Jiuma's Security Digest

 Source:  Evolution of AI Technologies Fueling the Social Engineering Attacks (cybersecuritynews.com) The rapid emergence of AI as a significant player in the field of technology  more broadly,  and cybersecurity, more specifically, has had a substantial and disruptive impact on many aspects within those fields. When taking a closer look at its cybersecurity implications, one of the major areas where AI's revolutionizing impact has taken hold has been within the landscape of social engineering attacks. Here, its usage has had a tangible impact by making social engineering operations more sophisticated and effective. Cybercriminals, APTs, and other threat actors alike are all able to leverage AI to enhance their tactics, techniques, and procedures, such as Business Email Compromise (BEC), spear phishing, and many more. This results in heightened risks for corporations and government entities surrounding potential cyberattacks and necessitates the need for mitigation a...

  Source:  Evolution of AI Technologies Fueling the Social Engineering Attacks (cybersecuritynews.com) The rapid emergence of AI as a significant player in the field of technology  more broadly,  and cybersecurity, more specifically, has had a substantial and disruptive impact on many aspects within those fields. When taking a closer look at its cybersecurity implications, one of the major areas where AI's revolutionizing impact has taken hold has been within the landscape of social engineering attacks. Here, its usage has had a tangible impact by making social engineering operations more sophisticated and effective. Cybercriminals, APTs, and other threat actors alike are all able to leverage AI to enhance their tactics, techniques, and procedures, such as Business Email Compromise (BEC), spear phishing, and many more. This results in heightened risks for corporations and government entities surrounding potential cyberattacks and necessitates the need for mitigation ...

 Source:  Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats (thehackernews.com) Rockwell Automation, a leading American provider of industrial automation technology, recently updated its customers via an urgent advisory, imploring all of them not to allow public internet access to their industrial control systems (ICS). The reasoning behind this advisory is the intent to safeguard such systems against the increasing threat of malicious cyber activities, such as those driven by APTs and nation-states.  This  comes at a time when geopolitical tensions have reached their highest levels in recent memory across the globe, and cyber is being seen by many as a relatively low-cost but high-reward tool to use against one's adversaries globally.  Consequently, the advisory emphasizes that by nature, ICS systems should never be configured to connect directly to the public internet in the first place, as doing so significantly increases the attac...

 Source:  Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries (thehackernews.com) Recently, cybersecurity researchers have been able to unmask a previously hidden threat group named Unfading Sea Haze.  Active since  2018, the shadowy group made a name for itself by targeting high-level organizations, specifically in countries  that border  the South China Sea.  Its victim list includes everything from military organizations to government and political entities, and according to research conducted on it by Bitdefender, the group appears to be aligned with Chinese state interests, representing a worrying trend in the increased proliferation of nation-backed cybercrime. To this day, Unfading Sea Haze has targeted eight victims, and its signature attack mechanisms revolve around exploiting poor credential hygiene along with inadequate patching practices.  Specific tactics used by the group include  the  leveraging...

 Source:  Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses (thehackernews.com) Recently, Microsoft announced a security-related uphaul for Windows 11 that included the deprecation of their classic NT LAN Manager (NTLM) protocol in favor of the more secure Kerberos protocol. The expected ETA of this change  is set  for the second half of 2024, with the vulnerabilities of NTLM being the main driver behind its deprecation by Microsoft. Said vulnerabilities include but are not limited to its lack of support for modern cryptographic algorithms, such as AES and SHA-256,  along with  its susceptibility to relay attacks. Thus, its replacement by the Kerberos protocol will signify the end of an era  to a degree , as NTLM has been a Windows classic ever since the early 2000s.  However, Microsoft's security-related enhancements for Windows 11 didn't stop at the simple deprecation and replacement of insecure protocols, as it wen...

 Source:  BlackPlague Malware Steals Discord Token & Telegram Sessions (cybersecuritynews.com) With online messaging applications being a mainstay of modern interpersonal communications, it is no surprise that malicious actors would seek to exploit and compromise them to achieve their various objectives. With that in mind, the BlackPlauge malware is only the latest iteration of this trend, as it  was specifically engineered  to target the popular messaging and communications platforms Discord and Telegram. Stealing session data and user tokens is the name of the game for this version of the malware, and its sophisticated approach embodies a critical threat to the confidentiality and integrity of countless users of these communication platforms worldwide.  BlackPlague's approach leverages vulnerabilities found in the communications platforms themselves, from which it can then pivot and extract session data, user tokens, and similar sensitive information from ...

 Source:  Cybersecurity researchers spotlight a new ransomware threat – be careful where you upload files (msn.com) Recently, researchers in the field of cybersecurity have uncovered a new ransomware threat that exploits the file upload capabilities of modern web browsers like Google Chrome and Microsoft Edge. This novel threat perfectly encapsulates the critical importance surrounding the security of APIs, as they play a central role in the exploitation process. Through the File System Access API, which allows web applications to interact with local users' file systems, attackers can leverage it to maliciously access local files, encrypt them, and demand a ransom from their victims. However, the sad reality is that even when a payment  is made  successfully, attackers are under no obligation to restore end-user access and, more often than not, tend to simply take the money without performing the service advertised to their victim.  The origins of this threat em...