Category: Vulnerability

In recent times, we’ve seen a surge of news stories detailing cyberattacks on various companies, ranging from DDoS attacks to data breaches. However, a new report sheds light on a significant breach involving a Chinese hacking group infiltrating the network of Belgium’s Intelligence and Security Agency (VSSE). The attackers exploited a vulnerability in the firewalls and email security software provided by Barracuda Networks.

The State Security Service (VSSE) provided some insight into the incident in a statement to Le Soir, where a spokesperson confirmed that a Chinese hacking group (whose name remains undisclosed) had gained unauthorized access to the VSSE’s external email servers between 2021 and 2023. The breach was discovered in November 2023, prompting an investigation, which revealed that the hackers exploited a flaw in Barracuda Networks’ software to steal data.

Following a thorough investigation, the VSSE identified that the fault lay with the security system. As a result, in February 2024, the agency severed ties with Barracuda Networks and enlisted a new security software provider to address their security needs moving forward.

In response to the news, Lesley Sullivan, a spokesperson for Barracuda Networks, clarified that the company was not responsible for the breach. Sullivan emphasized that it was the VSSE’s responsibility to secure its assets, and Barracuda’s role was limited to providing the necessary tools for the agency to safeguard its network.

From Barracuda’s perspective, the company had taken action to resolve the critical flaw in its Email Security Gateway (ESG) software in May 2023, well before the breach was discovered. The flaw had likely been overlooked by the agency’s administrators. The ESG software is designed to monitor the flow of inbound and outbound emails while filtering out malicious content.

Cybersecurity insiders report that the breach, attributed to China-backed threat actors, resulted in unauthorized access to over 10% of the VSSE’s email traffic. While no classified information was compromised, much of the stolen data was related to internal communications between employees.

The post Belgian Intelligence Agency emails leaked by Barracuda Vulnerability appeared first on Cybersecurity Insiders.

Fraud is becoming more sophisticated, targeting companies with increased precision, especially in two critical areas: Accounts Payable (AP) and Payment Processes.  Both jobs with vendor-facing roles, these employees are prime targets due to their access to funds and ability to approve or modify payments.  

A couple of factors exacerbate the issue. First, these businesses continue to rely on security tools and financial controls that are not only siloed but lack the contextual data needed to detect and prevent these sophisticated attacks, which, according to the FBI, cost organizations $1.5 million each on average (source: FBI). 

Next, attackers have upped their tactics in a few key ways:

  • They have begun infiltrating businesses from multiple angles, including through vendor accounts, where they leverage layers far beyond the organization’s day-to-day visibility (those people they interact with regularly).
  • They are creating more sophisticated capabilities for evading security and setting off new risk thresholds, which include the greatest threat to payments today: social engineering.  

Cybersecurity’s Biggest Threat

Social engineering, which includes deepfakes, is the most prevalent form of attack. Research found that 90% of cyberattacks in 2024 involved social engineering tactics. And it’s not just about frequency. Through the power of AI, these attacks are becoming increasingly more costly.  In its Digital Fraud: The Case for Change report, Deloitte states that the “rapid expansion of AI and GenAI tools provides the resources for bad actors to scale their attacks, both on the financial institutions and directly to their customers.” The report says that “the proliferation of GenAI tools could enable fraud losses to reach US$40 billion in the United States by 2027, up from US$12.3 billion in 2023.”

The Lifecycle of Fraud: How Social Engineering Exploits Each Stage

When it comes to fighting back, a key element is to understand the many ways attacks are coming at your business. Here are examples.

Deepfake Impersonations:  Fraudsters frequently leverage deepfake impersonations to craft emails, videos, and other communication that convincingly appear to be from senior executives of Financial Times Stock Exchange (FTSE) companies. The goal of these efforts is to convince the employee to transfer substantial funds. While these attacks can impersonate people on all levels, selecting more senior executives is far more effective since employees naturally trust leadership and are often inclined to bypass standard review protocols for what looks like significant matters. The FBI’s Internet Crime Complaint Center (IC3) reported $2.95 billion in losses from BEC scams in 2023.

To turn up the heat on these attacks, fraudsters often add a layer of pressure. They might claim a payment is overdue or tied to a critical deadline, such as finalizing an acquisition. In extreme cases, they may threaten disciplinary action or other penalties to push employees into bypassing established protocols. This tactic preys on the human desire to avoid conflict or negative repercussions, especially when the request comes from a high-ranking authority.

AI-Generated Phishing: Attackers leverage AI to gather and analyze vast data about their targets. This includes information from social media profiles, public records, and leaked data from breaches. As a result, cybercriminals can understand the target’s behavior, preferences, and potential vulnerabilities. From there, they can craft highly personalized and convincing phishing emails that not only mirror the person’s writing style but leverage other details, such as a recent event, making them more effective and harder to detect. And these aren’t one-off campaigns. Thousands of these messages can be sent out simultaneously, targeting an extensive audience.

Fake Invoices in Payment Initiation: The payment lifecycle begins with the initiation when a vendor submits an invoice for goods or services rendered. As mentioned earlier, larger businesses have small teams processing large piles of invoices every day. For many criminals, the initiation phase is the ideal time to launch a social engineering attack using vendor impersonation schemes. 

Here, fraudsters, posing as legitimate vendors, use fake invoices to initiate payments. Sometimes, they intercept genuine invoices, altering minor details such as bank account numbers or payment amounts, and resubmit them for processing. Thanks to small teams that are stretched thin, meticulous scrutiny is not an option, which is precisely why fraudulent invoices can slip through undetected, leading to significant financial losses.

Account Takeovers and Payment System Manipulation:  At the processing stage, fraudsters leverage stolen credentials obtained through phishing attacks or data breaches to gain unauthorized access to payment systems. Once inside, they impersonate legitimate users, modifying payment instructions or creating fraudulent transactions for work that was never done. In automated systems like Automated Clearing House (ACH) transfers, attackers may manipulate payment templates or schedules to redirect funds into their accounts. These subtle changes can often go unnoticed until the damage is done.

Strengthening Defenses: Combating Social Engineering at Every Stage

For businesses fighting back, here’s the first step: Stop viewing social engineering solely as an email security threat. These attacks extend far beyond email, infiltrating the entire payment process and targeting systems, workflows, and data across the organization. 

With this understanding, it’s time to implement a multi-layered defense strategy that addresses vulnerabilities across the payment lifecycle to protect against social engineering and other fraudulent tactics. Some key elements of this approach include:

  • Comprehensive Contextual Insight: Seamlessly integrating email, payment, and vendor behavior data so that your team can detect irregular patterns across the entire process.
  • Proactive Monitoring of High-Risk Roles: While everyone at a business can be a target, it’s vital that systems are actively monitoring and securing those roles with access to funds, such as finance, executives, and vendor-facing employees. 
  • Adaptable AI-Driven Detection: Just as fraudsters are turning to AI, so should you. Start leveraging advanced AI tools to analyze patterns, detect anomalies, and recognize synthetic threats like deepfakes or real-time voice manipulation. These tools are not static. They continuously learn from new attack methods, enabling real-time identification and prevention of emerging threats. 

While forms of social engineering have existed for some time, the latest variety of attacks demonstrates an evolution in techniques that are unlike what came before. These methods will continue to evolve and leverage psychological manipulation to exploit weaknesses in the payment lifecycle. From fake invoices and account takeovers to executive impersonation and high-pressure tactics, these schemes are designed to capitalize on human error and trust to get their hands on your company’s money. 

But companies are not without recourse. Fighting back begins with understanding the vulnerabilities at each stage of the payments lifecycle and implementing a comprehensive defense strategy that includes key elements, such as comprehensive contextual insight, proactive monitoring of high-risk roles, and adaptable AI-driven detection. With the right approaches and innovative solutions, organizations can protect themselves from these sophisticated threats and whatever comes in the future.

__

Shai Gabay Bio

A visionary entrepreneur, Shai Gabay has always held a deep passion for cybersecurity and fintech, and over the course of his career, he has developed his expertise in both areas. Currently, Shai is a co-founder and the CEO of Trustmi, a leading end-to-end payment security platform founded in Israel in 2021. Prior to Trustmi, he was General Manager at Opera, VP of Product and Services at Cynet, CIO at Cyberbit and the CISO at Discount Bank.

Shai holds a Bachelor’s Degree from Shenkar College in software engineering, and also a Master’s degree in Business Administration and Management from Tel Aviv University.  Additionally, Shai was selected for the prestigious 1-year full scholarship executive excellence program at the Hoffman Kofman Foundation, a program tailored to outstanding alumni of IDF’s Elite Units. Through this program, he had the opportunity to study with prominent co-founders and leaders at renowned global tech companies and professors at elite universities.

 

 

The post The Human Factor: How Eliminating Human Vulnerabilities Can Stop Social Engineering Fraud appeared first on Cybersecurity Insiders.

The US Coast Guard has been urged to improve the cybersecurity infrastructure of the Maritime Transportation System (MTS), which includes ports, waterways, and vessels essential for transporting over $5.4 trillion worth of goods annually. Read more in my article on the Tripwire State of Security blog.
In episode 37 of "The AI Fix", Google Gemini gets the munchies, the wettest country in the world can’t find any water, an escalator tries to eat Graham, o3-mini can’t rub two sticks together, and OpenAI invents an AI that can do “a single-digit percentage of all economically valuable tasks in the world” but nobody notices. Graham wonders why his childhood was full of Triffids and quicksand, and discovers a way to trap overstepping AI crawlers in an endless maze, while Mark investigates the appalling state of DeepSeek security. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

In recent years, the cybersecurity landscape has witnessed a series of high-profile vulnerabilities affecting popular VPN solutions, including two major vendors. These incidents have underscored the limitations of traditional VPN architectures and accelerated the adoption of Zero Trust Network Access (ZTNA) principles.  

Vulnerabilities

  • Vendor A: Multiple critical vulnerabilities, including remote code execution flaws, have been discovered in Vendor A’s firewall software. Threat actors have actively exploited these vulnerabilities to gain unauthorized access to sensitive systems and data.
  • Vendor B: Several critical vulnerabilities have also been identified in Vendor B’s VPN appliances, enabling attackers to remotely execute code and compromise vulnerable systems. These vulnerabilities have been widely exploited, resulting in significant security breaches across various organizations.

The Devastating Cost of Breaches

The financial and reputational damage caused by these breaches is staggering and continuously escalating.  

Direct Costs:

  • Incident Response: Costs associated with investigating the breach, containing the damage, and restoring systems can be immense. This includes hiring forensic investigators, legal counsel, and cybersecurity consultants.
  • Ransomware Payments: Organizations may feel pressured to pay ransoms to regain access to critical data, further enriching cybercriminals.  
  • Data Recovery and Restoration: Recovering lost or corrupted data and restoring systems to their pre-breach state can be time-consuming and expensive.
  • Legal and Regulatory Fines: Non-compliance with data privacy regulations (e.g., GDPR, CCPA) can result in hefty fines and legal penalties.  

Indirect Costs:

  • Loss of Business: Disruptions to operations, downtime, and loss of productivity can significantly impact revenue.  
  • Reputational Damage: Data breaches erode customer trust, damaging brand reputation and potentially leading to customer churn.  
  • Increased Insurance Premiums: Following a breach, insurance premiums for cyber liability coverage often rise significantly.  
  • Lost Business Opportunities: Damaged reputation can hinder new business deals and partnerships.  

The Impact on VPN Security

These vulnerabilities have highlighted several key weaknesses of traditional VPN solutions:

  • Large Attack Surface: VPN appliances often have a large attack surface due to their complex configurations and numerous features.  
  • Difficulty in Patching: Keeping VPN software and firmware up to date with the latest security patches can be challenging, especially in large organizations with diverse IT environments.
  • Reliance on Perimeter Security: Traditional VPNs rely heavily on perimeter security, which can be easily bypassed by sophisticated attackers who have already infiltrated the network through other means.  

The Rise of ZTNA

In response to these challenges, Zero Trust Network Access (ZTNA) has emerged as a promising alternative to traditional VPNs. ZTNA is based on the principle of “never trust, always verify,” meaning that access to resources is granted based on the identity and context of the user or device, rather than their location on the network.  

Key Benefits of ZTNA:

  • Reduced Attack Surface: ZTNA solutions have a smaller attack surface compared to traditional VPNs, as they only expose specific resources to authorized users on a need-to-know basis.  
  • Enhanced Security: ZTNA incorporates multiple layers of security controls, including multi-factor authentication, device posture checks, and least privilege access. This minimizes the blast radius of a successful compromise.  
  • Enhanced Visibility and Control: ZTNA solutions provide granular visibility into user activity and access patterns, enabling organizations to detect and respond to threats more quickly. 

The Future of Network Security

The vulnerabilities in the affected vendors have served as a wake-up call for organizations to re-evaluate their network security strategies. While VPNs will continue to play a role in some use cases, ZTNA is poised to become the de facto standard for secure remote access.

Organizations that adopt ZTNA can significantly reduce their risk of cyberattacks and improve their overall security posture. As the threat landscape continues to evolve and the cost of breaches continues to rise, ZTNA will be critical for ensuring that organizations can protect their sensitive data, maintain business continuity, and thrive in an increasingly digital world.  

Time to Recover: A Critical Factor

The time it takes to recover from a cyberattack can significantly impact an organization’s bottom line.

  • Disruption to Business Operations: Every hour of downtime can translate to substantial financial losses due to lost productivity, missed sales opportunities, and damage to customer relationships.  
  • Reputational Damage: The longer a breach remains unresolved, the greater the potential for reputational damage to spread and erode customer trust.
  • Increased Costs: The longer an attack persists, the higher the costs associated with incident response, data recovery, and business disruption.  

Conclusion

The vulnerabilities in the affected vendors have highlighted the critical need for organizations to adopt a more secure approach to network access. ZTNA offers a promising alternative to traditional VPNs, providing enhanced security, flexibility, and reduced risk. 

As organizations continue to embrace digital transformation, ZTNA will play a crucial role in ensuring that their networks remain secure and resilient in the face of evolving cyber threats.  

 

The post Legacy VPN Vulnerabilities and the Rise of ZTNA appeared first on Cybersecurity Insiders.

Fortinet, the prominent American cybersecurity company, has recently found itself at the center of a media storm after reports emerged suggesting it exposed its customers to a significant cyber threat. The controversy was triggered by Arctic Wolf, a competing firm in the cybersecurity industry, which disclosed the details of the threat.

According to Arctic Wolf, cybercriminals have been exploiting zero-day vulnerabilities in FortiGate devices. These attackers have been intercepting the firewalls, altering configurations, and using DCSync to extract credentials. The attack appears to be highly sophisticated, enabling hackers to create new accounts, gain VPN access via SSL, and manipulate firewall configurations at will.

Security experts from Arctic Wolf believe that the attack could have been ongoing since November 2024. However, they remain uncertain about whether this resulted in a data breach or any significant compromise of data.

Fortinet has responded by confirming that the threat is limited to FortiGate devices running firmware versions 7.0.14 and 7.0.16, which were released in February and October of the previous year. The company also identified that the threat involved super admin credentials created after November 21, 2024. Fortinet is now in the process of notifying customers and investigating any potential discrepancies.

In addition, Fortinet is advising customers to stop exposing their firewall management interfaces to public IP addresses and to restrict access to trusted users only. The security issue is believed to have originated from a vulnerability in the Fortinet Wireless Manager, which was discovered in December 2024.

For those unfamiliar with Fortinet, the company is known for creating FortiGate, the first physical firewall, which was founded in 2000 by brothers Ken and Michael Xie. Over the years, the company expanded its portfolio to include wireless access points, sandboxes, and various security solutions for messaging.

This is not the first time Fortinet has been embroiled in a security breach controversy. In September 2024, a hacker using the name “Fortibitch” was reported to have accessed 440GB of data from Fortinet’s Microsoft SharePoint server, affecting a limited number of individuals.

The post Fortinet Vulnerability exposes its firewall customers to Cyber Threats appeared first on Cybersecurity Insiders.

Apple iPhone users are being alerted to a critical security flaw that could potentially allow hackers to steal sensitive data. This vulnerability exists within the Transparency, Consent, and Control (TCC) feature of Apple’s operating system, posing serious risks to user privacy. Security researchers have identified that this bug enables cybercriminals to bypass notification alerts, potentially granting third-party applications unauthorized access to data stored in iCloud and other sensitive parts of the device.

What is the TCC Feature?

The TCC feature is an important privacy safeguard in iOS that protects users by notifying them whenever an app attempts to access sensitive data, such as photos, contacts, or location information. The goal of TCC is to ensure transparency, providing users with the control and consent to manage which apps have access to their personal information. However, cybersecurity researchers from Jamf Threat Labs discovered that a flaw in this system, dubbed the “TCC Bypass,” allows attackers to bypass these security prompts and gain access to sensitive data without user awareness.

Discovery of the TCC Bypass Vulnerability

The TCC vulnerability was uncovered by Jamf Threat Labs and has raised alarm among cybersecurity experts. The bug has been present in iPhones and Macs since at least September 2024, putting millions of users at risk. The issue is concerning because it undermines one of Apple’s core privacy mechanisms, potentially enabling hackers to gain unauthorized access to iCloud data and other sensitive information stored on the device.

Although Apple has released a patch to address the vulnerability in iOS 18.2, many users are still unaware of the update. This patch, which was rolled out in recent days, addresses the issue for several models, including the iPhone 15 Pro, iPhone 15 Pro Max, iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max. The update is also available for newly purchased Macs and iPads starting from March 2024, ensuring that those devices benefit from enhanced security features.

Why is This Update Important?

The update is critical because it fixes a security hole that could otherwise have allowed malicious applications to access users’ private information without consent. The TCC feature was designed to act as a protective barrier against unauthorized data access, but with this vulnerability, that protection was compromised. Apple’s patch is meant to restore the integrity of this privacy safeguard, ensuring that users can maintain control over what data is shared with third-party apps.

Unfortunately, a significant portion of affected device owners may not yet be aware of the update or may have delayed installing it. As such, it is essential for users to check for the latest software updates to ensure their devices remain secure.

Upcoming Devices and Security Enhancements

Looking ahead, Apple plans to release new iPhone models in September 2025, including the iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and a groundbreaking new model, the iPhone 17 Air. The iPhone 17 Air is set to be the thinnest iPhone ever made, boasting enhanced performance and efficiency. This upcoming device is expected to raise the bar in terms of both design and technology, with new features and improvements aimed at enhancing user experience and security.

For those in Dubai and other high-end markets, Apple will offer premium versions of the iPhone 17 Air, including gold and platinum models, which will come with a correspondingly high price tag.

Conclusion

The discovery of the TCC Bypass vulnerability highlights the ongoing challenges in maintaining robust security in mobile devices. While Apple has swiftly responded with a patch, it remains crucial for users to stay informed and update their devices regularly to protect their privacy. As Apple continues to innovate with new devices like the iPhone 17 series, the company must also ensure that its security measures keep pace with emerging threats in an increasingly connected world.

The post Apple iPhone Users Warned About Data-Stealing Vulnerability in TCC Feature appeared first on Cybersecurity Insiders.

A Kansas City man is accused of hacking into local businesses, not to steal money, but to... get a cheaper gym membership? A DNA-testing firm has vanished, leaving customers in the dark about what's happened to their sensitive genetic data. And Australia mulls a social media ban for youngsters. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.