NSA 2023 Cybersecurity Year in Review

NSA 2023 Cybersecurity Year in Review

The National Security Agency has published their 2023 Cybersecurity Year in Review!

In an effort to be more transparent, the National Security Agency publishes an annual year in review sharing information regarding cybersecurity efforts that better equipped U.S. defenses against high priority cyber threats. NSA’s efforts to help secure the nation’s most sensitive systems also help your cybersecurity because NSA cascades these solutions through public guidance and engages with key technology providers to help them bolster the security of their products and services.

Submitted by Regan Williams on

"US Dismantles World's Largest 911 S5 Botnet with 19 Million Infected Devices"

"US Dismantles World's Largest 911 S5 Botnet with 19 Million Infected Devices"

The US Department of Justice (DoJ) dismantled what is considered the world's largest botnet ever. It included 19 million infected devices leased to other threat actors for committing various malicious activities. The "911 S5 botnet" served as a residential proxy service, with a global footprint spanning over 190 countries. According to the DoJ, the botnet was used for cyberattacks, financial fraud, identity theft, and more. This article continues to discuss the dismantlement of the 911 S5 botnet. 

Submitted by grigby1 CPVI on

"NSA Releases Guidance on the Visibility and Analytics Pillar of Zero Trust"

"NSA Releases Guidance on the Visibility and Analytics Pillar of Zero Trust"

The National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) titled "Advancing Zero Trust Maturity Throughout the Visibility and Analytics Pillar," which describes the infrastructure, tools, data, and methods of this Zero Trust (ZT) framework pillar. Organizations are encouraged to follow the report's advice to mitigate risks and quickly identify, detect, and respond to cyber threats. Recommended actions include logging all relevant activity, centralizing security information and event management, regularly using security and risk analytics, and more.

Submitted by grigby1 CPVI on

"Advance Fee Fraud Targets Colleges With Free Piano Offers"

"Advance Fee Fraud Targets Colleges With Free Piano Offers"

A piano-themed email campaign targeting students and faculty at North American colleges and universities commits Advance Fee Fraud (AFF). According to Proofpoint, over 125,000 emails have been observed in this scam cluster this year. Fraudsters offer free pianos in deceptive emails and then direct respondents to a fake shipping company that demands payment before delivering the piano. The scammers accept Zelle, Cash App, PayPal, Apple Pay, and cryptocurrency. They also try to get victims' names, addresses, and phone numbers. This article continues to discuss the AFF email campaign.

Submitted by grigby1 CPVI on

"Cooler Master Hit by Data Breach Exposing Customer Information"

"Cooler Master Hit by Data Breach Exposing Customer Information"

Computer hardware manufacturer Cooler Master has recently suffered a data breach after a threat actor breached the company's website and claimed to steal the Fanzone member information of 500,000 customers.  Yesterday, a threat actor by the alias "Ghostr" contacted BleepingComputer and claimed to have stolen 103 GB of data from Cooler Master on May 18th, 2024.

Submitted by Adam Ekwall on

"Cybersecurity With Human-AI Collaboration"

"Cybersecurity With Human-AI Collaboration"

Stephen Schwab, director of strategy for the University of Southern California (USC) Information Sciences Institute's (ISI) Networking and Cybersecurity division, envisions symbiotic teams of humans and Artificial Intelligence (AI) models working together to strengthen security. AI can help analysts thrive in high-stakes environments. Schwab and his team use testbeds and models to study AI-assisted cybersecurity in smaller systems.

Submitted by grigby1 CPVI on

"macOS Version of Elusive 'LightSpy' Spyware Tool Discovered"

"macOS Version of Elusive 'LightSpy' Spyware Tool Discovered"

A macOS version of the "LightSpy" surveillance framework extends the tool's targeting beyond Android and iOS devices. LightSpy is a modular iOS and Android surveillance framework used to steal files, screenshots, location data and more from victims' mobile devices. Attackers have used the framework against targets in the Asia–Pacific region. ThreatFabric reports that a macOS implant has been active in the wild since January 2024. This article continues to discuss findings regarding the macOS version of the LightSpy spyware tool.

Submitted by grigby1 CPVI on

VI Reflections: AI-Powered Behavior Analysis for Cybersecurity

VI Reflections: AI-Powered Behavior Analysis for Cybersecurity

By dgoff

Artificial Intelligence (AI)-powered behavioral analysis leverages AI to learn and predict adversarial behavior patterns. It is becoming increasingly necessary and widespread; according to one source, 93% of Security Operations Centers currently use some form of AI to conduct behavioral analytics. 

Submitted by grigby1 CPVI on

"BBC Suffers Data Breach Impacting Current, Former Employees"

"BBC Suffers Data Breach Impacting Current, Former Employees"

The BBC has recently disclosed a cyberattack that occurred on May 21, involving unauthorized access to files hosted on a cloud-based service, compromising the personal information of BBC Pension Scheme members.  The company noted that the incident impacted roughly 25,000 people, including current and former employees of Britain's national public service broadcaster.  The compromised data includes full names, national insurance numbers, dates of birth, sex, and home addresses.

Submitted by Adam Ekwall on

"TrickBot and Other Malware Droppers Disrupted by Law Enforcement"

"TrickBot and Other Malware Droppers Disrupted by Law Enforcement"

Europol has reported that authorities in over a dozen countries have disrupted the TrickBot botnet and several other malware droppers. The law enforcement operation called "Operation Endgame" targeted "Bumblebee," "IcedID," "Pikabot," "Smokeloader," "SystemBC," and "TrickBot" from May 27 to 29 to disrupt criminal operations and arrest the cybercriminals behind them. These droppers have been used in the first stage of malicious attacks to steal data, control compromised machines, and install other malware, including ransomware.

Submitted by grigby1 CPVI on
Subscribe to