Cryptomining and Malware Flourish on Misconfigured Kubernetes Clusters

By Habiba Rashid

Aquasec Investigation Exposes Alarming Rise in Kubernetes Misconfigurations Leading to Catastrophic Breaches.

This is a post from HackRead.com Read the original post: Cryptomining and Malware Flourish on Misconfigured Kubernetes Clusters

Horizon3.ai Raises $40 Million to Expand Automated Pentesting Platform

Horizon3.ai, a provider of autonomous security testing solutions, raised $40 million through a Series C funding round.

The post Horizon3.ai Raises $40 Million to Expand Automated Pentesting Platform appeared first on SecurityWeek.

Protection is No Longer Straightforward – Why More Cybersecurity Solutions Must Incorporate Context

Context helps complete the picture and results in actionable intelligence that security teams can use to make informed decisions more quickly.

The post Protection is No Longer Straightforward – Why More Cybersecurity Solutions Must Incorporate Context appeared first on SecurityWeek.

QakBot Malware Operators Expand C2 Network with 15 New Servers

The operators associated with the QakBot (aka QBot) malware have set up 15 new command-and-control (C2) servers as of late June 2023. The findings are a continuation of the malware's infrastructure analysis from Team Cymru, and arrive a little over two months after Lumen Black Lotus Labs revealed that 25% of its C2 servers are only active for a single day. "QakBot has a history of taking an

UK Electoral Commission data breach exposes 8 years of voter data

The UK Electoral Commission disclosed a massive data breach exposing the personal information of anyone who registered to vote in the United Kingdom between 2014 and 2022.

The disclosure comes ten months after the Commission first detected the breach and two years after the initial breach occurred, raising questions about why it took so long to report the incident to the public.

In the "public notification of cyber-attack," the Commission says they first detected the attack in October 2022 but since learned that threat actors breached their systems much earlier, in August 2021.

As part of this cyberattack, the threat actors accessed the government agency's servers holding its email, control systems, and copies of electoral registers.

"They were able to access reference copies of the electoral registers, held by the Commission for research purposes and to enable permissibility checks on political donations," warns the data breach notification.

"The registers held at the time of the cyber-attack include the name and address of anyone in the UK who registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters."

However, the exposed election registers did not contain the personal information of those who registered anonymously.

The Electoral Commission says the exposed voter information includes:

• Personal data contained in email system of the Commission:
  • Name, first name and surname.
  • Email addresses (personal and/or business).
  • Home address if included in a webform or email.
  • Contact telephone number (personal and/or business).
  • Content of the webform and email that may contain personal data.
  • Any personal images sent to the Commission.
• Personal data contained in Electoral Register entries:
  • Name, first name and surname
  • Home address in register entries
  • Date on which a person achieves voting age that year.

During the attack, the threat actors had access to the Commission's email server, exposing any internal and external communications with the agency.

The Commission says that the cyberattack had no impact on any elections or an individual's voter registration.

The agency is downplaying the attack stating that no voter registration was modified and that "much of it is already in the public domain."

However, only a voter's name and address are publicly available in the UK open register. The other exposed information, such as phone numbers and email addresses, can be valuable for threat actors who can use it in more targeted phishing attacks or identity theft.

Therefore, all UK voters should be on the lookout for targeted phishing emails attempting to gather further sensitive information, such as passwords, account numbers, or financial information.

If you receive suspicious emails, do not click on any links; instead, contact the alleged organization via phone to confirm the email's authenticity.

Rubrik acquires Laminar for up to $250M to expand in data security across public clouds

Cybersecurity startups, in particular those hatched in Israel, have been getting scooped up a rapid pace by larger tech companies looking to bolt on new capabilities to address business customers’ growing security needs as they adopt new technologies themselves. In the latest development, Rubrik, a cloud data management company, is buying Laminar — a specialist […]

What is commercial spyware?

As the victims of commercial spyware are highly targeted individuals, the sobering truth is that some attackers have the means to be able to spend six figures to compromise a single target.

RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale

RedHotel (formerly tracked as TAG-22) is one of the most prominent, active, Chinese state-sponsored threat activity groups tracked by Recorded Future’s Insikt Group.

Identity-Based Attacks Soared in Past Year: Report

Identity-based attacks have soared in the past year, according to CrowdStrike’s 2023 Threat Hunting Report.

The post Identity-Based Attacks Soared in Past Year: Report appeared first on SecurityWeek.

Hackers Abusing Cloudflare Tunnels for Covert Communications

New research has revealed that threat actors are abusing Cloudflare Tunnels to establish covert communication channels from compromised hosts and retain persistent access. "Cloudflared is functionally very similar to ngrok," Nic Finn, a senior threat intelligence analyst at GuidePoint Security, said. "However, Cloudflared differs from ngrok in that it provides a lot more usability for free,

Password Management and Authentication Best Practices

Attackers are always looking for new ways to crack passwords and gain access to sensitive information. Keeping passwords secure is a challenging, yet critical task. Read this blog to learn several best practices for password management and authentication so you can keep your environment safe.

It’s no secret that attackers are constantly looking for new ways to gain unauthorized access to accounts. To that end, attackers aggressively target systems for managing and resetting passwords and for user management – especially user registration – and authentication. . In fact, according to the most recent Verizon Data Breach Investigations report roughly 49% of breaches involved the use of stolen credentials. A security mistake in any of these password- and user-management steps can leave the door open for an attacker and cause disastrous consequences.

While there are many tactics to safeguard credentials and keep your environment safe, we’ve called out three key tactics below.

Use a strong hashing algorithm

Hashing is the process that transforms a user's plain-text password into a complex and unique password. The hashing process applies a mathematical formula, known as a hashing algorithm, to the password, generating a random, fixed-length value that is then stored in the organization's database. The result is like a unique fingerprint, called the digest, that cannot be reverse-engineered to uncover the original password. The next time you log in, the website computes the hash in the same manner and compares it to the stored value. If they match, you’re granted access to the account.

To protect passwords, we suggest using a strong algorithm such as Bcrypt or Argon2. In addition, organizations should always “season” passwords with salt and pepper. Salting is a randomly generated string added to each hashed password. For additional security you can also add some pepper (another random string that is added to a password before hashing) to the same hashing algorithm. Passwords should always be salted prior to hashing them. For more information about this process, read our new “Password, Authentication & Web Best Practices” whitepaper.

Implement multi-factor authentication (MFA)

User and password authentication is a fundamental, widely used method for authenticating users trying to access digital systems. It requires a user to present a combination of two or more credentials to verify their identity before logging into an account. This means that unauthorized users would have to compromise more than one credential to gain access.

There are multiple methods for implementing MFA, such as authenticating with a unique link; a time-based, single-use password; and text message, email or push notifications. The best method of implementation will vary depending on the unique needs of the organization. Regardless of the method you choose, implementing MFA will add an extra layer of protection to help protect user credentials.

Create a firm password policy

Finally, let’s take it back to the basics. Organizations should create policies that require the use of strong passwords. This is one of the first lines of defense your organization has. There are many important requirements for creating a strong password policy, but we highlight two below.

First, prohibit the use of weak passwords and the continued use of default credentials (such as a username and password combination that’s “admin/admin”). For more tips on strong passwords, check out this Cybersecurty and Infrastructure Security Agency (CISA) blog.

Second, while users must ensure they use strong passwords, application architects and developers should use safe approaches when dealing with user credentials. For example, they can eliminate the use of hard-coded secrets. Also called embedded passwords or hard-coded passwords, these are plain-text passwords or sensitive information such as encryption or API keys, that are embedded directly in source code and that, if exposed, can allow attackers to bypass authentication. For more information on hard-coded secrets, check out this article from OWASP.

To get a lot more details about this topic, download our free white paper “Password, Authentication & Web Best Practices Whitepaper.”

Electoral Commission hack exposed data of 40 million UK voters

The personal information of approximately 40 million U.K. voters was exposed to hackers for more than a year after the Electoral Commission fell victim to a “complex cyberattack”. The Electoral Commission, the watchdog responsible for overseeing elections in the U.K., said in a statement on Wednesday that it first identified suspicious activity on its network […]

ICS Patch Tuesday: Siemens Fixes 7 Vulnerabilities in Ruggedcom Products

ICS Patch Tuesday: Siemens releases a dozen advisories covering over 30 vulnerabilities, but Schneider Electric has only published one advisory.

The post ICS Patch Tuesday: Siemens Fixes 7 Vulnerabilities in Ruggedcom Products appeared first on SecurityWeek.

Dark Reading News Desk: Live at Black Hat USA 2023

On Wed Aug 9, Dark Reading News Desk will return to Black Hat USA 2023.

Horizon3 secures $40M to expand its pen testing platform

Cybersecurity funding is falling after enjoying impressive heights in the last few years. According to Crunchbase, VC financing for security declined to just over $1.6 billion in Q2 2023, marking a 63% drop compared to the same quarter last year — when startups landed nearly $4.3 billion. But that’s not to suggest deals have dried […]

Lead YouTube Content-ID Scammer Requests Reduced Prison Sentence

By masquerading as legitimate music rightsholders, two men managed to extract over $23 million in revenue from YouTube's Content ID system. Both were arrested and pleaded guilty. The first defendant was previously sentenced to 70 months in prison. The second defendant, who reportedly initiated the scheme, now requests a lower 46-month term, promising to stay out of trouble.

From: TF, for the latest news on copyright battles, piracy and more.

UK Think Tank Proposes Greater Ransomware Reporting From Cyberinsurance to Government

The Royal United Services Institute (RUSI) examined the relationship between cyberinsurance and ransomware, and proposes greater reporting from victims to government, enforced through insurance policies.

The post UK Think Tank Proposes Greater Ransomware Reporting From Cyberinsurance to Government appeared first on SecurityWeek.

You Can’t Rush Post-Quantum-Computing Cryptography Standards

I just read an article complaining that NIST is taking too long in finalizing its post-quantum-computing cryptography standards.

This process has been going on since 2016, and since that time there has been a huge increase in quantum technology and an equally large increase in quantum understanding and interest. Yet seven years later, we have only four algorithms, although last week NIST announced that a number of other candidates are under consideration, a process that is expected to take “several years.

The delay in developing quantum-resistant algorithms is especially troubling given the time it will take to get those products to market. It generally takes four to six years with a new standard for a vendor to develop an ASIC to implement the standard, and it then takes time for the vendor to get the product validated, which seems to be taking a troubling amount of time.

Yes, the process will take several years, and you really don’t want to rush it. I wrote this last year:

Ian Cassels, British mathematician and World War II cryptanalyst, once said that “cryptography is a mixture of mathematics and muddle, and without the muddle the mathematics can be used against you.” This mixture is particularly difficult to achieve with public-key algorithms, which rely on the mathematics for their security in a way that symmetric algorithms do not. We got lucky with RSA and related algorithms: their mathematics hinge on the problem of factoring, which turned out to be robustly difficult. Post-quantum algorithms rely on other mathematical disciplines and problems­—code-based cryptography, hash-based cryptography, lattice-based cryptography, multivariate cryptography, and so on­—whose mathematics are both more complicated and less well-understood. We’re seeing these breaks because those core mathematical problems aren’t nearly as well-studied as factoring is.

[…]

As the new cryptanalytic results demonstrate, we’re still learning a lot about how to turn hard mathematical problems into public-key cryptosystems. We have too much math and an inability to add more muddle, and that results in algorithms that are vulnerable to advances in mathematics. More cryptanalytic results are coming, and more algorithms are going to be broken.

As to the long time it takes to get new encryption products to market, work on shortening it:

The moral is the need for cryptographic agility. It’s not enough to implement a single standard; it’s vital that our systems be able to easily swap in new algorithms when required.

Whatever NIST comes up with, expect that it will get broken sooner than we all want. It’s the nature of these trap-door functions we’re using for public-key cryptography.

Black Hat Preview: The Business of Cyber Takes Center Stage

News Analysis: The cybersecurity industry heads to Las Vegas this week for Black Hat in a state of economic contraction, confusion and excitement. Can the promise of AI overcome the hype cycle to truly solve security problems?

The post Black Hat Preview: The Business of Cyber Takes Center Stage appeared first on SecurityWeek.

Q2 2023 Cyber Attacks Statistics

I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...

Understanding Active Directory Attack Paths to Improve Security

Introduced in 1999, Microsoft Active Directory is the default identity and access management service in Windows networks, responsible for assigning and enforcing security policies for all network endpoints. With it, users can access various resources across networks. As things tend to do, times, they are a'changin' – and a few years back, Microsoft introduced Azure Active Directory, the

S4UTomato: Escalate Service Account To LocalSystem via Kerberos

S4UTomato Escalate Service Account To LocalSystem via Kerberos. Traditional Potatoes Friends familiar with the “Potato” series of privilege escalation should know that it can elevate service account privileges to local system privileges. The early...

The post S4UTomato: Escalate Service Account To LocalSystem via Kerberos appeared first on Penetration Testing.

New Yashma Ransomware Variant Targets Multiple English-Speaking Countries

An unknown threat actor is using a variant of the Yashma ransomware to target various entities in English-speaking countries, Bulgaria, China, and Vietnam at least since June 4, 2023. Cisco Talos, in a new write-up, attributed the operation with moderate confidence to an adversary of likely Vietnamese origin. "The threat actor uses an uncommon technique to deliver the ransom note," security

Microsoft Shares Guidance and Resources for AI Red Teams

Microsoft has shared guidance and resources from its AI Red Team program to help organizations and individuals with AI security.

The post Microsoft Shares Guidance and Resources for AI Red Teams appeared first on SecurityWeek.

CVE_Prioritizer: Streamline vulnerability patching with CVSS, EPSS, and CISA’s Known Exploited Vulnerabilities

CVE Prioritizer Tool CVE_Prioritizer is a powerful tool that helps you prioritize vulnerability patching by combining CVSS, EPSS, and CISA’s Known Exploited Vulnerabilities. It provides valuable insights into the likelihood of exploitation and the potential impact of...

The post CVE_Prioritizer: Streamline vulnerability patching with CVSS, EPSS, and CISA’s Known Exploited Vulnerabilities appeared first on Penetration Testing.