Cyber Security News

MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days Following the discovery of the breach, MITRE took the NERVE environment offline and launched an investigation. The organization determined that the attack involved exploitation of two Ivanti Connect Secure VPN device vulnerabilities for initial access. Cyber_Security_Channel

ARTIFICIAL INTELLIGENCEUS-China Competition to Field Military Drone Swarms Could Fuel Global Arms Race The world’s only AI superpowers are engaged in an arms race for swarming drones that is reminiscent of the Cold War, except drone technology will be far more difficult to contain than nuclear weapons. Because software drives the drones’ swarming abilities, it could be relatively easy and cheap for rogue nations and militants to acquire their own fleets of killer robots. The Pentagon is pushing urgent development of inexpensive, expendable drones as a deterrent against China acting on its territorial claim on Taiwan. Washington says it has no choice but to keep pace with Beijing. Chinese officials say AI-enabled weapons are inevitable so they, too, must have them. Cyber_Security_Channel

Personal Information of Parents, staff at 127 Schools Accessed in Data Security Breach Mobile Guardian is a device management app (DMA) installed on personal learning devices used by students, like iPads and Google Chromebooks. The app enables parents to manage students’ device usage by restricting applications or websites and screen time. Cyber_Security_Channel

‘Meta is out of options’: EU Regulators Reject its Privacy Fee for Facebook and Instagram Meta has tried using various legal justifications for scooping up and processing European users’ personal data over the years since the General Data Protection Regulation (GDPR) came into force in 2018 — with each being successively shot down by regulators as being an unacceptable reading of the privacy law. Cyber_Security_Channel

Quantum-Proof Encryption May not Actually Stop Quantum Hackers Quantum computers threaten to one day crack the widely used encryption algorithms that keep banking, email and other data safe, so researchers having been working to develop “post-quantum” algorithms to replace them. Many of these are based on “lattice problems”, an area of mathematics that involves regular patterns, or lattices, in space. Cyber_Security_Channel

DDoS Attacks Are Still Growing and There Are New Threats On the Horizon In aggregate, HTTP DDoS attacks remain (just about) the leading form of attacks, accounting for 37% of all DDoS attacks. DNS DDoS attacks make up 33%, and the remaining 30% is left for all other types of L3/4 attacks, such as SYN Flood and UDP Floods. Cyber_Security_Channel

3 Steps Executives and Boards Should Take to Ensure Cyber Readiness A company's response to a crisis is a direct reflection of its preparedness. Rather than focus solely on what happens during and after a cyber incident, executives and leadership teams must first understand that the period preceding an event is most critical. Cyber_Security_Channel

Growing macOS Adoption Opens the Door to Increasingly Sophisticated TCC-based Attacks The report noted that growing numbers of businesses are adopting Mac systems and that this increased corporate market share is inviting an increased volume of attacks. Cyber_Security_Channel

Web3 Game Developers Targeted in Crypto Theft Scheme "The targeted nature of this campaign suggests that threat actors may perceive Web3 gamers as having a more acute vulnerability to social engineering, due to an assumed trade-off in cyber hygiene — meaning that Web3 gamers may have fewer protections in place against cybercrime — in the pursuit of profit," according to the report. Cyber_Security_Channel

FBI Warns of Massive Toll Services Smishing Scam The FBI also recommended anyone receiving similar messages to check their account on the legitimate toll service’s website or call its customer service number, to see if they do indeed owe money or not. Cyber_Security_Channel

Critical Infrastructure Security: Observations From the Front Lines However, as someone who works on the front lines of critical infrastructure security, I believe that, rather than panicking about Volt Typhoon and the threats the group represents, we should focus on several positives. Cyber_Security_Channel

AT&T Confirms Data Breach Affecting Over 51 Million Customers TechCrunch reported a subset of the leaked data had first surfaced online three years ago, but AT&T did not take any significant action at that time. It was only after the complete dataset was published that the company acknowledged the breach and began taking steps to mitigate the potential risks to its customers. Cyber_Security_Channel

Google Cloud Unveils Custom Arm AI Chip. Nvidia Stock Falls Google Cloud offers our AI Hypercomputer, an architecture that combines our powerful TPUs, GPUs, AI software and more to provide an efficient and cost effective way to train and serve models. Cyber_Security_Channel

25 Cybersecurity AI Stats You Should Know This is what the list looks like: 1. Security pros are cautiously optimistic about AI. 2. AI abuse and misinformation campaigns threaten financial institutions. 3. Enterprises increasingly block AI transactions over security concerns. 4. Scammers exploit tax season anxiety with AI tools. 5. Advanced AI, analytics, and automation are vital to tackle tech stack complexity. 6. Today’s biggest AI security challenges. 7. AI tools put companies at risk of data exfiltration. Read further in the following article — find the link here. Cyber_Security_Channel

Apple’s New iOS 18 AI Plans—What To Know About Data Privacy The iOS 18 rumor mill has been in full swing for months now, with other iPhone features including design changes and a more customizable home screen. Meanwhile, Apple Maps is adding support for customizable routes and messaging standard RCS will be added to iPhones. At least one of the new iOS 18 AI features—Encrypted Visual Search—seems to have security at its core and this is very typical of Apple. I expect to see a bunch of AI features on your iPhone when iOS 18 launches this year, but I do think Apple will carefully consider security and privacy. After all, it has a reputation to protect. Cyber_Security_Channel

LastPass Users Hit by Major Phishing Scam: Master Passwords Breached One of LabHost’s main services was to help hackers create a fake website that looked just like the legitimate one so that users could be tricked into entering their login credentials. That’s exactly what happened in this scenario with LastPass. Cyber_Security_Channel

Simbian Emerges From Stealth With $10 Million to Build Autonomous AI-Based Security Platform Simbian is focusing on the economic benefit of automated security rather than the full potential benefit of autonomous security. “Users provide their goal and business context in natural language,” says the firm, “and Simbian’s patent-pending LLM-powered platform provides personalized recommendations and generates automated actions across heterogeneous environments.” The argument is that human experts will be relieved from tedious tasks, and business will need fewer of those expensive humans. Cyber_Security_Channel

Hackers Are Using Windows Script Files to Spread Malware and Wwerve Antivirus Software WSF files used in the attack were uploaded to a number of malicious domains controlled by the hackers, but Schläpfer was unable to identify how victims were being lured to the dangerous URLs, speculating spam or a malvertising campaign. The file contains the malicious script as well as long strings of ‘junk characters’ used to try and conceal the real threat. The script itself is heavily obfuscated too, where all functions and variables are encoded and decoded using an array. Cyber_Security_Channel

DuckDuckGo Launches Privacy Pro: A New Subscription Service Focused on Enhanced Online Privacy DuckDuckGo’s decision to offer Privacy Pro stems from its commitment to user privacy, aligned with its business ethos. The company has traditionally provided several privacy tools for free, funded by non-intrusive advertising. However, some advanced features like a VPN require more resources, justifying the move towards a paid subscription model. This approach allows DuckDuckGo to maintain its privacy-focused offerings while introducing enhanced capabilities that necessitate additional investment in infrastructure and technology. Cyber_Security_Channel

SentinelOne Announces Purple AI for Enhanced Cybersecurity Efficiency Purple AI is a significant upgrade in the cybersecurity landscape. It makes threat hunts, investigations, and responses faster and simpler, empowering security teams to deliver enhanced defence, savings, and efficiency. Purple AI is packed with features far surpassing those of a conventional security chatbot or console search box. It facilitates complex query simplification and streamlines investigations using natural language translations, and it allows analysts to have a normalised view of native and partner data. The platform also aids in the discovery and mitigation of hidden risks using pre-populated Purple AI Threat Hunting Quick Starts for single-click investigations. Cyber_Security_Channel