Bob Carver, CISM, CISSP, MS ✭’s Post

Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison The cybercrime boss, who helped lead the prolific Zeus malware gang and was on the FBI’s “most wanted” list for years, has been sentenced to 18 years and ordered to pay more than $73 million. For more than a decade, Vyacheslav Igorevich Penchukov—a Ukrainian who used the online hacker name “Tank”—managed to evade cops. When FBI and Ukrainian officials raided his Donetsk apartment in 2010, the place was deserted and Penchukov had vanished. But the criminal spree came to a juddering halt at the end of 2022, when he traveled to Switzerland, was arrested, then was extradited to the United States. Today, at a US federal court in Lincoln, Nebraska, a judge sentenced Penchukov to two concurrent nine-year sentences, after he pleaded guilty to two charges of conspiracy to participate in racketeering and a conspiracy to commit wire fraud. United States District Judge John M. Gerrard also ordered Penchukov to pay more than $73 million, according to court records. The court also ordered three years of supervised release for each count and said they should run concurrently. https://lnkd.in/g_drbXip #CyberSecurity #cybercrime #Zeus #botnet #Tank #jail

AI Goes Rogue: 87% Chance Your Software is Hackable (Patch Now!)   Have you ever felt safe online, only to have a shiver run down your spine when a major security breach hits the news? Well, buckle up, because things just got a whole lot more concerning. Researchers recently discovered that a powerful AI tool, ChatGPT, can exploit software vulnerabilities a whopping 87% of the time – and that's just after they've been announced! This means hackers have a terrifying new weapon in their arsenal, and the window to patch those vulnerabilities before attackers exploit them is shrinking fast. Zero-day attacks, where hackers exploit vulnerabilities before a fix is even available, are on the rise. So, what can you do to protect yourself from this evolving threat? The answer might surprise you – it's all about keeping your software up to date. This video will dive deep into the dangers of these AI-powered exploits and show you exactly why hitting "install update" now could be the difference between a secure system and a catastrophic compromise. Tick, Tick, Tick ,Boom #CyberSecurity #vulnerabilities #foundfaster #ChatGPT #0days #1days #tickingtimebomb

Will AI take the wind out of cybersecurity job growth? Artificial intelligence won't make cybersecurity jobs redundant, but any security engineers not using AI in their daily work might soon be out of a job. Endless waves of hacks, ransomware, malicious code, and insider abuse continue to invade our systems, applications, and services, and there is one thin red line of defense keeping them at bay: cybersecurity professionals. These days, it seems intuitive that artificial intelligence could pick up a lot of the heavy lifting of cybersecurity, detecting suspicious patterns and automatically quarantining or quashing the bad stuff. If AI can play a major role in cybersecurity, what does this mean for cybersecurity professionals or those entering the field? https://lnkd.in/gXH9kBZS #CyberSecurity #AI #candidatesneedboth

New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere Ubiquitous RADIUS scheme uses homegrown authentication based on MD5. Yup, you heard right. One of the most widely used network protocols is vulnerable to a newly discovered attack that can allow adversaries to gain control over a range of environments, including industrial controllers, telecommunications services, ISPs, and all manner of enterprise networks. Short for Remote Authentication Dial-In User Service, RADIUS harkens back to the days of dial-in Internet and network access through public switched telephone networks. It has remained the de facto standard for lightweight authentication ever since and is supported in virtually all switches, routers, access points, and VPN concentrators shipped in the past two decades. Despite its early origins, RADIUS remains an essential staple for managing client-server interactions for: VPN access DSL and Fiber to the Home connections offered by ISPs, Wi-Fi and 802.1X authentication 2G and 3G cellular roaming 5G Data Network Name authentication Mobile data offloading Authentication over private APNs for connecting mobile devices to enterprise networks Authentication to critical infrastructure management devices Eduroam and OpenRoaming Wi-Fi https://lnkd.in/gKrQKF2e #CyberSecurity #RADIUS #vulnerable #MD5

The Wiretap: This Company Raised $21 Million To Build An AI Assistant For Data Breach Investigations Much has been made of AI’s ability to create a disaster. What about AI that helps companies and individuals recover from a disaster - namely, a data breach - and find out who or what caused it in the first place? That’s the idea behind Command Zero, a cybersecurity startup that came out of stealth on Tuesday along with an announcement that it scored $21 million in a seed funding round led by Andreessen Horowitz. It’s using large language models to help investigators ask questions about a company’s network after a cyberattack and get easy-to-understand answers. The idea isn’t to replace incident response teams but to dramatically cut down on the time it takes to do mundane, manual tasks. https://lnkd.in/gY4PvAKf #CyberSecurity #AI #DataBreach #investigations #CommandZero

Microsoft demands China staff use iPhones not Android phones Microsoft mandates iPhone use for employees in China starting September due to cybersecurity concerns. iPhone 15 models will be provided to staff using Android devices, including those from Huawei and Xiaomi. The decision follows a hacking attack and aims to standardize cybersecurity measures under the Secure Future Initiative. https://lnkd.in/gp6sFe_k #CyberSecurity #Microsoft #Apple #iPhones

Real criminals, fake victims: how chatbots are being deployed in the global fight against phone scammers New scambaiting AI technology Apate aims to keep scammers on the line while collecting data that could help disrupt their business model A scammer calls, and asks for a passcode. Malcolm, an elderly man with an English accent, is confused. “What’s this business you’re talking about?” Malcolm asks. Another day, another scam phone call. This time, Ibrahim, a cooperative and polite man with an Egyptian accent, picks up. “Frankly, I am not too sure I can recall buying anything recently,” he tells the hopeful con artist. “Maybe one of the kids did,” Ibrahim goes on, “but that’s not your fault, is it?” The scammers are real, but Malcolm and Ibrahim are not. They’re just two of the conversational artificial intelligence bots created by Prof Dali Kaafar and his team. Through his research at Macquarie University, Kaafar founded Apate – named for the Greek goddess of deception. https://lnkd.in/gZmFwjeF #CyberSecurity #phonescammers #Chatbots #defense

Twilio says hackers identified cell phone numbers of two-factor app Authy users Last week, a hacker claimed to have stolen 33 million phone numbers from U.S. messaging giant Twilio. On Tuesday, Twilio confirmed to TechCrunch that “threat actors” were able to identify the phone number of people who use Authy, a popular two-factor authentication app owned by Twilio. In a post on a well-known hacking forum, the hacker or hackers known as ShinyHunters wrote that they hacked Twilio and obtained the cell phone numbers of 33 million users. Twilio spokesperson Kari Ramirez told TechCrunch that the company “has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. We have taken action to secure this endpoint and no longer allow unauthenticated requests.” “We have seen no evidence that the threat actors obtained access to Twilio’s systems or other sensitive data. As a precaution, we are requesting all Authy users to update to the latest Android and iOS apps for the latest security updates and encourage all Authy users to stay diligent and have heightened awareness around phishing and smishing attacks,” Ramirez wrote in an email. https://lnkd.in/gm7zd-rR #CyberSecurity #Twilio #Authy #breach #2FA

Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies The supply chain attack targeting widely-used Polyfill[.]io JavaScript library is wider in scope than previously thought, with new findings from Censys showing that over 380,000 hosts are embedding a polyfill script linking to the malicious domain as of July 2, 2024. This includes references to "https://cdn.polyfill[.]io" or "https://cdn.polyfill[.]com" in their HTTP responses, the attack surface management firm said. "Approximately 237,700, are located within the Hetzner network (AS24940), primarily in Germany," it noted. "This is not surprising – Hetzner is a popular web hosting service, and many website developers leverage it." Further analysis of the affected hosts has revealed domains tied to prominent companies like WarnerBros, Hulu, Mercedes-Benz, and Pearson that reference the malicious endpoint in question. Even if you think your network is not exposed to Polyfill[.]io, you should block this domain in your network. Much like MoveIT. Some thought they weren't exposed and discovered they were through their supply chain and only discovered they were after they were compromised. I even have this blocked in my home network. https://lnkd.in/g2a4k3qF #CyberSecurity #Polyfill #SupplyChain #cyberattack #blocknow

Hollywood stars’ estates agree to the use of their voices with AI Actress Judy Garland never recorded her voice to read an audiobook of The Wonderful Wizard of Oz, but you’ll soon be able to hear her rendition of the children’s novel that inspired the movie nonetheless. Earlier this week, AI company ElevenLabs said it is bringing digitally produced celebrity voice-overs of deceased actors, including Garland, James Dean and Burt Reynolds, to its newly launched Reader app. The company said the app takes articles, PDF, ePub, newsletters, e-books or any other text on your phone and turns it into voice-overs. “ We deeply respect their legacy and are honored to have their voices as part of our platform,” said Dustin Blank, head of partnerships at ElevenLabs. “Adding them to our growing list of narrators marks a major step forward in our mission of making content accessible in any language and voice.” https://lnkd.in/g7rDpQZy #AI #voiceovers #deceased #actors