Cyber Risk Index report highlights elevated risk as organizations struggle with visibility.

**DALLAS, Nov. 21, 2022 /PRNewswire/** — Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today announced that 32% of global organizations have had customer records compromised multiple times over the past 12 months as they struggle to profile and defend an expanding attack surface.

The findings come from Trend Micro's semi-annual _Cyber Risk Index_ (CRI) report, compiled by the Ponemon Institute from interviews with over 4,100 organizations across North America, Europe, Latin/South America, and Asia-Pacific.

Customer records are at increased risk as organizations struggle to profile and defend an expanding attack surface.

**Jon Clay, VP of threat intelligence at Trend Micro**: "You can't protect what you can't see. But with hybrid working ushering in a new era of complex, distributed IT environments, many organizations are finding it difficult to eradicate growing security coverage and visibility gaps. To avoid the attack surface spiraling out of control, they need to combine asset discovery and monitoring with threat detection and response on a single platform."

The CRI calculates the gap between organizational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk. The global CRI index moved from –0.04 in 2H 2021 to –0.15 in 1H 2022, indicating a surging level of risk over the past six months.

This trend is also reflected elsewhere in the data: the number of global organizations experiencing a "successful" cyber-attack increased from 84% to 90% over the same period. Unsurprisingly, the number now expected to be compromised over the coming year has also increased from 76% to 85%.

Some of the top preparedness risks highlighted by the index report are related to attack surface discovery capabilities. It is often challenging for security professionals to identify the physical location of business-critical data assets and applications.

From the business perspective, the biggest concern is the misalignment between CISOs and business executives. Based on the scores given by the respondents, "My organization's IT security objectives are aligned with business objectives" only has a score of 4.79 out of 10.

By addressing the shortage of cybersecurity professionals and improving security processes and technology, organizations will significantly reduce their vulnerability to attacks.

Dr. Larry Ponemon, chairman and founder of Ponemon Institute: "The CRI continues to provide a fascinating snapshot of how global organizations perceive their security posture and the likelihood of being attacked. The stakes couldn't be higher in the face of stiff macroeconomic headwinds. Respondents pointed to the high cost of outside expertise, damage to critical infrastructure, and lost productivity as the main negative consequences of a breach."

To read a full copy of the latest _Cyber Risk Index,_ please visit: www.trendmicro.com/cyberrisk

Overall, respondents rated the following as the top cyber threats in 1H 2022:

1.  Business Email Compromise (BEC)
2.  Clickjacking
3.  Fileless attacks
4.  Ransomware
5.  Login attacks (Credential Theft)  
    

**About Trend Micro  
**Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com.

SOURCE: Trend Micro Incorporated

A Third of Global Organizations Were Breached Over Seven Times in the Past Year

Improved cyber hygiene keeps users and their identities, devices, and data more secure and reduces the organization’s risk exposure.

Did you know that October was Cybersecurity Awareness Month? Comprehensive cybersecurity education is an important part of strengthening cyber defenses for governments, businesses, and individuals. It is increasingly important for everyone to have access to actionable, engaging resources that can help them level up their cybersecurity practices.

To that end, the Be Cyber Smart Kit helps organizations and consumers be cyber smart through shareable videos, infographics, and more. Keep reading for tips to keep you and your organization secure all year round.

**Your Best Password Is You**

Did you know that password attacks were the most commonly observed type of threat in 2021, clocking in at 34,740 attacks every minute? Today’s hackers don’t break in — they sign in. That’s why we encourage our customers to use passwordless sign-in methods, physical security keys, and biometrics whenever possible. They are more secure than traditional passwords, which can be stolen, hacked, or guessed. They can also greatly reduce the risk that comes with having to create and secure multiple unique passwords for all of your organization’s various accounts.

If you do use passwords as part of your sign-in process, here are five tips for making them as strong as possible:

*   Create a password that is at least 12 characters long (but 14 or more is better).

*   Use a combination of uppercase letters, lowercase letters, numbers, and symbols.

*   Don’t choose a word that can be found in a dictionary or is the name of a person, character, product, or organization.

*   Pick something significantly different from your previous passwords — and never reuse the same password for multiple sites.

*   Choose passwords that are easy for you to remember but difficult for others to guess.

Once you’ve created your password, keep it as secure as possible. Hackers will often target companies by attempting to trick individual employees into revealing their security logins. You can better protect your organization against password attacks by updating passwords frequently, encouraging employees to access websites only through trusted links, and reminding employees not to share their credentials via insecure channels like email or instant messages.

**Protecting Identities, Devices, and Data**

Along the same vein as increasing password attacks, we’re also seeing a rise in identity theft. The days of easily identifiable spam emails are quickly slipping away. Today’s threat actors are growing savvier when it comes to stealing identities to hack into devices and networks.

Many of us know to be skeptical of messages that include links or come with attached files, especially when the sender asks for personal information. But it bears repeating that you should never open an unexpected attachment, even if it appears to be coming from a trusted person or organization. If an employee is concerned that the message is important, encourage them to reach out to the sender directly — either by calling them or going to the organization’s official website for their contact information.

When part of a legitimate request, personal information should ideally be shared in real time — either in person or over the phone. It is recommended that you use encryption tools when sensitive information absolutely needs to be shared via email. Employees should also be wary of sending system definition files through insecure channels because attackers can use them to breach your digital landscape, corrupt organizational processes, and make your environment more vulnerable.

We recommend organizations strengthen their cybersecurity by installing software updates as soon as they are released. Many app, browser, and operating system updates contain security fixes for currently active issues, so installing them promptly is an important part of maintaining the latest security standards. You can further reduce your company’s attack surface by eliminating unnecessary Internet connections, restricting open ports, and using scanning tools to check your digital environment for potential weaknesses.

Ultimately, while Cybersecurity Awareness Month might only last 31 days, promoting the importance of a secure online environment is a year-round job. It comes down to all of us being cyber defenders — whether we represent a global corporation, a family-owned business, or even an individual consumer. Let’s be cyber smart together!

#BeCyberSmart All Year Round With Educational Resources From Microsoft

The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee.
"Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week, adding, "the new activity suggests Emotet is returning to its full functionality acting as a delivery

The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee.

"Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week, adding, "the new activity suggests Emotet is returning to its full functionality acting as a delivery network for major malware families."

Among the primary countries targeted are the U.S., the U.K., Japan, Germany, Italy, France, Spain, Mexico, and Brazil.

The Emotet-related activity was last observed in July 2022, although sporadic infections have been reported since then. In mid-October, ESET revealed that Emotet may be readying for a new wave of attacks, pointing out updates to its "systeminfo" module.

The malware, which is attributed to a threat actor known as Mummy Spider (aka Gold Crestwood or TA542), staged a revival of sorts late last year after its infrastructure was dismantled during a coordinated law enforcement operation in January 2021.

Europol called Emotet the "world's most dangerous malware" for its ability to act as a "primary door opener for computer systems" to deploy next-stage binaries that facilitate data theft and ransomware. It started off in 2014 as a banking trojan before evolving into a botnet.

Infection chains involving the malware are known to employ generic lures as well as the technique of email thread hijacking to lure recipients into opening macro-enabled Excel attachments.

"Following Microsoft's recent announcement that it would begin disabling macros by default in Office documents downloaded from the internet, many malware families have begun migrating away from Office macros to other delivery mechanisms like ISO and LNK files," Cisco Talos said earlier this month.

"Therefore, it is interesting to note that this new campaign of Emotet is using its old method of distributing malicious Microsoft Office documents (maldocs) via email-based phishing.

An alternative method urges potential victims to copy the file to a Microsoft Office Template location – a trusted location – and launch the lure document from there instead of having to explicitly enable macros to activate the kill-chain.

The renewed activity has also been accompanied by changes to the Emotet loader component, and addition of new commands, and updates to the packer to resist reverse engineering.

One of the follow-on payloads distributed through Emotet is a brand new variant of the IcedID loader, which receives commands to read and send file contents to a remote server, in addition to executing other backdoor instructions that allow it to extract web browser data.

The use of IcedID is concerning as it's likely a precursor for ransomware, the researchers pointed out. Another malware dropped via Emotet is Bumblebee, according to Palo Alto Networks Unit 42.

"Overall, these modifications made to the client indicate the developers are trying to deter researchers and reduce the number of fake or captive bots that exist within the botnet," researchers Pim Trouerbach and Axel F said.

"Emotet has not demonstrated full functionality and consistent follow-on payload delivery (that's not Cobalt Strike) since 2021, when it was observed distributing The Trick and Qbot."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Notorious Emotet Malware Returns With High-Volume Malspam Campaign

A 500-page document reviewed by WIRED shows that Corellium engaged with several controversial companies, including spyware maker NSO Group.

Corellium, a cybersecurity startup that sells phone-virtualization software for catching security bugs, offered or sold its tools to controversial government spyware and hacking-tool makers in Israel, the United Arab Emirates, and Russia, and to a cybersecurity firm with potential ties to the Chinese government, according to a leaked document reviewed by WIRED that contains internal company communications.

The 507-page document, apparently prepared by Apple with the goal of using it in the company’s 2019 copyright lawsuit against Corellium, shows that the security firm, whose software lets users perform security analysis using virtual versions of Apple’s iOS and Google’s Android, has dealt with companies that have a track record of selling their tools to repressive regimes and countries with poor human rights records.

According to the leaked document, Corellium in 2019 offered a trial of its product to NSO Group, whose customers have for years been caught using its Pegasus spyware against dissidents, journalists, and human rights defenders. Similarly, Corellium’s sales staff offered to provide a quote to purchase its software to DarkMatter, a now-shuttered cybersecurity company with ties with the UAE government that hired several former US intelligence members who reportedly helped it spy on human rights activists and journalists. 

In correspondence with WIRED, Corellium says NSO Group and Dark Matter had access to “a limited time/limited functionality trial version of Corellium's software” and that both were later denied requests to purchase the full version following its vetting process. 

For years Corellium has painted itself as a crucial defender against software bugs on Android and iOS. But the leaked document shows that Corellium worked with several companies that use bugs and exploits to hack into cell phones, as opposed to helping Google and Apple patch vulnerabilities.

The document includes emails between Corellium staff and customers or potential customers, including NSO Group and DarkMatter. The document is not public and is being reported on for the first time here. 

“As one of our early beta requesters, we’re delighted to extend you and your team at NSO Group an exclusive invitation to try Corellium, the world’s first and only mobile device virtualization platform. We think you’ll really enjoy the advanced mobile security research tools we have to offer,” reads a March 26, 2019, email between Correllium’s support staff and an NSO Group employee. “Your free trial will last until April 9. Trial accounts are limited, but if you need more time, or if you prefer to start your trial at a different time, just let us know.”

In the case of DarkMatter, the document includes an email exchange between a company employee and a Corellium sales email address. The emails are not dated, but they apparently reference a 2019 training on how to use the platform that Corellium offered potential customers at the cybersecurity conference Black Hat.

“I was a trainer at Blackhat last year where you guys had provided us access to the portal for a few days and I was very impressed with the amount of features it had,” the DarkMatter employee wrote. “We are interested in purchasing it. Can you guys provide us a quote for all the available options that you have?”

“We’re so glad to hear that you enjoyed using Corellium at Blackhat, and we actually have DarkMatter on our list of teams to reach out to regarding availability,” an unnamed Corellium employee responded. “We’d be more than happy to provide you a quote with all the options checked.”

Also in 2019, according to the document, Corellium sold its software to Paragon, a little-known company that has since been reported to be a provider of government surveillance technology. Corellium also licensed its software to a company called Pwnzen Infotech, whose founders were part of Pangu Team, a well-known Chinese group of elite iOS and iPhone hackers. A Pwnzen sales representative told Reuters in 2019, when Pwnzen was already a Corellium customer, that the company helped hack the phone of a person suspected of “subverting the government” in China. 

“There are a number of ties between Pwnzen and the People’s Republic of China’s government that are cause for concern,” says Dakota Cary, a consultant at Krebs Stamos Group who has written several reports about cybersecurity in China. “Bolstering Pwnzen’s hacking capabilities likely occurred at the detriment to US security interests,” he added, explaining that the company’s improved capabilities could have provided the Chinese government with better tools to hack targets inside and outside of the country, including the US.

Also, as of today, Corellium counts Russian iPhone hacking company Elcomsoft as a customer. And in 2019, Corellium sold to Elcomsoft’s Israeli competitor Cellebrite, a firm that helps law enforcement unlock iPhones and access the data stored within. Cellebrite has reportedly sold its phone-hacking products to countries such as China, Saudi Arabia, and Bahrain, among others. 

Corellium did not dispute the legitimacy of the document, but it also did not respond to a series of questions about its contents. Instead, Corellium CEO Amanda Gorton shared a draft of a blog post in which the company says it offered trials to NSO Group and DarkMatter but denied that the two companies became customers. 

“We’ve had opportunities to profit from these bad actors and have chosen not to,” the blog post reads. It further explains that Corellium restricts sales of its cloud product to “fewer than sixty countries” and has a “block list” of organizations.

Corellium didn’t specify the 60 countries, nor did it answer specific questions about Paragon, Pwnzen, Cellebrite, or Elcomsoft. The company wrote in the blog post that as the sales process goes on, the vetting gets “more intensive.” According to the blog post, that means Corellium asks about the customer’s use case, consults with “trusted contacts in the security community, including contacts at various US government agencies,” and looks at the potential customer’s online presence and investigates its “ownership, corporate structure, and employees.”

Apple did not respond to a request for comment, nor did NSO Group, Cellebrite, or Pwnzen. XiaBo Chen, who identifies as the founder of Pwnzen on LinkedIn, did not respond to multiple requests for comment. After the controversy surrounding DarkMatter’s role in targeting activists and journalists, the company reportedly rebranded to Digital14 in 2019, then to CPX in 2021. Digital14 and CPX did not respond to requests for comment.

Idan Nurick, the CEO and cofounder at Paragon, says that “as a matter of principle, Paragon maintains the confidentiality of its clients, as well as technology providers, and the company does not disclose any information pertaining to these entities.”

Vladimir Katalov, the CEO, cofounder, and co-owner of Elcomsoft, confirmed that his company is a Corellium customer. 

‘Puzzling’ Claims

The leaked document, prepared in 2021, according to an included timeline, mirrors Apple’s arguments against Corellium, which it accused of violating its copyright and the Digital Millennium Copyright Act by re-creating a virtual version of iOS. While Apple has never publicly presented the evidence that’s contained in the document against Corellium, the tech giant accused Corellium in its lawsuit of helping researchers develop zero-day exploits and spyware for governments around the world, hinting that this was one of the main reasons it didn’t approve of Corellium’s practices, apart from alleged copyright infringement.

“Although Corellium paints itself as providing a research tool for those trying to discover security vulnerabilities and other flaws in Apple’s software, Corellium’s true goal is profiting off its blatant infringement,” Apple said in the complaint. “Far from assisting in fixing vulnerabilities, Corellium encourages its users to sell any discovered information on the open market to the highest bidder.”

Corellium has forcefully defended itself against Apple’s claims, saying it sells to “well-known and well-respected financial institutions, government agencies, and security researchers” who use their product for legitimate purposes.

In December 2020, when he dismissed Apple’s copyright infringement claims, US District Judge Rodney Smith, of the Southern District of Florida, sided with Corellium, writing in the order on the parties’ motions for summary judgment that “Apple’s position is puzzling, if not disingenuous.”

“As for Apple’s contention that Corellium sells its product indiscriminately, that statement is belied by the evidence in the record that the company has a vetting process in place (even if not perfect) and, in the past, has exercised its discretion to withhold the Corellium Product from those it suspects may use the product for nefarious purposes,” the judge wrote. “Having reviewed the evidence, the Court does not find a lack of good faith and fair dealing.”

The case took an unexpected turn in August 2021, when Apple and Corellium settled out of court. (The terms of the deal were confidential.) Then, days later, the tech giant filed an appeal, keeping its case against Corellium alive.

Bad Reputations

Even in 2019, NSO Group and DarkMatter had poor reputations in the world of cybersecurity. At the time, there had already been several examples of abuse of NSO Group’s Pegasus spyware, particularly against journalists in Mexico. Ronald Deibert, the director of the Citizen Lab, a digital rights watchdog housed at the University of Toronto's Munk School that has investigated companies like NSO Group for years, said in March 2019 that there was a “mountain of evidence that NSO Group’s surveillance technology is being abused by its clients, and the company is either unwilling or unable to perform the type of due diligence to prevent that from happening.” 

Both Apple and Microsoft have called NSO Group “21st-century mercenaries.”

Gorton has publicly denied selling Corellium’s products to DarkMatter and NSO Group and said Corellium does not sell to companies in the Middle East.

“We have definitely rejected customers who have approached us. I’m sure you can imagine DarkMatter, NSO Group have all reached out and we just politely declined, we don’t sell to that region,” she said during a November 2021 interview with the _Decipher_ podcast. 

In the interview, she sold her company’s mission as positive and uncontroversial, saying that Corellium can be used to help researchers find bugs and report them to companies like Apple, something that companies like NSO Group, DarkMatter, Paragon, Pwnzen, Cellebrite, and Elcomsoft don’t do. Gorton added that hunting for security bugs is “kind of exactly what we wanted to see the platform used for.”

In the past, other Corellium executives and founders have repeatedly downplayed the possibility that bad actors could use its software. When asked whether he was worried that Corellium customers could use the product to find bugs and develop exploits that would then be used by governments, David Wang, one of the company’s cofounders, told _Forbes_ in 2018 that the company would be “selective in who we choose to do business with.” 

Wang did not respond to WIRED’s request for comment. 

In the podcast interview, Gorton has also fielded questions about how Corellium vets its customers to avoid selling to bad actors and that the company takes this process “very seriously,” selling only in the Asia-Pacific, European Union, and North America regions, and researching companies they don’t recognize. “We err on the side of caution,” she said.

The leaked document includes a 2021 email from Steve Dyer, the vice president of sales and business development at Corellium, to Gorton. In the email, Dyer explains the process for vetting “current and future cloud customers” as they submit requests for trials online. Part of the process, Dyer wrote, is to check that the companies are not from countries sanctioned by the US government, such as North Korea, Sudan, Syria, and Russia. (While Elcomsoft is headquartered in Russia, the company is not sanctioned by the US government.) 

“China has been added to the list for auto-denied trials,” Dyer wrote. 

Last year, the US government added NSO Group to a federal blocklist, preventing any US companies and individuals from doing business with the spyware company. In correspondence with WIRED, Corellium said it voluntarily refused to sell its software to NSO Group “more than two years before the United States Department of Commerce placed NSO Group on its Entity List.”

Nevertheless, Corellium’s engagement with these controversial companies may change the cybersecurity community’s view that Apple’s lawsuit is a case of an entitled tech giant going after a scrappy startup with an innovative product that it doesn’t like. 

John Scott-Railton, a senior researcher at the Citizen Lab, says the Corellium sales department’s outreach to NSO Group and DarkMatter is “a potentially cynical act” given the nature of those companies. “At that point, Corellium and everyone else knew exactly who NSO Group was and what they would do with that kind of technology and the people that would inevitably be harmed,” Scott-Railton says. “It raises questions about their ethics, their judgment, or both.”

Zach Edwards, an independent privacy and security researcher, says that “sensitive technology cannot be haphazardly sold to any company, in any country in the world.”

“While Corellium is a reverse-engineering tool that doesn't intrinsically create risks through its sale, the core purpose of the tool is to reverse malware,” Edwards says. “And if you sell the product to malware developers in countries averse to Western interests, we should assume that this tool will be used to improve malware.”

A person who tried Corellium in the past, who asked to remain anonymous because they were not allowed to speak to the press, says that “given what’s happening in the world today, you shouldn’t be dealing with Russian companies,” such as Elcomsoft. 

Elcomsoft’s CEO Katalov says that “the decision to work with a company based in Russia is a personal choice.”

“Please rest assured that we still strive to provide the best software and services, and trying to keep good relationships with our customers all over the world,” he adds. “We will just keep doing our job, making the world a safer place and battling the crime.”

Adrian Sanabria, a cybersecurity veteran, says that it’s not surprising that “groups interested in creating iOS exploits would be using a platform designed for iOS security research.” 

“For me, the core takeaway is that Apple created the need for platforms like Corellium by not providing the tools, access, and transparency the market needs and desires,” he says.

Danger Zones

Some of the organizations and companies linked to Corellium in the document come from countries seen as controversial by most people in the cybersecurity community in the West, including Alex Stamos, who acted as an expert witness for Corellium in the lawsuit against Apple.  

“I personally don’t believe it would be ethical to sell exploits to Saudi Arabia,” Stamos, the director of Stanford University’s Internet Observatory, said during testimony he provided in the lawsuit between Apple and Corellium, which is quoted in the document.  

Stamos also expressed doubts about selling products to the United Arab Emirates, whose government had a close relationship with DarkMatter. “The UAE has been shown to use malware and exploits to spy on journalists and suppress local dissent,” Stamos said. 

In response to the document’s revelations, Stamos says he doesn’t think “it's appropriate for Apple to use copyright law to try to stop security research, and I don't think it's responsible for Corellium to offer their product to companies known to create malicious software for authoritarian states.”

The document also includes the logos of alleged Corellium customers and companies linked to it. As well as the companies previously mentioned, the document includes the logo of Azimuth, a provider of advanced hacking tools to the intelligence and law enforcement agencies of the so-called Five Eyes. Other logos include the Centre for Strategic Infocomm Technologies of Singapore, or CSIT, as well as the logo of an academic institution in Saudi Arabia called the Center of Excellence in Information Assurance (COEIA), housed at the King Saud University. 

CSIT executives did not respond to a request for comment. Other than the logo of the COEIA, the document also shows a 2019 email titled “invitation to Corellium” sent to the organization. The COEIA did not respond to a request for comment.

The legal battle between Apple and Corellium is ongoing. Late last month, the two companies appeared at a hearing before the Eleventh Circuit of the US Court of Appeals in Florida. Apple’s lawyer, Melissa Sherry, argued that Corellium’s product is just a slightly tweaked version of iOS that’s not transformative enough not to be fair use. Corellium attorney Kevin Russell said the product helps users “shed light on the functionality of the Apple operating system” and is, therefore, fair use.

“I don't think there's a genuine dispute that the purpose of the product is to explore the unprotected functionality of the system's software,” he said. “What people do with that knowledge is the subject of another statute.”

A Leak Details Apple's Secret Dirt on Corellium, a Trusted Security Startup

By Owais Sultan
ASR Technology (aka Automated speech recognition) is a type of speech recognition technology that can be used to…
This is a post from HackRead.com Read the original post: What is ASR Technology and Where Can It Develop?

ASR Technology (aka Automated speech recognition) is a type of speech recognition technology that can be used to recognize and transcribe spoken words. This type of technology is often used in mobile devices, such as smartphones, and can be used to perform tasks such as hands-free voice control or dictation.

ASR technology is constantly evolving and improving, with new applications being developed all the time. This article will explore some of the potential future applications of ASR technology, as well as the challenges that need to be overcome for these applications to become a reality.

**Current application of ASR technology**

There are many different ways that ASR technology can be used in its current form. Some of the most common applications include:

**Automated Transcription**

Some of the best transcription services use ASR technology to automatically transcribe audio and video files. This can be used for a range of purposes, such as creating transcripts of interviews or lectures.

**Voice Control of Mobile Devices**

This is perhaps the most well-known use of ASR technology. Many smartphones and other mobile devices now come with voice control features that allow users to perform tasks such as making phone calls, sending texts, and opening apps.

ASR technology can also be used in other devices, such as smart TVs and home assistants such as Amazon Echo and Google Home.

Here are some potential future applications of ASR technology:

**Real-time Translation**

One potential future application of ASR technology is real-time translation. This would allow two people to have a conversation in different languages, with the ASR system translating the speech in real-time.

Currently, remote translation is an effective tool, and it will become even more valuable for international business meetings, phone calls, and travelers who wish to communicate with locals in their destination.

**Transcribe Doctor-patient Conversations**

Another potential application could be in the niche of medical applications for ASR technology. For example, ASR could be used to transcribe doctor-patient conversations, which would then be stored in the patient’s medical record.

This would be a valuable tool for keeping accurate records of patients’ treatments and progress. ASR could also be used to transcribe dictated notes from doctors, which would again be stored in the patient’s record.

**Makes accessibility easy to implement**

ASR can also help to make different types of content more accessible. For example, ASR can be used to generate subtitles for videos or podcasts or to create audio versions of text-based content. This would make this content more accessible for people with hearing impairments or who are visually impaired.

ASR can also be used to create transcripts of lectures or speeches, which would again make this content more accessible for people with hearing impairments.

**The Challenges That Need to Be Overcome****To Reach Its Full Potential**

One of the challenges that need to be overcome for ASR technology to reach its full potential is the development of more accurate and reliable speech recognition algorithms. Currently, ASR systems are often unable to correctly recognize words if there is background noise or if the speaker has an accent. This means that the technology is not yet ready for real-world applications such as translation or transcription, where accuracy is essential.

**The Issue of Privacy**

Another challenge that needs to be addressed is the issue of privacy. ASR systems need to be able to transcribe speech without recording or storing any personal information about the speaker. This is a difficult task, as ASR systems need to be able to identify individual voices in order to transcribe speech accurately.

**The High Cost**

One more challenge is the high cost of ASR technology for the developers. This may be a potential obstacle in the way of ASR becoming widely used. In order to improve this technology and be one step ahead of the competition, a lot of money has to be invested in research and development.

**Cyber Attacks**

The last challenge is the threat of cyber-attacks. ASR systems store a lot of data, which makes them a potential target for hackers. This data can include personal information about the users of the ASR system, as well as recordings of their speech. This data could be used to exploit the users of the ASR system or to impersonate them.

**Conclusion**

It’s understandable why tech giants like Google, Amazon, IBM, and Microsoft are all interested in ASR technology. The potential applications of this technology are many and varied, and it is clear that ASR is going to play a big role in our lives in the future.

Despite the challenges, ASR technology shows a lot of promise for the future. With continued development, it is likely that ASR will become an essential part of our lives, making many tasks easier and more convenient.

1.  Fields of application of artificial intelligence
2.  4 Security Flaws Affected Voice Recognition Technology
3.  Smart-Glove Can Translate Sign Language Into Text and Speech

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

What is ASR Technology and Where Can It Develop?

By Deeba Ahmed
According to researchers, this scam is highly sophisticated and large-scale, targeting brands like McDonald’s, Unilever, Emirates, Knorr, Coca-Cola, etc.
This is a post from HackRead.com Read the original post: 42,000 phishing domains discovered masquerading as popular brands

Security researchers at Cyjax have uncovered a highly sophisticated and large scale phishing campaign in which the threat actors used as many as 42,000 phishing domains to distribute malware and gain ad revenue.

**Campaign Details**

Cyjax researchers noted that the threat actors have links to China and have been active since 2017. So far, the attackers, identified as the Fangxiao group, have spoofed over 400 brands from the banking, retail, travel, transport, pharmaceutical, energy, and finance sectors.

The group operates an extensive network comprising 42,000 domains used for impersonating famous brands. Their latest campaign aims to generate revenue from users who pay for traffic. At least 24,000 survey/landing domains have been used by the attackers to promote this scam since March 2022.

**How does the Attack Works?**

Fangxiao lures unsuspecting users to the malicious domains through WhatsApp messaging, informing them that they have won a prize. The users are redirected to fake dating sites, Amazon via affiliate links, adware, and giveaway sites. These sites appear convincing enough to the user. This brand impersonation campaign spoofs well-reputed names like McDonald’s, Unilever, Emirates, Knorr, and Coca-Cola.

Once visitors access the spoofed version of authentic brand sites, they are redirected to ad sites created by Fangxiao to generate money through fake surveys, promising the victim to win a prize upon completing it. Sometimes, the attacker may force Triada malware to be downloaded on the device when the victim clicks the Complete Registration button.

1.  Brand Protection is Essential for Cybersecurity
2.  Microsoft, PayPal & Facebook most targeted brands in phishing scams
3.  240 top Microsoft Azure-hosted subdomains hacked to spread malware
4.  Hundreds of counterfeit branded shoe stores hacked with web skimmer

“As victims are invested in the scam, keen to get their ‘reward,’ and the site tells them to download the app, this has likely resulted in a significant number of infections,” Cyjax’s report (PDF) read.

**Domain Analysis**

The group uses 42,000 domains registered in 2019 through GoDaddy, Namecheap, and Wix. Their infrastructure is protected with Cloudflare, and domain names keep changing regularly.

Reportedly, the group used 300 new brand domains in one day in October. Therefore, it seems like a continually evolving money-making scam. Researchers could identify the threat actor behind this scam campaign after domain de-anonymizing, bypassing Cloudflare security, and discovering the IP address.

They learned that the IP address was hosting a Fangxiao site operating since 2020, and the pages were written in Mandarin. They found Fangxiao TLs certificates and identified that the attackers were utilizing WhatsApp to claim victims. This means they are targeting people outside of China.

**More Phishing News**

1.  Crooks Using FB Messenger Chatbots to Steal Login Data
2.  Zoom Phishing Scam Steals Microsoft Exchange Credentials
3.  Scammers Leveraging Microsoft Team GIFs in Phishing Attacks
4.  ‘Important Notification’ Phishing Scam Hits American Express Users
5.  Research sector targeted in new phishing attack using Google Drive

42,000 phishing domains discovered masquerading as popular brands

By Habiba Rashid
According to Microsoft, the Royal ransomware is now being spread by a threat actor known as DEV-0569.
This is a post from HackRead.com Read the original post: Royal Ransomware: New Threat Uses Google Ads and Cracked Software

On November 17th, Microsoft Security Threat Intelligence tracked activity from a threat actor known as DEV-0569 regarding the development of new tools to deliver the Royal ransomware. 

Although Microsoft still uses a temporary ‘DEV-####’ designation for it, meaning that they are unsure about its origin or identity, the group is believed to consist of ex-Conti members. 

“Observed DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discovery techniques, defense evasion, and various post-compromise payloads, alongside increasing ransomware facilitation,” the Microsoft Security Threat Intelligence team said in an analysis.

Traced back to August 2022, the group typically relies on malvertising, phishing link vectors, fake forum pages, and blog comments. They also direct users to a malware downloader called BATLOADER, posing as various legitimate software installers such as TeamViewer, Adobe Flash Player, and Zoom or updates embedded in spam emails. 

BATLOADER posing as a TeamViewer installer

When BATLOADER is launched, it uses MSI Custom Actions to launch malicious PowerShell activity or run batch scripts to aid in disabling security solutions and lead to the delivery of various encrypted malware payloads that are decrypted and launched with PowerShell commands.

BATLOADER also appears to share overlaps with another malware called Zloader. A recent analysis of the strain by eSentire and VMware called out its stealth and persistence, in addition to its use of search engine optimization (SEO) poisoning to lure users to download the malware from compromised websites or attacker-created domains. 

In their blog post, Microsoft security researchers mentioned some of the recently observed changes in the group’s delivery method. This includes the use of contact forms on targeted organizations’ websites to deliver phishing links, hosting fake installer files on seemingly legitimate software download sites, and expansion of their malvertising technique through Google Ads. 

1.  Gootloader exploits websites via SEO to spread ransomware
2.  Google Fails To Remove “App Developer” Behind Malware Scam
3.  Malicious Office documents make up 43% of all malware downloads
4.  Google Drive accounted for 50% of malicious Office docs downloads
5.  Research sector targeted in spear phishing attack using Google Drive

In one particular campaign, DEV-0569 sent a message to targets using the contact form on these targets’ websites, posing as a national financial authority. When a contracted target responds via email, the threat actor replies with a message containing a link to BATLOADER, hence successfully luring the target into its trap. 

Also utilized is a tool known as NSudo to launch programs with elevated privileges and impair defenses by adding registry values that are designed to disable antivirus solutions.

Their expansion strategy by employing Google Ads to spread BATLOADER, however, seems to have made the biggest difference in the diversification of the DEV-0569’s distribution vectors. This enabled it to reach more targets and deliver malware payloads. 

“Since DEV-0569’s phishing scheme abuses legitimate services, organizations can also leverage mail flow rules to capture suspicious keywords or review broad exceptions, such as those related to IP ranges and domain-level allow lists,” Microsoft said.

I am a cyber security writer and one of my favourite games is Minecraft. I also really like obscure cat memes and during my free time, if I'm not found hanging around in Discord voice channels with my friends, I'm probably cycling and taking pictures of random cats on the street.

Royal Ransomware: New Threat Uses Google Ads and Cracked Software

By Deeba Ahmed
The attackers gain access to the network through decoy documents covering controversial geo-political topics to lure the targeted organizations into downloading and executing the malware. 
This is a post from HackRead.com Read the original post: Research sector targeted in new spear phishing attack using Google Drive

According to Trend Micro researchers, a Chinese government-sponsored advanced persistent threat (APT) group has launched spear-phishing attacks to target education, government, and research sectors worldwide.

The report is unsurprising as earlier this year, researchers linked Google Drive to 50% of malicious MS Office document downloads.

**Campaign Details**

The attackers are delivering custom malware stored in Google Drive. The attacks were discovered between March and October 2022. The primary targets of the group were located in Japan, Australia, Myanmar, Taiwan, and the Philippines. For your information, the espionage group has been active since July 2018.

**How does the Attack Works?**

The attackers gain access to the network through decoy documents covering controversial geo-political topics to lure the targeted organizations into downloading and executing the malware.

In some instances, the phishing messages were sent from email accounts that were previously compromised and belonged to specific entities to enhance the success ratio of this campaign. The archive files display a lure document to the victim.

However, in the background, it loads malware through DLL side-loading. Eventually, the attacker delivers three malware families to download the next-stage payloads. The main backdoor they use is TONESHELL, installed via the TONEINS shellcode loader.

The attackers bypass security mechanisms by embedding link points to a Dropbox or Google Drive folder. These links redirect to download compressed files such as ZIP, RAR, and JAR with custom malware strains like PubLoad and TONESHELL.

> “Once the group has infiltrated a targeted victim’s systems, the sensitive documents stolen can be abused as the entry vectors for the next wave of intrusions. This strategy largely broadens the affected scope in the region involved.”
> 
> Nick Dai, Vickie Su, Sunny Lu – Trend Micro

**Who is the Attacker?**

Researchers claim that the group responsible for the attacks has been identified as Mustang Panda, also known as TA416, Red Lich, Earth Preta, HoneyMyte, and Bronze President. Mustang Panda prefers using China Chopper and PlugX malware to collect data from compromised systems.

In its report, Trend Micro noted that Mustang Panda continually evolves its attack tactics to evade detection and use infection methods that allow them to deploy bespoke malware families such as PUBLOAD, TONEINS, and TONESHELL.

1.  Chinese Hackers Hiding Malware in Windows Logo
2.  APT Groups Trapping Targets with Clever Twitter Scheme
3.  Chinese Hackers Distributing Malware in SMS Bomber Tool
4.  Windows, Linux and macOS Users Targeted by Chinese hackers
5.  Microsoft disrupts activity of Chinese hackers by seizing 42 websites

Research sector targeted in new spear phishing attack using Google Drive

本ブログは、Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)の抄訳版です。最新の情報は原文を参照してく

マイクロソフト 機械学習 メンバーシップ推論コンペティション (MICO) の発表

By Waqas
The attack, according to authorities, was launched on the Federal Civilian Executive Branch (FCEB).
This is a post from HackRead.com Read the original post: Log4Shell – Iranian Hackers Accessed Domain Controller of US Federal Network

In December last year, it was reported that Iranian and Chinese hackers were exploiting the Log4Shell vulnerability in the wild. Now, according to the US CISA (Cyber security infrastructure and security Agency), an advanced persistent threat (APT) group sponsored by the Iranian government compromised the network of a U.S. federal agency.

The attack, according to authorities, was launched on the Federal Civilian Executive Branch (FCEB).

**Cyberattack Details**

CISA revealed that the hackers used the Log4Shell vulnerability, tracked as CVE-2021-44228, in the unpatched VMware Horizon server to compromise the network and gain control of the organization’s domain controller (DC). Once they successfully invaded the system, the hackers deployed XMRig crypto mining software to steal credentials and mine for crypto.

For your information, Log4Shell is a zero-day vulnerability in a Java logging framework called Log4j that causes arbitrary code execution and impacts VMware Horizon and an extensive array of products.

**CISA’s Analysis**

As per CISA, their researchers conducted a routine investigation in April 2022 and identified suspicious APT activities on the FCEB network using the EINSTEIN intrusion detection system used by the agency.

They discovered bi-directional traffic passing through the network and an already found malicious I.P. address linked with Log4Shell vulnerability exploitation in VMware Horizon servers.

CISA further noted that an HTTPS activity was launched from I.P. address 51.89.18164 to VMware’s server. Further probe revealed that the I.P. address was associated with Lightweight Directory Access Protocol (LDAP) server operated by attackers to deploy Log4Shell.

**Who are the Attackers?**

In a joint advisory from CISA, the Department of Homeland Security, and the FBI, it was revealed that the attack was launched in February 2022. The attackers moved laterally to DC, stole credentials, and implanted Ngrok reverse proxies on multiple hosts to retain persistence. U.S. security officials responded in June to clean the network.

Reportedly, the hackers were identified as Nemesis Kitten, and they launched the attack with backing from the Iranian government. Nemesis Kitten is an extension of the Phosphorus Iranian malware group, and they regularly utilize well-known, highly exploitable vulnerabilities to facilitate ransomware attacks against organizations.

CISA warned that organizations still using the unpatched server versions should be concerned as they would eventually be compromised.

1.  Dirty Pipe Linux Vulnerability Overwrites Data
2.  Watch Out: Microsoft Office 0-Day Vulnerability Follina
3.  OpenSSL Released Patch for High-Severity Vulnerability
4.  Flaw in GPS Tracker Lets Hackers Remotely Control Vehicles
5.  Critical Amazon Ring Flaw Could Expose Camera Recordings

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Tag

#microsoft