Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft's services in June 2023.
The attacks, which were facilitated by Anonymous Sudan's "powerful DDoS tool," singled out critical infrastructure, corporate networks,

Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft's services in June 2023.

The attacks, which were facilitated by Anonymous Sudan's "powerful DDoS tool," singled out critical infrastructure, corporate networks, and government agencies in the United States and around the world, the U.S. Department of Justice (DoJ) said.

Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, have been charged with one count of conspiracy to damage protected computers. Ahmed Salah has also been charged with three counts of damaging protected computers.

If convicted on all charges, Ahmed Salah faces a statutory maximum sentence of life in federal prison, while Alaa Salah faces a maximum sentence of five years in federal prison. The DDoS tool is said to have been disabled in March 2024, the same month the pair were arrested from an unknown country.

"Anonymous Sudan sought to maximize havoc and destruction against governments and businesses around the world by perpetrating tens of thousands of cyberattacks," said U.S. attorney Martin Estrada.

"This group's attacks were callous and brazen—the defendants went so far as to attack hospitals providing emergency and urgent care to patients."

Anonymous Sudan, which is tracked by Microsoft under the name Storm-1359, emerged at the start of 2023, orchestrating a series of Swedish, Dutch, Australian, and German organizations. While it claimed to be a hacktivist group, the indictments show that it was just a front for what they really were, a digital mercenary crew.

"After initially joining a brief pro-Russian hacktivist campaign, Anonymous Sudan conducted a series of DDoS attacks with apparent religious and Sudanese nationalist motivations, including campaigns against Australian and Northern European entities," Crowdstrike said.

"The group was also a prominent participant in the annual #OpIsrael hacktivist campaign. Throughout these campaigns, Anonymous Sudan also demonstrated a willingness to collaborate with other hacktivist groups like KillNet, SiegedSec and Türk Hack Team."

Court documents allege that the Anonymous Sudan actors and their customers used the group's Distributed Cloud Attack Tool (DCAT) to conduct thousands of destructive DDoS attacks and publicly claim credit for them, causing more than $10 million in damages to U.S. victims alone.

According to Amazon Web Services (AWS), DDoS services were offered to prospective customers for $100 per day, $600 per week, and $1,700 per month. The service allegedly permitted up to 100 attacks each day.

The DCAT tool, marketed in the criminal underground as Godzilla, Skynet, and InfraShutdown, has been dismantled as part of a court-authorized seizure of its key components, including servers that were used to launch the DDoS attacks, servers that relayed attack commands to a broader network of attack computers, and accounts containing the source code for the DDoS tools used by the group.

"These law enforcement actions were taken as part of Operation PowerOFF, an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling criminal DDoS-for-hire infrastructure worldwide, and holding accountable the administrators and users of these illegal services," the DoJ said.

The development comes as the Finnish Customs office (aka Tulli) disrupted the Sipulitie darknet marketplace — a successor to Sipulimarket that was taken down by law enforcement in 2020 – which specialized in the sale of drugs and had been operational on the dark web since 2023.

"The website in Finnish and English was used for criminal purposes, such as selling drugs under the cover of anonymity," Tulli said. "The website administrator has said on public forums that Sipulitie's turnover was 1.3 million euros."

Elsewhere, Brazil's Department of Federal Police (DPF) said it arrested a hacker in connection with a series of cyber attacks that breached its own systems and those belonging to other international institutions.

Codenamed Operation Data Breach, the effort saw the execution of a search and seizure warrant and a preventive arrest warrant against the defendant in the city of Belo Horizonte over allegations of leaking sensitive data associated with 80,000 members of InfraGard, a collaborative exercise between the U.S. government and critical infrastructure sectors.

The unnamed individual, who went by the names USDoD and EquationCorp, has also been accused of selling data from the Federal Police twice, on May 22, 2020 and February 22, 2022, as well as leaking data from Airbus and the U.S. Environmental Protection Agency (EPA).

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks

The US DoJ indicts two Sudanese nationals allegedly behind Anonymous Sudan for over 35,000 DDoS attacks targeting critical…

The US DoJ indicts two Sudanese nationals allegedly behind Anonymous Sudan for over 35,000 DDoS attacks targeting critical infrastructure, hospitals, and major tech firms. The FBI seized a powerful DDoS tool; victims include the DOJ, Microsoft, and Cedars-Sinai.

The United States Department of Justice (DoJ) has indicted two Sudanese nationals for their alleged role in operating the hacktivist group Anonymous Sudan. The group claimed fame for conducting “tens of thousands” of large-scale and crippling Distributed Denial of Service attacks (DDoS attacks) targeting critical infrastructure, corporate networks, and government agencies globally.

****The Alleged Masterminds Behind the Attacks****

Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, stand accused of conspiracy to damage protected computers. Ahmed Salah faces additional charges for damaging protected computers.

The duo is believed to have controlled Anonymous Sudan, which, since early 2023, launched attacks on high-profile entities such as ChatGPT, UAE’s Flydubai Airline, London Internet Exchange, Microsoft, and the Israeli BAZAN Group.

Anonymous Sudan taking responsibility for DDoS attacks on OpenAI’s ChatGPT (Screenshot credit: Hackrad.com)

The group and its clients also utilized the Distributed Cloud Attack Tool (DCAT) to conduct over 35,000 DDoS attacks. These attacks targeted sensitive government and critical infrastructure in the U.S. and globally, including the Department of Justice, Department of Defense, FBI, State Department, and Cedars-Sinai Medical Center in Los Angeles.

The attacks, which sometimes lasted days, reportedly caused major damage, often crippling websites and networks. For instance, the attack on Cedars-Sinai Medical Center forced the redirection of incoming patients for eight hours, causing over $10 million in damages to U.S. victims.

****FBI Seized Anonymous Sudan’s DDoS Tool****

For your information, DCAT refers to a type of malicious tool or framework that exploits cloud resources across multiple geographic locations to execute cyberattacks. These tools often take advantage of the scalability, distribution, and on-demand nature of cloud services to create strong attack infrastructures.

According to the DoJ’s press release, in March 2024, the U.S. Attorney’s Office and the FBI, acting on court-authorized seizure warrants, successfully disabled and seized Anonymous Sudan’s “powerful DDoS tool.” This tool, which the group allegedly used to execute attacks and sold as a service to other criminals, was the base of their operations.

The March 2024 operation, which disrupted the DCAT tool (also known as “Godzilla,” “Skynet,” and “InfraShutdown”), involved seizing key components, including servers that launched and controlled attacks and those that relayed commands. The warrants also covered accounts containing the source code for the DDoS tools.

“Anonymous Sudan sought to maximize havoc and destruction against governments and businesses around the world,” stated United States Attorney Martin Estrada. He emphasized the group’s callousness, noting attacks on hospitals providing emergency care. “We are committed to safeguarding our nation’s infrastructure and holding cybercriminals accountable,” he added.

****Operation PowerOFF****

These actions are part of Operation PowerOFF, an international effort to dismantle DDoS-for-hire infrastructures active since 2018. Private sector entities like Akamai SIRT, Amazon Web Services, Cloudflare, and Microsoft have played a key role in the takedown since.

In its latest blog post shared with Hackread.com, Akamai SIRT expressed gratitude to the FBI, DOJ, and the Big Pipes working group for their commitment to prioritizing DDoS investigations and disrupting these operations.

“Akamai would like to thank the members of the Federal Bureau of Investigation (FBI), the DOJ, and the Big Pipes working group for their commitment to prioritizing DDoS investigations, as well as their investment of time and energy into unravelling these operations and attempting to disrupt them,” the company said.

1.  Cyberattack on American Water Halts Billing
2.  Dark Web’s cybercrime group indicted after stealing $530M
3.  Technician Indicted for Hacking California Water Treatment Facility
4.  Russian Hacker Wanted for Cyberattacks on Ukraine, $10M Reward
5.  North Korean Hacker Charged for Ransomware Attacks on Hospitals

US Charges Duo Behind Anonymous Sudan for Over 35,000 DDoS Attacks

Ubuntu Security Notice 7069-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7069-1October 15, 2024linux, linux-aws, linux-aws-hwe, linux-azure-4.15, linux-gcp,linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systems- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe: Linux hardware enablement (HWE) kernelDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - x86 architecture;  - Cryptographic API;  - CPU frequency scaling framework;  - HW tracing;  - ISDN/mISDN subsystem;  - Media drivers;  - Network drivers;  - NVME drivers;  - S/390 drivers;  - SCSI drivers;  - USB subsystem;  - VFIO drivers;  - Watchdog drivers;  - JFS file system;  - IRQ subsystem;  - Core kernel;  - Memory management;  - Amateur Radio drivers;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - Network traffic control;  - TIPC protocol;  - XFRM subsystem;  - Integrity Measurement Architecture(IMA) framework;  - SoC Audio for Freescale CPUs drivers;  - USB sound devices;(CVE-2024-36971, CVE-2024-42271, CVE-2024-38630, CVE-2024-38602,CVE-2024-42223, CVE-2024-44940, CVE-2023-52528, CVE-2024-41097,CVE-2024-27051, CVE-2024-42157, CVE-2024-46673, CVE-2024-39494,CVE-2024-42089, CVE-2024-41073, CVE-2024-26810, CVE-2024-26960,CVE-2024-38611, CVE-2024-31076, CVE-2024-26754, CVE-2023-52510,CVE-2024-40941, CVE-2024-45016, CVE-2024-38627, CVE-2024-38621,CVE-2024-39487, CVE-2024-27436, CVE-2024-40901, CVE-2024-26812,CVE-2024-42244, CVE-2024-42229, CVE-2024-43858, CVE-2024-42280,CVE-2024-26641, CVE-2024-42284, CVE-2024-26602)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  linux-image-4.15.0-1136-oracle  4.15.0-1136.147                                  Available with Ubuntu Pro  linux-image-4.15.0-1157-kvm     4.15.0-1157.162                                  Available with Ubuntu Pro  linux-image-4.15.0-1167-gcp     4.15.0-1167.184                                  Available with Ubuntu Pro  linux-image-4.15.0-1174-aws     4.15.0-1174.187                                  Available with Ubuntu Pro  linux-image-4.15.0-1182-azure   4.15.0-1182.197                                  Available with Ubuntu Pro  linux-image-4.15.0-230-generic  4.15.0-230.242                                  Available with Ubuntu Pro  linux-image-4.15.0-230-lowlatency  4.15.0-230.242                                  Available with Ubuntu Pro  linux-image-aws-lts-18.04       4.15.0.1174.172                                  Available with Ubuntu Pro  linux-image-azure-lts-18.04     4.15.0.1182.150                                  Available with Ubuntu Pro  linux-image-gcp-lts-18.04       4.15.0.1167.180                                  Available with Ubuntu Pro  linux-image-generic             4.15.0.230.214                                  Available with Ubuntu Pro  linux-image-kvm                 4.15.0.1157.148                                  Available with Ubuntu Pro  linux-image-lowlatency          4.15.0.230.214                                  Available with Ubuntu Pro  linux-image-oracle-lts-18.04    4.15.0.1136.141                                  Available with Ubuntu Pro  linux-image-virtual             4.15.0.230.214                                  Available with Ubuntu ProUbuntu 16.04 LTS  linux-image-4.15.0-1136-oracle  4.15.0-1136.147~16.04.1                                  Available with Ubuntu Pro  linux-image-4.15.0-1167-gcp     4.15.0-1167.184~16.04.2                                  Available with Ubuntu Pro  linux-image-4.15.0-1174-aws     4.15.0-1174.187~16.04.1                                  Available with Ubuntu Pro  linux-image-4.15.0-230-generic  4.15.0-230.242~16.04.1                                  Available with Ubuntu Pro  linux-image-4.15.0-230-lowlatency  4.15.0-230.242~16.04.1                                  Available with Ubuntu Pro  linux-image-aws-hwe             4.15.0.1174.187~16.04.1                                  Available with Ubuntu Pro  linux-image-gcp                 4.15.0.1167.184~16.04.2                                  Available with Ubuntu Pro  linux-image-generic-hwe-16.04   4.15.0.230.242~16.04.1                                  Available with Ubuntu Pro  linux-image-gke                 4.15.0.1167.184~16.04.2                                  Available with Ubuntu Pro  linux-image-lowlatency-hwe-16.04  4.15.0.230.242~16.04.1                                  Available with Ubuntu Pro  linux-image-oem                 4.15.0.230.242~16.04.1                                  Available with Ubuntu Pro  linux-image-oracle              4.15.0.1136.147~16.04.1                                  Available with Ubuntu Pro  linux-image-virtual-hwe-16.04   4.15.0.230.242~16.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7069-1  CVE-2023-52510, CVE-2023-52528, CVE-2024-26602, CVE-2024-26641,  CVE-2024-26754, CVE-2024-26810, CVE-2024-26812, CVE-2024-26960,  CVE-2024-27051, CVE-2024-27436, CVE-2024-31076, CVE-2024-36971,  CVE-2024-38602, CVE-2024-38611, CVE-2024-38621, CVE-2024-38627,  CVE-2024-38630, CVE-2024-39487, CVE-2024-39494, CVE-2024-40901,  CVE-2024-40941, CVE-2024-41073, CVE-2024-41097, CVE-2024-42089,  CVE-2024-42157, CVE-2024-42223, CVE-2024-42229, CVE-2024-42244,  CVE-2024-42271, CVE-2024-42280, CVE-2024-42284, CVE-2024-43858,  CVE-2024-44940, CVE-2024-45016, CVE-2024-46673

Ubuntu Security Notice USN-7069-1

The FIDO Alliance said it's working to make passkeys and other credentials more easier to export across different providers and improve credential provider interoperability, as more than 12 billion online accounts become accessible with the passwordless sign-in method.
To that end, the alliance said it has published a draft for a new set of specifications for secure credential exchange,

Data Privacy / Passwordless

The FIDO Alliance said it's working to make passkeys and other credentials more easier to export across different providers and improve credential provider interoperability, as more than 12 billion online accounts become accessible with the passwordless sign-in method.

To that end, the alliance said it has published a draft for a new set of specifications for secure credential exchange, following commitments among members of its Credential Provider Special Interest Group (SIG).

This includes 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung, and SK Telecom.

"Secure credential exchange is a focus for the FIDO Alliance because it can help further accelerate passkey adoption and enhance user experience," the FIDO Alliance said in a statement.

"Sign-ins with passkeys reduce phishing and eliminate credential reuse while making sign-ins up to 75% faster, and 20% more successful than passwords or passwords plus a second factor like SMS OTP."

While passkeys have the advantage of being secure and phishing-resistant, they are essentially locked in to the operating system or the password manager service, making it impossible to transfer them when switching platforms and, therefore, requiring users to create new passkeys per device.

The new specification proposed by the FIDO Alliance aims to address this gap with the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF).

They "define a standard format for transferring credentials in a credential manager including passwords, passkeys, and more to another provider in a manner that ensures transfer are not made in the clear and are secure by default," it said.

The development comes as Amazon revealed that more than 175 million customers have enabled passkeys on their accounts, nearly one year after the initial rollout.

"Passkeys fundamentally shift the way we sign in to our online accounts for the better — and seeing Amazon roll out passkeys is evidence of its commitment to its customers' time, experiences, and security across Amazon web and mobile shopping experiences," said Andrew Shikiar, chief executive officer of FIDO Alliance.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms

Organizations should be on high alert until next month's US presidential election to ensure the integrity of the voting process, researchers warn.

Source: Jon Helgason via Alamy Stock Photo

Cyber-threat actors have ramped up their targeting of the 2024 US elections with a flood of malicious activity expected to peak over the next month, aimed at causing disruption to voters and the election process and requiring increased vigilance on the part of stakeholders.

Specifically, attackers have bolstered election-related threat activity since the beginning of the year with an increase in the sale of phishing kits targeting US voters and campaign donors; the registration of more than 1,000 domains aimed at exploiting election-related content for malicious purposes; and increased ransomware activity targeting government entities, according to research from FortiGuard Labs Threat Research released today.

Since the inception of Internet-related threats, cyber-threat actors have typically increased malicious activity ahead of elections, notes Derek Manky, chief security strategist and vice president of global threat intelligence at Fortinet. However, they aim to be especially disruptive during the current election cycle, requiring that all stakeholders be prepared to fend off malicious actors in the upcoming weeks to protect election outcomes.

"As the 2024 US presidential election approaches, it's critical to recognize and understand the cyber threats that may impact the integrity and trustworthiness of the election process and the welfare of the participating citizens," he says.

Indeed, separate research has found that adversaries from Russia, China, and Iran in particular have been using cyber operations to stoke discord and influence election outcomes rather than make direct attacks on voting machines or other voter infrastructure. These more insidious tactics require a different type of vigilance on the part of defenders, the researchers noted.

**Specific Threats to Watch For**

FortiGuard Labs' latest election-threat research is the result of analysis of threats gathered from January 2024 to August 2024 that may affect US-based entities and the electoral process. The researchers discovered several key areas of threat activity that have been on the rise.

One is a significant increase in the availability of affordable phishing kits on the Dark Web designed to target voters and donors by impersonating the presidential candidates and their campaigns. Specifically, the researchers found kits for $1,260 created to impersonate US presidential candidates and to harvest personal information, including names, addresses, and credit card details.

Part of the phishing activity around the current election cycle also includes an increase of highly convincing mobile scams that use phone calls, voicemails, or messaging services that leverage deepfake technology to spread misinformation, which can affect voter outcomes, notes Alex Quilici, CEO at YouMail.

"AI can now create highly convincing voice attacks that make it sound like a trusted figure, such as a candidate, urging you not to vote or spreading false information," he says. "This kind of deception can seriously undermine public trust and disrupt the electoral process."

Attackers also have registered more than 1,000 new potentially malicious domains since the beginning of 2024 that incorporate election-related content and candidates to lure unsuspecting targets and potentially conduct nefarious activities, the researchers noted. The two most-used hosting providers for these election-themed websites are AMAZON-02 and CLOUDFLARENET, demonstrating that attackers are leveraging known, reputable services to bolster the legitimacy of malicious domains.

Another way cyberattackers can spread misinformation and disrupt the democratic process is through the use of people's personal information to directly target them, the researchers noted. Fortinet found that there currently is an abundance of this type of material on the Dark Web, with more than 1.3 billion rows of combo lists — which include usernames, email addresses, and passwords — of US citizens for sale for nefarious use.

The availability of this data poses a considerable risk for credential-stuffing attacks that allow cybercriminals to gain unauthorized access to people's accounts. Overall, the availability of so much personal data of various election stakeholders creates potential indirect disruption in the voting process, notes Casey Ellis, founder and chief strategy officer at Bugcrowd.

"While it may be difficult to use these records to commit the kind of fraud or attacks that would directly modify the outcome of an election, it's certainly a cheap and simple exercise to simply highlight the possibility of their use as a way to instill distrust in the democratic process, and to potential affect and manipulate voter turnout," he says.

FortiGuard Labs researchers also noted a 28% increase in ransomware attacks against the US government year-over-year based on observed leak sites. This type of activity also can threaten the integrity of the election process by undermining citizens' trust in the ability of the government to protect the personal data they collect from them.

**Protect Election Integrity**

To ensure the US presidential election process runs smoothly for all that wish to participate, Fortinet offered some recommendations to prevent and mitigate attacks between now and election day. The researchers advised that individuals and organizations alike always remain vigilant for suspicious behavior or activity leading up to major election-related events and prioritize good cyber hygiene in general to reduce potential threats.

Organizations, especially those related to the election or government agencies, should prioritize employee training and awareness about the cyber threats that exist that aim to disrupt the election process. Enforcing multifactor authentication and a strong password policy across both individuals' and organizations' online accounts also can protect against intrusion.

Finally, any organization with a stake in the election also should install endpoint protection solutions, patch operating systems and Web servers, and update software regularly to ensure systems are as secure as possible, Fortinet recommended.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Cyberattackers Unleash Flood of Potentially Disruptive Election-Related Activity

By combining human and nonhuman identity management in one solution, Flock Safety is helping law enforcement solve an impressive number of criminal cases every day.

Source: ArtemisDiana via Alamy Stock Photo

When Jerrid Powell went on a shooting spree in Beverly Hills last year, he had no idea what he was up against. Law enforcement used Flock Safety's evidence-based crime-solving technology to help locate him. Powell was quickly apprehended and is now behind bars.

Flock Safety is a success story. In less than six years, the native-cloud company has become one of the country's largest public safety technology vendors. It plays a part in solving 10% of crimes in the United States, equating to about 2,000 cases per day, according to a report from the company and validated by independent criminology researchers. It does this by analyzing a vehicle's "fingerprint" using object detection and machine learning, focusing on everything from license plates to bumper stickers.

With so many law enforcement agencies relying on its technology, Flock Safety puts security first. That means securing the identity of its user accounts, along with 1,000 employees and a fleet of cameras, video cameras, and audio detection devices.

From the beginning, Flock Safety has been using Okta for human identity management against its corporate systems, like Salesforce, Google, and Amazon Web Services. Using Okta's customer and workforce identity cloud technology, employees, customers, and contractors authenticate themselves by entering their credentials. It also uses Okta subsidiary's Auth0 to authenticate Internet of Things devices, like cameras, to its FlockOS and devices.

"Imagine a network of cameras, drones, and gunshot detection devices across the United States," explains Eric Tan, the company's CIO and chief security officer. "Each one of those devices has a unique ID and secret associated \[with\] the device that's calling home to the mothership to authenticate and pass on images or videos."

Flock Safety's approach is comprehensive. Alfredo Ramirez, a senior director and analyst of security and emerging technology at Gartner, says that while most companies do use some type of modern technology for employee authentication, they are often less successful at handling nonemployee identities or correlating all of them across connected corporate applications.

**Covering All Bases**

While Tan is quite satisfied with the protection Okta and Auth0 are providing, he noticed that as Flock Safety's customer base and reach grew, it needed to expand past authentication into the realm of authorization. Essentially, authentication is the first step in identity management, but higher levels of security require authorization, which moves beyond identity verification to determining users' levels of access and granting access based on those levels.

"When an identity or user account authenticates onto our platform, we know we're covered, but what we don't know is where that identity is going once it's on the platform," Tan explains. "That's what we wanted to address."

With that goal in mind, Tan found Permiso Security, a cloud security company that had recently branched into identity management. With its ability to track both human and nonhuman identities across authentication boundaries, Permiso's Universal Identity Graph seemed like it could bridge the gap between authentication and authorization for Flock Safety.

Tan looks at it this way: "Auth0 and Okta are important preventative solutions, but Permiso is more like a motion detector system in a house. I want to know who or what is coming into all of the different rooms, and if anything looks off, I want it to let me know."

This is the first year where vendors are going to market claiming to be able to discover and secure all nonhuman identity types, but very few claim to be able to handle securing both human and nonhuman identities within the same solution, Gartner's Ramirez says. Most, like Permiso, are using some sort of graph database technology, unlike incumbent identity vendors.

Over the next three to five years, Ramirez expects incumbent identity security vendors to build, buy, or partner for nonhuman identity solutions to complement their human identity solutions. In addition, he expects startups to continue to advance in this area.

**Looking Ahead**

For Flock Safety, the time to get this up and running is now. Through an API, Permiso's solution can see the identities in Auth0 and Okta. Flock Safety also exposes the API to some of its more critical systems, like Google Workspace or GitHub, so it can monitor for suspicious activity.

"If one of our cameras were to call home and eventually grant themselves access to our GitHub source code library, that would be really odd. Permiso would pick that up," Tan explains. "Similarly, if you had an employee who was a field technician, and that person's user account was granted additional permissions or elevated access within our Google Active Directory or Workspace environment, it would alert us and automatically quarantine them."

Tan is considering adding Astrix Security's nonhuman identity security platform for real-time discovery and mitigation of breaches by nonhuman identities. He's currently evaluating the tool.

"For example, if there is a test API account connected to our GitHub instance with elevated privileges that the team isn't tracking, I would have the team either shut it down, reduce the privileges, or make it authenticate through Auth0," Tan says.

While it might seem like Flock Safety is adding a surprising number of identity-related security tools into its stack, it's always better to be as prepared as possible, Tan says.

"The concept of solving for nonhuman identity risks is still in the early innings, similar to LLM risks," he says. "The idea is to pick a handful of early innovators and compare the results. In my experience, they're usually always different, allowing us to think about the various threat vectors."

**About the Author**

Contributing Writer, Dark Reading

Karen D. Schwartz is a technology and business writer with more than 20 years of experience. She has written on a broad range of technology topics for publications including ITProToday, CIO, InformationWeek, GCN, FCW, FedTech, BizTech, eWeek, and Government Executive.

Fighting Crime With Technology: Safety First

The Center for Digital Democracy calls on the FTC, the FCC, and California regulators to look at connected TV practices.

Your television is debuting the latest, most captivating program: You.

In a report titled “How TV Watches Us: Commercial Surveillance in the Streaming Era,” the Center for Digital Democracy (CDD) spotlighted a massive data-driven surveillance apparatus that ensnares the public through modern television sets.

> “The widespread technological and business developments that have taken place during the last five years have created a connected television media and marketing system with unprecedented capabilities for surveillance and manipulation.”

In cooperation with data brokers, streaming video programming networks, Connected Television (CTV) device companies, and smart TV manufacturers are creating detailed digital dossiers about viewers, based on a person’s identity information, viewing choices, purchasing patterns, and thousands of online and offline behaviors.

Because of their findings, the CDD has called on the Federal Trade Commission (FTC), the Federal Communications Commission (FCC), and California Regulators to investigate connected TV practices.

The report provides a detailed overview of all the different ways in which streaming services and streaming hardware target viewers in ways that are severe privacy infringements.

Earlier, we read a paper by researchers of the Cornell University about a tracking approach called Automatic Content Recognition (ACR). ACR is a technology that periodically captures the content displayed on a TV’s screen and matches it against a content library to detect what content is being displayed at any given point in time.

The researchers found that ACR is functional even when the smart TV is used as a “dumb” external display. There are two types of ACR fingerprinting: one to process acoustic (ACR audio) media, and one for video content (ACR Video).

Brands utilize ACR TV for multiple reasons. The most obvious are frequency optimization, unique reach abilities, and improved targeting. With the advent of CTV, more and more people are opting out of cable television, which opens the opportunity of more targeted advertising to reach a specific audience.

Free Advertiser-Supported TV (FAST channels) such as Tubi, Pluto TV, and many others are commonplace, and present advertisers with a key opportunity to monetize viewer data and target them with sophisticated new forms of interactive marketing.

CTV has unleashed a powerful arsenal of interactive advertising techniques, including virtual product placement inserted into programming and altered in real time. CTV companies operate cutting-edge advertising technologies that gather, analyze, and then target consumers with ads, delivering them to households in the blink of an eye. These can be hyper targeted advertisements which are personalized for individual viewers.

The report profiles major players in the connected TV industry, along with the wide range of technologies they use to monitor and target viewers. Some household names you might be interested in include:

*   Disney(+)
*   Netflix
*   Amazon
*   Roku
*   Vizio
*   Comcast (NBCU)
*   LG
*   Samsung
*   Google (YouTube)

> “Many of these entities offer misleading and disingenuous ‘privacy policies’ and self-serving descriptions of their systems that fail to explain the complex processes they use to extract data from consumers, track viewing and other behaviors, and facilitate targeted marketing.”

Combine the data these companies are gathering about us with other information that data brokers possess, and you are way past anything we should find acceptable.

Experian offers “over 240 politically relevant audience” segments for sale, based on a detailed set of criteria, including “audience interactions, preferences, demographics, behaviors, location, income and more.”

The US market, which is one of only two that allow direct-to-consumer advertising of pharmaceutical products, is seeing marketers for pharmaceutical products that are heavily invested in connected TV advertising.

Industry research shows that families with young children tend to watch more streaming TV content. Children and teens play a powerful role in determining the viewing patterns of their families, serving as decision-makers when it comes to streaming content. Disney Advertising even calls the cohorts of children, teens and adults viewing its Disney+ and other content “Generation Stream.”

Report co-author Kathryn C. Montgomery, Ph.D. stated:

> “Policy makers, scholars, and advocates need to pay close attention to the changes taking place in today’s 21st century television industry. In addition to calling for strong consumer and privacy safeguards, we should seize this opportunity to re-envision the power and potential of the television medium and to create a policy framework for connected TV that will enable it to do more than serve the needs of advertisers. Our future television system in the United States should support and sustain a healthy news and information sector, promote civic engagement, and enable a diversity of creative expression to flourish.”

**Personal Data Remover**

It may feel like keeping your sensitive data away from data brokers is a losing fight, but there are ways to stop those data brokers from collecting new information and, where possible, to have it deleted from their rosters. For people in the United States, Malwarebytes Personal Data Remover provides:   

*   Immediate, deep scans across roughly 175 databases to find your personal data. 
*   Personalized, in-depth reports on what data is being sold and who is selling it.  
*   Automatic data removal requests for subscribers, which can save 300+ hours of manual work in wiping sensitive details off the internet, along with free DIY guides to tackle each site individually.  
*   Recurring scans and data removal requests that will make it harder for invasive websites to rebuild their digital portraits of you.

 Modern TVs have &#8220;unprecedented capabilities for surveillance and manipulation,&#8221; group reveals 

Ubuntu Security Notice 7020-4 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7020-4October 11, 2024linux-aws-6.8, linux-oracle-6.8 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-aws-6.8: Linux kernel for Amazon Web Services (AWS) systems- linux-oracle-6.8: Linux kernel for Oracle Cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - Network drivers;  - SCSI drivers;  - F2FS file system;  - BPF subsystem;  - IPv4 networking;(CVE-2024-42228, CVE-2024-42154, CVE-2024-42160, CVE-2024-42159,CVE-2024-41009, CVE-2024-42224)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-6.8.0-1013-oracle   6.8.0-1013.13~22.04.1  linux-image-6.8.0-1013-oracle-64k  6.8.0-1013.13~22.04.1  linux-image-6.8.0-1016-aws      6.8.0-1016.17~22.04.2  linux-image-aws                 6.8.0-1016.17~22.04.2  linux-image-oracle              6.8.0-1013.13~22.04.1  linux-image-oracle-64k          6.8.0-1013.13~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7020-4  https://ubuntu.com/security/notices/USN-7020-3  https://ubuntu.com/security/notices/USN-7020-2  https://ubuntu.com/security/notices/USN-7020-1  CVE-2024-41009, CVE-2024-42154, CVE-2024-42159, CVE-2024-42160,  CVE-2024-42224, CVE-2024-42228Package Information:  https://launchpad.net/ubuntu/+source/linux-aws-6.8/6.8.0-1016.17~22.04.2  https://launchpad.net/ubuntu/+source/linux-oracle-6.8/6.8.0-1013.13~22.04.1

Ubuntu Security Notice USN-7020-4

CISOs in consumer and retail organizations appear to accept greater risks to allow for more innovation, which could be a model for future growth.

Source: FOTOGRIN via Shutterstock

Chief information security officers (CISOs) have long borne the reputation of blocking innovation to keep their organization and all its data safe and sound.

However, those competing priorities appear to be shifting, especially in the retail and consumer sectors. While the majority of CISOs (59%) across all sectors see themselves as "enablers" — as opposed to just managers of cyber-risk — nearly all (97%) CISOs in the retail segment view their role as an enabler, according to a survey of more than 1,000 global CISOs conducted by cybersecurity firm Netskope. As a result, CISOs' acceptance of risk has grown, with the majority of all CISOs ready to take on more risk compared with five years ago. For the retail sector, the share of risk-embracing CISOs is even higher (74%).

The pressure on companies to innovate — and CISOs' understanding of their role in making that happen — are driving CISOs to become risk-takers, Netskope CISO James Robinson says.

"Typically, you had someone who was really, really technical, and they were working through things, but they really didn't have that business side of the brain — knowing the business metrics and data," he says. "CISOs have moved from the need to say no and maybe even taken it a step further — saying the answer is always, "Yes, just how do we get there?'"

From gift-card scams to brand hijacking for phishing attacks to devastating ransomware, retailers are a popular target for cybercriminals and fraudsters. At the same time, the retail sector has had to weather the chaos caused by the pandemic and supply-chain disruptions, which led to demand fluctuations and a loss of brand loyalty. The subsequent spike in inflation over the past two years left many consumers prioritizing price. Most retail executives (67%) expect consumers to purchase fewer products in 2024, and so retailers are increasingly focused on winning loyalty, according to consultancy Deloitte's "2024 US Retail Industry Outlook" report.

**Security in the Era of Amazon and AI**

With all those disruptive forces in the market, retailers have had to transform themselves to compete, morphing from just focused on selling products to becoming data companies. Consequently, CISOs at retail companies can no longer afford to focus solely on putting a wall around their information, says Netskope's Robinson.

Like other members of the C-suite, CISOs have to be thinking about the business more holistically, Robinson says.

"Retailers now have to ask, 'What's the next innovation? What's the next thing we have to do?'" he says. "And all of those decisions are data driven ... they're being led by this wealth of data that they're collecting, so that they can have targeted experiences for their customers."

Artificial intelligence is one obvious way to innovate. A great deal of the pressure to change over the past two years has come from the development of AI capabilities and businesses' fear of missing out on any innovations — and competitive advantages. In-store cameras paired with AI analysis can determine consumer interest in products, ecommerce platforms can better predict inventory, and stores can even use recognition of facial expressions to gauge consumer sentiment.

While most companies have slowly tested the waters of AI, many will be putting their first AI-powered applications into product in the next 12 months, Robinson says.

"This is the first year also that we're really seeing GenAI projects kick off, and in the next year, we'll start to really see kind of the value of some of these projects," he says. "So I think that's probably what's shaping it even more."

**The Business-Focused CISO**

Yet, AI and cybersecurity are two technology areas that are least likely to have positive returns on investments for retailers, according to consultancy KPMG's 2023 "US Consumer and Retail Sector Insights Report." Only 46% of survey respondents noted an increase in profitability or performance due to AI — and 45% from cybersecurity. But the consumer and retail sector fell even short of that threshold, with 38% and 37% of respondents, respectively, in those industries seeing a return on investment from AI or cybersecurity.

"For many consumer and retail organizations, getting data right is still a work in progress," KPMG stated in the report.

Understandably, there are still some risks where CISOs are unwilling to compromise. Sharing information with outside parties or third parties without the proper review and without the proper agreement in place — a threat becoming more common in the era of AI — is just not possible, says Robinson.

"We knew how to data warehouse, and it's got business value — even more now with the development of GenAI," he says. "I think all of those things have kind of started to come together at this point, allowing the retail CISO to really have a leg to stand on. Now they just also have kind of the business knowledge, because they're being brought into more of these conversations at this point."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Retail CISOs Take on More Risk to Foster Innovation

Boston and London, U.S. and U.K., 10th October 2024, CyberNewsWire

**Boston and London, U.S. and U.K., October 10th, 2024, CyberNewsWire**

The agreement has marked over 600,000 fraudulent domains for takedown in just two months through automated defense and proactive prevention. Abusix and Red Sift to hold exclusive webinar sharing insights on transforming cyber attack mitigation.

Abusix, an organization specializing in internet abuse prevention, and Red Sift, a leader in misconfiguration and exposure management, have announced a new partnership aiming to transform how organizations can navigate from a reactive to a proactive approach for managing security risk.

Cyber threats such as email phishing, business email compromise (BEC), and brand impersonation remain persistent challenges for organizations globally. Addressing these issues requires both visibility and automation to enable faster detection and mitigation of such attacks.

Addressing these challenges head on, Abusix and Red Sift’s partnership aims to offer security teams visibility and action to neutralize risks preemptively. Since the agreement was enabled in August 2024, over 630,000+ domains have been marked for takedown. This outcome is attributed to Abusix’s real-time reporting capabilities for the swift identification of potential threats, and Red Sift’s ability to transform data into actionable defenses and real-time value for its customers. This is enabled through Red Sift leveraging Abusix’s data in both Red Sift OnDMARC and Red Sift Brand Trust. 

> **Rahul Powar, CEO and Co-Founder of Red Sift said:** “We find ourselves in an ever changing landscape where new attacks and methods for cyber abuse are ever prevalent. Working together with Abusix, we are harnessing new innovation and knowledge sharing to offer increased visibility to a wider remit of large enterprises and small businesses that are vulnerable to cyber threat. This in turn allows us to provide real-time solutions to mitigate against costly reputational damage and shift the industry’s approach from reactive to proactive.” 

> **Tobias Knecht, CEO and Founder of Abusix said:** “It’s not just about sharing data—it’s about sharing it with the right organizations. 95% of all attacks on enterprises originate from service provider and hosting provider networks. Enabling rapid takedowns by sharing actionable intelligence with service providers and hosting providers is a crucial step in reducing overall attack volume at its core. Through our partnership with Red Sift and their unique data solutions, we are taking a significant step forward in safeguarding the internet and improving network security overall.”

The newly formed collaboration is a move to raise the effectiveness and application use of email threat data for cybersecurity across the board and to upgrade the industry’s approach to attack mitigation. Together, the two companies are addressing ongoing critical gaps in the cybersecurity landscape by addressing crucial business needs for increased domain security and prevention of brand abuse. 

Those interested can join an exclusive webinar to learn how Abusix and Red Sift are transforming cyber attack mitigation — readers can reserve a spot today and hear about proactive strategies to protect organizations from email phishing, brand impersonation, and other emerging threats.

Readers can also learn more about the partnership’s Success Story here.

****About Abusix****

Abusix transforms vast amounts of real-time data into actionable insights, helping organizations protect against cyber threats. Its unique data ecosystem enables security teams across all sectors to proactively mitigate attacks by pinpointing the origins of cyber abuse. By enabling collaboration between enterprises, security vendors, and service providers, Abusix works to reduce the overall volume of attacks, driving a more secure internet. 

Abusix serves a global client base, including Cloudflare, Amazon Web Services (AWS), Vodafone, Digital Ocean, and multiple government organizations worldwide. Dedicated to enhancing the global security ecosystem, Abusix continues to make threat intelligence accessible and impactful across industries. Readers can learn more at abusix.com

****About Red Sift****

Red Sift aims to enable organizations to anticipate, respond to, and recover from cyber attacks while continuing to operate effectively. The award-winning Red Sift Pulse Platform is an integrated solution that combines four interoperable applications, internet-scale cybersecurity intelligence, and innovative generative AI that intends to put organizations on a path to cyber resilience. 

Red Sift is a global organization supported by a diverse team across 15 countries. It boasts an international client roster that includes Capgemini, Domino’s, ZoomInfo, Athletic Greens, and several leading law firms. Red Sift is the official DMARC provider for Cisco and a trusted partner for Microsoft and Entrust, among others. Readers can learn more at redsift.com

**Contact**

**Head of Marketing**  
**Serena Li**  
**Abusix**  
**\[email protected\]**

Tag

#amazon