Author: securnerd

In a groundbreaking move, Microsoft has launched the early access phase for its revolutionary AI-driven security analysis tool, Security Copilot. The platform, akin to the familiar ChatGPT, empowers security teams to swiftly combat threats using Microsoft’s extensive global threat intelligence and cutting-edge large language models. Security Copilot offers a dynamic approach, responding to security queries from defenders while continuously learning and adapting from interactions. Tailoring its recommendations to specific enterprise environments, it provides instant incident summaries, rapid guided responses, simplified natural language queries, and real-time malware analysis. One of its standout features is the ability to identify previously unknown threats…

In a significant collaborative effort, Indian law enforcement agencies joined forces with Microsoft and Amazon to combat the rampant issue of tech support fraud, a devious scheme where scammers impersonate technical or customer support agents to deceive unsuspecting individuals into parting with their money. On October 19th, the Central Bureau of Investigation (CBI) and federal enforcement agencies coordinated a series of raids across various sectors in India, targeting illegal call centers engaged in tech support fraud. This type of fraud typically involves fraudsters posing as legitimate support representatives, offering assistance with tasks such as updating antivirus software or renewing software…

In a startling revelation, Cisco has exposed the presence of two dangerous zero-day vulnerabilities in its IOS XE software – CVE-2023-20198 and CVE-2023-20273. These vulnerabilities have been actively exploited by hackers, allowing them to deploy malicious implants on compromised devices. The CVE-2023-20198 authentication bypass zero-day, disclosed earlier this week, enabled unauthenticated attackers to infiltrate IOS XE devices since September 18, creating unauthorized administrative accounts. Subsequently, the CVE-2023-20273 privilege escalation zero-day was employed to gain root access, granting the hackers complete control over the devices. This control facilitated the execution of arbitrary commands within the system. Cisco has swiftly developed fixes…

In a bid to fortify its Android ecosystem against emerging threats, Google has unveiled a significant update to its Play Protect service. The tech giant has introduced real-time code-level scanning to preemptively combat novel malicious apps before they infiltrate Android devices during installation. The upgraded Google Play Protect now prompts users with a real-time app scan recommendation when installing apps that have not undergone prior scanning. This proactive approach aims to detect and neutralize evolving threats, ensuring a safer app environment for Android users. Google Play Protect, a complimentary built-in threat detection service, meticulously examines apps sourced from the Play…

In a startling revelation, cybercriminals have successfully exploited a critical zero-day vulnerability, identified as CVE-2023-20198, to compromise and infiltrate more than 10,000 Cisco IOS XE devices with malicious implants. The affected devices span across various products running Cisco IOS XE software, including enterprise switches, aggregation and industrial routers, access points, wireless controllers, and more. Leading threat intelligence firm VulnCheck discovered that the vulnerability was extensively exploited in attacks specifically targeting Cisco IOS XE systems equipped with the Web User Interface (Web UI) feature, alongside enabled HTTP or HTTPS Server features. The company conducted scans on internet-facing Cisco IOS XE web…

Researchers from the University of South Australia and Charles Sturt University have unveiled a groundbreaking algorithm designed to identify and intercept man-in-the-middle (MitM) attacks on unmanned military robots. MitM attacks, which involve intercepting data traffic between two parties, pose a significant threat to unmanned military vehicles by enabling malicious actors to eavesdrop, inject false data, or even assume control of the robots. Professor Anthony Finn, an expert involved in the study, emphasized the vulnerability of the robot operating system (ROS) due to its extensive networking, especially in the era of Industry 4.0. To counter these threats, the researchers harnessed machine…

In a significant move aimed at fortifying the security features of Windows 11, Microsoft has unveiled plans to phase out the NT LAN Manager (NTLM) authentication protocol. The tech giant is set to focus on strengthening the Kerberos authentication protocol, which has been the default choice since the year 2000, signaling a pivotal shift in its authentication methods to bolster cybersecurity. Microsoft’s strategy involves introducing innovative features for Windows 11, notably Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center (KDC) for Kerberos. IAKerb will empower clients to authenticate using Kerberos across a wide array…

In a recent revelation, cybersecurity experts have exposed ToddyCat, the notorious advanced persistent threat (APT) actor, for deploying a fresh suite of malicious tools tailored for data exfiltration. These findings provide a detailed glimpse into the group’s sophisticated tactics and capabilities, shedding light on their evolving strategies. The insights into ToddyCat’s enhanced toolkit have been unveiled by Kaspersky, a leading cybersecurity firm, which had previously identified the group’s activities in attacks against prominent organizations in Europe and Asia spanning nearly three years. While ToddyCat was previously associated with the Ninja Trojan and a backdoor named Samurai, further investigation has unearthed…

In a concerning surge of cyber threats, over 17,000 WordPress websites fell victim to the relentless onslaught of Balada Injector attacks last month. Exploiting vulnerabilities in premium theme plugins, multiple Balada Injector campaigns wreaked havoc by compromising and infecting these sites. First identified in December 2022 by cybersecurity firm Dr. Web, the Balada Injector operation involves the use of various exploits targeting well-known flaws in WordPress plugins and themes. This malicious endeavor installs a Linux backdoor, redirecting visitors to compromised websites to fraudulent tech support pages, fake lottery winnings, and push notification scams. Whether part of larger scam campaigns or…

In a recent incident, a dream-inspired revelation led to the creation of malicious code by exploiting generative AI like ChatGPT. The Moonlock Lab malware research engineer recounted a dream featuring code snippets: “MyHotKeyHandler,” “Keylogger,” and “macOS.” ChatGPT, upon request, replicated the code, highlighting the ease with which large language models can be manipulated for nefarious purposes. This episode underscores a pervasive challenge: the rise of prompt engineering and malicious injections. These techniques allow hackers to bypass content filters and manipulate AI models with mere words, leading to concerning implications. Cybersecurity experts have developed a ‘Universal LLM Jailbreak’ capable of breaching…