New York state regulators punish insurers after cybercriminals illegally access customer info they then used to file scam unemployment claims during the COVID-19 pandemic.

Source: Phanie - Sipa Press via Alamy Stock Photo

Two auto insurance companies will pay a hefty penalty for what the State of New York says was inadequate security that allowed hackers to compromise personal data of more than 12,000 state residents.

New York Attorney General Letitia James and New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris said the $11.3 million fines against Government Employees Insurance Co. (GEICO) and the Travelers Indemnity Co. follows what the state deemed "poor data security" practices that allowed cybercriminals to steal driver license numbers. Worse, at the height of the COVID-19 crisis, they used that info to file fraudulent unemployment claims. Specifically, the insurers were found to have violated a state regulation to "implement policies, procedures, and controls designed to protect consumer data as well as the financial institutions themselves," their statement said.

GEICO has been ordered to pay $9.75 million, and Travelers will pay $1.55 million.

“GEICO and Travelers offer drivers protection during times of emergencies, but these companies failed to protect consumers' personal information,” James said. “Data breaches can lead to serious fraud, and that is why it is important for all companies to take cybersecurity and data protection seriously.”

GEICO experienced a November 2020 compromise of its auto insurance quoting tool, allowing threat actors to steal driver license numbers from the company's public-facing website, New York regulators said.

"Despite being notified by DFS of an industry-wide cyberattack campaign to obtain driver's license numbers, and suffering, disclosing, and remediating separate cybersecurity incidents, GEICO failed to conduct a comprehensive review of its systems to prevent and detect future cyberattacks," the statement continued.

Following that breach, hackers pivoted to exploit a vulnerability in GEICO's quoting tool for insurance agents on a separate platform.

Both cyberattacks against GEICO exposed the personal information of about 116,000 New York residents, most of those leaked in the second compromise, the statement added.

Travelers too was breached through a similar cyberattack against its auto insurance quoting tool, this time a calculator used by independent agents. Despite receiving multiple alerts that threat actors were conducting these types of campaigns, in April 2021, hackers were able to use compromised credentials to generate reports with license numbers in plain text, exposing the data of 4,000 New Yorkers, the statement said.

Besides the penalties, these insurers have agreed to improve their cybersecurity practices including improving protections for private information, conducting a comprehensive data inventory, requiring authentication to access private data, implementing logging and monitoring, and enhancing threat response planning and procedures.

GEICO also agreed to conduct remedial measures, including comprehensive risk assessment and penetration testing, plus developing an action plan to address any resulting issues. Travelers agreed to review its systems, assess its own access controls, and improve protections against unauthorized access to nonpublic personal information, according to the regulators' statement.

Geico, Travelers Fined $11.3M for Lax Data Security

Microsoft connected experiences have been the subject of heated online discussions. So what are they, and do they train AI with my data?

Recently we’ve seen some heated discussion about Microsoft’s connected experiences feature. As in many discussions lately there seems to be no room for middle ground, but we’re going to try and provide it anyway.

First of all, it’s important to understand what the “connected experiences” are.

Microsoft describes it like this:

> “Connected experiences that analyze your content are experiences that use your Office content to provide you with design recommendations, editing suggestions, data insights, and similar features.”

If that sounds like auto-correct on steroids, you’re close. You like it or you don’t.

But I found that there are two types of connected experiences.

Let’s start with a locally saved document created in Microsoft 365 (Word). To find the connected experiences settings, you’ll need to

*   Click on **File** > **Options**

Options

*   Select **Trust Center** and click on **Trust Center Settings**

Trust Center Settings

*   Select **Privacy Options** and click on **Privacy Settings**

Privacy Options > Privacy Settings

Then you’ll see three entries for Connected experiences:

*   Experiences that analyze your content
*   Experiences that download online content
*   All connected experiences

My tinfoil hat warns me that the second one is bound to show up in some vulnerability, but nowhere does it say that anything you produce will be shared with anyone, let alone train an AI model. If anything is worrying in there, it’s the fact that it uses content in your documents to find online information that might be of interest to you.

Connected experiences

Feel free to turn these options off.

For **online** documents created with Microsoft 365 apps it’s a different topic, and depends on what the administrator of the organization that provided it has decided to make available to you.

The overview of optional connected services provided by Microsoft says:

> “If you have a work or school account, your organization’s admin may have provided you with the ability to use one or more cloud-backed services (also referred to as “optional connected experiences”) while using the Office apps, like Word or Excel, that are included with Microsoft 365 Apps for enterprise.”

It then goes on to list all the possible optional connected experiences. The settings for these are of the type  “all or nothing.”

You can find these settings if you have a document open in your browser by following the path **File > About > Privacy Settings > Optional connected experiences**.

Optional connected experiences

The official Microsoft 365 account on X tweeted to say it didn’t use customer data to train large language models (LLMs)—a type of artificial intelligence (AI) program—in M365 apps:

> “In the M365 apps, we do not use customer data to train LLMs. This setting only enables features requiring internet access like co-authoring a document.”

So, turning that option off might result in some lost functionality if you’re working on the same document with other people in your organization.

If you want to turn these settings off for reasons of privacy and you don’t use them much anyway, by all means, do so. The settings can all be found under **Privacy Settings** for a reason. But nowhere could I find any indication that these connected experiences were used to train AI models.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Explained: the Microsoft connected experiences controversy 

The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end against telcos, ISPs, and governments before being detected.

Source: 3D generator via Alamy Stock Photo

The Chinese threat actor known as Salt Typhoon has been spying on some high-value government and telecommunications organizations for several years now, recently debuting fresh backdoor malware, dubbed GhostSpider.

Salt Typhoon (aka Earth Estries, FamousSparrow, GhostEmperor, and UNC2286) is among the People's Republic's most cutting advanced persistent threats (APT). In a campaign stretching back to 2023, it has compromised more than 20 organizations. Those organizations tend to be of the highest order, from all corners of the globe, and their breaches have in some cases remained undetected for years. Most recently, it's been known for targeting US telcos, including T-Mobile USA, and ISPs in North America.

**Salt Typhoon's Arsenal of Malware**

With access to a targeted network, the APT that Trend Micro calls Earth Estries can deploy any one of its varied and powerful payloads, which it is consistently building out, according to a new analysis from the firm.

There's Masol RAT — a cross-platform tool it's used against Linux servers from Southeast Asian governments — and the modular SnappyBee (aka Deed RAT). The newly discovered GhostSpider, meanwhile, is a highly modular backdoor, adjustable for any particular attack scenario, according to Jon Clay, Trend Micro's vice president of threat intelligence.

Related:Sneaky Skimmer Malware Targets Magento Sites Ahead of Black Friday

"So, I can enact a specific module to do one specific thing, and it only does that one thing, and then if I need something else, I enact another module. And this does make it much more difficult for defenders and researchers to identify what's what," Clay says, because one instance of GhostSpider might look entirely different from another.

Besides its backdoors, the group also possesses a rootkit called Demodex, and Trend Micro has speculated that it might even have used Inc ransomware in some of its operations.

The diversity of Salt Typhoon's malware may be connected to the very nature of how it operates. According to the researchers, it is a structured organization of distinct, specialized teams. Its various backdoors, for example, are managed by different "infrastructure teams." The tactics, techniques, and procedures (TTPs) utilized in different attacks might vary significantly, with unique teams focusing in different geographic regions and industries — another reason why pinning down the Chinese APT has been so difficult over the years. "They are very sophisticated \[at\] gaining access, maintaining access, maintaining persistence, and wiping their tracks when they have done something to make it look like they were never there," Clay says.

Related:News Desk 2024: Can GenAI Write Secure Code?

**How Estries Gains Entry**

Earth Estries had been conducting long-term espionage attacks against governments and other targets since 2020. Around the middle of 2022, though, a switch flipped.

"In the past, they were doing a lot of phishing of employees," Clay recalls. "Now they're targeting Internet-facing devices using n-day vulnerabilities, finding any open ports \[or\] protocols, or applications that are running that they can exploit in order to gain access."

"N-day" refers to recently disclosed bugs that organizations might not have had a chance to patch yet. The group's favorite vulnerabilities have been dangerous (but now well-documented), including: 

*   The SQL injection bug CVE-2024-48788, which affects the Fortinet Enterprise Management Server (EMS)
    
*   CVE-2022-3236, a code injection issue in Sophos Firewalls
    

*   The four Microsoft Exchange vulnerabilities involved in ProxyLogon
    

"And we see this across the board," Clay notes. "Certainly, emails are still a big way to gain access to organizations, but it used to be 80%-plus \[of cases\]. I think now you're looking at a much smaller percentage of these attacks beginning with a phishing campaign."

Related:Israel Defies VC Downturn With More Cybersecurity Investments

**Chinese Island Hopping to Gov't Cyberattack Victims**

Often, Salt Typhoon doesn't exploit vulnerabilities directly in its target's network. Instead, it opts for a more tactful approach.

Since 2023, its victims have spanned no fewer than four continents — from countries as diverse as Afghanistan, India, Eswatini, and the US — with the greatest concentration being in Southeast Asia. These organizations have come from the telecommunications, technology, consulting, chemical, transportation, and nonprofit sectors, with a special emphasis on government agencies.

Not all of these organizations are necessarily the hackers' final destination, though. A nongovernmental organization (NGO), for example, may house interesting data worth stealing, or it might just provide a covert springboard for attacking a more important government agency. In 2023, for instance, researchers observed Salt Typhoon compromising consulting firms and NGOs that work with the US government and military, with the goal of more quickly and effectively breaching the latter.

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Salt Typhoon Builds Out Malware Arsenal With GhostSpider

### Impact
Existing lakeFS users who have issued credentials to users who have been deleted.
Creating a new user with the same username, that user will inherit all of the previous user's credentials lakeFS needs to delete user credentials upon user deletion.

### Patches
_Has the problem been patched? What versions should users upgrade to?_

### Workarounds
A possible workaround will be not to reuse usernames that were previously deleted

### References
_Are there any links users can visit to find out more?_


**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-hh33-46q4-hwm2: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion

Protecting sensitive data is critical for businesses facing constant cyber threats. Automating encryption, audits, and access control strengthens security and reduces human error.

Protecting sensitive data nowadays should be a top priority for businesses of all sizes. Data breaches and cyber threats are no longer occasional occurrences but constant risks that require ongoing attention. The global cost of cyberattacks is expected to hit $9.5 trillion in 2024, largely fueled by ransomware, phishing, and data breaches. To combat these threats, companies need robust, continuous security measures that adapt as threats evolve. 

Traditional security measures, while effective to an extent, often involve manual processes that can be inconsistent, leaving gaps in protection. Automation is changing the landscape as it allows businesses to protect data more effectively through real-time encryption and automated security audits.

Automating data security processes means sensitive information is consistently protected, and security status is constantly monitored without relying solely on human effort. Automation, combined with other technologies like machine learning, offers businesses the ability to stay one step ahead.

Let’s discuss more on this below:

****Using Robotic Process Automation** **

Robotic process automation (RPA) has become a valuable tool in automating repetitive tasks across various business functions, and data security is no exception. RPA can handle tasks such as data encryption, access control management, and audit preparation, which are critical in maintaining a secure data environment. Thanks to RPA, businesses can create automated workflows that perform these tasks quickly and consistently, eliminating human error and freeing up security teams to focus on more complex challenges.

One major advantage of RPA in security is its ability to run 24/7 without interruption. Tasks that are time-consuming or repetitive for human employees can be efficiently managed by RPA, creating a more consistent layer of protection. 

Additionally, it can help businesses stay compliant with data regulations by automatically recording security actions and updates. Instead of relying on team members to complete these steps manually, RPA executes them precisely and on schedule.

****Automating Data Encryption** **

Data encryption is one of the most important elements in a data security strategy, protecting sensitive information by converting it into an unreadable format. With encryption, data remains secure even if accessed by unauthorized users. 

However, manually encrypting data across all systems and applications is not only time-consuming but also prone to inconsistencies. Automating the encryption process enables businesses to apply real-time protection to data without the need for constant manual intervention.

Automated encryption solutions can detect sensitive data as it’s created or transferred and immediately encrypt it, adding a critical layer of security. This real-time approach is particularly valuable for businesses that handle large volumes of data daily. With automated encryption, businesses reduce the risk of accidental exposure, keeping data consistently protected, whether it’s at rest or in transit. Automation also allows companies to apply encryption uniformly across their systems so there are no weak points that hackers can exploit.

****Implementing Automated Security Audits** **

Security audits play an essential role in identifying vulnerabilities, maintaining compliance, and ensuring data integrity. However, conducting regular audits can be a challenge for companies, as it requires significant time and resources. 

Automated audit tools streamline this process, allowing for continuous auditing that keeps an eye on security status in real time. Instead of waiting for scheduled audit periods, automated audits can provide up-to-date reports on security gaps and compliance status.

Real-time auditing brings numerous benefits, especially for companies in highly regulated industries. Automated audits allow businesses to spot potential issues early, minimizing the risk of non-compliance and giving them a proactive approach to risk management. With continuous monitoring, teams can quickly act when issues arise, addressing vulnerabilities before they become major threats. Automated security audits give businesses the confidence that their security measures are consistently monitored and aligned with industry standards, all while reducing the workload on internal teams.

****Utilizing Machine Learning for Anomaly Detection** **

Machine learning (ML) adds another layer of sophistication to automated security audits by identifying patterns and unusual activities that might indicate a security threat. Unlike traditional methods, ML algorithms can learn from data over time, recognizing what constitutes typical behaviour and quickly spotting anomalies that could signal unauthorized access or suspicious actions. This type of real-time detection helps teams stay aware of issues that may otherwise go unnoticed in large datasets.

Incorporating ML into security audits enables businesses to gain a proactive approach to data protection. As soon as an anomaly is detected, ML-powered tools can alert the security team to investigate before any real damage is done. This level of insight is especially valuable in industries handling sensitive data, where even minor incidents could have serious consequences. Automated anomaly detection keeps teams informed, enabling swift action and strengthening the overall security framework.

****Improving Data Access Control** **

Statistics show that over 70% of organizations with access control experience fewer than five major incidents annually. Access control is a fundamental element of data security as it determines who can view or modify sensitive information within an organization. Automated access control systems make this process more secure by continuously monitoring and adjusting permissions based on predefined rules. For instance, when an employee changes roles or leaves the company, automated systems can immediately update or revoke access rights, reducing the risk of unauthorized access.

Automating access control brings consistency and reduces human error, which can often lead to accidental exposure of sensitive information. By leveraging automated systems, companies create a more adaptable and secure environment where access is restricted to those who genuinely need it. This method also simplifies compliance with regulatory standards that require strict access controls. In this way, businesses can manage data access dynamically and respond quickly to personnel or organizational changes.

****Automated Reporting** **

Automated reporting is a powerful tool for maintaining a clear view of an organization’s security health. With real-time data feeding directly into dashboards and reports, security teams gain immediate insights into the status of various security measures, compliance levels, and potential risks. Instead of spending hours manually compiling data for reports, automated systems handle this work, generating up-to-date summaries that decision-makers can access at any time.

Automated reports not only save time but also improve the quality of information used in decision-making. These reports are frequently customizable, allowing teams to focus on specific metrics or risks that are most relevant to their organization. This flexibility makes it easier to make informed decisions, as leaders have a continuous, accurate view of security issues and trends. 

Automating data encryption and security audits has transformed the way businesses approach data protection. With tools like robotic process automation, machine learning, and automated reporting, companies can create a dynamic, secure environment that operates around the clock. These methods bring real-time data security and compliance monitoring within reach, helping organizations respond to risks proactively rather than reactively. 

1.  Top 9 Compliance Automation Software in 2024
2.  Safe Data Sharing Practices: How to Avoid Data Leaks
3.  How To Prevent Growing Issue of Encryption Based Malware
4.  How FHE Technology Is Making End-to-End Encryption a Reality
5.  Cybersecurity, Big Data & Automation Tools: What You Need To Know

Automating Data Encryption and Security Audits for Continuous Protection

Cryptocurrencies are a relatively new asset class, and over the years, they have continued to be the subject…

Cryptocurrencies are a relatively new asset class, and over the years, they have continued to be the subject of scrutiny and criticism. Despite the success they’ve recorded over the years, many **still believe** that digital assets and tokens are entirely unreliable and that everyone who invests in them is willingly subjecting themselves to a scam of serious proportion.

While there’s no denying the fact that cryptocurrencies are associated with elevated volatility and fluctuations, the latest **Bitcoin price chart** figures indicate that the number of investors willing to add capital to a crypto venture and include digital assets among their list of holdings continues to rise. 

There are many reasons for this development, with the general economy continuing to be somewhat weak and uncertain being one of the primary ones. When standard marketplaces are not doing very well, people tend to gravitate towards asset classes that they may not even have considered in the past as a result of them being too risky or volatile.

But is this not an indicator of the fact that desperate people resort to desperate measures instead of a testament to the reliability and **usability of cryptocurrencies**? Are crypto coins still a valid form of investment, and is Bitcoin still a potential wealth creator? Or is it time for investors to set their sights elsewhere? 

Image via Unsplash

****The overview** **

**Bitcoin** has been going through a rollercoaster ride over the last couple of years. 2020 was a halving year, and most community members expected things to unfold positively. Luckily, their predictions turned out to be true when the marketplace skyrocketed to new levels only a few months later.

2021 was a significant time for Bitcoin users as the price **reached** $69,000, an incredible level that led many to consider BTC as a reliable investment option on par with traditional assets and holdings. However, this didn’t last long, and in fact, this period can be regarded as the calm before the storm in retrospect. 

That’s because, in 2022, Bitcoin **lost** a considerable part of its value, with losses of around 70% during the most intense part of the bear market. The environment plunged into a crypto winter, one that was named the most severe in the entire history of cryptocurrencies by some analysts.

While others pointed out that technical analysis indicates other events of this kind that took place in the past lasted longer, what set the one in 2022 apart was the fact that BTC had reached such a high level only one year earlier. To see all that melt away so quickly was tough for investors from all over the world, many of whom lost significant portions of their capital. 

Some of them decided to abandon crypto altogether out of fear that they’ll have to deal with even bigger losses in the future. Bitcoin reached a new bottom in 2022, settling at $16,000. For this reason, investors eagerly waited for the start of the new year, which was predicted to help the price bounce back.

January offered an opportunity for this, and BTC climbed to $20,000. By April, it touched the resistance area at $30,000, a level that hadn’t been reached since June 2022, right before prices had started dropping severely. 

While Bitcoin achieved a lot during 2023, investors continued to hope for better. 2024 kickstarted the beginning of a new era for BTC, as the approval of the exchange-traded funds caused a spike that took the price to a new all-time high, a little over $70K. The gains didn’t last long though, and were followed by considerable corrections.

As of November, the **Bitcoin price** has been showing stronger performance levels than ever before and managed to surpass all of its previous records. On November 18th, the BTC price **was** around $89,500, leading investors to believe that a six-figure value would become reality much sooner than expected. 

****Investor sentiment** **

Since the crypto market is entirely decentralized, how the prices change and evolve is the result of a large number of factors. Volume, the general economic situation, and market sentiment are among the most essential aspects, and investors are careful to check these metrics before making important decisions.

Some researchers have attributed Bitcoin’s current weak performance to whales and their activities, as this investor demographic finished a long phase of accumulation and has, therefore, reduced their positions. An address linked to one “**Mr. 100**” reached a peak of more than 73,000 BTC after accumulating over nearly a week. Paired with the exchange-traded funds’ outflows, analysts believe that this investor created turmoil within the community. 

Bitcoin portfolio of Mr. 100% (Screenshot via Reddit)

The derivatives and stablecoin flows have generally shown signals of decreased confidence levels among traders. Options data confirms an increase in temporary demands for downside protections as investors want to secure their portfolios. In the past, times of negative funding rates were typically short-lived, indicating that the bears don’t believe it is safe to start selling anywhere below the $60,000 mark. 

****Uptober** **

October has traditionally been recognised as a positive time for cryptocurrencies, a month during which digital assets perform well and investors see significant gains. This is particularly noteworthy in the context of the fact that September has the opposite reputation of being a time when the crypto market is doing quite poorly.

However, this year, some traders have said that it would be a mistake to overinflate the importance of the entire month. This is because, under closer scrutiny, it is revealed that only the later part of October is recording bullish tendencies, not the first weeks. Data shows that Uptober tends to start around the 19th at the earliest, so it is vital for investors to remain patient and avoid making any impulsive decisions.

The statistics show that this is actually true for 2024 and that the marketplace is currently navigating the slowest October in the last decade. The prices of both Bitcoin and Ethereum have declined since the beginning of the month, but the second half of October is more likely to make room for more robust growth. The last week of October may kickstart the beginning of the bullish cycle that continues until the end of the year, and then Bitcoin prices will be taken into the six-figure area that most investors expect. 

Bitcoin is the **most important cryptocurrency** in the world, with the highest market capitalisation level. Investors have started trusting its abilities and believing in its value in increasing numbers, so although the market has been dealing with some challenges, it remains robust. In order to be successful in your trading ventures, though, you must still be ready to create a comprehensive strategy that is personalised to suit your goals and takes the long-term picture into account. 

1.  **5 Types of Crypto You Didn’t Know Existed**
2.  **Is the Blockchain Secure? Yes, and Here’s Why**
3.  **12 Tips for Managing Cryptocurrency Market Volatility**
4.  **Step-by-Step Guide to Creating Your First Crypto Wallet**
5.  **Bitcoin’s digital signature feature facilitates Web3 adoption**

Is Bitcoin Still a Secure and Reliable Trading Option? 

Amazon Web Services' identity and access management platform has added new features that help developers implement secure, scalable, and customizable authentication solutions for their applications.

Source: GK Images via Alamy Stock Photo

Amazon Web Services (AWS) has announced updates to Amazon Cognito, its identity and access management service for Web and mobile applications. The service allows developers to secure machine-to-machine authentication, enable role-based access to AWS resources, and create sign-in and sign-up experiences in applications. 

Cognito now supports passwordless login with managed login, enabling users to integrate passwordless authentication methods, including passkeys, email one-time-passwords, and SMS one-time-passwords. 

The new features include a developer-focused console experience that streamlines onboarding via a wizard and use-case specific recommendations. This allows developers to configure their sign-in options and follow the system-provided instructions to create the application's sign-in and sign-up pages. A new user pool, a user directory for authentication and authorization, is automatically created, according to the blog post announcing the new updates. Amazon Cognito also supports major application frameworks and offers detailed instructions for integrating them using standard OpenID Connect (OIDC) and OAuth open source libraries.

Amazon has updated the pricing structure for Cognito, adding user pool feature tiers: Lite, Essentials, and Plus. New user pools are created at the Essentials tier by default, and users can switch between tiers depending on their needs. 

The Lite tier includes user registration, password-based authentication, and social identity provider integration. The Essentials tier includes expanded authentication and access control features, including managed login and passwordless capabilities and enhanced security features. The Plus tier offers more security features, including threat protection capabilities against suspicious logins and compromised credential detection. 

Pricing is based on monthly active users. The Essentials and Plus tiers are available in all AWS regions where Cognito is available, except AWS GovCloud (US) regions. 

**About the Author**

Contributing Writer

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

AWS Rolls Out Updates to Amazon Cognito

Cyberattackers have been targeting the online NFT marketplace with emails claiming to make an offer to a targeted user; in reality, clicking on a malicious link takes victims to a crypto-draining site.

Source: Mundissima via Alamy Stock Photo

Cyberattackers are targeting users of the OpenSea nonfungible token (NFT) platform with a phishing attack that lures users with the potential sale of items listed on the marketplace. The aim? Draining their cryptocurrency wallets dry.

Researchers at Cofense discovered the campaign, in which adversaries impersonate the OpenSea website and claim a user has a new offer on a listing on the site to try to bait them into clicking on a malicious link.

"The goal of the phishing scheme is to get recipients to connect their crypto wallets to the phishing page, which will drain their wallets," Cole Adkins of the Cofense Phishing Defense Center wrote in a post. "The phish presents itself as an offer on an NFT the recipient has listed on OpenSea, in hopes they will click on it and connect their wallet once redirected."

OpenSea is the largest marketplace for NFTs and thus "the go-to platform for many entry-level NFT enthusiasts looking to enter the crypto collectible market," who are likely unaware of the common tactics of phishers and thus can easily be fooled, he wrote.

The campaign demonstrates the speed with which attackers are targeting new and emerging technologies like NFT — which held little interest for people until OpenSea was launched in 2017 —  with custom campaigns tailored to their particular interests, he said. OpenSea marketplace currently has more than 2 million users with at least one transaction on the site, many of them enterprise users.

Related:Sneaky Skimmer Malware Targets Magento Sites Ahead of Black Friday

**OpenSea Brand Impersonation for the Phishing Lure**

The attack begins when targeted victims receive an email that appears to come from OpenSea. To a savvy user, it would be a clear phish, as the sender address is "administrator\[at\]motordna\[dot\]io," and thus unrelated to the NFT marketplace. However, the branding in the content of the email mimics OpenSea using a look that's similar to the site, and it could fool someone not keeping an eye out for phishing clues, according to Cofense.

"By branding the email as OpenSea and employing the same email format used for an actual notification from the OpenSea NFT marketplace, the threat actor hopes to ease the recipient’s suspicion so they will click the button in the email body," Adkins wrote.

Recipients are prompted to hit an "Access Now" button to direct to a purported offer that's come on one of their items on the marketplace, demonstrating the use of social engineering that adds urgency and aims to instill excitement at the potential of a sale, he wrote.

Users that click on the button are directed to a fake OpenSea webpage that's also been designed by attackers to appear legitimate. The page shows that an offer has been made on an NFT owned by the victim and they must accept it quickly by connecting to their crypto wallet via a "Connect Wallet" button, or else lose their chance at a sale. Clicking presents the user with multiple ways to access the wallet, such as via a QR code or signing in with credentials. Once this step is complete, an attacker can control the wallet and any credentials associated with it.

Related:News Desk 2024: Can GenAI Write Secure Code?

**NFT in the Crosshairs**

The campaign is not the first time OpenSea has been targeted by a potential threat actor. A couple of years ago, an employee of one of the marketplace's email vendors, Customer.io, accessed and downloaded the company's email list, ostensibly for future phishing attacks. The cybercriminal group Marko Polo also has impersonated OpenSea as a way to target its users for fraud.

While NFT hasn't quite gone mainstream yet, attackers are increasingly targeting those interested in the novel technology to expand their attack surface. These attacks will likely ramp up as the technology gains popularity, according to Cofense. "This … highlights why recipients must stay vigilant and up to date with common phishing threats in order to protect their assets," Adkins wrote.

Related:Israel Defies VC Downturn With More Cybersecurity Investments

Cofense recommends that users of OpenSea and other NFT marketplaces use the same online hygiene as any other e-commerce user when navigating access to their accounts. Best practices for protecting assets include avoiding clicking on links in emails from addresses or users they don't recognize, and learning to recognize common phishing and social-engineering tactics. The company also recommends that OpenSea users should check the sender field of any email that purports to be from the marketplace for suspicious-looking addresses that could alert them to foul play.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

OpenSea Phishers Aim to Drain Crypto Wallets of NFT Enthusiasts

Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information.

GHSA-rmv2-8jjc-23xw: TCPDF Local File Inclusion vulnerability

Aqua Nautilus researchers have discovered a campaign powering a series of large-scale DDoS attacks launched by Matrix, which…

Aqua Nautilus researchers have discovered a campaign powering a series of large-scale DDoS attacks launched by Matrix, which could be a Russian threat actor. Learn about the vulnerabilities exploited, the techniques used, and the possible impact on businesses worldwide.

Cybersecurity researchers at Aqua Nautilus have discovered a new Distributed Denial of Services (**DDoS**) campaign launched by a threat actor known as Matrix, exploiting readily available tools and minimal technical expertise.

According to Aqua Nautilus’ investigation, shared with Hackread.com, Matrix, which the researchers have labeled as script kiddies, targets a large network of internet-connected devices, including IoT devices, cameras, routers, DVRs, and enterprise systems, marking a transformation in focus for DDoS attacks.

The attackers use different techniques, mapped to the MITRE ATT&CK framework, primarily relying on **brute-force attacks**, exploiting weak default credentials and misconfigurations to gain initial access.

Once compromised, devices are incorporated into a larger botnet. The attackers also utilize various public scripts and tools to scan for vulnerable systems, deploy malware, and execute attacks. 

According to Aqua Nautilus’ **blog post**, despite initial indications of Russian affiliation, the lack of Ukrainian targets suggests a primary focus on financial gain rather than political objectives. Matrix has created a Telegram bot, Kraken Autobuy, to sell DDoS attack services targeting Layer 4 (Transport Layer) and Layer 7 (Application Layer) attacks, further emphasizing the commercialization of this campaign.

(Via Aqua Nautilus)

The campaign exploits a mix of recent and older vulnerabilities, including the following:

*   **CVE-2014-8361**
*   **CVE-2017-17215**
*   **CVE-2018-10562**
*   **CVE-2022-30525**
*   **CVE-2024-27348**
*   **CVE-2018-10561**
*   **CVE-2018-9995**
*   **CVE-2018-9995**
*   **CVE-2017-18368**
*   **CVE-2017-17106**

These vulnerabilities, combined with the widespread use of weak credentials, create a significant attack surface for malicious actors. Most activity (around 95%) occurs during weekdays, suggesting a more structured approach

Matrix utilizes a GitHub account to store and manage malicious tools and scripts, mainly written in Python, Shell, and Golang.

“A significant focus has been placed on repositories such as _scanner_, _gggggsgdfhgrehgregswegwe_, _musersponsukahaxuidfdffdf_, and _DHJIF_. These repositories house various tools designed for scanning, exploiting, and deploying malware—primarily Mirai and other DDoS-related tools—on IoT devices and servers,” researchers noted.

The screenshot shows successful login into a camera panel using weak credentials (Via Aqua Nautilus)

On the other hand, Virus Total identified various tools being used for launching DDoS attacks, including DDoS Agent, SSH Scan Hacktool, **PyBot**, PYnet, DiscordGo Botnet, HTTP/HTTPS Flood Attack, and the Homo Network. These tools allow for controlling compromised devices, launching large-scale DDoS attacks against targets of choice, and utilizing Discord for communication and remote control. 

The potential impact of this campaign is significant, with millions of internet-connected devices potentially vulnerable to exploitation. “Nearly 35 million devices are vulnerable. If 1% are compromised, the botnet could reach 350,000 devices; at 5%, it could grow to 1.7 million, rivalling major past attacks,” researchers noted.

The primary impact is denial-of-service to servers, disrupting businesses and online operations. Compromised servers can lead to service provider deactivation, impacting businesses relying on them. A limited cryptocurrency mining operation targeting ZEPHYR was observed, yielding minimal financial gain.

To stay safe, organizations should prioritize strong security practices like regular patching, strong password policies, network segmentation, intrusion detection systems, web application firewalls, and regular security audits to reduce their exposure to **DDoS attacks** and other cyber threats.

1.  **Mirai-Inspired Gorilla Botnet Hits 0.3M Devices Globally**
2.  **Goldoon Botnet Hit D-Link Devices by Exploiting 9-Year-Old Flaw**
3.  **Russian Hackers Target Ubiquiti Routers for Data, Botnet Creation**
4.  **Golang Botnet “Zergeca” Discovered, Delivers Brutal DDoS Attacks**
5.  **Mirai-like Botnet Hits Zyxel NAS Devices in Europe for DDoS Attacks**
6.  **US Charges Duo Behind Anonymous Sudan for 35,000 DDoS Attacks**

Latest News