Cybersecurity

The company said it discovered “unauthorized activity” within its networks on October 3 and promptly moved to disconnect affected systems.

The purpose of the attack appears to be for intelligence collection as the hackers might have had access to systems used by the U.S. federal government for court-authorized network wiretapping requests.

It is unclear when the intrusion occurred, but WSJ cites people familiar with the matter, saying that "for months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data."

MITRE’s Center for Threat-Informed Defense has launched the AI Incident Sharing initiative, collaborating with over 15 companies to enhance AI system defenses. The initiative, part of the Secure AI project, facilitates quick and secure sharing of AI-related threats, attacks, and accidents, expanding the MITRE ATLAS community knowledge base. Contributors receive anonymized data on real-world incidents, supporting data-driven risk analysis. Incidents can be submitted via a web portal, and submitting organizations may join the initiative. The Secure AI project also updated the ATLAS threat framework, adding generative AI-focused case studies and attack techniques. Collaborators include prominent organizations from diverse industries such as technology, healthcare, and financial services, aiming to improve collective AI defense.

cross-posted from: https://group.lt/post/2667251

Thousands of machines running Linux have been infected by a malware strain that’s notable for its stealth, the number of misconfigurations it can exploit, and the breadth of malicious activities it can perform, researchers reported Thursday.

The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33426, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on many Linux machines.

https://github.com/umutcamliyurt/TLShell

• 28% increase in phishing emails sent between April 1st – June 30th vs January 1st – March 31st, 2024

• 82% of phishing toolkits mentioned deepfakes and 74.8% referenced AI

• During a commodity attack, on average organisations experience a 2,700% increase in phishing attacks compared to the normal baseline

• 72.3% of commodity attacks used a hyperlink as its payload, followed by QR codes at 14.0%

• 52.5% of advanced persistent threat (APT) campaigns were classified as zero-day attacks, while only 35.4% contained a previously identified payload

• 89% of phishing emails involve impersonation; Adobe was the most impersonated brand, followed by Microsoft

• 14.9% of impersonation emails were classed as ‘payloadless’, relying solely on social engineering tactics

• 44% of phishing emails were sent from compromised accounts, helping them bypass authentication protocols