One smishing message raised suspicions due to its peculiar language, suggesting the involvement of a non-native English speaker or reliance on translation services.
The investigation further traced a domain marked with a high-risk score, leading to the discovery of 163 related domains associated with email address.
A surge in these practices targeting the US Postal Service, means that the cybercriminals are increasingly targeting this institution, possibly due to its large customer base and the valuable information that could be obtained.
Deeper exploration revealed a Facebook account connected to one of these email addresses, shedding light on the potential identity of the threat actor – a suspected Iranian national residing and working in Tehran. This discovery aligns with the initial observation that the smishing campaign’s lure text likely wasn’t authored by a native English speaker.
My take in this article will be individuals ,employees ,should be educated about these types of scams, how to recognize them, and what to do if they receive a suspicious email or text. The US Postal Service should also take steps to secure their systems and customer information, and work with law enforcement to track down and prosecute the perpetrators of these scams.
To tackle phishing and smishing being a human-focused cyberattack, in addition to the measures suggested, it is important to address this with dynamic user security education and awareness programs as well as improved email filters in the configurations done, review of access controls to customer and confidential data as well.
Chinese hackers dubbed as BlackTech have been able to hack into Cisco network devices through firmware implants into US and Japan-owned corporate networks. The NSA, FBI, CISA and Japan’s NISC shared an advisory to present this observation, as the BlackTech company being an APT gains stealth access through routers in branch offices to leverage the connection, abusing the trusted relationship of the branch routers within the corporate network being targeted, and then using the exposed or stolen privileged credentials to gain entry and foothold.
The elevated privileges gained by the hackers on the router were used to replace the firmware via command-line execution, the malicious firmware establishes persistent backdoor access and obfuscates future malicious activity. In the observed attacks, the modified firmware used a built-in SSH backdoor that allowed BlackTech actors to maintain access to the compromised router without any connections being logged. “BlackTech cyber actors often modify the firmware to hide their activity across the edge devices to further maintain persistence in the network,” as reported by the agencies.
To address this, the agencies have recommended that Cisco pay more attention to the network infrastructure supply chain and not just use the patching of identified bugs to reduce CVSS scores of vulnerabilities thereby diverting patching urgency and attention as threat actors are leveraging these vulnerabilities in their attacks.
https://thehackernews.com/2023/09/cisco-warns-of-vulnerability-in-ios-and.html
Cisco came out with a warning about an attempted exploitation of a security flaw in the IOS software and IOS XE software. With a successful exploit, the attacker can execute arbitrary code and gain full access to the affected systems or cause the system to reload. The attacker would have to have administrative control of either a group member or a key server to execute the code on an affected device or cause the device to crash. An internal investigation and source code audit was initiated after an attempted exploitation of the GET VPN feature which led to the discovery of the vulnerability. The company concluded that five flaws could allow the attacker to gain access to an affected instance or denial of service condition on an affected system. The attacker could gain unauthorized access to the application as an arbitrary user by bypassing authorization and rollback controller configurations. Access a database of the affected system and access another tenant managed by the same instance which could cause a crash.
New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software
URL: https://thehackernews.com/2023/09/new-zenrat-malware-targeting-windows.html
A new malware strain called ZenRAT is being distributed via fake Bitwarden password manager installation packages. Targeting Windows users, the malware redirects users on other systems to benign web pages. ZenRAT is a modular remote access trojan (RAT) capable of stealing information. It masquerades as a Bitwarden installer but contains a malicious .NET executable. Users on non-Windows systems are redirected to an old opensource.com article about managing passwords with Bitwarden, while Windows users redirected to genuine Bitwarden links. The malware gathers host details and sends them to a command-and-control server. ZenRAT’s logs are transmitted in plaintext, showcasing its modular capabilities. To mitigate such threats, users are advised to download software from trusted sources and verify website authenticity. Additionally, similar attacks, like Lumma Stealer and Stealc, have been observed targeting various industries, emphasizing the prevalence of drive-by download methods in spreading malware.
There was a fire at a Proximus data center in Belgium. This caused emergency phone numbers to stop working for a short time.The Belgian Police said numbers 112, 101, and 100 didn’t work for a while.
Numbers 112 (for firefighters and ambulances) and 101 (for police) were down for about half an hour on a Wednesday morning. The fire started in a Proximus building in Brussels around 9 am. People working there had to leave quickly. Things went back to normal by 10:30 am.
Belgium’s emergency center set up other numbers for people to call during this time. Proximus is still trying to find out why this happened. Proximus has other buildings in Brussels where they keep data and offer IT services.
https://www.infosecurity-magazine.com/news/half-report-increase-in/
According to a research by ISACA, over half (52%) of cybersecurity professionals have seen an increase in cyber-attacks compared to the previous year. However, less than one in ten (8%) organizations conduct monthly cyber risk assessments, while two in five (40%) do so annually. This infrequent assessment increases vulnerability to attacks and the risk of undetected breaches.
The study also highlights a global shortfall of 3.4 million in the cybersecurity workforce, with 62% of respondents reporting understaffed cybersecurity teams. This shortage contributes to irregular measurement and testing of cyber defenses.
Interestingly, 39% of organizations with vacant cybersecurity roles are looking to fill entry-level positions that don’t require experience or credentials. Yet, typically 44% of organizations require a university degree for such positions.
While some organisations believe the investments made in cybersecurity tools and solutions would automatically solve and clear away all risks and data breaches, we have seen over and over that this is an incorrect approach to security assurance.
An issue I have observed is a lot of organisations do not know how to define the metrics for cybersecurity performance hence, they seem unsatisfied in the state of the state of cybersecurity within.
https://www.securityweek.com/us-executives-targeted-in-phishing-attacks-exploiting-flaw-in-indeed-job-platform/
Cybersecurity firm Menlo Security has issued a warning about a recent phishing campaign targeting senior executives that exploited an open redirection vulnerability in the popular job search platform, Indeed. This campaign, which began in July 2023, primarily focused on C-suite employees and executives in various industries, especially banking, financial services, insurance, property management, real estate, and manufacturing sectors in the United States. The attackers sent phishing emails containing links that appeared to lead to Indeed’s website but redirected victims to a fake Microsoft login page using the EvilProxy phishing framework. This page intercepted victims’ credentials and session cookies, allowing attackers to impersonate victims and potentially access their Microsoft accounts, even bypassing some multi-factor authentication mechanisms. Menlo Security has reported the issue to Indeed, but it is unclear whether the website has addressed it. This incident underscores the risks associated with open redirection vulnerabilities in widely used websites and the potential for broader threats, including Business Email Compromise, leading to identity theft, intellectual property theft, and significant financial losses—a tactic reminiscent of a similar campaign reported by Proofpoint.
Spear phishing and business email compromise are some top-rated successful phishing attacks due to their more sophisticated approach. It is rather unfortunate that some top-level executives would approve the investment in user security awareness and education training but would not participate in them.
In July 2020 Twitter faced a cybersecurity issue. Some known accounts, like Barack Obama, Joe Biden, Elon Musk and Bill Gates were accessed without permission. The unauthorized individuals used these accounts to post tweets promoting a Bitcoin scam by promising to double any Bitcoin transferred to an address. Interestingly the breach occurred due to targeted phishing attacks aimed at Twitter employees.
In response to this incident Twitter took measures. They secured the compromised accounts removed the misleading tweets and temporarily limited features for users. However the attackers managed to acquire than $100,000 in Bitcoin before these actions could fully take effect. An investigation followed leading to the apprehension of some individuals. This event serves as a reminder to cybersecurity students about the importance of updating and refining security protocols – even, for industry leaders.
Celinemary Turner says
Phishing, Smishing Surge Targets US Postal Service
https://www.infosecurity-magazine.com/news/phishing-smishing-surge-targets-
Recent weeks have witnessed a significant increase in cyber-attacks targeting the US Postal Service (USPS), mainly through phishing and smishing campaigns.
One smishing message raised suspicions due to its peculiar language, suggesting the involvement of a non-native English speaker or reliance on translation services.
The investigation further traced a domain marked with a high-risk score, leading to the discovery of 163 related domains associated with email address.
A surge in these practices targeting the US Postal Service, means that the cybercriminals are increasingly targeting this institution, possibly due to its large customer base and the valuable information that could be obtained.
Deeper exploration revealed a Facebook account connected to one of these email addresses, shedding light on the potential identity of the threat actor – a suspected Iranian national residing and working in Tehran. This discovery aligns with the initial observation that the smishing campaign’s lure text likely wasn’t authored by a native English speaker.
My take in this article will be individuals ,employees ,should be educated about these types of scams, how to recognize them, and what to do if they receive a suspicious email or text. The US Postal Service should also take steps to secure their systems and customer information, and work with law enforcement to track down and prosecute the perpetrators of these scams.
Ooreofeoluwa Koyejo says
To tackle phishing and smishing being a human-focused cyberattack, in addition to the measures suggested, it is important to address this with dynamic user security education and awareness programs as well as improved email filters in the configurations done, review of access controls to customer and confidential data as well.
Ooreofeoluwa Koyejo says
Chinese Hackers ‘BlackTech’ Exploiting Firmware on Cisco Network Devices
https://therecord.media/us-japan-say-chinese-hackers-routers
https://www.securityweek.com/chinese-gov-hackers-caught-hiding-in-cisco-router-firmware/
Chinese hackers dubbed as BlackTech have been able to hack into Cisco network devices through firmware implants into US and Japan-owned corporate networks. The NSA, FBI, CISA and Japan’s NISC shared an advisory to present this observation, as the BlackTech company being an APT gains stealth access through routers in branch offices to leverage the connection, abusing the trusted relationship of the branch routers within the corporate network being targeted, and then using the exposed or stolen privileged credentials to gain entry and foothold.
The elevated privileges gained by the hackers on the router were used to replace the firmware via command-line execution, the malicious firmware establishes persistent backdoor access and obfuscates future malicious activity. In the observed attacks, the modified firmware used a built-in SSH backdoor that allowed BlackTech actors to maintain access to the compromised router without any connections being logged. “BlackTech cyber actors often modify the firmware to hide their activity across the edge devices to further maintain persistence in the network,” as reported by the agencies.
To address this, the agencies have recommended that Cisco pay more attention to the network infrastructure supply chain and not just use the patching of identified bugs to reduce CVSS scores of vulnerabilities thereby diverting patching urgency and attention as threat actors are leveraging these vulnerabilities in their attacks.
Jon Stillwagon says
https://thehackernews.com/2023/09/cisco-warns-of-vulnerability-in-ios-and.html
Cisco came out with a warning about an attempted exploitation of a security flaw in the IOS software and IOS XE software. With a successful exploit, the attacker can execute arbitrary code and gain full access to the affected systems or cause the system to reload. The attacker would have to have administrative control of either a group member or a key server to execute the code on an affected device or cause the device to crash. An internal investigation and source code audit was initiated after an attempted exploitation of the GET VPN feature which led to the discovery of the vulnerability. The company concluded that five flaws could allow the attacker to gain access to an affected instance or denial of service condition on an affected system. The attacker could gain unauthorized access to the application as an arbitrary user by bypassing authorization and rollback controller configurations. Access a database of the affected system and access another tenant managed by the same instance which could cause a crash.
Nicholas Nirenberg says
New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software
URL: https://thehackernews.com/2023/09/new-zenrat-malware-targeting-windows.html
A new malware strain called ZenRAT is being distributed via fake Bitwarden password manager installation packages. Targeting Windows users, the malware redirects users on other systems to benign web pages. ZenRAT is a modular remote access trojan (RAT) capable of stealing information. It masquerades as a Bitwarden installer but contains a malicious .NET executable. Users on non-Windows systems are redirected to an old opensource.com article about managing passwords with Bitwarden, while Windows users redirected to genuine Bitwarden links. The malware gathers host details and sends them to a command-and-control server. ZenRAT’s logs are transmitted in plaintext, showcasing its modular capabilities. To mitigate such threats, users are advised to download software from trusted sources and verify website authenticity. Additionally, similar attacks, like Lumma Stealer and Stealc, have been observed targeting various industries, emphasizing the prevalence of drive-by download methods in spreading malware.
Eyup Aslanbay says
There was a fire at a Proximus data center in Belgium. This caused emergency phone numbers to stop working for a short time.The Belgian Police said numbers 112, 101, and 100 didn’t work for a while.
Numbers 112 (for firefighters and ambulances) and 101 (for police) were down for about half an hour on a Wednesday morning. The fire started in a Proximus building in Brussels around 9 am. People working there had to leave quickly. Things went back to normal by 10:30 am.
Belgium’s emergency center set up other numbers for people to call during this time. Proximus is still trying to find out why this happened. Proximus has other buildings in Brussels where they keep data and offer IT services.
https://www.datacenterdynamics.com/en/news/fire-in-proximus-data-center-knocks-belgian-emergency-services-numbers-offline/
Bo Wang says
https://www.infosecurity-magazine.com/news/half-report-increase-in/
According to a research by ISACA, over half (52%) of cybersecurity professionals have seen an increase in cyber-attacks compared to the previous year. However, less than one in ten (8%) organizations conduct monthly cyber risk assessments, while two in five (40%) do so annually. This infrequent assessment increases vulnerability to attacks and the risk of undetected breaches.
The study also highlights a global shortfall of 3.4 million in the cybersecurity workforce, with 62% of respondents reporting understaffed cybersecurity teams. This shortage contributes to irregular measurement and testing of cyber defenses.
Interestingly, 39% of organizations with vacant cybersecurity roles are looking to fill entry-level positions that don’t require experience or credentials. Yet, typically 44% of organizations require a university degree for such positions.
Ooreofeoluwa Koyejo says
While some organisations believe the investments made in cybersecurity tools and solutions would automatically solve and clear away all risks and data breaches, we have seen over and over that this is an incorrect approach to security assurance.
An issue I have observed is a lot of organisations do not know how to define the metrics for cybersecurity performance hence, they seem unsatisfied in the state of the state of cybersecurity within.
Edge Kroll says
https://www.securityweek.com/us-executives-targeted-in-phishing-attacks-exploiting-flaw-in-indeed-job-platform/
Cybersecurity firm Menlo Security has issued a warning about a recent phishing campaign targeting senior executives that exploited an open redirection vulnerability in the popular job search platform, Indeed. This campaign, which began in July 2023, primarily focused on C-suite employees and executives in various industries, especially banking, financial services, insurance, property management, real estate, and manufacturing sectors in the United States. The attackers sent phishing emails containing links that appeared to lead to Indeed’s website but redirected victims to a fake Microsoft login page using the EvilProxy phishing framework. This page intercepted victims’ credentials and session cookies, allowing attackers to impersonate victims and potentially access their Microsoft accounts, even bypassing some multi-factor authentication mechanisms. Menlo Security has reported the issue to Indeed, but it is unclear whether the website has addressed it. This incident underscores the risks associated with open redirection vulnerabilities in widely used websites and the potential for broader threats, including Business Email Compromise, leading to identity theft, intellectual property theft, and significant financial losses—a tactic reminiscent of a similar campaign reported by Proofpoint.
Ooreofeoluwa Koyejo says
Spear phishing and business email compromise are some top-rated successful phishing attacks due to their more sophisticated approach. It is rather unfortunate that some top-level executives would approve the investment in user security awareness and education training but would not participate in them.
Yannick Rugamba says
High-profile Twitter accounts hacked in crypto scam
https://techcrunch.com/2020/07/15/twitter-accounts-hacked-crypto-scam/
In July 2020 Twitter faced a cybersecurity issue. Some known accounts, like Barack Obama, Joe Biden, Elon Musk and Bill Gates were accessed without permission. The unauthorized individuals used these accounts to post tweets promoting a Bitcoin scam by promising to double any Bitcoin transferred to an address. Interestingly the breach occurred due to targeted phishing attacks aimed at Twitter employees.
In response to this incident Twitter took measures. They secured the compromised accounts removed the misleading tweets and temporarily limited features for users. However the attackers managed to acquire than $100,000 in Bitcoin before these actions could fully take effect. An investigation followed leading to the apprehension of some individuals. This event serves as a reminder to cybersecurity students about the importance of updating and refining security protocols – even, for industry leaders.
Hashem Alsharif says
https://www.securityweek.com/cisa-kicks-off-cybersecurity-awareness-month-with-new-program/
Cisa is introducing Secure Our World, an initiative to encourage businesses and individuals to protect their devices.