Author: blogmirnet

Businesses in the Information Technology sector act as critical service providers and part of a supply chain, store sensitive information, provide access to other accounts, and frequently engage with customers. These businesses deliver essential and frequently used services, such as email and other communications, cloud storage, online shopping, and more, increasing the likelihood that users will quickly respond to messages or inquiries from familiar and trustworthy brands. As of the second quarter of 2024, this sector ranks at the top of the list in brand impersonation and is an attractive and valuable target. Threat actors continue impersonating major technology companies, such as Google, Zoom, Facebook, Microsoft, and Apple, and their legitimate products and services. They use social engineering to lure their targets through communications or malicious ads, introduce scare tactics, and attempt to steal personal data, financial information, account credentials, and funds.

In the past month, PINEAPPLE and FLUXROOT hacker groups leveraged Google Cloud serverless projects to deliver and communicate with their malware, host and direct targets to phishing websites, and run malware and execute malicious scripts. In a separate campaign, threat actors abused Google Ads to post malicious ads that appeared official and verified by Google. If the user clicked on the malicious ad, they were redirected to a fake Google Authenticator site that inadvertently led to a signed payload hosted on GitHub. If installed, personal data would be at risk of being stolen via the attacker-controlled phishing website. 

Additionally, threat actors targeted cryptocurrency investors and NFT holders, invited them to a Zoom meeting, and provided a malicious link that, if clicked, downloaded malware, added itself to the Windows Defender exclusion list, and stole funds. In a separate campaign, threat actors used Facebook to create fake pages, groups, ads, and content of popular generative artificial intelligence (AI) brands with malicious links that, if clicked, downloaded malware to steal passwords, cryptocurrency wallets, and information stored in the browser. Furthermore, threat actors spoofed the caller ID to display Microsoft’s name or number. They impersonated Microsoft employees or representatives to make fraudulent calls to trick potential victims into divulging personal or financial information.

Image Source: Malwarebytes

Threat actors are impersonating Google’s entire product line via malicious Google Search ads to direct potential victims to spoofed websites and Microsoft and Apple tech support scams. These malicious ads point to Google Search, Translate, Flights, Analytics, Calendar, Earth, Maps, Meet, and more. Upon closer inspection, the URLs of these ads are hosted on Looker Studio and contain an image of the Google Search home page that displays in full-screen mode. When the image is clicked, an embedded link launches a new tab to redirect the victim to a fake Microsoft or Apple alert page attempting to hijack the browser, play a recording, claim that the computer has been blocked, and advise the victim to contact support via the provided phone number. The threat actors behind the fake support number purport to be Microsoft or Apple representatives and persuade victims to purchase gift cards or log into their bank accounts to pay for the phony repair.

The NJCCIC’s email security solution detected multiple credential phishing campaigns targeting New Jersey State employees using legitimate products and services of major technology companies. In one campaign, threat actors utilize several products of the Google suite, including Gmail, Calendar, Forms, and Meet, to send phishing emails as calendar invitations to verify Bitcoin funds will be transferred. A Gmail user sends the calendar invitation to the target and other purported guests utilizing Gmail accounts, and it claims funds are currently being withdrawn to create a sense of urgency. One link in the calendar invitation directs the target to a Google Meet session, which initially displays that no camera was found and prompts the user for permission to access their microphone. Then, instead of waiting to be let into the session, the target can sign in with their Google account credentials. To supposedly validate the particulars, another link in the calendar invitation directs the target to a Google Forms page and, if submitted, displays a Bitcoin-themed landing page, utilizing the hxxps://globalminingbit[.]top domain, to receive Bitcoin bonus funds. After several redirects, clicking multiple buttons, and communicating with a chat representative, the target is prompted for their name, email address, financial information, and account information to receive the funds.

Threat actors are also sending fraudulent Zoom invitations in credential phishing campaigns. If the Zoom link is clicked, targets are directed to a fraudulent Microsoft SharePoint page with the organization’s branding, pointing to a newly registered hxxps://thepivoproject[.]com domain appended with the target’s email address and followed by a client identifier with random characters. If credentials are submitted on this phishing page, they are sent to the threat actors in the background.

Recommendations

• Refrain from answering unexpected calls from unknown contacts. When receiving unsolicited phone calls, do not respond to any requests for sensitive information or access.
• Avoid responding to messages, clicking links, or opening attachments from unknown or unverified senders, and exercise caution with emails from known senders.
• Confirm the legitimacy of requests by contacting the sender via a separate means of communication, such as by phone, using contact information obtained from official sources before responding, divulging sensitive information, or providing funds.
• Navigate directly to legitimate websites and verify before submitting account credentials or providing personal or financial information.
• Use strong, unique passwords and enable multi-factor authentication (MFA) where available, choosing authentication apps or hardware tokens over SMS text-based codes.
• Reduce your digital footprint so that threat actors cannot easily target you.
• Report malicious cyber activity to the FBI’s IC3 and the NJCCIC.

Build the skills you need to create new opportunities and accelerate your understanding of Microsoft Cloud technologies at a free Microsoft 365 Virtual Training Day from Microsoft Learn. Join us at Microsoft 365 Fundamentals to learn how to simplify the adoption of cloud services while supporting strong security, compliance, privacy, and trust. Also, discover how applications such as Microsoft Teams and Microsoft Viva help improve productivity, facilitate collaboration, and optimize communications. After completing this training, you’ll be eligible to take the Microsoft 365 Fundamentals certification exam at 50% off the exam price. You will have the opportunity to: Find out how the productivity, collaboration, and endpoint management capabilities of Microsoft 365 empower people to stay connected and get more done across hybrid environments. Discover how Microsoft 365 security, compliance, and identity solutions help secure an entire digital estate, simplify compliance, and reduce risk. Explore the pricing models, licensing, and billing options available to meet the needs of your organization. Join us at an upcoming two-part Microsoft 365 Fundamentals event: Delivery Language: English Closed Captioning Language(s): English
September 05, 2024 | 12:00 PM – 3:30 PM | (GMT-05:00) Eastern Time (US & Canada) September 06, 2024 | 12:00 PM – 4:00 PM | (GMT-05:00) Eastern Time (US & Canada)    September 16, 2024 | 12:00 PM – 3:30 PM | (GMT-05:00) Eastern Time (US & Canada) September 17, 2024 | 12:00 PM – 4:00 PM | (GMT-05:00) Eastern Time (US & Canada)
September 26, 2024 | 12:00 PM – 3:30 PM | (GMT-05:00) Eastern Time (US & Canada) September 27, 2024 | 12:00 PM – 4:00 PM | (GMT-05:00) Eastern Time (US & Canada)

Visit the Microsoft Virtual Training Days website to learn more about other event opportunities.

In July 2023, NIST’s Crypto Publication Review Board initiated a review process for NIST Special Publication (SP) 800-135 Revision 1, Recommendation for Existing Application-Specific Key Derivation Functions  (2011) and received public comments.

In May 2024 NIST proposed revising SP 800-135 Rev. 1. No public comments were received in response to that proposal.

NIST has decided to revise SP 800-135 Rev. 1. See the full announcement for more details, links to comments received, and ways to monitor future developments.

Read More

Featured Explore Microsoft Copilot for Microsoft 365 extensibility samples > Use this collection of samples to build Copilot extensions. Build Teams message extensions and Microsoft Graph connectors to extend Copilot for Microsoft 365.

What’s New Explore tools and resources that will help you do more with AI > Use Copilot to be a more productive developer, add AI into your apps, and build customized copilot experiences for your organization.   OpenAI’s fastest model, GPT-4o mini is now available on Azure AI > GPT-4o mini allows you to deliver stunning applications faster and at a lower cost. Try it at no cost in the Azure OpenAI Studio Playground.   Dev Proxy v0.19 with simulating LLM APIs and new Azure API Center integrations > Learn about new capabilities in the latest Dev Proxy release and discover how Dev Proxy can help you achieve more with APIs. #Azure #LLMs #AI

Events See Local Events > What to expect at Microsoft Ignite this year / November 18 -22 > Experience keynotes, attend sessions, meet with partners and customers, and so much more. Join us in Chicago or online!   GitHub Universe / October 29-30 / San Francisco > Join thousands of developers, cloud architects, cybersecurity professionals, and more to fine tune your skills and learn the latest in AI, DevEx, and security.   Microsoft Fabric Conference / Sept. 24–27 / Sweden > Join us for the latest Microsoft Fabric news, workshops, and networking opportunities.   Securing AI Apps on Azure / On demand > Learn how to secure your AI apps on Azure using Microsoft Entra in this multi-part series.   .NET Conf: Focus on AI > Did you miss the special .NET Conf event? Watch the on demand videos now and see how you can integrate AI into your .NET applications.   Events See Local Events > What to expect at Microsoft Ignite this year / November 18 -22 >Experience keynotes, attend sessions, meet with partners and customers, and so much more. Join us in Chicago or online!   GitHub Universe / October 29-30 / San Francisco > Join thousands of developers, cloud architects, cybersecurity professionals, and more to fine tune your skills and learn the latest in AI, DevEx, and security.   Microsoft Fabric Conference / Sept. 24–27 / Sweden > Join us for the latest Microsoft Fabric news, workshops, and networking opportunities.   Securing AI Apps on Azure / On demand > Learn how to secure your AI apps on Azure using Microsoft Entra in this multi-part series.   .NET Conf: Focus on AI > Did you miss the special .NET Conf event? Watch the on demand videos now and see how you can integrate AI into your .NET applications.

Learning Get skilled up and ready with the AI learning hub on Microsoft Learn > The AI learning hub provides trusted resources for developers to gain the skills needed to power AI transformation with the Microsoft Cloud.   Microsoft Fabric Analytics Engineer Learn Plan > This plan will prepare you for Exam DP-600 and your future as a Microsoft Certified Fabric Analytics Engineer.   Start your Copilot journey on the Copilot learning hub > The Copilot learning hub on Microsoft Learn is the place where technology professionals find resources to help them develop skills to put Microsoft Copilot to work.

NIST will convene a hybrid symposium on September 24-25, 2024, in Washington, D.C., to discuss recent efforts by the NIST AI Innovation Lab (NAIIL) to help unleash artificial intelligence (AI) innovations in ways which enable trust. 

Participants will learn about recent and ongoing efforts, and contribute to NIST’s vision for the work ahead, including opportunities to expand its collaborations with the AI community. Responsible for a variety of NIST’s AI efforts and headquartered within the agency’s Information Technology Laboratory, NAIIL advances AI measurement methods and guidelines, including their incorporation into international standards. 

The 1.5 day event will take place at The George Washington University in Washington, D.C. Limited in-person and unlimited remote participation is available. The symposium will feature discussions about the most recent developments and next steps in key issues relating to AI innovation and trust. Sessions will build on NIST’s past, ongoing, and planned efforts.

For more information and to register: https://www.nist.gov/news-events/events/2024/09/unleashing-ai-innovation-enabling-trustRegister Now

In this post, we talk with Dr. Xiaowei Huang, Dr. Yi Dong, Dr. Mat Weldon, and Dr. Michael Fenton, who were winners in the UK-US Privacy-Enhancing Technologies (PETs) Prize Challenges. We discuss implementation challenges of privacy-preserving federated learning (PPFL) – specifically, the areas of threat modeling and real world deployments.

In research on PPFL, the protections of a PPFL system are usually encoded in a threat model that defines what kinds of attackers the system can defend against. Some systems assume that attackers will eavesdrop on the system’s operation but won’t be able to affect its operation (a so-called honest but curious attacker), while others assume that attackers may modify or break the system’s operation (an active or fully malicious attacker). Weaker attackers are generally…

Read the Blog

Build the skills you need to create new opportunities and accelerate your understanding of Microsoft Cloud technologies at a free Microsoft Security Virtual Training Day from Microsoft Learn. Join us at Defend Against Threats with Extended Detection and Response to learn how to better protect apps and data in Microsoft 365 Defender, Microsoft Defender for Endpoint, and Microsoft Sentinel. You’ll get an in-depth view into attack disruption, incidents and alerts, and best practices for investigation and incident management. You will have the opportunity to: Learn how to investigate, respond to, and hunt for threats using Microsoft Defender and Microsoft Sentinel. Understand how integrating Microsoft 365 Defender and Microsoft Sentinel enhances security and response time. Discover how to help mitigate threats across your entire infrastructure with Microsoft Security tools and solutions. Join us at an upcoming Defend Against Threats with Extended Detection and Response event: September 17, 2024 | 12:00 PM – 3:15 PM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

When we need to show proof of identity, we might reach for our driver’s license — or perhaps, sooner than many of us imagine, we may opt for a digital credential stored on a smartphone. To ensure we can use both novel and time-tested methods to prove our identities securely when accessing essential services, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has updated its draft digital identity guidance. 

The draft Digital Identity Guidelines (NIST Special Publication [SP] 800-63 Revision 4 and its companion publications SPs 800-63A, 800-63B and 800-63C) have been updated to reflect the robust feedback that NIST received in 2023 as part of a four-month-long comment period and yearlong period of external engagement.

Read More

September 26^th (Conference & Workshop)
@ Microsoft Technology Center – 11 Times Square, NYC

---

The 2024 NY Metro Joint Cyber Security Conference will be held on September 26th, celebrating our 11th year featuring keynotes, panels and sessions aimed at educating everyone on the various aspects of information security and technology. Workshops featuring in-depth extended classroom-style educational courses to expand your knowledge and foster security discussions will take place virtually post-conference. As co-chair of this event I invite you to join us. I will be speaking at the event Conference link is InfoSecurity.NYC (nymjcsc.org) Workshop links should go to https://infosecurity.nyc/workshop.htm InfoSecurity.NYC: Who We Are The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters. Driven by the collaboration between members of this coalition, the strength of organizational membership, the provision of desirable CPE credits and the concurrence of National Cyber Security Awareness Month, the NYMJCSC was — once again — well-attended by members of the information technology, information security, audit, academic, and business communities.

You can register here

For the Conference https://infosecurity-nyc-2024.eventbrite.com

For the Workshops: 2024 NY Metro Joint Cyber Security Workshops Tickets, Fri, Sep 27, 2024 at 8:30 AM | Eventbrite

• Verify discovered an Android package, “Showcase.apk,” with excessive system privileges, including remote code execution and remote package installation capabilities, on a very large percentage of Pixel devices shipped worldwide since September 2017
  
• The application downloads a configuration file over an unsecure connection and can be manipulated to execute code at the system level
  
• The application retrieves the configuration file from a single US-based, AWS-hosted domain over unsecured HTTP, which leaves the configuration vulnerable and can makes the device vulnerable
  
• The app vulnerability leaves millions of Android Pixel devices susceptible to man-in-the-middle (MITM) attacks, giving cybercriminals the ability to inject malicious code and dangerous spyware
  
• Cybercriminals can use vulnerabilities in the app’s infrastructure to execute code or shell commands with system privileges on Android devices to take over devices to perpetrate cybercrime and breaches
  
• Removal of the app is not possible through a user’s standard uninstallation process, and at this time, Google has not offered a patch for the vulnerability
  
• It appears that Showcase.apk is preinstalled in Pixel firmware and included in Google’s OTA image for Pixel devices
  
• The app is not enabled by default, but there might be multiple methods to enable it. The iVerify research team investigated one method requiring physical access

Read the Full Details Here