BU-CERT News

From thehackernews.com

Cybersecurity researchers have discovered a case of “forced authentication” that could be exploited to leak a Windows user’s NT LAN Manager (NTLM) tokens by tricking a victim into opening a specially crafted Microsoft Access file.

The attack takes advantage of a legitimate feature in the database management system solution that allows users to link to external data sources, such as a remote SQL Server table.

“This feature can be abused by attackers to automatically leak the Windows user’s NTLM tokens to any attacker-controlled server, via any TCP port, such as port 80,” Check Point security researcher Haifei Li said. “The attack can be launched as long as the victim opens an .accdb or .mdb file. In fact, any more-common Office file type (such as a .rtf ) can work as well.”

Read more…

From helpnetsecurity.com

“Malware free” attacks, attackers’ increased reliance on legitimate tools and scripting frameworks, and BEC scams were the most prominent threats small and medium businesses (SMBs) faced in Q3 2023, says the inaugural SMB Threat Report by Huntress, a company that provides a security platform and services to SMBs and managed service providers (MSPs).

Read more…

From malwarebytes.com

ownCloud has warned users about three critical security flaws in its file-sharing software which, if exploited, could reveal sensitive information and modify files. An especially and potentially impactful one is a vulnerability that could lead to disclosure of sensitive credentials and configuration in containerized deployments.

ownCloud is a very widely used open-source project that allows users to host and sync files. ownCloud says on its own website that it has 200 million users, including 600 enterprises.

The vulnerabilities stem from one of the building blocks of the project.

Read more…

From tripwire.com

While the EU AI Act is poised to introduce binding legal requirements, there’s another noteworthy player making waves—the National Institute of Standards and Technology’s (NIST) AI Risk Management Framework (AI RMF), published in January 2023. This framework promises to reshape the future of responsible AI uniquely and voluntarily, setting it apart from traditional regulatory approaches. Let’s delve into the transformative potential of the NIST AI RMF and its global implications.

Read more…

From darkreading.com

As technology continues to evolve and expand its reach into every facet of our lives, so do the threats posed by cyber criminals and nation-state actors. In our Google Cloud Cybersecurity Forecast 2024, we note several cybersecurity trends that organizations should prepare for in the coming year.

The rapid advancement of AI technologies will enable attackers to create more convincing fake audio, video, and images to conduct large-scale phishing and disinformation campaigns. These operations will likely involve impersonating executives in fraud schemes, spreading political misinformation, and sowing social discord. Defenders will need to stay sharp to identify manipulated media and mitigate the risks.

Read more…

From npr.org

With the holiday season upon us, beware “gifts” nobody wants: email fraud and cyberattacks.

Cybercriminals take advantage of consumers’ attention on a particular subject — like, for example, Black Friday or Cyber Monday sales — to run scams, or they use the distraction of the moment to cause disruption.

They’ll slip into the rush of urgent emails offering limited-time deals, hoping to disguise themselves as legitimate retailers. With the National Retail Federation predicting a record high in spending over the holidays in 2023, cybersecurity is especially important.

Read more…

From gbhackers.com

DarkGate, a sophisticated Malware-as-a-Service (MaaS) offered by the enigmatic RastaFarEye persona, has surged in prominence.

The malware is known for abusing Microsoft Teams and MSI files to compromise target systems. 

This Sekoia report delves into its ominous capabilities, examining its deployment by threat actors like TA577 and Ducktail.

DarkGate employs ingenious data obfuscation techniques, including base64 encoding with a dual-alphabet approach. 

Unraveling its inner workings reveals a TStringList configuration stored in PE, challenging analysts to decode and comprehend.

Read more…