In order to provide you the best services, DrGlenn regularly posts articles and new security concerns. Check back often!
Top Benefits of Implementing a Cloud HSM for Enterprise Security
As enterprises continue to navigate the complexities of safeguarding sensitive data, the need for robust encryption and key management solutions has never been more critical. A Cloud Hardware Security Module (HSM) offers a modern approach to enterprise security by combining high-level encryption capabilities with the flexibility and scalability of cloud infrastructure. Here’s a closer look at what Cloud HSM is and the key benefits it brings to organizations. What is Cloud HSM? A Hardware Security Module (HSM) is a specialized physical device used to manage and store encryption keys securely. It plays a vital role in securing data and performing cryptographic operations, such as encryption, decryption, authentication, and digital signing. Traditionally, HSMs are deployed...
Apple Rolls Out Major Security Update to Patch macOS and iOS Flaws
Apple has released security patches for 90 of its services and operating systems, fixing some critical vulnerabilities. This major security update, released on October 29, included all Apple operating systems (macOS, iOS, iPadOS, watchOS, tvOS, visionOS) as well as Apple services such as Safari and iTunes. Apple noted that keeping software up to date is one of the most important things users can do to maintain Apple product security. Some macOS patches fixed critical vulnerabilities. One such vulnerability could allow an attacker to access information about your contacts, read sensitive location information via Apple’s Find My service and leak sensitive kernel state. In another one, a malicious image could lead todenial-of-service (DoS) attacks. A third could lead an attacker to...
Sophos Firewall hardening best practices – Sophos News
At Sophos, your security is our top priority. We have invested in making Sophos Firewall the most secure firewall on the market – and we continuously work to make it the most difficult target for hackers. To enhance your security posture, we strongly encourage you to regularly review and implement these best practices across all your network infrastructure, whether from Sophos or any other vendor. Read on for full instructions or download the Sophos Firewall hardening best practices. Keep firmware up to date Every Sophos Firewall OS update includes important security enhancements – including our latest release, Sophos Firewall v21. Ensure you keep your firmware up to date under Backup & Firmware > Firmware. Check at least once a month for firmware updates in Sophos Central...
ESET Research Podcast: CosmicBeetle
ESET Research Learn how a rather clumsy cybercrime group wielding buggy malicious tools managed to compromise a number of SMBs in various parts of the world 24 Oct 2024 • , 1 min. read Some cybercriminal groups are sophisticated, create advanced schemes, cooperate with other attackers and do everything to stay under the radar. Then there are threat actors like CosmicBeetle – they lack the necessary skills set, write crude malware, yet still compromise interesting targets, and achieve “stealth” by using odd, impractical and overcomplicated techniques. Our guest, ESET senior malware researcher Jakub Souček, talks about his investigation into CosmicBeetle’s toolkit written in Delphi, and the fact that their malware is controlled via graphical user interface (GUI) with buttons and...
Cisco ASA, FTD Software Under Active VPN Exploitation
Cisco has rushed a patch for a brute-force denial-of-service (DoS) vulnerability in its VPN that's being actively exploited in the wild.The medium-severity bug (CVE-2024-20481, CVSS 5.8) resides in the Remote Access VPN (RAVPN) found in the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) software. If exploited, it could allow an unauthenticated, remote attacker to cause a DoS and disruptions within the RAVPN.According to Cisco's advisory on the flaw, the vulnerability can be exploited for resource exhaustion by sending a mass number of VPN authentication requests to an affected device, as a cyberattacker would do in an automated brute-force or password-spray attack."Depending on the impact of the attack, a reload of the device may be required to...
Beyond ChatGPT: The rise of agentic AI and its implications for security
Red teaming an agentic AI system is different from traditional systems. Agentic AI and traditional AI systems are non-deterministic, and scripts will need to be run multiple times. Each time the scripts are run the output will differ. You need to take this variability into account as you test each scenario. You also have to keep in mind that due to the agentic workflow logic, the LLM itself, the variability in prompts and the agent behavior, will result in more variability. You will also experience that executing the same task against the same scenario will respond differently, and you will need to run more tests and test scenarios to cover any potential blind spots. Have your development teams create a map of all rules and flow possibilities through the process. As with any...
Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach – Krebs on Security
Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being “USDoD,” a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI’s InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population. USDoD’s InfraGard sales thread on Breached. The Brazilian news outlet TV Globo first reported the news of USDoD’s arrest, saying the Federal Police arrested a 33-year-old man from Belo Horizonte. According to TV Globo, USDoD is wanted domestically in connection with the theft of data on Brazilian Federal Police officers....
Glimmer Of Good News On The Ransomware Front As Encryption Rates Plummet
No-one would be bold enough to say that the ransomware problem is receding, but a newly-published report by Microsoft does deliver a slither of encouraging news amongst the gloom. And boy do we need some good news - amid reports that 389 US-based healthcare institutions were hit by ransomware last year - more than one every single day. The 114-page Microsoft Digital Defense Report (MMDR) looks at multiple aspects of the cybersecurity landscape, including AI security, denial-of-service attacks, phishing, social engineering, and nation-state threats. But for me one of the most positive findings of the report was the news that the number of ransomware attacks that have successfully encrypted data have plummeted by 300% in the past two years. According to Microsoft's research team,...
FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms
Oct 16, 2024Ravie LakshmananData Privacy / Passwordless The FIDO Alliance said it's working to make passkeys and other credentials more easier to export across different providers and improve credential provider interoperability, as more than 12 billion online accounts become accessible with the passwordless sign-in method. To that end, the alliance said it has published a draft for a new set of specifications for secure credential exchange, following commitments among members of its Credential Provider Special Interest Group (SIG). This includes 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung, and SK Telecom. "Secure credential exchange is a focus for the FIDO Alliance because it can help further accelerate passkey adoption and enhance...
CISA Urges Encryption of Cookies in F5 BIG-IP Systems
The US Cybersecurity and Infrastructure Security Agency (CISA) has urged organizations to address security risks related to unencrypted cookies used in F5 BIG-IP Local Traffic Manager (LTM) systems. According to the agency, cyber threat actors are exploiting these unencrypted persistent cookies to access and map non-internet-facing devices on networks. F5 BIG-IP is a widely used suite of hardware and software solutions designed to manage and secure network traffic. The agency warned that attackers can leverage information from these cookies to identify additional network resources and potentially exploit any vulnerabilities in other connected devices. “A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify...
Sophos Celebrates International Day of the Girl 2024 – Sophos News
Sophos joins the global community in celebrating International Day of the Girl on October 11. This important day highlights the unique challenges and opportunities that girls face around the world, particularly concerning gender inequality in areas such as education, nutrition, legal rights, healthcare, and protection from discrimination. At Sophos, we are committed to advocating for girls’ rights and gender equality, empowering girls to reach their full potential. This year, our Sophos Women in Technology Network (SWiT) is taking significant steps to inspire young women to explore careers in technology. Student Round Table Event in Abingdon In the UK, we welcomed a group of students from a local school to our Abingdon office for a series of engaging activities aimed at...
Cyber insurance, human risk, and the potential for cyber-ratings
Business Security Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people’s financial responsibility? 08 Oct 2024 • , 5 min. read It’s undeniable that cyber insurance and cybersecurity are intrinsically linked. One requires the other, and they are a perfect pairing, even if they may deny the relationship. Looking ahead, however, we probably need to add a third party into the relationship: the business. Now we have everyone in the room, what could the future hold? There are obvious areas of evolution in the relationship. Insurers want to know that cybersecurity is not just turning up for work, but that it is also doing a good job. It’s likely that insurers will want to see this good job in action, in near real-time, and in some...
Your IT Systems Are Being Attacked. Are You Prepared?
COMMENTARYThis summer, a cyberattack disrupted the normal operations of thousands of auto dealerships across the United States, affecting everything from records to scheduling, causing no end to annoyances and leaving hordes of exasperated salespeople and customers at their wits' end.The most recent and dramatic example of hacker success illustrates that IT security must become the first priority at the highest levels of an organization. This modern-day plague shows no sign of subsiding. With each successful attack, hackers become even more emboldened. It's an all-out assault, requiring the corporate equivalent of an all-points bulletin. In short, cybersecurity is not just an IT issue; it's a critical business risk that requires active involvement from the entire C-suite, in...
Hackers steal sensitive customer data from thousands of online stores that use Adobe tools
The bug, with a severity rating of CVSS 9.8 out of 10, can be used to read any files, including passwords and other secrets. “The typical attack strategy is to steal your secret crypt key from app/etc/env.php and use that to modify your CMS blocks via the Magento API,” Sansec said. “Then, attackers inject malicious Javascript to steal your customer’s data.” Combined with another bug (CVE-2024-2961), attackers can also run code directly on customers’ servers and use that to install backdoors, the cybersecurity firm added. Versions of Magento and Adobe Commerce vulnerable to a CosmicSting attack include 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, and 2.4.4-p8 and earlier. Enterprises are advised to immediately patch and apply hotfix for the flow. Source...
A Single Cloud Compromise Can Feed an Army of AI Sex Bots – Krebs on Security
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape. Image: Shutterstock. Researchers at security firm Permiso Security say attacks against generative artificial intelligence (AI) infrastructure like Bedrock from Amazon Web Services (AWS) have increased markedly over the last six months, particularly when someone in the organization accidentally exposes their cloud credentials or key online, such as in a code...
ChatGPT’s false memories, and would an inner critic stop AI hallucinations? • Graham Cluley
In episode 18 of “The AI Fix” our hosts discover that OpenAI’s Advanced Voice mode is too emotional for Europeans, a listener writes a Viking saga about LinkedIn, ChatGPT is a terrible doctor, and the voice of Meta AI takes to Meta’s platforms to complain about Meta AI reading things people post on Meta’s platforms. Mark discovers what Darth Vader really said on Cloud City, Graham rummages through ChatGPT’s false memories, and our hosts find out why AIs need an inner critic. All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley. Hosts: Graham Cluley – @gcluleyMark Stockley – @markstockley Episode links: Support the show: You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us...
Last Week’s Top Threats and Trends (September 23-29)
Sep 30, 2024Ravie LakshmananCybersecurity / Weekly Recap Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android. But it wasn't all good news – Kaspersky's forced exit from the US market left users with more questions than answers. And don't even get us started on the Kia cars that could've been hijacked with just a license plate! Let's unpack these stories and more, and arm ourselves with the knowledge to stay safe in this ever-evolving digital landscape. ⚡ Threat of the Week Flaws Found in CUPS: A new set of security vulnerabilities...
Kids Are Now Using Apps to Create “Deep Fakes” to Bully Others
Parents and caregivers have barely learned about the power of social media platforms and yet now they are finding out that kids are making use of apps that create “deep fakes” for the purpose of bullying other kids. These kids typically know that the “adults” will lag behind in catching them as they realise most parents and those in authority aren’t as aware of the abilities of AI deep fakes as they are. It’s because of this that adults must step up to the plate and take charge to stop these practices. So many have a sense of confusion when it comes to AI. According to Dr. Jennifer Hartstein is a nationally recognised child, adolescent and family psychologist: “Deep fakes are AI-generated content that teenagers are using to bully others. Bullying can present itself in AI as...
SecureNet, JISA Softech Announce Strategic Partnership
JISA Softech and SecureNet have announced a strategic partnership aimed at enhancing data protection and privacy solutions throughout the Middle East and Africa (MEA). This alliance brings together two cybersecurity innovators to deliver advanced technologies that address the region’s stringent data protection regulations. JISA Softech, a pioneer in Hardware Security Modules (HSMs) and data protection solutions, is teaming up with SecureNet, renowned for its cybersecurity expertise. This collaboration will provide businesses with a comprehensive suite of integrated solutions designed to meet the demanding requirements of data protection laws in the UAE and the broader MEA region. Together, JISA Softech and SecureNet are set to ensure that businesses remain secure and compliant in...
New Octo2 Malware Variant Threatens Mobile Banking Security
A new, advanced variant of the Octo malware family, dubbed “Octo2,” has been uncovered, posing a heightened risk to mobile banking users worldwide. According to ThreatFabric analysts, the Octo malware has been one of the most widespread mobile threats in recent years. Octo2 introduces several sophisticated features aimed at improving remote access and evasion capabilities, making it more difficult for security systems to detect. Key Features of Octo2 The primary enhancements in Octo2 focus on increasing the stability of its remote access capabilities, a key feature used in device takeover attacks. ThreatFabric researchers noted that this variant significantly reduces latency during remote control sessions, even under poor network conditions, by optimizing data transmission....