Afleveringen

  • * US Government Considers Ban on TP-Link Routers Over Security Concerns

    * New Phishing Scam Uses Google Calendar to Bypass Spam Filters

    * Malicious VSCode Extensions Steal Developer Credentials

    * Large Language Models Pose New Threat in Generating Undetectable Malware

    * Malicious NPM Packages and VSCode Extensions Target Developers

    US Government Considers Ban on TP-Link Routers Over Security Concerns

    https://www.wsj.com/politics/national-security/us-ban-china-router-tp-link-systems-7d7507e6

    The U.S. government is investigating TP-Link, a leading manufacturer of home routers, over concerns about national security risks. This investigation could potentially lead to a ban on the sale of TP-Link routers in the United States.

    Key Concerns:

    * Cybersecurity Risks: A significant portion of a large botnet used by Chinese threat actors consists of TP-Link routers. These compromised devices are used to launch attacks against U.S. networks.

    * Potential Backdoors: Concerns have been raised about the possibility of backdoors or vulnerabilities in TP-Link routers that could be exploited by Chinese intelligence.

    * Anti-competitive Practices: The U.S. government is also investigating potential anti-competitive practices by TP-Link, including selling routers below cost to gain market share.

    Government Action:

    * Investigation Underway: The Departments of Justice, Commerce, and Defense are investigating TP-Link.

    * Potential Ban: A ban on the sale of TP-Link routers in the U.S. is being considered.

    * Subpoena Issued: The Commerce Department has already issued a subpoena to the company.

    Impact:

    * Widespread Use: A ban on TP-Link routers would have a significant impact on the U.S. market, as the company holds a substantial market share.

    * Government Agencies Affected: The investigation has revealed that TP-Link routers are present on the networks of several government agencies, including the Defense Department, NASA, and DEA.

    Broader Context:

    This investigation comes amid growing concerns about the security of telecommunications equipment from Chinese companies. The U.S. government has already banned the sale of equipment from several Chinese companies, including Huawei and ZTE, due to national security concerns.

    New Phishing Scam Uses Google Calendar to Bypass Spam Filters

    https://www.bleepingcomputer.com/news/security/ongoing-phishing-attack-abuses-google-calendar-to-bypass-spam-filters/

    A new phishing campaign is targeting businesses by exploiting Google Calendar to deliver malicious links and bypass spam filters.

    How the Scam Works:

    * Calendar Invites: Attackers send malicious meeting invites through Google Calendar.

    * Embedded Links: These invites contain links that redirect users to Google Forms or Google Drawings pages.

    * Phishing Pages: These pages prompt users to click on another link, often disguised as a reCaptcha or support button.

    * Malware Delivery: Clicking this final link leads to the download of malware or redirects users to phishing websites.

    Bypassing Spam Filters:

    The attackers leverage the legitimacy of Google Calendar to bypass spam filters. Emails sent through Google Calendar services appear legitimate, with authentic headers that pass security checks like DKIM, SPF, and DMARC.

    Escalating the Attack:

    Attackers can further increase the reach of their campaign by canceling the initial Google Calendar event. This triggers a notification to all attendees, including a message containing another malicious link.

    Recommendations:

    * Be Wary of Unexpected Invites: Exercise caution with unexpected Google Calendar meeting invites, especially those from unknown or suspicious senders.

    * Verify Links: Never click on links within calendar invites unless you are certain of the sender's legitimacy.

    * Enable Google Workspace Protections: Administrators should enable Google Workspace protections to block unwanted calendar invites.

    This phishing campaign highlights the importance of maintaining vigilance and practicing safe online behaviour, even when interacting with trusted platforms like Google Calendar.

    Malicious VSCode Extensions Steal Developer Credentials

    https://medium.com/@amitassaraf/vscode-extension-trivia-real-or-cake-f729adc9e03e

    Cybersecurity researchers have discovered a wave of malicious Visual Studio Code extensions designed to steal credentials from developers.

    These extensions, disguised as legitimate tools for cryptocurrency development and productivity, were found to contain malicious code that downloads and executes PowerShell payloads.

    Key Findings:

    * Widespread Campaign: 18 malicious extensions were identified on the VSCode Marketplace, targeting developers working with cryptocurrency, Zoom, and other popular tools.

    * Sophisticated Techniques: The extensions used various techniques to appear legitimate, including fake reviews, inflated download numbers, and the use of legitimate-sounding package names.

    * Data Theft: The malicious payloads aimed to steal sensitive information, including credentials, from compromised systems.

    * Supply Chain Attack: This campaign highlights the growing threat of supply chain attacks, where malicious code is introduced into legitimate software development tools and libraries.

    Recommendations:

    * Thorough Vetting: Developers should carefully vet all extensions and dependencies before installing them.

    * Verify Sources: Check the source and reputation of the developer before installing any extensions.

    * Regular Security Audits: Conduct regular security audits of development environments to identify and mitigate potential threats.

    * Keep Software Updated: Ensure all software, including development tools and operating systems, is updated with the latest security patches.

    This incident serves as a stark reminder of the importance of maintaining strong security practices throughout the entire software development lifecycle.

    Large Language Models Pose New Threat in Generating Undetectable Malware

    https://unit42.paloaltonetworks.com/using-llms-obfuscate-malicious-javascript/

    Cybersecurity researchers from Palo Alto Networks warn that large language models (LLMs) can be used by malicious actors to generate undetectable malware variants. LLMs, despite limitations in creating malware from scratch, can effectively rewrite and obfuscate existing malware, making it difficult for detection systems to identify.

    LLMs for Malware Obfuscation

    * Hackers can leverage LLMs to create more natural-looking transformations of malicious code, hindering detection by traditional methods.

    * Repetitive application of these transformations can degrade the performance of malware classification systems, causing them to misclassify malicious code as benign.

    Challenges and Potential Solutions

    * LLM providers are implementing safeguards to prevent misuse, but threat actors are actively developing tools to exploit these models for malicious purposes.

    * Researchers have demonstrated the generation of 10,000 undetectable JavaScript variants using LLMs, highlighting the potential scale of this threat.

    * Adversarial machine learning techniques can be used to rewrite malware in a way that bypasses detection by machine learning models.

    * LLM-generated obfuscation is more sophisticated than traditional methods, making it harder to identify.

    Security researchers propose using similar techniques to generate training data that improves the robustness of machine learning models against LLM-obfuscated malware.

    Malicious NPM Packages and VSCode Extensions Target Developers

    https://www.sonatype.com/blog/counterfeit-eslint-and-node-types-libraries-downloaded-thousands-of-times-abuse-pastebin

    Cybersecurity researchers have discovered a wave of malicious npm packages and Visual Studio Code (VSCode) extensions targeting developers. These packages, disguised as legitimate tools for cryptocurrency development and productivity, secretly download and execute malicious payloads.

    The Attack:

    * Typosquatting: Attackers created malicious packages with names that closely resemble legitimate ones, such as "@typescript_eslinter/eslint" instead of "typescript-eslint."

    * Fake Reviews and Inflated Downloads: These packages were promoted with fake reviews and artificially inflated download counts to appear legitimate.

    * Malicious Functionality: The packages contain code that downloads and executes malicious payloads, including trojans and cryptocurrency miners.

    * VSCode Marketplace Compromise: Several malicious extensions were also found on the VSCode Marketplace, targeting cryptocurrency developers and Zoom users.

    Impact:

    * Data Theft: The malicious payloads can steal sensitive data, including credentials and source code.

    * Supply Chain Attacks: These attacks highlight the growing threat of supply chain attacks, where malicious code is introduced into the software development process.

    * Compromised Development Environments: The compromise of development environments can lead to the spread of malware throughout an organization.

    Recommendations:

    * Thorough Vetting: Developers should carefully vet all packages and extensions before installing them, checking the source and reputation of the developer.

    * Regular Security Audits: Regular security audits of development environments are crucial to identify and mitigate potential threats.

    * Strong Password Practices: Use strong, unique passwords for all accounts, including those used for development tools and repositories.

    This incident underscores the importance of maintaining a strong security posture throughout the entire software development lifecycle.



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • * New Phishing Scam Uses Fake CAPTCHA Tests to Install Malware

    * Google Releases Open-Source Tool to Speed Up Android Security Patching

    * The Global Trail of Stolen Smartphones

    * Year-Long Attack Steals Credentials from Security Researchers and Hackers

    * Australia Leads the Way in Quantum-Resistant Cryptography

    New Phishing Scam Uses Fake CAPTCHA Tests to Install Malware

    https://au.pcmag.com/security/107245/this-captcha-test-can-trick-windows-users-into-installing-malware

    A new phishing scam is targeting unsuspecting users with fake CAPTCHA tests. These malicious tests, disguised as legitimate security measures, are designed to trick victims into installing malware on their devices.

    How the Scam Works:

    * Fake CAPTCHA: Users encounter a fake CAPTCHA test on a malicious website.

    * Malicious Instructions: The CAPTCHA asks users to perform specific keystrokes, such as "Windows + R" followed by "Ctrl + V."

    * Malware Installation: These keystrokes execute a PowerShell script that downloads and installs the Lumma Stealer malware.

    * Data Theft: Once installed, the Lumma Stealer can steal sensitive information, including passwords, cookies, and cryptocurrency wallet details.

    The Growing Threat of Phishing Attacks:

    This latest phishing scam highlights the ongoing threat posed by cybercriminals who continuously evolve their tactics to target unsuspecting users. It's crucial to remain vigilant and exercise caution when encountering online requests, especially those involving unusual actions.

    Tips to Protect Yourself:

    Be Wary of Unusual CAPTCHAs, If a CAPTCHA test asks you to perform actions beyond simple image recognition, be suspicious. And avoid clicking on links in unsolicited emails or messages, even if they appear to come from a trusted source.

    Google Releases Open-Source Tool to Speed Up Android Security Patching

    https://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.html

    Google has released Vanir, a new open-source tool designed to streamline the process of identifying and applying security patches to Android devices.

    The Problem:

    The Android ecosystem relies on a complex update process where manufacturers must incorporate security fixes from Google and deploy them to individual devices. This process is time-consuming and labor-intensive, often leaving devices vulnerable for longer periods.

    Vanir's Solution:

    Vanir uses static code analysis to directly compare a device's code against known vulnerable code patterns. This approach avoids relying on unreliable metadata like version numbers and focuses on the actual code itself.

    Benefits of Vanir:

    * Faster Patch Identification: Vanir automates the identification of missing security patches, significantly reducing the time it takes for manufacturers.

    * Improved Accuracy: Vanir boasts a 97% accuracy rate, minimizing false alarms and wasted effort.

    * Scalability: Vanir can be applied across diverse Android ecosystems and can be easily adapted to other platforms with minor modifications.

    * Open Source: By making Vanir open source, Google encourages collaboration and wider adoption within the security community.

    Impact:

    Vanir is expected to significantly improve the security posture of Android devices by enabling faster and more efficient deployment of critical security patches. This will ultimately benefit all Android users by reducing their exposure to vulnerabilities.

    Availability:

    Vanir is available now on GitHub under the BSD-3 license. The tool can be used as a standalone application or integrated into existing build systems.

    The Global Trail of Stolen Smartphones

    https://www.dailymail.co.uk/news/article-14165053/How-stolen-phone-ends-Chinas-Silicon-Valley.html

    A Dark Journey from London Streets to Chinese Markets

    The theft of mobile phones in major cities like London has become a significant global issue, with stolen devices often ending up thousands of miles away in China.

    The Theft and Smuggling Process:

    * Street Theft: Phone snatchers, often operating in gangs, target unsuspecting victims in busy areas.

    * Handoff to Brokers: Stolen phones are quickly passed on to brokers, who may be involved in other criminal activities.

    * Securing the Device: To prevent tracking, the phones are placed in Faraday cages to block signals.

    * Shipping to China: The phones are shipped to China, often through intricate smuggling routes.

    * Repairs and Resale: In China, stolen phones are either sold as second-hand devices or disassembled for parts. Valuable components like gold, silver, and lithium-ion batteries are extracted.

    The Impact on Victims:

    Beyond the financial loss, victims of phone theft may also face privacy and security risks. Stolen phones can be used to access personal information, financial accounts, and social media profiles.

    Combating the Problem:

    Law enforcement agencies, technology companies, and governments are working together to combat phone theft and the global black market. Some strategies include:

    * Improved Tracking Technologies: Phone manufacturers are implementing advanced tracking and security features to deter theft and facilitate recovery.

    * International Cooperation: Law enforcement agencies are collaborating across borders to disrupt criminal networks involved in phone theft and smuggling.

    * Public Awareness Campaigns: Educating the public about the risks of phone theft and how to protect themselves.

    While significant progress has been made, the global trade in stolen phones remains a complex issue. By understanding the methods used by criminals and the international supply chain, we can work towards more effective prevention and recovery strategies.

    Year-Long Attack Steals Credentials from Security Researchers and Hackers

    https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/

    Over 390,000 WordPress credentials and sensitive data stolen in a large-scale campaign targeting cybersecurity professionals.

    A sophisticated cyberespionage campaign spanning over a year has compromised hundreds of systems belonging to security researchers, penetration testers, and potentially even malicious actors. Datadog Security Labs discovered the campaign, which is believed to be carried out by a threat actor tracked as MUT-1244.

    Fake Exploits and Phishing Lured Victims

    The attackers used a two-pronged approach:

    * Trojanized Repositories: They created fake repositories on GitHub containing malicious code disguised as proof-of-concept exploits for known vulnerabilities. Security professionals searching for exploit code unknowingly downloaded and executed the malware.

    * Phishing Emails: Phishing emails tricked victims into installing fake kernel updates that were actually malware.

    Stolen Data Included SSH Keys and AWS Credentials

    The malware targeted valuable data, including:

    * WordPress credentials (over 390,000 stolen)

    * SSH private keys

    * AWS access keys

    * Command history

    Attackers Exploited Trust Within Security Community

    The use of fake repositories on trusted platforms like GitHub allowed the attackers to exploit trust within the cybersecurity community. Additionally, some of the stolen credentials likely belonged to attackers who were using a tool called "yawpp" to validate stolen credentials. This suggests the attackers were targeting both legitimate security professionals and malicious actors.

    Hundreds Still at Risk as Campaign Continues

    Researchers believe hundreds of systems remain compromised, and the campaign is still ongoing. Security professionals and researchers are advised to be cautious when downloading code from untrusted sources and to be wary of unsolicited emails, even those seemingly related to security updates.

    Australia Leads the Way in Quantum-Resistant Cryptography

    https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography

    Australia's Cyber Security Agency Accelerates Transition to Post-Quantum Cryptography

    The Australian Signals Directorate (ASD) has announced plans to phase out traditional cryptographic algorithms like SHA-256, RSA, ECDSA, and ECDH in high-assurance cryptographic equipment by 2030. This move aims to proactively address the potential threat posed by quantum computing advances, which could render current encryption methods obsolete.

    The Quantum Threat:

    Quantum computers, once fully realized, have the potential to break current cryptographic standards, compromising sensitive data and systems. To mitigate this risk, the US National Institute of Standards and Technology (NIST) has developed new quantum-resistant algorithms.

    Australia's Proactive Approach:

    While NIST has set a 2035 deadline for transitioning to quantum-resistant cryptography, Australia is taking a more aggressive stance, aiming to complete the transition five years earlier for high-assurance systems. This proactive approach demonstrates Australia's commitment to cybersecurity and its recognition of the potential impact of quantum computing.

    Challenges of the Transition:

    The transition to post-quantum cryptography presents significant challenges, including:

    * Technical Complexity: Implementing new cryptographic algorithms requires careful planning and technical expertise.

    * Interoperability: Ensuring compatibility with existing systems and standards is crucial.

    * Security Risks: A poorly executed transition could introduce new vulnerabilities.

    The Road Ahead:

    As quantum computing technology continues to advance, it is essential for organizations to stay informed about the latest developments and to plan for a smooth transition to quantum-resistant cryptography. By taking proactive steps to adopt new standards, organizations can protect their sensitive data and systems from future threats.



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • Zijn er afleveringen die ontbreken?

    Klik hier om de feed te vernieuwen.

  • * Cybercriminals Exploit Misconfigured AWS Environments to Steal Sensitive Data

    * New Phishing Scam Uses Fake Video Conferencing Apps to Steal Data

    * Millions of WordPress Sites Vulnerable to Payment Fraud via WPForms Plugin

    * Hackers Find New Way to Bypass Browser Isolation with QR Codes

    * The Evolving Threat to Software Supply Chains

    Cybercriminals Exploit Misconfigured AWS Environments to Steal Sensitive Data

    https://www.vpnmentor.com/news/shiny-nemesis-report/

    A recent cyberattack, believed to be linked to the ShinyHunters group, has exposed the vulnerabilities of misconfigured AWS environments. The attackers exploited exposed AWS credentials to gain unauthorized access to a vast amount of sensitive data, including source code, database credentials, and API keys.

    Key Findings:

    * Massive Data Breach: The attackers stole over 2TB of data from numerous AWS customers.

    * Misconfigured S3 Buckets: The stolen data was stored in an exposed S3 bucket, highlighting the risks of improper cloud configuration.

    * Targeted Attacks: The attackers used a combination of automated scanning and targeted attacks to identify vulnerable systems.

    * Sophisticated Techniques: The attackers employed advanced techniques, including exploiting known vulnerabilities and using custom tools to gain access to systems.

    Recommendations for Protection:

    * Secure Credentials: Never store sensitive credentials in plain text or in easily accessible locations.

    * Implement Strong Access Controls: Enforce strong access controls and regularly review and update permissions.

    * Monitor Cloud Environments: Regularly monitor cloud environments for misconfigurations and unauthorized access.

    * Stay Updated: Keep software and systems up-to-date with the latest security patches.

    * Use Security Best Practices: Follow best practices for secure coding, data protection, and incident response.

    By following these best practices, organizations can significantly reduce their risk of falling victim to similar attacks.

    New Phishing Scam Uses Fake Video Conferencing Apps to Steal Data

    https://www.cadosecurity.com/blog/meeten-malware-threat

    A new phishing campaign is targeting individuals working in the Web3 industry, using fake video conferencing apps to deliver malicious software.

    How the Scam Works:

    * Fake Company Outreach: Threat actors create fake companies and use AI-generated content to make them appear legitimate.

    * Luring Victims: They contact potential victims on platforms like Telegram, offering investment opportunities and scheduling video calls.

    * Malicious App Download: Victims are directed to download a fake video conferencing app from a malicious website.

    * Data Theft: The downloaded app, disguised as a legitimate video conferencing tool, is actually a sophisticated information stealer.

    * Stealing Sensitive Data: The malware can steal a wide range of sensitive information, including cryptocurrency wallet credentials, banking information, and personal data.

    The Growing Threat of Phishing Attacks:

    This incident highlights the increasing sophistication of cyberattacks and the importance of staying vigilant. Cybercriminals are constantly evolving their tactics to exploit vulnerabilities and steal sensitive information.

    To protect yourself from such attacks, it's crucial to:

    * Be Wary of Unverified Apps: Avoid downloading apps from untrusted sources, even if they appear legitimate.

    * Verify Sender Identity: Always verify the sender's identity before clicking on links or downloading attachments.

    * Use Strong, Unique Passwords: Create strong, unique passwords for all your online accounts.

    * Enable Two-Factor Authentication: Use two-factor authentication to add an extra layer of security.

    * Keep Software Updated: Keep your operating system and security software up-to-date with the latest patches.

    By following these best practices, you can significantly reduce your risk of falling victim to phishing attacks.

    Millions of WordPress Sites Vulnerable to Payment Fraud via WPForms Plugin

    https://www.bleepingcomputer.com/news/security/wpforms-bug-allows-stripe-refunds-on-millions-of-wordpress-sites/

    A critical security vulnerability has been discovered in WPForms, a popular form builder plugin used by over 6 million WordPress websites. The flaw, identified as CVE-2024-11205, allows attackers with subscriber-level access (the lowest user role) to issue unauthorized refunds and cancel Stripe subscriptions.

    Exploiting the Vulnerability:

    The vulnerability stems from a coding error in the plugin's permission checks. While the plugin verifies if a request originates from the admin panel, it fails to ensure the user has the necessary permissions to perform actions like issuing refunds. This allows any authenticated user, including subscribers, to exploit specific functions within the plugin and manipulate Stripe transactions.

    The consequences of this vulnerability can be severe for website owners. Attackers could potentially:

    * Steal Revenue: By issuing fraudulent refunds through the compromised plugin, attackers can steal money from legitimate transactions.

    * Disrupt Business: Canceling subscriptions can disrupt customer service and harm a business's cash flow.

    * Damage Trust: Unauthorized manipulation of payment systems can erode customer trust and damage a company's reputation.

    The good news is that a patch has already been released. WPForms version 1.9.2.2 addresses the vulnerability by implementing proper authorization mechanisms. Website owners using WPForms, especially the free Lite version, are urged to update to the latest version immediately.

    While an update exists, security researchers estimate that at least 3 million websites remain vulnerable as they are not running the latest version of the plugin. It is crucial for website owners to prioritize updating WPForms or disabling the plugin until the patch is applied.

    This incident highlights the importance of maintaining updated plugins and software. Regularly review security reports and implement recommended patches promptly to minimize your website's vulnerability to attacks.

    Hackers Find New Way to Bypass Browser Isolation with QR Codes

    https://cloud.google.com/blog/topics/threat-intelligence/c2-browser-isolation-environments/

    A new technique discovered by Mandiant demonstrates how cybercriminals are finding innovative ways to circumvent security measures.

    The technique involves using QR codes to bypass browser isolation, a security technology that protects users from malicious code by executing web content in a separate, isolated environment.

    How the Attack Works:

    * Malicious Website: A victim is lured to a malicious website.

    * QR Code Display: The website displays a QR code containing malicious instructions.

    * QR Code Scanning: The victim's compromised device, controlled by malware, scans the QR code.

    * Command Execution: The decoded instructions are executed on the victim's device, allowing the attacker to gain control.

    The Limitations and Implications:

    While this technique is feasible, it has limitations, including:

    * Limited Data Transfer: The QR code format limits the amount of data that can be transmitted in each request.

    * Latency: The process of generating and scanning QR codes can introduce latency, slowing down communication.

    Despite these limitations, this attack demonstrates the evolving nature of cyber threats and the need for continuous vigilance. Organizations should implement robust security measures, such as network segmentation, endpoint protection, and user awareness training, to mitigate the risks associated with such attacks.

    The Evolving Threat to Software Supply Chains

    https://www.darkreading.com/vulnerabilities-threats/lessons-largest-software-supply-chain-incidents

    The rapid pace of software development has led to an increased risk of software supply chain attacks. These attacks target vulnerabilities in the development, distribution, and deployment of software, potentially compromising sensitive data and disrupting critical systems.

    Key Factors Driving the Rise of Software Supply Chain Attacks:

    * Increased Complexity: Modern software development relies on a complex network of third-party components, open-source libraries, and cloud services, creating numerous potential attack vectors.

    * Rapid Pace of Development: The pressure to release software quickly can lead to shortcuts in the development process, compromising security.

    * Advanced Attack Techniques: Cybercriminals are constantly evolving their tactics, using sophisticated techniques like supply chain poisoning and software tampering.

    Mitigating Risks in the Software Supply Chain:

    To protect against software supply chain attacks, organizations should adopt a comprehensive approach:

    * Vendor Vetting: Thoroughly vet third-party vendors and regularly assess their security practices.

    * Open Source Security: Carefully evaluate open-source components for vulnerabilities and license compliance.

    * Secure Development Practices: Implement secure coding practices, code reviews, and automated testing to identify and fix vulnerabilities early in the development process.

    * Software Composition Analysis (SCA): Use SCA tools to identify and remediate vulnerabilities in open-source components.

    * Supply Chain Security Tools: Employ specialized tools to monitor and protect the software supply chain.

    * Employee Training: Train employees on security best practices, including recognizing phishing attacks and avoiding malicious software.

    * Incident Response Plan: Develop a robust incident response plan to quickly detect and respond to security breaches.

    By prioritizing software supply chain security, organizations can mitigate risks and protect their sensitive data and systems.



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • * Finsure Confirms Data Breach Affecting Broker and Customer Information

    * Cloudflare Suffers Major Log Loss Incident

    * Over 8 Million Android Users Hit by Predatory Loan Apps Disguised as Legitimate Tools

    * Cybercriminals Exploit Job Fears with New Phishing Scam

    * New Phishing-as-a-Service Platform, Rockstar 2FA, Leverages AiTM Attacks



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • * Russian Hackers Leverage Wi-Fi to Bypass Security and Breach Networks

    * Australia Passes Landmark Cyber Security Legislation

    * Malicious Python Packages Exploit AI Enthusiasm

    * Ransomware Attack on Supply Chain Software Disrupts Major Retailers During Holidays

    * New CWE Methodology Shake up has Cross Site Scripting as 2024's Most Dangerous Software Weakness

    * Special Thanks to Justin Butterfield for contributing some of the interesting stories for this week’s cyber bites.



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • * Australia Faces Escalating Cyber Threats Amid Complex Strategic Environment

    * Sextortion Scams Abuse Microsoft 365 Admin Portal to Bypass Email Filters

    * Cybercriminals Exploit Black Friday Shopping Season with Phishing Attacks

    * The Dark World of Online Scams: A Deep Dive

    * Google Prepares to Launch Shielded Email for Enhanced Privacy



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • This is a rebroadcast of Season 1, Episode 10 of AppSec Unlocked.

    In this episode of AppSec Unlocked, we dive into the fascinating topic of using a FAIR approach to Vulnerability Patch prioritization, where we explore how organizations can better prioritize vulnerabilities in their open-source software using the FAIR model and EPSS. And we have Denny Wan, an expert on FAIR analysis sharing his insights on this innovative approach.



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • * Google Pixel AI-powered Features To Combat Scam Calls

    * Apple's New Security Feature: Automatic Reboots to Protect Data

    * Massive Data Leak Exposes Employee Information from Over 25 Companies

    * Bitdefender Releases Free Decryptor for ShrinkLocker Ransomware

    * New Phishing Campaign Uses Fake Copyright Claims to Spread Malware



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • * Cloud Security Concerns Surge in APAC as Data Breaches Remain High

    * AI-Powered Scams: A Growing Threat

    * Western Sydney University Suffers Major Data Breach

    * New FakeCall Malware Targets Android Users for Financial Fraud

    * UK Regulator Warns Financial Firms After CrowdStrike Outage

    * OWASP Releases GenAI Security Guidelines



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • This episode is a replay from our sister podcast AppSec Unlocked

    In today's rapidly evolving cybersecurity landscape, managing vulnerabilities in open-source components has become increasingly complex. While traditional approaches relying solely on CVSS scores have their merits, they may not be sufficient to address the exponential growth in discovered vulnerabilities. A more nuanced and scalable approach is needed, one that considers not only severity but also exploitability and potential impact.



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • An out of band update on my real life encounter with a supply chain attack



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • * AI Transcription Tool "Whisper" Creates Fabricated Text, Raising Concerns in Healthcare and Beyond

    * Massive UN Data Leak Exposes Personal Information of Violence Against Women Victims

    * Mandiant Report: Exploited Vulnerabilities Reach Record Lows in Time to Patch, But Zero-Days on the Rise

    * Fake Browser Update Malware Targets WordPress Sites via Malicious Plugins

    * Large-Scale Operation Steals Cloud Credentials from Exposed Git Repositories



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • * Anthropic's New AI Can Interact with Computers, Raising Safety Concerns

    * Internet Archive Hit Again: Exposed Tokens Lead to Zendesk Email Breach

    * Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor

    * Half of Businesses Underestimate SaaS Security Risks, Culture Blamed

    * Cyber Skills Gap Widens, Nearly 90% of Businesses Link Breaches to Lack of Expertise



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • * North Korean Hackers Target Tech Job Seekers with Fake Interviews and Malware

    * Internet Archive Hack Exposes Data of 31 Million Users

    * Australian Government Introduces Sweeping Cybersecurity Bill

    * Smart TVs: A Privacy Nightmare Fueled by Data Harvesting and Invasive Ads

    * iPhone Mirroring at Work Exposes Private App Data to Employers



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • * Ecovacs Robot Vacuums Collect Home Images for AI Training, Raising Privacy Concerns

    * Deepfakes on the Rise: Threatening Trust and Security

    * Meta Ray-Ban Glasses Hacked into Real-Time Facial Recognition Tool

    * Apple Patches Privacy Bugs in iOS 18: Passwords Read Aloud and Early Voice Message Recording

    * Cloudflare Mitigates Record-Breaking 3.8 Tbps DDoS Attack



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • * CISA Boss Calls for More Secure Software Development

    * NIST Proposes Sweeping Changes to Password Policies: Mandatory Resets and Character Rules Out

    * Critical Vulnerability Found in Nvidia Container Toolkit

    * Remote Code Execution Flaw Found in CUPS Printing System (Limited Impact)

    * Privacy Group Claims Mozilla's "Privacy-Preserving" Feature Tracks Users

    * ServiceNow Outage Caused by Expired Root Certificate

    Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • * CISA and FBI Urge Software Makers to Eliminate Cross-Site Scripting Vulnerabilities

    * Paying Ransomware Doesn't Guarantee File Recovery, Even With Decryptor

    * US Dismantles Chinese Government-Linked Botnet Targeting Hundreds of Thousands of Devices

    * Clever 'GitHub Scanner' Campaign Abusing Repos to Push Malware

    * Australian Government Suffers Surge in Cyber Attacks, Social Engineering Most Common Tactic

    Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • * Millions of Devices at Risk as Microsoft and Google Disable Insecure Email Login Method

    * Cybersecurity Giant Fortinet Confirms Data Breach, Downplays Impact

    * New Laws Target Banks, Telcos and Tech Giants in Fight Against Scams

    * Online Voucher Scam Targets Sydney Restaurants Using Square POS

    * TfL Staff Face In-Person Password Resets After Cyberattack

    Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
  • * AI-Powered Voice Cloning Scams on the Rise

    * Cyberattack Disrupts Transport for London Services

    * Typosquatting Threatens Developers: Malicious Code in GitHub Actions

    * New Supply Chain Attack Hijacks Removed PyPI Packages

    * White House Aims to Strengthen Internet Routing Security



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com