New SaaS-based secrets manager from Akeyless requires no new infrastructure, and no specialist staff nor secrets management team.
The post Akeyless Launches SaaS-based External Secrets Manager appeared first on SecurityWeek.
SecurityWeek RSS Feed
The all in one place for non-profit security aid.
New SaaS-based secrets manager from Akeyless requires no new infrastructure, and no specialist staff nor secrets management team.
The post Akeyless Launches SaaS-based External Secrets Manager appeared first on SecurityWeek.
SecurityWeek RSS Feed
Florida Man Arrested For Selling Fake Cisco Device To U.S. Military
[[{“value”:”
Onur Aksoy, a forty-year-old resident of Florida and dual citizen of Turkey and the United States, was found guilty of running a large-scale, multi-year fraud scheme to traffic in fake and counterfeit Cisco networking equipment.
The counterfeit computer networking equipment that Aksoy sold for hundreds of millions of dollars found its way into extremely sensitive military and other governmental systems, hospitals, schools, and platforms supporting advanced U.S. fighter jets and military aircraft.
Low-quality networking equipment from China and Hong Kong is flooded into the supply chain by criminals, endangering American companies, endangering public health and safety, and compromising national security.
“This case—one of the largest counterfeit trademark cases ever prosecuted in the United State— demonstrates the Criminal Division’s commitment and capacity to prosecute the most complex counterfeiting schemes and bring the perpetrators to justice”, said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division.
Document
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
Real-time Detection
Interactive Malware Analysis
Easy to Learn by New Security Team members
Get detailed reports with maximum data
Set Up Virtual Machine in Linux & all Windows OS Versions
Interact with Malware Safely
If you want to test all these features now with completely free access to the sandbox:
The Department of Justice stated that Aksoy established and managed one of the biggest counterfeit-trafficking enterprises ever through a complex, multi-year plan.
His operation brought tens of thousands of low-quality, counterfeit devices trafficked from China into the U.S. supply chain, endangering users in the public and private sectors.
According to court records and evidence, Aksoy operated at least 19 firms registered in Florida and New Jersey, along with around 15 Amazon storefronts and at least 10 eBay stores (collectively, the Pro Network Entities).
Tens of thousands of low-quality, modified computer networking devices with fake Cisco labels, stickers, boxes, documentation, and packaging were imported by Pro Network Entities from suppliers in China and Hong Kong.
These devices were all covered in counterfeit trademarks that were registered and owned by Cisco, giving the false impression that the goods were brand-new, authentic, and high-quality devices made and approved by Cisco.
The devices were valued at hundreds of millions of dollars at retail.
On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.
Through the fraud, the Pro Network Entities made over $100 million in revenue, and Aksoy personally made millions of dollars.
Chinese counterfeiters altered the equipment that the Pro Network Entities imported from China and Hong Kong to look like authentic copies of new, improved, and more costly Cisco equipment.
These devices were usually older, lower-model goods, some of which had been sold or thrown away.
Such components sometimes included ways to get around technological safeguards Cisco applied to the software to verify hardware authenticity and check for compliance with software licenses.
Products that were sold by the Pro Network Entities that were fraudulent or counterfeit had multiple issues with performance, operation, and safety.
The items frequently malfunctioned or failed to function at all, seriously harming the networks and operations of its users.
Governmental organizations, schools, and hospitals were among the clients of Aksoy’s products. The U.S. Army, U.S. Navy, and U.S. Air Force also detected the devices in both combat and non-combat operations.
These activities included platforms that supported the F-15, F-18, and F-22 fighter jets, the AH-64 Apache attack helicopter, the P-8 maritime patrol aircraft, and the B-52 Stratofortress bomber aircraft.
Customs and Border Protection (CBP) intercepted about 180 shipments of fake Cisco devices from China and Hong Kong to the Pro Network Entities between 2014 and 2022.
In response to a few of these seizures, Aksoy gave fake reports to CBP using the fictitious name “Dave Durden,” which he also used to speak with other Chinese conspirators.
Cisco wrote seven letters to Aksoy between 2014 and 2019, pleading with him to stop dealing in fake goods. In response to at least two of these letters, Aksoy had his attorney send Cisco fake documentation.
Around 1,156 counterfeit Cisco gadgets worth over $7 million were seized by agents in July 2021 after they carried out a search warrant at Aksoy’s warehouse.
Aksoy was given a six-year, six-month prison sentence for managing a massive, multi-year scheme to traffic in fake and counterfeit Cisco networking equipment.
He agreed to the destruction of millions of dollars’ worth of counterfeit items that were taken from his businesses, as well as to pay restitution of $100 million to Cisco and sums to other victims that would be decided by the court at a later time.
Is Your Network Under Attack? – Read CISO’s Guide to Avoiding the Next Breach – Download Free Guide
The post Florida Man Arrested For Selling Fake Cisco Device To U.S. Military appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Let’s AI Search for You! Google Search Now Gets Advanced AI-Powered Capabilities
In a groundbreaking announcement today, Google revealed its plans to integrate advanced generative AI capabilities into its flagship Search product. This move promises to transform the way users interact with and leverage information on the internet.
For over two decades, Google has continuously refined its core information quality systems and amassed a vast knowledge base to provide users with trusted and accurate search results. However, with the advent of generative AI, the company is now poised to take Search to unprecedented heights.
One of the key features introduced is AI Overviews, which will provide users with concise yet comprehensive summaries on a wide range of topics. Instead of sifting through multiple sources, users can simply pose their queries, and Google’s AI will synthesize the relevant information into a cohesive overview.
“People have already used AI Overviews billions of times through our experiment in Search Labs,” said a Google spokesperson. “They like that they can get both a quick overview of a topic and links to learn more.”
AI Overviews will begin rolling out to users in the United States this week, with plans to expand to over a billion people globally by the end of the year.
“AI Overviews will begin rolling out to everyone today in the US, with more countries coming soon. They provide both a quick overview of a topic and links to learn more. We’ve found that with AI Overviews, people use Search more, and are more satisfied with their results.”Google SearchLiaison said.
“Soon, you’ll be able to adjust your AI Overview with options to simplify the language or break it down in more detail. This can be particularly useful if you’re new to a topic, or if you’re trying to simplify something to satisfy your kid’s curiosity. This update is coming soon to Search Labs, for English queries in the US”
With multi-step reasoning capabilities, AI Overviews will help with increasingly complex questions. Rather than breaking your question into multiple searches, you can ask complex questions, with all the nuances and caveats you have in mind, all in one go. Multi-step reasoning…
— Google SearchLiaison (@searchliaison) May 14, 2024
In addition to the standard AI Overviews, Google will soon introduce the ability for users to adjust the language complexity and level of detail. This feature will cater to diverse audiences, from those new to a topic to those seeking in-depth information.
Moreover, Google’s custom Gemini model will enable multi-step reasoning capabilities, allowing users to ask increasingly complex questions with nuances and caveats, all in a single search.
Google Search will also venture into the realms of planning and brainstorming. Users can request assistance in creating meal plans, vacation itineraries, and more, with the ability to customize and export their plans seamlessly.
For those seeking inspiration, Search will leverage generative AI to organize results into unique, AI-generated categories, providing a diverse range of perspectives and content types.
In a groundbreaking development, Google is introducing the ability to search with video. Users can capture videos of objects or situations and ask questions directly, receiving AI-generated overviews with troubleshooting steps and resources.
“This is just a glimpse of how we’re reimagining Google Search,” said the Google spokesperson. “Soon, Google will do the searching, simplifying, researching, planning, brainstorming, and so much more.”
As the world eagerly awaits the rollout of these innovative features, it is clear that Google is ushering in a new era of intelligent, personalized, and efficient information discovery.
During Google I/O 2024, our yearly developer conference, Google discussed its advancements with AI to create even more valuable products and features. These improvements span Search, Workspace, Photos, Android, and others.
On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free
The post Let’s AI Search for You! Google Search Now Gets Advanced AI-Powered Capabilities appeared first on Cyber Security News.
Hackers Weaponize PDF Files to Deliver Multiple Ransomware Variants
PDF files are commonly used for their versatility, making them a prime target for malware delivery because they can embed malicious scripts or links.
Their widespread use and trusted reputation make users more susceptible to opening infected PDFs without knowledge or intent.
Cybersecurity analysts at AhnLab Security Emergency Response Center (ASEC) have discovered that hackers are actively using PDF files as a delivery method for various ransomware variants.
The hackers distributed weaponized PDF files that contained malicious URLs.
A malicious URL can be accessed by clicking on buttons in PDFs. The presented screen prompts users, and clicking on the red buttons takes them to a certain URL.
Malicious PDF (Source – ASEC)
Here below, we have mentioned the URL:-
hxxps://fancli[.]com/21czb7
The link redirects to a URL with a blue download button. After downloading an encrypted file, users are redirected to a page where the decryption password is revealed.
Here below, we have mentioned the redirected URL:-
hxxps://pimlm[.]com/c138f0d7e1c8a70876e510fcbb478805FEw1MBufh9gLOVv4erOokBCFouvPxBIEeH3DBT3gv3
After downloading, the page prompts users to decompress the encrypted file with the password ‘1234.’ Upon decompression of ‘Setup.7z,’ users find the executable file, “File.exe.”
Document
Protect Your Storage With SafeGuard
StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.
Executing File.exe as administrator changes the registry and uses browser login credentials to collect IP and location data. After that, further malware is downloaded to the designated location:-
C:Users%USERNAME%Pictures
C:Users%USERNAME%PicturesMinor Policy
Here below, we have mentioned the contents of the downloaded malware:-
Droppers
Execution flow
A few of the downloaded files had hidden and system properties set. The flow starts from a PDF with a malicious URL, leading to the download and execution of various malware types.
Malware distribution (Source – ASEC)
The malicious file, “bus50.exe” from the following location is an SFX file containing a CAB file, and executing the SFX file creates malicious files in the ‘IXP000.TMP’ folder:-
hxxp://109.107.182[.]2/race/bus50.exe
SFX files that come after one another create directories that contain more and more data, totaling-
6 SFX files
7 additional malware
Execution flow (Source – ASEC)
As a recommendation, researchers urged to avoid downloading cracks and illegal programs and not only that, even during the execution of files, make sure to exercise strong caution.
Hash (MD5)
d97fbf9d6dd509c78308731b0e57875a (PDF)
9ce00f95fb670723dd104c417f486f81 (File.exe)
3837ff5bfbee187415c131cdbf97326b (SFX)
7e88670e893f284a13a2d88af7295317 (RedLine)
Download URLs
hxxps://vk[.]com/doc493219498_672808805?hash=WbT8ERQ6JqZtcpYqYQ1dqT20VUT6H55UBeZPohjBEcL&dl=OZT9YtCLo5wh0Asz409V6q2waoA5QzfpbHWRNw1XuN4&api=1&no_preview=1
hxxp://171.22.28[.]226/download/Services.exe
hxxp://109.107.182[.]2/race/bus50.exe
hxxp://albertwashington[.]icu/timeSync.exe
hxxps://experiment[.]pw/setup294.exe
hxxps://sun6-22.userapi[.]com/c909518/u493219498/docs/d15/e2be9421af16/crypted.bmp?extra=B1RdO-HpjVMqjnLdErJKOdzrctd5D25TIZ1ZrBNdsU03rpLayqZ7hZElCroMxCocAIAu5NtmHqMC_mi0SftWWlSiCt45Em-FJQwMgKimJjxdYqtQzgUWp3F9Fo0vrbdrH_15KJlju51Y3LM
Secures your storage & backup systems With StorageGuard – Watch a 40-second Video Tour.
The post Hackers Weaponize PDF Files to Deliver Multiple Ransomware Variants appeared first on Cyber Security News.
Cyber Security News