A threat actor known as Prolific Puma has been maintaining a low profile and operating an underground link shortening service that's offered to other threat actors for at least over the past four years.
Prolific Puma creates "domain names with an RDGA [registered domain generation algorithm] and use these domains to provide a link shortening service to other malicious actors, helping them evade

A threat actor known as **Prolific Puma** has been maintaining a low profile and operating an underground link shortening service that's offered to other threat actors for at least over the past four years.

Prolific Puma creates "domain names with an RDGA \[registered domain generation algorithm\] and use these domains to provide a link shortening service to other malicious actors, helping them evade detection while they distribute phishing, scams, and malware," Infoblox said in a new analysis pieced together from Domain Name System (DNS) analytics.

With malicious actors known to use link shorteners for phishing attacks, the adversary plays an important role in the cybercrime supply chain, registering between 35,000 to 75,000 unique domain names since April 2022. Prolific Puma is also a DNS threat actor for leveraging DNS infrastructure for nefarious purposes.

A notable aspect of the threat actor's operations is the use of an American domain registrar and web hosting company named NameSilo for registration and name servers due to its affordability and an API that facilitates bulk registration.

Prolific Puma, which does not advertise its shortening service on underground markets, has also been observed resorting to strategic aging to park registered domains for several weeks prior to hosting their service with anonymous providers.

"Prolific Puma domains are alphanumeric, pseudo-random, with variable length, typically 3 or 4 characters long, but we have also observed SLD labels as long as 7 characters," Infoblox explained.

Furthermore, the threat actor has registered thousands of domains in the U.S. top-level domain (usTLD) since May 2023, repeatedly using an email address containing a reference to the song OCT 33 by a psychedelic soul band called Black Pumas: blackpumaoct33@ukr\[.\]net.

The real-world identity and origins of Prolific Puma remains unknown as yet. That said, multiple threat actors are said to be using the offering to take visitors to phishing and scam sites, CAPTCHA challenges, and even other shortened links created by a different service.

In one instance of a phishing-cum-malware attack documented by Infoblox, victims clicking on a shortened link are taken to a landing page that requests them to provide personal details and make a payment, and ultimately infect their systems with browser plugin malware.

The disclosure comes weeks after the company exposed another persistent DNS threat actor codenamed Open Tangle that leverages a large infrastructure of lookalike domains of legitimate financial institutions to target consumers for phishing and smishing attacks.

"Prolific Puma demonstrates how the DNS can be abused to support criminal activity and remain undetected for years," it said.

**Kopeechka Hacking Tool Floods Online Platforms with Bogus Accounts**

The development also follows a new report from Trend Micro, which found that lesser-skilled cybercriminals are using a new tool called **Kopeechka** (meaning "penny" in Russian) to automate the creation of hundreds of fake social media accounts in just a few seconds.

"The service has been active since the beginning of 2019 and provides easy account registering services for popular social media platforms, including Instagram, Telegram, Facebook, and X (formerly Twitter)," security researcher Cedric Pernet said.

Kopeechka provides two types of different email addresses to help with the mass-registration process: email addresses hosted in 39 domains owned by the threat actor and those that are hosted on more popular email hosting services such as Gmail, Hotmail, Outlook, Rambler, and Zoho Mail.

"Kopeechka does not actually provide access to the actual mailboxes," Pernet explained. "When users request for mailboxes to create social media accounts, they only get the email address reference and the specific email that contains the confirmation code or URL."

It's suspected that these email addresses are either compromised or created by the Kopeechka actors themselves.

With online services incorporating phone number verification to complete registration, Kopeechka enables its customers to choose from 16 different online SMS services, most of which originate from Russia.

Besides accelerating cybercrime and equipping threat actors to launch full-fledged operations at scale, such tools – created as part of the "as-a-service" business model – highlight the professionalization of the criminal ecosystem.

"Kopeechka's services can facilitate an easy and affordable way to mass-create accounts online, which could be helpful to cybercriminals," Pernet said.

"While Kopeechka is mainly used for multiple accounts creation, it can also be used by cybercriminals who want to add a degree of anonymity to their activities, as they do not need to use any of their own email addresses to create accounts on social media platforms."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Researchers Expose Prolific Puma's Underground Link Shortening Service

Plus: Stolen US State Department emails, $20 million zero-day flaws, and controversy over the EU’s message-scanning law.

WIRED broke the news on Wednesday that SoundThinking, the company behind the gunshot-detection system ShotSpotter, is acquiring some assets—including patents, customers, and employees—from the firm Geolitica, which developed the notorious predictive policing software PredPol. WIRED also exclusively reported this week that the nonprofit Electronic Privacy Information Center is calling on the US Justice Department to investigate potentially biased deployment of ShotSpotter in predominantly Black neighborhoods.

As the US federal government inches closer to a possible shutdown, we took a look at the sprawling conservative media apparatus and deep bench of right-wing hardliners in Congress that are exploiting their leverage to block a compromise in the House of Representatives.

Satellite imaging from the Conflict Observatory at Yale University is providing harrowing insight and crucial information about the devastation wrought in the city of Khartoum by Sudan’s civil war. Meanwhile, researchers from the cybersecurity firm eQualitie have developed a technique for hiding digital content in satellite TV signals—a method that could be used to circumvent censorship and internet shutdowns around the world. And the productivity data that corporations have increasingly been gathering about their employees using monitoring software could be mined in an additional way to train AI models and eventually automate entire jobs.

Plus, there's more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

A China-linked hacking group, dubbed BlackTech, is compromising routers in the US and Japan, secretly modifying their firmware and moving around company networks, according to a warning issued by cybersecurity officials this week. The United States Cybersecurity and Infrastructure Security Agency (CISA), the NSA, FBI, and Japan's National Police Agency and cybersecurity office issued the joint alert saying the BlackTech group was “hiding in router firmware.”

The officials said they had seen the Chinese-linked actors using their access to the routers to move from “global subsidiary companies” to the networks of companies’ headquarters in the US and Japan. BlackTech, which has been operating since around 2010, has targeted multiple router types, the officials said, but they highlighted that it compromised Cisco routers using a customized backdoor. “TTPs against routers enable the actors to conceal configuration changes, hide commands, and disable logging while BlackTech actors conduct operations,” the alert says.

Microsoft and US government officials said in July that Chinese government hackers had breached the cloud-based Outlook email systems of about 25 organizations, including the US State Department and Department of Commerce. On Wednesday, an anonymous staffer for Senator Eric Schmitt told Reuters that the State Department incident exposed 60,000 emails from 10 accounts. Nine of the accounts were used by State Department employees focused on East Asia and the Pacific, while one was focused on Europe. The Congressional staffer learned the information in a State Department IT briefing for legislators and shared the details with Reuters via email.

The zero-day market, where new vulnerabilities and the code needed to exploit them are traded for cash, is big business. And it is, maybe, getting more lucrative. Russian zero-day seller Operation Zero this week announced it would increase some of its payments from $200,000 to $20 million. “As always, the end user is a non-NATO country,” the group said, indicating it means Russian private and government organizations.

Unlike bug bounties, where security researchers find flaws in companies’ code and then disclose them to the firms to fix for payments, the zero-day market encourages the trade in flaws that can potentially be exploited by the purchasers. “Full chain exploits for mobile phones are the most expensive products right now and they’re used mostly by government actors," Operation Zero CEO Sergey Zelenyuk told TechCrunch. "When an actor needs a product, sometimes they’re ready to pay as much as possible to possess it before it gets into the hands of other parties.”

The European Union's proposed law to clamp down on child sexual abuse content—by scanning people’s messages and potentially compromising encryption—is one of the continent's most controversial laws of the last decade. This week, a series of revelations from a group of reporters has shown how the law’s main architect was heavily lobbied ahead of proposing the law and that police wanted access to the message data. First, an investigation revealed the close connections between the European Union’s home affairs commissioner, Ylva Johansson, and child protection groups. A second report shows the European police agency Europol pushed to get access to data collected under the proposed law. In response to the investigations, Europe's Committee on Civil Liberties, Justice, and Home Affairs has written to Johansson asking questions about the relationships.

Chinese Hackers Are Hiding in Routers in the US and Japan

Plus: Meta pays $1.4 million in a historic privacy settlement, Microsoft blames a cyberattack for a major Azure outage, and an artist creates a face recognition system to reveal your NYPD “coppelganger.”

If it seems like there’s suddenly a whole lot more data breaches, you may be right. Part of this apparent spike is thanks to the growing popularity of infostealer malware. These types of malicious software are increasingly being used by cybercriminals to scoop up as many login credentials and other sensitive data as possible. That stolen data is then sold on criminal hacker forums, then used to break into victims’ accounts, which can include those of massive corporations. It’s a good reminder to always enable multi-factor authentication anywhere it’s available.

A security researcher this week disclosed the discovery of more than a dozen unsecured databases containing sensitive information on voters in counties across Illinois. The data, which was stored by a government contractor, includes driver’s license numbers, Social Security numbers, death certificates, and more. While election security has generally improved in recent years, the episode illuminates how difficult it can be to protect all voter data all the time.

The history of confidential FBI informants is long and sordid—and ongoing. A WIRED investigation published this week revealed how one informant infiltrated far-right groups and turned over their secrets to the Feds—all while pushing hateful ideologies that helped inspire a new generation of violent extremists online.

Hacking computers with lasers has always been a rich person’s game—until now. Security researchers Sam Beaumont and Larry “Patch” Trowell are releasing an open source laser hacking tool called RayV Lite, which can be produced for just $500, a tiny fraction of the $150,000 price tag of laser equipment historically used for hardware hacking. The pair will be detailing the RayV Lite at the Black Hat security conference next week in Las Vegas. (WIRED will be on the ground for Black Hat and Defcon, the _other_ big security conference happening next week in Vegas, so check back for our full coverage starting on Tuesday.)

Finally, we dove into the fine print of OpenAI’s ChatGPT-4o to lay out the privacy wins and pitfalls of the generative AI tool.

But that’s not all. Each week, we round up the big security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

In a historic prisoner swap between the US and Russia, Wall Street Journal reporter Evan Gershkovich and former Marine Paul Whelan were freed from Russian detention on Thursday. The White House said the secret deal, negotiated for over a year, involved 24 prisoners: 16 moved from Russia to the West and eight from the West to Russia, including two cybercriminals. NBC News reports this is likely the first time the US has released international hackers in a prisoner exchange.

The two Russian hackers are Roman Seleznev and Vladislav Klyushin. Seleznev was sentenced in 2017 to 27 years in prison for racketeering convictions. According to the US Department of Justice, he installed malware on point-of-sale systems software that allowed him to steal millions of credit card numbers from more than 500 US businesses. In September 2023, Klyushin was sentenced to nine years in prison for what US prosecutors described as a “$93 million hack-to-trade conspiracy.”

**Meta Pays $1.4 Billion Over Face Recognition Controversy**

Meta, the parent company of Facebook and Instagram, will pay $1.4 billion to settle a lawsuit brought by the Texas attorney general, whose office accused the social media behemoth of illegally capturing the biometric data of millions of Texans. In 2022, the state sued Meta over its implementation of a feature that used face recognition to automatically suggest people to tag in photos and videos uploaded to Facebook. Prosecutors say the feature, initially called Tag Suggestions, violated a Texas law that makes it illegal for companies to capture and profit from someone’s biometric identifiers without their consent. While Meta did not admit to any wrongdoing as part of the agreement, according to Texas attorney general Ken Paxton's office, it’s the single largest privacy settlement ever obtained by a state.

**Cyberattack Sparks Eight-Hour Microsoft Azure Outage**

A widespread Microsoft Azure outage that impacted a range of services—including Microsoft 365 products such as Office and Outlook—was caused by a cyberattack, the tech company revealed on Wednesday. According to Microsoft’s Azure status history page, the incident lasted approximately eight hours on Tuesday and affected “a subset” of customers globally.

The company described the attack as a distributed denial of service, a malicious attempt by hackers to disrupt a target company’s operations by overwhelming its infrastructure with a flood of internet traffic. According to PCMag, two hacktivist groups have claimed responsibility. Microsoft plans on publishing a review of the incident.

US Hands Over Russian Cybercriminals in WSJ Reporter Prisoner Swap

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.

**Microsoft** has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various **Windows** operating systems and related software. The most pressing patches include a zero-day in a Windows feature that tries to flag malicious files from the Web, a critical bug in **PowerShell**, and a dangerous flaw in **Windows 11** systems that was detailed publicly prior to this week’s Patch Tuesday.

The security updates include patches for **Azure**, **Microsoft Edge,** **Office**, **SharePoint Server**, **SysInternals**, and the **.NET framework**. Six of the update bundles earned Microsoft’s most dire “critical” rating, meaning they fix vulnerabilities that malware or malcontents can use to remotely commandeer an unpatched Windows system — with little to no interaction on the part of the user.

The bug already seeing exploitation is CVE-2022-44698, which allows attackers to bypass the Windows SmartScreen security feature. The vulnerability allows attackers to craft documents that won’t get tagged with Microsoft’s “Mark of the Web,” despite being downloaded from untrusted sites.

“This means no Protected View for Microsoft Office documents, making it easier to get users to do sketchy things like execute malicious macros,  
said **Greg Wiseman**, product manager at security firm **Rapid7**. This is the second Mark of the Web flaw Microsoft has patched in as many months; both were first publicly detailed over the past two months on Twitter by security researcher Will Dormann.

Publicly disclosed (but not actively exploited for now) is CVE-2022-44710, which is an elevation of privilege flaw in the DirectX graphics component of Windows 11.

Another notable critical bug is CVE-2022-41076, a remote code execution flaw in PowerShell — a key component of Windows that makes it easier to automate system tasks and configurations.

**Kevin Breen** at **Immersive Labs** said while Microsoft doesn’t share much detail about CVE-2022-41076 apart from the designation ‘Exploitation More Likely,’ they also note that successful exploitation requires an attacker to take additional actions to prepare the target environment.

“What actions are required is not clear; however, we do know that exploitation requires an authenticated user level of access,” Breen said. “This combination suggests that the exploit requires a social engineering element, and would likely be seen in initial infections using attacks like MalDocs or LNK files.”

Speaking of malicious documents, **Trend Micro’s Zero Day Initiative** highlights CVE-2022-44713, a spoofing vulnerability in **Outlook for Mac**.

“We don’t often highlight spoofing bugs, but anytime you’re dealing with a spoofing bug in an e-mail client, you should take notice,” ZDI’s **Dustin Childs** wrote. “This vulnerability could allow an attacker to appear as a trusted user when they should not be. Now combine this with the SmartScreen Mark of the Web bypass and it’s not hard to come up with a scenario where you receive an e-mail that appears to be from your boss with an attachment entitled “Executive\_Compensation.xlsx”. There aren’t many who wouldn’t open that file in that scenario.”

Microsoft also released guidance on reports that certain software drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity.

Three different companies reported evidence that malicious hackers were using these signed malicious driver files to lay the groundwork for ransomware deployment inside victim organizations. One of those companies, **Sophos**, published a blog post Tuesday detailing how the activity was tied to the Russian ransomware group **Cuba**, which has extorted an estimated $60 million from victims since 2019.

Of course, not all scary and pressing security threats are Microsoft-based. Also on Tuesday, **Apple** released a bevy of security updates to iOS, iPadOS, macOS, tvOS and Safari, including  a patch for a newly discovered zero-day vulnerability that could lead to remote code execution.

Anyone responsible for maintaining **Fortinet** or **Citrix** remote access products probably needs to update, as both are dealing with active attacks on just-patched flaws.

For a closer look at the patches released by Microsoft today (indexed by severity and other metrics) check out the always-useful Patch Tuesday roundup from the **SANS Internet Storm Center**. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users.

As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these updates, please drop a note about it here in the comments.

Microsoft Patch Tuesday, December 2022 Edition

PRESS RELEASE

NEW YORK, Nov. 14, 2024 /PRNewswire/ -- Kyndryl (NYSE: KD), the world's largest IT infrastructure services provider, today introduced a new suite of services, co-developed with Microsoft, to enhance cyber resilience for businesses globally.

Kyndryl and Microsoft have built upon their successful, long-standing partnership to develop differentiated, scalable security and resiliency services. The new services are integrated into Kyndryl Bridge, the industry-leading, artificial intelligence (AI)-powered, open integration digital business platform. Combining Kyndryl's deep services expertise with Microsoft's security technologies provides businesses a comprehensive approach to defending their operations from nefarious threats and attacks.  

This collaboration between Kyndryl and Microsoft can help customers address their expansive cyber resilience needs, ranging from compliance to secure, resilient IT infrastructure, especially considering that cyberattacks are the top concern for business leaders.

"As businesses continue to embrace digital modernization and rapid advancements in technology, the cyber threat landscape and growing regulatory pressures around the world are becoming increasingly complex," said Michelle Weston, Vice President of Security & Resiliency, Kyndryl. "Through our strategic partnership with Microsoft, we are positioned to meet our customers' needs by providing robust security capabilities and supporting their regulatory readiness. Our combined expertise allows us to deliver services that not only protect our customers' assets, but also empower them to thrive in a rapidly evolving digital environment."

"The need for robust cyber resilience has never been greater," said Ricardo Davila, Senior Director, Kyndryl, at Microsoft. "By leveraging Microsoft's security technologies and Kyndryl's expertise, together, we're helping businesses protect their critical assets, so they can operate with confidence. This partnership reinforces our shared commitment to combat cyber threats, so they can realize digital transformation across industries."

Through its services, Kyndryl provides customers:

*   Enhanced risk and compliance readiness: To help support customers' cyber regulatory readiness around the world, Kyndryl's services with Microsoft Purview can automatically assess and manage compliance across multi-cloud and hybrid cloud environments. A global team of security experts recommend the most relevant assessments and advise on which policies and operational procedures to implement to help mitigate compliance risk. 
    
*   Security information and event management (SIEM) migration: Customers can migrate existing Microsoft Sentinel SIEM solutions quickly, enhancing security operations center (SOC) capabilities and accelerating onboarding processes, reducing time to initiate the delivery of services.
    
*   Identity and access management (IAM): Protecting identities and controlling access is one of the first lines of defense against threats to an organization's data and systems. Using Zero Trust principles, Kyndryl's services with Microsoft Entra enhance security and provide a better user experience for customers by offering simplified user authentication, identity governance and integrations to help secure access to their resources.
    
*   Increased detection and response (XDR) capabilities: Businesses have increasingly complex IT architecture with remote endpoints that use several operating systems and device types. The XDR services with Microsoft Defender enable threat prevention, detection and response against increasingly sophisticated attacks on customer assets, including email, identity, Software as a Service (SaaS) applications, cloud infrastructure and data.
    

As part of the partnership, Kyndryl became a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors (ISVs) and managed security service providers (MSSPs) that have integrated their solutions with Microsoft Security technology to better defend mutual customers against a world of increasing cyber threats.

Visit the Kyndryl and Microsoft alliance page for more information on the strategic partnership.

About Kyndryl  
Kyndryl (NYSE: KD) is the world's largest IT infrastructure services provider, serving thousands of enterprise customers in more than 60 countries. The Company designs, builds, manages and modernizes the complex, mission-critical information systems that the world depends on every day. For more information, visit www.kyndryl.com.

Forward-Looking Statements  
This press release contains "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Such forward-looking statements often contain words such as "will," "anticipate," "predict," "project," "plan," "forecast," "estimate," "expect," "intend," "target," "may," "should," "would," "could," "outlook" and other similar words or expressions or the negative thereof or other variations thereon. All statements, other than statements of historical fact, including without limitation statements representing management's beliefs about future events, transactions, strategies, operations and financial results, may be forward-looking statements. These statements do not guarantee future performance and speak only as of the date of this press release and the Company does not undertake to update its forward-looking statements. Actual outcomes or results may differ materially from those suggested by forward-looking statements as a result of risks and uncertainties including those described in the "Risk Factors" section of the Company's most recent Annual Report on Form 10-K filed with the Securities and Exchange Commission.

Kyndryl &amp; Microsoft Unveil New Services to Advance Cyber Resilience for Customers

Microsoft disclosed 83 vulnerabilities across the company’s hardware and software line, including two issues that are actively being exploited in the wild, continuing a trend of zero-days appearing in Patch Tuesdays over the past few months.

Tuesday, March 14, 2023 16:03

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including two issues that are actively being exploited in the wild, continuing a trend of zero-days appearing in Patch Tuesdays over the past few months.

Two of the vulnerabilities included in March’s security update have been exploited in the wild, according to Microsoft, including one critical issue.

In all, eight of the issues disclosed this month are critical, while the remainder — outside of one — is “important.”

A moderate-severity vulnerability that’s already being exploited in the wild is CVE-2023-24880, a security feature bypass vulnerability in Windows SmartScreen, a cloud-based anti-phishing and anti-malware feature included in several Microsoft products. An attacker could exploit this vulnerability to craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. This, in theory, could allow the attacker to pass a malicious file through without it being detected.

The other zero-day included this month is CVE-2023-23397, a privilege escalation vulnerability in Microsoft Outlook that could force a targeted device to connect to a remote URL and transmit the Windows account's Net-NTLMv2 hash to an adversary.

To trigger this vulnerability, a user doesn’t even need to open the email or preview it, the vulnerability is triggered as soon as the email is retrieved by the targeted email server.

Three of the other critical vulnerabilities Microsoft is patching have a CVSS severity score of 9.8 out of 10: CVE-2023-21708, CVE-2023-23392 and CVE-2023-23415.

CVE-2023-21708 is a remote code execution vulnerability in Microsoft Remote Call Procedure (RCP). To exploit this vulnerability, an unauthenticated attacker could send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

The attacker would need to have access to TCP port 135 on the remote host, so Microsoft considers this vulnerability “less likely” to be exploited, especially from an outside network perimeter. But an attacker who already have a foothold on an internal network could use this vulnerability to compromise other machines in the same domain if the target doesn’t block this port.

Another remote code execution vulnerability exists on the HTTP protocol stack on Windows 11 and Windows Server 2022. An attacker could exploit CVE-2023-23392 by sending a specially crafted packet to a targeted server that utilizes the HTTP Protocol Stack to process packets. For a server to be vulnerable, it must already have HTTP/3 enabled and use buffered I/O. HTTP/3 support for services is a new feature of Windows Server 2022. Another escalation of privilege vulnerability in the same component (CVE-2023-23410) may allow an attacker to elevate privileges to SYSTEM.

CVE-2023-23415 is the only vulnerability among the three with 9.8 CVSS scores that is “more likely” to be exploited, according to Microsoft. An attacker could exploit this vulnerability in the Internet Control Message Protocol (ICMP) to gain the ability to execute remote code with SYSTEM-level privileges.

An attacker could send fragmented ICMP error messages to a remote target and cause a read past the fragment buffer end. This could cause a BSOD if the read crosses a page boundary or give the attacker remote code execution abilities.

The other critical vulnerabilities are:

*   CVE-2023-23404, a remote code execution vulnerability in Windows point-to-point tunneling protocol
*   CVE-2023-23411, a denial-of-service vulnerability in Windows Hyper-V
*   CVE-2023-23416, a remote code execution vulnerability in Windows cryptographic services

A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page.

In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 61464 - 61467. The Snort 3 SIDs are 300460 and 300461.

Microsoft Patch Tuesday for March 2023 — Snort rules and prominent vulnerabilities

The advancement of technology has also impacted sectors like gaming. Blockchain technology has surfaced as an asset that…

The advancement of technology has also impacted sectors like gaming. Blockchain technology has surfaced as an asset that provides an angle on honesty and equality in the industry. Developers are incorporating blockchain into gaming to establish a fairer setting for players. This article digs deep into how blockchain games guarantee transparency and impartiality while discussing their advantages and obstacles.

****Exploring the World of Blockchain Technology****

Blockchain is a system of distributed ledgers that records transactions on computers to prevent tampering with data and ensure transparency. Every transaction is visible to all participants involved in the process without relying on a central authority for trust among users in the system’s decentralized environment. Blockchain games are an excellent example of how this technology innovates the gaming industry.

****Exploring the Integration of Blockchain Technology****

Integrating technology into gaming means utilizing ledgers to handle game items and transactions smoothly and securely for players to have genuine ownership of digital assets like characters and weapons or skins in a game environment with verification and safeguarding through blockchain for added security measures with sustainable assurance for peer to peer trades feasible, without intermediaries involvement leading to cost savings. 

****Improving Clarity****

Blockchain technology emphasizes transparency as an element in gaming by allowing players to validate the fairness of in-game events, such as loot drops and purchases, through unchangeable records maintained by the blockchain system. This openness builds trust as players can personally verify the authenticity of game rules. 

****Making Sure Things Are Fair****

Players have always been worried about fairness in gaming! Blockchain technology tackles this problem by allowing game algorithms and results to be easily verified by all parties. To guarantee fairness in games powered by technology and to prevent any play or cheating from happening during gameplay or outcome determination processes, smart contracts are utilized to automate and enforce the rules fairly according to mutually agreed conditions with no chance for any manipulation. 

****Ensuring Honesty and Integrity****

In traditional gaming settings, cheating and fraud are issues that disrupt play for all participants involved. However, with the integration of blockchain technology, every transaction and action taken by players is meticulously documented, making it harder for individuals to engage in deceitful practices. The unchangeable nature of these records is a deterrent against cheating since tampering with past data becomes nearly impossible. This transparency ultimately promotes equality among players, ensuring a level playing field where everyone can compete fairly. 

****Securing Ownership and Assets** **

In games online, belongings usually don’t belong to the players themselves. Blockchain alters this by enabling gamers to own virtual items separately from the game creators or developers who made them in the first place. Gamers can freely sell these possessions with confidence in their ownership security. This newfound freedom enriches the gaming journey as players engage deeply with their realms. 

****The Obstacles Encountered in Blockchain Gaming****

While blockchain gaming offers advantages and opportunities for growth in the industry, it also encounters obstacles along the way. One key issue is scalability, with blockchain networks finding it challenging to handle several transactions efficiently. Moreover, the intricate nature of technology may deter gamers from embracing it fully. To overcome these challenges and gain acceptance, education and user-friendly interfaces play roles.

Blockchain also faces challenges due to its energy consumption levels. However, new technologies are being developed to address this issue and make the gaming industry more eco-friendly by adopting sustainable practices. 

****The Upcoming Trajectory of Blockchain-Based Gaming****

The outlook for games seems bright as technology progresses. Developers are expected to address existing constraints shortly to encourage wider acceptance of these games among players and enthusiasts alike. The overall gaming experience will improve and appeal to a more extensive audience base through advancements in scalability and energy conservation measures. There is potential for blockchain-based games to find their way into the mainstream market and transform the industry by introducing transparency and equity principles. 

****Final Thoughts** **

Blockchain technology promotes transparency and fairness in gaming by providing players with ownership and verifiable results in blockchain games that cultivate a fairer environment for all participants despite obstacles ahead; the promise of advancement and creativity persists substantially. Adopting this technology has the potential to revolutionize our interaction with realms and redefine our understanding of gaming by paving the way for a future where fairness and transparency reign supreme. 

1.  In Gaming Item Scams and How to Avoid Them?
2.  Exploring Data Privacy and Security in B2B Gaming Data
3.  The Rise of Blockchain Gaming and Secure Marketplaces
4.  Blockchain in cybersecurity: opportunities and challenges
5.  GAM3S.GG and Immutable Partner for Web3 Gaming Expansion

How Blockchain Games Ensure Transparency and Fairness

Cyberattackers like IPFS because it is resilient to content blocking and takedown efforts.

As has happened with other Web technologies designed for legitimate use, the InterPlanetary File System (IPFS) peer-to-peer network for storing and accessing content in a decentralized fashion has become a potent new weapon for cyberattacks.

Researchers from Cisco Talos this week reported observing multiple malicious campaigns leveraging the IPFS to host phishing kits and malware payloads. For many attackers, the IPFS has become the equivalent of a bulletproof hosting provider that is mostly impervious to takedown efforts, Talos said. Complicating matters for defenders is the fact that the IPFS is often used for legitimate purposes. So, differentiating between benign and malicious IPFS activity is another challenge, the security vendor said.

"Organizations should become familiar with these new technologies and how they are being leveraged by threat actors to defend against new techniques that use them," Talos said in a report summarizing the threat.

**Growing Threat**

This marks at least the second time in recent months that researchers have sounded the alarm on IPFS becoming a hotbed of cybercrime activity.

In July, Trustwave's SpiderLabs noted how its researchers had identified more than 3,000 emails with phishing URLs hosted in the IPFS in a three-month period. Phishing pages that it observed on the IPFS included those that spoofed Microsoft Outlook login pages, Google domains and cloud storage services such as Filebase.io and nftstorage.link. "Phishing techniques have taken a leap by utilizing the concept of decentralized cloud services using IPFS," Trustwave said. The growing use of IPFS by many file storage, Web hosting, and cloud service companies means that attackers have a lot more flexibility in creating new phishing URLs that cannot be easily blocked, the security vendor said.

IPFS is a peer-to-peer file sharing system that Protocol Labs launched in 2015. The network is designed to allow decentralized storage of content. Content stored in the IPFS is mirrored across multiple nodes, or systems that participate in the network. Individuals and others can use IPFS to store different types of data including webpages, files, NFTs, and documents.

Resources stored on the IPFS are assigned unique identifiers. Users can employ the identifier to access the content via IPFS clients or gateways, which are like gateways for accessing content on the Tor network. Because content is mirrored on IPFS, it is always available even if one node goes down.

This has made the IPFS an attractive option for hosting phishing kits and malware for cybercriminals. Because content on the IPFS does not have a static IP address, it cannot be blocked using standard IP blocking and blacklisting mechanisms. Similarly, taking down a node containing phishing pages and malware does little to neutralize a threat because the content is mirrored across multiple nodes. There is also no central authority on the IPFS that law enforcement or security vendors can contact to take down a phishing or malware distributing site.

In an example of how attackers are abusing IPFS, Talos pointed to a phishing campaign in which victims receive an email with an attached PDF that purports to be associated with the DocuSign document signing service. When a user clicks on the "Review Document" link, they are directed to a webpage that appears to be a legitimate Microsoft authentication page but is really a credential-harvesting page hosted on the IPFS network.

In situations where an IPFS gateway might recognize the resource being requested as malicious and block access, attacker simply change the IPFS gateway that is used to retrieve the content, Talos said.

**Phishing Not the Only Threat**

Phishing pages are not the only threat. A growing number of attackers are also leveraging the peer-to-peer network to distribute malicious payloads.

In one campaign that Talos researchers observed, the attacker sent victims a phishing email with a ZIP attachment containing a malware dropper in the form of a PE32 executable. When run, the downloader would reach out to an IPFS gateway and retrieve a second-stage malware payload hosted on the peer-to-peer network. The attack chain ended with the Agent Tesla remote-access Trojan getting dropped on the victim's system.

Talos researchers also found a destructive, disk-wiping malware tool and a full-featured information-stealer called Hannabi Grabber hosted in IPFS nodes.

"Many new Web3 technologies have emerged recently, attempting to provide valuable functionality to users," Talos said in the report. "As these technologies have continued to see increased adoption for legitimate purposes, they have begun to be leveraged by adversaries as well."

The researchers expect the trend to gain momentum as more threat actors realize the IPFS is resilient to content moderation and takedown efforts.

"Organizations should be aware of how these newly emerging technologies are being actively used across the threat landscape and evaluate how to best implement security controls to prevent or detect successful attacks in their environments," the vendor said.

InterPlanetary File System Increasingly Weaponized for Phishing, Malware Delivery

New Add-On Empowers SOCs and MSPs to Automate & Orchestrate Incident Response for Microsoft 365.

**SAN FRANCISCO****,** **Jan. 10, 2023** **/PRNewswire/ --** Vade, the global leader in threat detection and response with 1.4 billion mailboxes protected, today announced the availability of Threat Intel & Investigation. An add-on for Vade's flagship product, Vade for M365, Threat Intel & Investigation provides the integrations, intel, and tools for SOCs and MSPs to investigate and respond to email-borne threats transiting through networks.

According to a 2021 report, breaches caused by phishing emails take an average of 213 days to be identified and another 80 days to be contained. This lag time gives cybercriminals the runway they need to conduct additional attacks on an organization, causing even more damage than the initial attack.

"Email is the #1 vector for cyberattacks," said Adrien Gendre, Chief Technology & Product Officer and cofounder at Vade. "Unfortunately, SOCs and MSPs don't always have visibility into how or when an email threat infiltrated their organization or how far it has spread throughout the network. The speed at which today's cybercriminals are working means that organizations cannot afford to lose precious time on incident response."

Vade for M365 is an AI-based email security solution for Microsoft 365 that catches the advanced phishing, spear phishing and malware threats that bypass Microsoft's native security. The Threat Intel & Investigation add-on for Vade for M365 features five core capabilities designed to empower SOCs and MSPs to automate investigations, orchestrate responses and move swiftly and with precision to live threats:

*   **File Inspector:** Deconstructs files and attachments directly in the Vade for M365 interface—without exposing administrators to risk. File Inspector reveals critical details about files and attachments, providing admins with the data required to make faster decisions, cross-check threats across networks and accelerate incident response across affected endpoints and users.
*   **Log Export:** Injects live email and event logs into any security management system, a powerful two-way integration powered by the Vade for M365 API. Connect Vade's email threat intelligence into your organizations' SIEM or SOAR to trigger automation playbooks and enhance your disaster recovery program.
*   **Reported emails:** Automates collection of user-reported emails and clusters similar, unreported emails in one dashboard, speeding user-based incident response and eliminating time-consuming, manual investigations. Receive alerts when users report emails via Outlook and quickly triage and remediate reported emails, similar emails, and forwarded emails with one click.
*   **Download emails/attachments:** Provides access to raw email intelligence for objective evaluation by threat analysts, saving precious time and resources that are typically wasted on searching for and analyzing raw email data.
*   **Add-on for Splunk:** Integrates Vade for M365 with Splunk without the need for custom software development. Combine Vade's threat intelligence with Splunk's SIEM and SOAR capabilities to have better visibility into the threat landscape and actionable insights with which to orchestrate rapid responses.

Vade partners and customers are already experiencing the benefits of Threat Intel & investigation, including Huntington Technology, a US-based MSP offering comprehensive managed services and managed security services:

"One of my helpdesk technicians excitedly came into my office last week. He asked if I had seen the new 'Reported emails' function within Vade," said William Bluford, Vice President, Huntington Technology. "He explained that we can now see which emails are reported as malicious. Not only can we see those emails, but we can see how many users are affected, and we can then remediate and remove those emails from all user mailboxes. This saves time for my helpdesk team and keeps our clients protected."

"Our customers have made clear that they need better visibility into their cybersecurity landscape," Gendre said. "They're challenged to monitor and manage threats from an array of end points, and IT is overburdened by too many complex tools. Threat Intel & Investigation was designed to give our customers the tools they need to thoroughly investigate threats, cross check those threats across their networks, and develop incident response processes—without the burden of complexity."

Threat Intel & Investigation on brings all these capabilities to Vade for M365. Vade's latest innovation will reduce incident response time, eliminate the need for additional security investments, and free up critical IT resources. Threat Intel & Investigation is available today in Vade for M365. To learn more, visit Threat Intel & Investigation.

**About Vade**

Vade is a global cybersecurity company specializing in the development of threat detection and response technology with artificial intelligence. Vade's products and solutions protect consumers, businesses, and organizations from email-borne cyberattacks, including malware/ransomware, spear phishing/business email compromise, and phishing.

Founded in 2009, Vade protects more than 1.4 billion corporate and consumer mailboxes and serves the ISP, SMB, and MSP markets with award-winning products and solutions that help increase cybersecurity and maximize IT efficiency.

To learn more, please visit www.vadesecure.com and follow us on Twitter @vadesecure or LinkedIn https://www.linkedin.com/company/vade-secure/.

SOURCE Vade

Vade Releases Advanced Threat Intel & Investigation Capabilities

Don’t fuss now — just another spoonful of multifactor authentication to keep the organization strong and the data safer.

Don’t fuss now — just another spoonful of multifactor authentication to keep the organization strong and the data safer.

Like it or not, vegetables are good for us. They reduce our risk of chronic diseases and deliver the vitamins our bodies need. And yet, the CDC reports that only 10% of American adults eat enough veggies — even though they likely know they should. Companies are the same when it comes to security.

There are 921 password attacks every second — almost double what we saw a year ago. Basic security hygiene like multifactor authentication (MFA) can protect against 98% of attacks, but 38% of large companies and 62% of small to midsize companies don’t do it. Enabling MFA adds another layer of protection to prevent threat actors from accessing internal networks. But if strengthening a company’s cybersecurity posture is as easy as enabling MFA, it begs the question: Why won’t companies eat their vegetables?

**What’s Stopping Companies From Enabling MFA?**

Although every enterprise is different, there are a few common trends when it comes to the reasons they don’t deploy MFA.

*   **MFA costs too much:** Security team resources are already limited, so adding an additional tool to their portfolio can be a tough sell. Luckily, some security providers offer MFA for free as part of their security defaults. Security defaults were created to make managing security a little easier. The goal is to ensure that all organizations have at least a basic level of security enabled at no extra cost.
*   **They think their users will hate MFA:** Users want to be productive wherever and whenever they are working without sacrificing their organization’s security. Conditional access is one modern approach to MFA. Instead of prompting a user for a second factor every time they authenticate, security programs can look at several different elements to determine if something has changed or is unusual about this user before prompting them. It looks at things like where the user is signing in from, whether their device is healthy, and if there’s any suspicious behavior — for example, if the user typically signs in from France and someone tries to sign in with their credentials from Seattle at the same time, something is definitely wrong.
    
    End users can also choose how they want to supply the second factor when they do get a prompt. No fancy equipment is required. Users can choose something as simple as an SMS message or phone call, though we recommend stronger authentication methods like an app or specific security key. They can even have multiple devices that use different methods for different environments and have backup devices in case they lose one or forget one at home.
    
    **MFA’s Too Hard to Deploy**
    
    Another reason enterprises give for not implementing MFA is that it’s too difficult to deploy. However, organizations can leverage conditional access policies to protect cloud implementations, as opposed to relying on a physical server or software.
    
    We’ve recently added conditional access templates to make configuring the policies even easier. Security teams can quickly create a new policy from any of the 14 built-in templates. They help companies provide maximum protection for their users and devices and align with the most commonly used policies. These include things like “Require multifactor authentication for admin,” or “Require password change for high-risk users.” Cloud service providers often offer a list of recommended policies, and organizations can target conditional access policies to a specific set of users, apps or devices to easily deploy different policies at scale.
    
    Ultimately, an enterprise must be able to protect its own operations, and its users, from ongoing cybersecurity threats. And enabling MFA is just one tool in a security team’s kit.
    

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Editors' Choice

Jeffrey Schwartz, Contributing Writer, Dark Reading

Tara Seals, Managing Editor, News, Dark Reading

Elizabeth Montalbano, Contributor, Dark Reading

Dark Reading Staff, Dark Reading

Webinars

*   How to Protect Your Legacy Software Applications
*   Developing and Testing an Effective Breach Response Plan
*   Cloud Security Essentials
*   Seeing Your Attack Surface Through the Eyes of an Adversary
*   Security Considerations for Working with Cloud Services Providers

Reports

*   How Machine Learning, AI & Deep Learning Improve Cybersecurity
*   Implementing Zero Trust In Your Enterprise: How to Get Started
*   2021 Data Breach Investigations Report (DBIR)
*   Cloud & Hybrid Security Tooling Report
*   Future Proofing Your Network for 5G

White Papers

*   How Machine Learning, AI & Deep Learning Improve Cybersecurity
*   Ransomware Resilience and Response: The Next-Generation
*   Ransomware Is On The Rise
*   How Hybrid Work Fuels Ransomware Attacks
*   Implementing Zero Trust In Your Enterprise: How to Get Started

Events

*   Cybersecurity Outlook 2023 - December 13 Event
*   Black Hat Europe - December 5-8 - Learn More
*   \[FREE Virtual Event\] The Identity Crisis

Search

outlook iniciare sesión