The Daily Decrypt The Digital Security Collective

In today's episode, we discuss the exploitation of a new zero-day vulnerability (CVE-2024-4761) in Google Chrome, prompting emergency fixes from Google. Users are advised to update to Chrome version 124.0.6367.207/.208 to mitigate potential threats (https://thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html). Additionally, Apple has backported a patch to iOS 16 branch to fix CVE-2024-23296 and introduced a new Bluetooth tracker alert feature in iOS 17 to warn users about unknown Bluetooth trackers (https://www.helpnetsecurity.com/2024/05/14/ios-bluetooth-tracker-alert/). The impact of return-to-office mandates at tech giants like Apple, Microsoft, and SpaceX on employee retention, particularly among senior talent, is also discussed, shedding light on the potential negative effects of such policies (https://arstechnica.com/information-technology/2024/05/rto-mandates-led-to-pronounced-exodus-of-senior-workers-at-top-tech-firms/).



00:00 The Great Tech Exodus: Navigating Return to Office Mandates



00:55 Deep Dive into Return to Office Policies and Their Impact



04:54 Exploring Apple's Cybersecurity Enhancements



07:15 Navigating the Threat Landscape: Google Chrome's Zero Day Vulnerability



Search Phrases: Apple, Cyber threats, iOS patches, Bluetooth tracker alert, Cybersecurity measures, CVE-2024-23296, MarketplaceKit vulnerability, Return-to-office mandates, Senior-level employees, Remote work, Workforce management, Employee morale, Attrition



may15



Return to office mandates at major tech companies like apple, Microsoft, and space X. Have led to a significant Exodus of senior level employees.



How can these tech companies manage their workforce effectively while avoiding the negative impact of return to office mandates?



On employee morale and attrition. .



In Apple's most recent update they've added.



A Bluetooth tracker alert.



To alert the user, if an unexpected Bluetooth tracker is in their proximity.



How else is apple enhancing cybersecurity measures. For iOS users. And finally an emergency fix has been rolled out by Google to address the new zero day vulnerability in Google Chrome. Which is being actively exploited in the wild posing, a serious threat to compromised hosts.



How can users protect themselves from the zero day vulnerability in Google Chrome?



You're listening to the daily decrypt. All right. Let's talk about return to office or RTO.



If you work in tech. Specifically cybersecurity. You've probably been impacted by this since the Dawn of COVID.



Or at least know somebody who's been impacted by this.



I personally work on a team of developers who were all hired remotely.



With no expectation set that they'll have to return to the office and.



They're all pretty peeved because now they're having to return to the office and we're losing good talent.



And the team's morale is just a little lower.



Because it's one thing to be hired with the expectation of moving to an office, which is actually how I was hired. And I did move closer to an office.



But it's another thing.



To be hired with the expectation of never having to, and then having to.



So a recent study conducted by researchers from the university of Chicago and the university of Michigan revealed that returned to office mandates at tech giants, like apple, Microsoft, and SpaceX have led to a significant Exodus of senior level employees.



And this study did pose a thought that I had never really considered as to why senior level.



Employees would be leaving specifically ones in management. And that's because they prefer not to manage teams that are inherently unhappy about policies at their. Company.



So if their whole team is upset about returning to office, That's going to directly impact their job satisfaction because there's nothing they can do. They can't change company policy. They can just. Make sure their leaders are aware that their teams are upset and

In today's episode, MITRE debuted EMB3D, a threat model enhancing cybersecurity of embedded devices through collaboration with industry experts. The model aligns with existing frameworks and suggests mechanisms to mitigate threats, aiming to fortify the security ecosystem. Separately, the Black Basta ransomware group's new social engineering tactics, combining email DDoS and vishing, have been exposed by CISA and FBI, underscoring the importance of vigilance against evolving attack vectors in cybersecurity. Lastly, LayerX's 2024 Browser Security Report sheds light on browser risks in enterprises, urging leaders to address vulnerabilities and recommending proactive security measures. For more information, visit https://www.helpnetsecurity.com/2024/05/13/mitre-emb3d-framework/, https://www.helpnetsecurity.com/2024/05/13/black-basta-social-engineering/, and https://thehackernews.com/2024/05/the-2024-browser-security-report.html.



EMB3D, cybersecurity, embedded devices, collaborative efforts, Black Basta, campaign, vishing, ransomware, LayerX, browser extensions, AI-powered threats, enterprise



Search phrases:




EMB3D cybersecurity threat model for embedded devices



collaborative efforts in EMB3D model development



challenges in embedded device security



Black Basta social engineering campaign



Black Basta ransomware group access methods



protecting organizations from Black Basta vishing techniques



LayerX browser extensions security risks



AI-powered threats in browser security



mitigating browser-based risks in enterprise



protecting sensitive data in the enterprise




Transcript:



may14



​



Every web session is a security minefield with unmanaged devices, browser extensions, and AI powered threats posing significant risks. This was revealed



in the 2024 Browser Security Report by LayerX. What steps can security leaders take to mitigate these evolving browser based risks and protect sensitive data in the enterprise? Black Basta is at it again, utilizing a new social engineering campaign, combining email DDoS and vishing techniques to trick employees into downloading remote access tools.



What steps can organizations take to protect themselves from falling victim to these social engineering tactics?



And finally, MITRE has just released a new framework. called EMBED, which is a security threat model for embedded devices, which will provide a knowledge base of cyber threats to embedded devices, and the mechanisms required to mitigate them.



How will this model address the evolving challenges in embedded device security? You're listening to The Daily Decrypt.



LayerX has just released the annual browser security report for 2024, and it reveals that browsers have become a prime target for cyberattacks, leading to various threats like account takeovers, malicious extensions, and phishing attacks within enterprises. The report highlights that unmanaged devices and personal browser profiles are major risk factors, with 62 percent of the workforce using unmanaged devices and 45 percent using personal browser profiles,



which can increase the likelihood of data leaks or phishing incidents. Approximately 33 percent of all extensions in organizations are deemed high risk, with 1 percent confirmed. As malicious attackers exploit deceptive extensions to compromise user data and direct users to phishing sites.



Now browsers are in a very. unique position to be either very beneficial or very harmful to users because they sit between you and the websites that are trying to get your information.



And we, as users, don't treat browsers this way. We treat them just the same. like a window on our computer,



but they're responsible for communicating with the internet.



And so, yeah, they have the opportunity to implement security measures that can help protect us from these attacks that happen in the browser, or they have the opportunity to provide malicious extensions



and other mechanisms f

In today's episode, the discussion revolves around the efficacy of password protection methods, contrasting software and hardware encryption for data security. While software encryption comes with convenience, it can be prone to attack methods like brute force, making hardware-encrypted drives a more secure choice, especially for sensitive data protection. Additionally, insights are shared on the Biden administration's plans to hold the software industry accountable for insecure software, focusing on creating incentives for cybersecurity investment. Furthermore, Microsoft's recent cybersecurity overhaul showcases a shift towards prioritizing security over new features, highlighting the importance of executive accountability and incentive structures for ensuring robust security practices.



https://www.helpnetsecurity.com/2024/05/10/password-protect-pdf-excel-files/, https://www.cybersecuritydive.com/news/white-house-software-accountable-security/715797/, https://www.helpnetsecurity.com/2024/05/10/password-protect-pdf-excel-files/



Search Phrases:




data theft prevention methods



cybersecurity measures for data protection



Biden administration liability framework software industry



Microsoft cybersecurity initiative executives



software liability framework impact on industry



cybersecurity governance model Microsoft executives compensation




[00:00:00] Passwords versus encryption. How can individuals and businesses prevent data theft and hacking through proper encryption methods beyond simple password protection.



 The Biden administration seeks to establish a liability framework to hold the software industry accountable for insecure software and an effort to shift the security burden away from users and onto the industry. What measures are being taken by federal officials to incentivize longterm investment in cybersecurity through a software liability framework. And how will this shift impact the industry and consumers?



 Microsoft is leading a new cybersecurity initiative with the compensation for senior executives being linked to security standards, fostering a company wide security first approach that emphasizes accountability.



How has Microsoft revamped its cybersecurity governance model. And why is this [00:01:00] tying executive compensation to security? Promoting a stronger focus on cyber security within the company. You're listening to the daily decrypt.



 Password protection versus encryption. This is an interesting article from health net security titled how secure is the password protection? On your files and drives it. Discusses.



While password protection may be, can be lenient. It can be easily circumvented making it vulnerable to hacking attempts.



In some instances, password protection does use a form of encryption, and we're going to discuss a couple of different types of encryption in that software encryption and hardware encryption. And we'll go have a little bit of the differences there.



Software encryption is a way of protecting information on computers and systems online by turning readable data like texts in a document or a message into a scrambled unreadable format.



Imagine you have a letter that you want to send securely, you put it in a box and lock it with a key. You [00:02:00] send the locked box and the recipient uses a copy of the key to open it and read the letter. And software encryption. The box is the encryption technology and the letter is your data.



Many office applications. Do you offer software encryption to protect files? However software encryption has security drawbacks, such as being susceptible to brute force attacks and relying on a single point of failure, like a user's password or encryption keys.



Hardware encryption. Is similar to software encryption in that it protects data by converting it into a scrambled unreadable format. However, instead of using software to perform this process, hardware encryption relies on a physic

In today's episode, we delve into the findings of a recent investigation conducted by Insikt Group on an influence network known as CopyCop, likely operated from Russia and aligned with the Russian government. This network extensively employs generative AI to create and disseminate political content aimed at specific audiences, focusing on divisive issues and undermining Western governments. The episode also highlights the challenges posed by CopyCop's AI-generated disinformation content and the broader implications on election defense strategies and the risks posed to media organizations. Check out the detailed technical analysis and insightful recommendations shared in the episode links: Recorded Future Analysis, AT&T Microsoft 365 Delay, and IoT Device Security Regulations.



00:00 Intro



01:02 Unveiling CopyCop: Russia's AI-Driven Disinformation Campaign



03:43 The Spam Wave: AT&T and Microsoft 365's Email Blockade



05:51 The IoT Security Challenge: Navigating New Regulations



Search Phrases:




AI-generated disinformation threats



Addressing CopyCop network disinformation



Protecting content against AI plagiarism



Impact of Russian-operated networks on disinformation



AT&T email delivery delay issues



Microsoft 365 email spam wave



Gmail service disruption due to spam



IoT security regulations compliance



Preventing vulnerabilities in IoT devices



Exploitation in connected products due to security flaws




A Network operated by the Russian government called CopyCop is using generative AI to plagiarize and disseminate divisive political content targeting Western audiences.



Raising concerns about AI generated disinformation and amplification by known Russian influenced actors in this the year of our election. How can private media organizations



Protect their content and reputation against this growing trend.



AT& T's email servers are currently blocking Microsoft 365 due to a spam wave, causing significant delays in email delivery.



Who knew that spam could DDoS your email service?



And finally, IoT device manufacturers are facing increased pressure to improve security measures in compliance with new regulation standards in order to prevent exploitation and potential dangers stemming from the vulnerabilities in these connected products.



You're listening to The Daily Decrypt.



Alright, well, you officially heard it here first, folks. Russia is meddling in our election. I know you all are surprised and you've never heard such an outrageous claim before, but it's true. And now with the



use of large language models like OpenAI,



they can do a whole lot of damage, particularly in the realm of disinformation and divisive talk, so trying to get us to turn against each other. And they can do this automatically, using code, to grab articles from Reputable news sources and repost them by injecting AI generated content



to try to sway the results of the election.



So coming to you from recorded future, CopyCop utilizes generative AI to plagiarize and translate content from mainstream media outlets to create biased narratives, targeting specific audiences in the United States, the UK, and France, focusing on divisive domestic issues and supporting pro Russian viewpoints. The network is connected to disinformation outlet DC Weekly and Russian state sponsored influence actors, amplifying content to undermine Western policies and create distrust between these governments.



The network has expanded to operate a self hosted video sharing platform and a forum named Exposedum. Indicating growing ambitions AI generated content with truly human produced content. Making it even harder to spot the fake stuff.



So there is plenty of purely AI generated content out there.



But that's not the most effective way to spread disinformation. The most effective way to spread disinformation is to take factual articles written by legitimate sources and change them a little bit.

In today's episode, a massive fraud ring operating as 'BogusBazaar' managed to deceive over 850,000 people in the US and Europe, stealing credit card information through over 22,500 fake webshops. Meanwhile, the FBI has issued warnings about the financially motivated hacking group Storm-0539 targeting retail companies through sophisticated phishing attacks, aimed at stealing employees' login credentials to generate fraudulent gift cards. Also, the US Department of Justice charged Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the LockBit ransomware group, involved in extorting at least $100 million from over 2,000 victims worldwide. Original URLs for further reference: https://www.bleepingcomputer.com/news/security/massive-webshop-fraud-ring-steals-credit-cards-from-850-000-people/, https://www.bleepingcomputer.com/news/security/fbi-warns-of-gift-card-fraud-ring-targeting-retail-companies/, https://krebsonsecurity.com/2024/05/u-s-charges-russian-man-as-boss-of-lockbit-ransomware-group/



tags: BogusBazaar, online shops, consumers, webshop fraud



search phrases:




online shop scams



protect from webshop fraud



verify online shops legitimacy



avoiding credit card theft



Storm-0539 hacker group



phishing attacks prevention



fraudulent gift cards warning



defending against hacking group Storm-0539



Dmitry Yuryevich Khoroshev charges



LockBit ransomware impact




May9



​



A sprawling network of over 75, 000 fake online shops called Bogus Bazaar has scammed over 850, 000 victims in the U. S. and Europe, resulting in the theft of credit card information and the attempted processing of over 50 million in fake orders.



How can you, as a consumer, protect yourself against these fake online shops?



Retail companies in the United States are being targeted by the financially motivated hacker group Storm0539,



who is using advanced social engineering and phishing tactics to infiltrate gift card departments in order to create fraudulent gift cards.



It's a tale as old as time, but how can you protect yourself against these social engineering attacks?



And finally, the FBI wasn't bluffing with WHOISLOCKBITSUP, dimitri Korochev has been charged as the boss of the LockBit ransomware group, extorting over 100 million in ransom from over 2, 000 victims, including small businesses, hospitals, and government agencies.



You're listening to The Daily Decrypt.



Alright, I don't know about you, but it seems like I can't scroll on any social media for more than two minutes without getting bombarded by ads for online retailers.



And a lot of the products they sell look great and are like specifically targeted towards me and I catch myself clicking on them quite often.



And the sites that I get redirected to look pretty good. If it was five to 10 years ago, I would definitely be buying these products from these sites. But now the internet is flooded with these fake scam sites with products that don't even exist



that are just trying to get a hold of your credit card information.



As a matter of fact, there's a network of over 75,000 fake online shops named Bogus Bazaar that has scammed over 850,000 individuals.



These individuals were just like me, except they went through with these purchases.



Which resulted in them losing their credit card information,



as well as placing orders in total of over 50 million dollars.



Now, the stolen credit card credentials were sold on the dark web, which enables other threat actors to conduct unauthorized online purchases with the compromised card numbers. Now, if you catch it in time, your credit card company will reimburse you, but that does take a lot of monitoring and maybe they're gonna charge you for a dollar or two dollars and you might not even notice, but across enough credit cards, they're gonna get their money's worth.



And after looking at the geography area of the victims, which is primarily the United States and Western

In today's episode, UnitedHealth CEO Andrew Witty testifies before the Senate Finance Committee about the ransomware attack on Change Healthcare, revealing that legacy tech at Change amplified the attack's impact. Stolen credentials and lack of multifactor authentication allowed attackers to move within Change's systems, leading to the deployment of ransomware. UnitedHealth's response included bringing in multiple incident response firms and cybersecurity experts to aid in recovery efforts. Original URLs: https://www.cybersecuritydive.com/news/unitedhealth-change-attack-tech-takeaways/715200/, https://thehackernews.com/2024/05/critical-tinyproxy-flaw-opens-over.html, https://www.bleepingcomputer.com/news/security/lockbits-seized-site-comes-alive-to-tease-new-police-announcements/#google_vignette



Tags: UnitedHealth, ransomware, Change Healthcare, technology infrastructure, Tinyproxy, Remote code execution, Security flaw, Cyberattacks, LockBit, Law enforcement, Data leak site



Search phrases:




Preventing data breaches in healthcare systems



Upgrade technology infrastructure in healthcare



Protecting against ransomware attacks



Tinyproxy security flaw solutions



Remote code execution prevention



Cybersecurity measures for critical security flaws



LockBit ransomware impact on operations



Law enforcement actions against ransomware gangs



Data leak site revelations



Identifying ransomware operators




More than 50, 000 hosts are at risk of remote code execution due to a critical unpatched flaw in the TinyProxy service.



How can users protect their devices from this critical tiny proxy flaw?



Law enforcement has revived a seized LockBit ransomware data leak site, teasing new announcements to come including potential revelations about the identity of LockBit's operator.



Is law enforcement bluffing or do they actually have this information?



And finally, we've got the five key security takeaways from the Change Healthcare Ransomware Attack, as summarized by Cybersecurity Dive, to include outdated technology, stolen credentials, multifactor and more. You're listening to The Daily Decrypt.



A critical unpatched security flaw in the TinyProxy service is leaving over 50, 000 hosts exposed to remote code execution threats. The vulnerability has a high CVSS score of 9. 8 out of 10 and affects versions 1. 10 and 1. 11.



This vulnerability in the TinyProxy service allows attackers to execute malicious code through specially crafted HTTP



an unauthenticated threat actor could exploit this flaw by sending a specific HTTP connection header, triggering memory corruption that could lead to remote code execution on vulnerable systems.



Data from Census shows that approximately 57 percent of the 90, 000 publicly accessible hosts are running vulnerable versions, with a significant number of these hosts located in the United States, South Korea, China, France, and Germany.



In order to mitigate this risk, it's recommended to upgrade to the most recent version of Tinyproxy. And, if at all possible, don't expose your tiny proxy service to the public facing internet.



Law enforcement agencies, including the NCA, FBI, and Europol, have resurrected a previously seized lockbit ransomware data leak site, hinting at potential new revelations set to be disclosed today.



During Operation Kronos on February 19th, authorities dismantled LockBit's infrastructure, taking down 34 servers hosting the DataLeak website, cryptocurrency addresses, decryption keys, and the affiliate panel. In a response to the disruption, the police repurposed one of the DataLeak sites into a platform for sharing insights gained during the operation, including details on affiliates, as well as LockBit's deceptive practices regarding stolen data deletion post ransom payment.



One of the blog posts is titled, Who is LockBit Sup?, which is a reference to the individual or group of individuals who are running this ransomware organization.