A quick Saturday digest of cybersecurity news articles from other sources.
Phone scamming kingpin gets 13 years for running “iSpoof” service
Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.
ChatGPT cheat sheet: Complete guide for 2023
Get up and running with ChatGPT with this comprehensive cheat sheet. Learn everything from how to sign up for free to enterprise use cases, and start using ChatGPT quickly and effectively.
Chinese state-sponsored attack uses custom router implant to target European governments
Check Point Research released a new report that exposes the activities of a Chinese state-sponsored APT threat actor the research team tracks as Camaro Dragon. The threat actor uses a custom implant to compromise a specific TP-Link router model and steal information from it, as well as provide backdoor access to the attackers.
People’s Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection
Summary
The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon. Private sector partners have identified that this activity affects networks across U.S. critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide.
This advisory from the United States National Security Agency (NSA), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Communications Security Establishment’s Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom National Cyber Security Centre (NCSC-UK) (hereafter referred to as the “authoring agencies”) provides an overview of hunting guidance and associated best practices to detect this activity.
One of the actor’s primary tactics, techniques, and procedures (TTPs) is living off the land, which uses built-in network administration tools to perform their objectives. This TTP allows the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response (EDR) products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations. Some of the built-in tools this actor uses are: wmic, ntdsutil, netsh, and PowerShell. The advisory provides examples of the actor’s commands along with detection signatures to aid network defenders in hunting for this activity. Many of the behavioral indicators included can also be legitimate system administration commands that appear in benign activity. Care should be taken not to assume that findings are malicious without further investigation or other indications of compromise. More…
How to use search operators to refine your Bing AI search results
To get the best search results from Bing, users should take advantage of these 10 built-in search operators, which refine your search results, save time and boost productivity.
Cloudflare releases new AI security tools with Cloudflare One
Cloudflare recently announced a new suite of zero-trust security tools for companies to leverage the benefits of AI technologies while mitigating risks.
49 Attorneys General Announce Lawsuit Against Telecommunications Company over Billions of Illegal Robocalls
SACRAMENTO – California Attorney General Rob Bonta today, as part of a bipartisan coalition of 49 attorneys general, announced a lawsuit against Avid Telecom for allegedly initiating and facilitating billions of unlawful robocalls in California and around the country. Those robocalls included Social Security Administration scams, Medicare scams, and employment scams; two robocall examples can be found here and here. Today’s complaint is the result of efforts by the nationwide Anti-Robocall Litigation Task Force, which Attorney General Bonta helped launch last year and is charged with taking legal action against telecommunications companies that perpetuate robocall traffic. More…
Microsoft warns of Volt Typhoon, latest salvo in global cyberwar
Microsoft published specifics on the Volt Typhoon state-aligned China actor. Experts say raising awareness of threats is critical.
Share
JUN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com