Cybercriminals Use Evilginx To Bypass MFA… Gmail, Outlook, Yahoo Among Top Targets

Posted in Commentary with tags on September 19, 2024 by itnerd

Abnormal Security has released its latest blog reporting on how cybercriminals use Evilginx to bypass multi-factor authentication (MFA) in attacks targeting Gmail, Outlook, Yahoo, and more. 

Evilginx, a tool commonly used in phishing attacks, operates as a middleman between users and legitimate websites. It intercepts and manipulates traffic, allowing cybercriminals to steal login credentials, session cookies, and other sensitive information. 

Attackers typically configure Evilginx to mimic high-value targets such as online banking portals, cloud service providers, email platforms, and social media sites. These sites often rely on MFA as a security measure, and the tool offers a way to bypass that protection. 

Abnormal shows a custom price list for these configurations, including brands/services (LinkedIn, Intuit, Telegram, GitHub, Airbnb, and the previously mentioned email platforms), price, website, login URL, and details. Evilginx has also become a service that cybercriminals sell to each other. 

Abnormal Security’s research team demonstrates:

  • Why Evilginx has become a valuable tool for cybercriminals involved in phishing campaigns
  • What is the potency of the tool in real-world cyber espionage and nation-state-sponsored hacking
  • How organizations can protect themselves against AiTM Attacks

You can read the blog entry here.

Leave a comment »

API and Bot Attacks Cost Businesses $186 Billion Annually

Posted in Commentary with tags on September 18, 2024 by itnerd

A new report from Imperva Inc., reveals that API and bot attacks are costing businesses up to $186 billion annually as incidents surge. The report, titled “Economic Impact of API and Bot Attacks,” shares analysis of over 161,000 cybersecurity incidents. Conducted in conjunction with a study by the Marsh McLennan Cyber Risk Intelligence Center, the report highlights how large organizations with over $1 billion in revenue are two to three times more likely to experience automated API abuse by bots compared to smaller companies.

The report points to the sheer volume of APIs as a key vulnerability. On average, enterprises managed 613 API endpoints in 2022, exposing them to increasing risks as API ecosystems expand. Imperva Threat Research found that automated threats accounted for 30% of all API attacks in 2023, contributing to losses of up to $17.9 billion annually from API bot abuse.

Nanhi Singh, general manager of application security at Imperva, emphasized the urgency, stating, “It’s imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden.” Singh warns that without proactive measures, the economic toll from these automated threats will continue to rise as API ecosystems grow and bots evolve.

George McGregor, VP, Approov Mobile Security had this to say:

  “It would have been interesting to see specific analysis of the economic impact of mobile originating bots which are a growing threat to APIs. These are hard to stop using back-end security techniques because of a lack of visibility to contextual information about use of mobile apps and devices. 

  “Blocking mobile bots and botnets effectively requires methods that capture detailed information about the devices and apps which originate requests to APIs. Also, there is limited coverage of applying a Zero Trust approach to API security where every request is validated in real time using contextual information.”

With the amount of money that is lost due to bots, this is a today problem that needs to be addressed in a meaningful way and done so quickly. Because this is a problem that is only going to get worse.

Leave a comment »

CISA announces “FOCAL”

Posted in Commentary with tags on September 18, 2024 by itnerd

This week, CISA announced a new plan to align the “collective operational defense capabilities” of over 100 US central Government agencies outside defense to reduce their cyber-risk.

CISA notes in the plan that there is currently “no cohesive or consistent baseline security posture” across agencies, which fails to consider the current threat environment and the complex digital ecosystem.

The plan, known as FOCAL, for Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment, sets out both “broad organizing concepts for federal cybersecurity” and tactical guidance agencies should implement in the coming year. It covers five areas of cybersecurity including:

  1. Asset management
  2. Vulnerability management
  3. Defensible architecture
  4. Cyber supply chain risk management
  5. Incident detection and response

While CISA stresses that each FCEB agency has its own mission, supported by its own networks and systems, with standardization and consistency, CISA also believes that a collective approach to cybersecurity will further reduce risks across all federal cyber defenses as agencies interact with each other and share data.

Emily Phelps, Director, Cyware had this to say:

  “CISA’s FOCAL plan highlights the value of collective defense in securing the federal cyber landscape. This approach leverages the strengths and knowledge of each entity to build a more robust defense against evolving threats. The interconnected nature of today’s digital ecosystem means that vulnerabilities in one area can ripple across others, making a collective defense strategy essential for reducing risk. By fostering collaboration, information sharing, and standardization, agencies can more effectively defend against sophisticated cyber adversaries while reinforcing the overall security of the nation’s critical infrastructure.”

Stephen Gates, Principal Security SME, Horizon3.ai follows with this:

  “This initiative is not just necessary—it’s long overdue. Now is the time to embrace a proven strategy that aligns with the five key objectives outlined in the plan. Organizations must begin by assessing their own environments, using the same tactics, techniques, and procedures (TTPs) that adversaries use. This ensures they’re effectively managing high-risk assets, identifying and mitigating exploitable vulnerabilities, and fortifying their architectures. This approach should extend to their supply chain, ensuring partners meet the same standards, and that incident detection and response systems are proven to be fully operational.”

This is a good move by the CISA who has a history of coming up with good initiatives to improve cybersecurity inside and outside government. This is something that seriously needs to be copied by the private sector as I think you will see that this is going to be highly effective in terms of deterring cyberattacks.

Leave a comment »

Why Is LinkedIn Opting Me Into Training Its AI By Using My Data BY DEFAULT????

Posted in Commentary with tags on September 18, 2024 by itnerd

I have to admit that LinkedIn really screwed this up and trusting them going forward is going to be difficult. 404 Media is reporting the following:

LinkedIn is using its users’ data for improving the social network’s generative AI products, but has not yet updated its terms of service to reflect this data processing, according to posts from various LinkedIn users and a statement from the company to 404 Media. Instead, the company says it will update its terms “shortly.”

The rest of this is paywalled. But this one paragraph alone will make you say “WTF? Not only that, if you look on your LinkedIn app, you’re opted into this by default:

I got to this screen by going to my LinkedIn App and going to:

  • Account
  • Settings and Privacy
  • Data Privacy
  • Data for Generative AI Improvement

I don’t know which bothers me more. The fact that they want to use my data without having their terms of service reflect that, or that I’ve been opted into this which forces me to opt out rather than given the choice to opt in. The fact is clear that were it not for 404 Media, I would have had no clue and LinkedIn would have been using whatever data I have on LinkedIn forever. That seems wrong on so many levels, and needs to be called out. Or in my case, I need to push this out via this blog so that people see this and decide if this is LinkedIn being an honest broker, or if they were doing something that on the surface appears to be kind of shady.

Leave a comment »

HYAS Infosec Integrates With ConnectWise Through Invent Program

Posted in Commentary with tags on September 18, 2024 by itnerd

HYAS Infosec today announced the completion of all necessary security certifications as required by ConnectWise, the world’s leading software company dedicated to the success of Managed Service Providers (MSPs). To directly integrate with ConnectWise APIs and platform through Invent, integrators must pass an independent security review that ensures their integration is safe and secure. 

This collaboration through the ConnectWise Invent program will enable MSPs to address critical market challenges head-on with an award-winning and leading cyber-resiliency solution with proven correctness. Protective DNS is now recommended by CISA and the NSA and is becoming an integral part of multiple standards being deployed around the world to address the onslaught of continual new cyber-attacks that evade traditional detection. By embedding and integrating HYAS Protect into the ConnectWise ecosystem, MSPs will benefit from a more comprehensive and complete security posture, effectively mitigating cyber threats and operational risks.

The ConnectWise Invent program is a robust and secure integration program for MSPs seeking to merge their solutions with groundbreaking software from ConnectWise. The program strives to support MSPs globally in growing their businesses by harnessing the power of innovative technologies and by fostering mutual productivity, including Tier 1 integration support from ConnectWise. 

For more information on HYAS Infosec visit: https://marketplace.connectwise.com/vendors/hyas-infosec/hyas-protect/

Leave a comment »

TELUS Launches SmartEnergy To Help Canadians Manage Their Home Energy Use

Posted in Commentary with tags on September 18, 2024 by itnerd

TELUS is launching SmartEnergy, a global-first solution that helps customers save money on their energy bills and reduce their environmental footprint, all through one simple app with incredible incentives on smart devices. By connecting compatible smart devices like thermostats and plugs to TELUS’ intuitive SmartHome+ app, subscribers can:

  • Save up to 15 per cent on energy bills by automating home temperature settings, powering down unused devices, and creating personalized routines.
  • Monitor home energy consumption with daily, weekly, monthly or yearly insights, including tips to maximize savings. 
  • Participate in energy saving events to reduce strain on the energy grid during peak usage times by automatically powering down connected devices or temporarily adjusting the thermostat temperature, all while earning TELUS Rewards for contributing to a healthier planet. 

Looking ahead, TELUS will be connecting even more smart devices to the SmartHome+ app, including EV chargers and home solar, so that customers can unlock additional savings and manage all of their home automation, security and Internet services right from their fingertips. TELUS is also working with Canadian utilities to support grid demand response programs, which is critical during extreme cold or hot weather that drives up demand and can result in unplanned shortages or outages. 

To further benefit the environment, TELUS is planting four trees per year on behalf of each SmartEnergy subscriber. Over the past two decades, TELUS has planted 12.7 million trees and counting, and is committed to restoring our forests now, and for future generations. 

The service is now available to all Canadians outside of Quebec, where SmartEnergy is expected to launch in the near future. Canadians don’t need to be an existing TELUS customer to sign-up for SmartEnergy. Subscribe today for just $12 per month, plus for a limited time, new subscribers can receive a smart thermostat and two smart plugs for a one-time charge of $25, which represents more than $250 in savings.  

For more information about SmartEnergy and to subscribe, visit telus.com/smartenergy.

Leave a comment »

Salesforce Announces $50 Million Initiative to Address Urgent AI Skills Gap

Posted in Commentary with tags on September 18, 2024 by itnerd

As well, in response to a critical skills gap in the workforce, Salesforce is launching a $50 million initiative to provide free AI training and certifications through its Trailhead platform – including pop-up AI centres for in-person community AI training – until the end of 2025.

Why This Matters:

Recent research from Slack reveals that the urgency for incorporating AI into business operations has surged 7x in the past six months, surpassing concerns about inflation and the broader economy. Yet, over two-thirds of workers still lack experience with AI technology, and only 15% feel adequately trained to use it effectively. Accessibility of impactful training is needed to ensure all workers are able to harness the power of AI.

Salesforce’s Response:

  • Free AI Training: Salesforce is offering its premium AI courses and certifications at no cost to help bridge this skills gap.
  • New Learning Centers: A pop-up AI Center will debut at Salesforce’s San Francisco headquarters, with additional centers planned for global cities including London, Chicago, Tokyo, and Sydney.
  • Employee Upskilling: The company will also introduce global AI learning days and establish the AI Knowledge Center in San Francisco to enhance the skills of its 72,000 employees.

This initiative is designed to ensure that individuals and businesses are prepared for the rapidly evolving AI landscape. For more details please find the full announcement here.

Leave a comment »

Chrome Extension Hides Malware To Steal Cryptocurrency

Posted in Commentary with tags on September 18, 2024 by itnerd

The Cybernews research team discovered a threat actor defrauding hundreds of people per month through a simple information-stealing browser extension on the Chrome Web Store, called SpiderX

Despite obvious malicious intent, it has not yet been detected by antivirus software.

SpiderX can gather plaintext login information, take screenshots, and track browsing history. The threat actor created an infrastructure containing dozens of malicious internet addresses and WhatsApp accounts to lure victims into downloading the extension. 

“Despite amateurish execution and carelessness, the threat actor is sending tens of thousands of spam emails per month and has an infection rate of 1%. At the time of discovery, there were over 500 infected victims, and the campaign is still ongoing,” Cybernews researchers said.

The campaign targets crypto users

The scheme starts by sending spam from domains impersonating cryptocurrency recovery agencies, trading platforms, wallets, or even the Financial Conduct Authority.

Some variations of the spam messages and websites used in the malicious campaign directed users to contact the threat actor via WhatsApp, while others directed them to download Chrome extensions and install them manually. 

Once installed, it takes screenshots of the victim’s screen, gathers plaintext login information from forms on various websites, and exfiltrates the browsing history.

Poor operational security exposes the hacker

The malicious campaign was identified due to the lack of operational security measures and software misconfigurations.  

“It appears that before launching the campaign, the threat actor set up and tested the infrastructure using their email, IP address, and other personal information,” Cybernews researchers said. “This data leads to a person in Israel.”

To access the full research, visit: https://cybernews.com/security/chrome-extension-hides-new-malware-to-steal-crypto/

Leave a comment »

DMZ Launches Advisory Council

Posted in Commentary with tags on September 18, 2024 by itnerd

DMZ, a global startup ecosystem, announced its new Advisory Council. This dynamic group of visionary leaders will guide DMZ through an ambitious phase of growth and innovation, enhancing support for startups and reinforcing DMZ’s role as a leading incubator in both national and global entrepreneurial ecosystems. 

Officially announced yesterday at DMZ’s headquarters in Toronto, the new Advisory Council will unlock new opportunities, forge strategic partnerships and solidify DMZ as an ecosystem developer. Renowned for its world-leading Incubator, unparalleled community, an investment arm and a global network of strategic joint ventures, DMZ equips founders to build, validate and scale impactful startups while also producing skilled professionals for the innovation economy through expert-led courses. 

DMZ’s new Advisory Council members bring exceptional expertise and represent diverse industry backgrounds, including sports, financial services, entertainment and notable Canadian startup successes. Their collective experience and networks will create new opportunities for DMZ and its startups. DMZ welcomes the following new members to its Advisory Council: 

  • Brett Mooney, President & CEO, Amex Canada 
  • Carole Saab, CEO, Federation of Canadian Municipalities 
  • Donette Chin-Loy Chang, Incoming Chancellor, Toronto Metropolitan University 
  • Keshia Chanté, Award-Winning Singer & TV Host, NACO Ambassador 
  • Mat Mehrotra, Chief Digital Officer & Head of Canadian Products, North American Personal & Business Banking, BMO Financial Group 
  • Michael Bartlett, President & CEO, Canada Basketball 
  • Michael Tamblyn, CEO, Rakuten Kobo 
  • Mike Murchison, CEO & Co-Founder, Ada 
  • Nabeela Elsayed, HR & Operations Executive, Advisor & Coach, The Marshall Goldsmith Group 
  • Noura Sakkijha, CEO, Mejuri 
  • Pierre Boutin, CEO & Group Managing Director, Volkswagen Group Ireland 
  • Ritu Khanna, Vice President, Global Partnerships, Shopify 

DMZ welcomes the following returning members to its Advisory Council:

  • Agnes Hilkene, Executive Director, The George & Helen Vari Foundation 
  • David Walmsley, Editor in Chief, The Globe and Mail 
  • Mohamed Lachemi, President and Vice Chancellor, Toronto Metropolitan University 
  • Peter Bowie, Independent Director  

DMZ’s inaugural Advisory Council was first launched in September 2016 with 18 members, who all played a pivotal role in making DMZ the national benchmark for incubating tech startups and expanding operations globally.    

DMZ’s new Advisory Council members were selected from an open invitation last fall by Arlington Partners, a management consulting firm that specializes in board advisory services. For more information on DMZ’s Advisory Council head to dmz.to/Advisory-Council 

Leave a comment »

Cyber Threat Researcher Uncovers Expansive UK/EMEA Quishing Parking Scam

Posted in Commentary with tags on September 18, 2024 by itnerd

Earlier this month, RAC issued an alert warning UK motorists to be wary of threat actors utilizing QR code stickers luring them to malicious websites. These sites are designed to impersonate parking payment providers to exfiltrate personal data and payment information.

Netcraft has released its latest research diving into the recent surge in QR code parking scams in the UK and through Europe. The research provides insight into the criminals behind the attack while their behaviours and characteristics reveal the scale and strategic approach being used. 

Insights include: 

  • At least two threat groups identified, one of which Netcraft can link to customs tax and postal scams carried out earlier this year. 
  • Up to 10,000 potential victims identified visiting this group’s phishing websites 
  • At least 2,000 form submissions, indicating how much personal data has been extracted from victims, including payment information. 
  • Evidence suggesting the group is running activity across Europe, including France, Germany, Italy, and Switzerland.

You can get more details here.

Leave a comment »

« Older Entries
Newer Entries »