A threat group dubbed Unfurling Hemlock infects targeted campaign with a single compressed file that, once executed, launches a 'cluster bomb' of as many as 10 pieces of malware that include loaders, stealers, and backdoors.

The post Unfurling Hemlock Tossing ‘Cluster Bombs’ of Malware appeared first on Security Boulevard.

Chinese fast-fashion-cum-junk retailer “is a data-theft business.”

The post Temu is Malware — It Sells Your Info, Accuses Ark. AG appeared first on Security Boulevard.

Let’s examine why so many applications remain vulnerable despite high-severity warnings and how to minimize the threat to your organization.

The post The Urgency to Uplevel AppSec: Securing Your Organization’s Vulnerable Building Blocks appeared first on Security Boulevard.

The rate of cyberattacks is rising as the threat level continues to evolve, according to BlackBerry Limited’s latest Global Threat Intelligence Report.

The post Cyberattack Rate Surges as Novel Malware Growth Accelerates appeared first on Security Boulevard.

2 min read Sticky note security now plagues application and service connections, necessitating a shift to more mature workload access safeguards.

The post How to Advance Breach Protection Against Non-Human Identity Threats in Workloads appeared first on Aembit.

The post How to Advance Breach Protection Against Non-Human Identity Threats in Workloads appeared first on Security Boulevard.

Researchers have identified three distinct nation-state campaigns leveraging advanced highly evasive and adaptive threat (HEAT) tactics.

The post Three Nation-State Campaigns Targeting Healthcare, Banking Discovered appeared first on Security Boulevard.

Cloud security has become a major focus for organizations worldwide as they battle with a growing number of data breaches and application sprawl that makes defense more complicated.

The post Cloud Security Tops Priority List for Organizations Globally appeared first on Security Boulevard.

Most organizations are uncertain about the effectiveness of their cybersecurity investments, despite increasing budgets and rampant cyber incidents, according to Optiv’s 2024 Threat and Risk Management Report.

The post Security Budgets Grow, but Inefficiencies Persist appeared first on Security Boulevard.

Threat actors can cover up their espionage activity by deploying ransomware or simply get some financial gain in the process.

The post Chinese APT Groups Use Ransomware to Hide Spying Activities appeared first on Security Boulevard.

30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.)

The post WordPress Plugin Supply Chain Attack Gets Worse appeared first on Security Boulevard.

A report from the Government Accountability Office (GAO) highlighted an urgent need to address critical cybersecurity challenges facing the nation.

The post GAO Urges Action to Address Critical Cybersecurity Challenges Facing U.S. appeared first on Security Boulevard.

In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication (MFA) issues, according to the latest Cisco Talos report.

The post Misconfigured MFA Increasingly Targeted by Cybercriminals appeared first on Security Boulevard.

Red Teaming security assessments aim to demonstrate to clients how attackers in the real world might link together various exploits and attack methods to reach their objectives.

The post Stepping Into the Attacker’s Shoes: The Strategic Power of Red Teaming (Insights from the Field) appeared first on Security Boulevard.

Snowflakes has become the latest corporate victim in a cyberattack but how it is playing out is a little different than many breaches.

The post Snowflake Breach appeared first on Security Boulevard.

Let’s explore some of the details behind this escalating threat to SaaS applications, what may be driving it, and what you can do to better protect your SaaS footprint from these types of threats.

The post Why SaaS Identity Abuse is This Year’s Ransomware appeared first on RevealSecurity.

The post Why SaaS Identity Abuse is This Year’s Ransomware appeared first on Security Boulevard.

The LockBit ransomware group is claiming that it hacked into systems at the U.S. Federal Reserve and stole 33TB of data that it will begin leaking as early as Tuesday if the institution doesn’t pay the unspecified ransom. The notorious cybercriminals announced the attack on its dark web leak site on June 23, giving the..

The post LockBit Claims Ransomware Attack on U.S. Federal Reserve appeared first on Security Boulevard.

Copying users’ files and deleting some? Even a cartoon hound knows this isn’t fine.

The post Microsoft Privacy FAIL: Windows 11 Silently Backs Up to OneDrive appeared first on Security Boulevard.

Last week I was reviewing a publication by the United Nation Office on Drugs and Crime published in January 2024, titled "Casinos, Money Laundering, Underground Banking, and Transnational Organized Crime in East and Southeast Asia: A Hidden and Accelerating Threat."

(URL to the UNODC report: UNODC: Casinos, Money Laundering, Underground Banking ... full report)

(URL to the USIP report: https://www.usip.org/node/160386 )

The reason I was looking into the report is that this 106 page report is about how Chinese organized crime has planted themselves in Casino complexes across Cambodia, Indonesia, Lao PDR, the Philippine, Thailand, and Viet Nam. The same modus operandi that we associate with the crypto investment scams that use the horrible name "pig butchering" to describe the financial grooming that leads to the complete financial devastation of so many Americans. In fact, I discovered the UN report, only by seeing it quoted in he report by the United States Institute of Peace, "Transnational Crime in Southeast Asia: A Growing Threat to Global Peace and Security" where it was mentioned in a footnote.

Examining Chinese Ministry of Public Security reports

The UNODC report shares statistics from a Ministry of Public Security of China note, without providing a URL, that "between January to November 2023, authorities in the country successfully resolved 391,000 cases related to telecommunications and network fraud, totaling the arrest of 79,000 suspects, including 263 'backbone members or paymasters' of cyberfraud groups" (in the countries mentioned above.) This included:

• interception of 2.75 BILLION fraud calls
• interception of 2.28 BILLION fraud messages
• the removal of 8.36 million fraud-related domain names
• and 328.8 billion yuan (US $46 billion) in funds related to fraud cases.

Since I am working on a project that we call "Twenty Targets for Takedown" that is attempting to shut own illicit websites by terminating their domain registrations and hosting arrangements, the number "8.36 million fraud-related domains" made me shudder.
I am fortunate to count among my network some of the leading experts in domain-name related fraud and abuse, the number seemed overwhelmingly high, and I asked my colleagues from CAUCE, the Coalition Against Unsolicited Commercial Email, for assistance in looking into it. One quick opinion was that this could include a definition of domain name that would be more akin to a hostname, similar to what we have on Blogspot. "garwarner.blogspot.com" is a hostname on the domain "blogspot.com" ... but some would call it a "fully qualified domain name" and consider it a separate FQDN than other xyz.blogspot.com or abc.blogspot.com "domains."

John Levine helped me solve the "did they really mean millions, or is this possibly a bad translation" by helping me find the Ministry of Public Security site where the article was coming from and share several updated versions of these statistics.

MPS Article: Significant success in combating telecom and internet fraud

18 Million Websites! 

The latest article we can find, dated 31MAY2024, quotes Li Guozhong ( 李国中 ) the Spokesman for China's Ministry of Pubic Security describing their successes over the past five years.  In 2021, they established a National Anti-Fraud Center which sent out 660 million notices and were able to help stop fraud against 18.44 million people. This most recent article, which is focused on fraud and doesn't mention gambling at all, says that they have "handled 18 million domain names and websites."  That's a machine translation of ( 处置涉案域名网址1800万个 ).  I can confirm the 18 million ... written as 1800 ten thousands - 1800万个.  Handled is perhaps better rendered "disposed of" 处置  (Chǔzhì).  Still unsure how to interpret 域名 ( Yùmíng - Domain name) 网址 (Wǎngzhǐ - website), but I think for now, I'm going to assume it means "URLs" or "FQDNs" as opposed to only registered domains 

The Anti-Fraud Center has intercepted 6.99 billion fraud calls and 6.84 billion text messages and intercepted 1.1 trillion yuan of funds. At current exchange rates, that would be around $151 Billion US Dollars!   

Just since July 2023, 49,000 cyber fraud suspects have been transferred to China from northern Myanmar. 82,000 criminal suspect have been arrested, including 426 key "financial backers" behind the fraud groups.  

Several maps help to demonstrate what's going on in Southeast Asia: 

(Source: Figure 1 from the afore-mentioned USIP report) 

Source: afore-mentioned UNODC report -- note the Myanmar/China border, which is where most of the Chinese rescues and raids have been conducted.

How Much Fraud? $64 Billion to $157 Billion per year!

The US Institute of Peace report estimates that there are as many as 500,000 scammers deployed in the region, earning potentially $64 Billion per year in fraud. The methodology they used for this calculation came from the UNODC report above. On p. 55 of that report, the UN said that they estimated each scammer was earning between $300 and 400 per day, and that they believed there were 80,000 to 100,000 scammers working six days per week in one unnamed Mekong country.  Using that estimate, they gave a "range" of $7.5 Billion to $12.5 billion in scam revenue for that country.  These numbers were calculated consistently with a Chinese MPS report about an initiative they called "Operation Chain Break" which estimated that scam compounds, including gambling and cyber scams, were generating $157 Billion per year. 

China's Ministry of Public Security is actively conducting military style raids to help recover these fraud suspects from northern Myanmar, where China shares a long border with the country, which remains deeply embroiled in a state of civil war. MPS is also working collectively with other Southeast Asian countries and says it has "destroyed 37 overseas fraud dens." 

China Launches Month of National Anti-Fraud Action

Today (24JUN2024) China launched a new month-long "National Anti-Fraud Action" with a nation-wide campaign that declares "Beware of new fraud methods and don't be a tool for telecom fraud."  The campaign uses what China calls a "Five-In" approach, meaning that Chinese citizens will see and spread anti-fraud messages in Communities, Rural Areas, Families, Schools, and Businesses.  Students will be provided materials to share with their families, Employees will be encouraged to share anti-fraud messages and materials with their families and communities, and Chinese Communist Party offices in rural areas and civic organizations will make sure the message is spread in those areas as well. The materials being prepared will be written separately to address the awareness needs of merchants, accounting personnel, minors, and the elderly, describing each fraud typology and helping to describe methods to safeguard from these typologies. A major objective will also be to help understand how to avoid becoming a "tool" or an "accomplice" of these fraud rings, who prey on the financially vulnerable to help them launder the proceeds of their crime.  The Ministry of Public Security will jointly publish the "Overseas Telecom Network Fraud Prevention Handbook with the Ministry of Foreign Affairs and the Ministry of Education to help improve prevention awareness especially for overseas students and diaspora Chinese communities. Major news media and new media platforms will continuously feature anti-fraud reports to strengthen and educate the public on fraud prevention and "continue to set off a new wave of anti-fraud among the whole people the whole society." 

Gee, doesn't that sound like REACT's Erin West and Operation Shamrock -- but with the full cooperation of the Government and Society? 

The announcement of the month of National Anti-Fraud Action concludes with some more recent statistics about the work of the National Anti-Fraud Center.  Just since 2023, today's report says that they have: 

• pushed out 420 million warning and dissuasion instructions
• met with 14.77 million people face-to-face to give warnings 
• made 310 million phone calls to warn vitims 
• sent 230 million dissuasion text messages
• intercepted 3.7 billion fraud calls 
• intercepted 2.96 billion fraud-related text messages
• blocked 11.619 million fraud-related domain names -- BLOCKED - this may mean "prevented access via Chinese Internet -- which may mean the sites are still available to victimize foreigners
• intercepted 452.9 billion yuan of funds ($62 Billion USD) 

What does this mean to those of us in the United States?  If China is doing an all-hands "Five-In" awareness campaign and deploying police for face-to-face dissuasion, the fraudsters may very realistically need to INCREASE their targeting of overseas victims to make up for the projected revenue hit this new effort may create. 

To quote Director Easterly at CISA: SHIELDS UP! 

The post Millions and Millions of Fraud Domains: China attacks Illegal Gambling and Telecom Fraud appeared first on Security Boulevard.

Spend more on security! Car and truck dealers fall back on pen and paper as huge SaaS provider gets hacked (again).

The post 30,000 Dealerships Down — ‘Ransomware’ Outage Outrage no. 2 at CDK Global appeared first on Security Boulevard.

Ongoing European Union quest to break end-to-end encryption (E2EE) mysteriously disappears.

The post EU Aims to Ban Math — ‘Chat Control 2.0’ Law is Paused but not Stopped appeared first on Security Boulevard.

While many businesses invest heavily in frontline defense tools to keep out bad actors, they spend far less time and money preparing for what happens when the criminals eventually get in.

The post Closing the Readiness Gap: How to Ensure a Fast Recovery From the Inevitable Cyber Attack appeared first on Security Boulevard.

The variety of tactics, from fake lotteries to impersonating officials, demonstrates the broad scope of threats targeting the Paris 2024 Olympic Games.

The post Cybercrime Targeting Paris 2024 Olympic Games Gains Steam appeared first on Security Boulevard.

The future of modeling catastrophic cyber risk hinges on our ability to move beyond misconceptions and confront the true extent of our exposure.

The post Debunking Common Myths About Catastrophic Cyber Incidents appeared first on Security Boulevard.

A global survey of more than 1,033 security and IT leaders published today finds nearly two-thirds (65%) lack confidence that their existing security tooling cannot effectively detect breaches.

The post Survey Surfaces Lack of Confidence in Security Tools appeared first on Security Boulevard.

Or junk it if EOL: Two nasty vulnerabilities need an update—pronto.

The post ASUS Router User? Patch ASAP! appeared first on Security Boulevard.

By centralizing, enriching and correlating identities to events, the suggestion is that security and platform teams can break silos and readily share findings to expedite investigations.

The post Sysdig Bids to Bolster Brittle Cloud Infrastructure Layers appeared first on Security Boulevard.

Cybercriminals are not about to give up – this is how they make their living. So it’s up to cybersecurity professionals to stay vigilant and learn as much as they can about the forces they face.

The post Are We Turning the Corner in the Fight Against Cybercrime? It’s Complicated. appeared first on Security Boulevard.

Interesting research: “Teams of LLM Agents can Exploit Zero-Day Vulnerabilities.”

Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems. However, these agents still perform poorly on real-world vulnerabilities that are unknown to the agent ahead of time (zero-day vulnerabilities).

In this work, we show that teams of LLM agents can exploit real-world, zero-day vulnerabilities. Prior agents struggle with exploring many different vulnerabilities and long-range planning when used alone. To resolve this, we introduce HPTSA, a system of agents with a planning agent that can launch subagents. The planning agent explores the system and determines which subagents to call, resolving long-term planning issues when trying different vulnerabilities. We construct a benchmark of 15 real-world vulnerabilities and show that our team of agents improve over prior work by up to 4.5×...

The post Using LLMs to Exploit Vulnerabilities appeared first on Security Boulevard.

Cyber insurance and cybersecurity, when combined, can provide a powerful combination of protection and risk management.

The post The Seven Things You Need to Know About Cyber Insurance appeared first on Security Boulevard.

Microsoft president says the company accepts full responsibility for every cybersecurity issue raised in a recent Cyber Safety Review Board report created by multiple officials from several U.S. government agencies

The post Microsoft Accepts Responsibility for U.S. Government Security Breaches appeared first on Security Boulevard.

Copilot Plus? More like Copilot Minus: Redmond realizes Recall requires radical rethink.

The post Recall ‘Delayed Indefinitely’ — Microsoft Privacy Disaster is Cut from Copilot+ PCs appeared first on Security Boulevard.

The rise in U.S.-politics-themed scams indicates that adversarial nation states understand the significance of election years.

The post Chinese Threats Aim for Government Sector  appeared first on Security Boulevard.

PTaaS involves outsourcing penetration testing activities to a trusted third-party service provider, saving busy internal teams valuable time and offering an objective outsider’s perspective of their systems.

The post Penetration-Testing-as-a-Service: An Essential Component of the Cybersecurity Toolkit appeared first on Security Boulevard.

Whether it be purely text-based social engineering, or advanced, image-based attacks, one thing's for certain — generative AI is fueling a whole new age of advanced phishing.

The post The “Spammification” of Business Email Compromise Spells Trouble for Businesses Around the Globe appeared first on Security Boulevard.

The MGM Resorts breach is just one example demonstrating the crippling financial, legal and operational consequences of ransomware incidents.

The post A Deep Dive Into the Economics and Tactics of Modern Ransomware Threat Actors appeared first on Security Boulevard.

Try the Enzoic + ThreatQ Integration Free on the ThreatQ Marketplace Exciting news for cybersecurity teams: Enzoic and ThreatQuotient have partnered to offer a powerful integration that combines Dark Web monitoring with advanced threat intelligence. And now, you can now try this integration for free on the ThreatQ marketplace, giving your organization a unique opportunity […]

The post Unlock Advanced Threat Correlation appeared first on Security Boulevard.

Location tracking service leaks PII, because—incompetence? Seems almost TOO easy.

The post Tile/Life360 Breach: ‘Millions’ of Users’ Data at Risk appeared first on Security Boulevard.

The first quarter of 2024 painted a concerning picture of security threats for enterprise organizations: information leaks and breaches exposed sensitive data across major corporations.

The post Q1 2024: A Wake-up Call for Insider Threats appeared first on Security Boulevard.

It’s no secret that hospitals and other health care organizations are among the top targets for cybercriminals. The ransomware attacks this year on UnitedHealth Group’s Change Healthcare subsidiary, nonprofit organization Ascension, and most recently the National Health Service in England illustrate not only the damage to these organizations’ infrastructure and the personal health data that’s..

The post Connecticut Has Highest Rate of Health Care Data Breaches: Study appeared first on Security Boulevard.

The best-case scenario for mitigating cloud security risks is when CSPs and customers are transparent and aligned on their responsibilities from the beginning.

The post The Team Sport of Cloud Security: Breaking Down the Rules of the Game appeared first on Security Boulevard.

If your organization hasn’t taken these steps to prevent a ransomware attack, it’s time to act now to protect your company, its data, employees and most importantly, customers.

The post 5 Ways to Thwart Ransomware With an Identity-First Zero Trust Model appeared first on Security Boulevard.

IT systems – and this year networking equipment in particular – continue to pose the most security risk for organizations, but it is the vulnerable Internet of Things (IoT) devices that are quickly moving up the ladder, according to researchers with Forescout’s Verdere Labs researchers. In this year’s Riskiest Connected Devices report released this week,..

The post Network Equipment, IoT Devices are Big Security Risks: Forescout appeared first on Security Boulevard.

Microsoft and Google will provide free or low-cost cybersecurity tools and services to rural hospitals in the United States at a time when health care facilities are coming under increasing attack by ransomware gangs and other threat groups. For independent rural and critical access hospitals, Microsoft will provide grants and as much as 75% discounts..

The post Microsoft, Google Come to the Aid of Rural Hospitals appeared first on Security Boulevard.

Not our fault, says CISO: “UNC5537” breached at least 165 Snowflake instances, including Ticketmaster, LendingTree and, allegedly, Advance Auto Parts.

The post Ticketmaster is Tip of Iceberg: 165+ Snowflake Customers Hacked appeared first on Security Boulevard.

In episode 333 of the Shared Security Podcast, Tom and Scott discuss a recent massive data breach at Ticketmaster involving the data of 560 million customers, the blame game between Ticketmaster and third-party provider Snowflake, and the implications for both companies. Additionally, they discuss Live Nation’s ongoing monopoly investigation. In the ‘Aware Much’ segment, the […]

The post Ticketmaster Data Breach and Rising Work from Home Scams appeared first on Shared Security Podcast.

The post Ticketmaster Data Breach and Rising Work from Home Scams appeared first on Security Boulevard.

U.S. Senator Ron Wyden, who late last month asked federal agencies to investigate flaws in UnitedHealth Group’s cybersecurity measures that led to the massive ransomware attack that disrupted hundreds of hospital and pharmacy operations, now is pushing the Health and Human Services (HHS) Department to require such large health care organizations to immediately implement protections...

The post Senator: HHS Needs to Require Security Measures for Health Sector appeared first on Security Boulevard.

The Federal Communications Commission is considering requiring broadband providers to improve the cybersecurity of the networks that route traffic around the internet, an issue the FCC and other government agencies have been working on for more than a year. The proposal would require ISPs to generate confidential reports that would outline what they have done..

The post FCC Pushes Ahead with Internet Routing Security Requirements appeared first on Security Boulevard.

Spy warez: Assistant director of the FBI’s Cyber Division Bryan Vorndran (pictured) might have the key to unscramble your files.

The post LockBit Victim? Ask FBI for Your Ransomware Key appeared first on Security Boulevard.

Stress? What stress? 43% of IT professionals report that their organization had experienced a security breach that caused downtime and cost $1-10 million.

The post CDW Survey Surfaces Cybersecurity Tool Sprawl Challenges appeared first on Security Boulevard.