Lifeboat Foundation

Chinese hackers may be behind Sidewalk malware attacks, experts say.

Forward-looking: A team of researchers have devised a new method for protecting SSDs from ransomware attacks. It can detect ransomware, stop it in its tracks, and even recover stolen data in a matter of seconds. The cost should only be a minor increase in the SSD’s latency.

The Register spoke with the researchers, who come from Inha University, the Daegu Gyeongbuk Institute of Science & Technology (DGIST), the University of Central Florida (UCF), and the Cyber Security Department at Ewha Womans University (EWU). The system, called SSD-Insider, is supposedly almost 100 percent accurate and has been tested on real-world ransomware.

Continue reading “Researchers unveil ransomware detection and recovery method for SSDs” »

A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer.

While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid.

This leak is a serious incident as the VPN credentials could allow threat actors to access a network to perform data exfiltration, install malware, and perform ransomware attacks.

AS-REP Roasting is the technique that allows retrieving password hashes for users that have this flag set in Active Directory. Additionally, various cybersecurity and hacking tools allow cracking the TGTs harvested from Active Directory. These include Rubeus and Hashcat.

Using a tool like Rubeus, attackers can find the accounts that do not require preauthentication and then extract the ticket-granting ticket (TGT) data for cracking the password offline.

Data can be transformed into a format that can be cracked by an offline tool such as Hashcat, which can use brute force password cracking against the hashes. This process incorporates the use of a dictionary file for brute-force password guessing.

As the use of facial recognition technology (FRT) continues to expand, Congress, academics, and advocacy organizations have all highlighted the importance of developing a comprehensive understanding of how it is used by federal agencies.

The Government Accountability Office (GAO) has surveyed 24 federal agencies about their use of FRT. The performance audit ran from April2020through August 2021. 16 of the 24 agencies reported using it for digital access or cybersecurity, such as allowing employees to unlock agency smartphones with it, six agencies reported using it to generate leads in criminal investigations, five reported using FRT for physical security, such as controlling access to a building or facility, and 10 agencies said they planned to expand its use through fiscal year 2023.

In addition, both the Department of Homeland Security (DHS) and the Department of State reported using FRT to identify or verify travelers within or seeking admission to the United States, identifying or verifying the identity of non-U.S. citizens already in the United States, and to research agency information about non-U.S. citizens seeking admission to the United States. For example, DHS’s U.S. Customs and Border Protection used its Traveler Verification Service at ports of entry to assist with verifying travelers’ identities. The Traveler Verification Service uses FRT to compare a photo taken of the traveler at a port of entry with existing photos in DHS holdings, which include photographs from U.S. passports, U.S. visas, and other travel documents, as well as photographs from previous DHS encounters.

Recorded Future, an incident-response firm, noted that threat actors have turned to the dark web to offer customized services and tutorials that incorporate visual and audio deepfake technologies designed to bypass and defeat security measures. Just as ransomware evolved into ransomware-as-a-service (RaaS) models, we’re seeing deepfakes do the same. This intel from Recorded Future demonstrates how attackers are taking it one step further than the deepfake-fueled influence operations that the FBI warned about earlier this year. The new goal is to use synthetic audio and video to actually evade security controls. Furthermore, threat actors are using the dark web, as well as many clearnet sources such as forums and messengers, to share tools and best practices for deepfake techniques and technologies for the purpose of compromising organizations.

Deepfake phishing

I’ve spoken with CISOs whose security teams have observed deepfakes being used in phishing attempts or to compromise business email and communication platforms like Slack and Microsoft Teams. Cybercriminals are taking advantage of the move to a distributed workforce to manipulate employees with a well-timed voicemail that mimics the same speaking cadence as their boss, or a Slack message delivering the same information. Phishing campaigns via email or business communication platforms are the perfect delivery mechanism for deepfakes, because organizations and users implicitly trust them and they operate throughout a given environment.

The blockchain Ethereum saw a chain split today as a software bug affected a large quantity of full node clients.

Karim Hijazi is CEO of Prevailion, a cyber intelligence company that monitors and detects active threats by infiltrating hacker networks. Hijazi is also a former director of intelligence for Mandiant and a former contractor for the US intelligence community.

Ransomware has taken the spotlight lately following a string of brazen attacks on major U.S. companies.

And as bad as this kind of malware is, businesses and investors can expect to face a growing number of sophisticated cyber threats that could be even more disruptive and difficult to prevent.

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links.