administrator

Cybersecurity provider Trend Micro Incorporated has been integrating artificial intelligence (AI) into its technologies for a decade, but it hasn’t had the power of generative AI, until now.

Today Trend Micro announced its new Vision One platform, bringing together a series of different cybersecurity capabilities including extended detection and response (XDR), attack surface risk management (ASRM) and zero trust. In many respects, the platform is an evolution of the Trend Micro one platform announced in 2022, with the big new addition being gen AI.

The Trend vision one companion is a gen AI-powered assistant for security operation center (SOC) analysts. The technology enables security teams to use natural language queries to answer questions, assist with threat hunting and accelerate remediation.

“We’ve really tried to think about how we can bring the power of gen AI to the security operation center,” Trend Micro COO Kevin Simzer told VentureBeat. “When you’re in an SOC, It tends to be a bit of a stressful job as they’re inundated with lots of telemetry from all different sources.”

Tesla CEO Elon Musk might have his very own supersecret driver mode that enables hands-free driving in Tesla vehicles.

The hidden feature, aptly named “Elon Mode,” was discovered by a Tesla software hacker known online as @greentheonly. The anonymous hacker has dug deep into the vehicle code for years and uncovered things like how Tesla can lock you out of using your power seats or the center camera in the Model 3 before it was officially activated.

After finding and enabling Elon Mode, greentheonly ventured out to test the system and posted some rough footage of the endeavor. They did not share the literal “Elon Mode” setting on the screen but maintain that it’s real.

The hacker found that the car didn’t require any attention from them while using Tesla’s Full Self-Driving (FSD) software. FSD is Tesla’s vision-based advanced driver-assist system that’s in beta but is currently available to anyone who paid as much as $15,000 for the option. The software was the subject of an internally leaked report last month that indicated FSD has had thousands of customer complaints of sudden braking and abrupt acceleration.

The United Kingdom on Sunday announced a “major expansion” to its Ukraine Cyber Program, which has seen British experts provide remote incident response support to the Ukrainian government following Russian cyberattacks on critical infrastructure.

It follows the British government last year announcing that personnel from cyber and signals intelligence agency GCHQ had been contributing to Ukraine’s defense, including by providing protection against the Industroyer2 malware, alongside delivering hardware and software and limiting “attacker access to vital networks.”

The new funding will also support the provision of “forensic capabilities to enable Ukrainian cyber experts to analyze system compromises, attribute attackers and build better evidence to prosecute these indiscriminate attacks,” said Number 10.

A hacking group that has carried out attacks targeting organizations in Europe, Latin America and Central Asia has been linked to Russia’s military intelligence agency, according to new research.

Microsoft said Wednesday that the group, which it calls Cadet Blizzard, played a significant role at the beginning of Russia’s cyberwar against Ukraine. About a month prior to the invasion, the group deployed WhisperGate malware, which targeted numerous Ukrainian government computers and websites, while Russian tanks and troops were surrounding the Ukrainian borders waiting to start the offense.

Last year, Ukrainian cybersecurity officials along with their allies from the U.K. and the U.S. attributed the WhisperGate attack to units operating under the Russian military intelligence agency known as the GRU, but they did not disclose additional details.

According to Microsoft’s report, Cadet Blizzard operates independently from other GRU-affiliated hacking groups, such as Sandworm. The group is responsible for destructive attacks, cyber espionage, hack-and-leak operations, and defacement attacks — incidents where hackers modify the visual appearance of a website.

Microsoft considers the emergence of a novel GRU-affiliated actor “a notable development in the Russian cyber threat landscape.” According to the researchers, Cadet Blizzard’s cyber operations align with Russia's wider military goals in Ukraine but also pose a danger to NATO countries that provide military aid to Ukraine.

Business email compromises, which supplanted ransomware last year to become the top financially motivated attack vector-threatening organizations, are likely to become harder to track. New investigations by Abnormal Security suggest attackers are using generative AI to create phishing emails, including vendor impersonation attacks of the kind Abnormal flagged earlier this year by the actor dubbed Firebrick Ostricth.

According to Abnormal, by using ChatGPT and other large language models, attackers are able to craft social engineering missives that aren’t festooned with such red flags as formatting issues, atypical syntax, incorrect grammar, punctuation, spelling and email addresses.

The firm used its own AI models to determine that certain emails sent to its customers later identified as phishing attacks were probably AI-generated, according to Dan Shiebler, head of machine learning at Abnormal. “While we are still doing a complete analysis to understand the extent of AI-generated email attacks, Abnormal has seen a definite increase in the number of attacks with AI indicators as a percentage of all attacks, particularly over the past few weeks,” he said.

Pro-Russian hackers are continuing to hit targets in Ukraine amid a counteroffensive aimed at reclaiming territory held by Russian forces in what Ukrainian officials and researchers describe as an intense period of network operations as the conflict heats up.

“The activity is still very high,” said Victor Zhora, a top Ukrainian cybersecurity official told CyberScoop via online chat Thursday.

Zhora, the deputy chairman of the State Service of Special Communications and Information Protection of Ukraine, which is responsible for the defense of Ukrainian government systems, said that pro-Russian hackers are focused on Ukrainian service providers, media and critical infrastructure, as well as collecting data from government networks. Zhora said his team is expecting the pace of pro-Russian operations to pick up.

The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP.

Everybody on our Twitter feed seemed to be jumping ship to the infosec.exchange Mastodon server, so I decided to see what the fuss was all about. After figuring out why exactly you had to have loads of @ symbols in your username, I began to have a look at how secure it was. If you've followed me on Twitter you'll know I like to post vectors and test the limits of the app I'm using, and today was no exception.

First, I began testing to see if HTML or Markdown was supported. I did a couple of "tweets" to see if you could have code blocks (how cool would that be?) but nothing seemed to work. That is, until @ret2bed pointed out that you could change your preferences to enable HTML! That's right people, a social network that enables you to post HTML - what could possibly go wrong?

I enabled this handy preference and redid my tests. Markdown seemed pretty limited. I was mainly hoping for code blocks but they didn't materialise. I switched to testing HTML and tested for basic stuff like bold tags, which seemed to work on the web but not on mobile. Whilst I was testing, @securitymb gave me a link to their HTML filter source code and he showed me a very interesting vector where they were decoding entities.

In an operation coordinated by Europol and involving nine countries, law enforcement have seized the illegal dark web marketplace “Monopoly Market” and arrested 288 suspects involved in buying or selling drugs on the dark web.

More than EUR 50.8 million (USD 53.4 million) in cash and virtual currencies, 850 kg of drugs, and 117 firearms were seized. The seized drugs include over 258 kg of amphetamines, 43 kg of cocaine, 43 kg of MDMA and over 10 kg of LSD and ecstasy pills.

from 02 May 2023

The newly coined term "Darknet Parliament” has become the latest catchphrase among cybercriminals trying to prove their clout – and security insiders are loving it.

If you’ve never heard of the term before, don’t fret; neither had the rest of the world until Friday, when the notorious pro-Russian hacker group Killnet introduced the phrase in one of its Telegram threat posts.

Soon after, the Twitterverse seemed to come alive with security folk who couldn’t help but wonder about the ‘never-before-heard-of’ moniker for a ‘never-before-heard-of’ hacker government organization.

Can this bikepacking community not keep out the bike tourers? I understand it’s cool to be doing it in the backcountry, but even though I’m traveling down roads, I still camp on the wild. On Reddit there was gatekeeping earring the term, if you were touring it didn’t cut it for them sometimes.

in roughly two months, five teams of DEF CON hackers will do their best to successfully remotely infiltrate and hijack the satellite while it's in space. The idea being to try out offensive and defensive techniques and methods on actual in-orbit hardware and software, which we imagine could help improve our space systems.

Moonlighter, dubbed "the world's first and only hacking sandbox in space," is a mid-size 3U cubesat [PDF] with a mass of about 5kg. Stowed, it is 34 cm x 11 cm x 11cm in size, and when fully deployed with its solar panels out, it measures 50 cm x 34 cm x 11 cm.

It was built by The Aerospace Corporation, a federally funded research and development center in southern California, in partnership with the US Space Systems Command and the Air Force Research Laboratory. It will run software developed by infosec and aerospace engineers to support in-orbit cybersecurity training and exercises.

This effort was inspired by the Hack-A-Sat contest co-hosted by the US Air Force and Space Force, now in its fourth year at the annual DEF CON computer security conference.

Killnet claims to be working in concert with a resurgent form of the notorious ReVIL ransomware gang. The goal? To mount an attack on the Western financial system.

The group is warning that attacks are imminent, as in the next day or so; but it's unclear whether the threats amount to anything more than bluster and saber-rattling, particularly given Killnet's past track record of, at most, carrying out mildly disruptive distributed denial of service (DDoS) attacks.

Even so, in a video posted on a Russian Telegram channel on June 16, Killnet made ominous threats against the SWIFT banking system (famously targeted by Lazarus in 2018); the Wise international wire transfer system; the SEPA intra-Europe payments service; central banks in Europe and the US (i.e., the Federal Reserve); and other institutions.

"The post claims that threat actors from Killnet, REvil, and Anonymous Sudan will unite for the campaign," according to ZeroFox researchers, writing in a flash alert on the threat. "Killnet indicates that the attack is motivated by the US providing weapons to aid Ukraine, stating: 'repel the maniacs according to the formula, no money — no weapons — no Kiev regime.'"