News – Page 10

Mind the Gap: Strengthening Cybersecurity Through Behavioral Awareness

Posted on 10 June 2024

From tripwire.com

Exploring the intricate relationship between people and cybersecurity opens up a dynamic landscape where individuals’ decisions, habits, and intentions significantly impact the safety and integrity of digital systems.

Cybercriminals are savvy opportunists, and like pickpockets, they go where the crowds are. They scan the virtual world, identifying weaknesses in the popular sites and systems people use. Whether it’s social media platforms teeming with personal data or online marketplaces bustling with transactions, cybercriminals meticulously search for chinks in the digital armor.

Natural human biases are one such chink, and are easily exploitable to infiltrate networks, steal sensitive information, or deploy malicious software. This is because humans are not just users of technology but active participants in its ecosystem.

Cybersecurity Snapshot: NIST Program Assesses How AI Systems Will Behave in the Real World, While FBI Has Troves of Decryption Keys for LockBit Victims

Posted on 10 June 2024

From tenable.com

Check out the new ARIA program from NIST, designed to evaluate if an AI system will be safe and fair once it’s launched. Plus, the FBI offers to help LockBit victims with thousands of decryption keys. In addition, Deloitte finds that boosting cybersecurity is key for generative AI deployment success. And why identity security is getting harder. And much more!

1 – NIST program will test safety, fairness of AI systems

Will that artificial intelligence (AI) system now in development behave as intended once it’s released or will it go off the rails?

It’s a critical question for vendors, enterprises and individuals developing AI systems. To help answer it, the U.S. government has launched an AI testing and evaluation program.

Called Assessing Risks and Impacts of AI (ARIA), the National Institute of Standards and Technology (NIST) program will make a “sociotechnical” assessment of AI systems and models.

That means ARIA will determine whether an AI system will be valid, reliable, safe, secure, private and fair once it’s live in the real world.

“In order to fully understand the impacts AI is having and will have on our society, we need to test how AI functions in realistic scenarios – and that’s exactly what we’re doing with this program,” U.S. Commerce Secretary Gina Raimondo said in a statement.

Check Point Security Gateway Information Disclosure Vulnerability (CVE-2024-24919)

Posted on 10 June 2024

From blog.qualys.com

Check Point Security Gateway is a secure web gateway that is an on-premises or cloud-delivered network security service. Check Point enforces network security policies, including firewall, VPN, and intrusion prevention capabilities.

Check Point published a zero-day advisory on May 28, 2024, regarding CVE-2024-24919 with a CVSS score of 8.6. As per the advisory, the vulnerability results in attackers accessing sensitive information and gaining domain privileges.

The vulnerability impacts various products from Check Point like CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog.

Check Point said, “The vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled…”

TotalCloud Insights: Uncovering the Hidden Dangers in Google Cloud Dataproc

Posted on 10 June 2024

From blog.qualys.com

Summary

The Apache Hadoop Distributed File System (HDFS) can be vulnerable to data compromise when a Compute Engine cluster is in a public-facing virtual private cloud (VPC) or shares the VPC with other Compute Engine instances.
Google Cloud Platform (GCP) provides a default VPC called ‘default.’ This VPC allows inbound connections only on ports 22 and 3389 while permitting all inbound connections within the internal subnet. This configuration can pose a significant security risk when both Dataproc clusters and Compute Engine instances share the default subnet VPC. It can lead to potential data corruption or theft, both serious concerns.
The Google Security Team labeled the attack flow as an ‘Abuse Risk.’
Qualys TotalCloud now notifies customers of misconfigured Dataproc clusters that are vulnerable to exploitation, offering remediation steps and code for prompt resolution.

Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus

Posted on 10 June 2024

From thehackernews.com

Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks targeting entities in Russia and Belarus.

The phishing attacks were aimed at a pharmaceutical company, a Russian research institute dealing with microbiology and vaccine development, and the aviation sector, expanding beyond their initial focus of government organizations, Morphisec said in a report last week.

“In previous campaigns, the infection chain began with phishing emails containing a link to download a malicious file from platforms like gofile.io,” security researcher Arnold Osipov said. “This latest campaign used archive files containing LNK files pointing to a payload stored on WebDAV servers.”

LogSnare – Mastering IDOR And Access Control Vulnerabilities Through Hands-On Learnin

Posted on 7 June 2024

From kalilinuxtutorials.com

LogSnare is an intentionally vulnerable web application, where your goal is to go from a basic gopher user of the LogSnare company, to the prestigious acme-admin of Acme Corporation.

The application, while hosting multiple vulnerabilities, serves as a valuable educational tool.

However, the real lesson to be learned here is how to prevent and catch these attacks leveraging proper validation and logging.

After logging in to the demo application, in the top navbar you’ll see a validation toggle which allows you to toggle security controls in real-time.

Microsoft Details On Using KQL To Hunt For MFA Manipulations

Posted on 7 June 2024

From gbhackers.com

It is difficult to secure cloud accounts from threat actors who exploit multi-factor authentication (MFA) settings.

Threat actors usually alter compromised users’ MFA attributes by bypassing the requirements, disabling MFA for others, or enrolling rogue devices in the system.

They do so stealthily, mirroring helpdesk operations and making it hard to notice the noise of directory audit logs.

To protect themselves against this insidious attack vector on clouds, organizations need to strengthen monitoring and controls around MFA configuration changes.

Cybersecurity researchers at Microsoft recently detailed using the KQL (Kusto Query Language) to hunt for MFA manipulation.