If nation states (or their mercenary criminal gangs) keep up aggressive probing they eventually must cross a line that requires retaliation. Does either side know where that line is? Is everything Russia does to the Ukraine a ‘warlike’ hack?
Microsoft Detects an Increase in Nation-State Attacks and Password Attacks
Microsoft has detected increased nation-state attacks as competing governments rush to compromise systems for cyber espionage and to spread misinformation. The company also observed increased password attacks as hackers “industrialize” cybercrime, thus lowering the entry barrier.
… According to Microsoft Digital Defense Report 2022, 90% of Russian attacks were against NATO countries, with nearly half (48%) targeting IT firms.
(Related)
https://thehackernews.com/2022/11/north-korean-hackers-targeting-europe.html
North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor
(Related)
https://thehackernews.com/2022/11/chinese-hackers-using-42000-imposter.html
Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign
(Related)
US govt: Iranian hackers breached federal agency using Log4Shell exploit
Why security breaches are inevitable?
Misconfigurations, Vulnerabilities Found in 95% of Applications
Nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability, a new study shows.
Weak SSL and TLS configuration, missing Content Security Policy (CSP) header, and information leakage through server banners topped the list of software issues with security implications, according to findings in software and hardware tools conglomerate Synopsys' new Software Vulnerabilities Snapshot 2022 report published today. While many of the misconfigurations and vulnerabilities are considered to be of medium severity or less, at least 25% are rated highly or critically severe.
… Penetration tests, for example, detected 77% of the weak SSL/TLS configuration issues, while dynamic application security testing (DAST) detected the issue in 81% of tests. Both the technologies, plus mobile application security testing (MAST), led to the issue being discovered in 82% of tests, according to the Synopsys report.
The subtilty of the spoof…
https://krebsonsecurity.com/2022/11/disneyland-malware-team-its-a-puny-world-after-all/
Disneyland Malware Team: It’s a Puny World After All
A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic and Ukrainian.
… The U.S. financial services firm Ameriprise uses the domain ameriprise.com; the Disneyland Team’s domain for Ameriprise customers is https://www.xn--meripris-mx0doj[.]com [brackets added to defang the domain], which displays in the browser URL bar as ạmeriprisẹ[.]com.
Look carefully, and you’ll notice small dots beneath the “a” and the second “e”. You could be forgiven if you mistook one or both of those dots for a spec of dust on your computer screen or mobile device.
Tools & Techniques. This could be amusing. Create your own ancestors?
MyHeritage Releases AI Time Machine™ to Enable Anyone to Transform Themselves Into Historical Figures Using Everyday Photos
MyHeritage, the leading global service for discovering your past and empowering your future, announced today the release of AI Time Machine™, a cutting-edge, fun feature that creates images of a person in different time periods throughout history using text-to-image AI technology. The stunning, hyper-realistic results can easily be shared on social media and used as profile photos to amaze friends and family.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20221115005886/en/
Something for the techies.
https://www.allthingsdistributed.com/2022/11/amazon-1998-distributed-computing-manifesto.html
The Distributed Computing Manifesto
Today, I am publishing the Distributed Computing Manifesto, a canonical document from the early days of Amazon that transformed the architecture of Amazon’s ecommerce platform. It highlights the challenges we were facing at the end of the 20th century, and hints at where we were headed.
… During my keynote at AWS re:Invent in a couple of weeks, I plan to talk about how the concepts in this document started to shaped what we see in microservices and event driven architectures. Also, in the coming months, I will write a series of posts that dive deep into specific sections of the Distributed Computing Manifesto.
… The full text of the Distributed Computing Manifesto is available below. You can also view it as a PDF.
No comments:
Post a Comment