Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient’s natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.

In Sept. 2023, the Pennsylvania news outlet LancasterOnline.com published a story about Adam Kidan, a wealthy businessman with a criminal past who is a major donor to Republican causes and candidates, including Rep. Lloyd Smucker (R-Pa).

Several months after that piece ran, the story’s author Brett Sholtis received two emails from Kidan, both of which contained attachments. One of the messages appeared to be a lengthy conversation between Kidan and a colleague, with the subject line, “Re: Successfully sent data.” The second missive was a more brief email from Kidan with the subject, “Acknowledge New Work Order,” and a message that read simply, “Please find the attached.”

Sholtis said he clicked the attachment in one of the messages, which then launched a web page that looked exactly like a Microsoft Office 365 login page. An analysis of the webpage reveals it would check any submitted credentials at the real Microsoft website, and return an error if the user entered bogus account information. A successful login would record the submitted credentials and forward the victim to the real Microsoft website.

But Sholtis said he didn’t enter his Outlook username and password. Instead, he forwarded the messages to LancasterOneline’s IT team, which quickly flagged them as phishing attempts.

LancasterOnline’s Executive Editor Tom Murse said the two phishing messages from Mr. Kidan raised eyebrows in the newsroom because Kidan had threatened to sue the news outlet multiple times over Sholtis’s story.

“We were just perplexed,” Murse said. “It seemed to be a phishing attempt but we were confused why it would come from a prominent businessman we’ve written about. Our initial response was confusion, but we didn’t know what else to do with it other than to send it to the FBI.”

In 2006, Kidan was sentenced to 70 months in federal prison after pleading guilty to defrauding lenders along with Jack Abramoff, the disgraced lobbyist whose corruption became a symbol of the excesses of Washington influence peddling. He was paroled in 2009, and in 2014 moved his family to a home in Lancaster County, Pa.

The FBI hasn’t responded to LancasterOnline’s tip. Messages sent by KrebsOnSecurity to Kidan’s emails addresses were returned as blocked. Messages left with Mr. Kidan’s company, Empire Workforce Solutions, went unreturned.

No doubt the FBI saw the messages from Kidan for what they likely were: The result of Mr. Kidan having his Microsoft Outlook account compromised and used to send malicious email to people in his contacts list.

Thread hijacking attacks are hardly new, but that is mainly true because many Internet users still don’t know how to identify them. The email security firm Proofpoint says it has tracked north of 90 million malicious messages in the last five years that leverage this attack method.

One key reason thread hijacking is so successful is that these attacks generally do not include the tell that exposes most phishing scams: A fabricated sense of urgency. A majority of phishing threats warn of negative consequences should you fail to act quickly — such as an account suspension or an unauthorized high-dollar charge going through.

In contrast, thread hijacking campaigns tend to patiently prey on the natural curiosity of the recipient.

Ryan Kalember, chief strategy officer at Proofpoint, said probably the most ubiquitous examples of thread hijacking are “CEO fraud” or “business email compromise” scams, wherein employees are tricked by an email from a senior executive into wiring millions of dollars to fraudsters overseas.

But Kalember said these low-tech attacks can nevertheless be quite effective because they tend to catch people off-guard.

“It works because you feel like you’re suddenly included in an important conversation,” Kalember said. “It just registers a lot differently when people start reading, because you think you’re observing a private conversation between two different people.”

Some thread hijacking attacks actually involve multiple threat actors who are actively conversing while copying — but not addressing — the recipient.

“We call these mutli-persona phishing scams, and they’re often paired with thread hijacking,” Kalember said. “It’s basically a way to build a little more affinity than just copying people on an email. And the longer the conversation goes on, the higher their success rate seems to be because some people start replying to the thread [and participating] psycho-socially.”

The best advice to sidestep phishing scams is to avoid clicking on links or attachments that arrive unbidden in emails, text messages and other mediums. If you’re unsure whether the message is legitimate, take a deep breath and visit the site or service in question manually — ideally, using a browser bookmark so as to avoid potential typosquatting sites.

Read More

The US Treasury report sets out recommendations for financial institutions on addressing immediate AI-related operational risk, cybersecurity and fraud challenges

Read More

The UK’s Office for Nuclear Regulation (ONR) has started legal action against the controversial Sellafield nuclear waste facility due to years of alleged cybersecurity breaches.

Read more in my article on the Hot for Security blog.

Read More

After weeks of speculation, NIST has finally confirmed its intention to establish an industry consortium to develop the NVD in the future

Read More

Got any ‘rizz’? Did you ‘slay’ that dinner? Is the ‘cozzie livs’ stressing you out? 

If you do not comprehendo, then you wouldn’t be alone. As a mum of 4, I can attest that understanding teenage slang can be quite the feat – as soon as you finally understand a few terms, there’s more! And while you don’t want to seem too intrusive (or uncool) and constantly ask your kids to translate, you probably want to keep a handle on what’s going on – in case you need to get involved!! 

Where Does Slang Come From and Why Do We Use It? 

Nothing ever stays the same and that includes language. Slang happens when we shorten words. Think fab instead of fabulous; or when we combine words think chill and relax = chillax. It can also ‘evolve’ when we give words new, unexpected meanings eg cheugy – a term to often describe older generations when they make an effort but fail – harsh!! 

And more often than not, words that end up becoming slang will become part of our everyday language. Did you know that the word ‘mad’ was in fact a slang word for angry that became popular around 100 years ago?  

Emily Brewster, senior editor at Merriam Webster Dictionary believes that ‘slang can be used to have a special form of communication with a subset of people.’ And ‘by using words that are only understood by the small group of people there’s an intimacy that can develop.’ So, really it’s a type of bonding tool!! 

What Slang Do You Need To Know Now 

While slang can sometimes be geographic based, the rise of platforms like TikTok have meant that its far more universal than it was in pre-social media days. So, if you’re keen to know the top words your kids are using so you ensure all is well, then here’s your go-to guide with the top 20 slang words. Apologies in advance for the potentially lewd references!! 

1. Addy – address
‘Can you send me your addy? I’ll be there soon.’

2. Based – when you agree with something; or when you want to recognize someone for being themselves
‘You’re going to that party? Based.’

3. Ate that – to successfully achieve something
‘I love that dress. You totally ate that look’ (the dress looked great on you)

 4. Basic – average
A word to describe someone who is predictable or bland. It’s an insult.

 5. Cappin – lying
‘He’s so cappin’ (he is so not telling the truth) 

 6. Cheugy – basic, out of date or trying too hard
‘My older brother still wears his uggs, that’s so cheugy!’ 

 7. Cozzie Livs – the cost of living crises
An Australian slang expression that was nominated as Macquarie Dictionary’s word of the year in 2023.
‘I can’t go out tonight. Especially with the cozzie livs and all that jazz.’ 

 8. Ded – so funny or embarrassing!
‘OMG. That pic has me ded’ 

 9. Delulu – a short-hand term for delusional. It’s often used to describe someone in a humorous way who chooses to reject reality in favour of a more interesting interpretation of events.
‘She’s so delulu. She thinks she’s going to marry the lead actor in her favourite movie.’

10. Gas Up – to encourage or hype someone up.
‘My sister was feeling down so I gassed her up and reminded her just how great she is.’ 

 11. Low key – The opposite of high key, it can mean slightly, occasionally, or even secretly.
‘I low key want a Poke bowl right now!’  

 12. High key – the opposite of ‘low key’. The term is used to when you really like something like something or want to emphasise it.
‘I high key love that brand’ (you’re a fan!) 

13. IFKKYK – if you know you know.
It means if you weren’t there, you wouldn’t know. It could also refer to an inside joke.
‘Last night’s concert was amazing! IFKKYK’

 14. No Cap – a term to emphasise that you’re not lying. A modern way of saying ‘I swear’
‘I saw him take the last biscuit. No cap’ 

15. Pop Off – when someone is doing well – often used in gaming.
‘Look at Ninja (streamer). He’s popping off on Fortnight’

16. Rizz – charisma. It can also describe one’s ability to attract a partner.
‘She’s got rizz!’ 

 17. Roman Empire – something you love and think about all the time. 
‘Visiting Paris is my Roman Empire’ or ‘America Ferrera’s Barbie monologue is my Roman Empire.’  

18. Salty – annoyed or upset.
‘I don’t know why he is so salty’. 

19. Simp – someone who tries too hard or goes above and beyond to impress the person they like.
‘He got her a ring after four dates. He’s such a simp!’ 

20. Slay – to do something exceedingly well.
‘He slayed that performance’. 

So, next time your teen drops a phrase or acronym they think you can’t decipher, you will have NP (no problem) understanding what’s happening in your kids’ lives and absolutely no FOMO (fear of missing out)! 

Good luck!! 

Alex x 

The post Teen Slang – What You Need To Know To Understand Your Teen appeared first on McAfee Blog.

Read More

Flashpoint recorded a 34.5% rise in reported data breaches in 2023, with ransomware a major driver of this increase

Read More

It’s yet another hardware side-channel attack:

The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel’s 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years.

[…]

The breakthrough of the new research is that it exposes a previously overlooked behavior of DMPs in Apple silicon: Sometimes they confuse memory content, such as key material, with the pointer value that is used to load other data. As a result, the DMP often reads the data and attempts to treat it as an address to perform memory access. This “dereferencing” of “pointers”—meaning the reading of data and leaking it through a side channel—­is a flagrant violation of the constant-time paradigm.

[…]

The attack, which the researchers have named GoFetch, uses an application that doesn’t require root access, only the same user privileges needed by most third-party applications installed on a macOS system. M-series chips are divided into what are known as clusters. The M1, for example, has two clusters: one containing four efficiency cores and the other four performance cores. As long as the GoFetch app and the targeted cryptography app are running on the same performance cluster—­even when on separate cores within that cluster­—GoFetch can mine enough secrets to leak a secret key.

The attack works against both classical encryption algorithms and a newer generation of encryption that has been hardened to withstand anticipated attacks from quantum computers. The GoFetch app requires less than an hour to extract a 2048-bit RSA key and a little over two hours to extract a 2048-bit Diffie-Hellman key. The attack takes 54 minutes to extract the material required to assemble a Kyber-512 key and about 10 hours for a Dilithium-2 key, not counting offline time needed to process the raw data.

The GoFetch app connects to the targeted app and feeds it inputs that it signs or decrypts. As its doing this, it extracts the app secret key that it uses to perform these cryptographic operations. This mechanism means the targeted app need not perform any cryptographic operations on its own during the collection period.

Note that exploiting the vulnerability requires running a malicious app on the target computer. So it could be worse. On the other hand, like many of these hardware side-channel attacks, it’s not possible to patch.

Slashdot thread.

Read More