Article: AI In Cybersecurity: Revolutionizing Safety
This Forbes article deals with the evolving world of cyber security in the face of AI programming and detection methods. Because of the growing needs for digital content and assets, security professionals may find themselves overwhelmed, but according to the article, AI algorithms can be effectively leveraged to provide more comprehensive coverage, detection, and analyses to IT professionals. This is an interesting perspective, as many people often speak about AI in a negative light, either in how it may concern job function or aid malicious actors in accessing and sorting data to more efficiently target victims. Being able to use these systems as a tool ourselves would certainly give security professionals an edge and allow for more comprehensive system security measures to be put in place
So basically Microsoft who funds OpenAI noticed that state-backed hackers from Russia, China, and Iran are reportedly using it to enhance their skills and better deceive targets. The company, acknowledging this issue and has imposed a blanket ban on state-backed hacking groups from using its AI products. This highlights concerns over the potential misuse and rapid development of AI technology in cybersecurity but whether this ban realistically does anything to stop these groups from using it, little can be said for showing that.
Topic: Prudential Financial reports Feb. 4 cyberattack in SEC filing
Prudential Financial disclosed in an SEC filing that it had experienced a security breach, with an unauthorized actor accessing administrative and user data, along with a small portion of user accounts linked to employees and contractors. The breach occurred on February 4th, detected by Prudential on February 5th. However, Prudential stated that it found no evidence of customer or client data being taken. Despite the incident, Prudential assessed that it did not have a significant impact on its operations or financial condition. Security professionals praised Prudential’s decision to file the report promptly, considering the new SEC regulations and the potential for future developments to reclassify the breach as material. This proactive reporting aligns with the evolving culture of transparency and accountability in cybersecurity. Meanwhile, other financial institutions like Bank of America and Planet Home Lending have also faced cyberattacks, indicating ongoing security challenges within the industry.
Cyberattack hits Pennsylvania court system
The Pennsylvania online court system has been hit by a cyberattack.
Pennsylvania Chief Justice Debra Todd announced Sunday night that portions of the website are unavailable due to what is called a denial of service, or DoS, attack. the IT team first started noticing increased activity around 10 a.m. Saturday. As the team worked to fix the issues, it became clear this was a cyberattack. The team started locking down some parts of the site and was able to block certain regions, countries, and entities around the world. The motive for the cyberattack is not clear.
ALPHV, a ransomware criminal organization, has claimed responsibility for recently breaching Prudential Financial and loanDepot, a mortgage lender. These companies were recently added to ALPHV’s dark web site, with the organization planning to sell data from loanDepot and releasing Prudential’s data for free after negotiations failed.
It is revealed that the loanDepot hack resulted in at least 16.6 million people had their personal information stolen, while Prudential is unsure if customer or client data was exfiltrated from the attack. Although the FBI disrupted the group’s actions in December, they managed to create a new site utilizing private keys they owned and launched a new site on the dark web with new tools.
With this week’s topics being firewalls as I was researching around, I found this article on how Cisco is updating some elements of their overarching security cloud platform. It is being updated to help enterprise customers to better protect widely distributed resources.
The updates to their platform, called identity intelligence, brings together information from the vendors existing security products, such as Duo authentication software and XDR threat detection platform but also add AI-based behavioral analytics which helps strengthen network authentication and protect against identity-based attacks.
The idea with identity intelligence is that the enterprise customers can have a centralized dashboard where it provides visibility into how identities are being actively used and automatically enforce policies. From this dashboard they can see their entire network, spot and fix questionable accounts, detect behaviors and block access where necessary by utilizing existing products. This is very interesting to me, especially from an existing products standpoint.
SentinelOne published an article titled “The Death of Network Perimeter Security,” which discusses the changing landscape of network security and the obstacles presented by the post-perimeter world. Traditional network security, which relied on trusted subnets and firewall-protected boundaries, is no longer sufficient due to the intricate nature of modern networks, including cloud architecture, IoT, and mobile devices. The article highlights the shift towards Zero Trust networking, micro-segmentation, and Software-defined Perimeter (SDP) as methods to address these challenges. Zero Trust operates on the principle of “never trust, always verify,” treating every user and device as potential threats, regardless of their position within or outside the network perimeter.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it’s being likely exploited in Akira ransomware attacks.
It was discovered that Pulse Secure had several weaknesses and it was discovered that the version of Linux it was running has not been supported since November 2020. This has allowed threat actors to take advantage of this security flaw.
As late as last week vulnerabilities are still being discovered. Over 1,200 issues in 76 shell scripts, 5,218 vulnerabilities in 5,392 Python files, in addition to 133 outdated certificates were discovered upon further investigation.
I am surprised that this has gone this long without patching. I am curious how they let it go so long and no one saw this? Yeah, I wonder how many people lost their jobs because of this. This is beyond negligence, just I don’t have a word for what this is.
Many organizations use firewalls to protect themselves from harmful traffic flow on the internet. However, many firms adopted on-premise firewalls before the rapid proliferation of:
-Public cloud solutions (AWS, Azure, Salesforce) for daily business operations.
-Remote/hybrid working.
These new trends made on-premise firewall solutions ineffective. Therefore, this article introduce firewalls as a service (FWaaS) in depth and compare them with on-premise (hardware) and host-based firewalls to provide a better understanding.
“WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites”
A critical security flaw (CVE-2024-25600, CVSS score: 9.8!!!) in the Bricks theme for WordPress up to version 1.9.6 allows remote code execution by unauthenticated attackers. The flaw, reported by Snicco and Patchstack, stems from improper use of nonces for permissions verification in the prepare_query_vars_from_settings() function. Version 1.9.6.1, released on February 13, 2024, addresses the issue. While no proof-of-concept exploit exists, Wordfence detected over three dozen attack attempts from various IP addresses, with exploitation attempts starting on February 14. WordPress advises against relying solely on nonces for security and recommends applying the latest patches to mitigate risks, especially for the estimated 25,000 active installations of Bricks.
URL: https://thehackernews.com/2024/02/wordpress-bricks-theme-under-active.html
Researchers have identified over 178k Sonic next-generation firewalls with exposed management interfaces online which are vulnerable to DOS attacks. It was stated that the vulnerabilities in the firewalls affect appliances, and they can be exploited because of the reuse of the same vulnerability code pattern.
This article talks about a trojan for ios and android that steals banking credentials. It does this by collecting face profiles, personal information documents, and personal messages as well. This is a concern considering some banks require facial recognition to access a certain amount of money. By having pictures of the face, they use AI to create deepfakes. And if hackers use this trojan, they can use the face to withdraw the money.
Andrew Young says
Article: AI In Cybersecurity: Revolutionizing Safety
This Forbes article deals with the evolving world of cyber security in the face of AI programming and detection methods. Because of the growing needs for digital content and assets, security professionals may find themselves overwhelmed, but according to the article, AI algorithms can be effectively leveraged to provide more comprehensive coverage, detection, and analyses to IT professionals. This is an interesting perspective, as many people often speak about AI in a negative light, either in how it may concern job function or aid malicious actors in accessing and sorting data to more efficiently target victims. Being able to use these systems as a tool ourselves would certainly give security professionals an edge and allow for more comprehensive system security measures to be put in place
Link: https://www.forbes.com/sites/forbestechcouncil/2024/02/15/ai-in-cybersecurity-revolutionizing-safety/?sh=2cdfb58b694a
Ikenna Alajemba says
Bank of America is warning customers of a data breach exposing their personal information after Infosys McCamish Systems (IMS), one of its service providers, was hacked last year.
https://www.forbes.com/sites/daveywinder/2024/02/13/bank-of-america-warns-customers-of-data-breach-following-2023-hack/?sh=70747402afaf
Alex Ruiz says
Link: https://www.reuters.com/technology/cybersecurity/microsoft-says-it-caught-hackers-china-russia-iran-using-its-ai-tools-2024-02-14/
So basically Microsoft who funds OpenAI noticed that state-backed hackers from Russia, China, and Iran are reportedly using it to enhance their skills and better deceive targets. The company, acknowledging this issue and has imposed a blanket ban on state-backed hacking groups from using its AI products. This highlights concerns over the potential misuse and rapid development of AI technology in cybersecurity but whether this ban realistically does anything to stop these groups from using it, little can be said for showing that.
Chidiebere Okafor says
Topic: Prudential Financial reports Feb. 4 cyberattack in SEC filing
Prudential Financial disclosed in an SEC filing that it had experienced a security breach, with an unauthorized actor accessing administrative and user data, along with a small portion of user accounts linked to employees and contractors. The breach occurred on February 4th, detected by Prudential on February 5th. However, Prudential stated that it found no evidence of customer or client data being taken. Despite the incident, Prudential assessed that it did not have a significant impact on its operations or financial condition. Security professionals praised Prudential’s decision to file the report promptly, considering the new SEC regulations and the potential for future developments to reclassify the breach as material. This proactive reporting aligns with the evolving culture of transparency and accountability in cybersecurity. Meanwhile, other financial institutions like Bank of America and Planet Home Lending have also faced cyberattacks, indicating ongoing security challenges within the industry.
Link – https://www.scmagazine.com/news/prudential-financial-reports-feb-4-cyberattack-in-sec-filing
Mariam Hazali says
Cyberattack hits Pennsylvania court system
The Pennsylvania online court system has been hit by a cyberattack.
Pennsylvania Chief Justice Debra Todd announced Sunday night that portions of the website are unavailable due to what is called a denial of service, or DoS, attack. the IT team first started noticing increased activity around 10 a.m. Saturday. As the team worked to fix the issues, it became clear this was a cyberattack. The team started locking down some parts of the site and was able to block certain regions, countries, and entities around the world. The motive for the cyberattack is not clear.
https://www.wgal.com/article/pennsylvania-court-system-cyberattack/46645631
Kenneth Saltisky says
ALPHV, a ransomware criminal organization, has claimed responsibility for recently breaching Prudential Financial and loanDepot, a mortgage lender. These companies were recently added to ALPHV’s dark web site, with the organization planning to sell data from loanDepot and releasing Prudential’s data for free after negotiations failed.
It is revealed that the loanDepot hack resulted in at least 16.6 million people had their personal information stolen, while Prudential is unsure if customer or client data was exfiltrated from the attack. Although the FBI disrupted the group’s actions in December, they managed to create a new site utilizing private keys they owned and launched a new site on the dark web with new tools.
https://www.bleepingcomputer.com/news/security/alphv-ransomware-claims-loandepot-prudential-financial-breaches/
Jeffrey Sullivan says
Cisco boosts security wares with AI-driven access control, identity management | Network World
https://www.networkworld.com/article/1306003/cisco-boosts-security-wares-with-ai-driven-access-control-identity-management.html
With this week’s topics being firewalls as I was researching around, I found this article on how Cisco is updating some elements of their overarching security cloud platform. It is being updated to help enterprise customers to better protect widely distributed resources.
The updates to their platform, called identity intelligence, brings together information from the vendors existing security products, such as Duo authentication software and XDR threat detection platform but also add AI-based behavioral analytics which helps strengthen network authentication and protect against identity-based attacks.
The idea with identity intelligence is that the enterprise customers can have a centralized dashboard where it provides visibility into how identities are being actively used and automatically enforce policies. From this dashboard they can see their entire network, spot and fix questionable accounts, detect behaviors and block access where necessary by utilizing existing products. This is very interesting to me, especially from an existing products standpoint.
Kelly Conger says
SentinelOne published an article titled “The Death of Network Perimeter Security,” which discusses the changing landscape of network security and the obstacles presented by the post-perimeter world. Traditional network security, which relied on trusted subnets and firewall-protected boundaries, is no longer sufficient due to the intricate nature of modern networks, including cloud architecture, IoT, and mobile devices. The article highlights the shift towards Zero Trust networking, micro-segmentation, and Software-defined Perimeter (SDP) as methods to address these challenges. Zero Trust operates on the principle of “never trust, always verify,” treating every user and device as potential threats, regardless of their position within or outside the network perimeter.
https://www.sentinelone.com/blog/the-demise-of-the-perimeter-and-the-rise-of-the-security-platform/
Michael Obiukwu says
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it’s being likely exploited in Akira ransomware attacks.
https://thehackernews.com/2024/02/cisa-warning-akira-ransomware.html
Erskine Payton says
Erskine Payton
In the News Article- Unit 6
MIS 5214
Temple University
Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries
https://thehackernews.com/2024/02/ivanti-pulse-secure-found-using-11-year.html
It was discovered that Pulse Secure had several weaknesses and it was discovered that the version of Linux it was running has not been supported since November 2020. This has allowed threat actors to take advantage of this security flaw.
As late as last week vulnerabilities are still being discovered. Over 1,200 issues in 76 shell scripts, 5,218 vulnerabilities in 5,392 Python files, in addition to 133 outdated certificates were discovered upon further investigation.
I am surprised that this has gone this long without patching. I am curious how they let it go so long and no one saw this? Yeah, I wonder how many people lost their jobs because of this. This is beyond negligence, just I don’t have a word for what this is.
Samuel Omotosho says
Firewall As A Service in 2024 (FWaaS)
Many organizations use firewalls to protect themselves from harmful traffic flow on the internet. However, many firms adopted on-premise firewalls before the rapid proliferation of:
-Public cloud solutions (AWS, Azure, Salesforce) for daily business operations.
-Remote/hybrid working.
These new trends made on-premise firewall solutions ineffective. Therefore, this article introduce firewalls as a service (FWaaS) in depth and compare them with on-premise (hardware) and host-based firewalls to provide a better understanding.
https://v-network.net/blogs/articles/firewall-as-a-service-in-2024-definition-top-8-benefits
Nicholas Nirenberg says
“WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites”
A critical security flaw (CVE-2024-25600, CVSS score: 9.8!!!) in the Bricks theme for WordPress up to version 1.9.6 allows remote code execution by unauthenticated attackers. The flaw, reported by Snicco and Patchstack, stems from improper use of nonces for permissions verification in the prepare_query_vars_from_settings() function. Version 1.9.6.1, released on February 13, 2024, addresses the issue. While no proof-of-concept exploit exists, Wordfence detected over three dozen attack attempts from various IP addresses, with exploitation attempts starting on February 14. WordPress advises against relying solely on nonces for security and recommends applying the latest patches to mitigate risks, especially for the estimated 25,000 active installations of Bricks.
URL: https://thehackernews.com/2024/02/wordpress-bricks-theme-under-active.html
Akintunde Akinmusire says
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks
https://www.bleepingcomputer.com/news/security/over-178k-sonicwall-firewalls-vulnerable-to-dos-potential-rce-attacks/
Researchers have identified over 178k Sonic next-generation firewalls with exposed management interfaces online which are vulnerable to DOS attacks. It was stated that the vulnerabilities in the firewalls affect appliances, and they can be exploited because of the reuse of the same vulnerability code pattern.
Hashem Alsharif says
https://www.securityweek.com/ios-trojan-collects-face-and-other-data-for-bank-account-hacking/
This article talks about a trojan for ios and android that steals banking credentials. It does this by collecting face profiles, personal information documents, and personal messages as well. This is a concern considering some banks require facial recognition to access a certain amount of money. By having pictures of the face, they use AI to create deepfakes. And if hackers use this trojan, they can use the face to withdraw the money.