It was discovered that nano allowed a possible privilege escalation
through an insecure temporary file. If nano was killed while editing, the
permissions granted to the emergency save file could be used by an
attacker to escalate privileges using a malicious symlink.
Cerberus Android Banking Trojan Deployed in New Multi-Stage Malicious Campaign
The sophisticate campaign, ErrorFather, employs keylogging, virtual networks and a domain generation algorithm to target Android users
More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies
The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here).
The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to reveal, was a former Middle East sales representative for the Taiwanese firm who had established her own company and acquired a license to sell a line of pagers that bore the Apollo brand. Sometime in 2023, she offered Hezbollah a deal on one of the products her firm sold: the rugged and reliable AR924.
“She was the one in touch with Hezbollah, and explained to them why the bigger pager with the larger battery was better than the original model,” said an Israeli official briefed on details of the operation. One of the main selling points about the AR924 was that it was “possible to charge with a cable. And the batteries were longer lasting,” the official said.
As it turned out, the actual production of the devices was outsourced and the marketing official had no knowledge of the operation and was unaware that the pagers were physically assembled in Israel under Mossad oversight, officials said. Mossad’s pagers, each weighing less than three ounces, included a unique feature: a battery pack that concealed a tiny amount of a powerful explosive, according to the officials familiar with the plot.
In a feat of engineering, the bomb component was so carefully hidden as to be virtually undetectable, even if the device was taken apart, the officials said. Israeli officials believe that Hezbollah did disassemble some of the pagers and may have even X-rayed them.
Also invisible was Mossad’s remote access to the devices. An electronic signal from the intelligence service could trigger the explosion of thousands of the devices at once. But, to ensure maximum damage, the blast could also be triggered by a special two-step procedure required for viewing secure messages that had been encrypted.
“You had to push two buttons to read the message,” an official said. In practice, that meant using both hands.
Also read Bunnie Huang’s essay on what it means to live in a world where people can turn IoT devices into bombs. His conclusion:
Not all things that could exist should exist, and some ideas are better left unimplemented. Technology alone has no ethics: the difference between a patch and an exploit is the method in which a technology is disclosed. Exploding batteries have probably been conceived of and tested by spy agencies around the world, but never deployed en masse because while it may achieve a tactical win, it is too easy for weaker adversaries to copy the idea and justify its re-deployment in an asymmetric and devastating retaliation.
However, now that I’ve seen it executed, I am left with the terrifying realization that not only is it feasible, it’s relatively easy for any modestly-funded entity to implement. Not just our allies can do this—a wide cast of adversaries have this capability in their reach, from nation-states to cartels and gangs, to shady copycat battery factories just looking for a big payday (if chemical suppliers can moonlight in illicit drugs, what stops battery factories from dealing in bespoke munitions?). Bottom line is: we should approach the public policy debate around this assuming that someday, we could be victims of exploding batteries, too. Turning everyday objects into fragmentation grenades should be a crime, as it blurs the line between civilian and military technologies.
I fear that if we do not universally and swiftly condemn the practice of turning everyday gadgets into bombs, we risk legitimizing a military technology that can literally bring the front line of every conflict into your pocket, purse or home.
From Reactive to Proactive: Shifting Your Cybersecurity Strategy
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Most companies have some cybersecurity protocols in place in case of a breach. They could be anything from antivirus software to spam filters. Those are considered reactive security measures because they tell you once a threat has already become a reality. By then, the damage may already be done, and your company could be in hot water.
Instead, your business needs to pair those reactive strategies with proactive ideas. These are plans you can put in place to keep an eye on trends and your potential vulnerabilities so you can catch and prevent a threat before it comes to fruition. Here are a few strategies to set your company on the right path.
Know And Anticipate The Threats
As technology evolves, the risk of cybercrime continues to elevate to all new levels. If you’re a business owner, you need only to see cybersecurity by the numbers to see that you must take proactive action.
A survey in 2023 found that ransomware attacks, where a hacker takes control of your systems until you pay a ransom, continue to be one of the primary threats to medium-sized businesses. They found that one ransomware attack occurs every 10 seconds. Remember, you don’t need to be a major corporation to be on the radar of cybercriminals. Almost every business has data that can be used maliciously by hackers.
Possibly even more alarming is that a hacker can break into your network in less than five hours. That means, if you aren’t being proactive, you could find out about a threat after the hacker gains access and the damage has been done.
Staying Ahead Of The Curve
In addition to watching out for known threats, your company must proactively protect against future threats. You need to be ahead of the curve, especially during the age of artificial intelligence. The rise of programs like ChatGPT and generative AI means that hackers have many new avenues to hack your systems. At this point, less than 10% of companies are prepared to tackle generative AI risks. Because of this lack of understanding and proactive security, there’s been a spike in cybersecurity events.
If your company needs to be well-versed in the proactive measures that can protect against these upcoming threats, then you need to be. You can try several proactive cybersecurity tactics, including penetration testing, which is the process of bringing in skilled hackers to do their best to breach your company’s defenses. The best hackers will know the newest tricks, from AI techniques to vishing attacks, so you can get ahead of the game. You can also use advanced analytics to detect issues, such as predictive modeling, which will analyze past transactions and look for unusual behavior and characteristics to find potential threats so you can take action.
Cybersecurity Training Is A Must
The best way to be proactive against potential cyber threats is to have as many eyes on your systems and processes as possible. So, you need to get all of your employees in on the act. It’s essential to create an effective cybersecurity training program. Ideally, this training would occur during the new hire orientation so everyone is on the same page from day one. Then, have ongoing supplementary training each year.
During this training, teach your team about the common cyber attacks, from password hacking to phishing scams. A phishing email is typically only successful if your employee takes the bait and clicks the included link or attachment. So, teach them about the red flags of phishing emails and to look closely at the sender. If they detect an issue, provide an easy route for them to report their concerns so your IT team can take over.
Then, teach them about other proactive approaches they can take, such as creating complex passwords. Pair those passwords with multi-factor authentication so only they can log into their computers. Since many of these training sessions can be a bit dry, add some gamification into the lessons that keep their attention, which can include puzzles, simulations, and cartoons.
Implement Safeguards and Keep On Guard
The final step in a solid, proactive approach is to put the proper safeguards in place and then monitor all activity, so your IT and network teams can catch the first sign of a scam. Install strong firewalls, update your software and patches regularly, and ensure your data is encrypted, but don’t set it and forget it.
Instead, you need to actively watch these safeguards to ensure that they’re as strong as possible while also monitoring for potential threats. Regular network monitoring is critical. This is often an automated process that continuously tracks all devices and web traffic. You’ll be alerted of suspicious activity so you can take the proper steps to eliminate your vulnerabilities.
These days, cybersecurity is often a full-time job. If you don’t have the time to learn about and pay attention to the threats, then you may need to look into a cybersecurity CaaS model, where you outsource your needs to a third-party provider. They can perform the necessary risk management duties while ensuring your company complies with regulations.
Conclusion
There are far too many cybersecurity risks for you to trust only in the basic security principles. You must take a more proactive approach to stay ahead of the risks and not have to deal with the chaos after the fact. The tips here will put you on the right path.
From Reactive to Proactive: Shifting Your Cybersecurity Strategy
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Most companies have some cybersecurity protocols in place in case of a breach. They could be anything from antivirus software to spam filters. Those are considered reactive security measures because they tell you once a threat has already become a reality. By then, the damage may already be done, and your company could be in hot water.
Instead, your business needs to pair those reactive strategies with proactive ideas. These are plans you can put in place to keep an eye on trends and your potential vulnerabilities so you can catch and prevent a threat before it comes to fruition. Here are a few strategies to set your company on the right path.
Know And Anticipate The Threats
As technology evolves, the risk of cybercrime continues to elevate to all new levels. If you’re a business owner, you need only to see cybersecurity by the numbers to see that you must take proactive action.
A survey in 2023 found that ransomware attacks, where a hacker takes control of your systems until you pay a ransom, continue to be one of the primary threats to medium-sized businesses. They found that one ransomware attack occurs every 10 seconds. Remember, you don’t need to be a major corporation to be on the radar of cybercriminals. Almost every business has data that can be used maliciously by hackers.
Possibly even more alarming is that a hacker can break into your network in less than five hours. That means, if you aren’t being proactive, you could find out about a threat after the hacker gains access and the damage has been done.
Staying Ahead Of The Curve
In addition to watching out for known threats, your company must proactively protect against future threats. You need to be ahead of the curve, especially during the age of artificial intelligence. The rise of programs like ChatGPT and generative AI means that hackers have many new avenues to hack your systems. At this point, less than 10% of companies are prepared to tackle generative AI risks. Because of this lack of understanding and proactive security, there’s been a spike in cybersecurity events.
If your company needs to be well-versed in the proactive measures that can protect against these upcoming threats, then you need to be. You can try several proactive cybersecurity tactics, including penetration testing, which is the process of bringing in skilled hackers to do their best to breach your company’s defenses. The best hackers will know the newest tricks, from AI techniques to vishing attacks, so you can get ahead of the game. You can also use advanced analytics to detect issues, such as predictive modeling, which will analyze past transactions and look for unusual behavior and characteristics to find potential threats so you can take action.
Cybersecurity Training Is A Must
The best way to be proactive against potential cyber threats is to have as many eyes on your systems and processes as possible. So, you need to get all of your employees in on the act. It’s essential to create an effective cybersecurity training program. Ideally, this training would occur during the new hire orientation so everyone is on the same page from day one. Then, have ongoing supplementary training each year.
During this training, teach your team about the common cyber attacks, from password hacking to phishing scams. A phishing email is typically only successful if your employee takes the bait and clicks the included link or attachment. So, teach them about the red flags of phishing emails and to look closely at the sender. If they detect an issue, provide an easy route for them to report their concerns so your IT team can take over.
Then, teach them about other proactive approaches they can take, such as creating complex passwords. Pair those passwords with multi-factor authentication so only they can log into their computers. Since many of these training sessions can be a bit dry, add some gamification into the lessons that keep their attention, which can include puzzles, simulations, and cartoons.
Implement Safeguards and Keep On Guard
The final step in a solid, proactive approach is to put the proper safeguards in place and then monitor all activity, so your IT and network teams can catch the first sign of a scam. Install strong firewalls, update your software and patches regularly, and ensure your data is encrypted, but don’t set it and forget it.
Instead, you need to actively watch these safeguards to ensure that they’re as strong as possible while also monitoring for potential threats. Regular network monitoring is critical. This is often an automated process that continuously tracks all devices and web traffic. You’ll be alerted of suspicious activity so you can take the proper steps to eliminate your vulnerabilities.
These days, cybersecurity is often a full-time job. If you don’t have the time to learn about and pay attention to the threats, then you may need to look into a cybersecurity CaaS model, where you outsource your needs to a third-party provider. They can perform the necessary risk management duties while ensuring your company complies with regulations.
Conclusion
There are far too many cybersecurity risks for you to trust only in the basic security principles. You must take a more proactive approach to stay ahead of the risks and not have to deal with the chaos after the fact. The tips here will put you on the right path.
Insurer Aims to “Clawback” BEC Losses After £1.4m Success
Coalition’s new service aims to mitigate the impact of growing UK corporate fraud losses
USN-7068-1: ImageMagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain
malformed image files. If a user or automated system using ImageMagick
were tricked into processing a specially crafted file, an attacker could
exploit this to cause a denial of service or affect the reliability of the
system. The vulnerabilities included memory leaks, buffer overflows, and
improper handling of pixel data.
Eight Million Users Install 200+ Malicious Apps from Google Play
Zscaler has found more than 200 malicious apps on Google Play with over eight million installs
ZDI-24-1392: Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47963.
ZDI-24-1393: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47963.