Sen. Ron Wyden, D-Ore., announced Monday that he and Sen. Bill Cassidy, R-La., will introduce bipartisan legislation to combat rising cases of identity fraud from the use of artificial intelligence by allowing the U.S. Postal Service to offer identity verification and related services to the private sector like they currently do for government agencies.
The increased use of AI and complexity of deepfake technology (A deepfake is an artificial image or video (a series of images) generated by a special kind of machine learning called “deep” learning (hence the name), has made it harder to verify people online. One of the most secure and reliable forms of identity verification is In-Person Proofing, where individuals present physical credentials that are checked in person by an attendant. This form of identity verification is resistant to many forms of fraud and abuse, particularly those that may be made worse by AI.
The POST ID Act would:
• Allow, but does not require, the USPS to offer identity verification and related services to the private sector, building on its existing capabilities currently available only to government agencies;
• Authorize USPS to issue authenticators to verified individuals, such as physical security keys, for use in future interactions;
• Authorize USPS to conduct identity proofing at any USPS location, or through its authorized employees at any other location, such as the home of the individual being verified;
• Subject to the consent of the individual being verified, allow for enrollment in or creation of digital accounts or systems convenient for the individual, including concurrent enrollment in multiple accounts or systems;
• Allow for the creation of a mechanism whereby third parties may sponsor an individual by paying the fees for their verification; and
• Authorize the USPS to charge such fees as necessary to cover the costs of providing these services.
The state of Maine has begun notifying people whose personal information was included in a data breach impacting as many as 1.3 million individuals, state officials announced Thursday.
The notifications began after the state completed an assessment once they discovered that hackers exploited a vulnerability in a widely used file-transfer software. Other government agencies, major pension funds and private businesses have also been affected by a Russian ransomware gang’s so-called supply chain hack of the software MOVEit.
This article talks about the outages experienced by OpenAI on November 8, attributing them to a suspected distributed denial-of-service (DDoS) attack. Anonymous Sudan claimed responsibility, alleging the attack was in response to ChatGPT’s perceived bias towards Israel. The hacktivist group accused OpenAI of collaborating with Israel, claiming AI is used in developing weapons and by intelligence agencies like Mossad. Trustwave SpiderLabs researchers suggest Anonymous Sudan is likely linked to the pro-Russian Killnet threat group, with no apparent financial motivation. Heather Choi notes Anonymous Sudan’s affiliation with Killnet and its involvement in global attacks. While politically motivated, the group also retaliates against messaging services restricting their communications, according to Ian Nicholson of Pentest People. The main Anonymous operations groups deny any connection with Anonymous Sudan.
I thought this article has some great information listed in it. A lot of subjects in cyber are new to me and this article makes me want to dig deeper into subjects that I need to understand like zero trust architecture and see why there are several architecture types of vs ZTA. I also found the information on the dynamic access control interesting as well. This article is packed in information and give you a link to other pages to read which is very interesting. It will be interesting to see what will comes out in the near future with digitals identities and how, what etc. people will use to access their data, company data and /or networks etc.
The article underscores the evolving challenges faced by Multi-Factor Authentication (MFA) in the realm of cybersecurity during 2023. Despite being a recommended security practice, experts caution that a significant majority of MFA methods are susceptible to hacking through social engineering and phishing attacks, posing a potential threat to user security. It emphasizes the critical need for adopting phishing-resistant MFA options, particularly those aligned with the Fast IDentity Online (FIDO) standard protocols, which leverage public key cryptography for enhanced security. The article also acknowledges the increasing momentum toward the adoption of phishing-resistant MFA, with organizations and governments actively advocating for its widespread implementation. Additionally, the piece introduces the concept of MFA fatigue, where users may inadvertently approve login prompts due to lapses in concentration. To counter such challenges, the article provides practical tips, including tightening authentication regimes and incorporating additional authentication measures. Overall, it highlights the dynamic nature of cybersecurity threats and the importance of staying ahead with more robust and resilient MFA solutions.
Article: New Ransomware Group Emerges with Hive’s Source Code and Infrastructure
A new group in the Ransomware field has emerged, this time utilizing resources and source code from a previously prolific Ransomware group. The previously well-known Ransomware group Hive apparently has ceased operations and transferred or sold most of their assets, resources and functions to a new group called “Hunters International”. While initially believed to be a rebranding of the Hive group, experts say that there are differences between the two, especially in their targeting, with Hunters International placing an emphasis on data exfiltration, extracting data from compromised devices. This development is another example of how illicit web use and hostile groups can not only adapt, but evolve to growing challenges both within and without, and therefor should be treated as an omnipresent threat.
Here Is What You Can Do Now About the Fall of RSA 2048
This article struck me since it is in line with a few articles that were shared last week on cryptography. Seeing as though we are in the red zone for transitioning to post-quantum cryptography (PQC), my eye keeps looking to solutions for the lag where America has found itself. A solution presented in one of the articles states that organizations need to combine today’s certified cryptography methods and tomorrow’s quantum-safe crypto by implementing candidate PQC algorithms ultimately eluding to FIPS cryptography, FIPS 140-2 and 3. Another article talks about how machine learning is capable of playing a significant role in enhancing post-quantum cryptography solutions by enabling algorithm swapping and how by analyzing network traffic, ML algorithms can identify anomalous behavior and recommend the appropriate cryptographic key to use. This I found most interesting since I would imagine this being considered in the Quantum Computing Cybersecurity Preparedness Act. However, I say all of this to say that these are dooms day tactics that already hint that we are behind in our efforts. So, what can your local supermarket that has that “to die for” bakery section do to stay current within the fire we find ourselves in ? Well, according to Skip in this article, a great first step is simply learning about cryptography. It was stated in another article that businesses are still voluntarily in the dark on how encryption truly effects the security of their business. This caters to the overall setback America has found itself in when thinking about mathematics and science curriculum. America has long had a curriculum issue where unnecessary issues have taken the driver’s seat instead of empowering intelligent citizens to build up a strong economy. Now, it is more important than ever for business leaders to stay informed about the progress of new, available cryptography via NIST. Whew! This goes a long way from being able to avoid mathematics your whole life to understanding number theory! So, with that being said, time has moved without us when simply considering how businesses are run in this country. So often it is permitted for CEOs and stakeholders to stay figuratively in the clouds and execute through their “most trusted” employee, but that time is no longer. While technology is advancing further than the USA can keep up with, we are seeing a bigger crisis where we must move forward a lot differently than we ever have before with human emotional and tactical intelligence at the forefront.
Title: CISA Sets a Deadline – Patch Juniper Junos OS Flaws Before November 17
Link: https://thehackernews.com/2023/11/cisa-sets-deadline-patch-juniper-junos.html
Summary: CISA set a November 17th deadline for federal agencies and organizations to address security flaws in Juniper Junos OS, they noted 5 vulnerabilities to the KEV database. Juniper has acknowledged successful exploitation and advised immediate updates amid reports of critical vulnerabilities being sold on the darknet and rising cyber threats targeting healthcare organizations.
“China’s ICBC, the world’s biggest bank, hit by ransomware cyberattack that reportedly disrupted Treasury markets.”
The cyberattack disrupted the trading of Treasurys. Following the discovery, ICBC isolated affected systems to contain the incident and initiated a thorough investigation. The bank has not disclosed the identity of the attackers but mentioned collaboration with law enforcement and ongoing recovery efforts.
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers
In an era with all of us trying to get certified this story hits home for all is us. The group impersonated a Microsoft skills assessment portal. The threat actor Sapphire Sleet who is famous for it’s social engineering attacks claims responsibility.
CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs
There is a recent vulnerability discovered in the Secure Encrypted Virtualization framework called The CacheWarp. Attackers use CacheWarp to target virtual machines. The exploit allows attackers to be able to access the same physical CPU core as the victim’s virtual machine to retrieve data from the CPU’s cache. AMD is said to be actively working on mitigating this vulnerability and enhancing the security of its technology.
Wyden introduces bipartisan bill to crack down on identity fraud from use of AI
https://ktvz.com/news/oregon-northwest/2023/10/02/wyden-introduces-bipartisan-bill-to-crack-down-on-identity-fraud-from-use-of-ai/
Sen. Ron Wyden, D-Ore., announced Monday that he and Sen. Bill Cassidy, R-La., will introduce bipartisan legislation to combat rising cases of identity fraud from the use of artificial intelligence by allowing the U.S. Postal Service to offer identity verification and related services to the private sector like they currently do for government agencies.
The increased use of AI and complexity of deepfake technology (A deepfake is an artificial image or video (a series of images) generated by a special kind of machine learning called “deep” learning (hence the name), has made it harder to verify people online. One of the most secure and reliable forms of identity verification is In-Person Proofing, where individuals present physical credentials that are checked in person by an attendant. This form of identity verification is resistant to many forms of fraud and abuse, particularly those that may be made worse by AI.
The POST ID Act would:
• Allow, but does not require, the USPS to offer identity verification and related services to the private sector, building on its existing capabilities currently available only to government agencies;
• Authorize USPS to issue authenticators to verified individuals, such as physical security keys, for use in future interactions;
• Authorize USPS to conduct identity proofing at any USPS location, or through its authorized employees at any other location, such as the home of the individual being verified;
• Subject to the consent of the individual being verified, allow for enrollment in or creation of digital accounts or systems convenient for the individual, including concurrent enrollment in multiple accounts or systems;
• Allow for the creation of a mechanism whereby third parties may sponsor an individual by paying the fees for their verification; and
• Authorize the USPS to charge such fees as necessary to cover the costs of providing these services.
The state of Maine has begun notifying people whose personal information was included in a data breach impacting as many as 1.3 million individuals, state officials announced Thursday.
The notifications began after the state completed an assessment once they discovered that hackers exploited a vulnerability in a widely used file-transfer software. Other government agencies, major pension funds and private businesses have also been affected by a Russian ransomware gang’s so-called supply chain hack of the software MOVEit.
https://www.wmtw.com/article/more-than-1-million-mainers-affected-data-breach-state-says/45802554#
This article talks about the outages experienced by OpenAI on November 8, attributing them to a suspected distributed denial-of-service (DDoS) attack. Anonymous Sudan claimed responsibility, alleging the attack was in response to ChatGPT’s perceived bias towards Israel. The hacktivist group accused OpenAI of collaborating with Israel, claiming AI is used in developing weapons and by intelligence agencies like Mossad. Trustwave SpiderLabs researchers suggest Anonymous Sudan is likely linked to the pro-Russian Killnet threat group, with no apparent financial motivation. Heather Choi notes Anonymous Sudan’s affiliation with Killnet and its involvement in global attacks. While politically motivated, the group also retaliates against messaging services restricting their communications, according to Ian Nicholson of Pentest People. The main Anonymous operations groups deny any connection with Anonymous Sudan.
Link – https://www-forbes-com.cdn.ampproject.org/c/s/www.forbes.com/sites/daveywinder/2023/11/10/chatgpt-down-as-suspected-cyber-attackers-strike/amp/
https://www.forbes.com/sites/forbestechcouncil/2023/11/08/identity-and-access-management-18-important-trends-and-considerations/?sh=7b67783359b0
I thought this article has some great information listed in it. A lot of subjects in cyber are new to me and this article makes me want to dig deeper into subjects that I need to understand like zero trust architecture and see why there are several architecture types of vs ZTA. I also found the information on the dynamic access control interesting as well. This article is packed in information and give you a link to other pages to read which is very interesting. It will be interesting to see what will comes out in the near future with digitals identities and how, what etc. people will use to access their data, company data and /or networks etc.
https://www.infosecurity-magazine.com/news-features/cybermonth-mfa-enough-protect/
The article underscores the evolving challenges faced by Multi-Factor Authentication (MFA) in the realm of cybersecurity during 2023. Despite being a recommended security practice, experts caution that a significant majority of MFA methods are susceptible to hacking through social engineering and phishing attacks, posing a potential threat to user security. It emphasizes the critical need for adopting phishing-resistant MFA options, particularly those aligned with the Fast IDentity Online (FIDO) standard protocols, which leverage public key cryptography for enhanced security. The article also acknowledges the increasing momentum toward the adoption of phishing-resistant MFA, with organizations and governments actively advocating for its widespread implementation. Additionally, the piece introduces the concept of MFA fatigue, where users may inadvertently approve login prompts due to lapses in concentration. To counter such challenges, the article provides practical tips, including tightening authentication regimes and incorporating additional authentication measures. Overall, it highlights the dynamic nature of cybersecurity threats and the importance of staying ahead with more robust and resilient MFA solutions.
Article: New Ransomware Group Emerges with Hive’s Source Code and Infrastructure
A new group in the Ransomware field has emerged, this time utilizing resources and source code from a previously prolific Ransomware group. The previously well-known Ransomware group Hive apparently has ceased operations and transferred or sold most of their assets, resources and functions to a new group called “Hunters International”. While initially believed to be a rebranding of the Hive group, experts say that there are differences between the two, especially in their targeting, with Hunters International placing an emphasis on data exfiltration, extracting data from compromised devices. This development is another example of how illicit web use and hostile groups can not only adapt, but evolve to growing challenges both within and without, and therefor should be treated as an omnipresent threat.
Article Link: https://thehackernews.com/2023/11/new-ransomware-group-emerges-with-hives.html
DP World hack: port operator gradually restarting operations around Australia after cyber-attack
Following a cyber-assault, Australia’s principal ports operator, DP World Australia, has cautiously
https://www.theguardian.com/australia-news/2023/nov/13/australian-port-operator-hit-by-cyber-attack-says-cargo-may-be-stranded-for-days#:~:text=Australia's%20biggest%20ports%20operator%2C%20which%20has%20been,cyber%2Dattack%2C%20has%20begun%20gradually%20restarting%20its%20operations%2C
begun resuming operations. However, there are expectations of extended delays affecting critical exports. After identifying the cyber breach last Friday, the shipping giant suspended operations across its Sydney, Melbourne, Brisbane, and Fremantle ports, leaving cargo stranded on docks. As a defensive measure, DP World Australia severed its internet connection to halt further unauthorized network access, inadvertently disrupting its integral port operation systems. Freight and Trade Alliance Director, Paul Zalai confirmed a scaled resumption of activities on Monday, with Brisbane and Fremantle ports slowly progressing with import and export processes.
Here Is What You Can Do Now About the Fall of RSA 2048
This article struck me since it is in line with a few articles that were shared last week on cryptography. Seeing as though we are in the red zone for transitioning to post-quantum cryptography (PQC), my eye keeps looking to solutions for the lag where America has found itself. A solution presented in one of the articles states that organizations need to combine today’s certified cryptography methods and tomorrow’s quantum-safe crypto by implementing candidate PQC algorithms ultimately eluding to FIPS cryptography, FIPS 140-2 and 3. Another article talks about how machine learning is capable of playing a significant role in enhancing post-quantum cryptography solutions by enabling algorithm swapping and how by analyzing network traffic, ML algorithms can identify anomalous behavior and recommend the appropriate cryptographic key to use. This I found most interesting since I would imagine this being considered in the Quantum Computing Cybersecurity Preparedness Act. However, I say all of this to say that these are dooms day tactics that already hint that we are behind in our efforts. So, what can your local supermarket that has that “to die for” bakery section do to stay current within the fire we find ourselves in ? Well, according to Skip in this article, a great first step is simply learning about cryptography. It was stated in another article that businesses are still voluntarily in the dark on how encryption truly effects the security of their business. This caters to the overall setback America has found itself in when thinking about mathematics and science curriculum. America has long had a curriculum issue where unnecessary issues have taken the driver’s seat instead of empowering intelligent citizens to build up a strong economy. Now, it is more important than ever for business leaders to stay informed about the progress of new, available cryptography via NIST. Whew! This goes a long way from being able to avoid mathematics your whole life to understanding number theory! So, with that being said, time has moved without us when simply considering how businesses are run in this country. So often it is permitted for CEOs and stakeholders to stay figuratively in the clouds and execute through their “most trusted” employee, but that time is no longer. While technology is advancing further than the USA can keep up with, we are seeing a bigger crisis where we must move forward a lot differently than we ever have before with human emotional and tactical intelligence at the forefront.
URL: https://www.forbes.com/sites/forbestechcouncil/2023/11/14/cybersecurity-threats-just-got-worse/?sh=5c5c4a1aceeb
Title: CISA Sets a Deadline – Patch Juniper Junos OS Flaws Before November 17
Link: https://thehackernews.com/2023/11/cisa-sets-deadline-patch-juniper-junos.html
Summary: CISA set a November 17th deadline for federal agencies and organizations to address security flaws in Juniper Junos OS, they noted 5 vulnerabilities to the KEV database. Juniper has acknowledged successful exploitation and advised immediate updates amid reports of critical vulnerabilities being sold on the darknet and rising cyber threats targeting healthcare organizations.
“China’s ICBC, the world’s biggest bank, hit by ransomware cyberattack that reportedly disrupted Treasury markets.”
The cyberattack disrupted the trading of Treasurys. Following the discovery, ICBC isolated affected systems to contain the incident and initiated a thorough investigation. The bank has not disclosed the identity of the attackers but mentioned collaboration with law enforcement and ongoing recovery efforts.
https://www.cnbc.com/2023/11/10/icbc-the-worlds-biggest-bank-hit-by-ransomware-cyberattack.html
Erskine Payton
In the News Article- Week 10
MIS 5206
Temple University
https://thehackernews.com/2023/11/microsoft-warns-of-fake-skills.html
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers
In an era with all of us trying to get certified this story hits home for all is us. The group impersonated a Microsoft skills assessment portal. The threat actor Sapphire Sleet who is famous for it’s social engineering attacks claims responsibility.
https://thehackernews.com/2023/11/cachewarp-attack-new-vulnerability-in.html
CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs
There is a recent vulnerability discovered in the Secure Encrypted Virtualization framework called The CacheWarp. Attackers use CacheWarp to target virtual machines. The exploit allows attackers to be able to access the same physical CPU core as the victim’s virtual machine to retrieve data from the CPU’s cache. AMD is said to be actively working on mitigating this vulnerability and enhancing the security of its technology.