Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22957

Posted by Moritz Abrell via Fulldisclosure on Aug 15

Advisory ID: SYSS-2022-052
Product: AudioCodes VoIP Phones
Manufacturer: AudioCodes Ltd.
Affected Version(s): Firmware Versions >= 3.4.8.M4
Tested Version(s): Firmware Version 3.4.4.1000
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2022-11-11
Solution Date:...

Use of Hard-coded Cryptographic Key (CWE-321) / CVE-2023-22956

Posted by Moritz Abrell via Fulldisclosure on Aug 15

Advisory ID: SYSS-2022-054
Product: AudioCodes VoIP Phones
Manufacturer: AudioCodes Ltd.
Affected Version(s): Firmware Versions >= 3.4.8.M4
Tested Version(s): Firmware Version 3.4.4.1000
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2022-11-11
Solution Date:...

Missing Immutable Root of Trust in Hardware (CWE-1326) / CVE-2023-22955

Posted by Moritz Abrell via Fulldisclosure on Aug 15

Advisory ID: SYSS-2022-055
Product: AudioCodes VoIP Phones
Manufacturer: AudioCodes Ltd.
Affected Version(s): Firmware Versions >= 3.4.4.1000
Tested Version(s): Firmware Version 3.4.4.1000
Vulnerability Type: Missing Immutable Root of Trust in Hardware (CWE-1326)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2022-11-14
Solution...

Bolstering Africa’s Cybersecurity

A thriving economy needs several factors to continue an upward trajectory — but is Africa in a position to enable these factors to take place?

Microsoft Cloud Security Woes Inspire DHS Security Review

Can the government help fix what's wrong in cloud security? An upcoming investigation is going to try.

Back to school security against ransomware attacks on K-12 and colleges

A ransomware attack on an educational institution causes more than just class disruption. It can result in lost teaching hours, financial strain, and compromised personal data. In the K-12 system, a closed school forces parents to request time off work and stretches limited school finances.

For college and university students, a ransomware attack may result in stolen personal data right as students start their professional lives.

Ransomware attacks have increased alarmingly, with reported K-12 incidents between 2018–2021 have risen from 400 in 2018 to an accumulated total of over 1,300, and we don’t need to look far to see how they’ve harmed the education sector.

A recent Truman State University ransomware attack caused several days of shutdowns and the engagement of external security teams. In Pennsylvania, the Penncrest school district found itself the target of a ransomware attack leading to multiple days of no internet access and disruption of school routines, impacting local families.

We’ll explore the steps IT teams at education institutes can take (and local government should support) in order to protect the people in their care from disruption and stolen data.

Stop ransomware through early detection

Once a ransomware attack has begun, it’s often too late to do anything about it. The sobering reality is that 100s of GB of data encrypt in under 5 minutes with Lockbit 2.0, and it’s only getting faster. Organizations are usually left with two bad options.

The first (and not recommended) option is to pay the ransom, then hope the cybercriminals decrypt your systems, don’t sell your data, and don’t return for another attack.

Alternatively, you will need to rebuild your IT systems from scratch, which can be expensive and time consuming considering the typically small IT departments many schools and universities have.

Putting security measures into place to prevent an attack in the first place is the best defense, and there are several attack vectors that IT can watch for early warnings. Many attackers take the path of least resistance, and monitoring the easiest routes makes a threat actor's job that much harder.

Though not comprehensive, here are several areas to consider closely monitoring:

• Phishing emails – A popular delivery method for sending ransomware executables to unwitting users. Strong anti-phishing software and awareness training is a must.
• Remote connections – Remote Desktop Protocol (RDP), Teamviewer, VNC, etc.
• Persistent installations – Unexpected startup programs or scheduled task creations.
• Privilege escalation – LSASS exploitation, pass-the-hash attacks, or insecure services.
• Detection prevention – Disabling Microsoft Antivirus and other security tools.
• Network reconnaissance – Port Scans, Promiscuous Network Modes, etc.
• Data exfiltration – Unexpected outbound connection targets and bandwidth traffic spikes.

Breached passwords offer easy starting points for ransomware

Logging in is easier than hacking in. Attackers can quickly exploit compromised passwords, especially when people re-use them across multiple personal and work accounts. For instance, a threat actor can purchase lists of compromised credentials then use social media to narrow down who works in a school.

Institutions implementing multi-factor authentication make this attack more difficult, but not impossible.

Tools such as Specops Password Policy with Breached Password Protection (BPP) check an institution’s Active Directory against a constantly updated list of over 3 billion unique compromised passwords – even those being used in attacks right now. This allows IT teams to close off hundreds of possible attack routes into their institution.

Specops Password Policy with Breached Password Protection is popular with schools, universities, and local governments due to cost-effectiveness, quick implementation, and ease of end-user use.

It allows institutions to create custom password policies, enforce compliance requirements, block compromised passwords, and help users create stronger passwords in Active Directory with dynamic, informative client feedback. Few solutions offer such a simple way to bolster password security and prevent attackers from gaining a foothold and instigating a ransomware attack.

Minimize the attack surface of public-facing systems

Open remote connections are a vulnerability waiting for exploitation. The 2022 Unit 42 Incident Response Report notes that RDP is a common target. Requiring a VPN or Zero-Trust Authentication gateway is necessary for any school, university, or local government to connect to internal systems remotely.

Even school print servers are unsafe if unpatched and exposed to the internet. For example, a recent PaperCut NG and PaperCut MF vulnerability led to increased ransomware attacks from the Bl00dy Ransomware Gang.

Focusing protection on systems that do not expose additional entry beyond what’s necessary keeps threat actors at bay. Minimizing the number of external services to monitor makes the job of school IT departments manageable.

Deal with stale and overprivileged accounts

It’s not uncommon for overworked school IT departments to have old accounts, forgotten users, and overprivileged service accounts floating around. These forgotten accounts might seem harmless, but they’re a tempting target for threat actors.

Going unnoticed, a compromise of an old account might not trigger a response since the owner may be long gone. Implementing a proper user lifecycle policy from on-boarding to off-boarding keeps old accounts from potential compromise.

Similarly, overprivileged accounts are endemic to nearly every IT organization. Creating a single privileged account to run multiple services may mean less work and monitoring. But when compromised, an overprivileged service account offers many footholds into a school or university network.

By “right-sizing” accounts through the concept of least-privileged access and separation of duties, a compromised account is far less likely to cause devastation across the network.

Harden endpoints against ransomware attacks

Even the best prevention strategies may not stop a determined adversary from sneaking a phishing email with ransomware executable to an unsuspecting student or IT administrator. Once downloaded, an unprotected endpoint may provide all that is needed to spread the ransomware throughout the school’s network.

Below are several common steps to take when hardening a Windows endpoint:

• Prevent running suspicious executables through the use of Microsoft Applocker and allow-list applications.
• Implement SMBv3 and disable SMB v1 and v2 to prevent lateral network intrusions.
• Disable default usernames and passwords on all devices and endpoints.
• Implement LAPS (Local Administrator Password Solution) for older OSs such as Windows Server 2019 and Windows 10.
• Implement the Attack Surface Reduction (ASR) rule for LSASS and Windows Defender Credential Guard.
• Implement PowerShell logging and harden remote PowerShell connections.
• Require non-deferred Windows Updates along with consistent Antivirus updates.
• Block saving user passwords to local browsers such as Chrome and Firefox.

Preventing an endpoint from further compromise may quickly stop a ransomware attack. This prevention avoids the need to restore systems from backups.

Protect against catastrophe with up-to-date offline backups

If the worst has happened, and a ransomware attack has taken down a school’s network, up-to-date and offline-stored backups are crucial to getting the students back in the classroom.

By keeping backups offline, segmented, or “air-gapped,” a successful ransomware attack will not affect those backups allowing a clean restore.

Backing up an entire institution can be difficult and incur significant storage costs. However, not doing so could be even more costly, as threat actors may demand millions of dollars for restoration.

IT administrators must continuously test backups, verify recovery procedures are in place, and gauge the difficulty of a full restore to be ready in the event of an incident.

Can we keep schools and students secure?

The FBI (Federal Bureau of Investigation), CISA, and the MS-ISAC warned about Vice Society and the threat it poses to education sectors in a joint Cybersecurity Advisory (CSA):

“School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cyber criminals can still put school districts with robust cybersecurity programs at risk. K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers.”

Ransomware is a growing and costly problem for schools and their students. Local governments can support schools and universities by funding the right security tools and techniques for ransomware detection, prevention, and mitigation.

Although there are no foolproof ways to prevent every ransomware attack, a comprehensive security plan incorporating the above steps will stop most attacks and go a long way towards prevention.

You can get started with back to school security by trying out Specops Password Policy for free here.

Sponsored and written by Specops Software

New CVE-2023-3519 scanner detects hacked Citrix ADC, Gateway devices

Mandiant has released a scanner to check if a Citrix NetScaler Application Delivery Controller (ADC) or NetScaler Gateway Appliance was compromised in widespread attacks exploiting the CVE-2023-3519 vulnerability.

The critical CVE-2023-3519 Citrix flaw was discovered in mid-July 2023 as a zero-day, with hackers actively exploiting it to execute code remotely without authentication on vulnerable devices.

A week after Citrix made security updates to address the problem available, Shadowserver reported that there were still 15,000 internet-exposed appliances that hadn't applied the patches.

However, even for organizations that installed the security updates, the risk of being compromised remains, as the patch does not remove malware, backdoors, and webshells planted by the attackers in the post-compromise phase.

Scanner checks for hacked devices

Today, Mandiant released a scanner that enables organizations to examine their Citrix ADC and Citrix Gateway devices for signs of compromise and post-exploitation activity.

"The tool is designed to do a best effort job at identifying existing compromises," reads Mandiant's post.

"It will not identify a compromise 100% of the time, and it will not tell you if a device is vulnerable to exploitation."

Mandian't Ctrix IOC Scanner must be run directly on a device or a mounted forensic image, as it will scan the local filesystem and configuration files for the presence of various IOCs.

When finished, the scanner will display a summary detailing if it encountered any signs of compromise, as shown below.

Positive scan result
Source: Mandiant

If it detects that the device was compromised, the scanner will display a detailed report listing the various indicators of compromise that were detected.

Detected IOCs in Citrix Scan
Source: Mandiant

Some of the indicators of compromise that the scanner looks for on Citrix devices are listed below:

• File system paths containing that may contain suspicious files:
  • /var/netscaler/logon/LogonPoint/uiareas
  • /var/netscaler/logon/LogonPoint/uiareas/*/
  • /netscaler/ns_gui/epa/scripts/*/
  • /netscaler/ns_gui/vpns/theme/default
  • /var/vpn/themes/
• Known attacker or suspicious commands in the shell history:
  • whoami$
  • cat /flash/nsconfig/keys
  • ldapsearch
  • chmod +x /tmp
  • openssl des3
  • ping -c 1
  • cp /bin/sh
  • chmod +s /var
  • echo

2,000 Citrix NetScaler Instances Backdoored via Recent Vulnerability

A threat actor has exploited a recent Citrix vulnerability (CVE-2023-3519) to infect roughly 2,000 NetScaler instances with a backdoor.

The post 2,000 Citrix NetScaler Instances Backdoored via Recent Vulnerability appeared first on SecurityWeek.

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems (ICS) advisories on August 15, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-23-227-01 Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon
• ICSA-23-227-02 Rockwell Automation Armor PowerFlex

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon M340, M580 and M580 CPU

1. EXECUTIVE SUMMARY

• CVSS v3 8.1
• ATTENTION: Exploitable remotely
• Vendor: Schneider Electric
• Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert, Modicon M340 CPU, Modicon M580 CPU, Modicon Momentum Unity M1E Processor, Modicon MC80
• Vulnerability: Authentication Bypass by Capture-replay

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to execute unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following components of Schneider Electric EcoStruxure and Modicon are affected:

• EcoStruxure Control Expert: All versions
• EcoStruxure Process Expert: Version V2020 & prior
• Modicon M340 CPU (part numbers BMXP34*): All versions
• Modicon M580 CPU (part numbers BMEP* and BMEH*): All versions
• Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S): All versions
• Modicon Momentum Unity M1E Processor (171CBU*): All versions
• Modicon MC80 (BMKC80): All versions

3.2 VULNERABILITY OVERVIEW

3.2.1 AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294

An authentication bypass by capture-replay vulnerability exists that could execute unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session.

CVE-2022-45789 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

• CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy, Commercial Facilities
• COUNTRIES/AREAS DEPLOYED: Worldwide
• COMPANY HEADQUARTERS LOCATION: France

3.4 RESEARCHER

Jos Wetzels and Daniel dos Santos, Forescout Technologies, reported these vulnerabilities to Schneider Electric.

4. MITIGATIONS

Schneider Electric has released the following remediations and mitigations for users to implement:

• EcoStruxure Process Expert: Version V2021 is available for download and is not impacted by this vulnerability as the affected component has been removed from this version.
• EcoStruxure Control Expert: Set up a VPN between the Modicon PLC controllers and the engineering workstation containing EcoStruxureTM Control.
• EcoStruxure Control Expert: Harden the workstation running EcoStruxure Control Expert.
• EcoStruxure Process Expert: Set up a VPN between the Modicon PLC controllers and the engineering workstation containing EcoStruxureTM Control.
• EcoStruxure Process Expert: Harden the workstation running EcoStruxure Process Expert.
• Modicon M340 CPU (part numbers BMXP34*): Set up an application password in the project properties.
• Modicon M340 CPU (part numbers BMXP34*): Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP.
• Modicon M340 CPU (part numbers BMXP34*): Set up a secure communication according to the following guideline “Modicon Controllers Platform Cyber Security Reference Manual,” in chapter “Set up secured communications”.
• Modicon M340 CPU (part numbers BMXP34*): Configure the access control list following the recommendations of the user manuals: Modicon M340 for Ethernet Communications Modules and Processors user manual in chapter “Messaging Configuration Parameters”.
• Modicon M340 CPU (part numbers BMXP34*): Consider the use of external firewall devices such as EAGLE40-07 from Belden to establish VPN connections for M340 & M580 architectures. For more details refer to Modicon Controllers Platform - Cyber Security, Reference Manual chapter “How to protect M580 and M340 architectures with EAGLE40 using VPN”.
• Modicon M580 CPU (part numbers BMEP* and BMEH*): Set up an application password in the project properties.
• Modicon M580 CPU (part numbers BMEP* and BMEH*): Set up network segmentation and implement a firewall to block all unauthorized access to port 502/TCP.
• Modicon M580 CPU (part numbers BMEP* and BMEH*): Configure the access control list following the recommendations of the user manuals: Modicon M580, Hardware, Reference Manual.
• Modicon M580 CPU (part numbers BMEP* and BMEH*): Setup a secure communication following recommended guidelines in Modicon Controllers Platform - Cyber Security Reference Manual chapter “Setup secured communications”.
• Modicon M580 CPU (part numbers BMEP* and BMEH*): Use a BMENUA0100 module and follow the instructions to configure IPSEC feature as described in M580 - BMENUA0100 OPC UA Embedded Module, Installation and Configuration Guide chapter “Configuring the BMENUA0100 Cybersecurity Settings”.

For more information, see Schneider Electric’s security advisory SEVD-2023-010-06.

Schneider Electric strongly recommends the following industry cybersecurity best practices:

• Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
• Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.
• Place all controllers in locked cabinets and never leave them in the “Program” mode.
• Never connect programming software to any network other than the network intended for that device.
• Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc., before use in the terminals or any node connected to these networks.
• Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.
• Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the internet.
• When remote access is required, use secure methods, such as virtual private networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
• For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities have been reported to CISA at this time. This vulnerability has a high attack complexity.

​Rockwell Automation Armor PowerFlex

1. EXECUTIVE SUMMARY

• ​CVSS v3 7.5
• ​ATTENTION: Exploitable remotely/low attack complexity
• ​Vendor: Rockwell Automation
• ​Equipment: Armor PowerFlex
• ​Vulnerability: Incorrect Calculation

2. RISK EVALUATION

​Successful exploitation of this vulnerability could allow an attacker to send an influx of network commands, causing the product to generate an influx of event log traffic at a high rate, resulting in the stop of normal operation.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

​The following Rockwell Automation products are affected:

• ​Armor PowerFlex: v1.003

3.2 VULNERABILITY OVERVIEW

3.2.1 ​INCORRECT CALCULATION CWE-682

​A vulnerability was discovered in Armor PowerFlex when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset. The error code would need to be cleared prior to resuming normal operations.

​CVE-2023-2423 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

3.3 BACKGROUND

• ​CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
• ​COUNTRIES/AREAS DEPLOYED: Worldwide
• ​COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

​Rockwell Automation reported this vulnerability to CISA.

4. MITIGATIONS

​Rockwell Automation recommends users apply the following mitigations:

• ​Update Armor PowerFlex to v2.001 or later
• ​Implement Rockwell Automation best security practices

​For more information, visit Rockwell Automation’s security bulletin.

​CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

• ​Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
• ​Locate control system networks and remote devices behind firewalls and isolate them from business networks.
• ​When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.

​CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

​CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

​Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

​Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

​No known public exploitation specifically targeting these vulnerabilities have been reported to CISA at this time.

US lawmaker says FBI notified him of email breach linked to Microsoft cloud hack

U.S. House lawmaker Rep. Don Bacon said the FBI warned him that China-backed hackers who used a stolen Microsoft key to raid the email accounts of senior U.S. government officials also accessed his email accounts. In a tweet, the Republican congressman from Nebraska said the FBI notified him on Monday that the Chinese government “hacked […]

Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics

The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors. Monti emerged in June 2022, weeks after the Conti ransomware group shut down its operations, deliberately imitating the tactics and tools associated with the latter, including its leaked source code. Not anymore.

Indicators of Compromise Scanner for Citrix ADC Zero-Day (CVE-2023-3519)

Mandiant recently published a blog post about the compromise of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Appliances related to the zero-day vulnerability tracked as CVE-2023-3519. CVE-2023-3519 is a zero-day vulnerability that can enable remote code execution, and has been observed being exploited in the wild by a threat actor consistent with a China-nexus based on known capabilities and history of targeting Citrix ADCs. Recently, proof-of-concepts to exploit this vulnerability have been publicly posted.

Today we are releasing a tool to help

How & Why Cybercriminals Fabricate Data Leaks

A closer look at the nature of fake leaks can provide guidance on how to effectively mitigate associated risks.

New Gigabud Android RAT Bypasses 2FA, Targets Financial Orgs

By Habiba Rashid

Emergence of Gigabud Banking Trojan Threatens Financial Institutions Globally.

This is a post from HackRead.com Read the original post: New Gigabud Android RAT Bypasses 2FA, Targets Financial Orgs

CISO Conversations: CISOs in Cloud-based Services Discuss the Process of Leadership

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

The post CISO Conversations: CISOs in Cloud-based Services Discuss the Process of Leadership appeared first on SecurityWeek.

Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report

The just-released BlackBerry Global Threat Intelligence Report reveals a 40% increase in cyberattacks against government and public service organizations versus the previous quarter. This includes public transit, utilities, schools, and other government services we rely on daily. With limited resources and often immature cyber defense programs, these publicly funded organizations are struggling

Hacker Forum Credentials Found on 120,000 PCs Infected With Info-Stealer Malware

Hudson Rock security researchers have identified credentials for hacker forums on roughly 120,000 computers infected with information stealers.

The post Hacker Forum Credentials Found on 120,000 PCs Infected With Info-Stealer Malware appeared first on SecurityWeek.

Zoom Can Spy on Your Calls and Use the Conversation to Train AI, But Says That It Won’t

This is why we need regulation:

Zoom updated its Terms of Service in March, spelling out that the company reserves the right to train AI on user data with no mention of a way to opt out. On Monday, the company said in a blog post that there’s no need to worry about that. Zoom execs swear the company won’t actually train its AI on your video calls without permission, even though the Terms of Service still say it can.

Of course, these are Terms of Service. They can change at any time. Zoom can renege on its promise at any time. There are no rules, only the whims of the company as it tries to maximize its profits.

It’s a stupid way to run a technological revolution. We should not have to rely on the benevolence of for-profit corporations to protect our rights. It’s not their job, and it shouldn’t be.

1.5 Million Impacted by Ransomware Attack at Canadian Dental Service

The personal information of 1.5 million individuals was compromised in a ransomware attack at Alberta Dental Service Corporation (ADSC).

The post 1.5 Million Impacted by Ransomware Attack at Canadian Dental Service appeared first on SecurityWeek.

SecureWorks Laying Off 15% of Employees

Threat detection and response firm SecureWorks is laying off 15% of its staff (roughly 300 people) in the second round of firings this year.

The post SecureWorks Laying Off 15% of Employees appeared first on SecurityWeek.

Gigabud RAT Android Banking Malware Targets Institutions Across Countries

Account holders of over numerous financial institutions in Thailand, Indonesia, Vietnam, the Philippines, and Peru are being targeted by an Android banking malware called Gigabud RAT. "One of Gigabud RAT's unique features is that it doesn't execute any malicious actions until the user is authorized into the malicious application by a fraudster, [...] which makes it harder to detect," Group-IB

Twitter/X Asks Court to Dismiss $250m+ Music Piracy Lawsuit

Elon Musk's X, formerly known as Twitter, has submitted a motion to dismiss a copyright infringement lawsuit filed by several prominent music labels earlier this year. With a potential quarter billion dollars in damages at stake, X argues that the liability claims are insufficient to state a proper copyright infringement claim.

From: TF, for the latest news on copyright battles, piracy and more.

AMD issued the second patch to fix “Division by zero” vulnerability in AMD Zen 1

Of late, Intel and AMD’s processors have been awash with declarations concerning security vulnerabilities, undoubtedly proving vexing for research professionals. Intel grapples with the security quandaries of its Sapphire Rapids-MCC and the “Downfall” vulnerabilities...

The post AMD issued the second patch to fix “Division by zero” vulnerability in AMD Zen 1 appeared first on Penetration Testing.