communications networks. The officials fear this could act as a "ticking time bomb" capable of disrupting US military operations in the event of a conflict.

The malware, as reported by the Times, could potentially grant China's People's Liberation Army the capability to disrupt not only US military bases' water, power, and communications but also those of homes and businesses across the country. 

The main concern is that if China were to take action against Taiwan, they might utilize this malware to hamper US military operations.

This discovery of the malware has led to a series of high-level meetings in the White House Situation Room, involving top military, intelligence, and national security officials, to track down and eliminate the malicious code.

Two months prior to this report, Microsoft had already warned about state-sponsored Chinese hackers infiltrating critical US infrastructure networks, with Guam being singled out as one target. 

The stealthy attack, ongoing since mid-2021, is suspected to be aimed at hindering the United States in case of a regional conflict. Australia, Canada, New Zealand, and Britain have also expressed concerns that Chinese hacking could be affecting infrastructure globally.

The White House, in response, issued a statement that did not specifically mention China or military bases. The statement emphasized the administration's commitment to defend the US critical infrastructure and implement rigorous cybersecurity practices.

These revelations come at a tense moment in US-China relations, with China asserting its claim over Taiwan and the US considering restrictions on sophisticated semiconductor sales to Beijing.
Read more »
Subscribe to: Posts (Atom)