Red Teaming security assessments aim to demonstrate to clients how attackers in the real world might link together various exploits and attack methods to reach their objectives.
The post Stepping Into the Attacker’s Shoes: The Strategic Power of Red Teaming (Insights from the Field) appeared first on Security Boulevard.
Snowflakes has become the latest corporate victim in a cyberattack but how it is playing out is a little different than many breaches.
The post Snowflake Breach appeared first on Security Boulevard.
Let’s explore some of the details behind this escalating threat to SaaS applications, what may be driving it, and what you can do to better protect your SaaS footprint from these types of threats.
The post Why SaaS Identity Abuse is This Year’s Ransomware appeared first on RevealSecurity.
The post Why SaaS Identity Abuse is This Year’s Ransomware appeared first on Security Boulevard.
The LockBit ransomware group is claiming that it hacked into systems at the U.S. Federal Reserve and stole 33TB of data that it will begin leaking as early as Tuesday if the institution doesn’t pay the unspecified ransom. The notorious cybercriminals announced the attack on its dark web leak site on June 23, giving the..
The post LockBit Claims Ransomware Attack on U.S. Federal Reserve appeared first on Security Boulevard.
Copying users’ files and deleting some? Even a cartoon hound knows this isn’t fine.
The post Microsoft Privacy FAIL: Windows 11 Silently Backs Up to OneDrive appeared first on Security Boulevard.
Neiman Marcus has disclosed a data breach impacting 64,000 people just as a hacker announced the sale of customer data.
The post Neiman Marcus Data Breach Disclosed as Hacker Offers to Sell Stolen Information appeared first on SecurityWeek.
LivaNova USA says the personal and medical information of 130,000 individuals was compromised in an October 2023 data breach.
The post LivaNova USA Discloses Data Breach Impacting 130,000 Individuals appeared first on SecurityWeek.
Last week I was reviewing a publication by the United Nation Office on Drugs and Crime published in January 2024, titled "Casinos, Money Laundering, Underground Banking, and Transnational Organized Crime in East and Southeast Asia: A Hidden and Accelerating Threat."
(URL to the UNODC report: UNODC: Casinos, Money Laundering, Underground Banking ... full report)
(URL to the USIP report: https://www.usip.org/node/160386 )
The reason I was looking into the report is that this 106 page report is about how Chinese organized crime has planted themselves in Casino complexes across Cambodia, Indonesia, Lao PDR, the Philippine, Thailand, and Viet Nam. The same modus operandi that we associate with the crypto investment scams that use the horrible name "pig butchering" to describe the financial grooming that leads to the complete financial devastation of so many Americans. In fact, I discovered the UN report, only by seeing it quoted in he report by the United States Institute of Peace, "Transnational Crime in Southeast Asia: A Growing Threat to Global Peace and Security" where it was mentioned in a footnote.
The UNODC report shares statistics from a Ministry of Public Security of China note, without providing a URL, that "between January to November 2023, authorities in the country successfully resolved 391,000 cases related to telecommunications and network fraud, totaling the arrest of 79,000 suspects, including 263 'backbone members or paymasters' of cyberfraud groups" (in the countries mentioned above.) This included:
Since I am working on a project that we call "Twenty Targets for Takedown" that is attempting to shut own illicit websites by terminating their domain registrations and hosting arrangements, the number "8.36 million fraud-related domains" made me shudder.
I am fortunate to count among my network some of the leading experts in domain-name related fraud and abuse, the number seemed overwhelmingly high, and I asked my colleagues from CAUCE, the Coalition Against Unsolicited Commercial Email, for assistance in looking into it. One quick opinion was that this could include a definition of domain name that would be more akin to a hostname, similar to what we have on Blogspot. "garwarner.blogspot.com" is a hostname on the domain "blogspot.com" ... but some would call it a "fully qualified domain name" and consider it a separate FQDN than other xyz.blogspot.com or abc.blogspot.com "domains."
John Levine helped me solve the "did they really mean millions, or is this possibly a bad translation" by helping me find the Ministry of Public Security site where the article was coming from and share several updated versions of these statistics.
The latest article we can find, dated 31MAY2024, quotes Li Guozhong ( 李国中 ) the Spokesman for China's Ministry of Pubic Security describing their successes over the past five years. In 2021, they established a National Anti-Fraud Center which sent out 660 million notices and were able to help stop fraud against 18.44 million people. This most recent article, which is focused on fraud and doesn't mention gambling at all, says that they have "handled 18 million domain names and websites." That's a machine translation of ( 处置涉案域名网址1800万个 ). I can confirm the 18 million ... written as 1800 ten thousands - 1800万个. Handled is perhaps better rendered "disposed of" 处置 (Chǔzhì). Still unsure how to interpret 域名 ( Yùmíng - Domain name) 网址 (Wǎngzhǐ - website), but I think for now, I'm going to assume it means "URLs" or "FQDNs" as opposed to only registered domains
Just since July 2023, 49,000 cyber fraud suspects have been transferred to China from northern Myanmar. 82,000 criminal suspect have been arrested, including 426 key "financial backers" behind the fraud groups.
China's Ministry of Public Security is actively conducting military style raids to help recover these fraud suspects from northern Myanmar, where China shares a long border with the country, which remains deeply embroiled in a state of civil war. MPS is also working collectively with other Southeast Asian countries and says it has "destroyed 37 overseas fraud dens."
Gee, doesn't that sound like REACT's Erin West and Operation Shamrock -- but with the full cooperation of the Government and Society?
The post Millions and Millions of Fraud Domains: China attacks Illegal Gambling and Telecom Fraud appeared first on Security Boulevard.
The Los Angeles County Department of Health Services discloses a data breach caused by push notification spamming attack.
The post Push Notification Fatigue Leads to LA County Health Department Data Breach appeared first on SecurityWeek.
A hacker claims to have stolen the information of 30 million users from TEG subsidiary Ticketek.
The post Hacker Claims Theft of 30M User Records From Australia Ticketing Company TEG appeared first on SecurityWeek.
Spend more on security! Car and truck dealers fall back on pen and paper as huge SaaS provider gets hacked (again).
The post 30,000 Dealerships Down — ‘Ransomware’ Outage Outrage no. 2 at CDK Global appeared first on Security Boulevard.
Santander US is notifying over 12,000 employees that their personal information was compromised in a data breach.
The post Santander Employee Data Breach Linked to Snowflake Attack appeared first on SecurityWeek.
CISA says CFATS program data was likely accessed after an Ivanti Connect Secure appliance was hacked in January.
The post Personal and Chemical Facility Information Potentially Accessed in CISA Hack appeared first on SecurityWeek.
Change Healthcare is starting to notify hospitals, insurers and other customers that they may have had patient information exposed in a massive cyberattack.
The post Change Healthcare to Start Notifying Customers Who Had Data Exposed in Cyberattack appeared first on SecurityWeek.
Ongoing European Union quest to break end-to-end encryption (E2EE) mysteriously disappears.
The post EU Aims to Ban Math — ‘Chat Control 2.0’ Law is Paused but not Stopped appeared first on Security Boulevard.
While many businesses invest heavily in frontline defense tools to keep out bad actors, they spend far less time and money preparing for what happens when the criminals eventually get in.
The post Closing the Readiness Gap: How to Ensure a Fast Recovery From the Inevitable Cyber Attack appeared first on Security Boulevard.
National passenger railroad company Amtrak is notifying customers that hackers have breached their Guest Rewards Accounts.
The post Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks appeared first on SecurityWeek.
The variety of tactics, from fake lotteries to impersonating officials, demonstrates the broad scope of threats targeting the Paris 2024 Olympic Games.
The post Cybercrime Targeting Paris 2024 Olympic Games Gains Steam appeared first on Security Boulevard.
AMD has launched an investigation after a notorious hacker announced selling sensitive data allegedly belonging to the company.
The post AMD Investigating Breach Claims After Hacker Offers to Sell Data appeared first on SecurityWeek.
The future of modeling catastrophic cyber risk hinges on our ability to move beyond misconceptions and confront the true extent of our exposure.
The post Debunking Common Myths About Catastrophic Cyber Incidents appeared first on Security Boulevard.
A global survey of more than 1,033 security and IT leaders published today finds nearly two-thirds (65%) lack confidence that their existing security tooling cannot effectively detect breaches.
The post Survey Surfaces Lack of Confidence in Security Tools appeared first on Security Boulevard.
Or junk it if EOL: Two nasty vulnerabilities need an update—pronto.
The post ASUS Router User? Patch ASAP! appeared first on Security Boulevard.
By centralizing, enriching and correlating identities to events, the suggestion is that security and platform teams can break silos and readily share findings to expedite investigations.
The post Sysdig Bids to Bolster Brittle Cloud Infrastructure Layers appeared first on Security Boulevard.
Blackbaud was ordered to pay $6.75 million to the California Attorney General’s Office over the 2020 data breach.
The post Blackbaud Settles With California for $6.75 Million Over 2020 Data Breach appeared first on SecurityWeek.
Cybercriminals are not about to give up – this is how they make their living. So it’s up to cybersecurity professionals to stay vigilant and learn as much as they can about the forces they face.
The post Are We Turning the Corner in the Fight Against Cybercrime? It’s Complicated. appeared first on Security Boulevard.
Interesting research: “Teams of LLM Agents can Exploit Zero-Day Vulnerabilities.”
Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems. However, these agents still perform poorly on real-world vulnerabilities that are unknown to the agent ahead of time (zero-day vulnerabilities).
In this work, we show that teams of LLM agents can exploit real-world, zero-day vulnerabilities. Prior agents struggle with exploring many different vulnerabilities and long-range planning when used alone. To resolve this, we introduce HPTSA, a system of agents with a planning agent that can launch subagents. The planning agent explores the system and determines which subagents to call, resolving long-term planning issues when trying different vulnerabilities. We construct a benchmark of 15 real-world vulnerabilities and show that our team of agents improve over prior work by up to 4.5×...
The post Using LLMs to Exploit Vulnerabilities appeared first on Security Boulevard.
Keytronic confirms that personal information was compromised after a ransomware group leaked allegedly stolen data.
The post Keytronic Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
US insurance company Globe Life is investigating a data breach involving unauthorized access to consumer and policyholder information.
The post Insurance Company Globe Life Investigating Data Breach appeared first on SecurityWeek.
The LA County’s Department of Public Health says the personal information of 200,000 was compromised in a data breach.
The post 200,000 Impacted by Data Breach at Los Angeles County Public Health Agency appeared first on SecurityWeek.
Cyber insurance and cybersecurity, when combined, can provide a powerful combination of protection and risk management.
The post The Seven Things You Need to Know About Cyber Insurance appeared first on Security Boulevard.
A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years.
The Spanish daily Murcia Today reports the suspect was wanted by the FBI and arrested in Palma de Mallorca as he tried to board a flight to Italy.
A still frame from a video released by the Spanish national police shows Tylerb in custody at the airport.
“He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. “According to Palma police, at one point he controlled Bitcoins worth $27 million.”
The cybercrime-focused Twitter/X account vx-underground said the U.K. man arrested was a SIM-swapper who went by the alias “Tyler.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS.
“He is a known SIM-swapper and is allegedly involved with the infamous Scattered Spider group,” vx-underground wrote on June 15, referring to a prolific gang implicated in costly data ransom attacks at MGM and Caesars casinos in Las Vegas last year.
Sources familiar with the investigation told KrebsOnSecurity the accused is a 22-year-old from Dundee, Scotland named Tyler Buchanan, also allegedly known as “tylerb” on Telegram chat channels centered around SIM-swapping.
In January 2024, U.S. authorities arrested another alleged Scattered Spider member — 19-year-old Noah Michael Urban of Palm Coast, Fla. — and charged him with stealing at least $800,000 from five victims between August 2022 and March 2023. Urban allegedly went by the nicknames “Sosa” and “King Bob,” and is believed to be part of the same crew that hacked Twilio and a slew of other companies in 2022.
Investigators say Scattered Spider members are part of a more diffuse cybercriminal community online known as “The Com,” wherein hackers from different cliques boast loudly about high-profile cyber thefts that almost invariably begin with social engineering — tricking people over the phone, email or SMS into giving away credentials that allow remote access to corporate internal networks.
One of the more popular SIM-swapping channels on Telegram maintains a frequently updated leaderboard of the most accomplished SIM-swappers, indexed by their supposed conquests in stealing cryptocurrency. That leaderboard currently lists Sosa as #24 (out of 100), and Tylerb at #65.
In August 2022, KrebsOnSecurity wrote about peering inside the data harvested in a months-long cybercrime campaign by Scattered Spider involving countless SMS-based phishing attacks against employees at major corporations. The security firm Group-IB called the gang by a different name — 0ktapus, a nod to how the criminal group phished employees for credentials.
The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication.
These phishing attacks used newly-registered domains that often included the name of the targeted company, and sent text messages urging employees to click on links to these domains to view information about a pending change in their work schedule. The phishing sites also featured a hidden Telegram instant message bot to forward any submitted credentials in real-time, allowing the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website.
One of Scattered Spider’s first big victims in its 2022 SMS phishing spree was Twilio, a company that provides services for making and receiving text messages and phone calls. The group then pivoted, using their access to Twilio to attack at least 163 of its customers.
A Scattered Spider phishing lure sent to Twilio employees.
Among those was the encrypted messaging app Signal, which said the breach could have let attackers re-register the phone number on another device for about 1,900 users.
Also in August 2022, several employees at email delivery firm Mailchimp provided their remote access credentials to this phishing group. According to Mailchimp, the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance.
On August 25, 2022, the password manager service LastPass disclosed a breach in which attackers stole some source code and proprietary LastPass technical information, and weeks later LastPass said an investigation revealed no customer data or password vaults were accessed.
However, on November 30, 2022 LastPass disclosed a far more serious breach that the company said leveraged data stolen in the August breach. LastPass said criminal hackers had stolen encrypted copies of some password vaults, as well as other personal information.
In February 2023, LastPass disclosed that the intrusion involved a highly complex, targeted attack against an engineer who was one of only four LastPass employees with access to the corporate vault. In that incident, the attackers exploited a security vulnerability in a Plex media server that the employee was running on his home network, and succeeded in installing malicious software that stole passwords and other authentication credentials. The vulnerability exploited by the intruders was patched back in 2020, but the employee never updated his Plex software.
Plex announced its own data breach one day before LastPass disclosed its initial August intrusion. On August 24, 2022, Plex’s security team urged users to reset their passwords, saying an intruder had accessed customer emails, usernames and encrypted passwords.
Sosa and Tylerb were both subjected to physical attacks from rival SIM-swapping gangs. These communities have been known to settle scores by turning to so-called “violence-as-a-service” offerings on cybercrime channels, wherein people can be hired to perform a variety geographically-specific “in real life” jobs, such as bricking windows, slashing car tires, or even home invasions.
In 2022, a video surfaced on a popular cybercrime channel purporting to show attackers hurling a brick through a window at an address that matches the spacious and upscale home of Urban’s parents in Sanford, Fl.
January’s story on Sosa noted that a junior member of his crew named “Foreshadow” was kidnapped, beaten and held for ransom in September 2022. Foreshadow’s captors held guns to his bloodied head while forcing him to record a video message pleading with his crew to fork over a $200,000 ransom in exchange for his life (Foreshadow escaped further harm in that incident).
According to several SIM-swapping channels on Telegram where Tylerb was known to frequent, rival SIM-swappers hired thugs to invade his home in February 2023. Those accounts state that the intruders assaulted Tylerb’s mother in the home invasion, and that they threatened to burn him with a blowtorch if he didn’t give up the keys to his cryptocurrency wallets. Tylerb was reputed to have fled the United Kingdom after that assault.
KrebsOnSecurity sought comment from Mr. Buchanan, and will update this story in the event he responds.
Microsoft president says the company accepts full responsibility for every cybersecurity issue raised in a recent Cyber Safety Review Board report created by multiple officials from several U.S. government agencies
The post Microsoft Accepts Responsibility for U.S. Government Security Breaches appeared first on Security Boulevard.
Copilot Plus? More like Copilot Minus: Redmond realizes Recall requires radical rethink.
The post Recall ‘Delayed Indefinitely’ — Microsoft Privacy Disaster is Cut from Copilot+ PCs appeared first on Security Boulevard.
Ascension says patient information was stolen in an early-May ransomware attack that involved an employee downloading malware.
The post Ascension Says Personal, Health Information Stolen in Ransomware Attack appeared first on SecurityWeek.
The rise in U.S.-politics-themed scams indicates that adversarial nation states understand the significance of election years.
The post Chinese Threats Aim for Government Sector appeared first on Security Boulevard.
PTaaS involves outsourcing penetration testing activities to a trusted third-party service provider, saving busy internal teams valuable time and offering an objective outsider’s perspective of their systems.
The post Penetration-Testing-as-a-Service: An Essential Component of the Cybersecurity Toolkit appeared first on Security Boulevard.
Whether it be purely text-based social engineering, or advanced, image-based attacks, one thing's for certain — generative AI is fueling a whole new age of advanced phishing.
The post The “Spammification” of Business Email Compromise Spells Trouble for Businesses Around the Globe appeared first on Security Boulevard.
Life360 says hackers attempted to extort it after stealing personal information from a Tile customer support platform.
The post Life360 Says Personal Information Stolen From Tile Customer Support Platform appeared first on SecurityWeek.
The MGM Resorts breach is just one example demonstrating the crippling financial, legal and operational consequences of ransomware incidents.
The post A Deep Dive Into the Economics and Tactics of Modern Ransomware Threat Actors appeared first on Security Boulevard.
Try the Enzoic + ThreatQ Integration Free on the ThreatQ Marketplace Exciting news for cybersecurity teams: Enzoic and ThreatQuotient have partnered to offer a powerful integration that combines Dark Web monitoring with advanced threat intelligence. And now, you can now try this integration for free on the ThreatQ marketplace, giving your organization a unique opportunity […]
The post Unlock Advanced Threat Correlation appeared first on Security Boulevard.
Location tracking service leaks PII, because—incompetence? Seems almost TOO easy.
The post Tile/Life360 Breach: ‘Millions’ of Users’ Data at Risk appeared first on Security Boulevard.
The first quarter of 2024 painted a concerning picture of security threats for enterprise organizations: information leaks and breaches exposed sensitive data across major corporations.
The post Q1 2024: A Wake-up Call for Insider Threats appeared first on Security Boulevard.
It’s no secret that hospitals and other health care organizations are among the top targets for cybercriminals. The ransomware attacks this year on UnitedHealth Group’s Change Healthcare subsidiary, nonprofit organization Ascension, and most recently the National Health Service in England illustrate not only the damage to these organizations’ infrastructure and the personal health data that’s..
The post Connecticut Has Highest Rate of Health Care Data Breaches: Study appeared first on Security Boulevard.
The best-case scenario for mitigating cloud security risks is when CSPs and customers are transparent and aligned on their responsibilities from the beginning.
The post The Team Sport of Cloud Security: Breaking Down the Rules of the Game appeared first on Security Boulevard.
If your organization hasn’t taken these steps to prevent a ransomware attack, it’s time to act now to protect your company, its data, employees and most importantly, customers.
The post 5 Ways to Thwart Ransomware With an Identity-First Zero Trust Model appeared first on Security Boulevard.
IT systems – and this year networking equipment in particular – continue to pose the most security risk for organizations, but it is the vulnerable Internet of Things (IoT) devices that are quickly moving up the ladder, according to researchers with Forescout’s Verdere Labs researchers. In this year’s Riskiest Connected Devices report released this week,..
The post Network Equipment, IoT Devices are Big Security Risks: Forescout appeared first on Security Boulevard.
Microsoft and Google will provide free or low-cost cybersecurity tools and services to rural hospitals in the United States at a time when health care facilities are coming under increasing attack by ransomware gangs and other threat groups. For independent rural and critical access hospitals, Microsoft will provide grants and as much as 75% discounts..
The post Microsoft, Google Come to the Aid of Rural Hospitals appeared first on Security Boulevard.
Not our fault, says CISO: “UNC5537” breached at least 165 Snowflake instances, including Ticketmaster, LendingTree and, allegedly, Advance Auto Parts.
The post Ticketmaster is Tip of Iceberg: 165+ Snowflake Customers Hacked appeared first on Security Boulevard.
Login