13
10
  • 28% increase in phishing emails sent between April 1st – June 30th vs January 1st – March 31st, 2024

  • 82% of phishing toolkits mentioned deepfakes and 74.8% referenced AI

  • During a commodity attack, on average organisations experience a 2,700% increase in phishing attacks compared to the normal baseline

  • 72.3% of commodity attacks used a hyperlink as its payload, followed by QR codes at 14.0%

  • 52.5% of advanced persistent threat (APT) campaigns were classified as zero-day attacks, while only 35.4% contained a previously identified payload

  • 89% of phishing emails involve impersonation; Adobe was the most impersonated brand, followed by Microsoft

  • 14.9% of impersonation emails were classed as ‘payloadless’, relying solely on social engineering tactics

  • 44% of phishing emails were sent from compromised accounts, helping them bypass authentication protocols

11
22
9
13
8
27
78
14
17
21

Akamai researchers have confirmed a new attack vector using CUPS that could be leveraged to stage distributed denial-of-service (DDoS) attacks.

Research shows that, to begin the attack, the attacking system only needs to send a single packet to a vulnerable and exposed CUPS service with internet connectivity.

The Akamai Security Intelligence and Response Team (SIRT) found that more than 198,000 devices are vulnerable to this attack vector and are accessible on the public internet; roughly 34% of those could be used for DDoS abuse (58,000+).

Of the 58,000+ vulnerable devices, hundreds exhibited an “infinite loop” of requests.

The limited resources required to initiate a successful attack highlights the danger: It would take an attacker mere seconds to co-opt every vulnerable CUPS service currently exposed on the internet and cost the attacker less than a single US cent on modern hyperscaler platforms.

[-] kid@sh.itjust.works 12 points 2 weeks ago

Update: Israel Planted Explosives in Pagers Sold to Hezbollah, Officials Say (https://www.nytimes.com/2024/09/17/world/middleeast/israel-hezbollah-pagers-explosives.html)

[-] kid@sh.itjust.works 8 points 1 month ago

You can use https://tails.net/ booting from another flash drive in memory only.

[-] kid@sh.itjust.works 10 points 2 months ago

Depends of the country. Disrupt with Internet/communications may be a crime in some countries.

[-] kid@sh.itjust.works 14 points 2 months ago

Kudos to SOC team.

[-] kid@sh.itjust.works 11 points 4 months ago

Instance Rules

Be respectful. Everyone should feel welcome here.

[-] kid@sh.itjust.works 6 points 4 months ago

Not necessarily. Torrent is a way to find a peer for direct connection or via a relay (of course that is more than that). Syncthing, even using a relay server, requires some ports available for at least outbound connection (22000 TCP/UDP or whatever port the relay is using). This should not be possible in a medium security network, let alone a defense network. I don't know if syncthing works without a direct connection (to the peer or relay, something like transport via http proxy).

[-] kid@sh.itjust.works 17 points 4 months ago

Please note that the attack can only be carried out if the local network itself is compromised.

[-] kid@sh.itjust.works 13 points 5 months ago

Hackers 10 - 1 LastPass

[-] kid@sh.itjust.works 13 points 5 months ago

From the article:

Microsoft locked down a server last month that exposed Microsoft employee passwords, keys and credentials to the open Internet, as the company faces growing pressure to strengthen the security of its software. Microsoft was notified of the vulnerability on February 6th and the block on March 5th. It is unclear whether anyone accessed the exposed server during this period.

[-] kid@sh.itjust.works 10 points 6 months ago

In this particular case, the method of infection of the router was not disclosed. However, typically, the most common methods involve an open administration port to the internet (user interface or TR-069) or through the internal interface, in case a network host has been compromised.

They often perform brute-force password attacks, and once access is obtained, they look for typical Linux administrative tools (such as bash, etc.) and proceed to compromise the router.

So I understand that a router with custom firmware can be compromised if it has a weak password and resources to maintain the infection, or of course, a vulnerability that is exploitable.

[-] kid@sh.itjust.works 8 points 6 months ago

Stop giving me your toughest battles

[-] kid@sh.itjust.works 34 points 7 months ago

A better summary:

The text discusses a series of cybersecurity breaches affecting Microsoft, involving sensitive data theft from US government officials and organizations, attributed to Chinese hackers. Microsoft's delayed response to discovered security flaws, including a 90-day wait for a partial fix, is criticized. Senator Ron Wyden has called for Microsoft's accountability. The breaches underscore the growing issue of security vulnerabilities in tech companies, leading to expectations that the US government will require companies to promptly disclose security incidents within a strict timeframe.

view more: next ›

kid

joined 7 months ago
MODERATOR OF