Jiuma's Security Digest

 Source:  APT Hackers Attacking Manufacturers With Keyloggers, Infostealers, & Proxy Tools (cybersecuritynews.com) South Korean manufacturers have recently appeared as the prime target behind attacks conducted by the Andariel Advanced Persistent Threat (APT) group.  Its attackers centered around  the use of  keyloggers, proxy tools, and infostealers to target manufacturers, construction firms, and educational institutions  all  throughout South Korea.   The attack methodology  is initiated  by  the exploitation of  preexisting vulnerabilities within Apache Tomcat servers to install backdoors such as Nestdoor, which affords the attackers several different privileges on victim systems,  which include  remote control, data exfiltration, and command execution.   This attack  bears a resemblance to  previous campaigns and other APT groups that have been linked to the North Korean government, as research ...

 Source:  Evolution of AI Technologies Fueling the Social Engineering Attacks (cybersecuritynews.com) The rapid emergence of AI as a significant player in the field of technology  more broadly,  and cybersecurity, more specifically, has had a substantial and disruptive impact on many aspects within those fields. When taking a closer look at its cybersecurity implications, one of the major areas where AI's revolutionizing impact has taken hold has been within the landscape of social engineering attacks. Here, its usage has had a tangible impact by making social engineering operations more sophisticated and effective. Cybercriminals, APTs, and other threat actors alike are all able to leverage AI to enhance their tactics, techniques, and procedures, such as Business Email Compromise (BEC), spear phishing, and many more. This results in heightened risks for corporations and government entities surrounding potential cyberattacks and necessitates the need for mitigation a...

  Source:  Evolution of AI Technologies Fueling the Social Engineering Attacks (cybersecuritynews.com) The rapid emergence of AI as a significant player in the field of technology  more broadly,  and cybersecurity, more specifically, has had a substantial and disruptive impact on many aspects within those fields. When taking a closer look at its cybersecurity implications, one of the major areas where AI's revolutionizing impact has taken hold has been within the landscape of social engineering attacks. Here, its usage has had a tangible impact by making social engineering operations more sophisticated and effective. Cybercriminals, APTs, and other threat actors alike are all able to leverage AI to enhance their tactics, techniques, and procedures, such as Business Email Compromise (BEC), spear phishing, and many more. This results in heightened risks for corporations and government entities surrounding potential cyberattacks and necessitates the need for mitigation ...

 Source:  Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats (thehackernews.com) Rockwell Automation, a leading American provider of industrial automation technology, recently updated its customers via an urgent advisory, imploring all of them not to allow public internet access to their industrial control systems (ICS). The reasoning behind this advisory is the intent to safeguard such systems against the increasing threat of malicious cyber activities, such as those driven by APTs and nation-states.  This  comes at a time when geopolitical tensions have reached their highest levels in recent memory across the globe, and cyber is being seen by many as a relatively low-cost but high-reward tool to use against one's adversaries globally.  Consequently, the advisory emphasizes that by nature, ICS systems should never be configured to connect directly to the public internet in the first place, as doing so significantly increases the attac...

 Source:  Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries (thehackernews.com) Recently, cybersecurity researchers have been able to unmask a previously hidden threat group named Unfading Sea Haze.  Active since  2018, the shadowy group made a name for itself by targeting high-level organizations, specifically in countries  that border  the South China Sea.  Its victim list includes everything from military organizations to government and political entities, and according to research conducted on it by Bitdefender, the group appears to be aligned with Chinese state interests, representing a worrying trend in the increased proliferation of nation-backed cybercrime. To this day, Unfading Sea Haze has targeted eight victims, and its signature attack mechanisms revolve around exploiting poor credential hygiene along with inadequate patching practices.  Specific tactics used by the group include  the  leveraging...

 Source:  Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses (thehackernews.com) Recently, Microsoft announced a security-related uphaul for Windows 11 that included the deprecation of their classic NT LAN Manager (NTLM) protocol in favor of the more secure Kerberos protocol. The expected ETA of this change  is set  for the second half of 2024, with the vulnerabilities of NTLM being the main driver behind its deprecation by Microsoft. Said vulnerabilities include but are not limited to its lack of support for modern cryptographic algorithms, such as AES and SHA-256,  along with  its susceptibility to relay attacks. Thus, its replacement by the Kerberos protocol will signify the end of an era  to a degree , as NTLM has been a Windows classic ever since the early 2000s.  However, Microsoft's security-related enhancements for Windows 11 didn't stop at the simple deprecation and replacement of insecure protocols, as it wen...