In a widespread campaign, threat actors use a compromised Dynamics 365 Customer Voice business account and a link posing as a survey to steal Microsoft 365 credentials.

An elaborate and rather unusual phishing campaign is spoofing eFax notifications and using a compromised Dynamics 365 Customer Voice business account to lure victims into giving up their credentials via microsoft.com pages.  

Threat actors have hit dozens of companies through the broadly disseminated campaign, which is targeting Microsoft 365 users from a diverse range of sectors — including energy, financial services, commercial real estate, food, manufacturing, and even furniture-making, researchers from the Cofense Phishing Defense Center (PDC) revealed in a blog post published Wednesday.

The campaign uses a combination of common and unusual tactics to lure users into clicking on a page that appears to lead them to a customer feedback survey for an eFax service, but instead steals their credentials.

Attackers impersonate not only eFax but also Microsoft by using content hosted on multiple microsoft.com pages in several stages of the multistage effort. The scam is one of a number of phishing campaigns that Cofense has observed since spring that use a similar tactic, says Joseph Gallop, intelligence analysis manager at Cofense.

“In April of this year, we began to see a significant volume of phishing emails using embedded ncv\[.\]microsoft\[.\]com survey links of the sort used in this campaign,” he tells Dark Reading.

**Combination of Tactics**

The phishing emails use a conventional lure, claiming the recipient has received a 10-page corporate eFax that demands his or her attention. But things diverge from the beaten path after that, Cofense PDC's Nathaniel Sagibanda explained in the Wednesday post.

The recipient most likely will open the message expecting it's related to a document that needs a signature. "However, that isn't what we see as you read the message body," he wrote.

Instead, the email includes what seems like an attached, unnamed PDF file that's been delivered from a fax that does include an actual file — an unusual feature of a phishing email, according to Gallop.

"While a lot of credential phishing campaigns use links to hosted files, and some use attachments, it's less common to see an embedded link posing as an attachment," he wrote.

The plot thickens even further down in the message, which contains a footer indicating that it was a survey site — such as those used to provide customer feedback — that generated the message, according to the post.

**Mimicking a Customer Survey**

When users click the link, they are directed to a convincing imitation of an eFax solution page rendered by a Microsoft Dynamics 365 page that's been compromised by attackers, researchers said.

This page includes a link to another page, which appears to lead to a Microsoft Customer Voice survey to provide feedback on the eFax service, but instead takes victims to a Microsoft login page that exfiltrates their credentials.

To further enhance legitimacy on this page, the threat actor went so far as to embed a video of eFax solutions for spoofed service details, instructing the user to contact "@eFaxdynamic365" with any inquiries, researchers said.

The "Submit" button at the bottom of the page also serves as additional confirmation that the threat actor used a real Microsoft Customer Voice feedback form template in the scam, they added.

The attackers then modified the template with "spurious eFax information to entice the recipient into clicking the link," which leads to a faux Microsoft login page that sends their credentials to an external URL hosted by attackers, Sagibanda wrote.

**Fooling a Trained Eye**

While the original campaigns were much simpler — including only minimal information hosted on the Microsoft survey — the eFax spoofing campaign goes further to bolster the campaign’s legitimacy, Gallop says.

Its combination of multistage tactics and dual impersonation may allow messages to slip through secure email gateways as well as fool even the savviest of corporate users who’ve been trained to spot phishing scams, he notes.

"Only the users that continue to check the URL bar at each stage throughout the entire process would be certain to identify this as a phishing attempt," Gallop says.

Indeed, a survey by cybersecurity firm Vade also released Wednesday found that brand impersonation continues to be the top tool that phishers use to dupe victims into clicking on malicious emails.

In fact, attackers took on the persona of Microsoft most often in campaigns observed in the first half of 2022, researchers found, though Facebook remains the most impersonated brand in phishing campaigns observed so far this year.

**Phishing Game Remains Strong**

Researchers at this time have not identified who might be behind the scam, nor attackers' specific motives for stealing credentials, Gallop says.

Phishing overall remains one of the easiest and most oft-used ways for threat actors to compromise victims, not only to steal credentials but also spread malicious software, as email-borne malware is significantly easier to distribute than remote attacks, according to the Vade report.

Indeed, this type of attack saw month-over-month increases through the second quarter of the year and then another boost in June that pushed "emails back to the alarming volumes not seen since January 2022," when Vade saw upwards of 100-plus million phishing emails in distribution.

"The relative ease with which hackers can deliver punishing cyberattacks via email makes email one of the top vectors for attack and a constant menace for businesses and end users," Vade's Natalie Petitto wrote in the report. "Phishing emails impersonate the brands you trust the most, offering a wide net of potential victims and a cloak of legitimacy for the phishers masquerading as brands."

Unusual Microsoft 365 Phishing Campaign Spoofs eFax Via Compromised Dynamics Voice Account

SolarWinds CISO Tim Brown explains how organizations can prepare for eventualities like the nation-state attack on his company’s software.

On Dec. 8, 2020, FireEye announced the discovery of a breach in the SolarWinds Orion software while it investigated a nation-state attack on its Red Team toolkit. Five days later, on Dec. 13, 2020, SolarWinds posted on Twitter, asking "all customers to upgrade immediately to Orion Platform version 2020.2.1 HF 1 to address a security vulnerability." It was clear: SolarWinds — the Texas-based company that builds software for managing and protecting networks, systems, and IT infrastructure — had been hacked.

More worrisome was the fact that the attackers, which US authorities have now linked to Russian intelligence, had found the backdoor through which they infiltrated the company's system about 14 months before the hack was announced. The SolarWinds hack is now almost 3 years old, but its aftereffects continue to reverberate across the security world.

Let's face it: The enterprise is constantly under threat — either from malicious actors who attack for financial gains or hardened cybercriminals who extract and weaponize data crown jewels in nation-state attacks. However, supply chain attacks are becoming more common today, as threat actors continue to exploit third-party systems and agents to target organizations and break through their security guardrails. Gartner predicts that by 2025, "45% of organizations worldwide will have experienced attacks on their software supply chains," a prediction that has created a ripple across the cybersecurity world and led more companies to start prioritizing digital supply chain risk management.

While this is the right direction for enterprises, the question still lingers: What lessons have organizations learned from a cyberattack that went across the aisle to take out large corporations and key government agencies with far-reaching consequences even in countries beyond the United States?

To better understand what happened with the attack and how organizations can prepare for eventualities like the SolarWinds hack, Dark Reading connected with SolarWinds CISO Tim Brown for a deeper dive into the incident and lessons learned three years on.

    

Tim Brown, CISO at SolarWinds

**1\. Collaboration Is Critical to Cybersecurity**

Brown admits that the very name SolarWinds serves as a reminder for others to do better, fix vulnerabilities, and strengthen their entire security architecture. Knowing that all systems are vulnerable, collaboration is an integral part of the cybersecurity effort.

"If you look at the supply chain conversations that have come up, they're now focusing on the regulations we should be putting in place and how public and private actors can better collaborate to stall adversaries," he says. "Our incident shows the research community could come together because there's so much going on there."

After standing at the frontlines of perhaps the biggest security breach in recent years, Brown understands that collaboration is critical to all cybersecurity efforts.

"A lot of conversations have been ongoing around trust between individuals, government, and others," he says. "Our adversaries share information — and we need to do the same."

**2\. Measure Risk and Invest in Controls**

No organization is 100% secure 100% of the time, as the SolarWinds incident demonstrated. To bolster security and defend their perimeters, Brown advises organizations to adopt a new approach that sees the CISO role move beyond being a business partner to becoming a risk officer. The CISO must measure risk in a way that's "honest, trustworthy, and open" and be able to talk about the risks they face and how they are compensating for them.

Organizations can become more proactive and defeat traps before they are sprung by using artificial intelligence (AI), machine learning (ML), and data mining, Brown explains. However, while organizations can leverage AI to automate detection, Brown warns there's a need to properly contextualize AI.

"Some of the projects out there are failing because they are trying to be too big," he says. "They're trying to go without context and aren't asking the right questions: What are we doing manually and how can we do it better? Rather, they're saying, 'Oh, we could do all of that with the data' — and it's not what you necessarily need."

Leaders must understand the details of the problem, what outcome they are hoping for, and see if they can prove it right, according to Brown.

"We just have to get to that point where we can utilize the models on the right day to get us somewhere we haven't been before," he says.

**3\. Remain Battle-Ready**

IT leaders must stay a step ahead of adversaries. However, it's not all doom and gloom. The SolarWinds hack was a catalyst for so much great work happening across the cybersecurity board, Brown says.

"There are many applications being built in the supply chain right now that can keep a catalog of all your assets so that if a vulnerability occurs in a part of the building block, you will know, enabling you to assess if you were impacted or not," he says.

This awareness, Brown adds, can help in building a system that tends toward perfection, where organizations can identify vulnerabilities faster and deal with them decisively before malicious actors can exploit them. It's also an important metric as enterprises edge closer to the zero-trust maturity model prescribed by the Cybersecurity and Infrastructure Security Agency (CISA).

Brown says he is hopeful these lessons from the SolarWinds hack will aid enterprise leaders in their quest to secure their pipelines and remain battle-ready in the ever-evolving cybersecurity war.

Nearly 3 Years Later, SolarWinds CISO Shares 3 Lessons From the Infamous Attack

Increasing complexity in IT continues to lead to breaches and compromises, highlighting the need for more holistic approaches to cyber protection.

**SCHAFFHAUSEN, Switzerland, Aug. 24, 2022** (GLOBE NEWSWIRE) — Today, Acronis, a global leader in cyber protection, unveiled its midyear cyber threats report, conducted by Acronis' Cyber Protection Operation Centers, to provide an in-depth review of the cyber threat trends the company's experts are tracking. The report details how ransomware continues to be the No. 1 threat to large and midsize businesses, including government organizations, and underlines how overcomplexity in IT and infrastructure leads to increased attacks. Nearly half of all reported breaches during the first half of 2022 involved stolen credentials, which enable phishing and ransomware campaigns. Findings underscore the need for more holistic approaches to cybersecurity.

To extract credentials and other sensitive information, cybercriminals use phishing and malicious emails as their preferred infection vectors. Nearly 1% of all emails contain malicious links or files, and more than one-quarter (26.5%) of all emails were delivered to the user's inbox (not blocked by Microsoft365) and then were removed by Acronis email security.

Moreover, the research reveals how cybercriminals also use malware and target unpatched software vulnerabilities to extract data and hold organizations hostage. Further complicating the cybersecurity threat landscape is the proliferation of attacks on nontraditional entry avenues. Attackers have made cryptocurrencies and decentralized finance systems a priority of late. Successful breaches using these various routes have resulted in the loss of billions of dollars and terabytes of exposed data.

These attacks are able to be launched due to overcomplexity in IT, a common problem throughout businesses as many tech leaders assume more vendors and programs lead to improved security when the inverse is actually true. Increased complexity exposes more surface area and gaps to potential attackers, keeping organizations vulnerable to potentially devastating damage.

"Today's cyber threats are constantly evolving and evading traditional security measures," said Candid Wüest, Acronis VP of Cyber Protection Research. "Organizations of all sizes need a holistic approach to cybersecurity that integrates everything from anti-malware to email-security and vulnerability-assessment capabilities. Cybercriminals are becoming too sophisticated and the results of attacks too dire to leave it to single-layered approaches and point solutions."

**Critical Data Points Reveal Complex Threat Landscape**  
As reliance on the cloud increases, attackers have homed in on different entryways to cloud-based networks. Cybercriminals increased their focus on Linux operating systems and managed service providers (MSPs) and their network of SMB customers. The threat landscape is shifting, and companies must keep pace.

Ransomware is worsening, even more so than we predicted.

Ransomware gangs, like Conti and Lapsus$, are inflicting serious damage.

The Conti gang demanded $10 million in ransom from the Costa Rican government and has published much of the 672 GB of data it stole.

Lapsus$ stole 1 TB of data and leaked credentials of over 70,000 NVIDIA users. The same gang also stole 30 GB worth of T-Mobile's source code.

The U.S. Department of State is concerned, offering up to $15 million for information about the leadership and co-conspirators of Conti.

The use of phishing, malicious emails and websites, and malware continues to grow.

Six hundred malicious email campaigns made their way across the internet in the first half of 2022.

58% of the emails were phishing attempts.

Another 28% of those emails featured malware.

The business world is increasingly distributed, and in Q2 2022, an average of 8.3% of endpoints tried to access malicious URLs.

More cybercriminals are focusing on cryptocurrencies and decentralized finance (DeFi) platforms. By exploiting flaws in smart contracts or stealing recovery phrases and passwords with malware or phishing attempts, hackers have wormed their way into crypto wallets and exchanges alike.

Cyberattacks have contributed to a loss of more than $60 billion in DeFi currency since 2012.

$44 billion of that vanished during the last 12 months.

Unpatched vulnerabilities of exposed services is another common infection vector — just ask Kaseya. To that end, companies like Microsoft, Google, and Adobe have emphasized software patches and transparency around publicly submitted vulnerabilities. These patches likely helped stem the tide of 79 new exploits each month. Unpatched vulnerabilities also tie into how overcomplexity is hurting businesses more than helping, as all these vulnerabilities serve as additional potential points of failure.

**Breaches Leave Financial, SLA Distress in Their Wake**  
Cybercriminals often demand ransoms or outright steal funds from their targets. But companies do not suffer challenges only to their bottom lines. Attacks often cause downtime and other service-level breaches, impacting a company's reputation and customer experience.

In 2021 alone, the FBI attributed a total loss of $2.4 billion to business email compromise (BEC).

Cyberattacks caused more than one-third (36%) of downtime in 2021.

The current cybersecurity threat landscape requires a multilayered solution that combines anti-malware, EDR, DLP, email security, vulnerability assessment, patch management, RMM, and backup capabilities all in one place. The integration of these various components gives companies a better chance of avoiding cyberattacks, mitigating the damage of successful attacks, and retaining data that might have been altered or stolen in the process.

You can download a copy of the full Acronis Midyear Cyberthreats Report 2022 and learn more here.

**About Acronis:**

Acronis unifies data protection and cybersecurity to deliver integrated, automated cyber protection that solves the safety, accessibility, privacy, authenticity, and security (SAPAS) challenges of the modern digital world. With flexible deployment models that fit the demands of service providers and IT professionals, Acronis provides superior cyber protection for data, applications, and systems with innovative next-generation antivirus, backup, disaster recovery, and endpoint protection management solutions powered by AI. With advanced anti-malware powered by cutting-edge machine intelligence and blockchain-based data authentication technologies, Acronis protects any environment — from cloud to hybrid to on-premises — at a low and predictable cost.

Founded in Singapore in 2003 and incorporated in Switzerland in 2008, Acronis now has more than 2,000 employees in 34 locations in 19 countries. Acronis Cyber Protect solution is available in 26 languages in over 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.

Acronis' Midyear Cyberthreats Report Finds Ransomware Is the No. 1 Threat to Organizations, Projects Damages to Exceed $30 Billion by 2023

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

A recently surfaced 84-page whistleblower report filed with the US government by Twitter’s former head of security Peiter “Mudge” Zatko last month blasts his former employer for its alleged shoddy security practices and being out of compliance with an FTC order to protect user data.

Twitter has responded alleging that Zatko is a “disgruntled employee” who was fired for poor performance and leadership. In a letter to employees Twitter’s CEO Parag Agrawal asserts that Zatko’s claims are a “false narrative that is riddled with inconsistencies and inaccuracies, and presented without important context.”

Here is an abbreviated overview of the allegations and Twitter’s reaction.

****Allegations****

Zatko, a respected white-hat hacker who served as Twitter’s head of security for roughly 15 months between 2020 and 2022**,** accused Twitter of a litany of poor security and privacy practices that together constituted a national security risk.

**Top accusations include:**

*   Twitter is a mismanaged company and gives too many of its staff access to sensitive security and privacy controls without adequate oversight.
*   One or more Twitter employees may be working for undisclosed foreign intelligence services. This, according to Zatko, elevates his concerns to a matter of national security.
*   Nearly half of Twitter’s servers lack basic security features, such as data encryption, because software running on them is either outdated or unpatched.
*   Twitter executives have prioritized growth over security as they have personally pursued massive bonuses, as high as $10 million, as incentives for the company’s rapid expansion.
*   The company is out of compliance with a 2010 FTC order to protect users’ personal information. Additionally, the company has lied to independent auditors of an FTC mandated “comprehensive information security program” tied to the 2010 order.
*   Twitter does not honor user requests to delete their personal data, because of technical limitations.
*   When Zatko attempted to bring these and many other security and privacy issues to Twitter’s board, company management misrepresented his finding and/or tried to hide the report.
*   Twitter allowed some foreign governments “… to infiltrate, control, exploit, surveil and/or censor the ‘company’s platform, staff, and operations,” according to the redacted whistleblower report submitted to congress.
*   Twitter does not have the resources or capacity to accurately determine the true number of fake (or bot) accounts on its platform. This question is central to a Elon Musk’s attempt to back out of buying the company for $44 billion.

****Twitter’s** **Muted** **Response** **

The thrust of Twitter’s response to Zatko is that he is a disgruntled employee, bad at his job and scapegoating Twitter for his failures. It points out that it has addressed and continues to aggressively address many of the IT security issues pointed out by Zatko.

An alleged response by Twitter’s CEO Parag Agrawal sent internally to Twitter employees was posted online.

> NEW: First time Twitter CEO @paraga weighs in on whistleblower story.
> 
> Sending this message to staff this morning. pic.twitter.com/WY4TCqbA5q
> 
> — Donie O'Sullivan (@donie) August 23, 2022

Meanwhile top Democrats and Republicans in Congress have reacted by promising to investigate the claims. Sen. Richard Durbin (D-IL), chair of the Senate Judiciary Committee, confirmed he was investigating the whistleblower disclosure.

> The whistleblower’s allegations of widespread security failures at Twitter, willful misrepresentations by top executives to government agencies, and penetration of the company by foreign intelligence raise serious concerns. https://t.co/9QQtlDSogr
> 
> — Senator Dick Durbin (@SenatorDurbin) August 23, 2022

Twitter Whistleblower Complaint: The TL;DR Version

New research report reveals financial organizations are failing to act despite majority experiencing a firmware-related breach.

**Portland, Ore. – Aug. 23, 2022** – Eclypsium® and Vanson Bourne today released a new report that reveals the financial sector is ill-equipped to effectively tackle the ongoing threat of firmware-related supply chain attacks. In fact, 92% of CISOs in finance believe adversaries are better equipped at weaponizing firmware than their teams are at securing it. Additionally, three out of four acknowledge gaps in awareness concerning the organization's firmware blind spot. Consequently, 88% of those surveyed admit to experiencing a firmware-related cyberattack in the last two years alone.

The Firmware Security in Financial Services Supply Chains report shares insights from 350 IT security decision-makers in the financial sector, specifically those based in the US, Canada, Singapore, Australia, New Zealand, and Malaysia. The findings not only expose the state of firmware security and the lack of preventive controls or remediation tactics, but also shed light on the complacency and lack of awareness regarding current security measures. More alarming is the consensus around little-to-no dedicated investment or resources, and general lack of skills to tackle one of the biggest threats in cybersecurity today. Data shows:

*   Over half (55%) were victims of a firmware-level compromise more than once in the past two years.
*   Almost four in 10 rate data loss (and a GDPR breach) as the leading consequence for an attack; equally ranked is the fear of losing critical security controls.
*   Destruction of critical devices (35%), customer loss (34%) and adversary access to other devices (34%) were all equally noted as a detrimental impact following a firmware-related attack.

"Financial Services organizations are leading targets of cyberattacks. That explains why they are vanguards for adopting new protection technologies, all while under the constant watchful eye of regulators and other industries waiting to follow their lead as they strive to combat ever evolving attack vectors. Yet in the case of securing firmware and the hardware supply chain, we are seeing potential blind spots," said Ramy Houssaini, Global Cyber Resilience Executive. "A shift in priorities is critical if we are going to effectively protect the technology supply chain. Financial organizations must continue to serve as trailblazers and close the firmware security gap."

**Financial Organizations Lack Firmware Risk Insights to Act**

According to the National Institute of Standards and Technology (NIST), firmware level attacks have soared by 500% since 2018, yet 93% of respondents are surprised by the lack of insight into current firmware threats. In the last eight months alone, Eclypsium Research has uncovered major in-the-wild threats, including Intel ME attacks by the Conti ransomware group. Unfortunately, the lack of insight stems from considerable gaps in knowledge of firmware and the supply chain. In fact:

*   Slightly over half (53%) know that their security controls (firewalls, access controls, etc.) rely on firmware, 44% are aware when asked the same question about laptops, leaving 56% uninformed.
*   47% believe they have total awareness of their organization's overall firmware attack surface, 49% are mostly aware. Only 39% say they would be immediately informed if a device had been compromised.

Despite the perceived knowledge, 91% are concerned about the gap in firmware security in their organization's supply chain.

**Misconceptions, Limited Funds and Lack of Skills/Resources are Driving Surge**

Firmware is the most fundamental component of any device and thus, the overall supply chain, yet it remains the most overlooked and dismissed part of the technology stack — creating a perfect catalyst for an attack. Four in five agree that firmware vulnerabilities are on the rise and close to all (93%) state that securing firmware should be an urgent priority. To move the needle, financial organizations nearly unanimously believe an increase in investment and resources is imperative. Positively, respondents anticipate an 8.5% increase in IT security budget dedicated to firmware in the next 1-2 years. In addition to these factors for success, these organizations must also dispel myths around current technologies and methods that are creating a false sense of security, such as:

*   Vulnerability management solutions (81%) and/or their endpoint detection and response (EDR) programs can identify firmware vulnerabilities and assist in remediation (83%).
*   Threat modeling exercises are a reliable source of knowledgeable insight into potential firmware gaps, according to 37% of respondents, 57% state using the process some of the time. Interestingly, 96% report their organization's threat modeling exercises do not match today's threat landscape.
*   12 hours is the average time for IT teams to respond to a firmware-based attack, with respondents attributing lack of knowledge (39%) and limited resources (37%) as the top reasons for the unduly length of time. 71%, though, claim budget is not a factor.

"Based on the onslaught of firmware-related attacks over the recent months, it's evident that adversaries are not having to work hard enough to exploit flaws in the technology supply chain. Unfortunately, our research data represents a regression that is purely driven by lack of awareness and the inaction driven by 'out of sight, out of mind,' " said Yuriy Bulygin, CEO and Co-Founder of Eclypsium. "New government directives and initiatives such as CISA's Known Exploited Vulnerabilities Catalog and its Binding Operational Directive are calls for immediate action to better safeguard the critical firmware layer of the supply chain. Progression might be slow, but we are moving in the right direction."

**ABOUT ECLYPSIUM**

Eclypsium's cloud-based platform identifies, verifies, and fortifies firmware in laptops, servers, network gear, and connected devices. The Eclypsium platform secures your device supply chain by monitoring devices for threats, critical risks, and patching firmware across the entire device fleet. For more information, visit eclypsium.com.

**About Vanson Bourne**

Vanson Bourne is an independent specialist in market research for the technology sector. Their reputation for robust and credible research-based analysis is founded upon rigorous research principles and their ability to seek the opinions of senior decision makers across technical and business functions, in all business sectors and all major markets. For more information, visit www.vansonbourne.com.

Report: Financial Institutions Are Overwhelmed When Facing Growing Firmware Security and Supply Chain Threats

Ubuntu Security Notice 5577-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

    =========================================================================Ubuntu Security Notice USN-5577-1August 24, 2022linux-oem-5.14 vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-oem-5.14: Linux kernel for OEM systemsDetails:Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe)Ethernet driver for the Linux kernel performed insufficient control flowmanagement. A local attacker could possibly use this to cause a denial ofservice. (CVE-2021-33061)It was discovered that the framebuffer driver on the Linux kernel did notverify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2021-33655)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  linux-image-5.14.0-1049-oem     5.14.0-1049.56  linux-image-oem-20.04           5.14.0.1049.45  linux-image-oem-20.04b          5.14.0.1049.45  linux-image-oem-20.04c          5.14.0.1049.45  linux-image-oem-20.04d          5.14.0.1049.45After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-5577-1  CVE-2021-33061, CVE-2021-33655Package Information:  https://launchpad.net/ubuntu/+source/linux-oem-5.14/5.14.0-1049.56

Ubuntu Security Notice USN-5577-1

Categories: News
Tags: Deepfake

Tags:  fake

Tags:  binance

Tags:  cryptocurrency

Tags:  Linkedin

Tags:  scam

Tags:  Zoom

Tags:  meeting

Tags:  call

Tags:  fake

We take a look at reports of a Deepfake hologram getting up to no good in bogus cryptocurrency Zoom calls.



(Read more...)




The post Binance chief says a “sophisticated hacking team” turned him into a deepfake hologram appeared first on Malwarebytes Labs.

Deepfakes are back, and causing major problems for people involved in financial circles. Scammers have been targeting people in the cryptocurrency community for some time now. There’s huge money to be made via the act of ripping folks off. Some of it is phishing, other attacks focus on breaking into currency exchanges. A few of these have dabbled in (very poorly done) Elon Musk deepfakes. The clips are bad, the voice an overt mashup of clipped and broken dialogue. All in all: not very convincing.

Well, scammers are back for another go.

**Behold the Deepfake hologram**

In this case, it's a deepfake hologram impersonating Patrick Hillmann, Chief Communications Officer (CCO) at Binance. Hillman states that a “sophisticated hacking team” raided the old footage archives. News interviews, TV appearances, anything that they could get their hands on. The aim of the game? To use this footage and create a convincing deepfake.

The Hillmann deepfake was then used in a variety of scenarios to trick people, he said. The scam involved “potential opportunities to list their assets on Binance.com”. At least one incident involves someone ending up in a Zoom call with a “hologram”. We assume this is some sort of old hologram style marketing material repurposed for the bogus Zoom call. Or perhaps the person calling it a hologram is simply unfamiliar with this technology and just calling it a hologram because of that.

**Fooling the community**

While no footage of these fakes currently exists, Hillmann claims that these calls fooled “several highly intelligent crypto community members”. These individuals no doubt have some sort of familiarity with the people being used in the scam, so they must have been somewhat decently put together. Still: one person’s incredibly convincing deepfake is another person’s Playstation 2 full motion video emulator. Without seeing one of these in action, we may never know for sure.

There is also no word as to which projects were targeted by the scammers, or investment numbers/finance requests. Did anybody make off with some cash? We don’t know.

**Avoiding cryptocurrency Deepfake scammers**

Here are some tips from Binance in relation to avoiding scams like this one:

*   Be vigilant and always take proactive steps to ensure you don’t fall prey to scams and impersonations.
    
*   Use the Binance Verify tool to check whether the account officially represents Binance. Binance Verify isn't foolproof though, and a scammer could spoof their “from” email address or hide behind the real name of a Binance employee. In both cases, Binance Verify would produce mixed results. 
    
*   Report any suspicious activities or accounts to Binance Support.
    

On a related note, you can always ask someone you suspect of being a deepfake to turn their head to one side. Your reward will be a horrifying rendering of broken facial structure from the upside-down, or the pangs of social embarrassment felt from accusing someone of being entirely digital. Given the fakery running wild out there at the moment, one would hope the person you’re talking to would understand the need for caution. The choice, as they say, is yours.

Binance chief says a “sophisticated hacking team” turned him into a deepfake hologram

Almost half of teams develop and deploy software using a DevSecOps approach, but security remains the top area of investment, a survey finds.

Software developers and operations teams continue to adopt DevOps and other agile methodologies as well as automation and low-code services, but they still struggle with security, the fallout of the COVID-19 pandemic, and a shortage of skilled security workers, according to a newly published annual survey from GitLab.

DevSecOps results in better code quality, higher developer productivity, and improved operational efficiency, according to the survey of more than 5,000 software developers, operations specialists, and application security professionals. Security still is a problem, however. While more than half (57%) of those surveyed considered security to be a performance metric, nearly the same number said it was "difficult to get devs to actually prioritize fixing code vulnerabilities."

The survey conducted by the toolchain provider underscores that all participants in the development and deployment process still need to improve the communications and relationships between groups, says Johnathan Hunt, vice president of information security and cybersecurity at GitLab.

"Getting developers and security professionals to work better together requires a culture-first approach to software development through the creation of a DevOps culture," Hunt says. "A DevOps platform lends itself well to this approach by granting organizations seamless collaboration across DevSecOps teams, shared ownership of security and compliance, and strategic uses of technologies such as automation and AI/ML."

**Mix and Match**

The survey found that no single dominant approach to software development exists, and most teams use a mix of approaches. While a majority of development teams (47%) used DevOps and DevSecOps, other agile approaches accounted for significant shares as well: 34% of teams used Scrum, 24% used Kanban, and 29% used Lean methodologies. Teams even expanded their use of Waterfall development, with more than a quarter (26%) adopting that approach.

"DevOps teams are not limiting themselves to any one way of working," Hunt says. "They are flexible and willing to adjust their approaches to meet various business and project needs."

The increase in agile approaches to software development and deployment has resulted in faster deployment of software. Seven in 10 survey respondents said their teams deploy at least once every few days or more frequently, a jump of 11 points from 2021. Integrating automated testing, deployment, and security controls into the development pipeline is a key factor in speeding application deployment, with nearly half (47%) of teams asserting that their testing is fully automated today, up from 25% in 2021.

The adoption of low-code and no-code APIs for development has also made teams more efficient. Two-thirds (66%) of survey takers are using at least one low-code or no-code tool in their DevOps practice, a significant increase from the 25% of those surveyed in 2021.

Yet the expanding number of options for development, deployment, and securing of software has resulted in more confusion, leading DevOps teams to look to simplify their pipeline and toolsets, GitLab's study found. While 44% of DevOps teams use two to five tools to manage the software development process, 41% use between six and 10 tools.

"That's a lot of tools, and 69% of survey takers told us they'd like to consolidate their toolchains," GitLab stated in the survey report.

**AI and Machine Learning 'On the Rise'**

Artificial intelligence and machine-learning technologies have seen mixed adoption among developers and application-security specialists. While AI/ML is at the bottom of the list of priorities for developers' future careers, a majority of security pros (54%) said AI/ML will help them most in their future careers. AI/ML particularly suits the security domain. For example, AI/ML systems can be trained to detect and respond to threats, generate alerts, and trigger rule sets.

"But AI/ML is far from falling off of developers' radars. In fact, its use is on the rise," Hunt says, adding: "This is especially helpful when it comes to detecting and defending against attacks and malicious actors, since security professionals cannot watch every packet and connection that transverses a network."

Security continues to take a larger role in the software development pipeline, with 57% of companies shifting security responsibility "left" and making developers more responsible for the vulnerabilities in their code. Yet there is still a ways to go, with a significant number of developers blaming security for delays and the division of responsibility for software security very much in flux.

"While dev and ops are taking on a larger share of security ownership, it's not so straightforward on the sec team," GitLab stated in the report. "In 2020 and 2021, the percentage of security pros who said they were fully responsible for security was roughly the same as those who said everyone was responsible."

DevSecOps Gains Traction — but Security Still Lags

Lawmakers and cybersecurity insiders are reacting to a bombshell report from former Twitter security head Mudge Zatko, alleging reckless security lapses that could be exploited by foreign adversaries.

Twitter's former head of security has blown the whistle on what he characterizes as sprawling cybersecurity weaknesses, including vulnerabilities that could lay the social media platform open to cyberattacks that could have major national-security implications.

That's the allegation from Peiter "Mudge" Zatko, who sent a 200+-page disclosure to Congress detailing issues that he claims could allow foreign manipulation of users, account hacking and espionage, and disinformation campaigns ahead of the 2022 US midterm elections.

The disclosure, obtained exclusively by CNN and The Washington Post, most explosively alleges that the tech giant has one or more employees that are actually plants working for foreign intelligence, and that top execs have actively engaged in a cover-up of Twitter's serious security holes.

Zatko, who has a decades-long history and reputation in the ethical hacking space, laid out an internal scene where mismanagement and a lack of cohesive security oversight allows over-permissioned access to the company's most sensitive information and control platforms, while bots (disinformation-focused and otherwise) run amok and corporate leadership looks the other way. To boot, Zatko said that Twitter CEO Parag Agrawal told him to make his reports on Twitter's security problems rosier than they deserved to be, and that he was directed to omit damning data in order for the company to appear to be making progress on the security and privacy fronts.

When it comes to privacy, Zatko also alleged that Twitter does not steward user information well, often losing track of it or not deleting data when it's required to do so (such as when a user cancels an account).

The allegations certainly fall in the "bombshell" category, but some in the security community are unsurprised by the claims, especially given the infamous compromise of verified accounts in 2020 by an attacker who was able to access Twitter's internal control platforms.

"From research that I coordinated after the 2020 incident, it was obvious that Twitter did not have appropriate privileged user management controls nor separation of duty policies for developers and administrators of their systems," says Aaron Turner, chief technology officer of SaaS Protect at Vectra. "If Mudge's disclosure is correct, that Twitter has a significant system hygiene problem combined with the user management controls and policies, then Twitter's entire platform is at risk of compromise."

For its part, Twitter denies the allegations and claims Zatko should be discredited given that he was fired in January for "poor performance."

"Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance," a Twitter spokesperson told CNN. "Mr. Zatko's allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”

Agrawal weighed in on Tuesday, saying in a corporate memo posted on Twitter that the company is reviewing the claims. "What we've seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context," he wrote.

**Lawmakers, Cybersecurity Community React**

Where the truth lies could come to light sooner rather than later, given that Zatko's report has gotten the attention of lawmakers on both sides of the aisle. Senate Judiciary Chair Sen. Dick Durbin (D-Ill.) said that he will "take further steps as needed to get to the bottom of these alarming allegations. …The claims I've received from a Twitter whistleblower raise serious national security concerns."

Sen. Chuck Grassley (R-Iowa), ranking member of the Judiciary Committee, told CNN that the allegations should raise very loud alarm bells.

"Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure, and infuse it with foreign state actors with an agenda, and you've got a recipe for disaster," he said. "The claims I've received from a Twitter whistleblower raise serious national security concerns as well as privacy issues, and they must be investigated further.”

Casey Ellis, founder and CTO at Bugcrowd, said the scrutiny will hopefully prompt a larger discussion around how much oversight, scrutiny, and regulation that social media platforms should have.

"I can't speak to the specifics of the disclosures themselves, but I’m definitely pleased to see this prompting a discussion around the critical infrastructure characteristics of social media platforms and the implications this has on security and privacy — especially as the US approaches midterms and sets itself up for the 2024 election. It seems clear that this categorization as critical infrastructure is something Twitter and other social platforms wish to avoid, but it is a conversation we need to have."

Meanwhile, members of the cybersecurity community have rallied around Zatko, pointing to his character and track record for integrity.

"Mudge has a long and rock-solid reputation of putting integrity first. He's also one of those infosec elders who rarely sticks their neck out to make a fuss, but when they do it's almost certainly worth paying attention to," Ellis tells Dark Reading. "This dates back to the L0pht testimony in 1998, which was a warning to Congress about computer insecurity well before its time. Judging by the way the infosec community has closed ranks around Mudge this morning, others clearly feel the same way. Infosec doesn't suffer fools and has a keen eye for sensationalism, and I think the reaction today speaks very strongly to both his character and the claims themselves."

Turner echoes those sentiments.

"I've known Mudge since his days at Cult of the Dead Cow," says Turner. "When I was at Microsoft, he and the @stake team helped us fundamentally improve our security strategy and tactics. As I've worked across government projects over the last 20 years, I would say that his work at DARPA made a significant difference in the way that the US government approached cybersecurity. He has always had the highest level of integrity and also adheres to the highest technical standards of development and operation of systems. If Mudge says that Twitter has cybersecurity problems, Twitter has some big problems."

Twitter did not immediately respond to a request for comment from Dark Reading on the allegations.

Mudge Blows Whistle on Alleged Twitter Security Nightmare

Integrated solution offers enterprises modern regulatory compliance safeguards while simplifying corporate legal protection practices.

**Sunnyvale, Calif., Aug. 23, 2022** — Proofpoint Inc., a leading cybersecurity and compliance company, today announced the launch of its Intelligent Compliance Platform, offering enterprises modern regulatory compliance safeguards while simplifying corporate legal protection practices. The platform leverages Proofpoint's proprietary machine learning engine to provide business leaders with AI-powered collection, classification, detection, prevention, search, eDiscovery, supervision, and next generation predictive analytics while meeting complex compliance and information governance obligations.

Proofpoint's AI and machine learning technology transforms the modern-day compliance world, improving efficacy and efficiency through automation. The platform enables intuitive compliance, insider risk, and data management controls to classify and predict risks across a wide array of digital communications channels, files, email, and endpoint activities. This enables Compliance, IT, Information Management, and Legal teams to gain visibility and access information with superior fidelity and context to growing volumes of enterprise data, while detecting and preventing corporate and regulatory risks in real time.

"We understand today's organizations are overwhelmed with growing volumes of data that are incredibly difficult to manage. For Compliance and Legal staff, that means having to manually search and review petabytes of messages or files from regulatory compliance, supervisory, or investigation review queues," said Kevin Leusing, senior vice president and general manager, Compliance at Proofpoint. "The new Intelligent Compliance Platform vastly improves the detection of non-compliant communications and content while quickly pinpointing supervised insider risks."

The new Intelligent Compliance Platform is powered by several Proofpoint leading solutions:

*   **Proofpoint Capture****:** Modernizes data collection from the most critical and popular communications collaboration platforms.
*   **Proofpoint Patrol****:** Ensures full compliance and reputation protection from employee social media accounts by monitoring, remediating, and reporting on social media policy violations at scale with intelligent classifiers, automated workflows, and intuitive reporting.
*   **Proofpoint Track****:** Provides complete visibility into your capture stream, so you can ensure that collected communications are received by downstream services such as repositories and supervision tools.
*   **Proofpoint Archive****:** Simplifies storage, search, legal discovery, supervisory, and end-user data access through a cloud-first archive that provides a secure and scalable central repository.
*   **Proofpoint Discover****:** Makes e-discovery and case management easy with a built-in, high-performance search, advanced dashboards and visualizations, no-cost export, and legal hold.
*   **Proofpoint Supervision**: Satisfies corporate and regulatory compliance requirements by supervising regulated employees and leveraging hundreds of advanced detection scenarios to detect timely communications risks.
*   **Proofpoint Automate****:** Applies market-leading machine learning to your security and compliance stack to help significantly reduce false positives in your data collection, monitoring, search, discovery, and supervisory activities.

Existing customers can leverage the Proofpoint Intelligent Compliance Platform in two ways. For efficiency, compliance and legal teams can reduce supervised communications content review time by up to 84%. For effectiveness, sentiment analysis of communications data and a variety of machine learning models enable early detection of organizational behavioral misconduct to protect customers from insider risks and regulatory fines.

**Customer benefits include:**

*   **Unified Data Collection and Preservation:** Customers can easily manage content from communication platforms including Microsoft Teams, Zoom, Meta, LinkedIn, Slack, Instagram, and Twitter. API-based content collection is automatically centralized with an extensible platform that consumes all data types, including audio, video, and text. Content tracking provides a full audit trail where data in transport is reconciled and scanned for anomalies from source to destination.
*   **Automated Risk Detection in Real-Time Digital Communication:** Customers can automate detection of communication trends to pinpoint the source of supervised insider risk. Customers can proactively monitor sensitive data and be alerted as compliance violations occur.
*   **Supervisory Flag Deduplication**: Compliance, IT, and Legal teams can significantly reduce the amount of time spent on data review by bypassing pre-flagged content (such as replies and forwards).
*   **AI-Powered Data Discovery with Case Management:** Customers can track communications data history interactively with advanced visualizations, intelligent conversation threading, and review content in native chat view.

For more information about Proofpoint's Intelligent Compliance Platform, please visit:

https://www.proofpoint.com/us/solutions/enable-intelligent-compliance

https://www.proofpoint.com/us/resources/solution-briefs/intelligent-compliance

**About Proofpoint, Inc.**

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations' greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyberattacks. Leading organizations of all sizes, including 75% of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube

_Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners._

Tag

#intel