Dmitry Kurbatov

👉 According to PSD3 specialists (I'm just a "techie" 😉), Confirmation of Payee becomes mandatory across the EU, requiring PSPs to notify users of any discrepancy between payee name and account details.(p16) 👈 AFAICT, this will effectively also disable the use of a phone number as sole Payee indicator. It is (about) time to reconsider this primitive scheme. For entirely local P2P payments, Apple have showed that you need no ID at all! For remote P2P payments which have proved to be rather susceptible to fraud, Payees should IMO provide a Payer-bank-verifiable Payee-bank-URL, permitting the Payer to access core Payee data like account id, common name, email address and/or phone number BEFORE hitting the transfer button. This information would then (of course) also be included in the transfer request. Not exactly 🚀 science, we can surely do that!

7

4 Comments

EU AI Act: Risk Categories -> Unacceptable Risk: certain uses of AI systems are banned due to their high potential of harm - Social Scoring Systems - Mass Surveillance -> High Risk: these systems need strict compliance measures before launch. (security reviews, ongoing assessments) - Critical Infrastructure - Education - LEA - Migration - Education - Legal - Public Services - HR -> Limited Risk: such systems pose lesser risk but still require human oversight & transparency - Chatbots - AI Agents - Employee Monitoring -> Minimal Risk: AI with insignificant risk like spam filters, assistants, etc.

1

The repository "WindowsDowndate" by SafeBreach-Labs provides a tool that manipulates Windows Updates to create custom downgrades, potentially exposing vulnerabilities that have been previously patched. Refer to github link below By downgrading critical OS components, such as the NT kernel or Hyper-V hypervisor, users or threat actor can test the systems against old vulnerabilities. The tool is intended for research purposes and was presented at Black Hat USA 2024 and DEFCON 32. If relevant logs are onboarded into your siem, analyst can be vigilant if any downgrade activities happening in the env index=windows EventCode=19 OR EventCode=20 OR EventCode=21 | stats count by ComputerName, SourceName, EventCode, Message | search Message="downgrade" OR Message="rollback" OR Message="reverting update" | eval SuspiciousActivity=if(EventCode=19 OR EventCode=20 OR EventCode=21, "Potential Windows Update Downgrade", "Normal Activity") | table _time, ComputerName, SourceName, EventCode, Message, SuspiciousActivity or you can query in edr kql would be easier for obvious reason imo 😉 Good luck!!! Enjoy your weekend and dont enjoy your weekend 😉 Me at 2231 pm, weekend still on Github..

21

3 Comments

This post summarizes a lot of the other posts I’ve written about setting up pfSense in one place with limited screenshots. Will test more with UDM Pro in upcoming posts. If you are trying to improve the security of your home network check it out. https://lnkd.in/dsecikqG

3

1 Comment

A Russia-linked advanced persistent threat (#APT) group has been abusing PDF and #MSBuild project files in a campaign that uses socially engineered emails to deliver the #TinyTurla #backdoor as a fileless payload. The campaign's seamless delivery routine is a notable evolution in sophistication, researchers said. Researchers from Cyble Inc. Researchers and Intelligence Labs (CRIL) identified the campaign, which uses emails with documents pitching invitations to human rights seminars or providing public advisories as a lure to infect users with TinyTurla. In a blog post published yesterday on the campaign, they said the attackers also impersonate legitimate authorities in an effort to lure victims in. #CRIL identified a campaign utilizing malicious .LNK files masquerading as a PDF document. Upon execution, the .LNK file loads and displays a human rights seminar invitation as a lure document, suggesting that the threat actor targets individuals with a background or interest in human rights issues.   We have also encountered a similar file used in this campaign, showing a public advisory as a lure document purportedly from the Philippine Statistics Authority. A #security #researcher made this discovery and shared it on Twitter. "When targeted individuals mistakenly believe this to be a legitimate invitation or advisory and open it, they could inadvertently install a tiny backdoor into their system," according to the post. #Attackers then can use the backdoor to execute commands from a command-and-control (#C2) server that they control and infiltrate the victim's system. #cybersecurity #threatactors #TTP

1

Security researchers have published a Proof-of-Concept (PoC) exploit for a critical vulnerability in the widely used PuTTY SSH and Telnet client. The flaw, CVE-2024-31497, permits attackers to recover private keys generated with the NIST P-521 elliptic curve in PuTTY versions 0.68 through 0.80. This vulnerability arises from PuTTY’s biased generation of ECDSA nonces when using the P-521 curve. Researchers discovered that the first 9 bits of each nonce are consistently zero, allowing for full private key recovery from approximately 60 signatures using lattice cryptanalysis techniques. Security researcher Hugo Bond demonstrated the attack’s feasibility by publishing a PoC exploit on GitHub. Leveraging the nonce bias, the PoC recovers the private key from a set of signatures generated by a vulnerable PuTTY version. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/eByKXvrE #securityresearchers #PoC #vulnerability #telnet #attackers #privatekey #cryptanalysis #PuTTY #cyberattack #cybersecurity #fhn #firsthackersnews #informationsecurity #latestnews

1

Unidirectional gateways are essential to SEC-OT in any environment where impaired industrial production is an unacceptable consequence. The most common deployment of such gateways is at the IT/OT interface, where the gateway can transmit monitoring data out of a control-critical network without the ability to send any information or attacks back into the system from the IT network. The most robust unidirectional hardware design consists of a fibre-optic transmitter connected to a fibre-optic receiver with a short piece of fibre-optic cabling. The receiver in such designs has no laser, and so is physically unable to send any information or attack back to the transmitter. The transmitter has no photocell or fibre-optic receiver able to receive a signal, even if one were sent. With this type of physical protection in place, it does not matter if the software components of a unidirectional gateway are compromised – no software compromise can impair the ability of the gateway to physically prevent online attacks from reaching the transmitting network. If it feels like this could be the right fit for you, reach out to schedule a meeting with a member of my team. There is no charge and we have solutions for all the usual needs ➡️ https://bit.ly/3X9Dcly

45

After publishing the #Cracking #macOS apps, Luca Carettoni pointed out that #Electron apps with #ElectronAsarIntegrity could not be patched so simply. In this article, I take a closer look at this #integrity #protection. #RE #Apple #Programming #Python https://lnkd.in/dsZPs2xW

25

2 Comments

SentinelOne researchers warn that the financially motivated group #FIN7 is using multiple #pseudonyms to advertise a #security #evasion tool in several criminal underground forums. FIN7 developed a tool called #AvNeutralizer (also known as #AuKill) that can bypass security solutions. The researchers noticed that the tool has been used by various ransomware operations, including #AvosLocker, #MedusaLocker, #BlackCat, #Trigona, and #LockBit. SentinelLabs researchers discovered a new version of AvNeutralizer that employs a novel technique, leveraging the #Windows driver #ProcLaunchMon.sys, to interfere and evade security measures. #cybersecurity #threatintelligence

3

This year our group had three works presented in CCS 2024 (Part 2). The second one is "Payout Races and Congested Channels: A Formal Analysis of Security in the Lightning Network", Ben Weintraub, Satwik Prabhu Kumble, Cristina Nita-Rotaru and Stefanie Roos. This is a collaboration with TU Delft and University of Kaiserslautern-Landau and was presented by Ben Weintraub. The Lightning Network, a payment channel network with a market cap of over 192M USD, is designed to resolve Bitcoin’s scalability issues through fast off-chain transactions. There are multiple Lightning Network client implementations, all of which conform to the same textual specifications known as BOLTs. Several vulnerabilities have been manually discovered, but to-date there have been few works systematically analyzing the security of the Lightning Network. We take a foundational approach to analyzing the security of the Lightning Network with the help of formal methods. Based on the BOLTs’ specifications, we build a detailed formal model of the Lightning Network’s single-hop payment protocol and verify it using the Spin model checker. Our model captures both concurrency and error semantics of the payment protocol. We then define several security properties which capture the correct intermediate operation of the protocol, ensuring that the outcome is always certain to both channel peers, and using them we re-discover a known attack previously reported in the literature along with a novel attack, referred to as a Payout Race. A Payout Race consists of a particular sequence of events that can lead to an ambiguity in the protocol in which innocent users can unwittingly lose funds. We confirm the practicality of this attack by reproducing it in a local testbed environment. Full paper is available here https://lnkd.in/df9pPbHA

43

1 Comment

Since the release of SP 80-171r3, there has been a lot of discussion on Organization-Defined Parameters or ODPs. ODPs are new to SP 800-171, but not new to security control sets. They’ve been around since 2005 with the introduction of SP 800-53. I’ve spoken to several people that say they can’t begin preparing for SP 800-171r3 because the [insert federal agency] has not defined the ODPs. However, many agencies and the FedRAMP PMO have already defined ODPs for SP 800-53r5 which is the source of SP 800-171r3; therefore, we have an indication of what to expect for SP 800-171 ODPs. Not sufficient? #NIST is one step ahead of you. SP 800-171r3 states “If a federal agency or a consortium of agencies do not specify a particular value or range of values for an ODP, nonfederal organizations must assign the value or values to complete the security requirement.” Therefore, you get to decide the ODP values when guidance isn’t available. There are many reasons not to worry about SP 800-171r3 today (e.g., #DFARS Class Deviation, no FAR Mandate – yet, still working on implementing SP 800-171r2, #CMMC); however, not having ODP values isn’t one of them. If you need help implementing SP 800-171, reach out. I’d be happy to discuss how Optic can help you implement SP 800-171r2 today while keeping an eye towards the future, so you don’t have to rip and replace when SP 800-171r3 becomes a requirement. Also, if you’re just getting started, check out our template for capturing what you’re already doing against SP 800-171r3 here: https://lnkd.in/eyV3XNpz #SP800171 #SP80053

20

Would I lie to you? "Operation MiddleFloor is an ongoing disinformation campaign against Moldovan targets that began in early August. It uses emails as the primary distribution method instead of more common methods such as social networks or fake websites. While the campaign disseminates fake emails and documents, it also aims to gather information on the victims’ environments, likely to set the stage for targeted malware attacks. The threat actors use spoofed email accounts to disseminate content allegedly originating from European Union institutions, Moldavian ministries, or political figures. This campaign exploits multiple sensitive topics and fears related to the current pro-European government and Moldova’s potential EU membership. These include concerns about gas supply and fuel prices ahead of winter, LGBT, potential stringent anti-corruption measures, changes in the education system, immigration from the Middle East, and general labor market shifts across Moldova and EU countries. The actors behind this campaign are Russian-speaking and not fully proficient in English. Based on the Tactics, Techniques, and Procedures (TTPs), targeting, and distributed messages, Lying Pigeon appears to be aligned with Russian interests. We linked Lying Pigeon to previously unattributed clusters of activity across Europe. Since early 2023, Lying Pigeon activity has been observed in several European locations related to the following themes: NATO 2023 summit in Vilnius. 2023 general elections in Spain, spreading disinformation about an alleged upcoming terrorist attack. Polish cybersecurity scene, topics such as freedom of the press, and others. According to CERT Polska, the actor they track as APT-UNK2 with substantial overlaps with Lying Pigeon, was also responsible for distributing infostealers in Poland and staging fake websites."

1

Great read on the components of the new EU cyber Rules for Electricity Providers. The Aggressive: "Will require cyber regulators in each EU country to share information with counterparts in other member states within 24 hours of a company disclosing a cyberattack." Complete Opposite of Being Aggressive: "Electricity providers also will need to carry out assessments every three years to identify cyber risks and then implement protections to prevent major problems." #cybersecurity #criticalinfrastructure #riskmanagement #penetrationtesting

3

Integrity and transparency do not promise to sound pretty, but guarantees trust and respect.

7

🚨CISA warns of Jenkins RCE bug exploited in ransomware attacks🚨 https://lnkd.in/e-VsEu2n #CISA #Jenkins #RCE #Ransomware #Cybersecurity #InfoSec #Vulnerability #CyberThreats #SecurityAlert #Exploit #PatchNow #ITSecurity #DataProtection

2