View Course

admin

New Rules Impact 500 Million Outlook Users

Leave a Comment / Uncategorized /

Email has been both a blessing and a curse for billions of users. Unfortunately, it’s definitely been a blessing for hackers and a curse for consumers who receive their phishing attacks, malware attachments and more. Although highly-targeted “spear” phishing attacks are increasingly seen as the way to go by sophisticated threat actors, there’s no doubting the broad impact that spray-and-pray scammers, sending large volumes of email on a daily basis, have on the email ecosystem. It’s these malicious spam floods that can cause the most significant security issues, and it’s these that Microsoft is focusing on as it introduces new email security rules impacting the 500 million users of outlook.com, including hotmail.com and live.com addresses. Here’s what you need to know and do before May 5. New Outlook Security Rules Come Into Force On May 5 Google has already taken action against the problem of malicious bulk senders impacting the security of users of the Gmail service by introducing new sender authentication requirements on April 1. The point of these news rules is to mitigate the risk of criminals using unauthenticated or compromised domains to deliver dangerous payloads. Now, at last, Microsoft is following suit and introducing similar rules to “reduce the likelihood of spam and spoofing campaigns reaching our user base,” according to an April 2 Microsoft announcement on the Windows Defender security blog. Applying to domains sending more than 5,000 emails in a single day, and to the Outlook.com consumer service that supports hotmail.com, live.com, and outlook.com consumer domain addresses, the May 5 rules will require mandatory Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication, Reporting, and Conformance compliance. “Non‐compliant messages will first be routed to Junk,” Microsoft said, and eventually rejected if issues remain unresolved.If you are sending marketing materials, or maybe just run a large hobby mailing list, you need to take note. The full email authentication process has been explained in some detail by Microsoft, but the bullet point compliance requirements are as follows:

New Rules Impact 500 Million Outlook Users Read More »

Ethiopia, Uganda, Angola, Ghana, Nigeria top African countries targeted by threats

Leave a Comment / News /

Check Point Software Technologies released its Global Threat Index for December 2024, emphasising the growing sophistication of cybercriminals. For Africa, December was hardly a season to be jolly with eight of the continent’s countries listed among the top 20 most attacked. Ethiopia retained its top spot as the most attacked country with a 98.2% Normalised Risk Index out of the 106 countries featured in the Index. Other African countries featured in the top 20 are: Uganda at 8th place with a Normalised Risk Index of 68,2. Angola at 9th place with a Normalised Risk Index of 66,2.Ghana at 11th position with a Normalised Risk Index of 62,7.Nigeria at 13th position with a Normalised Risk Index of 62,3, not too far from Ghana.Kenya’s Normalised Risk Index has increased since last month, moving from position 20 to 17 with a Normalised Risk Index of 57,6. Mozambique comes in at position 18 with a Normalised Risk Index of 56,9.In 20th position with a higher Normalised Risk Index than last month is Cote d’Ivoire with 55,6.In December, the malware focus was on the rise due to FunkSec, an emerging ransomware-as-a-service, RaaS operator leveraging Artificial Intelligence, alongside persistent threats from malware families like FakeUpdates and AgentTesla. Data from ransomware shame sites reveals FunkSec as the most active group in December, responsible for 14% of all published attacks. Linked to Algeria, FunkSec appears driven by financial gain and hacktivist ideologies, with its AI-assisted tactics pointing to the increasing use of advanced technologies in cybercrime. FunkSec’s operations have thrust it to the forefront of double-extortion ransomware groups. Publishing over 85 victims in December 2024 alone, FunkSec has surpassed its competitors in volume. However, Check Point Research has flagged many of these claims as recycled or unverified, raising doubts about the group’s credibility Among the most prevalent malware threats, FakeUpdates reclaimed the top spot globally, affecting 5% of organisations worldwide, followed closely by AgentTesla, 3% and Androxgh0st, 3%. FakeUpdates, also known as SocGholish, remains a versatile downloader that introduces additional malicious payloads, while AgentTesla continues to target sensitive credentials. Maya Horowitz, VP of Research at Check Point Software, commented on the findings. “The latest trends in cybercrime underscore the importance of vigilance and innovation in cybersecurity. Organisations must leverage advanced threat prevention measures to protect themselves against the evolving landscape of sophisticated attacks.” Credits: Intelligent CIO

Ethiopia, Uganda, Angola, Ghana, Nigeria top African countries targeted by threats Read More »

Grubhub says hack on third-party exposed information on campus customers

Leave a Comment / News /

The delivery service Grubhub said a hacker stole personal data and partial payment card information from customers through a third-party contractor. In a statement published on Monday evening, the company said it recently identified a security incident that “originated with an account belonging to a third-party service provider that provided support services to Grubhub.” The information stolen includes names, email addresses, phone numbers, card types and the last four digits of card numbers. The hackers also stole hashed passwords for some legacy systems used by Grubhub.  The company did not respond to requests for comment about how many people were affected, when the incident happened and who was behind the attack.  “We recently detected unusual activity within our environment traced to a third-party service provider for our Support Team. Upon discovery, we promptly launched an investigation, identifying unauthorized access to an account associated with this provider. We immediately terminated the account’s access and removed the service provider from our systems altogether,” the company said. Also Read: US Treasury says Chinese hackers stole documents in ‘major incident’ “The unauthorized individual accessed contact information of campus diners, as well as diners, merchants and drivers who interacted with our customer care service.” It is unclear what campus Grubhub is referring to. The company runs a service specifically for college students on campuses around the U.S.  The company said it “took immediate action” to contain the attack and worked with experts to investigate the incident. Grubhub added that it is “confident that the incident has been fully contained.” They have rotated any passwords that may have been leaked, according to the statement.  The company claimed it has taken several other steps to secure its systems but did not elaborate on what measures have been instituted.  Grubhub is one of the world’s most popular food delivery apps, with more than 375,000 merchants serving over 4,000 U.S. cities. In November, Grubhub was sold by its Dutch owner to a company named Wonder for $650 million.  The company recently paid a $25 million penalty to settle charges from the Federal Trade Commission that it hid the cost of delivery from some customers, deceived workers about how much they would make from deliveries and listed restaurants without their permission as a pressure tactic.   The settlement was originally for $140 million but it was partially suspended because Grubhub could not pay the full amount.  Several other food delivery platforms have dealt with cyberattacks involving customer information, including Asian and Hispanic grocery service Weee!, PurFoods and others. Credit: The Record

Grubhub says hack on third-party exposed information on campus customers Read More »

US Treasury says Chinese hackers stole documents in ‘major incident’

Leave a Comment / News /

WASHINGTON (Reuters) -Chinese state-sponsored hackers breached the U.S. Treasury Department’s computer security guardrails this month and stole documents in what Treasury called a “major incident,” according to a letter to lawmakers that Treasury officials provided to Reuters on Monday. The hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents, the letter said. According to the letter, hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.” “Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter said. The Treasury Department said it was alerted to the breach by BeyondTrust on Dec. 8 and that it was working with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the hack’s impact. Treasury officials didn’t immediately respond to an email seeking further details about the hack. The FBI did not immediately respond to Reuters’ requests for comment, while CISA referred questions back to the Treasury Department. “China has always opposed all forms of hacker attacks,” Mao Ning, a spokesperson for China’s foreign ministry, told a regular news conference on Tuesday. A spokesperson for the Chinese Embassy in Washington rejected any responsibility for the hack, saying that Beijing “firmly opposes the U.S.’s smear attacks against China without any factual basis.” A spokesperson for BeyondTrust, based in Johns Creek, Georgia, told Reuters in an email that the company “previously identified and took measures to address a security incident in early December 2024” involving its remote support product. BeyondTrust “notified the limited number of customers who were involved,” and law enforcement was notified, the spokesperson said. “BeyondTrust has been supporting the investigative efforts.” The spokesperson referred to a statement posted on the company’s website on Dec. 8 sharing some details from the investigation, including that a digital key had been compromised in the incident and that an investigation was under way. That statement was last updated on Dec. 18. Tom Hegel, a threat researcher at cybersecurity company SentinelOne, said the reported security incident “fits a well-documented pattern of operations by PRC-linked groups, with a particular focus on abusing trusted third-party services – a method that has become increasingly prominent in recent years,” he said, using an acronym for the People’s Republic of China.” Credit: Reuters

US Treasury says Chinese hackers stole documents in ‘major incident’ Read More »

How to tell if a USB cable is hiding malicious hacker hardware

Leave a Comment / News /

Are your USB cables sending your data to hackers? We expect USB-C cables to perform a specific task: transferring either data or files between devices. We give little more thought to the matter, but malicious USB-C cables can do much more than what we expect. These cables hide malicious hardware that can intercept data, eavesdrop on phone calls and messages, or, in the worst cases, take complete control of your PC or cellphone. The first of these appeared in 2008 — but back then they were very rare and expensive — which meant the average user was largely safeguarded. Since then, their availability has increased 100-fold and now with both specialist spy retailers selling them as “spy cables” as well as unscrupulous sellers passing them off as legitimate products, it’s all too easy to buy one by accident and get hacked. So, how do you know if your USB-C cable is malicious? Identifying malicious USB-C cables Identifying malicious USB-C cables is no easy task since they are designed to look just like regular cables. Scanning techniques have been largely thought of as the best way to sort the wheat from the chaff, which is what industrial scanning company, Lumafield of the Lumafield Neptune industrial scanner fame, recently set out to show. Also Read: Secure Our World Software Updates Tips The company employed both 2D and 3D scanning techniques on the O.MG USB-C cable — a well-known hacked cable built for covert field-use and research. It hides an embedded Wi-Fi server and a keylogger in its USB connector. PCWorld Executive Editor Gordon Ung covered it back in 2021, and it sounds scary as hell. What Lumafield discovered is interesting to say the least. A 2D X-ray image could identify the cable’s antenna and microcontroller, but only the 3D CT scan could reveal another band of wires connected to a die stacked on top of the cable’s microcontroller. You can explore a 3D model of the scan yourself on Lumafield’s website. It confirms the worst — that you can only unequivocally confirm that a USB-C cable harbors malicious hardware with a 3D CT scanner, which unless you’re a medical radiographer or 3D industrial scientist is going to be impossible for you to do. That being so, here are some tips to avoid and identify suspicious USB-C cables without high-tech gear: If this article has been an eye-opener about the dodgy tactics hackers employ to steal your data, you’re not alone. Malicious USB-C cables are still not widely known about. That being so, be sure to share the tips above with your family and friends. The more people that take time to safeguard their data, the safer we will all be in the long run. Credit: PC World

How to tell if a USB cable is hiding malicious hacker hardware Read More »

Hackers Using Sitting Ducks Attack To Hijack Domains, 1 Million Domains Vulnerable

Leave a Comment / News /

Over 1 million registered domains could be vulnerable to a cyberattack method known as “Sitting Ducks,” as recently unveiled in a new report from Infoblox Threat Intel. This relatively unknown attack vector allows malicious actors to hijack legitimate domains by exploiting misconfigurations in DNS settings. The Sitting Ducks attack, which has been active since 2018, enables threat actors to gain full control of a domain by taking over its DNS configurations. Infoblox’s monitoring initiative identified approximately 800,000 vulnerable domains, with about 70,000 of those already hijacked. Threat Groups Several threat actor groups have been exploiting this attack vector: The attack is particularly dangerous due to its stealthy nature. Hijacked domains often retain their positive reputation which allows them to evade detection by security tools. This makes it challenging for security teams to identify and mitigate the threat. The impact of Sitting Ducks attacks is far-reaching, affecting organizations, individuals, and security teams. Businesses face reputational damage, while individuals risk malware infections, credential theft, and fraud. Security teams struggle to defend against these attacks due to the use of trusted domains in malicious infrastructure. To protect against Sitting Ducks attacks, domain holders, registrars, and DNS providers must ensure correct configurations and implement proper ownership verification processes. Increased awareness and vigilance within the cybersecurity community are crucial to addressing this growing threat. Credit: Cybersecurity News

Hackers Using Sitting Ducks Attack To Hijack Domains, 1 Million Domains Vulnerable Read More »

New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics

Leave a Comment / News /

Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up. “While the iOS implant delivery method closely mirrors that of the macOS version, the post-exploitation and privilege escalation stages differ significantly due to platform differences,” ThreatFabric said in an analysis published this week. LightSpy, first documented in 2020 as targeting users in Hong Kong, is a modular implant that employs a plugin-based architecture to augment its capabilities and allow it to capture a wide range of sensitive information from an infected device. Attack chains distributing the malware leverage known security flaws in Apple iOS and macOS to trigger a WebKit exploit that drops a file with the extension “.PNG,” but is actually a Mach-O binary responsible for retrieving next-stage payloads from a remote server by abusing a memory corruption flaw tracked as CVE-2020-3837. This includes a component dubbed FrameworkLoader that, in turn, downloads LightSpy’s Core module and its assorted plugins, which have gone up significantly from 12 to 28 in the latest version (7.9.0). “After the Core starts up, it will perform an Internet connectivity check using Baidu.com domain, and then it will check the arguments that were passed from FrameworkLoader as the [command-and-control] data and working directory,” the Dutch security company said. “Using the working directory path /var/containers/Bundle/AppleAppLit/, the Core will create subfolders for logs, database, and exfiltrated data.” The plugins can capture a wide range of data, including Wi-Fi network information, screenshots, location, iCloud Keychain, sound recordings, photos, browser history, contacts, call history, and SMS messages, as well as gather information from apps like Files, LINE, Mail Master, Telegram, Tencent QQ, WeChat, and WhatsApp. Some of the newly added plugins also boast destructive features that can delete media files, SMS messages, Wi-Fi network configuration profiles, contacts, and browser history, and even freeze the device and prevent it from starting again. Furthermore, LightSpy plugins can generate fake push notifications containing a specific URL. The exact distribution vehicle for the spyware is unclear, although it’s believed to be orchestrated via watering hole attacks. The campaigns have not been attributed to a known threat actor or group to date. Some of the newly added plugins also boast destructive features that can delete media files, SMS messages, Wi-Fi network configuration profiles, contacts, and browser history, and even freeze the device and prevent it from starting again. Furthermore, LightSpy plugins can generate fake push notifications containing a specific URL. The exact distribution vehicle for the spyware is unclear, although it’s believed to be orchestrated via watering hole attacks. The campaigns have not been attributed to a known threat actor or group to date. Credit: The Hacker News

New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics Read More »

Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser

Leave a Comment / Development, News /

Microsoft has disclosed details about a now-patched security flaw in Apple’s Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user’s privacy preferences and access data. The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024-44133 (CVSS score: 5.5). It was addressed by Apple as part of macOS Sequoia 15 by removing the vulnerable code. HM Surf “involves removing the TCC protection for the Safari browser directory and modifying a configuration file in the said directory to gain access to the user’s data, including browsed pages, the device’s camera, microphone, and location, without the user’s consent,” Jonathan Bar Or of the Microsoft Threat Intelligence team said. Microsoft said the new protections are limited to Apple’s Safari browser, and that it’s working with other major browser vendors to further explore the benefits of hardening local configuration files. HM Surf follows Microsoft’s discovery of Apple macOS flaws like Shrootless, powerdir, Achilles, and Migraine that could enable malicious actors to sidestep security enforcements. While TCC is a security framework that prevents apps from accessing users’ personal information without their consent, the newly discovered bug could enable attackers to bypass this requirement and gain access to location services, address book, camera, microphone, downloads directory, and others in an unauthorized manner. The access is governed by a set of entitlements, with Apple’s own apps like Safari having the ability to completely sidestep TCC using the “com.apple.private.tcc.allow” entitlement. While this allows Safari to freely access sensitive permissions, it also incorporates a new security mechanism called Hardened Runtime that makes it challenging to execute arbitrary code in the context of the web browser. That said, when users visit a website that requests location or camera access for the first time, Safari prompts for access via a TCC-like popup. These entitlements are stored on a per-website basis within various files located in the “~/Library/Safari” directory. The HM Surf exploit devised by Microsoft hinges on performing the following steps – The attack could be extended further to save an entire camera stream or stealthily capture audio through the Mac’s microphone, Microsoft said. Third-party web browsers don’t suffer from this problem as they do not have the same private entitlements as Apple applications. Microsoft noted it observed suspicious activity associated with a known macOS adware threat named AdLoad likely exploiting the vulnerability, making it imperative that users take steps to apply the latest updates. “Since we weren’t able to observe the steps taken leading to the activity, we can’t fully determine if the AdLoad campaign is exploiting the HM surf vulnerability itself,” Bar Or said. “Attackers using a similar method to deploy a prevalent threat raises the importance of having protection against attacks using this technique.” Credit: The Hacker News

Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser Read More »

Our vision is to create and deliver Cyber Security Awareness training to the NGOs, Small Medium Businesses, and Enterprises to help them reduce exposure to cyber security attacks.

Quick Links

About Us

Capabilities

Cyber Sec. News

Partners

Contact

Features

Sign Up

Courses

Home

Blog

Recent Posts

Copyright © 2024 Cyber Training Group International | All Rights Reserved

Facebook-f Twitter Instagram