Tag Archive for: stories

The scariest cyber security horror stories of 2022

/in


In a year of upheavals that saw the death of Queen Elizabeth II, three changes of UK prime minister, and Russia’s invasion of Ukraine, one thing that has remained unfortunately consistent is cyber criminals ramping up attacks.

Some trends prevail: Ransomware remains popular, fuelled by the sheer volume of revenue available to the gangs and criminals involved in the lucrative market. The Lapsus$ group has been particularly active in 2022, allegedly breaching the likes of Microsoft, Uber, and Nvidia.

The supply chain is still a common vector of attack, with the Okta breach at the beginning of the year showing the damage that can be done to a firm’s reputation if it fails to act quickly in disclosing an incident.

Cyber criminals have also started to broaden their horizons to focus on digital currencies, with cryptocurrency exchanges, platforms, and personal wallets increasingly targeted over the course of the year.

We’ve rounded up the scariest security horror stories of 2022.

Log4Shell vulnerability wreaks havoc throughout 2022

The Log4Shell vulnerability continues to wreak havoc on businesses a year after it first sent shockwaves through the security industry. Discovered in December 2021, the zero-day remote code execution (RCE) flaw in Java logger Log4j was so impactful because of the sheer number of applications and services it powers: Log4j is used by millions of computers across many organisations and underpins multiple internet services and applications, including Twitter, Microsoft, and Amazon.

With a 10/10 critical rating, the Log4Shell flaw – which has the NIST National Vulnerability Database designation CVE-2021-44228 – is relatively easy to exploit, because it doesn’t require privileged access to be used in attacks. It’s therefore no surprise that just 24 hours after it was disclosed, researchers at security firm Checkpoint recorded almost 200,000 attempts to exploit the issue. A week after Log4Shell went public, cyber criminals and other malicious actors had used the flaw as part of over 1.2 million attacks globally. 

The Log4Shell issue persisted well into 2022. In February, the flaw was used by Iranian state sponsored attackers targeting the US government….

Source…

Computing’s biggest security stories of 2022

/in


Here’s our round-up of the security stories that have shaped the cyber year in what has been yet another rollercoaster ride for infosec professionals.

January

Last year ended with a sting in its tail, with the Log4J vulnerability Log4Shell emerging just as security folks felt it might be safe to start winding down for the holidays. There have been reports of the vulnerability being exploited by state sponsored actors, including an attack on Belgium’s Defence ministry, but it’s probably fair to say the damage – so far as we know – hasn’t been as bad as feared.

Prior to Log4Shell, the major priority for many was defending against ransomware, and 2022 continued as 2021 left off with an attack on schools website provider FinalSite leading to a lengthy loss of access to many online services in thousands of schools and colleges around the world.

North Korea’s veteran hacking organisation Lazarus started the year as it meant to go on using Windows Update and GitHub to deploy malware as part of a new spear-phishing campaign aimed at US defence contractor Lockheed-Martin.

February

February was marked – and  marred in so many ways – by Russia’s invasion of Ukraine. Before the tanks started rolling in, and afterwards too, Ukrainian institutions suffered a wave of DDoS and wiper ransomware attacks, but the county, which has been bolstering its defences since the anexation of Crimea in 2014, proved surprisingly resilient.

And it was not just one way traffic. Some Russian websites down and TV broadcasts were interrupted as Ukraine asked hacking groups for help, something advised against by the UK government for fear of unpredictable knock-on effects. Cyber attacks and counter attacks related to the war punctuated the news cycle throughout the rest of the year, but Russia’s much feared skills in alternative warfare seemed mostly confined to disinformation.

The UK Foreign, Commonwealth & Development Office (FCDO) was in the news after a public tender document was posted on the government’s website asking for ‘urgent business support’ following a ‘serious cyber security incident‘. What that incident was and when it occurred was not made clear.

In presumably unrelated news, the Foreign Office’s…

Source…

Top 5 stories of the week: DeepMind and OpenAI advancements, Intel’s plan for GPUs, Microsoft’s zero-day flaws

/in


Learn how your company can create applications to automate tasks and generate further efficiencies through low-code/no-code tools on November 9 at the virtual Low-Code/No-Code Summit. Register here.

This week, Googled-owned tech lab, DeepMind, unveiled its first AI that is capable of creating its own algorithms to speed up matrix multiplication. Though it’s taught in high school math, matrix multiplication is actually fundamental to computational tasks and remains a core operation in neural networks.

In the same vein, OpenAI this week announced the release of Whisper — its open-source, deep learning model for speech recognition. The company claims the technology already shows promising results transcribing audio in several languages.

Joining the innovation sprint this week, Intel detailed a plan to make developers’ lives a bit easier, with a goal to make it possible to build an application once that can run on any operating system. Historically, this was a goal of the Java programming language, but even today the process is not uniform across the computing landscape — something Intel hopes to change.

On the security front, enterprise leaders had several new announcements to take note of this week, including the zero-day flaw exploit in Microsoft’s Exchange Server. The company confirmed that a suspected state-sponsored threat actor was able to successfully exfiltrate data from fewer than 10 organizations using its staple platform. 

Event

Low-Code/No-Code Summit

Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.


Register Here

While it’s no secret that attacks like these continue to expand in both volume and intensity — the methods for preventing attacks are also evolving. Vulnerability solutions provider Tenable is one that has evolved to change its main focus, too. This week, the company announced it’s shifting its focus from vulnerability management to attack surface management and released a new tool for enterprises with…

Source…

Here are the craziest stories from the new Hacking Google documentary

/in


hacking google

TL;DR

  • Google has launched a six-part docuseries called Hacking Google.
  • The series discusses major industry-shaping events like the Operation Aurora cyberattack and more.
  • Each episode is dedicated to each of the teams that make up Google’s cybersecurity arm.

From answering emails to watching YouTube videos, the web is a part of our everyday lives. Whether we’re checking our phone after waking up or logging on to start our day of work, we use the internet without a second thought. And not only do we often use it without thinking, but we also trust that the services we’re using will keep us safe from the dangers that lurk on the web.

However, keeping everyone safe while online is easier said than done. To reveal everything that goes into keeping you safe as you surf the net, Google has released a six-part documentary called Hacking Google. The series is focused on each of the company’s cybersecurity teams and their tireless efforts to thwart cyber threats.

Android Authority had the chance to view the documentary in its entirety, and here were the craziest things we learned from it.

Operation Aurora

After launching the stable version of its new operating system (Android) in 2008, the proceeding year was an eventful time for Google. Sailing on the high of its new OS, Google would later get a nasty surprise that seemed to stop everything in its tracks.

On December 14, 2009, VP of Security Engineering, Heather Adkins, and others from the department discovered unusual activity in the form of a single message sent to an employee. What appeared to be a simple phishing attack — where the sender attempts to get the recipient to click on a malicious link or reveal sensitive information — turned out to be something much bigger that would change the industry forever.

Once the link was opened, the user was directed to a website that downloaded malicious software that helped the attacker establish a foothold in one of Google’s servers. The cyberattack was nothing ordinary as it was able to learn and change tactics faster than Google’s local security team could handle at the time. As a result, Google’s security team dropped everything to focus on this one problem.

Right after the…

Source…