This posting is here to collect cyber security news in October 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in October 2024.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
309 Comments
Tomi Engdahl says:
North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft
The Lazarus APT created a deceptive website that exploited a Chrome zero-day to install malware and steal cryptocurrency.
https://www.securityweek.com/north-korean-hackers-exploited-chrome-zero-day-for-cryptocurrency-theft/
Tomi Engdahl says:
‘Deceptive Delight’ Jailbreak Tricks Gen-AI by Embedding Unsafe Topics in Benign Narratives
Deceptive Delight is a new AI jailbreak that has been successfully tested against eight models with an average success rate of 65%.
https://www.securityweek.com/deceptive-delight-jailbreak-tricks-gen-ai-by-embedding-unsafe-topics-in-benign-narratives/
Palo Alto Networks has detailed a new AI jailbreak method that can be used to trick gen-AI by embedding unsafe or restricted topics in benign narratives.
The method, named Deceptive Delight, has been tested against eight unnamed large language models (LLMs), with researchers achieving an average attack success rate of 65% within three interactions with the chatbot.
AI chatbots designed for public use are trained to avoid providing potentially hateful or harmful information. However, researchers have been finding various methods to bypass these guardrails through the use of prompt injection, which involves deceiving the chatbot rather than using sophisticated hacking.
The new AI jailbreak discovered by Palo Alto Networks involves a minimum of two interactions and may improve if an additional interaction is used.
The attack works by embedding unsafe topics among benign ones, first asking the chatbot to logically connect several events (including a restricted topic), and then asking it to elaborate on the details of each event.
For instance, the gen-AI can be asked to connect the birth of a child, the creation of a Molotov cocktail, and reuniting with loved ones. Then it’s asked to follow the logic of the connections and elaborate on each event. This in many cases leads to the AI describing the process of creating a Molotov cocktail.
Tomi Engdahl says:
New Fortinet Zero-Day Exploited for Months Before Patch
A Fortinet zero-day tracked as CVE-2024-47575 and named FortiJump has been exploited since at least June 2024.
https://www.securityweek.com/new-fortinet-zero-day-exploited-for-months-before-patch-release/
Tomi Engdahl says:
Google Warns of Samsung Zero-Day Exploited in the Wild
A zero-day vulnerability in Samsung mobile processors has been abused as part of an exploit chain for arbitrary code execution.
https://www.securityweek.com/google-warns-of-samsung-zero-day-exploited-in-the-wild/
A zero-day vulnerability in Samsung’s mobile processors has been leveraged as part of an exploit chain for arbitrary code execution, Google’s Threat Analysis Group (TAG) warns.
Tracked as CVE-2024-44068 (CVSS score of 8.1) and patched as part of Samsung’s October 2024 set of security fixes, the issue is described as a use-after-free bug that could be abused to escalate privileges on a vulnerable Android device.
“An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920. A use-after-free in the mobile processor leads to privilege escalation,” a NIST advisory reads.
Samsung’s scarce advisory on CVE-2024-44068 makes no mention of the vulnerability’s exploitation, but Google researcher Xingyu Jin, who was credited for reporting the flaw in July, and Google TAG researcher Clement Lecigene, warn that an exploit exists in the wild.
Tomi Engdahl says:
Wall Street Journal:
Sources: Elon Musk has been in regular contact with Vladimir Putin since late 2022; Putin asked Musk to not activate Starlink in Taiwan as a favor to Xi Jinping — Regular contacts between world’s richest man and America’s chief antagonist raise security concerns; topics include geopolitics, business and personal matters
Elon Musk’s Secret Conversations With Vladimir Putin
Regular contacts between world’s richest man and America’s chief antagonist raise security concerns; topics include geopolitics, business and personal matters
https://www.wsj.com/world/russia/musk-putin-secret-conversations-37e1c187?st=36C5QZ
Tomi Engdahl says:
Lawrence Abrams / BleepingComputer:
UnitedHealth says over 100M people had their data stolen in the February ransomware attack on Change Healthcare, the largest-ever US healthcare data breach — UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen …
https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/
Tomi Engdahl says:
Kyle Wiggers / TechCrunch:
Concentric AI, which helps companies secure and track sensitive data, raised a $45M Series B, bringing its total funding to $67M
Concentric helps companies keep track of their sensitive data
https://techcrunch.com/2024/10/24/concentric-helps-companies-keep-track-of-their-sensitive-data/
Enterprises have a data inventory problem. The amount of data they’re collecting and storing is increasing, and that data is being spread across disparate storage buckets. Yet many organizations rely on processes that essentially amount to pencil-and-paper methods for tracking data provenance. According to one survey, more than 50% of companies use Excel spreadsheets in their data privacy and compliance efforts.
Karthik Krishnan, Shankar Subramaniam, and Madhu Shashanka thought they might have the engineering chops to build something to make this easier for companies. The trio had cut their teeth in cybersecurity: Years ago, Subramaniam and Shashanka had recruited Krishnan as one of the first employees at their behavioral analytics startup, Niara.
A few years after Hewlett Packard acquired Niara, the trio began sketching out ideas for an enterprise data management tool. They envisioned a product that could catalog a company’s critical data — including information stored in infrequently accessed places — and automatically flag any data that’s at risk of compromise.
“We hoped to solve one of the most pressing data security challenges facing the modern enterprise,” Krishnan told TechCrunch. “That is: identifying and securing business-critical information within structured and unstructured data, stored on-premises or in the cloud, at scale.”
Tomi Engdahl says:
David E. Sanger / New York Times:
The Biden administration issues the first-ever National Security Memorandum on AI, detailing how the Pentagon and intel agencies should use and protect AI
https://www.nytimes.com/2024/10/24/us/politics/biden-government-guidelines-ai.html?unlocked_article_code=1.Uk4.NA6q.sreB_UhMnV65&smid=url-share
Tomi Engdahl says:
Max Ufberg / Fast Company:
A profile of and an interview with CISA Director Jen Easterly, as the agency ramps up efforts to protect the US elections from cyberattacks and misinformation
This agency is tasked with protecting elections from cyber attacks. If Trump wins, it could be in danger
https://www.fastcompany.com/91212013/cisa-jen-easterly-election-balancing-act
While many Democrats would like to see CISA director Jen Easterly ramp up the focus on misinformation around the election, Republicans would prefer she stay on the sidelines. That presents a nearly impossible balancing act.
The Senate voted unanimously in her favor, with Mike Gallagher, the Republican congressman from Wisconsin, praising her “incredible” qualifications at the hearing. Following the Senate’s unanimous vote, Homeland Security Secretary Alejandro Mayorkas called her a “brilliant cybersecurity expert.”
Of course, CISA is housed under the Department of Homeland Security, so Mayorkas’s flattery was a foregone conclusion. CISA is tasked with enforcing cybersecurity and protecting American infrastructure across all levels of government. The agency is responsible for keeping some of our most vital systems—power grids, transportation networks, administrative websites, and everything in between—safe from private and nation-state hackers. It is also charged with overseeing the security and integrity of elections. And it’s this area that’s now fueled a somewhat predictable political divide on Capitol Hill, with misinformation—and Easterly—at the center of the controversy.
CISA was, for a time at least, actively monitoring voting-related misinformation on social media, which it deemed a threat to election security, and thus squarely in its purview. Those efforts prompted by-now-familiar accusations of government overreach from a number of prominent Republicans
At the same time, some Democrats have been pushing for CISA to ramp up its election security efforts, namely by taking a more active role in policing misinformation, particularly on social media platforms. Those competing visions put Easterly in an uncomfortable bind: trying to placate both sides while, in the background, insiders worry that the agency might be totally disempowered and defunded under another Trump presidency.
Tomi Engdahl says:
Venäläinen hakkeriryhmä kylvää kaaosta – Uhka on vakava
Venäläinen hakkeriryhmä kylvää tällä hetkellä kaaosta internetiin kytköksissä olevien, suojaamattomien laitteiden kautta.
https://www.iltalehti.fi/digiuutiset/a/095126ea-0cee-4db2-9eb5-2bb7e51a9e7f
Yhdysvaltain ja Ison-Britannian hallitukset varoittavat massiivisesta, käynnissä olevasta Venäjän kampanjasta, joka hyödyntää tunnettuja haavoittuvuuksia.
NSA:n, FBI:n ja NCSC:n mukaan Venäjän palkkaamat hakkerit etsivät tilaisuuksia tällä hetkellä joka puolelta. Asialla on tiedustelupalveluiden mukaan APT29, sama hakkeriryhmä, joka oli Solarwinds-hyökkäyksen taustalla.
Asiasta raportoi muun muassa The Register.
Venäjän ulkomaantiedustelu ja sen palkkaamat hakkerit etsivät koko ajan internetiin yhteydessä olevia järjestelmiä, joiden suojaus on heikko tai sitä ei ole lainkaan.
– Toisin kuin kohdennetummissa operaatioissa, massiivinen skannaus ja opportunistinen hyväksikäyttö koskevat käytännössä mitä tahansa organisaatiota, jolla on haavoittuvia järjestelmiä, virastojen tiedotteessa sanotaan.
Varoituksen yhteydessä on lista 24:stä yleisestä haavoittuvuudesta (CVE), joita venäläiset ovat tykänneet käyttää tähän asti. Osa niistä on tietoturvan asiantuntijoilla hyvin tiedossa, kuten Ciscon iOS-ohjelmistoon kohdistettu CVE-2023-20198 tai Jetbrains Teamcity-sovelluksessa havaittu CVE-2023-42793.
Jenkki- ja brittivirastojen mukaan on tiettyjä toimenpiteitä, joita jokaisen mahdollisen uhrin tulisi tehdä hyökkäyksiltä säästyäkseen.
US and UK govts warn: Russia scanning for your unpatched vulnerabilities
Also, phishing’s easier over the phone, and your F5 cookies might be unencrypted, and more
https://www.theregister.com/2024/10/12/russia_is_targeting_you_for/
If you need an excuse to improve your patching habits, a joint advisory from the US and UK governments about a massive, ongoing Russian campaign exploiting known vulnerabilities should do the trick.
In a joint release [PDF] by the US National Security Agency, FBI, Cyber National Mission Force and UK National Cyber Security Centre (NCSC), the agencies warned that hackers linked to Russia’s Foreign Intelligence Service (SVR) have been aggressively looking for targets of opportunity of late.
The group behind the campaign is none other than APT29, the same crew that pulled off the SolarWinds hack. In other words, this is a serious threat.
“SVR cyber operators consistently scan Internet-facing systems for unpatched vulnerabilities,” the agencies said. “This mass scanning and opportunistic exploitation of vulnerable systems, as opposed to more targeted operations, increase the threat surface to include virtually any organization with vulnerable systems.”
Tomi Engdahl says:
Intelsat is conducting a comprehensive analysis to determine the cause of the satellite failure. https://link.ie.social/ArhvPL
Boeing-built satellite blows up into bits in space, cutting comms for 3 continents
The destruction of the iS-33e satellite has prompted immediate action from both Intelsat and Boeing.
https://interestingengineering.com/space/boeing-built-satellite-breaks-up-in-orbit?utm_source=facebook&utm_medium=article_image&fbclid=IwY2xjawGIqztleHRuA2FlbQIxMQABHc6Co2TKJD-0AD_jKA9j1mz7JNSGscMWN4KrrIpXhehfgOtx2CfF6q1Anw_aem_xJ5MVPmrvKdIiRw_7fSZ-g
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/whatsapp-now-encrypts-contact-databases-for-privacy-preserving-synching/?fbclid=IwY2xjawGIq_JleHRuA2FlbQIxMQABHS_w9PcDvIBpv5WzNKp054piyV4Z62M-pPV45PcK06IUBxbD9glTfH2Cow_aem_JhF6kYxeNxXInglkB-HJJg
Tomi Engdahl says:
Nordea palvelunestohyökkäyksen kohteena – pankkipalvelut jumissa
Osa käyttäjistä ei pääse kirjautumaan mobiili- tai verkkopankkiin.
https://www.is.fi/digitoday/art-2000010788780.html
Nordean mobiili- ja verkkopankkipalvelussa on meneillään häiriö, eikä ainakaan osa käyttäjistä pääse kirjautumaan pankkipalveluihin.
– Palvelunestohyökkäyksen takia osa digikanavistamme tai -palveluistamme voi hetkellisesti toimia hitaasti tai olla ajoittain pois käytöstä, Nordea tiedottaa mobiilipankkisovelluksessaan.
Tomi Engdahl says:
Nordealla isoja ongelmia
Nordea tiedottaa joutuneensa jälleen kerran palvelunestohyökkäysten kohteeksi.
https://www.iltalehti.fi/digiuutiset/a/42f4effa-46e2-4455-a57a-2bc67beb1067
Nordean verkkopankkipalveluissa on jälleen laajoja ongelmia. Yhtiö kertoo joutuneensa jälleen palvelunestohyökkäyksen kohteeksi.
Iltalehti sai perjantai-iltana lukuisia yhteydenottoja Nordean palveluista, jotka eivät toimi.
Vikailmoituksista kirjaa pitävälle downdetector.fi-sivustolle on kirjattu yli tuhat vikailmoitusta kello 19 jälkeen perjantai-iltana.
Nordea kertoo palvelunestohyökkäyksestä viestissä, joka ilmestyy käyttäjän puhelimeen hänen yrittäessä kirjautua verkkopankkiin.
https://downdetector.fi/ei-toimi/nordea/
Tomi Engdahl says:
In Other News: CVE Turns 25, Henry Schein Data Breach, Reward for Shahid Hemmat Hackers
Noteworthy stories that might have slipped under the radar: CVE Program celebrates 25th anniversary, one year after ransomware attack Henry Schein says 160,000 are impacted, US offering rewards for Shahid Hemmat hackers.
https://www.securityweek.com/in-other-news-cve-turns-25-henry-schein-data-breach-reward-for-shahid-hemmat-hackers/
CVE Program’s 25th anniversary
The CVE Program has turned 25 and MITRE has published an anniversary report. According to MITRE, there are currently over 400 CVE Numbering Authorities (CNAs) and more than 240,000 CVE identifiers have been assigned as of October 2024.
Tomi Engdahl says:
LinkedIn Hit With 310 Million Euro Fine for Data Privacy Violations From Irish Watchdog
LinkedIn has received a 310 million euro fine from Ireland’s Data Protection Commission for data privacy violations.
https://www.securityweek.com/linkedin-hit-with-310-million-euro-fine-for-data-privacy-violations-from-irish-watchdog/
Tomi Engdahl says:
Location tracking of phones is out of control. Here’s how to fight back.
Unique IDs assigned to Android and iOS devices threaten your privacy. Who knew?
https://arstechnica.com/information-technology/2024/10/phone-tracking-tool-lets-government-agencies-follow-your-every-move/
Tomi Engdahl says:
Open source groups say more software projects may have been targeted for sabotage
https://www.reuters.com/technology/cybersecurity/open-source-groups-say-more-software-projects-may-have-been-targeted-sabotage-2024-04-15/
Tomi Engdahl says:
https://www.phoronix.com/news/Linus-Torvalds-Russian-Devs
Tomi Engdahl says:
Kasvojentunnistus poliisin käyttöön? Luotto virkavaltaan on kova Euroopassa
22.10.202419:05
Nuorimmat antaisivat äänestyspäätöksensäkin koneälyn käsiin.
https://www.mikrobitti.fi/uutiset/kasvojentunnistus-poliisin-kayttoon-luotto-virkavaltaan-on-kova-euroopassa/25aea57a-9449-486f-90c7-ed9a6138abfb
Tomi Engdahl says:
Jättimäisessä hyökkäyksessä hyödynnettiin Suomessa myytyjä laitteita – Onko sinulla jokin näistä?
https://www.iltalehti.fi/digiuutiset/a/d749b387-958a-449a-b0c7-5316cc80d545
Kyberturvallisuuskeskus varoittaa Suomessa myydyistä reitittimistä, josta paljastui aiemmin vakava haavoittuvuus.
Yhdysvaltalainen Cloudflare uutisoi lokakuun alussa jättimäisestä palvelunestohyökkäyksestä, jossa mitattiin enimmillään peräti 3,8 terabitin edestä hyökkäysliikennettä sekunnissa. Kyseessä on Cloudflaren mukaan kaikkien aikojen korkein mitattu lukema.
Suuri osa Cloudflaren raportoimasta hyökkäysliikenteestä oli peräisin murretuista Asus-merkkisistä kotireitittimistä. Hyökkääjät hyödynsivät reitittimistä viime kesänä paljastunutta haavoittuvuutta CVE-2024-3080, joka mahdollistaa rikollisille pääsyn tavallisten ihmisten verkkolaitteisiin.
– Haavoittuvuuksia on havaittu hyväksikäytettävän myös Suomessa ja tähän viittaavaa haittaliikennettä on havaittu, Kyberturvallisuuskeskus kertoo viikkokatsauksessaan.
Tomi Engdahl says:
Toivottavasti et ole kytkenyt nettiboksisi piuhoja näin – Viranomaiselta varoitus
https://www.iltalehti.fi/digiuutiset/a/d5575565-024f-46c6-8cf7-bf7510feb3e6
Kyberturvallisuuskeskus muistuttaa reitittimien tietoturvasta. Se lisäsi ohjeisiinsa tietoa laitteiden turvallista kytkemisestä ja varoittaa väärien kytkentöjen mahdollisista seurauksista.
Tomi Engdahl says:
Oletko muistanut tehdä nämä toimenpiteet reitittimellesi? Erittäin tärkeää
https://www.iltalehti.fi/digiuutiset/a/5761b4a4-107b-4eb0-af49-e2a90722e491
Tomi Engdahl says:
Kyberturvallisuuskeskus painottaa kuluttajien vastuuta. Suomalaisia reitittimiä käytettiin äskettäin myös poikkeuksellisen suuressa palvelunestohyökkäyksessä Nordeaa vastaan.
Erityisen tärkeää on tarkistaa, että nettipiuha on kytketty reitittimen oikeaan porttiin. Jos näin ei ole tehty, reititin menettää palomuuritoimintonsa ja lähiverkon laitteet ovat suoraan alttiita internetistä tulevalle haitalliselle liikenteelle.
Kyberturvallisuuskeskus painottaa kuluttajien vastuuta. Suomalaisia reitittimiä käytettiin äskettäin myös poikkeuksellisen suuressa palvelunestohyökkäyksessä Nordeaa vastaan.
Erityisen tärkeää on tarkistaa, että nettipiuha on kytketty reitittimen oikeaan porttiin. Jos näin ei ole tehty, reititin menettää palomuuritoimintonsa ja lähiverkon laitteet ovat suoraan alttiita internetistä tulevalle haitalliselle liikenteelle.
Viranomainen julkaisi listan: Onko sinulla joku näistä reitittimistä? Toimi näin
https://www.is.fi/digitoday/tietoturva/art-2000010786835.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/hackers-exploit-52-zero-days-on-the-first-day-of-pwn2own-ireland/?fbclid=IwZXh0bgNhZW0CMTEAAR3xwfUT4ajq2KBOvrCNmge7_Xfzo815GkTJ67gXJkmJaM_emaUeKZ-aIYw_aem_Qzkjv5N-MDIEsoZ58lxqjQ
Tomi Engdahl says:
Viranomaiset varoittavat reitittimistä, joista löytyi vakava haavoittuvuus – tarkista, onko sinulla sellainen
Kodin nettilaitteille tarkoitettuja reitittimiä voidaan käyttää kyberrikollisuuden välineinä. Väärin kytketyt kaapelitkin voivat altistaa laitteen haitoille.
https://yle.fi/a/74-20120434
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/new-windows-driver-signature-bypass-allows-kernel-rootkit-installs/
Tomi Engdahl says:
Tällaisia takaportteja viestijärjestelmiin on rakennettu ja näin ne ovat vuotaneet – silti EU haluaa avata uuden portin
Liikenne- ja viestintävaliokunta tyrmäsi tällä viikolla EU:n esityksen, joka mahdollistaisi ihmisten viestien seulomisen lasten seksuaalista hyväksikäyttöä esittävän materiaalin löytämiseksi.
https://yle.fi/a/74-20120462?origin=rss&fbclid=IwY2xjawGL97lleHRuA2FlbQIxMQABHZ5PD5jsEBb7jTj4nDO38n81VwH2Ho1ThlNIazQKGU50iVPGKdUmTZyhxg_aem_DMBxXZrEclxyktObDMUKwA
Vaikka Kreikan Watergatesta on kulunut kaksikymmentä vuotta, vähän on muuttunut.
Lokakuun alussa Wall Street Journal uutisoi, että Kiinan hallintoon yhdistetty hakkeriryhmä on murtautunut yhdysvaltalaisten teleoperaattoreiden järjestelmiin ja käyttänyt kuukausien ajan hyväkseen viranomaisten ylläpitämiä telekuuntelujärjestelmiä.
Perjantain New York Times kertoi, että hakkerit olivat kohdistaneet vakoilun muun muassa republikaanien presidenttiehdokkaan Donald Trumpin ja tämän lähipiirin puhelimiin.
Takaporteista tulee myöhemmin ongelmia
Niin kauan kuin viestejä on välitetty, valtaapitävät ovat halunneet päästä avaamaan viestinnän. Tänäkin päivänä lähes kaikki maat vaativat teleoperaattoreilta mahdollisuuden salakuunnella teleliikennettä
Salausteknologian yleistyessä tämä halu on johtanut erilaisten takaporttien syntyyn.
Kun 2000-luvun taitteessa internetliikennettä säätelevään verkkoprotokollaan rakennettiin salausta, viranomaiset valitsivat mukaan menetelmän, jonka murtamiseen heillä oli kyvykkyys. Tämä heikko salausmenetelmä on yhä valikoimassa, vaikka laskentatehon kasvun myötä käytännössä jokaisella on kyvykkyys sen murtamiseen.
– Tämä on yksi esimerkki takaportista, josta on myöhemmin tullut ongelmia.
Viestien seulonta lisää haavoittuvuutta
Kaksi vuotta sitten EU-komissio esitti, että viestintäsovellusten on seulottava ihmisten viestit lasten seksuaalista hyväksikäyttöä esittävän materiaalin varalta. Asetus ei suoraan vaadi teknologiayhtiöitä rakentamaan takaportteja järjestelmiinsä, mutta käytännössä sen vaikutukset ovat samat.
Halunen katsoo, että teknisestä toteutuksesta riippumatta viestien seulonta loukkaa merkittävästi käyttäjien yksityisyydensuojaa, ja luo samalla lisää haavoittuvuuksia jo ennestään haavoittuvaan järjestelmään.
– Se olisi yksi komponentti, joka kaikkien pitäisi ottaa käyttöön. Jos tästä komponentissa löytyy haavoittuvuus, niin se olisi nimenomaan iso takaportti melkein mihin tahansa kommunikaatioon, Halunen toteaa.
Hän painottaa, että tämänkaltainen järjestelmä olisi erittäin herkullinen kohde kaikenlaiselle tiedustelutoiminnalle.
– Tällainen järjestelmä tulisi käytännössä jokaiseen puhelimeen Euroopassa.
Liikenne- ja viestintävaliokunnan mukaan esityksen hyväksyminen tarkoittaisi viestinnän massavalvonnan hyväksymistä. Asiantuntijakuulemisten pohjalta valiokunta katsoo, että seulontaa voidaan helposti laajentaa poliittisella päätöksellä koskemaan myös muunlaisia sisältöjä.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/16760-tekoaely-avaa-kyberrikollisille-pandoran-lippaan
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/free-frances-second-largest-isp-confirms-data-breach-after-leak/?fbclid=IwZXh0bgNhZW0CMTEAAR2z9C-xlh5-lrG8rOkPdwsZMzthHm_71AD5irshrB2qvLWJ38vTLqJQEiI_aem__yfclDZYClHZ7dQhiuhd3Q
Tomi Engdahl says:
Ransomware-hyökkäyksen anatomia: kaikki koneet saastuivat muutamassa tunnissa
https://etn.fi/index.php/13-news/16767-ransomware-hyoekkaeyksen-anatomia-kaikki-koneet-saastuivat-muutamassa-tunnissa
Traficomin Kyberturvallisuuskeskus järjesti eilen mediatilaisuuden, jossa kartoitettiin tämän hetken kybermaisemaa. Tietoturva-asiantuntija Samuli Könönen kertoi suosiotaan kasvattavista kiristyshaittaohjelmista esimerkiksi kautta. Marraskuussa 2022 Lockbit-haittaohjelma saastutti muutamassa tunnissa Keski-Uudenmaan koulutuskuntayhtymä Keudan kaikki koneet.
Seuraukset hyökkäyksestä olivat massiiviset. – Verkon etähallintaohjelma jäi auki, mikä mahdollisti palvelimien asetusten muuttamisen etänä. Hyökkääjä sai tunnukset todennäköisesti tietojenkalastelun avulla, eikä organisaatio valvonut poikkeuksellisia kirjautumisia, Könönen selvitti.
Hyökkäyksen takia palvelimet ja esimerkiksi Keudan sähköposti oli pysähdyksissä yli kuukauden ajan. Lopulta kaikki asennettiin uudelleen, mikä tarkoitti noin 1500 tietokonetta. – Suorat kustannukset ylittivät 100 tuhatta euroa.
Tomi Engdahl says:
https://hackaday.com/2024/10/23/will-io-domain-names-survive-a-geopolitical-rearrangement/
Tomi Engdahl says:
Financial Times:
A UK judge sentences a 27-year-old man who used AI tool Daz 3D to create child sexual abuse imagery to 18 years in prison, a landmark prosecution over deepfakes
Man who used AI to create child abuse images jailed for 18 years in UK
Judge rules in landmark case involving deepfake sexual abuse material
https://www.ft.com/content/81060e76-994d-4635-af02-637504c69532
A man who used artificial intelligence technology to create child sexual abuse imagery was sentenced to 18 years in prison on Monday, in a landmark prosecution over deepfakes in the UK.
Hugh Nelson, 27, from Bolton, pleaded guilty to a total of 16 child sexual abuse offences, including transforming everyday photographs of real children into sexual abuse material using AI tools from US software provider Daz 3D. He also admitted encouraging others to commit sexual offences on children.
At Bolton Crown Court, Judge Martin Walsh imposed an extended sentence on Nelson, saying he posed a “significant risk” of causing harm to the public.
Advances in AI mean fake images have become more realistic and easier to create, prompting experts to warn about a rise in computer-generated indecent images of children.
Jeanette Smith, a prosecutor from the Crown Prosecution Service’s Organised Child Sexual Abuse Unit, said Nelson’s case set a new precedent for how computer-generated images and indecent and explicit deepfakes could be prosecuted.
“This case is one of the first of its kind but we do expect to see more as the technology evolves,” said Smith.
Greater Manchester Police found both real images of children and computer-generated images of child sexual abuse on Nelson’s devices, which were seized last June.
The computer-generated images did not look exactly like real photographs but could be classified as “indecent photographs”, rather than “prohibited images”, which generally carry a lesser sentence. This was possible, Smith said, because investigators were able to demonstrate they were derived from images of real children sent to Nelson.
Nelson in August admitted to creating and selling bespoke images of child sexual abuse tailored to customers’ specific requests. He generated digital models of the children using real photographs that his customers had submitted. Police also said he further distributed the images he had created online, both for free and for payment.
It comes as both the tech industry and regulators are grappling with the far-reaching social impacts of generative AI. Companies such as Google, Meta and X have been scrambling to tackle deepfakes on their platforms.
The UK’s Online Safety Act, which passed last October, makes it illegal to disseminate non-consensual pornographic deepfakes. But Nelson was prosecuted under existing child abuse law.
Smith said that as AI image generation improved, it would become increasingly challenging to differentiate between different types of images. “That line between whether it’s a photograph or whether it’s a computer-generated image will blur,” she said.
Daz 3D, the company that created the software used by Nelson, said that its user licence agreement “prohibits its use for the creation of images that violate child pornography or child sexual exploitation laws, or are otherwise harmful to minors”
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/new-tool-bypasses-google-chromes-new-cookie-encryption-system/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/russian-charged-by-us-for-creating-redline-infostealer-malware/?fbclid=IwY2xjawGOvjNleHRuA2FlbQIxMQABHaxA1VaCgen1IdYaOom7NUpq6Bar7c1A0PlX5rqdTL6i5yTMOgkdMKHGTw_aem_pYgpNOyhUeMw7RCvazIxVQ
Tomi Engdahl says:
The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay. Tor has written about this. Hacker News thread.
Law Enforcement Deanonymizes Tor Users
https://www.schneier.com/blog/archives/2024/10/law-enforcement-deanonymizes-tor-users.html?fbclid=IwZXh0bgNhZW0CMTEAAR3N1fFJ1LpVXyz2xl83jMq3nOd0L5CtUIgGwdKZ5tMVVGiE3by7xJPJk-4_aem_zB2lOSrnBqd7NWfh5SVmKg
https://marx.wtf/2024/10/10/law-enforcement-undermines-tor/
Few weeks ago, the German political magazine Panorama and STRG_F reported that law enforcement agencies infiltrated the Tor network in order to expose criminals. The reporters had access to documents showing four successful deanonymizations. I was given the chance to review some documents. In this post, I am highlighting publicly documented key findings.
2024-09-12: Telefónica implements IP Catching
Frankfurt District Court orders Telefónica (O2) to surveil its customers for up to three months
Telefónica reports all customers connecting to a specific Tor entry relay named by the German Federal Criminal Police Office (Bundeskriminalamt, BKA). This is called IP catching
After a few days, the measure is completed successfully
2024-09-16: First statement of the Tor Project
Pinpointing Tor entry relays of onion services to successfully deanonymize Tor users
Timing analyses in combination with broad and long-term monitoring of Tor relay
V2 and V3 onion addresses were affected, at least between 2019/Q3 and 2021/Q2
2024-09-18: Journalists detail one case
Operation Liberty Lane is referenced
Four successful measures [=deanonymizations] in one investigation
2x identification of Ricochet users
2x further measures
Deanonymization is based on timing analysis
It’s not a classic software vulnerability that is exploited
Tor Project agrees that nothing indicates that a vulnerability in the Tor browser is exploited. Problem: The attack works even though the Tor software is working properly
More and more Tor relays in Germany are under surveillance for longer and longer periods, in such a way that apparently data has been used for timing analysis
Deanonymization takes some time. Tor users are not deanonymized by the authorities in the blink of an eye
Timing analyses was always possible when, to put it simply, there was „little traffic“ on an onion service and only a few packets were transmitted, which could then be assigned to a specific user. On whistleblowing platforms, there is usually little traffic until a source decides to submit data
Tomi Engdahl says:
Leivänpaahdin voi hyökätä pankkiin – suomalainen tutkija kehitti ratkaisun iot-laitteiden tietoturvaongelmiin
https://www.tivi.fi/uutiset/leivanpaahdin-voi-hyokata-pankkiin-suomalainen-tutkija-kehitti-ratkaisun-iot-laitteiden-tietoturvaongelmiin/862971a5-0d1d-40d9-b0ef-1e89a85ffb2d
Suomalainen tutkija loi menetelmän, jolla esineiden internet saadaan nykyistä turvallisemmaksi. Tässä jutussa hän kertoo, miten se toimii.
Nordeaan kohdistetut palvelunestohyökkäykset ovat olleet uutisissa viikkokausia. Pankki on ollut ongelmissa erityisesti siksi, että hyökkääjät ovat käyttäneet hyväkseen suomalaisia ja pohjoismaisia verkkoon liitettyjä kodinkoneita ja -laitteita.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/fog-ransomware-targets-sonicwall-vpns-to-breach-corporate-networks/
Tomi Engdahl says:
Imagine a scenario where your entire company’s IT system crashes in an instant, leaving nothing but destruction and chaos in its wake. In June 2017, the world’s most devastating computer virus, NotPetya, struck just like that—causing tens of billions of dollars in damages worldwide. What can we learn from this event?
Read the full story and its lessons!
NotPetya – The Ten Billion Dollar Worm
https://www.dna.fi/dnabusiness/blogi/-/blogs/notpetya-the-ten-billion-dollar-worm?utm_source=facebook&utm_medium=social&utm_content=LAA-artikkeli-notpetya-the-ten-billion-dollar-worm&utm_campaign=P_LAA_24-40-44_artikkelikampanja_ENKKU_&fbclid=IwZXh0bgNhZW0BMABhZGlkAasU_zmwIlwBHbIPoPYRrlFw6yUKqk_z_3_kMicQ4OSQNNjmCTRNaaAUDBDYnN3cP-T4Qw_aem_QzIaFREd2_sFs0n_jq-YgQ
In late June 2017, one of the most devastating cyberattacks in history began. The worm NotPetya struck critical infrastructure, corporations, and government systems across the globe, leaving a trail of crippled businesses and billions of dollars in damages in its wake. What follows is a true story.
Tomi Engdahl says:
Fired Employee Allegedly Hacked Disney World’s Menu System to Alter Peanut Allergy Information
https://m.slashdot.org/story/434869
A disgruntled former Disney employee allegedly repeatedly hacked into a third-party menu creation software used by Walt Disney World’s restaurants and changed allergy information on menus to say that foods that had peanuts in them were safe for people with allergies, added profanity to menus, and at one point changed all fonts used on menus to Wingdings, according to a federal criminal complaint.
Tomi Engdahl says:
North Korean govt hackers linked to Play ransomware attack
https://www.bleepingcomputer.com/news/security/north-korean-govt-hackers-linked-to-play-ransomware-attack/?fbclid=IwY2xjawGQN65leHRuA2FlbQIxMQABHeoEAI7m64AyrHdBGuZE6qv3120PaM4a41UXZf3P3OzKKAqL7ZGkJamiyQ_aem_0KccZLcVzc3aGs2L2-bJ7A
The North Korean state-sponsored hacking group tracked as ‘Andariel’ has been linked to the Play ransomware operation, using the RaaS to work behind the scenes and evade sanctions.
A report from Palo Alto Networks and its Unit 42 researchers claims that Andariel might be either an affiliate of Play or acting as an initial access broker (IAB), facilitating the deployment of the malware on a network they had breached several months earlier.
Tomi Engdahl says:
The penalty follows YouTube’s suspension of Russian state media and sanctioned channels. https://link.ie.social/SEdkbY
Tomi Engdahl says:
Over a thousand online shops hacked to show fake product listings
https://www.bleepingcomputer.com/news/security/over-a-thousand-online-shops-hacked-to-show-fake-product-listings/?fbclid=IwZXh0bgNhZW0CMTEAAR276DBqB3gUyDg8zIa8LmF7Ou7biIkjUuNEb6IeT2HSS_72-Eq-h8wwk5w_aem_FcBLGZsl8l5S7PpvmMt0VQ
A phishing campaign dubbed ‘Phish n’ Ships’ has been underway since at least 2019, infecting over a thousand legitimate online stores to promote fake product listings for hard-to-find items.
Unsuspecting users clicking on those products are redirected to a network of hundreds of fake web stores that steal their personal details and money without shipping anything.
According to HUMAN’s Satori Threat Intelligence team that discovered Phish n’ Ships, the campaign has impacted hundreds of thousands of consumers, causing estimated losses of tens of millions of dollars.
The Phish n’ Ships operation
The attack starts by infecting legitimate sites with malicious scripts by exploiting known vulnerabilities (n-days), misconfigurations, or compromised administrator credentials.
Once a site is compromised, the threat actors upload inconspicuously named scripts such as “zenb.php” and “khyo.php,” with which they upload fake product listings.
These items are complete with SEO-optimized metadata to increase their visibility on Google search results, from where victims can be drawn.
When victims click on these links, they are redirected through a series of steps that ultimately lead to fraudulent websites, often mimicking the interface of the compromised e-store or using a similar design.
All of these fake shops are connected to a network of fourteen IP addresses
Attempting to purchase the item on the fake shop takes victims through a fake checkout process designed to appear legitimate but does not include any data verification, a sign of potential fraud.
The malicious sites steal the information victims enter in the order fields, including their credit card details, and complete the payment using a semi-legitimate payment processor account controlled by the attacker.
The purchased item is never shipped to the buyer, so the victims lose both their money and data.
Tomi Engdahl says:
https://uk.pcmag.com/identity-management/155104/expressvpn-launches-identity-theft-tracking-data-removal
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-bug-causing-apps-to-stop-working/?fbclid=IwZXh0bgNhZW0CMTEAAR3OzusfXozPpOTi1anY_IVk27hMjQwM3OintxXCrzb1L8kpKje31_-8RSE_aem_DkSJEkbx7XO3R1Xgqv3xwg
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/hackers-target-critical-zero-day-vulnerability-in-ptz-cameras/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/microsoft-chinese-hackers-use-quad7-botnet-to-steal-credentials/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/litespeed-cache-wordpress-plugin-bug-lets-hackers-get-admin-access/
Tomi Engdahl says:
Microsoft will charge Windows 10 users $30 per year for security updates
https://www.tomshardware.com/software/operating-systems/microsoft-will-charge-windows-10-users-usd30-per-year-for-security-updates
Tomi Engdahl says:
Here’s the paper no one read before declaring the demise of modern cryptography
The advance was incremental at best. So why did so many think it was a breakthrough?
https://arstechnica.com/information-technology/2024/10/the-sad-bizarre-tale-of-hype-fueling-fears-that-modern-cryptography-is-dead/#gsc.tab=0