Tag Archive for: increase

Google Confirms Massive Increase In Zero-Day Vulnerabilities Exploited In Attacks Due To Spyware Vendors

/in


Google has published a new report that speaks about the significant rise in zero-day vulnerabilities that continue to be exploited in attacks from 2023.

Both its Threat Analysis Group, as well as the company’s subsidiary firm Mandiant, mentioned how the figures continue to grow as we speak and a lot of that has to do with spyware vendors.

The figures reached 97 zero-days and that stood for more than a 50% rise when you compare it to the past which was just 62. But despite such an increase, the numbers are still much lower than the rise of 106 seen back in the year 2021.

Both entities collectively witnessed 29 out of the 97 vulnerabilities. They even spoke about 61 impacted end users who made use of Google’s products and services such as mobile phones, browsers, and social media apps.

Furthermore, the rest of them were utilized to attack tech like security software and a host of other leading devices in this regard. As far as the enterprise side is concerned, there’s a mega array of vendors as well as products under target and we’re seeing more specific tech getting impacted as a result of this.

Let’s not forget how they’ve seen that as the years pass by, the faster they’re discovering the patch featuring bugs from attackers and this means shorter lifespans arising due to the exploit in question.

In 2023, plenty of threat actors made use of zero-day vulnerabilities that went up to Figure 10. And interestingly, it was China that was highlighted as being behind most of the attacks that had support from the government. Some of those entailed espionage groups from the country which was a trend moving upward.

In 2023, it was all thanks to commercial surveillance that seemed to be the culprit of these attacks that kept on targeting both Android as well as Google devices.

They include up to 75% of all those zero-day exploitations that kept on hitting the platforms. In addition to that, there were vendors

Other than that, most of the 37 zero-day vulnerabilities found on browsers as well as devices that were exploited in 2023 had Google linking close to 60% of all CSVs that keep on selling spyware to clients in the government.

Way back in February, Google revealed how so many…

Source…

Navy looking to increase cyber partnerships with foreign nations

/in


The Navy wants to increase its collaboration in the cyber domain with allies and other international partners to improve interoperability and the sharing of tactics.

The department’s first cyber strategy, released in November, calls for greater cooperation between the organization and foreign countries.

“We will engage with Allied and friendly nations to exchange best practices, share appropriate information, and coordinate our efforts in cyberspace,” it states.

Officials noted that there is a lot to be gained, in terms of tactics and tools, through greater partnership.

“We share our tools, we share the intelligence — and so the better integrated we are, the more successful we will be. A big part of this, again, is learning from each other. We learn as much from them as they learned from us,” Scott St. Pierre, the Department of the Navy’s acting principal cyber advisor, told reporters during a media call Friday. “Our allied coalition partners bring intelligence, they bring unique ways of looking at both defensive cyber operations as well as offensive cyber operations.”

Officials in the past have noted that in many cases, allies and partners may have certain capabilities, access and even authorities that are not immediately available to the U.S. Teaming up with these nations to understand capabilities, accesses and targets improves operations because in some cases these countries can act when the U.S. might not be able to.

St. Pierre noted that this push for greater international cooperation is in line with efforts by U.S. Cyber Command.

“That integrated approach is one of the key elements that U.S. Cyber Command is working, as well as each of the component cyber commands,” he said. “They work with joint and allied partners every single day in a cooperative fashion. It’s been tremendously beneficial to help moving us forward not only on establishing the right defensive postures, but also learning from what they know in terms of the intel they collected and how they actually execute offensive cyber operations.”

In fact, Cybercom’s leader Gen. Paul Nakasone has made international partnerships a key pillar of the…

Source…

Hacking companies is happening and will only increase

/in


While the idea of a teenage “script kiddie” – a novice hacker using unsophisticated tools – might seem like the stuff of a bad 1990s movie, the threat to some of Australia’s biggest businesses is very real. “Optusdata”, the anonymous hacker who in late 2022 made away with the personal data of more than 10 million Optus customers before backing down from a $1.5 million ransom threat, was described as “unprofessional” and “stupid” by their hacker peers on the dark web.

The Optus mass data breach occurred through an unprotected and publicly exposed end point, meaning anyone who discovered it could connect to it without submitting a username or password. The attack was far from sophisticated, according to O’Reilly and other experts.

“For attackers, especially those utilising low-cost, high-reward strategies, the investment is minimal compared to the potential pay-off, which can range from financial gain to significant data breaches, or even reputational damage to the targeted organisation,” O’Reilly says.

According to the Australian Signals Directorate, more than 127,000 hacks against Australian servers were recorded between the 2022 and 2023 financial years – an increase of more than 300 per cent over the prior year – and O’Reilly says that matches what he’s seeing on the ground.

In the shadows

O’Reilly spends much of his time monitoring the dark web, which ransomware groups use to leak data and boast about their bounties. He regularly reports his findings to the Australian Signals Directorate.

The dark web is a shadowy part of the internet accessible only through special software, allowing users to remain anonymous. It is commonly used for illegal activities such as buying and selling drugs and weapons, as well as stolen credentials.

The group suspected to be behind the 2022 Medibank data breach, Russian cybercriminal gang REVil, posted customer names, birthdates and Medicare details under “good” and “naughty” lists on its dark web site, called Happy Blog. The leaked data included patients who had undergone treatment for drug addictions and terminated non-viable pregnancies.

“I recommend to sell Medibank stocks,” the group said in the…

Source…

How the White House’s AI Executive Order could increase U.S. cyber vulnerabilities

/in


On October 30, the White House released its “Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” It is a lengthy document, spanning over 30 pages in the Federal Register. But two short portions of the Executive Order (EO) are of particular concern in terms of the cybersecurity vulnerabilities they will create: Under the EO, the government will institute mandatory reporting of information about the “physical and cybersecurity measures taken to protect” model weights associated with certain large AI models, as well as the location and computing power of “large-scale computing cluster[s].”

Reporting requirements

The EO instructs the Department of Commerce to require this reporting within 90 days of the date of the EO. It also instructs the Department of Commerce to develop criteria for what constitutes reportable AI models and computing clusters and provides the following interim criteria:

  • Reportable AI model: “any model that was trained using a quantity of computing power greater than 1026 integer or floating-point operations, or using primarily biological sequence data and using a quantity of computing power greater than 1023 integer or floating-point operations.”
  • Reportable computing cluster: “any computing cluster that has a set of machines physically co-located in a single datacenter, transitively connected by data center networking of over 100 Gbit/s, and having a theoretical maximum computing capacity of 1020 integer or floating- point operations per second for training AI.”

Cybersecurity exposures

The very fact of requiring AI companies to report the “physical and cybersecurity measures taken to protect” model weights will itself undermine the utility of those measures. After all, one of the most basic principles of security is to avoid disclosing too many details of how an asset is protected. A well-protected jewelry store is secure in large part because would-be thieves are left guessing as to the full set of security measures that are in place.

The most sophisticated AI models are the result of enormous investments in both dollars and human effort. Those models have extraordinary economic…

Source…