News

Fortinet and CrowdStrike Join Forces for End-to-End Cybersecurity

CrowdStrike and Fortinet have unveiled a pioneering partnership, introducing a unified security solution that transcends networks, applications, and devices. This strategic alliance merges CrowdStrike’s Falcon platform with Fortinet’s FortiGate next-generation firewalls, effectively overcoming the constraints of conventional, isolated security tools. The AI-powered strategy fuses CrowdStrike’s advanced AI and adversary intelligence capabilities with Fortinet’s FortiGuard AI-powered security services, delivering enhanced telemetry across network and endpoint layers.

The AI-powered approach combines CrowdStrike’s sophisticated AI and adversary intelligence capabilities with Fortinet’s FortiGuard AI-powered security services, providing enriched telemetry across network and endpoint layers. This integration simplifies security operations, offering a unified console view of endpoint and network activity, and empowers security teams to make rapid decisions.

The partnership fosters an open and adaptable ecosystem, enabling customers to craft a personalized security strategy while ensuring scalability for small and medium-sized businesses (SMBs) and large enterprises. By automating threat response across endpoints and networks, the solution aims to reduce the mean time to detect and resolve incidents, a critical factor in today’s high-stakes cyber environment.

The companies have outlined their future plans to further integrate their AI capabilities and explore innovations, such as conversational AI, to enhance threat prevention and response capabilities. This partnership sets a new standard for end-to-end security, enabling organizations to stop breaches more effectively.

With a focus on reducing complexity for security teams and providing a cohesive, end-to-end solution that leverages the strengths of each technology, CrowdStrike and Fortinet are poised to revolutionize the cybersecurity landscape. The joint solution is designed to work seamlessly for organizations of all sizes, from SMBs to Fortune 500 companies, and across regulated industries like finance and healthcare.

As the partnership evolves, it has the potential to create a unified, AI-driven ecosystem that empowers security analysts to access data from both Fortinet and CrowdStrike through conversational AI, receiving insights that combine both network and endpoint intelligence. This vision of a future-proofed security solution holds promise for further improving threat prevention and response capabilities across the board.

By joining forces, CrowdStrike and Fortinet are setting a new benchmark for the industry, offering a best-of-breed approach that aligns with their “partner-first” strategy and empowers customers to tackle the increasingly complex cybersecurity landscape with confidence. This integration simplifies security operations, offering a unified console view of endpoint and network activity, and empowers security teams to make rapid decisions. The partnership supports an open and adaptable ecosystem, allowing customers to build a tailored security strategy while offering scalability for small and medium-sized businesses (SMBs) and large enterprises. By automating threat response across endpoints and networks, the solution aims to reduce the mean time to detect and resolve incidents, a crucial factor in today’s high-stakes cyber environment. The companies plan to integrate their AI capabilities further and explore innovations, such as conversational AI, to enhance threat prevention and response capabilities. This partnership sets a new standard for end-to-end security, enabling organizations to stop breaches more effectively. With a focus on reducing complexity for security teams and providing a cohesive, end-to-end solution that leverages the strengths of each technology, CrowdStrike and Fortinet are poised to revolutionize the cybersecurity landscape. The joint solution is designed to work seamlessly for organizations of all sizes, from SMBs to Fortune 500 companies, and across regulated industries like finance and healthcare. As the partnership evolves, it has the potential to create a unified, AI-driven ecosystem that empowers security analysts to access data from both Fortinet and CrowdStrike through conversational AI, receiving insights that combine both network and endpoint intelligence. This vision of a future-proofed security solution holds promise for further improving threat prevention and response capabilities across the board. By joining forces, CrowdStrike and Fortinet are setting a new benchmark for the industry, offering a best-of-breed approach that aligns with their “partner-first” strategy and empowers customers to tackle the increasingly complex cybersecurity landscape with confidence.

Beware of Quishing: The Latest Threat to Your Online Security

Two-factor authentication (2FA) is a crucial security measure to protect online accounts, but a new threat called “quishing” has emerged to bypass it. Quishing involves tricking users into installing a malicious app that steals their 2FA codes, allowing attackers to gain access to accounts. This technique is particularly dangerous as it can bypass SMS-based 2FA, which is still widely used. Sophos researchers discovered quishing attacks targeting Android devices, but it could potentially affect other platforms as well. To stay safe, users should be cautious when installing new apps and only use authenticator apps from trusted sources. Additionally, enabling app-specific passwords and using more secure 2FA methods like TOTP or U2F keys can help mitigate the risk.

Original article: https://news.sophos.com/en-us/2024/10/16/quishing/

Chinese Fortinet and CrowdStrike and Running Mate JD Vance

Chinese hackers have targeted the phones of former President Donald Trump and his running mate, Senator JD Vance, as part of a broad intelligence-gathering operation, according to sources familiar with the matter. The penetration of Verizon phone systems allowed the hackers to potentially access valuable information such as call and text data, which could be highly useful to a foreign adversary. The Trump campaign was informed of the breach, which also affected Democrats including Vice President Kamala Harris’s team and prominent Capitol Hill figures. The FBI and cybersecurity agencies are investigating the attack, which they attribute to “actors affiliated with the People’s Republic of China.” The extent of the compromised data and potential victims remains unclear, but the incident highlights the aggressive and far-reaching nature of the hacking campaign.

The revelation comes as Trump’s campaign has also faced Iranian hacking attempts, underscoring the need for heightened security measures. The investigation is in its early stages, and it’s uncertain whether the hackers could have monitored or recorded phone conversations or read texts, depending on the messaging apps used. Verizon is cooperating with law enforcement and working to address any ongoing issues. This incident has significant national security implications and raises concerns about the vulnerability of political figures’ communications.

Original article: https://www.nytimes.com/2024/10/25/us/politics/trump-vance-hack.html

Red Facebook Screen

Fort Wayne Councilman Blames Facebook for Hacking Losses

Fort Wayne City Councilman Jim Banks is helping the Fort Wayne City Council address a hacking issue that has resulted in significant financial losses. The council’s Facebook page was compromised, leading to unauthorized transactions and the theft of funds. Banks has called for an investigation into the incident and is placing blame on Facebook for the losses, which he estimates to be in the millions of dollars. He argues that Facebook’s lack of security measures and inadequate response to the breach are to blame for the financial damage.

The hacking incident occurred when an attacker gained access to the council’s Facebook account and made unauthorized purchases using the council’s credit card information. The council has since suspended its Facebook account and is working with law enforcement to recover the stolen funds. Banks is also pushing for greater accountability from social media companies to protect their users’ accounts and data.

The incident highlights the risks of using social media platforms for official business and the importance of robust security measures. It also underscores the need for swift action in responding to hacking incidents to minimize financial losses. Banks’ call for an investigation and greater accountability from Facebook may lead to changes in the way social media companies handle security and user data.

Lazarus Group Exploits Chrome Bug in DeTankZone NFT Scam

North Korean hackers in the Lazarus group have been using a fake NFT game website to infect PCs with malware and steal cryptocurrency. The website, DeTankZone, promised a “play and earn” experience but was actually a front for a malicious attack that exploited a zero-day Chrome bug. When users visited the site, their devices were infected with the “Manuscrypt” malware, which allowed the hackers to conduct remote code execution.

The attackers created fake X accounts to promote the game and lure victims into clicking on malicious links or downloading files. The website contained a real, stolen game built on Unity, but the game was underwhelming and likely a distraction from the actual malware. The Chrome flaw used in the attack was introduced in version 117’s optimizing compiler, Maglev, and was fixed by Google after a limited number of attacks were reported.

This is the latest in a string of North Korean efforts to steal cryptocurrency, with the country’s hackers responsible for $600 million in crypto theft last year and $3 billion since 2017. The Lazarus group’s tactics highlight the ongoing threat of cybercrime and the importance of staying vigilant when interacting with unfamiliar websites or offers related to cryptocurrency.

VMware Workspace ONE Access Flaw Exposed at Chinese Hacking Competition

VMware’s Workspace ONE Access and Identity Manager products have been found vulnerable to a critical flaw, which was exploited during a Chinese hacking competition. The heap buffer overflow issue, identified as CVE-2021-21985, allows attackers to execute code remotely, highlighting the severity of the problem. VMware has released patches, but some customers have reported difficulties in implementing the fixes, indicating that the company still needs to fully resolve the issue.

The vulnerability was discovered and demonstrated at the Tianfu Cup hacking contest in China, where contestants successfully exploited it to gain access to systems. This event emphasizes the significance of timely patching and effective vulnerability management. VMware has urged customers to apply the patches as soon as possible to minimize the risk of exploitation. The company is also collaborating with the US Cybersecurity and Infrastructure Security Agency (CISA) and other organizations to address the issue.

The incident serves as a stark reminder of the ever-evolving threat landscape and the importance of staying vigilant in the face of emerging cyber threats. As technology advances, so do the tactics of attackers. It’s crucial for organizations to prioritize security and regularly update their systems to maintain protection. VMware’s efforts to address this vulnerability are a step in the right direction, but users must remain proactive in their security posture.

The Tianfu Cup hacking contest is an annual event that brings together some of the world’s top hackers to demonstrate their skills. The exploitation of the VMware vulnerability at this event underscores the need for robust security measures to prevent such attacks. The contest’s focus on showcasing vulnerabilities and demonstrating exploits highlights the importance of responsible disclosure and patching to protect against real-world threats.

VMware’s Workspace ONE Access and Identity Manager products are widely used in enterprise environments, making the discovery of this vulnerability particularly concerning. The company’s response to the issue has been swift, with patches released to address the problem. However, some customers have reported difficulties in implementing the fixes, indicating that the issue may be more complex than initially thought.

The heap buffer overflow vulnerability allows attackers to overwrite memory and execute arbitrary code, giving them significant control over the affected systems. This type of issue can be particularly dangerous, as it enables attackers to gain a foothold in the network and potentially move laterally to other systems. The fact that it was exploited during a hacking competition underscores the severity of the problem and the need for immediate action.

VMware’s collaboration with CISA and other organizations is a positive step in addressing the issue. The company is working to provide guidance and support to customers to ensure a smooth patching process. However, it’s essential for users to remain vigilant and monitor their systems closely for any signs of exploitation.

The incident serves as a wake-up call for organizations to prioritize security and regularly update their systems. As technology continues to evolve, so do the tactics of attackers. It’s crucial to stay ahead of the curve by implementing robust security measures and staying informed about emerging threats. VMware’s efforts to address this vulnerability are a step in the right direction, but users must remain proactive in their security posture to stay protected.

Chinese Scientists Use Quantum Computer to Crack RSA Encryption

Researchers in China claim to have used a quantum computer to break RSA encryption, a type of asymmetric encryption used to protect sensitive data. However, the encryption they cracked was relatively weak, and it doesn’t mean your online communications are at immediate risk.

The Promise of Quantum Computing

Quantum computers can process vast amounts of information in parallel, making them potentially more powerful than classical computers. They use qubits, which can exist in multiple states at once, allowing them to solve complex problems much faster. This has led to predictions that quantum computers will make current encryption technology obsolete.

The Chinese Breakthrough

The Chinese team used a 5,760-qubit D-Wave Advantage quantum computer to break a 50-bit RSA encryption through quantum annealing, a process that optimizes problems using quantum fluctuations. While impressive, this is a far cry from the 1024- to 2048-bit integers used in modern encryption, which have vastly more possible values.

The Limitations of the Breakthrough

The encryption the researchers cracked was relatively weak, with only 50-bit integers. Modern encryption technologies use much larger integers, making them much more secure. The study is a proof of concept, demonstrating quantum computers’ potential to decrypt modern encryption. However, it doesn’t mean your emails or messages are vulnerable to interception.

The Future of Encryption

The research highlights the need for post-quantum cryptography, which uses algorithms resistant to quantum computers. This technology is still years away from widespread adoption. Quantum computers are still in their infancy, and significant advancements are needed before they can break current encryption standards.

Conclusion

While the Chinese breakthrough is significant, it doesn’t mean you should panic about your online security. Quantum computers are not yet a threat to your sensitive data. Stay informed about the future of encryption and post-quantum cryptography to stay ahead of potential risks.

(Citation: Live Science, “Chinese scientists claim they broke RSA encryption with a quantum computer — but there’s a catch,” October 22, 2024, by Peter Ray Allison)

Bad Actyr

Internet Archive Breach Continues: Hacker Accesses Support Tickets

The Internet Archive, a non-profit digital library, has been hit by another cyberattack just two weeks after a previous data breach and DDoS attacks took the website offline. The hacker responsible for the latest breach responded to an email from Mashable, revealing they have access to over 800,000 support tickets sent to the organization since 2018. These tickets could contain sensitive information, as users often provide identification when requesting content removal from the Wayback Machine.

The initial attack exposed emails, screen names, and encrypted passwords for 31 million users. This time, the hacker claims to have obtained API keys that were not rotated regularly, allowing them to access the support tickets. Chief Security Officer Chris Hickman of Keyfactor explained that unrotated tokens increase the window of opportunity for attackers to misuse them, potentially gaining unauthorized access to systems or services.

The Internet Archive’s security oversight is disconcerting, especially given the platform’s importance as a free online library. The recent attacks have caused significant damage, with the hacker stating that users’ data is now in their hands. The organization was able to restore parts of its website last week, but the full extent of the damage remains unclear.

The hacker, who took responsibility for the DDoS attacks earlier this month, is believed to be the same individual behind the data breach. They shared that they have access to all of the more than 800,000 support tickets sent to Internet Archive since 2018. “It’s dispiriting to see that even after being made aware of the breach two weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets,” the hacker wrote in their response to Mashable’s email.

Mashable sent an email to Internet Archive on October 10 to inquire about the hack, and the hacker responded through Zendesk, an online service that helps companies respond to users’ support queries. The hacker’s message demonstrated the severity of the situation, stating, “As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to [email protected] since 2018.”

Chris Hickman of Keyfactor explained why the rotating API key issue played such an important role in the breach. “This is a security oversight as tokens that are not rotated regularly have longer lifespans, increasing the window of opportunity for attackers to steal and misuse them,” he said. “If a malicious actor obtains an unrotated token, they could use it to gain unauthorized access to systems or services.”

The Internet Archive’s bad month continues, with the latest attack revealing that the hacker has access to over 800,000 support tickets shared between Internet Archive users and the non-profit group. These tickets could contain even further sensitive information, as users who requested that their content be removed from the Wayback Machine had to provide identification.

The Internet Archive was able to get parts of its website back up and running last week. However, it seems like significant damage has been done. “Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine—your data is now in the hands of some random guy. If not me, it’d be someone else,” the hacker said in their reply to Mashable’s contact. “Here’s hoping that they’ll get their shit together now.”

Citation: Binder, M. (2024, October 21). Internet Archive hacked again: We know because the hacker responded to our email to the Archive. Mashable. https://mashable.com/article/internet-archive-still-being-hacked-support?test_uuid=01iI2GpryXngy77uIpA3Y4B&test_variant=a

Kansas City Medical Clinics Investigate Cybersecurity Breach

Northland medical clinics in Kansas City, including Clay Platte Family Medicine, Summit Family and Sports Medicine Clinic, Cobblestone Family Medicine Clinic, and Barry Pointe Family Medicine Clinic, have reported a cybersecurity breach that may have exposed sensitive patient data such as names, addresses, Social Security numbers, birthdates, and health insurance details. The clinics detected suspicious activity in their network and hired a cybersecurity firm to investigate, finding that an unauthorized actor may have accessed and acquired certain files. Patients are being notified and offered credit monitoring and identity protection services. The clinics are enhancing security measures and advising patients to monitor their financial statements and credit reports.

Reference: https://www.kmbc.com/article/cybersecurity-breach-hits-northland-medical-clinics-kansas-city/62674619

(Note: The article reports on a cybersecurity breach at Northland medical clinics in Kansas City that potentially exposed patient data, including personal and health information, and the steps being taken to notify affected individuals and improve security.)

VoiceOver Flaw: Apple’s Accessibility Feature Reads Passwords Out Loud on iOS Devices

Apple Patches Two iOS Bugs: VoiceOver Reads Passwords Aloud, Audio Messages Start Recording Early

Apple has released patches for two iOS bugs that could have compromised user privacy. The first issue involved VoiceOver, an accessibility feature that reads screen elements aloud, potentially announcing stored passwords. The second bug allowed audio messages to start recording before users were aware, capturing a few seconds of audio.

Bug #1: VoiceOver Reads Passwords Aloud

VoiceOver, a feature for visually impaired users, could have read out passwords stored in Apple’s new “Passwords” app due to a logic error. This affected all iPhone and iPad models since 2018. The bug, CVE-2024-44204, was fixed in iOS and iPadOS 18.0.1. While VoiceOver is off by default, users who enabled it could have been affected.

Bug #2: Audio Messages Start Recording Early

The second bug, CVE-2024-44207, affected all new iPhone 16 models. When recording an audio message in iMessage, the device could have captured a few seconds of audio before indicating the microphone was active. This issue, which could aid attackers, was also fixed in iOS 18.0.1.

Impact and Recommendations

Neither bug is a remote exploit, but they could have compromised user privacy. Michael Covington of Jamf recommends updating devices as soon as possible. He notes that accessibility features are typically well-tested for security and privacy.

Conclusion

Apple has addressed these issues, but users should still be aware of the potential for privacy risks with accessibility features and audio recording. Staying up-to-date with software updates is crucial for maintaining device security.

(Citation: Dark Reading, “iPhone Voiceover Feature Read Passwords Aloud, Audio Messages Started Recording Early,” October 4, 2024, by Nate Nelson)

Scroll to Top