Security Leftovers
-
Cybercriminals often target supply chains with ransomware: Theuns Kotze, BSI [iophk: Windows TCO]
Ransomware, a malware that prevents or limits users from accessing their system until a ransom is paid, has become increasingly sophisticated, with cybercriminals often targeting supply chains to maximize impact by threatening the entire ecosystem of an organization that impacts multiple businesses. Shipping and Logistics companies are on the radar of cybercriminals. Phishing is the practice of cybercriminals pretending to be legitimate people or organizations to contact target businesses via email, phone, or text message. As a result, to track and monitor cargo, transportation and logistics firms increasingly rely on sensors and internet of things (IoT) gadgets. Cybercriminals have a chance because many businesses do not treat operational and IoT technology with the same level of attention as they do information technology.
-
Australia had the fourth-highest cybercrime density in the world in 2022 finds Surfshark research [iophk: Windows TCO]
There was a very minor 4.8% increase in cybercrime density between 2021 and 2022, but Australia remained the fourth country in the world by cybercrime density in both years.
-
XSAs released on 2023-04-25
The Xen Project has released one or more Xen security advisories (XSAs). The security of Qubes OS is not affected. Therefore, no user action is required.
-
VMware releases Security Advisory VMSA-2023-0008, multiple security vulnerabilities in VMware Workstation and Fusion with CVSS scores ranging from 7.3 - 9.3, please patch. https://www.vmware.com/security/advisories/VMSA-2023-0008.html, (Wed, Apr 26th)
-
VMware Patches Critical Vulnerability Disclosed at Pwn2Own Hacking Contest
VMware this week released patches for a critical vulnerability disclosed at the Pwn2Own Vancouver 2023 hacking contest.
-
Kaspersky Analyzes Links Between Russian State-Sponsored APTs
Kaspersky believes that Russia-linked threat actors Tomiris and Turla are cooperating at least at a minimum level.
-
US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt
Iranian hackers broke into to a system used by a local government to support its election night operations but were kicked out before any attack could be launched, according to U.S. military and cybersecurity officials.
-
Organizations Warned of Security Risk in Default Apache Superset Configurations
Attackers can exploit Apache Superset installations with default configurations to gain administrator access and execute code on servers and databases.
-
Cyber attacks on Latvian public sector quadrupled last year
Last year, the number of cyber-attacks in Latvia increased by 40%, with four times more attacks on public authorities and seven times more searches for different vulnerabilities in the system. Most of these attacks were not noticed by the majority of the public, according to the body “Cert.lv” and the Latvian State Radio and Television Centre (LVRTC), Latvian Radio reported April 26.
-
FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability
Russian cybercrime group FIN7 has been observed exploiting a Veeam Backup - Replication vulnerability patched in March 2023.
-
Strolling through Cyberspace and Hunting for Phishing Sites, (Wed, Apr 26th)
From time to time and as much as my limited time permits, I often explore the Internet and my DShield logs to see if I can uncover any interesting artifacts that suggest nefarious behaviour. Time-driven events such as tax filing are also considered when I perform such hunting activities. I recently discovered one such site masquerading as the Inland Revenue Authority of Singapore (IRAS) and observed some interesting points.
-
Security Risks of AI
Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic.
-
Addressing the Security Risks of AI
Most of that work cited academic studies, as opposed to attacks in the wild. So when Stanford and Georgetown convened a group of experts last summer for a workshop that informed our new report, I specifically asked if there was any doubt that real-world implementations of AI were vulnerable to malicious compromise. Or was this merely a theoretical concern? Uniformly, participants from industry and government—those developing and using AI—agreed that the problem was real. Some pointed out that there are so many vulnerabilities in digital systems that the AI in those systems is not yet an attack vector of choice, but all agreed that, with the continued incorporation of AI models into a wider range of use cases, the frequency of deep learning-based attacks will grow. Moreover, all agreed the time to begin addressing the problem is now, as new systems are being designed and new deployments are occurring. (It actually would have been better to start years ago, before AI technologies had begun to be deployed in a wide range of commercial and government contexts, but now is second best.)