The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and denial-of-service (DoS).

“The results and impact of exploiting these vulnerabilities vary depending on the ControlLogix system configuration, but they could lead to denial or loss of control, denial or loss of view, theft of operational data, or manipulation of control for disruptive or destructive consequences on the industrial process for which the ControlLogix system is responsible,” Draogos said.

The list of flaws is as follows –

• CVE-2023-3595 (CVSS score: 9.8) – An out-of-bounds write flaw impacting 1756 EN2* and 1756 EN3* products that could result in arbitrary code execution with persistence on the target system through maliciously crafted common industrial protocol (CIP) messages.
• CVE-2023-3596 (CVSS score: 7.5) – An out-of-bounds write flaw impacting 1756 EN4* products that could lead to a DoS condition through maliciously crafted CIP messages.

“Successful exploitation of these vulnerabilities could allow malicious actors to gain remote access to the running memory of the module and perform malicious activity,” CISA said.

Even worse, the flaws could be abused to potentially overwrite any part of the system to fly under the radar and stay persistent, not to mention render the module untrustworthy.

images from Hacker News

An unnamed Federal Civilian Executive Branch (FCEB) agency in the U.S. detected anomalous email activity in mid-June 2023, leading to Microsoft’s discovery of a new China-linked espionage campaign targeting two dozen organizations.

The details come from a joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) on July 12, 2023.

“In June 2023, a Federal Civilian Executive Branch (FCEB) agency identified suspicious activity in their Microsoft 365 (M365) cloud environment,” the authorities said. “Microsoft determined that advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange Online Outlook data.”

While the name of the government agency was not revealed, CNN and the Washington Post reported it was the U.S. State Department, citing people familiar with the matter. Also targeted were the Commerce Department as well as the email accounts belonging to a congressional staffer, a U.S. human rights advocate, and U.S. think tanks. The number of affected organizations in the U.S. is estimated to be in the single digits.

images from Hacker News

SonicWall on Wednesday urged customers of Global Management System (GMS) firewall management and Analytics network reporting engine software to apply the latest fixes to secure against a set of 15 security flaws that could be exploited by a threat actor to circumvent authentication and access sensitive information.

Of the 15 shortcomings (tracked from CVE-2023-34123 through CVE-2023-34137), four are rated Critical, four are rated High, and seven are rated Medium in severity. The vulnerabilities were disclosed by NCC Group.

The flaws impact on-premise versions of GMS 9.3.2-SP1 and before and Analytics 2.5.0.4-R7 and before. Fixes are available in versions GMS 9.3.3 and Analytics 2.5.2.

“The suite of vulnerabilities allows an attacker to view data that they are not normally able to retrieve,” SonicWall said. “This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application’s content or behavior.”

images from Hacker News

Ransomware has emerged as the only cryptocurrency-based crime to grow in 2023, with cybercriminals extorting nearly $175.8 million more than they did a year ago, according to findings from Chainalysis.

“Ransomware attackers are on pace for their second-biggest year ever, having extorted at least $449.1 million through June,” the blockchain analytics firm said in a midyear crypto crime report shared with The Hacker News. “If this pace continues, ransomware attackers will extort $898.6 million from victims in 2023, trailing only 2021’s $939.9 million.”

In contrast, crypto scams have pulled in 77% less revenue than they did through June of 2022, largely driven by the abrupt exit of VidiLook, which paid users VDL tokens in return for watching digital ads that could then be exchanged for large rewards. So have the inflows to illicit addresses associated with malware, darknet markets, child abuse material, and fraud shops.

images from Hacker News

Artificial intelligence (AI) holds immense potential for optimizing internal processes within businesses. However, it also comes with legitimate concerns regarding unauthorized use, including data loss risks and legal consequences. In this article, we will explore the risks associated with AI implementation and discuss measures to minimize damages. Additionally, we will examine regulatory initiatives by countries and ethical frameworks adopted by companies to regulate AI.

Security risks #

AI phishing attacks#

Cybercriminals can leverage AI in various ways to enhance their phishing attacks and increase their chances of success. Here are some ways AI can be exploited for phishing:

• – Automated Phishing Campaigns: AI-powered tools can automate the creation and dissemination of phishing emails on a large scale. These tools can generate convincing email content, craft personalized messages, and mimic the writing style of a specific individual, making phishing attempts appear more legitimate.

• – Spear Phishing with Social Engineering: AI can analyze vast amounts of publicly available data from social media, professional networks, or other sources to gather information about potential targets. This information can then be used to personalize phishing emails, making them highly tailored and difficult to distinguish from genuine communications.

• Natural Language Processing (NLP) Attacks: AI-powered NLP algorithms can analyze and understand text, allowing cybercriminals to craft phishing emails that are contextually relevant and harder to detect by traditional email filters. These sophisticated attacks may bypass security measures designed to identify phishing attempts.

To mitigate the risks associated with AI-enhanced phishing attacks, organizations should adopt robust security measures. This includes employee training to recognize phishing attempts, implementation of multi-factor authentication, and leveraging AI-based solutions for detecting and defending against evolving phishing techniques. Employing DNS filtering as a first layer of protection can further enhance security.

images from Hacker News