OpenAI will take measures to restrict API services to unsupported countries; Tenglong Anke received tens of millions of yuan in Series A financing | Niu Lan

Special attention

Public Comments on the “Cybersecurity Standard Practice Guidelines – One-Click Stopping the Collection of Off-Vehicle Data (Draft)”

In order to promote the safe collection and use of off-vehicle data and guide relevant units of automobile data security to explore convenient methods to stop collecting off-vehicle data, the Secretariat of the National Cyber ​​Security Standardization Technical Committee organized the preparation of the “Cyber ​​Security Standard Practice Guide – One-click Stop Collection of Off-Vehicle Data Guide (Draft for Comments)”. In accordance with the requirements of the “National Cyber ​​Security Standardization Technical Committee Management Measures (Interim)”, the Secretariat is now organizing the public solicitation of opinions on the “Cyber ​​Security Standard Practice Guide – One-click Stop Collection of Off-Vehicle Data Guide (Draft for Comments)”. If you have any comments or suggestions, please feedback to the Secretariat before July 5, 2024. The full text of the standard can be obtained by visiting the following original link.

Original link:

https://www.tc260.org.cn/front/postDetail.html?id=20240624102728

Hot Spot Observation

OpenAI will take measures to limit API services to unsupported countries

OpenAI announced on June 25 that in order to maintain service quality and security, it will take additional measures to limit API traffic from currently unsupported countries and regions.

In the official email notification pushed by OpenAI, it is clearly stated that the company will strictly block API access traffic from non-supported countries and regions starting from July 9. If the affected organizations want to continue to use OpenAI's services, they can only access them in supported countries or regions. It should be noted that OpenAI publicly published an article in February this year titled “Preventing Malicious Use of Artificial Intelligence by State-Related Threat Actors”, which clearly mentioned that it would block and restrict users from countries/regions such as North Korea and Russia.

Original link:

https://www.163.com/dy/article/J5G5SBP30517N211.html

Dutch court rules Oracle and Salesforce violated GDPR privacy requirements

Recently, the Dutch Court of Appeal made an important ruling in a cookie tracking case related to GDPR. The court ruled that Oracle and Salesforce must defend the class action lawsuit. The plaintiff in the lawsuit is the Dutch privacy protection organization The Privacy Collective (TPC), which accuses the two companies of violating GDPR-related privacy protection requirements by collecting personal data by placing cookies on user devices and using this data for personalized advertising. TPC requires the two companies to pay 500 euros to each of 10 million Dutch users, totaling 5 billion euros in compensation.

It is reported that both Oracle and Salesforce admitted to the existence of cookie collection, but argued that this was the decision of the website owner and that they only provided technical tools to customers, denying that they were “data controllers” as required by GDPR regulations. TPC pointed out that the two companies obtained a large amount of personal information through DMP services and provided this information to advertisers in a very fast and automated manner to profit from it.

The case focuses on whether the platform provider or the website owner should be held responsible when a website uses a third-party data platform to track users. TPC said in a statement that the Dutch Court of Appeal's ruling is a “milestone in access to justice and protecting the privacy of all Dutch Internet users” and may have an important impact on similar cases in the future, strengthening the legal actions of privacy protection organizations against the digital advertising industry.

Original link:

https://www.csoonline.com/article/2167475/dutch-appellate-court-rules-against-oracle-and-salesforce-in-a-gdpr-related-cookie-case.html

CISA recommends that small and medium-sized enterprise users adopt single sign-on authentication mechanism as soon as possible

Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a new guideline recommending that small and medium-sized business (SMB) organizations adopt single sign-on (SSO) services as soon as possible and will help them deal with the challenges they may face. According to reports, the recommendation is based on a series of security studies conducted by CISA involving stakeholders to understand their attitudes and potential barriers to SMB adoption of SSO. The study found that many small and medium-sized enterprise managers have not yet realized that SSO technology can significantly improve the network security of their organizations and regard it as a necessary or priority factor. The main reasons for this situation are financial and technical reasons. limit.

CISA also recommends that SSO vendors should separate SSO functions from platform systems, so that they can provide more flexible SSO services for small and medium-sized enterprises. As for small and medium-sized enterprises themselves, CISA recommends that they should first fully evaluate their own needs and limitations when adopting SSO, including factors such as the number of users, the number of applications, security requirements and budget. In addition, cloud-based SSO solutions may be a more practical choice for small and medium-sized enterprises.

Original link:

https://www.scmagazine.com/news/cisa-publishes-recommendations-for-smbs-to-adopt-single-sign-on

Network attacks

A new adware disguised as an Oculus installer

Recently, cybersecurity researchers at eSentire discovered that the adware “AdsExhaust” is spreading rapidly in Google searches by impersonating Oculus installers, tricking users into downloading and infecting their devices. This malware was discovered in early June 2024.

It is understood that Oculus is a brand of virtual reality (VR) hardware and software products developed and produced by Oculus VR, a subsidiary of Meta Platforms (formerly Facebook Inc.). When users search for Oculus applications on Google, they may be lured into a malicious website that distributes AdsExhaust. Users receive a ZIP archive containing a batch script named “oculus-app.EXE” that retrieves other scripts and creates a backup.bat file. Three tasks are then created to run the batch files at different times and download the legitimate Oculus application from the browser.

This adware steals screenshots and automatically interacts with the browser using methods such as simulated keystrokes to click on various ads to earn illegal revenue. In addition, it creates multiple background tasks that consume system resources and cause device performance degradation. To protect yourself from AdsExhaust and similar threats, experts recommend downloading software from official sources, using reliable antivirus and anti-malware solutions, and staying up to date with the latest cybersecurity threats.

Original link:

Oyster backdoor can be spread maliciously by tampering with popular software downloads

According to Rapid7's research, a malicious advertising campaign is using tampered installers for popular software such as Google Chrome and Microsoft Teams to deploy a backdoor called Oyster (also known as Broomstick and CleanUpLoader). These attackers take advantage of the fact that when users search for these software on search engines such as Google and Bing, they are redirected to websites that look legitimate but actually have malicious payloads. They trick users into visiting these pages that imitate legitimate software downloads, but actually download installers with malware. This malicious executable program deploys a backdoor called Oyster, which can collect information about the infected host, communicate with hardcoded command and control servers, and support remote code execution.

The Oyster backdoor has been spread in the past via a specialized loader called Broomstick Loader (aka Oyster Installer), but this time the attack chain directly deploys the backdoor itself. The malware is believed to be linked to the Russian-linked hacker group ITG23, which is responsible for the distribution of the TrickBot malware. After deploying the Oyster backdoor, the malware also installs the legitimate Microsoft Teams software in an attempt to cover its tracks and avoid alerting users. Rapid7 also found that the malware also generates a PowerShell script for setting up persistence on the system. Meanwhile, another cybercriminal group called Rogue Raticate (aka RATicate) has also been blamed for phishing campaigns that use PDF documents to trick users into clicking on malicious links to deploy NetSupport remote control software.

Original link:

https://thehackernews.com/2024/06/oyster-backdoor-spreading-via.html

LockBit 3.0 returns, triggering a sharp increase in ransomware attacks

According to the latest monthly threat report from the British cybersecurity company NCC Group, global ransomware attacks increased significantly in May. The number of attacks rose from 356 in April to 470, an increase of 8% year-on-year, which was mainly attributed to the resurgence of the ransomware group LockBit 3.0. LockBit 3.0 was hit and temporarily disappeared, but now it has made a comeback and accounted for 37% of all ransomware attacks in May, a sharp increase of 665% month-on-month, and has once again become the most important threat actor. In contrast, the number of attacks of Play ransomware, which previously ranked first, dropped from 176 last month to 32, accounting for only 7%, falling to second place. RansomHub ranked third with 22 attacks, accounting for 5%, a decrease of 19% from the previous month.

The re-emergence of LockBit 3.0 has triggered drastic changes in the entire ransomware attack landscape. In terms of regional distribution, North America and Europe are still the main targets of ransomware attacks, accounting for 77% of all attacks. However, while the absolute number of attacks in North America increased by 11%, its global proportion fell from 58% to 49%. In comparison, attacks in Europe increased by 65%. In addition, other regions also saw significant growth, such as South America from 5% to 8% and Africa from 3% to 8%. NCC believes that these emerging markets may become “testing grounds” for new ransomware variants and attack methods; in terms of industry, industry is still the most attacked area, with 143 attacks in May, accounting for 30%, which is higher than April's 116 times an increase of 32%. The number of attacks in the technology industry increased significantly by 47%, from 49 to 72, which was attributed to large financial resources and the spread of data and Internet-connected equipment. Overall, ransomware attacks increased by 114 in May compared with April, highlighting the current deteriorating cybersecurity landscape.

Original link:

https://www.mescomputing.com/news/4326404/surge-global-ransomware-attacks-lockbit-returns

Experts pointed out that the root cause of the data leak was a security flaw in Snowflake, a third-party service provider used by LAUSD. Hackers exploited this flaw to break into the system and obtain a large amount of sensitive information. Although the leaked data does not currently contain key information such as passwords and social security numbers (SSNs), it still poses a great privacy risk to students, teachers and staff, who may be subject to phishing, identity theft, and malicious attacks such as fake social media profiles or attempts to register on malicious websites.

Original link:

Popular open source e-commerce platform exposed to have serious security flaws

Original link:

https://www.bleepingcomputer.com/news/security/facebook-prestashop-module-exploited-to-steal-credit-cards/

Industry News

Abstract Security launches AI-powered secure data streaming platform

Recently, Abstract Security announced the full launch of its AI-driven security data flow platform. This future-oriented security operations platform is designed to help security analysts and operations teams better manage complex data processes, improve security effectiveness, and reduce costs. A key feature of this platform is the Abstract Security Engineer (ASE), which uses artificial intelligence, expert systems, machine learning and other technologies to connect data sources across the organization and provide instant data and detection capabilities. The platform adopts a security data flow (Security Data Fabric) approach and supports advanced analysis and correlation, optimized security pipelines, intelligent storage management and other functions. These innovative solutions help customers meet the challenges currently facing security operations and improve security efficiency.

To drive the continued development of the platform, Abstract Security has expanded its global presence and brought in an experienced technical leadership team. They also invited Jon Oltsik, a leading expert in cybersecurity, to join the advisory board to provide advice and guidance. Oltsik believes that with the continuous growth of infrastructure complexity and data scale, existing security analysis methods can no longer meet the needs, and the innovative methods proposed by Abstract Security are worthy of attention.

Original link:

https://www.darkreading.com/cybersecurity-operations/abstract-security-announces-general-availability-of-its-ai-powered-data-streaming-platform-for-security

Tenglong Anke received tens of millions of yuan in Series A financing

Recently, network security company Shanghai Tenglong Technology Co., Ltd. (hereinafter referred to as “Tenglong Anke”) announced the successful completion of a tens of millions of yuan Series A financing, led by Jingya Capital and followed by old shareholder Shunwei Capital. Shunwei invested in the Pre-A round of financing of “Tenglong Anke” in 2023 and provided continuous support in this round of financing.

It is understood that Shanghai Tenglong Technology Co., Ltd. is an information security service provider for governments and enterprises. The company's core team comes from the School of Cyberspace Security of Shanghai Jiaotong University, and R&D personnel account for more than 70%. At present, Tenglong Anke has launched four major active security matrices, including external exposure surface detection products EASM, internal attack surface management products CAASM, vulnerability risk monitoring products, and intelligent traffic management API products. These products provide customers with a full range of network security solutions in an intelligent and visual way.

Mr. Cheng Tian, ​​partner of Shunwei, said: “In the wave of digital economy, the new generation of network security technology has become an important support for safeguarding the high-quality development of my country's economy. The Shunwei team has always adhered to the concept of technological innovation and is committed to promoting the dual-wheel drive development of technological progress and security protection. Since investing in the Pre-A round of financing of Tenglong Anke in 2023, Shunwei has witnessed the founding team with Wang Haotian as the core. With its technological leadership and innovative business model, it has accelerated its growth into a leading new force in the domestic network security track. We believe that under the leadership of founder Wang Haotian, Tenglong Anke will continue to maintain its leading position in the field of network security and continue to contribute to the healthy development of my country's digital economy.”

Original link:

https://mp.weixin.qq.com/s/j26QqyoZPW0S-H18gYGEYg