The following press release heralds Microsoft 365 Backup, a solution that changes the face of ransomware recovery for users of Microsoft 365. As ransomware attacks become much more threatening targeted and complex too does an urgent need for organizations to have strategies to recover from these attacks more quickly. Microsoft 365 Backup-along with its partners Offers business customers fast recovery times, restoring volumes of data at speeds of well over 1TB per hour. It embodies the huge paradigm shift in data protection, which will make it easier for businesses to bounce back from cyberattacks and ensure continuity.
What is interesting, though, is how that solution answers some of the meaningful challenges organizations have with ransomware: longer-than-desirable recoveries and possibly corrupted backups. With Microsoft’s highly scalable backup infrastructure and advanced recoveries from Veeam, businesses can be guaranteed swift and efficient recoveries in a secure way-finally setting a new standard in data resilience for today’s digital business.
Two months following a hack that resulted in the theft of over $230 million from Indian crypto exchange WazirX, the recovery of customer funds remains uncertain as the exchange and its custody provider, Liminal, dispute responsibility. Amid slow-moving internal investigations and legal actions from customers, including a $6.2 million claim from rival exchange CoinSwitch, WazirX has admitted that 43% of the funds are likely irrecoverable. Both Liminal and WazirX have conducted independent audits to show their systems were not compromised, while Binance, which WazirX claimed was responsible for repayments, denied any acquisition or control over the exchange. Meanwhile, the stolen funds continue to be moved, with recent activity including the transfer of $11.6 million in Ether, part of which was sent to the privacy-focused Tornado Cash platform. https://cointelegraph.com/news/indian-crypto-exchange-wazirx-funds-hack
US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities
In its fourth annual report on implementation, published on September 19, the US Cyberspace Solarium Commission 2.0 (CSC 2.0) has provided the incoming administration and Congress with a set of ten new cyber policy recommendations. https://www.infosecurity-magazine.com/news/us-cyberspace-solarium-cyber/
German law enforcement has apparently utilized timing analysis to deanonymize users of the Tor network, according to investigations by German media. Authorities entered Tor by maintaining their own servers, enabling them to follow data packets and identify users. This strategy was successfully applied in a case involving the “Boystown” darknet network, where an administrator was jailed after being identified via monitored Tor nodes. The Tor Project reacted, recognizing the claims but noting they had not received comprehensive technical specifics. While Tor is a major tool for online anonymity, concerns have been voiced that this approach might be exploited by authoritarian regimes to target journalists, opposition members, and whistleblowers.
Reinforcing IT Governance in the Face of Constant Threats
Infosec teams are met with challenging assignments in a cyber world that demands the protection of extensive information shared over systems. The average global data breach cost rose by 15% over the last three years, thus establishing stronger security measures and a defined IT system governance framework to protect the data in question, as the number of attacks also grows. A good understanding of an organization’s data from the types and volume to the storage and disposal is key to building a security infrastructure.
Exploring the IT governance plan requires a deep understanding of inspecting a company’s data and putting it in the right place with the growth objectives of the company, monitoring sensitive materials, and compliance with the rules and policies. Some of the steps suggested are discovery, control, and activation. In these stages, the process entails finding and marking the data, writing the automated policies, and collaborating with the colleagues responsible for the project.
It is through the application of tools and technologies that an organization can help secure the integrity of IT governance by automating tasks and minimizing risk.
A Tennessee school district lost $3 million in a Business Email Compromise (BEC) scam when attackers impersonated a contractor involved in a construction project. The scammers used phishing tactics to gain the trust of district officials and requested a change in payment details, leading to the unauthorized transfer of funds. The district reported the incident to law enforcement and is working to recover the lost money. This event highlights the vulnerability of educational institutions to sophisticated phishing schemes.
Combating Phishing Attacks Through Awareness and Simulation
Ever since the 2000s, phishing attacks have become more common because the blueprint for building and launching them have become easier. Little has changed in two decades, especially in how individuals present and deal with these attacks. However, as more awareness is brought to phishing attacks more tools are available to prevent and educate individuals. WHOIS is a domain registration tool that shows if a URL or link has a relationship to the web address, if there is no relationship then it’s a clear indication of a phishing attack. Simulating a phishing attack can help organizations train it’s employees on how to avoid it and detect it; making it an important step of Incident Response. Although phishing attacks have become more common, awareness and simulation can help combat these issues.
Meta announced it is postponing the training of its large language models using public content from adult Facebook and Instagram users in the EU.
Irish Data Protection Commission (DPC) request META to pause its plans to train its large language model using public content shared by adults on Facebook and Instagram across the EU/EEA. Meta added it is disappointed by request from the Irish Data Protection Commission (DPC), stating “its backwards for European innovation, competition in AI development and further delays bringing the benefits of AI to people in Europe.”
This Windows PowerShell Phish Has Scary Potential
This article describes a phishing campaign targeting GitHub project maintainers. The attackers send an email pretending to be from GitHub’s security team, warning about a vulnerability in their repository. The email directs users to a malicious site disguised as a CAPTCHA, where they are tricked into performing specific keypresses that trigger a PowerShell command to download Lumma Stealer malware. While this phishing attempt may not fool many technical users, it could be more successful against non-technical individuals. The article highlights the potential risk and the difficulty of restricting PowerShell to prevent such attacks.
In The News Article – Beyond the Code: Modern Cybersecurity Training for 2024
Brief Summary: The article discusses the shortcomings of the current security awareness training provided by cybersecurity leaders. It emphasizes that in 2023, 74 percent of all breaches involved human error, such as employees falling victim to social engineering attacks. These attacks involve information gathering, establishing relationships, exploitation, and execution, allowing cybercriminals to gain access or exploit vulnerabilities within the organization. The article suggests that the minimum compliance training requirements are enabling these attacks. It concludes that using experiential learning, such as role-play, interactive games and simulations to help employees better understand the psychology behind cybercriminal tactics can better prepare them to detect manipulative tactics in various security situations.
The Article recommended a popular role-playing game called Piece of Cake – the Social Engineering Security Awareness Tabletop Game. It allows the participants to play with manipulative tactics in different scenarios that address security challenges in a play way. It can be tailored to specific job functions; it claims that teams will understand through experiential learning why security training is relevant to them.
Snapchat wants to put your AI-generated face in its ads
This article discusses Snapchat’s new privacy policy update where they are asking your permission to use your AI generated face in its advertisements. A Snapchat spokesperson stated, “You are correct that our terms do reserve the right, in the future, to offer advertising based on My Selfies in which a Snap chatter can see themselves in a generated image delivered to them…As explained in the onboarding modal, Snap chatters have full control over this, and can turn this on and off in My Selfie Settings at any time.” However, according to the article, this “See my selfie in Ads” feature is on by default and the ability to turn it off is buried deep within Snapchat’s settings. This article is interesting because without the spread of this knowledge many Snapchat users would go unaware that they even agreed to this policy. It is important for companies to be transparent with the use of customer data and I do not believe Snapchat is being completely forthcoming with this update. Users of Snapchat should look closely at the new policy and decide for themselves if they are willing to agree to let their selfies be used for training artificial intelligence.
The recent hack on BingX, a Singapore-based cryptocurrency exchange, resulted in the theft of over $44 million worth of digital assets, primarily from its hot wallets. The breach was first identified when abnormal network activity was detected, prompting the platform to suspend withdrawals and initiate an emergency response. Blockchain security firms like PeckShield confirmed the extent of the hack, with stolen funds converted into Ethereum and Binance Coin (BNB). Despite the substantial losses, BingX has committed to fully compensating affected users with its own capital to ensure that their assets remain safe. The exchange has faced some criticism for its handling of the incident, especially around communication with its users, but it has reassured the public that operations will continue as normal after the wallet systems are strengthened https://securityaffairs.com/168703/cyber-crime/hackers-stole-44m-from-bingx.html
Whatsapp’s view once messages create a false sense of security for users. Users send a message as a view once thinking it means the message is gone after being viewed once, but the reality is the message is sent first to Whatsapps servers. The server then sends the message to all the receiver’s devices even the ones that are not meant to be able to view the message. This report was done by Zengo X research team that said ““The View Once media messages are technically the same as regular media messages, only with the “view once” flag set. Which means it’s the virtual equivalent of putting a note on the picture that says “don’t look.”” A web application can easily change the view once flag to “false”, and be able to see the message. Whatsapp said an update is coming soon and told users to only send message to “people they trust”.
Kaspersky Exits U.S., Automatically Replaces Software With UltraAV, Raising Concerns.
Antivirus vendor Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective September 19, 2024, ahead of its formal exit at the end of the month.
The Russian company, which was banned from selling its software in the U.S. due to national security concerns, said it “worked closely” with UltraAV to ensure that the standards of security and privacy were maintained after the switch.
Kaspersky antivirus customers received a software update facilitating the transition to UltraAV,” the company said in a post announcing the move on September 21. While Kaspersky issued a notice to customers detailing about the transition to UltraAV, it did not explicitly mention that the transition would be automatic. Does the transition to a new software bring in new risks along with it? Time shall tell.
This week’s article covers one of the largest phishing scams in US history. The phishing scam duped both Google and Facebook and totaled $100 million in losses between the companies. The scam worked by setting up a fake business and sending phishing emails to facebook and google employees. The fictitious company was pretending to be representatives from Qanta, a Taiwanese based corporation that regularly does business with Google and Facebook. The fictitious company then emailed fake invoices to the employees of Google and Facebook for multi-million dollar amounts. Evaldas Rimasauskas, a Lithuanian man, was the only culprit caught from the heist. He is facing up to 30 years in prison and was ordered to pay back roughly $50 million to Facebook. Rimasauskas stated that he was not the man behind the phishing attempts, and that his presence in the crime was to set up bank accounts for the stolen money to be wired to and from. Facebook has announced that they have recouped their losses and are pleased with the outcome of the trial. I found this article interesting because I had never heard of this phishing scam which, had it been successful, would be one of the largest successful phishing scams in US history.
Steven Lin says
The following press release heralds Microsoft 365 Backup, a solution that changes the face of ransomware recovery for users of Microsoft 365. As ransomware attacks become much more threatening targeted and complex too does an urgent need for organizations to have strategies to recover from these attacks more quickly. Microsoft 365 Backup-along with its partners Offers business customers fast recovery times, restoring volumes of data at speeds of well over 1TB per hour. It embodies the huge paradigm shift in data protection, which will make it easier for businesses to bounce back from cyberattacks and ensure continuity.
What is interesting, though, is how that solution answers some of the meaningful challenges organizations have with ransomware: longer-than-desirable recoveries and possibly corrupted backups. With Microsoft’s highly scalable backup infrastructure and advanced recoveries from Veeam, businesses can be guaranteed swift and efficient recoveries in a secure way-finally setting a new standard in data resilience for today’s digital business.
https://thehackernews.com/expert-insights/2024/09/the-microsoft-365-backup-game-just.html
Lili Zhang says
Two months following a hack that resulted in the theft of over $230 million from Indian crypto exchange WazirX, the recovery of customer funds remains uncertain as the exchange and its custody provider, Liminal, dispute responsibility. Amid slow-moving internal investigations and legal actions from customers, including a $6.2 million claim from rival exchange CoinSwitch, WazirX has admitted that 43% of the funds are likely irrecoverable. Both Liminal and WazirX have conducted independent audits to show their systems were not compromised, while Binance, which WazirX claimed was responsible for repayments, denied any acquisition or control over the exchange. Meanwhile, the stolen funds continue to be moved, with recent activity including the transfer of $11.6 million in Ether, part of which was sent to the privacy-focused Tornado Cash platform.
https://cointelegraph.com/news/indian-crypto-exchange-wazirx-funds-hack
Rohith says
US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities
In its fourth annual report on implementation, published on September 19, the US Cyberspace Solarium Commission 2.0 (CSC 2.0) has provided the incoming administration and Congress with a set of ten new cyber policy recommendations.
https://www.infosecurity-magazine.com/news/us-cyberspace-solarium-cyber/
Yash Mane says
German law enforcement has apparently utilized timing analysis to deanonymize users of the Tor network, according to investigations by German media. Authorities entered Tor by maintaining their own servers, enabling them to follow data packets and identify users. This strategy was successfully applied in a case involving the “Boystown” darknet network, where an administrator was jailed after being identified via monitored Tor nodes. The Tor Project reacted, recognizing the claims but noting they had not received comprehensive technical specifics. While Tor is a major tool for online anonymity, concerns have been voiced that this approach might be exploited by authoritarian regimes to target journalists, opposition members, and whistleblowers.
https://securityaffairs.com/168667/security/tor-project-commented-on-deanonymizing-technique.html
Daniel Akoto-Bamfo says
Reinforcing IT Governance in the Face of Constant Threats
Infosec teams are met with challenging assignments in a cyber world that demands the protection of extensive information shared over systems. The average global data breach cost rose by 15% over the last three years, thus establishing stronger security measures and a defined IT system governance framework to protect the data in question, as the number of attacks also grows. A good understanding of an organization’s data from the types and volume to the storage and disposal is key to building a security infrastructure.
Exploring the IT governance plan requires a deep understanding of inspecting a company’s data and putting it in the right place with the growth objectives of the company, monitoring sensitive materials, and compliance with the rules and policies. Some of the steps suggested are discovery, control, and activation. In these stages, the process entails finding and marking the data, writing the automated policies, and collaborating with the colleagues responsible for the project.
It is through the application of tools and technologies that an organization can help secure the integrity of IT governance by automating tasks and minimizing risk.
https://www.isaca.org/resources/news-and-trends/industry-news/2024/reinforcing-it-governance-in-the-face-of-constant-threats
Sara Sawant says
A Tennessee school district lost $3 million in a Business Email Compromise (BEC) scam when attackers impersonated a contractor involved in a construction project. The scammers used phishing tactics to gain the trust of district officials and requested a change in payment details, leading to the unauthorized transfer of funds. The district reported the incident to law enforcement and is working to recover the lost money. This event highlights the vulnerability of educational institutions to sophisticated phishing schemes.
https://therecord.media/tennessee-school-district-loses-3-million-bec-scam
Lily Li says
Combating Phishing Attacks Through Awareness and Simulation
Ever since the 2000s, phishing attacks have become more common because the blueprint for building and launching them have become easier. Little has changed in two decades, especially in how individuals present and deal with these attacks. However, as more awareness is brought to phishing attacks more tools are available to prevent and educate individuals. WHOIS is a domain registration tool that shows if a URL or link has a relationship to the web address, if there is no relationship then it’s a clear indication of a phishing attack. Simulating a phishing attack can help organizations train it’s employees on how to avoid it and detect it; making it an important step of Incident Response. Although phishing attacks have become more common, awareness and simulation can help combat these issues.
https://cybernews.com/security/combating-phishing-attacks/
Justin Chen says
Meta announced it is postponing the training of its large language models using public content from adult Facebook and Instagram users in the EU.
Irish Data Protection Commission (DPC) request META to pause its plans to train its large language model using public content shared by adults on Facebook and Instagram across the EU/EEA. Meta added it is disappointed by request from the Irish Data Protection Commission (DPC), stating “its backwards for European innovation, competition in AI development and further delays bringing the benefits of AI to people in Europe.”
https://securityaffairs.com/164652/laws-and-regulations/meta-postponing-training-llm-eu-data.html
Aaroush Bhanot says
This Windows PowerShell Phish Has Scary Potential
This article describes a phishing campaign targeting GitHub project maintainers. The attackers send an email pretending to be from GitHub’s security team, warning about a vulnerability in their repository. The email directs users to a malicious site disguised as a CAPTCHA, where they are tricked into performing specific keypresses that trigger a PowerShell command to download Lumma Stealer malware. While this phishing attempt may not fool many technical users, it could be more successful against non-technical individuals. The article highlights the potential risk and the difficulty of restricting PowerShell to prevent such attacks.
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=tldrinfosec
Jocque Sims says
In The News Article – Beyond the Code: Modern Cybersecurity Training for 2024
Brief Summary: The article discusses the shortcomings of the current security awareness training provided by cybersecurity leaders. It emphasizes that in 2023, 74 percent of all breaches involved human error, such as employees falling victim to social engineering attacks. These attacks involve information gathering, establishing relationships, exploitation, and execution, allowing cybercriminals to gain access or exploit vulnerabilities within the organization. The article suggests that the minimum compliance training requirements are enabling these attacks. It concludes that using experiential learning, such as role-play, interactive games and simulations to help employees better understand the psychology behind cybercriminal tactics can better prepare them to detect manipulative tactics in various security situations.
The Article recommended a popular role-playing game called Piece of Cake – the Social Engineering Security Awareness Tabletop Game. It allows the participants to play with manipulative tactics in different scenarios that address security challenges in a play way. It can be tailored to specific job functions; it claims that teams will understand through experiential learning why security training is relevant to them.
Works Cited
Puhze, C. (2024, May 30). Beyond the Code: Modern Cybersecurity Training for 2024.
Retrieved from Information Week: https://www.informationweek.com/cyber-resilience/beyond-the-code-modern-cybersecurity-training-for-2024#close-modal
Charles Lemon says
Snapchat wants to put your AI-generated face in its ads
This article discusses Snapchat’s new privacy policy update where they are asking your permission to use your AI generated face in its advertisements. A Snapchat spokesperson stated, “You are correct that our terms do reserve the right, in the future, to offer advertising based on My Selfies in which a Snap chatter can see themselves in a generated image delivered to them…As explained in the onboarding modal, Snap chatters have full control over this, and can turn this on and off in My Selfie Settings at any time.” However, according to the article, this “See my selfie in Ads” feature is on by default and the ability to turn it off is buried deep within Snapchat’s settings. This article is interesting because without the spread of this knowledge many Snapchat users would go unaware that they even agreed to this policy. It is important for companies to be transparent with the use of customer data and I do not believe Snapchat is being completely forthcoming with this update. Users of Snapchat should look closely at the new policy and decide for themselves if they are willing to agree to let their selfies be used for training artificial intelligence.
https://www.malwarebytes.com/blog/news/2024/09/snapchat-wants-to-put-your-ai-generated-face-in-its-ads
Haozhe Zhang says
The recent hack on BingX, a Singapore-based cryptocurrency exchange, resulted in the theft of over $44 million worth of digital assets, primarily from its hot wallets. The breach was first identified when abnormal network activity was detected, prompting the platform to suspend withdrawals and initiate an emergency response. Blockchain security firms like PeckShield confirmed the extent of the hack, with stolen funds converted into Ethereum and Binance Coin (BNB). Despite the substantial losses, BingX has committed to fully compensating affected users with its own capital to ensure that their assets remain safe. The exchange has faced some criticism for its handling of the incident, especially around communication with its users, but it has reassured the public that operations will continue as normal after the wallet systems are strengthened
https://securityaffairs.com/168703/cyber-crime/hackers-stole-44m-from-bingx.html
Sarah Maher says
https://cybernews.com/privacy/view-once-messages-on-whatsapp-accessed-repeatedly/
Whatsapp’s view once messages create a false sense of security for users. Users send a message as a view once thinking it means the message is gone after being viewed once, but the reality is the message is sent first to Whatsapps servers. The server then sends the message to all the receiver’s devices even the ones that are not meant to be able to view the message. This report was done by Zengo X research team that said ““The View Once media messages are technically the same as regular media messages, only with the “view once” flag set. Which means it’s the virtual equivalent of putting a note on the picture that says “don’t look.”” A web application can easily change the view once flag to “false”, and be able to see the message. Whatsapp said an update is coming soon and told users to only send message to “people they trust”.
Parth Tyagi says
Kaspersky Exits U.S., Automatically Replaces Software With UltraAV, Raising Concerns.
Antivirus vendor Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective September 19, 2024, ahead of its formal exit at the end of the month.
The Russian company, which was banned from selling its software in the U.S. due to national security concerns, said it “worked closely” with UltraAV to ensure that the standards of security and privacy were maintained after the switch.
Kaspersky antivirus customers received a software update facilitating the transition to UltraAV,” the company said in a post announcing the move on September 21. While Kaspersky issued a notice to customers detailing about the transition to UltraAV, it did not explicitly mention that the transition would be automatic. Does the transition to a new software bring in new risks along with it? Time shall tell.
https://thehackernews.com/2024/09/kaspersky-exits-us-automatically.html?m=1#:~:text=Kaspersky%20Exits%20U.S.%2C%20Automatically%20Replaces%20Software%20With%20UltraAV%2C%20Raising%20Concerns,-%EE%A0%82Sep%2024&text=Antivirus%20vendor%20Kaspersky%20has%20formally,the%20end%20of%20the%20month.
Elias Johnston says
This week’s article covers one of the largest phishing scams in US history. The phishing scam duped both Google and Facebook and totaled $100 million in losses between the companies. The scam worked by setting up a fake business and sending phishing emails to facebook and google employees. The fictitious company was pretending to be representatives from Qanta, a Taiwanese based corporation that regularly does business with Google and Facebook. The fictitious company then emailed fake invoices to the employees of Google and Facebook for multi-million dollar amounts. Evaldas Rimasauskas, a Lithuanian man, was the only culprit caught from the heist. He is facing up to 30 years in prison and was ordered to pay back roughly $50 million to Facebook. Rimasauskas stated that he was not the man behind the phishing attempts, and that his presence in the crime was to set up bank accounts for the stolen money to be wired to and from. Facebook has announced that they have recouped their losses and are pleased with the outcome of the trial. I found this article interesting because I had never heard of this phishing scam which, had it been successful, would be one of the largest successful phishing scams in US history.
https://www.cnbc.com/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-and-google.html