Influence operators fine-tuning AI to deceive targets
A range of operators including cybercrime groups is continuing to exploit AI technologies such as deepfakes to take advantage of peoples’ inability to distinguish reality from deception. This, according to researchers from Mandiant, in a report released yesterday. The researchers highlighted social engineering as the most successful and used vector thus far but warn that generative AI technologies will give threat actors an ability to “efficiently scale their activity beyond their inherent means.”
67% of government agencies claim confidence in adopting zero trust
According to a new report from Swimlane, quoted in Security Magazine, “67% of government agencies are confident or very confident they are prepared to meet the zero trust requirements laid out by the U.S. government’s Memorandum M-22-09.” Almost two-thirds of thirds of the agencies who responded to the Swimlane researchers stated that they are choosing low code security automation as their primary tool for meeting the Memorandum’s guidelines. Additional statistics of interest from the report: An equal number, 64% of federal agencies report it takes longer to fill a security position now than it did two years ago, with one-third believing they will “never have a fully staffed security team with the proper skills.”
CISA warns of urgent Citrix vulnerability
CISA is mandating that U.S. federal civilian agencies must patch a high-severity bug that affects the “customer-managed ShareFile storage zones controller.” Tracked as CVE-2023-24489, the vulnerability has a CVSS score of 9.1. Researchers at AssetNote are credited with its discovery, and security company GreyNoise says it has already observed attacker activity. AssetNote security researcher Dylan Pindur pointed out there are between 1000 and 6000 instances that are internet accessible, and that the sensitive data stored there would have “quite an impact” if stolen. Citrix released a patch on May 11th and subsequently blocked unpatched hosts from connecting to ShareFile’s cloud control panel. As of June 13th, Citrix reported 83% of customers applied patches. (Updated on August 21, 2023 to add further information on Citrix’s response to the vulnerability.)
Raccoon Stealer malware is back – and improved
Following a six-month hiatus, which followed the arrest of its administrator, the malware-as-a-service named Raccoon malware has announced its return, with an easier to use version and improved abilities to hide from security tools. The improved Raccoon also provides a handy dashboard feature that gives its users an overview of successful campaigns.
Thanks to this week’s episode sponsor, Veza
New ransomware report finds 20% increase in ransomware affecting organizations in July
GuidePoint Security yesterday released its GuidePoint Research and Intelligence Team Report, which observed in July an increase in active threat groups, industries and countries impacted. This is despite a what it calls a “considerable decrease in activity attributed to seven of June’s top ten threat groups.” The U.S. was the most attacked country, manufacturing the most impacted industry, and Clop, Lockbit, and 8base the top three active groups.
NoFilter Attack: Privilege Escalation Method Bypasses Windows Security
NoFilter is a previously undetected attack method that can abuse the Windows Filtering Platform (WFP) to obtain privilege escalation in the Windows operating system. This is the result of research presented by Ron Ben Yizhak, a security researcher at Deep Instinct at DEF CON. As reported in The Hacker News, “the NoFilter can launch a new console as “NT AUTHORITY\SYSTEM” or as another user that is logged on to the machine.” Ben Yizhak stated, in his DEF CON presentation, “new attack vectors can be found by looking into built-in components of the OS, such as the Windows Filtering Platform, to avoid WinAPI, leave barely any evidence and logs, and go undetected by several security products.”
Google’s new Transparency Center outlines its product policies
Users of Google products can now learn more about the policies behind them through this new hub, which also includes reporting and appeal tools and Google’s principles for privacy and AI. The hub also includes statistics on actions that Google has taken to ensure user safety such as blocking bad ads in the billions and removing millions of YouTube videos that violated community guidelines. The hub is available at transparency.google.
Canadian alcohol retailer suffers data breach
The Liquor Control Board of Ontario (LCBO), the government run retailer of alcohol in the province, has warned subscribers of its promotional emails that PII may have been stolen as the result of a breach at its third-party service provider Conversion Digital, which the LCBO uses to send the emails. The organization emphasizes that that customers’ passwords, credit card and debit card information were not impacted by this breach.