BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Exposed Cloud Server Tracks 800,000 Volkswagen, Audi, and Skoda EVs
/in General NewsSUMMARY A recent report from the German news outlet Spiegel has revealed a significant security breach impacting hundreds…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Four-Faith Industrial Router Vulnerability Exploited in Attacks
/in General NewsThreat actors are exploiting a command injection vulnerability in Four-Faith industrial routers to deploy a reverse shell.
The post Four-Faith Industrial Router Vulnerability Exploited in Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
The Most Dangerous People on the Internet in 2024
/in General NewsFrom Elon Musk and Donald Trump to state-sponsored hackers and crypto scammers, this was the year the online agents of chaos gained ground.
Security Latest – Read More
Several Chrome Extensions Compromised in Supply Chain Attack
/in General NewsCyberhaven and other Chrome extensions were compromised in a supply chain attack targeting Facebook advertising users.
The post Several Chrome Extensions Compromised in Supply Chain Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Verizon says it has secured its network after breach by China-linked Salt Typhoon group
/in General NewsU.S. telecom giant Verizon says it has secured its network after being targeted by the China-linked Salt Typhoon cyberespionage group. In a statement given to TechCrunch on Sunday, Verizon spokesperson Richard Young said the company has “contained the cyber incident brought on by this nation-state threat actor,” and that it has not detected any threat actor […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Critical Flaw Exposes Four-Faith Routers to Remote Exploitation
/in General NewsSUMMARY: VulnCheck has discovered a critical new vulnerability (CVE-2024-12856) affecting Four-Faith industrial routers (F3x24 and F3x36), with evidence…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Happy 15th Anniversary, KrebsOnSecurity!
/in General NewsImage: Shutterstock, Dreamansions.
KrebsOnSecurity.com turns 15 years old today! Maybe it’s indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024’s most engrossing security stories were about bad things happening to bad guys. It’s also an occasion to note that despite my publishing fewer stories than ever this past year, we somehow managed to attract near record levels of readership (thank you!).
In case you missed any of them, here’s a recap of 2024’s most-read stories. In January, KrebsOnSecurity told the story of a Canadian man who was falsely charged with larceny and lost his job after becoming the victim of a complex e-commerce scam known as triangulation fraud. This can occur when you buy something online — from a seller on Amazon or eBay, for example — but the seller doesn’t actually own the item for sale. Instead, they purchase the item using stolen payment card data and your shipping address. In this scam, you receive what you ordered, and the only party left to dispute the transaction is the owner of the stolen payment card.
Triangulation fraud. Image: eBay Enterprise.
March featured several investigations into the history of various people-search data broker services. One story exposed how the Belarusian CEO of the privacy and data removal service OneRep had actually founded dozens of people-search services, including many that OneRep was offering to remove people from for a fee. That story quickly prompted Mozilla to terminate its partnership with OneRep, which Mozilla had bundled as a privacy option for Firefox users.
A story digging into the consumer data broker Radaris found its CEO was a fabricated identity, and that the company’s founders were Russian brothers in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites.
Radaris repeatedly threatened to sue KrebsOnSecurity unless that publication was retracted in full, alleging that it was replete with errors both factual and malicious. Instead, we doubled down and published all of the supporting evidence that wasn’t included in the original story, leaving little room for doubt about its conclusions. Fittingly, Radaris now pimps OneRep as a service when consumers request that their personal information be removed from the data broker’s website.
Easily the longest story this year was an investigation into Stark Industries Solutions, a large, mysterious new Internet hosting firm that materialized when Russia invaded Ukraine. That piece revealed how Stark was being used as a global proxy network to conceal the true source of cyberattacks and disinformation campaigns against enemies of Russia.
The homepage of Stark Industries Solutions.
Much of my summer was spent reporting a story about how advertising and marketing firms have created a global free-for-all where anyone can track the daily movements and associations of hundreds of millions of mobile devices, thanks to the ubiquity of mobile location data that is broadly and cheaply available.
Research published in September explored the dark nexus between harm groups and cybercrime communities consumed with perpetrating financial fraud. That analysis found an increasing number of young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and extort vulnerable teens into physically harming themselves and others.
One focus of that story was a Canadian cybercriminal who used the nickname Judische. Identified by the Mandiant as one of the most consequential threat actors of 2024, Judische was responsible for a hacking rampage that exposed private information on hundreds of millions of Americans. That story withheld Judische’s real name, but the reporting came in handy in late October when a 25-year-old Canadian man named Connor Riley Moucka was arrested and charged with 20 criminal counts connected to the Snowflake data extortions.
A surveillance photo of Connor Riley Moucka, a.k.a. “Judische” and “Waifu,” dated Oct 21, 2024, 9 days before Moucka’s arrest. This image was included in an affidavit filed by an investigator with the Royal Canadian Mounted Police (RCMP).
In November, KrebsOnSecurity published a profile of Judische’s accomplice — a hacker known as Kiberphant0m — detailing how Kiberphant0m had left a trail of clues strongly suggesting that they are or recently were a U.S. Army soldier stationed in South Korea.
My reporting in December was mainly split between two investigations. The first profiled Cryptomus, a dodgy cryptocurrency exchange allegedly based in Canada that has become a major payment processor and sanctions evasion platform for dozens of Russian exchanges and cybercrime services online.
How to Lose a Fortune with Just One Bad Click told the sad tales of two cryptocurrency heist victims who were scammed out of six and seven figures after falling for complex social engineering schemes over the phone. In these attacks, the phishers abused at least four different Google services to trick targets into believing they were speaking with a Google representative, and into giving thieves control over their account with a single click. Look for a story here in early 2025 that will explore the internal operations of these ruthless and ephemeral voice phishing gangs.
Before signing off for 2024, allow me to remind readers that the reporting we’re able to provide here is made possible primarily by the ads you may see at the top of this website. If you currently don’t see any ads when you load this website, please consider enabling an exception in your ad blocker for KrebsOnSecurity.com. There is zero third-party content on this website, apart from the occasional Youtube video embedded as part of a story. More importantly, all of our ads are static images or GIFs that are vetted by me and served in-house directly.
Fundamentally, my work is supported and improved by your readership, tips, encouragement and, yes, criticism. So thank you for that, and keep it coming, please.
Here’s to a happy, healthy, wealthy and wary 2025. Hope to see you all again in the New Year!
Krebs on Security – Read More
Study Finds AI Can Guess Crypto Seed Phrases in 0.02 Seconds
/in General NewsIN THIS ARTICLE, YOU WILL LEARN: NFT-focused news website NFTEvening and the NFT market’s data and analytics-based platform…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft
/in General NewsA new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft.
The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions in order to steal
The Hacker News – Read More
The CMMC Countdown, Part 4
/in General NewsThe CMMC Final Rule became effective on December 16, 2024. We will finish reviewing the remaining five-pointers to ensure we can obtain a conditional CMMC certificate if we cannot achieve a 110 score.
CMMC Action Plan continued
PS.L2-3.9.2
Consider creating onboarding, offboarding, and transfer procedures. These procedures should define how all access is revoked upon termination and how some access is granted and revoked during a transfer. For a transfer, personnel should gain access to CUI when they transfer into a role that requires it. Conversely, access to CUI should be revoked when they transfer to a role where CUI access is unnecessary.
PE.L2-3.10.1
Consider having a separate CMMC environment, as mentioned in previous posts. You could show your access list if you have an access control system, like a badge reader. Consider writing a procedure that describes how the access list is reviewed and updated. Consider maintaining an inventory list of the CUI devices in your CMMC environment and writing a procedure for updating that list. You should be able to leverage your procedures from the AC domain to show how access is granted to these devices. The inventory list should also identify the networking equipment and security systems and how access to them is restricted to the personnel responsible for maintaining them, such as the IT team.
PE.L2-3.10.2
We can show the access logs generated by the access control system identified in PE.L2-3.10.1. If you rely on a physical key and a video system, like Ring, consider creating a key distribution log, filling out the log to check out the key, and collecting the video logs. That way, you can show who is authorized to lock and unlock the door and show video surveillance at the door.
CA.L2-3.12.1
The CMMC controls must be certified by a C3PAO every three years. Within those three years, a yearly SPRS score must be submitted. Consider doing a quarterly self-assessment for one-fourth of the CMMC controls or a yearly one for one-third. You will have self-assessed each control after one year or three years, whichever frequency you choose. Consider defining the schedule in the SSP. Keep a formal record of each self-assessment and consider having them signed by your leadership. Document any findings in the POAM.
CA.L2-3.12.3
Consider setting up monitoring tools that automatically assess your organization’s security posture. You can use tools like Microsoft Defender XDR, Microsoft Intune, Nessus, and Greenbone.
SC.L2-3.13.1
Consider creating a drawing that describes your organizational network. An external system boundary could be your on-site firewall and VPN connection for remote users. Your internal system boundaries could include any VLANs that segregate system resources. The monitoring could be syslog events sent to a SIEM. The controls could be your firewall rules and network ACLs. The protection could be SSL and VPN encryption. Consider implementing web content filtering as an additional layer.
SC.L2-3.13.2
Consider defining the system architecture for your CMMC environment and a list of security principles and requirements. The principles should define how environmental changes will maintain its security posture. The requirements should be testable and verifiable. For example, a new cloud environment must have a valid FedRAMP or SOC 2 Type II certification, and a firewall and VPN must have valid FIPS 140-3 certification.
SI.L2-3.14.1
Consider defining a procedure with SLAs. For example, the IT team will:
SI.L2-3.14.2
Install antivirus software on every machine that contains CUI. Also, consider adding a security subscription to your cloud storage so it performs antivirus scans on your files stored in the cloud.
SI.L2-3.14.3
Consider subscribing to the CISA Cybersecurity Alerts & Advisories. Your security tools, like Microsoft Defender XDR, might have advisory alerts, but you must configure them. As mentioned, you will want to create remediation tasks to show you are responding to advisories.
AU.L2-3.3.5
Consider setting up a SIEM and sending all your logs there. The SIEM should provide you with reports that can help detect unwanted activity. Review the reports periodically. Consider a monthly review since quarterly reviews may be too long, and weekly reviews might be too often and tiring.
CM.L2-3.4.5
Consider putting networking equipment in a locked networking room only accessible by authorized personnel like the IT team. Also, administrator accounts for the IT team should be created, and permission should only be given to those accounts to make configuration changes.
CM.L2-3.4.6
There should be regular user accounts and administrator accounts. Everyone will have a regular user account with no privileges to modify the CMMC environment. Only the authorized personnel, like the IT team, will have administrator accounts. There should be a super administrator (who can make any change) and limited administrators (with limited privileges based on job role).
CM.L2-3.4.7
Consider having software that blocks blacklisted programs, functions, ports, protocols, and services. Another approach is configuring the computer with the bare minimum of programs, functions, ports, protocols, and services. Put restrictions that will require an administrator to approve any modifications.
CM.L2-3.4.8
Blacklisting is the easiest, while whitelisting is the more secure solution. Tools like Microsoft Defender XDR can prevent the execution of blacklisted software. You can use Software Restriction Policies in Windows to whitelist or blacklist too.
IA.L2-3.5.10
Consider using an identity provider (IdP), like Microsoft Entra ID, to perform the cryptography for you. Use SSO, SAML, or OpenID Connect to use your IdP to log into any third-party and custom applications.
MA.L2-3.7.5
Ensure that MFA is enabled for remote support solutions and remote desktop protocols. For connections that require SSH, consider limiting access from a machine that requires MFA to authenticate.
MP.L2-3.8.7
The simplest solution is to block removable media. If removable media is necessary, limit mounting the media to an administrator account.
RA.L2-3.11.2
Consider using vulnerability scanning software, like Nessus, and perform vulnerability scans on the operating systems and installed applications. If you are developing CUI software, consider using a vulnerability scanner, such as Snyk, for application libraries, like npm and pip packages.
SC.L2-3.13.5
Create a separate VLAN and subnet for systems that can be accessed from the Internet. Ideally, this network should be separated by a DMZ and/or a firewall and cannot access internal, non-public networks.
SC.L2-3.13.6
The firewall rule set should have deny as the last rule. The preceding rules should allow specific traffic.
SC.L2-3.13.15
All web traffic should be HTTPS with a valid TLS certificate. HTTP traffic should be blocked. SSL or a similar encryption technology should encrypt VPN traffic.
SI.L2-3.14.4
Your antivirus software should check for updates at least daily though hourly is best and automatically update.
SI.L2-3.14.6
Consider using a combination of SIEM, MDR, and XDR to analyze your logs and detect potential threats and attacks.
Before you go
Wishing you much success in your CMMC certification journey.
Sign up for my mailing list at https://miguelacallesmba.medium.com/subscribe
Secjuice – Read More