PythonMemoryModule - Pure-Python Implementation Of MemoryModule Technique To Load Dll And Unmanaged Exe Entirely From Memory
"Python memory module" AI generated pic - hotpot.ai pure-python implementation of MemoryModule technique to load a dll or unmanaged exe entirely from memory What is it PythonMemoryModule is a Python ctypes porting of the MemoryModule technique originally published by Joachim Bauch. It can load a dll or unmanaged exe using Python without requiring the use of an external library (pyd). It leverages pefile to parse PE headers and ctypes. The tool was originally thought to be used as a Pyramid module to provide evasion against AV/EDR by loading dll/exe payloads in python.exe entirely from memory, however other use-cases are possible (IP protection, pyds in-memory loading, spinoffs for other stealthier techniques) so I decided to create a dedicated repo. Why it can be useful It basically...
http://www.kitploit.com/2023/06/pythonmemorymodule-pure-python.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies
Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER.
"SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory manipulation, and token impersonation capabilities," Elastic Security Labs said in a Friday report.
The
https://thehackernews.com/2023/06/new-spectralviper-backdoor-targeting.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gloucester cyber attack likened to Wordle in how extent of damage revealed itself over time
The cyber attack which crippled council services in Gloucester has been likened to the web-based puzzle game Wordle in how the extent of damage ...
https://www.gloucestershirelive.co.uk/news/gloucester-news/gloucester-cyber-attack-likened-wordle-8505696
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HSE again impacted by cyber-attack - Dublin's Q102
Contact will be made shortly with the people affected by a cyber-attack at the HSE. This is the second time an incident like this has happened ...
https://www.q102.ie/news/q102-news/hse-again-impacted-by-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Contact to be made shortly with those affected by HSE cyber-attack - Ocean FM
Contact will be made shortly with the people affected by a cyber-attack at the HSE. The breach happened while Ernest & Young was working with the.
https://www.oceanfm.ie/2023/06/10/contact-to-be-made-shortly-with-those-affected-by-hse-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
50+ Network Penetration Testing Tools for Hackers & Security Professionals – 2023
Network Security tools for Penetration testing is more often used by security industries to test the vulnerabilities in network and applications. Here you can find the Comprehensive Network Security Tools list that covers Performing Penetration testing Operation in all the Environment. Learn :Master in Ethical Hacking & Penetration Testing Online – Scratch to Advance Level […]
The post 50+ Network Penetration Testing Tools for Hackers & Security Professionals – 2023 appeared first on GBHackers - Latest Cyber Security News | Hacker News.
https://gbhackers.com/network-security-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Millions of Turkish residents' private data leaked online - Duvar English
Three opposition media outlets hit by cyber attack Three opposition media outlets hit by cyber attackPolitics.
https://www.duvarenglish.com/millions-of-turkish-residents-private-data-leaked-online-news-62538
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered - Patch Now!
Progress Software, the company behind the MOVEit Transfer application, has released patches to address brand new SQL injection vulnerabilities affecting the file transfer solution that could enable the theft of sensitive information.
"Multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain
https://thehackernews.com/2023/06/new-critical-moveit-transfer-sql.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Contact to be made shortly with those affected by HSE cyber-attack - Highland Radio
Contact will be made shortly with the people affected by a cyber-attack at the HSE. The breach happened while EY was working with the health ...
https://highlandradio.com/2023/06/10/contact-to-be-made-shortly-with-those-affected-by-hse-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Those affected by HSE cyberattack to be contacted - Newstalk
Contact will be made shortly with the people affected by a cyber-attack at the HSE. The breach occurred while law company EY was working with the ...
https://www.newstalk.com/news/those-affected-by-hse-cyberattack-to-be-contacted-1473682
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Attack in Telecom Sector Market 2031 Key Insights and Leading Players Symantec ...
In-depth information about the market value and compound annual growth rate (CAGR) of Cyber Attack in Telecom Sector markets from 2023 to 2031 is ...
https://www.kaleidoscot.com/cyber-attack-in-telecom-sector-market-2031-key-insights-and-leading-players-symantec-corp-netrika-tia-online/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Defend Against Modern Ransomware Attacks - Infosecurity Magazine
The cyber kill chain model involves a series of steps that track the stages of a cyber-attack, from the reconnaissance stage to the exfiltration ...
https://www.infosecurity-magazine.com/next-gen-infosec/defend-modern-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Extreme Networks emerges as victim of Clop MOVEit attack - Computer Weekly
... services supplier Extreme Networks has revealed its instance of Progress Software's MOVEit tool was compromised in the ongoing Clop cyber attack.
https://www.computerweekly.com/news/366539753/Extreme-Networks-emerges-as-victim-of-Clop-MOVEit-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 38: mariadb 2023-381f23a0ae
**MariaDB 10.5.20** Release notes: https://mariadb.com/kb/en/mariadb-10-5-20-release-notes/
https://www.linuxsecurity.com/advisories/fedora/fedora-38-mariadb-2023-381f23a0ae-zwg00ngujlga?rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RedHat: RHSA-2023-3557:01 Important: openshift-gitops-kam security update
An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
https://www.linuxsecurity.com/advisories/red-hat/redhat-rhsa-2023-3557-01-important-openshift-gitops-kam-security-update-lxump4xbmjmx?rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille
Energy Companies Need to Understand Their Cyber Attack Surface To Protect Against ...
What steps can energy companies take to fortify their defenses, understand their cyber attack surface and ensure the security of critical ...
https://marketscale.com/industries/energy/energy-companies-need-to-understand-their-cyber-attack-surface-to-protect-against-cybersecurity-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Members of the public among those affected by massive N.S. cyberattack - CBC Lite | News
"The organization that has claimed to be leading this cyber attack is a group of organized criminals," said LeBlanc. "The day that government ...
https://www.cbc.ca/lite/story/1.6871682
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Week in Ransomware - June 9th 2023 - It's Clop... Again!
The week was dominated by fallout over the MOVEit Transfer data-theft attacks, with the Clop ransomware gang confirming that they were behind them. [...]
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-9th-2023-its-clop-again/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ukrainian hackers take down service provider for Russian banks
A group of Ukrainian hackers known as the Cyber.Anarchy.Squad claimed an attack that took down Russian telecom provider Infotel JSC on Thursday evening. [...]
https://www.bleepingcomputer.com/news/security/ukrainian-hackers-take-down-service-provider-for-russian-banks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More MOVEit mitigations: new patches published for further protection
Good news... more patches, this time available proactively
https://nakedsecurity.sophos.com/2023/06/09/more-moveit-mitigations-new-patches-published-for-further-protection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Debian LTS: DLA-3451-1: pypdf2 security update
Sebastian Krause discovered that manipulated inline images can force PyPDF2, a pure Python PDF library, into an infinite loop, if a maliciously crafted PDF file is processed.
https://www.linuxsecurity.com/advisories/deblts/debian-lts-dla-3451-1-pypdf2-security-update-2psq7pthinao?rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russians charged with hacking Mt. Gox exchange and operating BTC-e
Two Russian nationals have been charged with the hack of the cryptocurrency exchange Mt. Gox in 2011 and money laundering. Russian nationals Alexey Bilyuchenko (43) and Aleksandr Verner (29) have been charged with the hack of the cryptocurrency exchange Mt. Gox in 2011 and the operation of the illicit cryptocurrency exchange BTC-e. The duo has […]
The post Russians charged with hacking Mt. Gox exchange and operating BTC-e appeared first on Security Affairs.
https://securityaffairs.com/147280/digital-id/mt-gox-russian-nations.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Augusta issues statement about cyber attack - WFXG
The City of Augusta issued a statement Friday, Jun. 9 about the recent cyber attack. In the release, the City discusses what steps are being taken ...
https://www.wfxg.com/story/49060231/augusta-issues-statement-about-cyber-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tracing the Path: Unraveling the Full History of Toncoin
By Owais Sultan
Join us on this captivating journey as we uncover the remarkable story behind Toncoin, a non-custodial cryptocurrency wallet,…
This is a post from HackRead.com Read the original post: Tracing the Path: Unraveling the Full History of Toncoin
https://www.hackread.com/tracing-full-history-of-toncoin/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Former TikTok exec: Chinese Communist Party had "God mode" entry to US data
Categories: NewsCategories: PrivacyTags: Yu
Tags: TikTok
Tags: ByteDance
Tags: CCP
Tags: influence
Tags: data access
Tags: loaded gun
A former executive at TikTok's parent company ByteDance has claimed in court documents that the Chinese Community Party (CCP) had access to TikTok data, despite the data being stored in the US.
(Read more...)
The post Former TikTok exec: Chinese Communist Party had "God mode" entry to US data appeared first on Malwarebytes Labs.
https://www.malwarebytes.com/blog/news/2023/06/former-tiktok-executive-says-chinese-communist-party-members-had-god-mode-entry-to-tiktok-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
University of Manchester says hackers ‘likely' stole data in cyberattack
The University of Manchester warns staff and students that they suffered a cyberattack where threat actors likely stole data from the University's network. [...]
https://www.bleepingcomputer.com/news/security/university-of-manchester-says-hackers-likely-stole-data-in-cyberattack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thoughts on scheduled password changes (don't call them rotations!)
Does swapping your password regularly make it a better password?
https://nakedsecurity.sophos.com/2023/06/09/thoughts-on-scheduled-password-changes-dont-call-them-rotations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New MOVEit Transfer critical flaws found after security audit, patch now
Progress Software warned customers today of newly found critical SQL injection vulnerabilities in its MOVEit Transfer managed file transfer (MFT) solution that can let attackers steal information from customers' databases. [...]
https://www.bleepingcomputer.com/news/security/new-moveit-transfer-critical-flaws-found-after-security-audit-patch-now/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 12 Best Open Source Intelligence Tools (OSINT Tools) for Penetration Testing 2023
We all know very well that getting or gathering any information by using various tools becomes really easy. In this article, we have discussed various OSINT tools, as if we search over the internet, then there will be many different pages to pop out. But the most problematic thing is to gather different information from […]
The post Top 12 Best Open Source Intelligence Tools (OSINT Tools) for Penetration Testing 2023 appeared first on Cyber Security News.
https://cybersecuritynews.com/osint-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Horabot Malware Steals Banking and Outlook Credentials
Since November 2020, a covert campaign utilizing the ‘Horabot’ botnet malware has specifically targeted Spanish-speaking users across Latin America, infecting them with a banking trojan and spam tool, all while operating undetected. Threat actors take control of the victim’s email accounts (Gmail, Outlook, Hotmail, or Yahoo) by exploiting the malware to steal all the essential […]
The post New Horabot Malware Steals Banking and Outlook Credentials appeared first on Cyber Security News.
https://cybersecuritynews.com/horabot-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Android Apps Ran Adware Campaign For Months
Researchers caught a sneaky adware campaign targeting Android users for months. This campaign used several…
Fake Android Apps Ran Adware Campaign For Months on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2023/06/09/fake-android-apps-ran-adware-campaign-for-months/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spotlight on Elinadav Heymann: The Innovative Programmer Revolutionizing the Digital Landscape
In the rapidly expanding universe of digital innovation, the name Elinadav Heymann is quickly making…
Spotlight on Elinadav Heymann: The Innovative Programmer Revolutionizing the Digital Landscape on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2023/06/09/spotlight-on-elinadav-heymann-the-innovative-programmer-revolutionizing-the-digital-landscape/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft now lets you speak to its AI-powered Bing Chat
Microsoft announced today that users would also be able to communicate with Bing Chat, the AI-powered chat-based version of its Bing search engine, via voice commands. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-now-lets-you-speak-to-its-ai-powered-bing-chat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Minecraft Community on High Alert as Malware Infects Popular Mods
By Waqas
Dubbed Fracturizer, researchers delving into the malware's GitHub repository have classified this malware as "extraordinarily perilous.
This is a post from HackRead.com Read the original post: Minecraft Community on High Alert as Malware Infects Popular Mods
https://www.hackread.com/minecraft-community-malware-infects-popular-mods/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing Your CI/CD Pipeline: Exploring the Dangers of Self-Hosted Agents
Continuous Integration/Continuous Deployment (CI/CD) pipelines have become crucial to modern software development practices. CI/CD pipelines can significantly improve development efficiency and software quality by automating the process of building, testing, and deploying code. Most modern CI/CD platforms (like GitHub actions, Circle CI, etc.) offer an option to run the pipeline process over a self-hosted runner - an agent hosted by the user instead of the CI/CD platform, to execute jobs on their own infrastructure.With self-hosted runners, you can create custom hardware configurations that meet your needs with processing power or memory to run larger jobs. Additionally, you can install software available on your local network and choose an operating system not offered by the platform....
https://www.legitsecurity.com/blog/securing-your-ci/cd-pipeline-exploring-the-dangers-of-self-hosted-agents
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE: 2023:0124-1 important: chromium
An update that fixes 14 vulnerabilities is now available.
https://www.linuxsecurity.com/advisories/opensuse/opensuse-2023-0124-1-important-chromium-mvpbixt7lxn5?rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russians charged with hacking Mt. Gox crypto exchange, running BTC-e
Russian nationals Alexey Bilyuchenko and Aleksandr Verner have been charged with the 2011 hacking of the leading (at the time) cryptocurrency exchange Mt. Gox and the laundering of around 647,000 bitcoins they stole. [...]
https://www.bleepingcomputer.com/news/security/russians-charged-with-hacking-mt-gox-crypto-exchange-running-btc-e/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants
Banking and financial services organizations are the targets of a new multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attack, Microsoft has revealed.
"The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations," the tech giant disclosed in a Thursday
https://thehackernews.com/2023/06/microsoft-uncovers-banking-aitm.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft's Azure portal down following new claims of DDoS attacks
The Microsoft Azure Portal is down on the web as a threat actor known as Anonymous Suda claims to be targeting the site with a DDoS attack. [...]
https://www.bleepingcomputer.com/news/microsoft/microsofts-azure-portal-down-following-new-claims-of-ddos-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SciLinux: SLSA-2023-3556-1 Important: python3 on SL7.x x86_64
python: urllib.parse url blocklisting bypass (CVE-2023-24329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 python3-3.6.8-19.el7_9.x86_64.rpm python3-debuginfo-3.6.8-19.el7_9.i686.rpm python3-debuginfo-3.6.8-19.el7_9.x86_64.rpm python3-libs-3.6.8-19.el7_9.i686.rpm [More...]
https://www.linuxsecurity.com/advisories/scilinux/scilinux-slsa-2023-3556-1-important-python3-on-sl7-x-x86-64-ulnnyn64rrkz?rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SciLinux: SLSA-2023-3555-1 Important: python on SL7.x x86_64
python: urllib.parse url blocklisting bypass (CVE-2023-24329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 python-2.7.5-93.el7_9.x86_64.rpm python-debuginfo-2.7.5-93.el7_9.i686.rpm python-debuginfo-2.7.5-93.el7_9.x86_64.rpm python-libs-2.7.5-93.el7_9.i686.rpm [More...]
https://www.linuxsecurity.com/advisories/scilinux/scilinux-slsa-2023-3555-1-important-python-on-sl7-x-x86-64-qfchwfxdfk28?rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BlackCat ransomware fails to extort Australian commercial law giant
Australian law firm HWL Ebsworth confirmed to local media outlets that its network was hacked after the ALPHV ransomware gang began leaking data they claim was stolen from the company. [...]
https://www.bleepingcomputer.com/news/security/blackcat-ransomware-fails-to-extort-australian-commercial-law-giant/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Criminals Sharing GPT-4 API Keys for Free
Recently, a script kiddie has been banned for sharing the stolen OpenAI API keys with many users on Discord for the r/ChatGPT subreddit. Developers can seamlessly incorporate OpenAI’s language model, GPT-4, into their applications using API keys. Oftentimes, developers unintentionally leave their keys embedded in their code, creating an opportunity for account theft that can […]
The post Cyber Criminals Sharing GPT-4 API Keys for Free appeared first on GBHackers - Latest Cyber Security News | Hacker News.
https://gbhackers.com/cyber-criminals-sharing-gpt-4-api-keys-for-free/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Japanese Pharmaceutical giant Eisai hit by a ransomware attack
This week, the Japanese pharmaceutical giant Eisai has taken its systems offline in response to a ransomware attack. Eisai is a Japanese pharmaceutical company with about 10,000 employees and more than billion in revenue. The company this week was forced to take certain systems offline in response to a cyber attack In response to the ransomware […]
The post Japanese Pharmaceutical giant Eisai hit by a ransomware attack appeared first on Security Affairs.
https://securityaffairs.com/147276/cyber-crime/eisai-ransomware-attack.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions
The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020.
"It is a crimeware group that targets bank customers and cryptocurrency traders in various regions, including North America and Europe," ESET said in an analysis published Thursday. "Asylum Ambuscade also does espionage against government entities in Europe
https://thehackernews.com/2023/06/asylum-ambuscade-cybercrime-group-with.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shutting down old ClamAV Bugzilla
ClamAV will shut down the old ClamAV Bugzilla server in July. Users who have any outstanding Bugzilla reports should move them to GitHub Issues as soon as possible.We disabled new tickets in Bugzilla in December 2021 in favor of GitHub Issues for all new ClamAV bug reports and a new process for reporting vulnerabilities as defined by a new security policy. As it has now been 18 months since the switch to GitHub Issues, we have decided to shut down our old Bugzilla. We plan to take the Bugzilla server off the internet sometime after July 1 and keep it as an internal reference for our development team. It will no longer be accessible to the public.
http://blog.clamav.net/2023/06/shutting-down-old-clamav-bugzilla.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Awareness Training 101: Which Employees Need It?
To understand why you need cybersecurity awareness training, you must first understand employees’ outsized roles in security breaches. “People remain — by far — the weakest link in an organization’s cybersecurity defenses,” noted Verizon on the release of their 2022 Data Breach Investigations Report (DBIR). They elaborate that 25% of all breaches covered in the […]
The post Security Awareness Training 101: Which Employees Need It? appeared first on Security Intelligence.
https://securityintelligence.com/articles/security-awareness-training-which-employees-need-it/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
3rd-Party Reddit App Apollo Forced to Shut Down Due to API Charges
By Waqas
Apollo app will be shut down on June 30th, 2023.
This is a post from HackRead.com Read the original post: 3rd-Party Reddit App Apollo Forced to Shut Down Due to API Charges
https://www.hackread.com/reddit-app-apollo-shut-down-api-charges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Clop ransomware gang was testing MOVEit Transfer bug since 2021
Researchers discovered that the Clop ransomware gang was looking for a zero-day exploit in the MOVEit Transfer since 2021. Kroll security experts discovered that the Clop ransomware gang was looking for a zero-day exploit in the MOVEit Transfer since 2021. Kroll investigated the exploitation attempts for the MOVEit Transfer vulnerability and discovered that Clop threat […]
The post Clop ransomware gang was testing MOVEit Transfer bug since 2021 appeared first on Security Affairs.
https://securityaffairs.com/147264/cyber-crime/clop-testing-moveit-transfer-bug-2021.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mixing cybercrime and cyberespionage – Week in security with Tony Anscombe
A crimeware group that usually targets individuals and SMBs in North America and Europe adds cyberespionage to its activities
The post Mixing cybercrime and cyberespionage – Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/mixing-cybercrime-cyberespionage-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XSS-Exploitation-Tool - An XSS Exploitation Tool
XSS Exploitation Tool is a penetration testing tool that focuses on the exploit of Cross-Site Scripting vulnerabilities. This tool is only for educational purpose, do not use it against real environment Features Technical Data about victim browser Geolocation of the victim Snapshot of the hooked/visited page Source code of the hooked/visited page Exfiltrate input field data Exfiltrate cookies Keylogging Display alert box Redirect user Installation Tested on Debian 11 You may need Apache, Mysql database and PHP with modules: $ sudo apt-get install apache2 default-mysql-server php php-mysql php-curl php-dom$ sudo rm /var/www/index.html Install Git and pull the XSS-Exploitation-Tool source code: $ sudo apt-get install git$ cd /tmp$ git clone https://github.com/Sharpforce/XSS-Exploitation-Tool.git$...
http://www.kitploit.com/2023/06/xss-exploitation-tool-xss-exploitation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware review: June 2023
Categories: RansomwareCategories: Threat IntelligenceMay saw a record number of 556 reported ransomware victims, the unusual emergence of Italy and Russia as major targets, and a significant rise in attacks on the education sector.
(Read more...)
The post Ransomware review: June 2023 appeared first on Malwarebytes Labs.
https://www.malwarebytes.com/blog/threat-intelligence/2023/06/ransomware-review-june-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Reasons Why Access Management is the Key to Securing the Modern Workplace
The way we work has undergone a dramatic transformation in recent years. We now operate within digital ecosystems, where remote work and the reliance on a multitude of digital tools is the norm rather than the exception. This shift – as you likely know from your own life – has led to superhuman levels of productivity that we wouldn't ever want to give up. But moving fast comes at a cost. And for
https://thehackernews.com/2023/06/5-reasons-why-access-management-is-key.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Clop Ransomware Gang Extorts Household Names including BBC, British Airways and Boots
This week, it was discovered that cybercriminals had exploited an ongoing vulnerability in Progress Software's MOVEit file transfer app to infiltrate the systems of payroll company, Zellis. According to its website, 42% of the FTSE 100 are Zellis customers and over £28bn is paid each year through its Managed Services. This eventually led to a […]
The post Clop Ransomware Gang Extorts Household Names including BBC, British Airways and Boots appeared first on IT Security Guru.
https://www.itsecurityguru.org/2023/06/09/clop-ransomware-gang-extorts-household-names-including-bbc-british-airways-and-boots/?utm_source=rss&utm_medium=rss&utm_campaign=clop-ransomware-gang-extorts-household-names-including-bbc-british-airways-and-boots
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kali Linux 2023.2 - Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2023.2. This release has various impressive updates.The changelog highlights over the last few weeks since March's release of 2023.1 is:New VM image for Hyper-V - With “Enhanced Session Mode” out of the boxXfce audio stack update: enters PipeWire - Better audio for Kali's default desktopi3 desktop overhaul - i3-gaps merged with i3Desktop updates - Easy hashing in XfceGNOME 44 - Gnome Shell version bumpIcons & menus updates - New apps and icons in menuNew tools - As always, various new packages added
More info here.
Download Kali Linux 2023.2
http://www.kitploit.com/2023/06/kali-linux-20232-penetration-testing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Update your Cisco System Secure Client now to fix this AnyConnect bug
Categories: Exploits and vulnerabilitiesCategories: NewsTags: Cisco
Tags: anyconnect
Tags: system secure client
Tags: VPN
Tags: bug
Tags: patch
Tags: update
Tags: vulnerability
Tags: SYSTEM
We take a look at a recent update for Cisco Secure System Client and why you should apply the update as soon as possible.
(Read more...)
The post Update your Cisco System Secure Client now to fix this AnyConnect bug appeared first on Malwarebytes Labs.
https://www.malwarebytes.com/blog/news/2023/06/update-your-cisco-system-secure-client-now-to-fix-this-anyconnect-bug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stealth Soldier backdoor used is targeted espionage attacks in Libya
Researchers detected a cyberespionage campaign in Libya that employs a new custom, modular backdoor dubbed Stealth Soldier. Experts at the Check Point Research team uncovered a series of highly-targeted espionage attacks in Libya that employ a new custom modular backdoor dubbed Stealth Soldier. Stealth Soldier is surveillance software that allows operators to spy on the victims […]
The post Stealth Soldier backdoor used is targeted espionage attacks in Libya appeared first on Security Affairs.
https://securityaffairs.com/147254/apt/stealth-soldier-targets-libya.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks
A new custom backdoor dubbed Stealth Soldier has been deployed as part of a set of highly-targeted espionage attacks in North Africa.
"Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording, keystroke logging and stealing browser information," cybersecurity company Check Point said in a
https://thehackernews.com/2023/06/stealth-soldier-new-custom-backdoor.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Trend Report on APT Groups – April 2023
In this report, we cover nation-led threat groups presumed to conduct cyber intelligence or destructive activities under the support of the governments of certain countries, referred to as “Advanced Persistent Threat (APT) groups” for the sake of convenience. Therefore, this report does not contain information on cyber criminal groups aiming to gain financial profits. We organized analyses related to APT groups disclosed by security companies and institutions during the previous month; however, the content of some APT groups may not...
The post Threat Trend Report on APT Groups – April 2023 appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/53971/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Web & Dark Web Threat Trend Report – April 2023
This trend report on the deep web and dark web of April 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true. Ransomware ALPHV (BlackCat) Akira CipherLocker LockBit Money Message Forum & Black Market Closing of Genesis Market After the Closing of Breached Forums Threat Actor Bassterlord’s Retirement Hacktivist Group’s Activity ATIP_2023_Apr_Deep Web and Dark Web Threat Trend Report
The post Deep Web & Dark Web Threat Trend Report – April 2023 appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/53983/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Trend Report on Ransomware – April 2023
This report provides statistics on new ransomware samples, attacked systems, and targeted businesses in April 2023, as well as notable ransomware issues in Korea and overseas. Other major issues and statistics for ransomware that are not mentioned in the report can be found by searching for the following keywords or via the Statistics menu at AhnLab Threat Intelligence Platform (ATIP). Ransomware Statistics by Type The number of ransomware samples and targeted systems are based on the detection names designated by...
The post Threat Trend Report on Ransomware – April 2023 appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/53988/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE Trend Report – April 2023 Vulnerability Statistics and Major Issues
Following the recent abuse of vulnerabilities in various malware distributions and attacks, it is becoming more crucial to detect said information early on. Zero-day and other various vulnerabilities are typically spread faster through social networks. AhnLab provides the trend of current vulnerabilities through the ATIP service based on the information collected by the in-house infrastructure. Additionally, ATIP offers information on said vulnerabilities’ characteristics and countermeasures through related News Clippings, ASEC Notes, analysis reports, security advisories, and more. This report introduces...
The post CVE Trend Report – April 2023 Vulnerability Statistics and Major Issues appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/53957/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Trend Report on Kimsuky – April 2023
The Kimsuky group’s activities in April 2023 showed a decline in comparison to their activities in March, falling under half the number of the previous month. Korean domains were used for FlowerPower like before without major changes, and the RandomQuery type also remained the same. Lastly, we confirmed that the domain responsible for distributing AppleSeed has been spreading the Google Chrome Remote Desktop setup script. Also, the dropper file and AppleSeed file used different argument values, which is a shift...
The post Threat Trend Report on Kimsuky – April 2023 appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/53977/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VMware patches critical vulnerabilities in Aria Operations for Networks
Categories: Exploits and vulnerabilitiesCategories: NewsTags: cve-2023-20887
Tags: cve-2023-20888
Tags: cve-2023-20889
Tags: vmware
Tags: Aria Operations for Networks
Tags: RCE
Tags: information disclosure
Tags: deserialization
Tags: command injection
VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution
(Read more...)
The post VMware patches critical vulnerabilities in Aria Operations for Networks appeared first on Malwarebytes Labs.
https://www.malwarebytes.com/blog/news/2023/06/vmware-patches-critical-vulnerabilities-in-aria-operations-for-networks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2
IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia
By Waqas
The surge in malicious activity, initially observed during the Russia-Ukraine conflict, has now spread to various regions globally, as revealed in the NOKIA Threat Intelligence Report 2023.
This is a post from HackRead.com Read the original post: IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia
https://www.hackread.com/iot-botnet-ddos-attacks-telecom-networks-nokia/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ASEC Weekly Malware Statistics (May 29th, 2023 – June 4th, 2023)
AhnLab Security Emergency response Center (ASEC) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 29th, 2023 (Monday) to June 4th, 2023 (Sunday). For the main category, downloader ranked top with 40.1%, followed by Infostealer with 39.5%, backdoor with 13.6%, CoinMiner with 4.1%, and ransomware with 2.7%. Top 1 – AgentTesla AgentTesla is an Infostealer that ranked first place with 21.4%. It leaks user credentials saved...
The post ASEC Weekly Malware Statistics (May 29th, 2023 – June 4th, 2023) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/53824/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OWASP TOP 10 API Security Risks: 2023!
The OWASP Top 10 API Security Risks is a list of the highest priority API based threats in 2023. In this blog, we detail each item on the list.
https://blog.rapid7.com/2023/06/08/owasp-top-10-api-security-risks-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ASEC Weekly Phishing Email Threat Trends (May 21st, 2023 – May 27th, 2023)
AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from May 21st, 2023 to May 27th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,...
The post ASEC Weekly Phishing Email Threat Trends (May 21st, 2023 – May 27th, 2023) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/53726/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6152-1: Linux kernel (GKE) regression
It was discovered that NFS client's access cache implementation in the
Linux kernel caused a severe NFS performance degradation in certain
conditions. This updated makes the NFS file-access stale cache behavior
to be optional.
https://ubuntu.com/security/notices/USN-6152-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Clop ransomware likely testing MOVEit zero-day since 2021
The Clop ransomware gang has been looking for ways to exploit a now-patched zero-day in the MOVEit Transfer managed file transfer (MFT) solution since 2021, according to Kroll security experts. [...]
https://www.bleepingcomputer.com/news/security/clop-ransomware-likely-testing-moveit-zero-day-since-2021/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vivaldi is spoofing Edge Browser to bypass Bing Chat restrictions
The Vivaldi Browser announced today that they are now spoofing Microsoft Edge to bypass browser restrictions Microsoft placed in Bing Chat. [...]
https://www.bleepingcomputer.com/news/microsoft/vivaldi-is-spoofing-edge-browser-to-bypass-bing-chat-restrictions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6151-1: Linux kernel (Xilinx ZynqMP) vulnerabilities
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)
It was discovered that the KVM VMX implementation in the Linux kernel did
not properly handle indirect branch prediction isolation between L1 and L2
VMs. An attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2022-2196)
Gerald Lee discovered that the USB Gadget file system implementation in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability in some situations. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-4382)
It...
https://ubuntu.com/security/notices/USN-6151-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6150-1: Linux kernel vulnerabilities
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in
the netfilter subsystem of the Linux kernel when processing batch requests,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-32233)
Gwangun Jung discovered that the Quick Fair Queueing scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)
Reima Ishii discovered that the nested KVM implementation for Intel x86
processors in the Linux kernel did not properly validate control registers
in certain situations. An attacker in a guest VM could...
https://ubuntu.com/security/notices/USN-6150-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
World Mobile's Africa Field Tests: Harnessing TV White Space and Starlink
By Owais Sultan
World Mobile, a decentralized wireless network operator, has achieved a significant milestone with the successful completion of field…
This is a post from HackRead.com Read the original post: World Mobile’s Africa Field Tests: Harnessing TV White Space and Starlink
https://www.hackread.com/world-mobile-tv-white-space-starlink-test-africa/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue
Researchers published an exploit for an actively exploited Microsoft Windows vulnerability tracked as CVE-2023-29336. The Microsoft Windows vulnerability CVE-2023-29336 (CVSS score 7.8) is an elevation of privilege issue that resides in the Win32k component. Win32k.sys is a system driver file in the Windows operating system. The driver is responsible for providing the interface between user-mode applications and […]
The post Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue appeared first on Security Affairs.
https://securityaffairs.com/147245/hacking/windows-cve-2023-29336-poc.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Better Software Development: Insights from the SBOM Scorecard
https://blog.sonatype.com/better-software-development-insights-from-the-sbom-scorecard
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ChatGPT's False Information Generation Enables Code Malware
By Habiba Rashid
Researchers have warned that cyber criminals may exploit ChatGPT's AI Package Hallucination to spread malicious code, including malware infection.
This is a post from HackRead.com Read the original post: ChatGPT’s False Information Generation Enables Code Malware
https://www.hackread.com/chatgpt-false-information-generation-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PoC released for Windows Win32k bug exploited in attacks
Researchers have released a proof-of-concept (PoC) exploit for an actively exploited Windows local privilege escalation vulnerability fixed as part of the May 2023 Patch Tuesday. [...]
https://www.bleepingcomputer.com/news/security/poc-released-for-windows-win32k-bug-exploited-in-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways
It's not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.
https://krebsonsecurity.com/2023/06/barracuda-urges-replacing-not-patching-its-email-security-gateways/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detect and Prioritize Identity-Related Cloud Risk with InsightCloudSec
We are pleased to introduce our next advancement of identity-related risk management and remediation in Rapid7's InsightCloudSec: Identity Analysis.
https://blog.rapid7.com/2023/06/08/detect-and-prioritize-identity-related-cloud-risk-with-insightcloudsec/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Asylum Ambuscade hackers mix cybercrime with espionage
A hacking group tracked as 'Asylum Ambuscade' was observed in recent attacks targeting small to medium-sized companies worldwide, combining cyber espionage with cybercrime. [...]
https://www.bleepingcomputer.com/news/security/asylum-ambuscade-hackers-mix-cybercrime-with-espionage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
S3 Ep138: I like to MOVEit, MOVEit
Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)
https://nakedsecurity.sophos.com/2023/06/08/s3-ep138-i-like-to-moveit-moveit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advanced Espionage Malware “Stealth Soldier” Hits Libyan Firms
By Habiba Rashid
The Stealth Soldier malware is capable of stealing browser data, recording audio and video, and much more.
This is a post from HackRead.com Read the original post: Advanced Espionage Malware “Stealth Soldier” Hits Libyan Firms
https://www.hackread.com/espionage-malware-stealth-soldier-libya/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Experts detail a new Kimsuky social engineering campaign
North Korea-linked APT Kimsuky has been linked to a social engineering campaign aimed at experts in North Korean affairs. SentinelLabs researchers uncovered a social engineering campaign by the North Korea-linked APT group Kimsuky that is targeting experts in North Korean affairs. The attacks are part of a broader campaign recently detailed in a joint advisory published by […]
The post Experts detail a new Kimsuky social engineering campaign appeared first on Security Affairs.
https://securityaffairs.com/147232/apt/kimsuky-social-engineering-campaign.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware
June 9 Update:
The oldest sample we were able to track until now (
e69b50d1d58056fc770c88c514af9a82) shows the malware during its early development
stage. Dated 2023-04-12, it looks like a Stage 2 sample with the C&C address set
to 127.0.0.1, which leads us to believe that it was used for testing. It also
includes limited functionality that currently is available in Stage 3 samples
(only listening for OS commands (executed withexec) ), which reinforces our
assumption that the malware was in dev
https://www.bitdefender.com/blog/labs/infected-minecraft-mods-lead-to-multi-stage-multi-platform-infostealer-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances
Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway (ESG) appliances.
https://blog.rapid7.com/2023/06/08/etr-cve-2023-2868-total-compromise-of-physical-barracuda-esg-appliances/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Developers Kept Away From Coding, Estimated £10.4bn a Year Wasted
Research by software delivery platform Harness suggests that UK businesses are inadvertently wasting over £10.4bn per year as a result of lack of software productivity, mainly due to developers having to manually carry out routine operations that could be automated or aided by AI. These administration tasks include unnecessary scripting, toolchain maintenance, and responding to […]
The post Developers Kept Away From Coding, Estimated £10.4bn a Year Wasted appeared first on IT Security Guru.
https://www.itsecurityguru.org/2023/06/08/developers-kept-away-from-coding-estimated-10-4bn-a-year-wasted/?utm_source=rss&utm_medium=rss&utm_campaign=developers-kept-away-from-coding-estimated-10-4bn-a-year-wasted
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detecting and mitigating a multi-stage AiTM phishing and BEC campaign
Microsoft Defender Experts observed a multi-stage adversary-in-the-middle (AiTM) and business email compromise (BEC) attack targeting banking and financial services organizations over two days. This attack originated from a compromised trusted vendor, involved AiTM and BEC attacks across multiple supplier/partner organizations for financial fraud, and did not use a reverse proxy like typical AiTM attacks.
The post Detecting and mitigating a multi-stage AiTM phishing and BEC campaign appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2023/06/08/detecting-and-mitigating-a-multi-stage-aitm-phishing-and-bec-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation
Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems.
The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component.
"An attacker who successfully exploited this vulnerability could gain
https://thehackernews.com/2023/06/experts-unveil-poc-exploit-for-recent.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6149-1: Linux kernel vulnerabilities
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in
the netfilter subsystem of the Linux kernel when processing batch requests,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-32233)
Gwangun Jung discovered that the Quick Fair Queueing scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)
Reima Ishii discovered that the nested KVM implementation for Intel x86
processors in the Linux kernel did not properly validate control registers
in certain situations. An attacker in a guest VM could...
https://ubuntu.com/security/notices/USN-6149-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Expecting Too Much From CISOs Can Drive Them Out The Door
Chief information security officers need boardroom support – David Braue Melbourne, Australia – Jun. 8, 2023 The practice of cybersecurity has become so complex that sky-high expectations for CISOs are driving them out the door at record pace, the CISO of a leading managed detection
The post Expecting Too Much From CISOs Can Drive Them Out The Door appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/expecting-too-much-from-cisos-can-drive-them-out-the-door/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware.
"The Cl0p Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection
https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
German recruiter Pflegia leaks sensitive job seeker info
Pflegia, a German healthcare recruitment platform, has exposed hundreds of thousands of files with sensitive user data such as names, home addresses, and emails. Scouting for a new career can be stressful. Now imagine that, instead of a new role, you find that your resume data was exposed. That's what job seekers using Pflegia's services […]
The post German recruiter Pflegia leaks sensitive job seeker info appeared first on Security Affairs.
https://securityaffairs.com/147227/security/pflegia-leaks-sensitive-job-seeker-info.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6147-1: SpiderMonkey vulnerability
Several security issues were discovered in the SpiderMonkey JavaScript
library. If a user were tricked into opening malicious JavaScript
applications or processing malformed data, a remote attacker could exploit
a variety of issues related to JavaScript security, including denial of
service attacks, and arbitrary code execution.
https://ubuntu.com/security/notices/USN-6147-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unveiling Nebula's Report 2.0: A new approach to security reporting
Categories: BusinessWe're excited to announce Report 2.0, a major upgrade to our report system in Nebula.
(Read more...)
The post Unveiling Nebula's Report 2.0: A new approach to security reporting appeared first on Malwarebytes Labs.
https://www.malwarebytes.com/blog/business/2023/06/introducing-reports-2.0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Picture in Picture” Technique Exploited in New Deceptive Phishing Attack
By Habiba Rashid
The innovative approach, known as “picture in picture,” capitalizes on users’ trust in familiar logos and promotions, making…
This is a post from HackRead.com Read the original post: “Picture in Picture” Technique Exploited in New Deceptive Phishing Attack
https://www.hackread.com/picture-in-picture-technique-phishing-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond Requirements: Tapping the Business Potential of Data Governance and Security
Doom and gloom. Fear, uncertainty and doubt. The “stick” versus the “carrot”. What do these concepts have in common? They have often provided the primary motivation for organizations’ data governance and security strategies. For the enterprise, this mindset has perpetuated the idea that data governance, data security and data privacy are reactive cost centers existing […]
The post Beyond Requirements: Tapping the Business Potential of Data Governance and Security appeared first on Security Intelligence.
https://securityintelligence.com/posts/tapping-the-business-potential-of-data-governance-and-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AtomLdr - A DLL Loader With Advanced Evasive Features
A DLL Loader With Advanced Evasive Features Features: CRT library independent. The final DLL file, can run the payload by loading the DLL (executing its entry point), or by executing the exported "Atom" function via the command line. DLL unhooking from \KnwonDlls\ directory, with no RWX sections. The encrypted payload is saved in the resource section and retrieved via custom code. AES256-CBC Payload encryption using custom no table/data-dependent branches using ctaes; this is one of the best custom AES implementations I've encountered. Aes Key & Iv Encryption. Indirect syscalls, utilizing HellHall with ROP gadgets (for the unhooking part). Payload injection using APC calls - alertable thread. Payload execution using APC - alertable thread. Api hashing using two different implementations...
http://www.kitploit.com/2023/06/atomldr-dll-loader-with-advanced.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Another cluster of potentially malicious Chrome extensions
We've already seen Chrome extensions containing obfuscated malicious code. We've also seen PCVARK's malicious ad blockers. When looking for more PCVARK extensions, I stumbled upon an inconspicuous extension called “Translator - Select to Translate.” The only unusual thing about it were its reviews, lots of raving positive reviews mixed with usability complains. That, and the permissions: why does a translator extension need webRequest and webRequestBlocking permissions?
When I looked into this extension, I immediately discovered a strange code block. Supposedly, it was buggy locale processing. In reality, it turned out to be an obfuscated malicious logic meant to perform affiliate fraud.
That extension wasn't alone. I kept finding similar extensions until I had a list of 109 extensions,...
https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Guardz Launches AI-Powered Multilayered Phishing Protection To Secure SMEs
[TEL AVIV, Israel, June 8, 2023] – Guardz, the cybersecurity company securing and insuring SMEs,…
Guardz Launches AI-Powered Multilayered Phishing Protection To Secure SMEs on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2023/06/08/guardz-launches-ai-powered-multilayered-phishing-protection-to-secure-smes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Improve Your API Security Posture
APIs, more formally known as application programming interfaces, empower apps and microservices to communicate and share data. However, this level of connectivity doesn't come without major risks. Hackers can exploit vulnerabilities in APIs to gain unauthorized access to sensitive data or even take control of the entire system. Therefore, it's essential to have a robust API security posture to
https://thehackernews.com/2023/06/how-to-improve-your-api-security-posture.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical LibreOffice Code Execution Vuln Fixed
An Improper Validation of Array Index vulnerability (CVE-2023-0950) was discovered in the spreadsheet component of The Document Foundation LibreOffice 7.4 versions prior to 7.4.6 and 7.5 versions prior to 7.5.1. With a low attack complexity, no privileges or user interaction required to exploit, and a high confidentiality, integrity and availability impact, this bug has received a National Vulnerability Database (NVD) severity rating of ''Critical''.
https://www.linuxsecurity.com/news/security-vulnerabilities/critical-libreoffice-code-execution-vuln-fixed?rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple Easily Exploitable OpenSSL DoS Bugs Fixed
Multiple important denial of service (DoS) vulnerabilities (CVE-2023-0464 and CVE-2023-2650) have been discovered in the OpenSSL Secure Sockets Layer toolkit. These bugs are easy to exploit and have a high availability impact.
https://www.linuxsecurity.com/news/security-vulnerabilities/multiple-easily-exploitable-openssl-dos-bugs-fixed?rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Emergency Google Chrome Security Update—0Day Exploit Confirmed
Google has confirmed that a zero-day security vulnerability in its Chrome web browser is being actively exploited. All you need to know.
https://www.forbes.com/sites/daveywinder/2023/06/08/new-emergency-google-chrome-security-update-0day-exploit-confirmed/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco fixes privilege escalation bug in Cisco Secure Client
Cisco addressed a high-severity flaw in Cisco Secure Client that can allow attackers to escalate privileges to the SYSTEM account. Cisco has fixed a high-severity vulnerability, tracked as CVE-2023-20178 (CVSS Score 7.8), found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) that can be exploited by low-privileged, authenticated, local attacker to escalate privileges to […]
The post Cisco fixes privilege escalation bug in Cisco Secure Client appeared first on Security Affairs.
https://securityaffairs.com/147217/security/cisco-secure-client-privilege-escalation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6146-1: Netatalk vulnerabilities
It was discovered that Netatalk did not properly validate the length of
user-supplied data in the DSI structures. A remote attacker could possibly
use this issue to execute arbitrary code with the privileges of the user
invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu
22.04 LTS. (CVE-2021-31439)
It was discovered that Netatalk did not properly validate the length of
user-supplied data in the ad_addcomment function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-0194)
It was discovered that Netatalk did not properly handle errors when parsing
AppleDouble entries. A remote attacker could possibly use this issue to
execute arbitrary code with...
https://ubuntu.com/security/notices/USN-6146-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Asylum Ambuscade: crimeware or cyberespionage?
A curious case of a threat actor at the border between crimeware and cyberespionage
The post Asylum Ambuscade: crimeware or cyberespionage? appeared first on WeLiveSecurity
https://www.welivesecurity.com/2023/06/08/asylum-ambuscade-crimeware-or-cyberespionage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Barracuda ESG appliances impacted by CVE-2023-2868 must be immediately replaced
Barracuda warns customers to immediately replace Email Security Gateway (ESG) appliances impacted by the flaw CVE-2023-2868. At the end of May, the network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently breached by threat actors exploiting a now-patched zero-day vulnerability. The vulnerability, tracked as CVE-2023-2868, resides in the […]
The post Barracuda ESG appliances impacted by CVE-2023-2868 must be immediately replaced appeared first on Security Affairs.
https://securityaffairs.com/147211/hacking/barracuda-esg-cve-2023-2868-replacement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp Suite 2023.6 Released – What's New!
PortSwigger released a brand-new version of Burp Suite 2023.6 that is intended for both Professional and Community users. BChecks, a new type of custom scan check, are introduced in this release. Additionally, it includes GraphQL scan checks, enhancements to Burp Scanner’s live crawl path views, and many other enhancements and bug fixes. Burp Suite is […]
The post Burp Suite 2023.6 Released – What’s New! appeared first on GBHackers - Latest Cyber Security News | Hacker News.
https://gbhackers.com/burp-suite-2023-6-released/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities
VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution.
The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a malicious actor with network access to achieve remote code execution.
Also patched by
https://thehackernews.com/2023/06/urgent-security-updates-cisco-and.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks
The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware.
"Further, Kimsuky's objective extends to the theft of subscription credentials from NK News," cybersecurity firm SentinelOne said in a report shared with The
https://thehackernews.com/2023/06/kimsuky-targets-think-tanks-and-news.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Barracuda Urges Immediate Replacement of Hacked ESG Appliances
Enterprise security company Barracuda is now urging customers who were impacted by a recently disclosed zero-day flaw in its Email Security Gateway (ESG) appliances to immediately replace them.
"Impacted ESG appliances must be immediately replaced regardless of patch version level," the company said in an update, adding its "remediation recommendation at this time is full replacement of the
https://thehackernews.com/2023/06/barracuda-urges-immediate-replacement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Warning: Victims' faces placed on explicit images in sextortion scam
Categories: PersonalTags: sextortion
Tags: deepfake
Tags: FBI
Tags: blackmail
Tags: extortion
Tags: fake
Tags: fakes
Tags: synthetic
We take a look at some new developments in sextortion cases via a warning issued by the FBI.
(Read more...)
The post Warning: Victims' faces placed on explicit images in sextortion scam appeared first on Malwarebytes Labs.
https://www.malwarebytes.com/blog/news/2023/06/warning-victims-faces-placed-on-explicit-images-in-sextortion-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Update Chrome now! Google patches actively exploited zero-day
Categories: Exploits and vulnerabilitiesCategories: NewsTags: Google
Tags: Chrome
Tags: V8
Tags: heap corruption
Tags: type confusion
Tags: CVE-2023-3079
Google has released a Chrome update for a zero-day for which an exploit is actively being used in the wild.
(Read more...)
The post Update Chrome now! Google patches actively exploited zero-day appeared first on Malwarebytes Labs.
https://www.malwarebytes.com/blog/news/2023/06/update-chrome-now-google-patches-actively-exploited-zero-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Similar AhnLab Response Cases Regarding Korea-US Joint Cyber Security Advice
On June 2nd, the Korean NIS (National Intelligence Service), NPA (National Police Agency), and MOFA (Ministry of Foreign Affairs) released a joint security advisory regarding the spear phishing attacks of North Korea’s Kimsuky group with the US FBI (Federal Bureau of Investigation), DoS (Department of State), and NSA (National Security Agency). The government agencies stated that the act was done to raise awareness of members of global think tanks, academic institutions, and media companies on CNE (Computer Network Exploitation) using...
The post Similar AhnLab Response Cases Regarding Korea-US Joint Cyber Security Advice appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/53780/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Metasploit Weekly Wrap-Up
Support added for Active Directory Certificate Services ESC4 Exploitation, and a new sudoedit extra arguments privilege escalation module
https://blog.rapid7.com/2023/06/02/metasploit-weekly-wrap-up-12/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malware Being Distributed Disguised as a Job Application Letter
AhnLab Security Emergency response Center (ASEC) has identified that malware disguised as a job application letter is continuously being distributed. This malware is equipped with a feature that checks for the presence of various antivirus processes including a process with AhnLab's product name (V3Lite.exe) and is being distributed through malicious URLs designed to resemble a Korean job-seeking website. Below are the discovered download URLs. The malicious file downloaded from the above URLs has a screen saver file extension (.scr) and an...
The post Malware Being Distributed Disguised as a Job Application Letter appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/53744/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Everything You Need to Know About the Proposed SEC Cybersecurity Reporting Requirements
Originally published by BARR Advisory. Written by Claire McKenna. Last year, the Securities and Exchange Commission (SEC) proposed new rules to enhance and standardize cybersecurity risk management, strategy, governance, and incident reporting disclosure practices by public companies and other market entities. The proposed rules could have a sweeping impact on all public companies that are subject to the Securities Exchange Act of 1934. Let's take a closer look at what the proposed rules inc...
https://cloudsecurityalliance.org/articles/everything-you-need-to-know-about-the-proposed-sec-cybersecurity-reporting-requirements/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Create an Accessible Website and Why It Matters
By Owais Sultan
Have you ever tried to access a website only to find that it’s difficult or impossible to navigate?…
This is a post from HackRead.com Read the original post: How to Create an Accessible Website and Why It Matters
https://www.hackread.com/how-to-create-accessible-website-why-it-matters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Was Everywhere At RSAC 2023 – But It Came In Peace
Artificial intelligence is here to help you, BreachLock's CEO says, not replace you – David Braue Melbourne, Australia – Jun. 7, 2023 Surging interest in artificial intelligence (AI) this year was evident on the floor of the RSA Conference, where vendors were demonstrating integration of
The post AI Was Everywhere At RSAC 2023 – But It Came In Peace appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ai-was-everywhere-at-rsac-2023-but-it-came-in-peace/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Seven Essential Components Of A Top-Tier Attack Surface Management Program
https://www.hackerone.com/seven-essential-components-top-tier-attack-surface-management-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maryland's TikTok Ban Highlights The Need For States To Get Proactive On Cybersecurity: Ex-Governor
Private sector collaboration provides a reality check for government – David Braue Melbourne, Australia – Jun. 7, 2023 Bans that prevent government employees from using China-backed social-media app TikTok have become commonplace, but one of the earliest movers was the State of Maryland — whose
The post Maryland's TikTok Ban Highlights The Need For States To Get Proactive On Cybersecurity: Ex-Governor appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/marylands-tiktok-ban-highlights-the-need-for-states-to-get-proactive-on-cybersecurity-ex-governor/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VMware fixes a command injection flaw CVE-2023-20887 in VMware Aria Operations for Networks
Virtualization giant VMware addressed critical and high-severity vulnerabilities in VMware Aria Operations for Networks. Virtualization technology giant VMware released security patches to address three critical and high-severity vulnerabilities, tracked as CVE-2023-20887, CVE-2023-20888, CVE-2023-20889, in VMware Aria Operations for Networks. VMware Aria Operations for Networks (formerly vRealize Network Insight) is a network monitoring tool that helps organizations build […]
The post VMware fixes a command injection flaw CVE-2023-20887 in VMware Aria Operations for Networks appeared first on Security Affairs.
https://securityaffairs.com/147202/security/vmware-aria-operations-for-networks-cve-2023-20887.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Velociraptor 0.6.9 Release: Digging Even Deeper with SMB Support, Azure Storage and Lockdown Server Mode
Rapid7 is very excited to announce version 0.6.9 of Velociraptor is now LIVE and available for download.
https://blog.rapid7.com/2023/06/07/velociraptor-0-6-9-release-digging-even-deeper-with-smb-support-azure-storage-and-lockdown-server-mode/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firefox 114 is out: No 0-days, but one fascinating “teachable moment” bug
With the right (or wrong, if you're on the right side of the fence) timing...
https://nakedsecurity.sophos.com/2023/06/07/firefox-114-is-out-no-0-days-but-one-fascinating-teachable-moment-bug/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lessons From The 1,802 Data Breaches Of 2022: A Deeper Dive Into Internet Safety
The year 2022 has been a wake-up call for the digital world. A staggering 1,802 data compromises were reported globally, affecting 422 million individuals, emphasizing the urgent need to ramp up online security measures. These breaches served as a harsh reminder that no entity is immune to cyber threats and underscored the importance of reevaluating […]
The post Lessons From The 1,802 Data Breaches Of 2022: A Deeper Dive Into Internet Safety appeared first on Cyber Security News.
https://cybersecuritynews.com/lessons-from-the-1802-data-breaches-of-2022/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deepfake Cyber Attack Hits Russia: Fake Putin Message Broadcasted
By Waqas
Initially, reports suggested that only radio messages were affected. However, subsequent investigations and recordings revealed that the fraudulent messages were also displayed on television screens.
This is a post from HackRead.com Read the original post: Deepfake Cyber Attack Hits Russia: Fake Putin Message Broadcasted
https://www.hackread.com/deepfake-cyber-attack-russia-fake-putin-message/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
North Korean Hackers Mimic Journalists To Steal Credentials From Organizations
The North Korean APT group Kimsuky has been running a social engineering operation that targets experts in North Korean affairs from the non-government sector, according to SentinelLabs. For spear-phishing attempts to gather intelligence from think tanks, research centers, academic institutions, and various media organizations, the North Korean hacking group Kimsuky (also known as APT43) has been […]
The post North Korean Hackers Mimic Journalists To Steal Credentials From Organizations appeared first on GBHackers - Latest Cyber Security News | Hacker News.
https://gbhackers.com/north-korean-hackers-mimic-journalists/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting Yourself From People Like Me
As a pentester, part of my job is running social engineering exercises. To be successful, I look for information I …
https://hakin9.org/protecting-yourself-from-people-like-me/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 10 Challenges of Building an In-House Application Security Program
Originally published by Coalfire. Written by Dave Randleman, Field CISO, Penetration Testing, Coalfire. Developing an in-house application security programMany businesses traditionally choose to build in-house application security (AppSec) programs to ensure they have complete control over their software products and intellectual property. It makes sense – they get to call their own shots and closely regulate the development process and potentially cut down costs.Organizations with an in-hous...
https://cloudsecurityalliance.org/articles/top-10-challenges-of-building-an-in-house-application-security-program/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Google Chrome Zero-Day Bug Actively Exploited in Wild– Emergency Update!
Google released new security updates for actively exploited Chrome zero-day vulnerability exploit in the Wild, which allows attackers to execute an arbitrary code to take complete control of the system remotely. Google released Chrome 114.0.5735.106 for Mac and Linux and 114.0.5735.110 for Windows, a new update that fixes its first actively exploited the zero-day vulnerability of the year. Chrome is available for Windows, Mac, and Linux. CVE-2023-3079, a high-severity zero-day vulnerability, was found and reported by Clément Lecigne of Google’s […]
The post New Google Chrome Zero-Day Bug Actively Exploited in Wild– Emergency Update! appeared first on Cyber Security News.
https://cybersecuritynews.com/new-google-chrome-zero-day-bug-actively-exploited/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Threat with Chat GPT
Repetitive tasks, tons of labor hours going into mundane tasks, delayed response to complex customer queries and lack of real-time …
https://hakin9.org/cyber-threat-with-chat-gpt/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Join our digital event to learn what's new in Microsoft Entra
Join us at the digital event Reimagine secure access with Microsoft Entra to explore how to make identity your first line of defense and to hear about innovative products.
The post Join our digital event to learn what's new in Microsoft Entra appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2023/06/07/join-our-digital-event-to-learn-whats-new-in-microsoft-entra/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Employees Feel 10 Times Calmer in an Environmentally Friendly Office Space
For most organisations and employees, the workplace has transformed over the last few years. No doubt, at least in part, due to the pandemic. For business leaders, it’s harder than ever to work out the best approach to the workplace in terms of productivity, creativity and employee satisfaction. A new report, entitled the Design of the […]
The post Employees Feel 10 Times Calmer in an Environmentally Friendly Office Space appeared first on IT Security Guru.
https://www.itsecurityguru.org/2023/06/07/employees-feel-10-times-calmer-in-an-environmentally-friendly-office-space/?utm_source=rss&utm_medium=rss&utm_campaign=employees-feel-10-times-calmer-in-an-environmentally-friendly-office-space
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Over 60,000 Android Apps Silently Install Malware on Devices
Recently, cybersecurity researchers uncovered that over 60,000 Android applications had been stealthily disguised as genuine software for the past six months. It has been identified that these malicious apps have been secretly implanting adware onto unsuspecting mobile devices without detection. Utilizing an anomaly detection feature integrated into its Bitdefender Mobile Security software just a month […]
The post Over 60,000 Android Apps Silently Install Malware on Devices appeared first on GBHackers - Latest Cyber Security News | Hacker News.
https://gbhackers.com/over-60000-android-apps-silently-install-malware-on-devices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6145-1: Sysstat vulnerabilities
It was discovered that Sysstat incorrectly handled certain arithmetic
multiplications. An attacker could use this issue to cause Sysstat to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue was only fixed for Ubuntu 16.04 LTS. (CVE-2022-39377)
It was discovered that Sysstat incorrectly handled certain arithmetic
multiplications in 64-bit systems, as a result of an incomplete fix for
CVE-2022-39377. An attacker could use this issue to cause Sysstat to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2023-33204)
https://ubuntu.com/security/notices/USN-6145-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Secure-by-Design: Which Comes First, Code or Security?
For years, developers and IT security teams have been at loggerheads. While developers feel security slows progress, security teams assert that developers sacrifice security priorities in their quest to accelerate production. This disconnect results in flawed software that is vulnerable to attack. While advocates for speed and security clash, consumers must often pay the price […]
The post Secure-by-Design: Which Comes First, Code or Security? appeared first on Security Intelligence.
https://securityintelligence.com/articles/secure-by-design-which-comes-first-code-or-securitry/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ChatGPT May Create Deadly Polymorphic Malware That Evades EDR
From handling simple inquiries to instantly generating written works and even developing original software programs, including malware, ChatGPT proves to be an all-encompassing solution. However, this advancement also introduces the potential for a dangerous new cyber threat. Traditional security solutions such as EDRs harness multi-layered data intelligence systems to combat the highly sophisticated threats prevalent […]
The post ChatGPT May Create Deadly Polymorphic Malware That Evades EDR appeared first on Cyber Security News.
https://cybersecuritynews.com/chatgt-may-create-deadly-polymorphic-malware-that-evades-edr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LinkedInDumper - Tool To Dump Company Employees From LinkedIn API
Python 3 script to dump company employees from LinkedIn API Description LinkedInDumper is a Python 3 script that dumps employee data from the LinkedIn social networking platform. The results contain firstname, lastname, position (title), location and a user's profile link. Only 2 API calls are required to retrieve all employees if the company does not have more than 10 employees. Otherwise, we have to paginate through the API results. With the --email-format CLI flag one can define a Python string format to auto generate email addresses based on the retrieved first and last name. Requirements LinkedInDumper talks with the unofficial LinkedIn Voyager API, which requires authentication. Therefore, you must have a valid LinkedIn user account. To keep it simple, LinkedInDumper just expects...
http://www.kitploit.com/2023/06/linkedindumper-tool-to-dump-company.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exclusive: TikTok Grilled By Bipartisan Senators On ‘Incorrect Claims' Made To Congress
Bipartisan Senate leaders are pressing TikTok CEO Shou Zi Chew to explain testimony that runs counter to findings in recent reporting by Forbes.
https://www.forbes.com/sites/alexandralevine/2023/06/06/tiktok-ceo-testimony-congress-security-china-bytedance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Issue of Overlooking Personal Network Security and Its Implications
Technology is an integrated part of society in nearly every aspect of life these days, and this leads to information …
https://hakin9.org/the-issue-of-overlooking-personal-network-security-and-its-implications/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Outpost24 Acquires EASM Provider Sweepatic
Cybersecurity risk management specialists Outpost24 have today announced the acquisition of Sweepatic. Based in Leuven, Belgium, Sweepatic is an innovative external attack surface management (EASM) platform. Gartner identified EASM as a top Security and Risk Management (SRM) trend for 2022. By leveraging their EASM solution across Outpost24s full-stack security assessment and threat intelligence offering, customers […]
The post Outpost24 Acquires EASM Provider Sweepatic appeared first on IT Security Guru.
https://www.itsecurityguru.org/2023/06/07/outpost24-acquires-easm-provider-sweepatic/?utm_source=rss&utm_medium=rss&utm_campaign=outpost24-acquires-easm-provider-sweepatic
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Coffee County Schools safeguards 7500 students and 1200 staff
Categories: BusinessWatch the Byte into Security webinar for a deep dive into K-12 cybersecurity.
(Read more...)
The post How Coffee County Schools safeguards 7500 students and 1200 staff appeared first on Malwarebytes Labs.
https://www.malwarebytes.com/blog/business/2023/05/webinar-alert-byte-into-security-how-coffee-county-schools-safeguards-7500-students-and-1200-staff
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple iOS 17—Brilliant New iPhone Features Coming This Fall
Apple's iOS 17 has officially launched along with a bunch of brilliant new features. So what does iOS 17 mean for security and privacy?
https://www.forbes.com/sites/kateoflahertyuk/2023/06/07/apple-ios-17-brilliant-new-iphone-features-coming-this-fall/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Penetration Testing with Burp Suite: Enhancing Web Application Security
In today's interconnected world, web applications play a critical role in various aspects of our lives, ranging from online banking …
https://hakin9.org/penetration-testing-with-burp-suite-enhancing-web-application-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft To Pay Million For Violating Children's Privacy
Microsoft has agreed a million settlement with the U.S. Federal Trade Commission (FTC), following charges that it illegally collected personal information from chi...
https://www.forbes.com/sites/emmawoollacott/2023/06/07/microsoft-to-pay-20m-for-violating-childrens-privacy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6028-2: libxml2 vulnerabilities
USN-6028-1 fixed vulnerabilities in libxml2. This update provides the
corresponding updates for Ubuntu 23.04.
Original advisory details:
It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash.
(CVE-2022-2309)
It was discovered that lixml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2023-28484)
It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash.
(CVE-2023-29469)
https://ubuntu.com/security/notices/USN-6028-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hear no evil: Ultrasound attacks on voice assistants
How your voice assistant could do the bidding of a hacker – without you ever hearing a thing
The post Hear no evil: Ultrasound attacks on voice assistants appeared first on WeLiveSecurity
https://www.welivesecurity.com/2023/06/07/hear-no-evil-ultrasound-attacks-voice-assistants/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IT threat evolution Q1 2023
Recent BlueNoroff and Roaming Mantis activities, new APT related to the Russo-Ukrainian conflict, ChatGPT and threat intelligence, malvertising through search engines, cryptocurrency theft campaign and fake Tor browser
https://securelist.com/it-threat-evolution-q1-2023/109838/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IT threat evolution Q1 2023. Mobile statistics
The smartphone threat statistics for Q1 2023 includes data for Android malware, adware, banking Trojans and ransomware.
https://securelist.com/it-threat-evolution-q1-2023-mobile-statistics/109893/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IT threat evolution in Q1 2023. Non-mobile statistics
PC malware statistics for the Q1 2023 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices.
https://securelist.com/it-threat-evolution-q1-2023-pc-statistics/109917/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploring The Crypto Scene: A Deep Dive Into The Top 11 Scams And Key Safety Tips
Beware of cryptocurrency scams targeting Bitcoin holders. Learn about fraudulent exchanges, bogus wallets, pyramid schemes, ICO scams, and more.
https://www.forbes.com/sites/davidbalaban/2023/06/07/exploring-the-crypto-scene-a-deep-dive-into-the-top-11-scams-and-key-safety-tips/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6144-1: LibreOffice vulnerabilities
It was discovered that LibreOffice did not properly validate the number of
parameters passed to the formula interpreter, leading to an array index
underflow attack. If a user were tricked into opening a specially crafted
spreadsheet file, an attacker could possibly use this issue to execute
arbitrary code. (CVE-2023-0950)
Amel Bouziane-Leblond discovered that LibreOffice did not prompt the user
before loading the host document inside an IFrame. If a user were tricked
into opening a specially crafted input file, an attacker could possibly use
this issue to cause information disclosure or execute arbitrary code.
(CVE-2023-2255)
https://ubuntu.com/security/notices/USN-6144-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6143-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-34414,
CVE-2023-34416, CVE-2023-34417)
Jun Kokatsu discovered that Firefox did not properly validate site-isolated
process for a document loaded from a data: URL that was the result of a
redirect, leading to an open redirect attack. An attacker could possibly
use this issue to perform phishing attacks. (CVE-2023-34415)
https://ubuntu.com/security/notices/USN-6143-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Chrome Zero-Day Vulnerability Exploited Widely – Urgent Update
Google has recently taken prompt security measures by releasing a security update for its Chrome web browser, aiming to fix the third zero-day vulnerability of this year that hackers have exploited. The third Chrome zero-day vulnerability that was fixed recently by Google has been tracked as “CVE-2023-3079.” Exploitation of Zero-day Detailed information regarding the exploit […]
The post Google Chrome Zero-Day Vulnerability Exploited Widely – Urgent Update appeared first on GBHackers - Latest Cyber Security News | Hacker News.
https://gbhackers.com/google-chrome-zero-day-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Facebook clickbait leads to money scam for users
Categories: Threat IntelligenceTags: facebook
Tags: posts
Tags: google
Tags: cloud run
Clickbait posts on Facebook can lead to malicious websites. In this campaign, crooks are redirecting Facebook victims to scam pages hosted on Google's infrastructure.
(Read more...)
The post Facebook clickbait leads to money scam for users appeared first on Malwarebytes Labs.
https://www.malwarebytes.com/blog/threat-intelligence/2023/06/thousands-of-malicious-google-cloud-run-instances-deployed-to-scam-facebook-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft illegally collected and retained children's data, says FTC
Categories: PersonalTags: Microsoft
Tags: Xbox
Tags: privacy
Tags: children
Tags: COPPA
Tags: FTC
Tags: fine
Tags: settlement
Tags: games console
Tags: gaming
Tags: video games
Microsoft is counting the cost of privacy violations, with m in fines related to illegal data collection from children's Xbox accounts.
(Read more...)
The post Microsoft illegally collected and retained children's data, says FTC appeared first on Malwarebytes Labs.
https://www.malwarebytes.com/blog/news/2023/06/microsoft-illegally-collected-and-retained-childrens-data-says-ftc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New cloud security guidance: it's all about the config
Jamie H explains why ensuring a robust cloud configuration is a critical investment.
https://www.ncsc.gov.uk/blog-post/new-cloud-security-guidance-its-all-about-the-config
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tracking and Responding to AgentTesla Using EDR
AhnLab Security Emergency response Center (ASEC) has been uploading a summary of weekly malware statistics every week. https://asec.ahnlab.com/en/53647/ This post will cover how EDR is used to detect, track, and respond to AgentTesla, an Infostealer continuously being distributed among the malware mentioned in the post above. AgentTesla is an Infostealer that steals user credentials saved in web browsers, emails, and FTP clients. AhnLab's EDR products detect certain types of PE files accessing user account credential files and categorize this behavior...
The post Tracking and Responding to AgentTesla Using EDR appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/53739/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Data Dilemma: Balancing Business Growth and Security
By Noah Johnson, Co-Founder & CTO of Dasera In today’s digital age, data is the lifeblood of business growth. With large amounts of data sprawled across multiple platforms, companies must […]
The post The Data Dilemma: Balancing Business Growth and Security appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-data-dilemma-balancing-business-growth-and-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief
This threat brief details the critical vulnerability CVE-2023-34362 found in MOVEit Transfer and includes Unit 42's observations, the current attack scope and interim guidance.
The post CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief appeared first on Unit 42.
https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Service Rents Email Addresses for Account Signups
One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying people to sell their email account credentials and letting customers temporarily rent access to a vast pool of established accounts at major providers.
https://krebsonsecurity.com/2023/06/service-rents-email-addresses-for-account-signups/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anomali Cyber Watch: LEMURLOOT on Exploited MOVEit Transfers, Zero-Click iOS Exploit Targeted Kaspersky, Qakbot Turns Bots into Proxies
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Adware, Botnets, Data leak, Obfuscation, Phishing, Zero-day vulnerabilities, and Zero-click exploits. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft
(published: June 2, 2023)
A zero-day vulnerability in the MOVEit Transfer secure managed file transfer software (CVE-2023-34362) was announced by Progress Software Corporation on May 31, 2023....
https://www.anomali.com/blog/anomali-cyber-watch-lemurloot-on-exploited-moveit-transfers-zero-click-ios-exploit-targeted-kaspersky-qakbot-turns-bots-into-proxies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome and Edge zero-day: “This exploit is in the wild”, so check your versions now
Chrome and Edge 0-days patched.
https://nakedsecurity.sophos.com/2023/06/06/chrome-zero-day-this-exploit-is-in-the-wild-so-check-your-version-now/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why are Organizations Struggling with IAM Projects?
Originally published by Avanade. Written by Martijn Zantinge. According to research, the number of identity & access management (IAM) projects that don't achieve their initial goals is alarmingly high. I know very few other solution areas within IT that have such a poor track record when it comes to achieving goals. Having worked in the IAM solution domain for the last 15 years, you start to see patterns in the cause of this extremely high percentage of failing projects. While in the earl...
https://cloudsecurityalliance.org/articles/why-are-organizations-struggling-with-iam-projects/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Wiretap: A Nintendo Switch Helped Rescue A Missing Teenager 500 Miles From Home
Nintendo records were crucial in helping the FBI locate a teenager, who had been convinced to sell nudes online by her abuser.
https://www.forbes.com/sites/thomasbrewster/2023/06/06/the-wiretap-a-nintendo-switch-helped-rescue-a-missing-teenager-500-miles-from-home/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zyxel Multiple Firewall Vulnerabilities
What is Zyxel Networks?
The Zyxel Networks is one of the leading providers of broadband networking solution for small and home offices.
What is the Attack?
The attack is to exploit an OS command injection vulnerability which can lead to execute arbitrary commands.
Why is this Significant?
There are thousands of devices worldwide that potentially are vulnerable to this attack. CISA has already added the vulnerabilities on its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation in the wild. Also, the PoC vulnerability has been made publicly.
What is the Vendor Solution?
The vendor has provided patches to address the vulnerabilities.
What FortiGuard Coverage is Available?
FortiGuard Labs...
https://fortiguard.fortinet.com/threat-signal-report/5179
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Potential For Devastation: The Impact Of A Cyberattack On The Banking System
The collapse of Silicon Valley Bank has triggered concerns about the vulnerability of the entire financial sector, especially in the event of a cyberattack.
https://www.forbes.com/sites/emilsayegh/2023/06/06/potential-for-devastation-the-impact-of-a-cyberattack-on-the-banking-system/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How a Sneaker Bot Earned M Profit from One Shoe Drop
Explore a highly automated attack against a sneaker manufacturer and learn how resellers optimize their bots for success, and profit!
https://www.f5.com/labs/articles/threat-intelligence/how-a-sneaker-bot-earned-2m-profit-from-one-shoe-drop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is A Dedicated Development Team And When Should You Hire One?
If you’re a business owner, you’ve no doubt heard about dedicated teams. They’re a popular…
What Is A Dedicated Development Team And When Should You Hire One? on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2023/06/06/what-is-a-dedicated-development-team-and-when-should-you-hire-one/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Swift support brings broader mobile application security to GitHub Advanced Security
We've launched the beta of code scanning support for Swift. This launch, paired with our launch of Kotlin support in November, means that CodeQL covers both IOS and Android development languages, bringing a heightened level of security to the mobile application development process.
https://github.blog/2023-06-06-swift-support-brings-broader-mobile-application-security-to-github-advanced-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why a proactive detection and incident response plan is crucial for your organization
Matt Suiche of Magnet Forensics talks about top security threats for organizations and strategies for effective incident response.
The post Why a proactive detection and incident response plan is crucial for your organization appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2023/06/06/why-a-proactive-detection-and-incident-response-plan-is-crucial-for-your-organization/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People's Republic of Korea (DPRK)
In late April 2023, IBM Security X-Force uncovered documents that are most likely part of a phishing campaign mimicking credible senders, orchestrated by a group X-Force refers to as ITG10, and aimed at delivering RokRAT malware, similar to what has been observed by others. ITG10’s tactics, techniques and procedures (TTPs) overlap with APT37 and ScarCruft. […]
The post ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK) appeared first on Security Intelligence.
https://securityintelligence.com/posts/itg10-targeting-south-korean-entities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This is Ceti Alpha Five!
In this blog, we explore how Star Trek II: The Wrath of Khan demonstrates the very best and worst of cybersecurity in the 23rd Century.
https://blog.rapid7.com/2023/06/06/this-is-ceti-alpha-five/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 10 Risky Behaviours of Employees
With data from its SecurityCoach product, KnowBe4 has revealed the top 10 risky behaviours that employees have engaged in on their work devices. SecurityCoach helps IT/security professionals to develop a strong security culture by enabling real-time security coaching of their users in response to risky security behaviour. Leveraging an organisation's existing security stack, IT/security professionals […]
The post Top 10 Risky Behaviours of Employees appeared first on IT Security Guru.
https://www.itsecurityguru.org/2023/06/06/top-10-risky-behaviours-of-employees/?utm_source=rss&utm_medium=rss&utm_campaign=top-10-risky-behaviours-of-employees
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MOVEit Transfer Critical Vulnerability (CVE-2023-34362)
What is MOVEit Transfer ?
The MOVEit Transfer is a file-transfer tool that is popular to a lot of organizations. It provides secured transfer between enterpsises by encrypting files at rest and during transfer. It also provides management tools and visibility for monitoring the data flow.
What is the Attack?
The attack can lead an unauthorized user to gain unauthorized access to MOVEit Transfer's database.
Why is this Significant?
An active exploitation in the wild is at present. Also, there are several hundreds publicly available on the Internet using the MOVEit Transfer according to Shodan.
What is the Vendor Solution?
The vendor has provided three levels of mitigations. First one is to deny the service via blocking any HTTP/HTTPs traffic. Second...
https://fortiguard.fortinet.com/threat-signal-report/5174
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tens of Thousands of Compromised Android Apps Found by Bitdefender Anomaly Detection Technology
Bitdefender researchers used a recently announced industry-first app anomaly
detection technology
[https://www.bitdefender.com/blog/hotforsecurity/bitdefenders-mobile-security-now-has-app-anomaly-detection-a-mobile-industry-first/]
incorporated into Bitdefender Mobile Security
[https://play.google.com/store/apps/details?id=com.bitdefender.security&referrer=utm_source%3Dhotforsecurity%26utm_campaign%3Dnew_article]
to uncover a hidden malware campaign living undetected on mobile devices
worldwid
https://www.bitdefender.com/blog/labs/tens-of-thousands-of-compromised-android-apps-found-by-bitdefender-anomaly-detection-technology/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Will Commercial Spyware Survive Biden's Executive Order?
On March 27, 2023, reports surfaced that 50 U.S. government employees had been targeted by phone spyware overseas. On the day of that report, President Joe Biden signed an executive order to restrict federal agencies’ use of commercial spyware. The timing of the order was linked to this specific phone-targeting exploit. But spyware infiltration of […]
The post Will Commercial Spyware Survive Biden’s Executive Order? appeared first on Security Intelligence.
https://securityintelligence.com/articles/will-commercial-spyware-survive-bidens-executive-order/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MOVEit Hack – BBC, British Airways Employees Contact and Financial Data Exposed
A major MOVEit Hack has impacted many businesses, notably the BBC, British Airways, Boots, and Aer Lingus. The organizations acknowledged that tens of thousands of British Airways, Boots, and BBC staff had their personal information compromised due to a large-scale breach that targeted a popular file transfer tool. The compromise was discovered at Zellis, the […]
The post MOVEit Hack – BBC, British Airways Employees Contact and Financial Data Exposed appeared first on GBHackers - Latest Cyber Security News | Hacker News.
https://gbhackers.com/moveit-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kubestroyer - Kubernetes Exploitation Tool
Kubestroyer Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests About The Project Kubestroyer is a Golang exploitation tool that aims to take advantage of Kubernetes clusters misconfigurations. The tool is scanning known Kubernetes ports that can be exposed as well as exploiting them. Getting Started To get a local copy up and running, follow these simple example steps. Prerequisites Go 1.19 wget https://go.dev/dl/go1.19.4.linux-amd64.tar.gztar -C /usr/local -xzf go1.19.4.linux-amd64.tar.gz Installation Use prebuilt binary or Using go install command : $ go install github.com/Rolix44/Kubestroyer@latest or build from source: Clone the repo $ git clone https://github.com/Rolix44/Kubestroyer.git...
http://www.kitploit.com/2023/06/kubestroyer-kubernetes-exploitation-tool.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Triangulation' Malware- New Tool to Find iPhones & iOS Devices Infection
Kaspersky reported earlier this month that they have discovered a new Zero-click iOS exploit currently being exploited by threat actors. The exploitation involves using iMessage as the delivery channel to gain root privileges. Threat actors were using Command and Control (C2) servers to manage and control the compromised iOS devices. Recent reports suggest that a […]
The post ‘Triangulation’ Malware- New Tool to Find iPhones & iOS Devices Infection appeared first on Cyber Security News.
https://cybersecuritynews.com/triangle-check/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
J Brand: The Challenges of Putting Mental Health First in an Unfamiliar Industry
Working in the electrical and data industry, mental health was long an afterthought or even entirely forgotten. It just was not seen as a business priority. Thankfully, that has now been turned on its head and the psychological wellbeing of staff is viewed in the light it should be – essential. We have made a […]
The post J Brand: The Challenges of Putting Mental Health First in an Unfamiliar Industry appeared first on IT Security Guru.
https://www.itsecurityguru.org/2023/06/06/j-brand-the-challenges-of-putting-mental-health-first-in-an-unfamiliar-industry/?utm_source=rss&utm_medium=rss&utm_campaign=j-brand-the-challenges-of-putting-mental-health-first-in-an-unfamiliar-industry
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 Best Vulnerability Scanner Tools For Penetration Testing – 2023
A Vulnerability Scanner Tools is one of the essential tools in IT departments Since vulnerabilities pop up every day and thus leaving a loophole for the organization. The Vulnerability scanning tools help detect security loopholes in the application, operating systems, hardware, and network systems. Hackers are actively looking for these loopholes to use them to […]
The post 10 Best Vulnerability Scanner Tools For Penetration Testing – 2023 appeared first on GBHackers - Latest Cyber Security News | Hacker News.
https://gbhackers.com/vulnerability-scanner-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Half of UK Employees Suffer From “Sunday Scaries”
In today’s world, there are so many buzz words around work, from quiet quitting to Bare Minimum Mondays. But Sunday Scaries are the latest phenomenon. We all know the feeling: it’s a Sunday evening and Monday morning looms, causing for many a feeling of anxiety. “Sunday Scaries” is defined as an anxiety experienced the day […]
The post Half of UK Employees Suffer From “Sunday Scaries” appeared first on IT Security Guru.
https://www.itsecurityguru.org/2023/06/06/half-of-uk-employees-suffer-from-sunday-scaries/?utm_source=rss&utm_medium=rss&utm_campaign=half-of-uk-employees-suffer-from-sunday-scaries
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UK Organisations lack clear path to achieve threat intelligence
New research by Armis shows organisations in the U.K. are facing immediate cybersecurity challenges stemming from a heightened regulatory environment, staffing and recruitment difficulties and an expanded attack surface. In this complex environment, threat intelligence has become the top priority on their agenda, but with inventory information often updated infrequently, annually or quarterly in some cases, […]
The post UK Organisations lack clear path to achieve threat intelligence appeared first on IT Security Guru.
https://www.itsecurityguru.org/2023/06/06/uk-organisations-lack-clear-path-to-achieve-threat-intelligence/?utm_source=rss&utm_medium=rss&utm_campaign=uk-organisations-lack-clear-path-to-achieve-threat-intelligence
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside The Rise Of A Fintech Startup Using AI And Human Insight To Fight Fraud
Seven years ago, two twentysomething data scientists spotted a novel phenomenon: synthetic identity fraud. They turned that discovery into fast-growing SentiLink, a member of the Fintech 50 for 2023.
https://www.forbes.com/sites/jeffkauflin/2023/06/06/inside-the-rise-of-a-fintech-startup-using-ai-and-human-insight-to-fight-fraud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Moonlighter – World's First and Only Satellite-Hacking Sandbox
Moonlighter, a groundbreaking project dubbed the “first-ever hacking sandbox in space,” will revolutionize satellite hacking as it ventures into low-Earth orbit in August. This pioneering effort promises to push the boundaries of cybersecurity by providing a unique platform for hacking in outer space. The innovative cyber test platform known as Moonlighter has been unleashed through […]
The post Moonlighter – World’s First and Only Satellite-Hacking Sandbox appeared first on GBHackers - Latest Cyber Security News | Hacker News.
https://gbhackers.com/satellite-hacking-sandbox/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7 tips for spotting a fake mobile app
Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future
The post 7 tips for spotting a fake mobile app appeared first on WeLiveSecurity
https://www.welivesecurity.com/2023/06/06/7-tips-spotting-fake-mobile-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KeePass Vulnerability Could Expose Master Password In Plaintext
The popular password manager KeePass had a severe security vulnerability exposing users' master passwords in…
KeePass Vulnerability Could Expose Master Password In Plaintext on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2023/06/06/keepass-vulnerability-could-expose-master-password-in-plaintext/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Failing To Deal With Child Sexual Abuse Material, Says Stanford Internet Observatory
Twitter has failed to remove images of child sexual abuse over recent months—even though they were flagged as such, a new report will allege this week.
https://www.forbes.com/sites/emmawoollacott/2023/06/06/twitter-failing-to-deal-with-child-sexual-abuse-material-says-stanford-internet-observatory/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ChatGPT Cybersecurity Grant Program – M to Boost AI Capabilities
OpenAI, supported by Microsoft, recently unveiled an innovative cybersecurity grant initiative to enhance AI-driven cybersecurity measures. The creators of ChatGPT are actively engaged in enhancing cybersecurity evaluations for AI models, aiming to measure and enhance their efficacy. They are dedicated to developing innovative techniques to assess and optimize the cybersecurity capabilities of AI models, promoting […]
The post ChatGPT Cybersecurity Grant Program – M to Boost AI Capabilities appeared first on GBHackers - Latest Cyber Security News | Hacker News.
https://gbhackers.com/chatgpt-cybersecurity-grant-program/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Inject Shell Scripts into eCommerce Sites to Steal Credit Card Data
A recently discovered credit card theft operation, Magecart, has adopted an innovative approach by utilizing authentic websites as makeshift C2 servers. This strategy enables them to illicitly implant and conceal skimming malware within specific eCommerce websites. During the checkout process, hackers execute a Magecart attack by breaching online stores and implanting malicious scripts designed to […]
The post Hackers Inject Shell Scripts into eCommerce Sites to Steal Credit Card Data appeared first on Cyber Security News.
https://cybersecuritynews.com/shell-scripts-ecommerce-sites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cl0p ransomware gang claims first victims of the MOVEit vulnerability
Categories: Exploits and vulnerabilitiesCategories: NewsCategories: RansomwareTags: Progress
Tags: MOVEit
Tags: Transfer
Tags: CVE-2023-34362
Tags: BBC
Tags: Zellis
Tags: BA
The first victims of the ongoing attacks on vulnerable MOVEit Transfer instances are coming forward. The Cl0p ransomware gang claims it is behind the attacks.
(Read more...)
The post Cl0p ransomware gang claims first victims of the MOVEit vulnerability appeared first on Malwarebytes Labs.
https://www.malwarebytes.com/blog/news/2023/06/cl0p-ransomware-gang-claims-first-victims-of-the-moveit-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stopping Criminals from Profiting Off Malware Requires a New Approach
By CW Walker, Director, Security Product Strategy at SpyCloud The first three quarters of 2022 saw the total detection of over 62.29 million new types of malware – approximately 228,000 new threats […]
The post Stopping Criminals from Profiting Off Malware Requires a New Approach appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/stopping-criminals-from-profiting-off-malware-requires-a-new-approach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Cloud Security Alliance Report Finds Cloud Services Are Well-rooted in All Aspects of Financial Services
Trust and Regulation were the greatest influencing factors, report foundSEATTLE – June 6, 2023 – The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today issued its latest survey report, State of Financial Services in Cloud. The survey found that while the use of cloud services is increasing, the pace of adoption is dependent on the speed at which cloud serv...
https://cloudsecurityalliance.org/articles/new-cloud-security-alliance-report-finds-cloud-services-are-well-rooted-in-all-aspects-of-financial-services/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vice Society: The #1 cyberthreat to schools, colleges, and universities
Categories: NewsCategories: RansomwareIn the last 12 months, the Vice Society ransomware gang has conducted more known attacks against education targets globally, and in the USA and the UK individually, than any other ransomware group.
(Read more...)
The post Vice Society: The #1 cyberthreat to schools, colleges, and universities appeared first on Malwarebytes Labs.
https://www.malwarebytes.com/blog/news/2023/06/vice-society
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…
Little Bobby Tables is back!
https://nakedsecurity.sophos.com/2023/06/05/moveit-zero-day-exploit-used-by-data-breach-gangs-the-how-the-why-and-what-to-do/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
JD Group - 521,878 breached accounts
In May 2023, the South African retailer JD Group announced a data breach affecting a number of their online assets including Bradlows, Everyshop, HiFi Corp, Incredible (Connection), Rochester, Russells, and Sleepmasters. The breach exposed over 520k unique customer records including names, email and physical addresses, phone numbers and South African ID numbers.
https://haveibeenpwned.com/PwnedWebsites#JDGroup
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SOCs Spend 32% of the Day On Incidents That Pose No Threat
When it comes to the first line of defense for any company, its Security Operations Center (SOC) is an essential component. A SOC is a dedicated team of professionals who monitor networks and systems for potential threats, provide analysis of detected issues and take the necessary actions to remediate any risks they uncover. Unfortunately, SOC […]
The post SOCs Spend 32% of the Day On Incidents That Pose No Threat appeared first on Security Intelligence.
https://securityintelligence.com/articles/socs-spend-32-percent-day-incidents-pose-no-threat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Governance: Balancing Innovation and Ethical Accountability
Originally published by BigID. Written by Peggy Tsai. AI Governance has long been important for organizations, providing a framework to prioritize investments in artificial intelligence. It ensures transparency, auditability, security, and compliance in data management. But now, with the rise of transformative technologies like large language models, such as ChatGPT, the significance of AI Governance is even more pronounced.The accessibility and ease of use provided by ChatGPT, BERT, T5, CTRL...
https://cloudsecurityalliance.org/articles/ai-governance-balancing-innovation-and-ethical-accountability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Guarding the Gate: The Role of Firewalls in Cybersecurity
In the digital age, our personal and professional lives are more intertwined with the internet…
Guarding the Gate: The Role of Firewalls in Cybersecurity on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2023/06/05/guarding-the-gate-the-role-of-firewalls-in-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Boost Cybersecurity Through Better Communication
Security would be easy without users. That statement is as absurd as it is true. It’s also true that business wouldn’t be possible without users. It’s time to look at the big picture when it comes to cybersecurity. In addition to dealing with every new risk, vulnerability and attack vector that comes along, cybersecurity pros need […]
The post How to Boost Cybersecurity Through Better Communication appeared first on Security Intelligence.
https://securityintelligence.com/articles/how-to-boost-cybersecurity-through-better-communication/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DCVC2 - A Golang Discord C2 Unlike Any Other
This multi operating system compatible tool was created to leverage Discord's voice channels for command and control operations. This tool operates entirely over the Real-Time Protocol (RTP) primarily leveraging DiscordGo and leaves no pesky traces behind in text channels. It is a command line based tool meaning all operations will occur strictly from the terminal on either Windows/Linux/OSX. Please use responsibly but have fun! ;) Requirements: Updated (wrong link before) Read about DCVC2 You need a Discord account. You need a Discord server. Increase voice chat speed to 96kbps in settings. You need 2 Discord bots. I found it easiest to give both bots admin perms over the discord server but you can fine tune them to only need voice permissions. The best guide to create bots is...
http://www.kitploit.com/2023/06/dcvc2-golang-discord-c2-unlike-any-other.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing PCVARK and their malicious ad blockers
It isn't news that the overwhelming majority of ad blockers in Chrome Web Store is either outright malicious or waiting to accumulate users before turning malicious. So it wasn't a surprise that the very first ad blocker I chose semi-randomly (Adblock Web with 700,000 users) turned out malicious. Starting from it, I found another malicious extension (Ad-Blocker, 700,000 users) and two more that have been removed from Chrome Web Store a year ago (BitSafe Adblocker and Adblocker Unlimited).
All these ad blockers and probably some more were developed by the company PCVARK. According to Malwarebytes Labs, this company specializes in developing “potentially unwanted programs.” In other words: they show users warnings about alleged compromise, only to push them into installing their software....
https://palant.info/2023/06/05/introducing-pcvark-and-their-malicious-ad-blockers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Observed Backdoor-Like Behavior In Gigabyte Systems
Researchers have noticed a weird backdoor-like behavior with Gigabyte systems that risks devices' security. The…
Researchers Observed Backdoor-Like Behavior In Gigabyte Systems on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2023/06/05/researchers-observed-backdoor-like-behavior-in-gigabyte-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Satacom delivers browser extension that steals cryptocurrency
A recent campaign by Satacom downloader is delivering a cryptocurrency-stealing extension for Chromium-based browsers, such as Chrome, Brave and Opera.
https://securelist.com/satacom-delivers-cryptocurrency-stealing-browser-extension/109807/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious Chrome Extension With Over 75 Million Downloads Install Malware
Google has removed 32 malicious extensions from the Chrome Web Store that could have changed search results and pushed spam or unwanted adverts. They have received 75 million downloads altogether. The PDF Toolbox extension, which has had 2 million downloads from the Chrome Web Store, was examined by cybersecurity expert Wladimir Palant, who discovered that […]
The post Malicious Chrome Extension With Over 75 Million Downloads Install Malware appeared first on Cyber Security News.
https://cybersecuritynews.com/chrome-extension-75-million-downloads/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Seamless Cross-Account, Cross-Region Replication of Encrypted Objects in AWS S3: Simplified Data…
Seamless Cross-Account, Cross-Region Replication of Encrypted Objects in AWS S3: Simplified Data ProtectionPhoto by Thomas Habr on UnsplashIn today's digital landscape, data protection is paramount for organizations handling sensitive information. Amazon Simple Storage Service (S3) offers a robust solution for storing and managing data in the cloud. One of the powerful features provided by S3 is Cross-Region Replication, which allows for automatic and asynchronous replication of objects between different AWS regions. This feature enhances data protection, ensuring data durability, availability, and compliance with data residency requirements. Furthermore, S3 Cross-Account Replication extends the capabilities by enabling replication of objects between different AWS accounts, adding an extra...
https://infosecwriteups.com/seamless-cross-account-cross-region-replication-of-encrypted-objects-in-aws-s3-simplified-data-4e3972b63618?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Abusing Common Windows Misconfigurations (HackTheBox — Active)
Abusing Common Windows Misconfigurations (HackTheBox — Active)Active is a machine challenge from HackTheBox.comIntroductionAnother blast from the past! This box is several years old but I decided to revisit a few windows boxes in preparation for the OSCP exam. This challenge covers some of the basic essentials of windows enumeration using rpc, smb, DNS and Active Directory.Techniques and Vulnerabilities covered:Anonymous access to Windows sharesExploitation of Group Policy PreferencesKerberoastingReconnaissanceAs with any machine released on HTB, we generally start out with an nmap scan. This time, we are presented with a huge potential attack surface.nmap -Pn -sC -sV -oA nmap/quick 10.129.178.216Starting Nmap 7.93 ( https://nmap.org ) at 2023-05-26 16:02 ADTNmap scan report for 10.129.178.216Host...
https://infosecwriteups.com/abusing-common-windows-misconfigurations-hackthebox-active-8aca6a8ee6b7?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Send email from anyone to any(user outlook Microsoft)
Hi guysI was researching SMTP and mail server for some time.I decided to start researching Microsoft Outlook.When I went further and deepened my research, I realized that this vulnerability can exist on many mail servers.That's why I wrote this write-up so that (Bug hunters and Security researcher and Penetration testing) and even security defence teams will notice it.I will explain about the bug firstI have noticed a bug in SMTP and Mail server in Microsoft ExchangeThat would allow me to send emails(Example: secure@microsoft.com or x@outlook.com) from anyone I want to anyone in user OutlookThat is, any email that was related to MicrosoftThe point is that this could only be done from Outlook's own e-mails, for example, it cannot be done from Gmail to Outlook.In the picture below, I...
https://infosecwriteups.com/send-email-from-anyone-to-any-user-outlook-microsoft-69fce333066d?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TryHackMe | Valley Writeup
https://tryhackme.com/room/valleypeEnumerationFirstly, we do a port scan with NmapIt says two ports are open to us, 22 is SSH 80 is HTTP. Currently, we don't see a vulnerability here.On the main page, we can seek around, if we look we will see the View Gallery page on the main page this page contains some nice photos but we have a “/static” directory let's fuzz it.The “/00” directory is a bit different from other directories, this directory size is “127” which can be a piece of useful information for us. let's dig into thisdev notes from valleyDev:-add wedding photo examples-redo the editing on #4-remove /dev1243224123123-check for SIEM alerts“/dev1243224123123” looks like a directory, let's continuewell, we have input for some things to do but we will before...
https://infosecwriteups.com/tryhackme-valley-writeup-e67b505f35c9?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LOTL — Why it's a Hacker Favorite
What isn't seen, isn't known“The greatest stealth is to disappear in plain sight.” — AnonymousWhat is LOTL?LOTL (Living Off The Land) attacks are attacks using native systems/libraries instead of open source libraries to complete their vectors.LOTL is special because it doesn't trigger alerts in defensive systems like third party software would; therefore it is sneaky.LOTL is special because it works with no problems since it is an OS library ; therefore, it is efficient.LOTL is special because it doesn't require installments/downloads for you to use it; therefore, it is ready.LOTL is sneaky, efficient and ready.Trick Question:What are pre-requisites to LOTL attacks?Answer:Operating Systems.Anything you can possibly imagine in an inconstructible array of assemblies...
https://infosecwriteups.com/lotl-why-its-a-hacker-favorite-e6369ca39076?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Did you know you can earn bounties using Discord?
Hi folks. This is Alp. I haven't been here for a long time (again). I remembered that I have a Medium account. As you can see in the title, will show a bug with Discord in this post.I ensure everyone knows the Discord but want to be sure everyone really knows.So, what's the Discord?Discord is an American VoIP and instant messaging social platform. Users have the ability to communicate with voice calls, video calls, text messaging, media, and files in private chats or as part of communities called “servers”.The number of people who use Discord monthly has rapidly expanded from 10 million in 2017 to an estimated 196.2 million users this year. Discord is used by a lot of people (even the Ukraine military). We can include many official companies in this.Discord offers this exclusive...
https://infosecwriteups.com/did-you-know-you-can-earn-bounty-using-discord-1e8eb79aa260?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Hackers can exploit Caching x Race-Conditions for followers count manipulation on Twitter
- 7h3h4ckv157Image (credit): https://whatismyipaddress.com/twitter-hack-lessonsDisclaimer:This article is intended for educational purposes only. It is crucial to accentuate that any attempt to exploit or manipulate followers on any social media platform is unethical and against the terms of service. The purpose of this article is to increase awareness and understanding of potential security concerns, rather than encourage or endorse any malicious activities. Always prioritize ethical behavior and respect the guidelines and policies set forth by social media platforms.I suggest you to read this similar blog about: Hacking the Like Functionality of Twitter!Note:This article, written by myself, is published on “HACKLIDO” to fostering knowledge-sharing and learning within the cybersecurity...
https://infosecwriteups.com/how-hackers-can-exploit-caching-x-race-conditions-for-followers-count-manipulation-on-twitter-a412ec109041?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building a 30,000$ password cracking rig in the cloud for pennies.
If you work or are interested in Offensive Security, chances are you have already tried to crack a hash and retrieve the original password. Whether you are trying to pivot laterally in a network or gain an initial foothold by leveraging a leaked hash, cracking hashes is very common part of security testing during pentests or other offensive security assessments.However passwords cracking is an expensive process that is very resource intensive. Building a custom cracking rig to get faster results is not an option for everybody, and while I would love to, definitely not an option for me.A nice, but expensive cracking rigWhat exactly are the downsides of building your own rig?Computing power is expensive. Especially nowadays, GPU prices have reached all time highs and with the AI boom, will...
https://infosecwriteups.com/building-a-30-000-password-cracking-rig-in-the-cloud-for-pennies-82dc7d66686a?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blog Series: Themes You'll Run Into a Lot in Cyber Security — Validation
Photo by Joshua Gandara on UnsplashSeries IntroductionThroughout my time as a cyber security consultant, I learned many things, and one question I often ask myself is what would I do differently had I just started on my journey, but with the knowledge I have now?Well, one thing for sure would be to simplify the complex rather than complicating the simple. This goal to pursue milestones in knowledge and application led me to searching for the concrete answers to my questions and organizing a series of concepts styled for seamless assimilation across all cyber spheres.What came out of this pursuit is a blog series titled:“Themes You'll Run Into a Lot in Cyber Security”.It takes real cyber applications and use cases, bundling them along with their common denominators to converge certain...
https://infosecwriteups.com/blog-series-themes-youll-run-into-a-lot-in-cyber-security-validation-b17482b17c90?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weird Improper Access Control Bug of $$$
Hello , So I am back with another write up . This one is about an Improper access control issue which I have found in a famous website which is used to create projects and collaborate with different users . Let's see this in detail .DescriptionI am testing a website that contains three user roles: owner, admin and normal user (which can only read and write). Let's refer to the company as ‘Private' (as the report has not yet been disclosed).I have created a project for myself with my email: email1, so I am the owner of the project. Now, I invited my second email: email2, with admin privileges. I tried to remove the owner, become the owner, etc. from my admin's account but all attempts failed.Finally, I thought to check for similar issues through a normal user perspective . I...
https://infosecwriteups.com/weird-improper-access-control-bug-of-9cbceb8e039f?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Secure Enterprise Collaboration Tools Are Critical in Light of Remote Work and Cyber-Attacks.
By Allen Drennan, Principal and Co-Founder of Cordoniq Cyberattacks escalated in 2022 as critical industries remain a frequent target of cybercriminals. New data from Check Point Research revealed that global […]
The post Secure Enterprise Collaboration Tools Are Critical in Light of Remote Work and Cyber-Attacks. appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/secure-enterprise-collaboration-tools-are-critical-in-light-of-remote-work-and-cyber-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
25 Best Cloud Service Providers (Public and Private) in 2023
As technology advances, more and more organizations are turning to cloud computing as a necessary solution for their data storage and processing needs. Cloud computing is a widely accepted trend in the information technology industry, and it allows users to access computer services through the Internet at any time. This technology is becoming increasingly crucial […]
The post 25 Best Cloud Service Providers (Public and Private) in 2023 appeared first on Cyber Security News.
https://cybersecuritynews.com/cloud-service-providers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MAAD-AF - MAAD Attack Framework - An Attack Tool For Simple, Fast And Effective Security Testing Of M365 And Azure AD
MAAD-AF is an open-source cloud attack tool developed for testing security of Microsoft 365 & Azure AD environments through adversary emulation. MAAD-AF provides security practitioners easy to use attack modules to exploit configurations across different M365/AzureAD cloud-based tools & services. MAAD-AF is designed to make cloud security testing simple, fast and effective. Through its virtually no-setup requirement and easy to use interactive attack modules, security teams can test their security controls, detection and response capabilities easily and swiftly. Features Pre & Post-compromise techniques Simple interactive use Virtually no-setup requirements Attack modules for Azure AD Attack modules for Exchange Attack modules for Teams Attack modules for SharePoint...
http://www.kitploit.com/2023/06/maad-af-maad-attack-framework-attack.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Considering All Returns on a Cybersecurity Compliance Program
By Doug Barbin, Chief Growth Officer and Managing Principal at Schellman C-Suite executives have many variables to consider when they are implementing changes or making investments at an enterprise level. […]
The post Considering All Returns on a Cybersecurity Compliance Program appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/considering-all-returns-on-a-cybersecurity-compliance-program/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burp-Dom-Scanner - Burp Suite's Extension To Scan And Crawl Single Page Applications
It's a Burp Suite's extension to allow for recursive crawling and scanning of Single Page Applications. It runs a Chromium browser to scan the webpage for DOM-based XSS. It can also collect all the requests (XHR, fetch, websockets, etc) issued during the crawling allowing them to be forwarded to Burp's Proxy, Repeater and Intruder. It requires node and DOMDig. Download Latest release can be downloaded here Installation Install node Install DOMDig Download and load the extension Set both the path of node's executable and the path of domdig.js in the extension's UI. Scanning Engine Burp DOM Scanner uses DOMDig as the crawling and scanning engine. DOMDig DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications (SPA) recursively....
http://www.kitploit.com/2023/06/burp-dom-scanner-burp-suites-extension.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy by Design and Privacy by Default in the Cloud
Written by Eyal Estrin. When we are talking about building new systems, in the context of privacy or data protection, we often hear two concepts – Privacy by Design (PbD) and Privacy by Default. Dealing with human privacy is not something new. We build applications that store and process personal data – from e-commerce sites, banking, healthcare, advertisement, and more. The concept of Privacy by Design (PbD) was embraced by the GDPR (General Data Protection Regulation) in Article 5 and Ar...
https://cloudsecurityalliance.org/articles/privacy-by-design-and-privacy-by-default-in-the-cloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using ChatGPT for Cloud Security Audits
Written by Ashwin Chaudhary, CEO, Accedere. ChatGPT is an artificial intelligence chatbot developed by Open AI and released in November 2022.
The GPT (Generative Pre-trained Transformer) series of language models, including GPT-3, is a stateof-the-art technology developed by Open AI for natural language processing. These models are trained on vast amounts of text data and can generate human-like responses to text
inputs. One of the most significant abilities of ChatGPT is their ability to u...
https://cloudsecurityalliance.org/articles/using-chatgpt-for-cloud-security-audits/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Leveraging Sustainable Technology for ESG Compliance
Originally published by Sangfor Technologies. Written by Nicholas Tay Chee Seng, CTO, Sangfor Cloud. The ESG framework will encourage more organizations to adopt sustainable and renewable practices necessary to address global climate change. However, achieving the COP21 Paris Agreement's net-zero target by 2050 will require the participation of all nations, industries, and people. Embracing sustainable solutions through ESG practices also presents an opportunity for organizations to enhance b...
https://cloudsecurityalliance.org/articles/leveraging-sustainable-technology-for-esg-compliance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CSA STAR Certification – Q&A Session
Originally published by MSECB. 1. What is the CSA STAR Certification?The CSA STAR (Security, Trust, and Assurance Registry) Certification is a program launched by the Cloud Security Alliance (CSA) in 2011 that provides independent third-party assessment and certification of the security measures and controls implemented by cloud service providers (CSPs) against the CSA's Cloud Controls Matrix (CCM).2. Why is CSA STAR Certification important for organizations?CSA STAR Certification is import...
https://cloudsecurityalliance.org/articles/csa-star-certification-q-a-session/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is Your Data Leaking via ChatGPT?
Originally written and published by Code42. In November 2022, OpenAI released ChatGPT, a generative artificial intelligence (GAI) tool, which has since taken the world by storm. Only two months after its launch, it had over 100 million users, making it “the fastest-growing consumer application in history.” And ChatGPT is not alone.While any new technology presents risks, it doesn't mean the risks are all brand new. In fact, companies might find that they already have many of the people, proce...
https://cloudsecurityalliance.org/articles/is-your-data-leaking-via-chatgpt/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Stay Ahead of Future Requirements for the NIST SSDF
In today's world of software development, cybersecurity is more than a luxury; it's a necessity. Cyber threats aren't only growing in frequency, complexity, and sophistication, they're targeting developer environments and the software supply chain. The need for robust, secure software development frameworks is more critical than ever. However, not all organizations know how to secure their frameworks. Enter the Secure Software Development Framework (SSDF) from the National Institute of Standards and Technology (NIST).
The SSDF, a relative newcomer in the field of cybersecurity, is designed to guide organizations in developing secure software, all while safeguarding the software supply chain. Introduced in 2020, the SSDF offers an upgraded approach to the traditional software...
https://www.legitsecurity.com/blog/how-to-stay-ahead-of-future-requirements-for-the-nist-ssdf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards
It's a backdoor, Jim, but not as we know it... here's a sober look at this issue.
https://nakedsecurity.sophos.com/2023/06/02/researchers-claim-windows-backdoor-affects-hundreds-of-gigabyte-motherboards/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing Web Application and API Attacks: The Cloud as a Target and a Launch Pad
We investigate a growing trend of attacks originating in the cloud with a focus on web app and API attacks, using survey data to enhance our key findings.
The post Analyzing Web Application and API Attacks: The Cloud as a Target and a Launch Pad appeared first on Unit 42.
https://unit42.paloaltonetworks.com/web-api-attacks-in-cloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detecting Insider Threats: Leverage User Behavior Analytics
Employees often play an unwitting role in many security incidents, from accidental data breaches to intentional malicious attacks. Unfortunately, most organizations don’t have the right protocols and processes to identify potential risks posed by their workforce. Based on a survey conducted by SANS Institute, 35% of respondents said they lack visibility into insider threats, while 30% […]
The post Detecting Insider Threats: Leverage User Behavior Analytics appeared first on Security Intelligence.
https://securityintelligence.com/posts/detecting-insider-threats-leverage-user-behavior-analytics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Warning Issued For iPhone Users As iMessage 0-Click Attack Revealed
Security researchers at Kaspersky have warned that an ongoing zero-click iMessage attack triggers a zero-day exploit on iPhones without any user interaction.
https://www.forbes.com/sites/daveywinder/2023/06/02/warning-issued-for-iphone-users-as-ongoing-imessage-0-click-attack-revealed/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
API security in the spotlight – Week in security with Tony Anscombe
Given the reliance of today's digital world on APIs and the fact that attacks targeting them continue to rise sharply, API security cannot be an afterthought.
The post API security in the spotlight – Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/api-security-spotlight-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Graphcat - Generate Graphs And Charts Based On Password Cracking Result
Simple script to generate graphs and charts on hashcat (and john) potfile and ntds Install git clone https://github.com/Orange-Cyberdefense/graphcatcd graphcatpip install . Helper $ graphcat.py -husage: graphcat.py [-h] -potfile hashcat.potfile -hashfile hashfile.txt [-john] [-format FORMAT] [-export-charts] [-output-dir OUTPUT_DIR] [-debug]Password Cracking Graph Reportingoptions: -h, --help show this help message and exit -potfile hashcat.potfile Hashcat Potfile -hashfile hashfile.txt File containing hashes (one per line) -john John potfile -format FORMAT hashfile format (default 3): 1 for hash; 2 for username:hash; 3 for secretsdump (username:uid:lm:ntlm) -export-charts Output also charts...
http://www.kitploit.com/2023/06/graphcat-generate-graphs-and-charts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
In search of the Triangulation: triangle_check utility
We developed a dedicated utility to scan the iOS backups and run all the checks for Operation Triangulation indicators.
https://securelist.com/find-the-triangulation-utility/109867/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 7 Tips to Protect Your Endpoint Devices
By Nicole Allen, Senior Marketing Executive at Salt Communications The threat landscape has become more sophisticated due to the new hybrid working lifestyle and companies’ use of connected devices has […]
The post Top 7 Tips to Protect Your Endpoint Devices appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/top-7-tips-to-protect-your-endpoint-devices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How malicious extensions hide running arbitrary code
Two days ago I wrote about the malicious extensions I discovered in Chrome Web Store. At some point this article got noticed by Avast. Once their team confirmed my findings, Google finally reacted and started removing these extensions. Out of the 34 extensions I reported, only 8 extensions remain. These eight were all part of an update where I added 16 extensions to my list, an update that came too late for Avast to notice.
Note: Even for the removed extensions, it isn't “mission accomplished” yet. Yes, the extensions can no longer be installed. However, the existing installations remain. From what I can tell, Google didn't blocklist these extensions yet.
Avast ran their own search, and they found a bunch of extensions that I didn't see. So how come they missed eight extensions?...
https://palant.info/2023/06/02/how-malicious-extensions-hide-running-arbitrary-code/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Poor Communication During a Data Breach Can Cost You — Here's How to Avoid It
No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was .35 million, with 83% of organizations experiencing one or more security incidents. […]
The post Poor Communication During a Data Breach Can Cost You — Here's How to Avoid It appeared first on Security Intelligence.
https://securityintelligence.com/posts/poor-communication-data-breach-cost-how-to-avoid/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Jetpack Plugin Patched A Critical Vulnerability Triggering WordPress Force-Installs
The popular and one of the most-used WordPress plugins, Jetpack recently addressed a critical security…
Jetpack Plugin Patched A Critical Vulnerability Triggering WordPress Force-Installs on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2023/06/02/jetpack-plugin-patched-a-critical-vulnerability-triggering-wordpress-force-installs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity in Online Trading: Protecting Your Investments
In today’s digital age, online trading has become a popular means for investors to build…
Cybersecurity in Online Trading: Protecting Your Investments on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2023/06/02/cybersecurity-in-online-trading-protecting-your-investments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Audit the Security Posture of DevOps with HackerOne Source Code Assessments
https://www.hackerone.com/assessments/audit-security-posture-devops-hackerone-source-code-assessments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
S3 Ep137: 16th century crypto skullduggery
Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)
https://nakedsecurity.sophos.com/2023/06/01/s3-ep137-16th-century-crypto-skullduggery/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Improve Your Software Supply Chain with a Software Security Framework
Just like a car manufacturer must ensure every component that goes into their vehicles is safe and reliable, you should ensure all of the components in the software you produce are secure and free from defects, especially with software supply chain attacks on the rise.
https://blog.sonatype.com/how-to-improve-your-software-supply-chain-with-a-software-security-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ask Fitis, the Bear: Real Crooks Sign Their Malware
Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software. This post is a deep dive on "Megatraffer," a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015.
https://krebsonsecurity.com/2023/06/ask-fitis-the-bear-real-crooks-sign-their-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing the Chrome Browser Full Chain Exploit Bonus
Amy Ressler, Chrome Security Team on behalf of the Chrome VRP
For 13 years, a key pillar of the Chrome Security ecosystem has included encouraging security researchers to find security vulnerabilities in Chrome browser and report them to us, through the Chrome Vulnerability Rewards Program.
Starting today and until 1 December 2023, the first security bug report we receive with a functional full chain exploit, resulting in a Chrome sandbox escape, is eligible for triple the full reward amount. Your full chain exploit could result in a reward up to 0,000 (potentially more with other bonuses).
Any subsequent full chains submitted during this time are eligible for double the full reward amount!
We have historically put a premium on reports with exploits – “high quality reports...
http://security.googleblog.com/2023/06/announcing-chrome-browser-full-chain.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Risk: Everything Everywhere All at Once
It's Time to Get Proactive About Risk Reduction By Marc Gaffan, CEO of IONIX The first quarter of 2023 is being dominated by a singular theme, re-thinking risk. We came […]
The post Risk: Everything Everywhere All at Once appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/risk-everything-everywhere-all-at-once/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Rapid7 managed services teams are observing exploitation of a critical vulnerability in Progress Software's MOVEit Transfer solution across multiple customer environments.
https://blog.rapid7.com/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exclusive: U.S. States Are Flying Thousands Of Chinese Drones Across The East Coast. Marco Rubio Is Furious.
Government and police agencies are buying thousands of Chinese drones made by DJI and Autel, flying them all over the East Coast. Marco Rubio says there's “no excuse.”
https://www.forbes.com/sites/thomasbrewster/2023/06/01/american-states-fly-thousands-of-chinese-drones-across-east-coast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 Sales Director Devin Poulter On Building a Career as an Account Executive
Devin Poulter is a Sales Director with over 20 years of experience in the tech industry. Recently, we spoke with him about building a career in tech sales.
https://blog.rapid7.com/2023/06/01/rapid7-sales-director-devin-poulter-on-building-a-career-as-an-account-executive/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Increasingly Sophisticated Cyberattacks Target Healthcare
It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks. In response to the findings, the American Hospital Association told Porter Research, […]
The post Increasingly Sophisticated Cyberattacks Target Healthcare appeared first on Security Intelligence.
https://securityintelligence.com/articles/increasingly-sophisticated-cyberattacks-target-healthcare/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation Triangulation: iOS devices targeted with previously unknown malware
While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise.
https://securelist.com/operation-triangulation/109842/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure-AccessPermissions - Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment
Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment. Background details can be found in the accompanied blog posts: Untangling Azure Active Directory Principals & Access Permissions Untangling Azure Active Directory Permissions II: Privileged Access Requirements To run this script you'll need these two PowerShell modules: Microsoft.Graph AADInternals AzureADPreview All of these can be installed directly within PowerShell: PS:> Install-Module Microsoft.GraphPS:> Install-Module AADInternalsPS:> Install-Module AzureADPreview Usage First time use The script uses a browser-based Login UI to connect to Azure. If you run the tool for the first time you might experience the following error emulation not set for...
http://www.kitploit.com/2023/06/azure-accesspermissions-easy-to-use.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
All eyes on APIs: Top 3 API security risks and how to mitigate them
As APIs are a favorite target for threat actors, the challenge of securing the glue that holds various software elements together is taking on increasing urgency
The post All eyes on APIs: Top 3 API security risks and how to mitigate them appeared first on WeLiveSecurity
https://www.welivesecurity.com/2023/06/01/top-3-api-security-risks-mitigate/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Software Composition Analysis Can Help You Go from Good to Great
We live in a world that is difficult to imagine without open source software. Although open source — and DevSecOps testing methods and tools — have been around for a long time, it is only over the past few years that Software Composition Analysis (SCA) has started gaining more attention relative to other popular security testing techniques, including the following:
https://blog.sonatype.com/how-software-composition-analysis-sca-can-help-you-go-from-good-to-great
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Serious Security: That KeePass “master password crack”, and what we can learn from it
Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)
https://nakedsecurity.sophos.com/2023/05/31/serious-security-that-keepass-master-password-crack-and-what-we-can-learn-from-it/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 Data Engineers Inspire Future Tech Talent at Summer Search Career Fest
Earlier this month, Rapid7 data engineers had the honor of being panelists at the Summer Search Career Fest.
https://blog.rapid7.com/2023/05/31/rapid7-data-engineers-inspire-future-tech-talent-at-summer-search-career-fest/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anomali Cyber Watch: Shadow Force Targets Korean Servers, Volt Typhoon Abuses Built-in Tools, CosmicEnergy Tests Electric Distribution Disruption
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, DLL Side-Loading, Living off the Land, Operational technology, Ransomware, and Russia. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Shadow Force Group's Viticdoor and CoinMiner
(published: May 27, 2023)
Shadow Force is a threat that has been targeting South Korean organizations since 2013. It primarily targets Windows servers. Ahnlab researchers analyzed the group’s activity in 2020-2022....
https://www.anomali.com/blog/anomali-cyber-watch-shadow-force-targets-korean-servers-volt-typhoon-abuses-built-in-tools-cosmicenergy-tests-electric-distribution-disruption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Adding Chrome Browser Cloud Management remediation actions in Splunk using Alert Actions
Posted by Ashish Pujari, Chrome Security Team
Introduction
Chrome is trusted by millions of business users as a secure enterprise browser. Organizations can use Chrome Browser Cloud Management to help manage Chrome browsers more effectively. As an admin, they can use the Google Admin console to get Chrome to report critical security events to third-party service providers such as Splunk® to create custom enterprise security remediation workflows.
Security remediation is the process of responding to security events that have been triggered by a system or a user. Remediation can be done manually or automatically, and it is an important part of an enterprise security program.
Why is Automated Security Remediation Important?
When a security event is identified, it is imperative to respond...
http://security.googleblog.com/2023/05/adding-chrome-browser-cloud-management.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XDR meets IAM: Comprehensive identity threat detection and response with Microsoft
Identity-based attacks are on the rise, making identity protection more important than ever. Explore our blog post to learn how Microsoft's Identity Threat Detection and Response can help.
The post XDR meets IAM: Comprehensive identity threat detection and response with Microsoft appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2023/05/31/xdr-meets-iam-comprehensive-identity-threat-detection-and-response-with-microsoft/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Roadmap for Becoming a Penetration Tester in 2023
Few areas of cybersecurity measure up against penetration testing in terms of importance and excitement. This activity boils down to finding flaws in computer systems so that organizations can address them proactively and forestall real-world attacks. A pentester worth their salt should have outstanding tech skills, be a social engineering guru, and have enough confidence […]
The post A Roadmap for Becoming a Penetration Tester in 2023 appeared first on IT Security Guru.
https://www.itsecurityguru.org/2023/05/31/a-roadmap-for-becoming-a-penetration-tester-in-2023/?utm_source=rss&utm_medium=rss&utm_campaign=a-roadmap-for-becoming-a-penetration-tester-in-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Research Reveals UK Firms Plan to Embrace New Era of Digital Identity
A new research report, entitled Plotting the Roadmap for Digital Identity, by API focused identity and access management company Curity found that UK organisations and consumers are ready to embrace a new era of digital identity. The research revealed that 60% of organisations in the UK and US expect digital identity to have a transformative […]
The post Research Reveals UK Firms Plan to Embrace New Era of Digital Identity appeared first on IT Security Guru.
https://www.itsecurityguru.org/2023/05/31/research-reveals-uk-firms-plan-to-embrace-new-era-of-digital-identity/?utm_source=rss&utm_medium=rss&utm_campaign=research-reveals-uk-firms-plan-to-embrace-new-era-of-digital-identity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deconstructing DevSecOps: Why A DevOps-Centric Approach To Security Is Needed In 2023
Is the problem with DevSecOps none other than DevSecOps itself? Maybe we should be thinking in terms of a DevOps-centric approach to security instead.
https://www.forbes.com/sites/daveywinder/2023/05/31/deconstructing-devsecops-why-a-devops-centric-approach-to-security-is-needed-in-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Widespread Exploitation of Zyxel Network Devices
Rapid7 is tracking reports of ongoing exploitation of CVE-2023-28771, a critical unauthenticated command injection vulnerability affecting multiple Zyxel networking devices.
https://blog.rapid7.com/2023/05/31/etr-widespread-exploitation-of-zyxel-network-devices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nidhogg - All-In-One Simple To Use Rootkit For Red Teams
Nidhogg is a multi-functional rootkit for red teams. The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit with multiple helpful functionalities for red team engagements that can be integrated with your C2 framework via a single header file with simple usage, you can see an example here. Nidhogg can work on any version of x64 Windows 10 and Windows 11. This repository contains a kernel driver with a C++ header to communicate with it. Current Features Process hiding and unhiding Process elevation Process protection (anti-kill and dumping) Bypass pe-sieve Thread hiding Thread protection (anti-kill) File protection (anti-deletion and overwriting) File hiding Registry keys and values protection (anti-deletion and overwriting) Registry keys and values hiding...
http://www.kitploit.com/2023/05/nidhogg-all-in-one-simple-to-use.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Container Security Primer
In today's rapidly evolving digital landscape, where agility and scalability are paramount, traditional software deployment methods often fall short. Container technology is a game-changing innovation that has revolutionized how software is deployed, managed, and scaled. It offers many benefits, ensuring that applications run consistently regardless of the hosting environment.
https://www.linuxsecurity.com/features/features/linux-container-security-primer?rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More malicious extensions in Chrome Web Store
Two weeks ago I wrote about the PDF Toolbox extension containing obfuscated malicious code. Despite reporting the issue to Google via two different channels, the extension remains online. It even gained a considerable number of users after I published my article.
A reader tipped me off however that the Zoom Plus extension also makes a request to serasearchtop[.]com. I checked it out and found two other versions of the same malicious code. And I found more extensions in Chrome Web Store which are using it.
So now we are at 18 malicious extensions with a combined user count of 55 million. The most popular of these extensions are Autoskip for Youtube, Crystal Ad block and Brisk VPN: nine, six and five million users respectively.
Update (2023-06-01): With an increased sample I was able to find...
https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This Campaign Delivers Three Malware Via Pirated Software Videos On YouTube
Researchers have found a malicious campaign exploiting seemingly legit YouTube accounts. The campaign involves uploading…
This Campaign Delivers Three Malware Via Pirated Software Videos On YouTube on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2023/05/31/this-campaign-delivers-three-malware-via-pirated-software-videos-on-youtube/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 free OSINT tools for social media
A roundup of some of the handiest tools for the collection and analysis of publicly available data from Twitter, Facebook and other social media platforms
The post 5 free OSINT tools for social media appeared first on WeLiveSecurity
https://www.welivesecurity.com/2023/05/31/5-free-osint-tools-social-media/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RaidForums - 478,604 breached accounts
In May 2023, 478k user records from the now defunct hacking forum known as "RaidForums" was posted to another hacking forum. The data dated back to September 2020 and included email addresses, usernames, dates of birth, IP addresses and passwords stored as Argon2 hashes. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
https://haveibeenpwned.com/PwnedWebsites#RaidForums
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Discord Admins Hacked by Malicious Bookmarks
A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark.
https://krebsonsecurity.com/2023/05/discord-admins-hacked-by-malicious-bookmarks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Polish Credentials - 1,204,870 breached accounts
In May 2023, a credential stuffing list of 6.3M Polish email address and password pairs appeared on a local forum. Likely obtained by malware running on victims' machines, each record included an email address and plain text password alongside the website the credentials were used on. The data included 1.2M unique email addresses.
https://haveibeenpwned.com/PwnedWebsites#PolishCredentials
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Year In HackerOne's Bug Bounty Program
https://www.hackerone.com/year-hackerones-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TP-Link Archer AX-21 Command Injection Vulnerability (CVE-2023-1389) Exploited in the Wild
What is TP-Link Archer AX21 (AX1800)?
TP-Link Archer AX21 (AX1800) is a line of consumer-oriented Wi-Fi routers.
What is the attack?
A command injection vulnerability exists in TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 that allows an unauthenticated attacker to inject commands and obtain root access via a POST request. The issue has been assigned CVE-2023-1389. The vulnerability has a CVSS base score of 8.8 and is rated HIGH.
Why is this significant?
This is significant because attackers have reportedly started to exploit CVE-2023-1389 in real time attacks. Furthermore, proof-of-concept (PoC) code is publicly available, and various reports have stated that the Mirai malware was deployed to vulnerable TP-Link Archer AX21 devices....
https://fortiguard.fortinet.com/threat-signal-report/5157
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Serious Security: Verification is vital – examining an OAUTH login bug
What good is a popup asking for your approval if an attacker can bypass it simply by suppressing it?
https://nakedsecurity.sophos.com/2023/05/30/serious-security-verification-is-vital-examining-an-oauth-login-bug/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DevSecOps Leadership Forum: Revolutionizing Financial Services
https://blog.sonatype.com/devsecops-leadership-forum-revolutionizing-financial-services
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New macOS vulnerability, Migraine, could bypass System Integrity Protection
A new vulnerability, which we refer to as “Migraine”, could allow an attacker with root access to bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device.
The post New macOS vulnerability, Migraine, could bypass System Integrity Protection appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cold as Ice: Answers to Unit 42 Wireshark Quiz for IcedID
This is the follow-up post to our Wireshark quiz on an IcedID infection. We provide the answers on the traffic, victim and more in this full pcap analysis.
The post Cold as Ice: Answers to Unit 42 Wireshark Quiz for IcedID appeared first on Unit 42.
https://unit42.paloaltonetworks.com/wireshark-quiz-icedid-answers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reduce Healthcare Insider Threats with Identity and Access Management
By Zac Amos, Features Editor of ReHack Identity and access management (IAM) refers to the policies, procedures and technologies used to manage and control access to digital resources and systems. […]
The post Reduce Healthcare Insider Threats with Identity and Access Management appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/reduce-healthcare-insider-threats-with-identity-and-access-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
April 2023 Cyber Attacks Timeline
After the cyber attacks timelines, it's time to publish the statistics of April 2023 where I collected...
https://www.hackmageddon.com/2023/05/30/april-2023-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tricks of the trade: How a cybercrime ring operated a multi‑level fraud scheme
A peek under the hood of a cybercrime operation and what you can do to avoid being an easy target for similar ploys
The post Tricks of the trade: How a cybercrime ring operated a multi‑level fraud scheme appeared first on WeLiveSecurity
https://www.welivesecurity.com/2023/05/30/tricks-trade-cybercrime-ring-fraud-scheme/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The great CISO resignation: Why security leaders are quitting in droves
https://www.proofpoint.com/us/newsroom/news/great-ciso-resignation-why-security-leaders-are-quitting-droves
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Takes No Prisoners
By Monica Oravcova, COO and Co-Founder of Naoris Protocol The recent Killnet cyberattack that disrupted contact between NATO and military aircraft providing aid to victims of the Turkish-Syrian earthquake, is […]
The post Ransomware Takes No Prisoners appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/ransomware-takes-no-prisoners/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Email Phishing Using Kali Linux
No matter how often you go online and how or why you primarily use the Internet, you've probably seen phishing attack attempts. They're now so common and problematic that cybersecurity professionals regularly provide information to help people spot and avoid phishing attacks.
https://www.linuxsecurity.com/features/features/email-phishing-using-kali-linux?rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
padre – Padding Oracle Attack Exploiter Tool
padre is an advanced exploiter and Padding Oracle attack tool that can be deployed against CBC mode encryption.
https://www.darknet.org.uk/2023/05/padre-padding-oracle-attack-exploiter-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting Accounting Firms from Cyberattacks
Cybersecurity Practices Must Be A Top Priority For Firms This Busy Season By Alan Hartwell, Chief Technology Officer at IRIS Software Group Financial service firms are a top target for […]
The post Protecting Accounting Firms from Cyberattacks appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/protecting-accounting-firms-from-cyberattacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Machine Identity Management: The Key to Managing Compliance Risk in a Multi-Cloud, Multi-Cluster World
By Sitaram Iyer, Senior Director of Cloud Native Solutions at Venafi Financial services may be an industry in which mainframes still do much of the heavy lifting, but increasingly it's […]
The post Machine Identity Management: The Key to Managing Compliance Risk in a Multi-Cloud, Multi-Cluster World appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/machine-identity-management-the-key-to-managing-compliance-risk-in-a-multi-cloud-multi-cluster-world/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Alleged Russian CosmicEnergy Malware Potentially Affects Power Grids in Europe and Asia
FortiGuard Labs is aware of a report that a new malware "CosmicEnergy" designed to disrupt electric power systems was discovered. CosmicEnergy was specifically crafted to target IEC-104-compliant Remote Terminal Units (RTUs) used to control power transmission and distribution in Europe and Asia.Why is this Significant?This is significant because the new malware "CosmicEnergy" is capable of interacting with the devices responsible for managing power grids leading to potential power outages. Reportedly, potentially affected devices are primarily located in Europe, the Middle East and Asia. What is CosmicEnergy?CosmicEnergy is a new malware that is designed to disrupt devices used for managing power grids. Reportedly the malware may have been developed as a red team tool by a Russian cyber security...
https://fortiguard.fortinet.com/threat-signal-report/5171
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blacktail Threat Actor Exploits PaperCut Vulnerability (CVE-2023-27350) to Distribute Buhti Ransomware
FortiGuard Labs is aware of a report that the Blacktail threat actor exploited the recently patched PaperCut vulnerability (CVE-2023-27350) to distribute the Windows version of Buhti ransomware. The IBM Aspera Faspex code execution vulnerability (CVE-2022-47986) is also being reportedly exploited by the same threat actor.Why is this Significant?This is significant because the Blacktail threat actor reportedly exploited the recently patched PaperCut vulnerability to deploy the Windows version of Buhti ransomware. As such the patch should be applied as soon as possible.What is Buhti Ransomware?Buhti is a ransomware variant that was first spotted in February 2023 and is designed to encrypt files on compromised machines. Blacktail, a threat actor behind the Buhti ransomware, is believed to use...
https://fortiguard.fortinet.com/threat-signal-report/5170
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Time to challenge yourself in the 2023 Google CTF!
Vincent Winstead, Technical Program ManagerIt's Google CTF time! Get your hacking toolbox ready and prepare your caffeine for rapid intake. The competition kicks off on June 23 2023 6:00 PM UTC and runs through June 25 2023 6:00 PM UTC. Registration is now open at g.co/ctf.Google CTF gives you a chance to challenge your skillz, show off your hacktastic abilities, and learn some new tricks along the way. It consists of a set of computer security puzzles (or challenges) involving reverse-engineering, memory corruption, cryptography, web technologies, and more. Use obscure security knowledge to find exploits through bugs and creative misuse. With each completed challenge your team will earn points and move up through the ranks. The top 8 teams will qualify for our Hackceler8 competition...
http://security.googleblog.com/2023/05/time-to-challenge-yourself-in-2023-google-ctf2023.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (aka Volt Typhoon)
Volt Typhoon, a nation-state TA attributed to the People's Republic of China, is targeting critical infrastructure. We provide an overview of their current activity and mitigations recommendations.
The post Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (aka Volt Typhoon) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/volt-typhoon-threat-brief/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing Domains Tanked After Meta Sued Freenom
The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta, which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains.
https://krebsonsecurity.com/2023/05/phishing-domains-tanked-after-meta-sued-freenom/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How an innocuous app morphed into a trojan – Week in security with Tony Anscombe
ESET research uncovers an Android app that initially had no harmful features but months later turned into a spying tool
The post How an innocuous app morphed into a trojan – Week in security with Tony Anscombe appeared first on WeLiveSecurity
https://www.welivesecurity.com/videos/app-morphed-trojan-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cold as Ice: Unit 42 Wireshark Quiz for IcedID
IcedID is a known vector for ransomware. Analyze infection traffic from this banking trojan in our latest Wireshark tutorial.
The post Cold as Ice: Unit 42 Wireshark Quiz for IcedID appeared first on Unit 42.
https://unit42.paloaltonetworks.com/wireshark-quiz-icedid/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Chiefs Navigate AI Risks and Potential Rewards
https://www.proofpoint.com/us/newsroom/news/cybersecurity-chiefs-navigate-ai-risks-and-potential-rewards
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rooting with root cause: finding a variant of a Project Zero bug
In this blog, I'll look at CVE-2022-46395, a variant of CVE-2022-36449 (Project Zero issue 2327), and use it to gain arbitrary kernel code execution and root privileges from the untrusted app domain on an Android phone that uses the Arm Mali GPU. I'll also explain how root cause analysis of CVE-2022-36449 led to the discovery of CVE-2022-46395.
https://github.blog/2023-05-25-rooting-with-root-cause-finding-a-variant-of-a-project-zero-bug/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Trust Services ACME API available to all users at no cost
David Kluge, Technical Program Manager, and Andy Warner, Product ManagerNobody likes preventable site errors, but they happen disappointingly often. The last thing you want your customers to see is a dreaded 'Your connection is not private' error instead of the service they expected to reach. Most certificate errors are preventable and one of the best ways to help prevent issues is by automating your certificate lifecycle using the ACME standard. Google Trust Services now offers our ACME API to all users with a Google Cloud account (referred to as “users” here), allowing them to automatically acquire and renew publicly-trusted TLS certificates for free. The ACME API has been available as a preview and over 200 million certificates have been issued already, offering the same compatibility...
http://security.googleblog.com/2023/05/google-trust-services-acme-api_0503894189.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices
We analyze Mirai variant IZ1H9, which targets IoT devices. Our overview includes campaigns observed, botnet configuration and vulnerabilities exploited.
The post Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices appeared first on Unit 42.
https://unit42.paloaltonetworks.com/mirai-variant-iz1h9/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Embracing the Future of Secure Software Development: A Comprehensive Look at the SSDF
This article delves into the Secure Software Development Framework (SSDF), looks at the differences between the traditional Secure Software Development Life Cycle (SSDLC), and goes over the benefits of adopting the SSDF for improved security, compliance, and resilience. By understanding the key differences between these frameworks and recognizing the value of the SSDF, organizations can make informed decisions about their software development practices and better protect their digital assets in an ever-evolving cybersecurity landscape.
https://www.legitsecurity.com/blog/embracing-the-future-of-secure-software-development-a-comprehensive-look-at-the-ssdf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-30 April 2023 Cyber Attacks Timeline
In the second half of April 2023 I collected 180 events (corresponding to 12 events/day), a sharp increase compared to...
https://www.hackmageddon.com/2023/05/25/16-30-april-2023-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shedding light on AceCryptor and its operation
ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families
The post Shedding light on AceCryptor and its operation appeared first on WeLiveSecurity
https://www.welivesecurity.com/2023/05/25/shedding-light-acecryptor-operation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New cyber security training packages launched to manage supply chain risk
NCSC publishes free e-learning to help organisations manage the cyber security risks across their supply chains.
https://www.ncsc.gov.uk/blog-post/new-cyber-security-training-packages-launched-to-manage-supply-chain-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GUEST BLOG: Governments Across The World Are Mandating Vulnerability Disclosure So Why Are Companies Sitting On Their Hands?
https://www.hackerone.com/guest-blog-governments-across-world-are-mandating-vulnerability-disclosure-so-why-are-companies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
Chinese state-sponsored actor Volt Typhoon is using stealthy techniques to target US critical infrastructure, conduct espionage, and dwell in compromised environments.
The post Volt Typhoon targets US critical infrastructure with living-off-the-land techniques appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2023 Cybersecurity Almanac: 100 Facts, Figures, Predictions, And Statistics
The past, present, and future of cybercrime. Sponsored by Evolution Equity Partners – Steve Morgan, Editor-In-Chief Sausalito, Calif. – May 24, 2023 If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling trillion USD globally in 2023,
The post 2023 Cybersecurity Almanac: 100 Facts, Figures, Predictions, And Statistics appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-almanac-2023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More APTs Eye Managed Service Providers in Supply Chain Attacks
https://www.proofpoint.com/us/newsroom/news/more-apts-eye-managed-service-providers-supply-chain-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
State-Aligned Actors Targeting SMBs Globally
https://www.proofpoint.com/us/newsroom/news/state-aligned-actors-targeting-smbs-globally
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing the launch of GUAC v0.1
Brandon Lum and Mihai Maruseac, Google Open Source Security TeamToday, we are announcing the launch of the v0.1 version of Graph for Understanding Artifact Composition (GUAC). Introduced at Kubecon 2022 in October, GUAC targets a critical need in the software industry to understand the software supply chain. In collaboration with Kusari, Purdue University, Citi, and community members, we have incorporated feedback from our early testers to improve GUAC and make it more useful for security professionals. This improved version is now available as an API for you to start developing on top of, and integrating into, your systems.The need for GUACHigh-profile incidents such as Solarwinds, and the recent 3CX supply chain double-exposure, are evidence that supply chain attacks are getting more sophisticated....
http://security.googleblog.com/2023/05/announcing-launch-of-guac-v01.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital security for the self‑employed: Staying safe without an IT team to help
Nobody wants to spend their time dealing with the fallout of a security incident instead of building up their business
The post Digital security for the self‑employed: Staying safe without an IT team to help appeared first on WeLiveSecurity
https://www.welivesecurity.com/2023/05/24/digital-security-self-employed-staying-safe-without-it-team/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New interactive video - and related downloads - to help secondary school kids stay safe online
A new initiative, aimed at 11 to 14-year-olds, that helps them navigate the risks of online life.
https://www.ncsc.gov.uk/blog-post/cyberfirst-11-14-interactive-video-and-downloads-help-secondary-school-kids-stay-safe-online
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud SQL privilege escalation
A vulnerability discovered in GCP's Cloud SQL service could be abused
to result in complete control of the database engine and access to the
host OS. An attacker could have listed and accessed files in the host OS,
including any secrets on the machine, as well as gaining access to service
agents. However, it is unclear from the report if this level of access could
have allowed lateral movement within the Cloud SQL service or grant cross-tenant
access to other customers' data. The root cause of this vulnerability is also
unclear, though it allowed a series of privilege escalations, initially granting
the default sqlserver user access to a GCP admin role, and then the sysadmin role,
effectively granting a potential threat actor full access to the SQL server.
https://www.cloudvulndb.org/cloudsql-privesc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anomali Cyber Watch: CloudWizard Targets Both Sides in Ukraine, Camaro Dragon Trojanized TP-Link Firmware, RA Group Ransomware Copied Babuk
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, Data leak, Infostealers, Package-name typosquatting, Phishing, and Ukraine. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
CloudWizard APT: the Bad Magic Story Goes on
(published: May 19, 2023)
A newly-discovered modular malware framework dubbed CloudWizard has been active since 2016. Kaspersky researchers were able to connect it to previously-recorded advanced persistent threat activities:...
https://www.anomali.com/blog/anomali-cyber-watch-cloudwizard-targets-both-sides-in-ukraine-camaro-dragon-trojanized-tp-link-firmware-ra-group-ransomware-copied-babuk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How the Chrome Root Program Keeps Users Safe
Posted by Chrome Root Program, Chrome Security Team
What is the Chrome Root Program?
A root program is one of the foundations for securing connections to websites. The Chrome Root Program was announced in September 2022. If you missed it, don't worry - we'll give you a quick summary below!
Chrome Root Program: TL;DR
Chrome uses digital certificates (often referred to as “certificates,” “HTTPS certificates,” or “server authentication certificates”) to ensure the connections it makes for its users are secure and private. Certificates are issued by trusted entities called “Certification Authorities” (CAs). The collection of digital certificates, CA systems, and other related online services is the foundation of HTTPS and is often referred to as the “Web PKI.”
Before...
http://security.googleblog.com/2023/05/how-chrome-root-program-keeps-users-safe.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sonatype Named in the 2023 Gartner® Magic Quadrant™ for Application Security Testing
We're thrilled to announce that Sonatype has been named in the 2023 Gartner Magic Quadrant for Application Security Testing (AST). Gartner has identified software composition analysis (SCA) and software supply chain security, amongst other capabilities of application security testing. We've been recognized for our Ability to Execute and Completeness of Vision.
https://blog.sonatype.com/sonatype-named-to-the-2023-gartner-mq-for-application-security-testing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing the public preview of GitHub Advanced Security for Azure DevOps
GitHub Advanced Security for Azure DevOps is now available for public preview, making GitHub's same application security testing tools natively available on Azure Repos.
https://github.blog/2023-05-23-announcing-the-public-preview-of-github-advanced-security-for-azure-devops/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Build 2023: Announcing new identity, compliance, and security features from Microsoft Security
Microsoft Build 2023 is the place to discover new features and technologies, share ideas, and boost your skills. Learn about the new identity and compliance features we're announcing.
The post Microsoft Build 2023: Announcing new identity, compliance, and security features from Microsoft Security appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2023/05/23/microsoft-build-2023-announcing-new-identity-compliance-and-security-features-from-microsoft-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android app breaking bad: From legitimate screen recording to file exfiltration within a year
ESET researchers discover AhRat – a new Android RAT based on AhMyth – that exfiltrates files and records audio
The post Android app breaking bad: From legitimate screen recording to file exfiltration within a year appeared first on WeLiveSecurity
https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet the GoldenJackal APT group. Don't expect any howls
GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.
https://securelist.com/goldenjackal-apt-group/109677/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interview With a Crypto Scam Investment Spammer
Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code.
https://krebsonsecurity.com/2023/05/interview-with-a-crypto-scam-investment-spammer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supply Chain Attacks Overflow: PyPI Suspended New Registrations
On May 20th, in an unprecedented move, PyPI (the official Python Package manager) announced they are temporarily suspending new users and new projects registration. This dramatic announcement follows a long line of incidents in which malicious packages were uploaded to PyPI, as well as other package managers. Following this topic closely for over a year, we in Legit observe a huge increase in the number of attackers trying to exploit this attack surface.
As the PyPI team stated: “The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion.” This incident was resolved on May 21st.
https://www.legitsecurity.com/blog/supply-chain-attacks-overflow-pypi-suspended-new-registrations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mapping out our Destination: Responsible Innovation via the NIST Identity Roadmap
RSA Conference week is always a whirlwind. NIST was there front and center last month, and we learned a lot, shared a lot, and made a big announcement during the festivities… We were excited to announce that NIST's DRAFT Identity and Access Management Roadmap was released for public comment on Friday, April 14th and that the comment period will be extended to June 16th. What is the Roadmap? The Roadmap provides a consolidated view of NIST's planned identity efforts over the coming years and serves as a vehicle to communicate our priorities. It provides guiding principles, strategic objectives
https://www.nist.gov/blogs/cybersecurity-insights/mapping-out-our-destination-responsible-innovation-nist-identity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GUEST BLOG: Vulnerability Disclosure Adoption In The Consumer IoT space Is Lagging, But What About Elsewhere?
https://www.hackerone.com/vulnerability-disclosure/guest-blog-vulnerability-disclosure-adoption-consumer-iot-space-lagging
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Luxottica - 77,093,812 breached accounts
In March 2021, the world's largest eyewear company Luxoticca suffered a data breach via one of their partners that exposed the personal information of more than 70M people. The data was subsequently sold via a popular hacking forum in late 2022 and included email and physical addresses, names, genders, dates of birth and phone numbers. In a statement from Luxottica, they advised they were aware of the incident and are currently "considering other notification obligations".
https://haveibeenpwned.com/PwnedWebsites#Luxottica
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
May 2023 Cybersecurity Business Report
Acquisitions, venture capital, and AI paint a picture of the market – David Braue Melbourne, Australia – May 19, 2023 Having apparently reached peak product, cybersecurity vendors have been working hard to consolidate service offerings and differentiate from competitors, diversifying their services offerings and pushing
The post May 2023 Cybersecurity Business Report appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/may-2023-cybersecurity-business-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISO fears of cyber insecurity are back, report finds
https://www.proofpoint.com/us/newsroom/news/ciso-fears-cyber-insecurity-are-back-report-finds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sensor Intel Series: Top CVEs in April 2023
A new vuln popped up in our traffic this month, as well as lots of the same old CVEs—IoT and Microsoft Exchange.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-april-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CloudWizard APT: the bad magic story goes on
Kaspersky analysis of the CloudWizard APT framework used in a campaign in the region of the Russo-Ukrainian conflict.
https://securelist.com/cloudwizard-apt/109722/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Signals: Shifting tactics fuel surge in business email compromise
Business email operators seek to exploit the daily sea of email traffic to lure victims into providing financial and other sensitive business information.
The post Cyber Signals: Shifting tactics fuel surge in business email compromise appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2023/05/19/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Camaro Dragon APT Targets Foreign Affairs Organizations with Horse Shell Implants
What is Camaro Dragon?
Camaro Dragon is an alleged Chinese threat actor that has a keen interest in the foreign affairs of organizations within Europe. Their activities show similarities with the Chinese "Mustang Panda" APT group.
What is the Attack?
Camaro Dragon targeted European foreign affairs organizations using the Horse Shell backdoor malware hidden in modified firmware for TP-Link routers. While the initial infection vector has not been identified, the threat actor likely exploited vulnerabilities in TP-Link routers or leveraged weak passwords.
The Horse Shell backdoor is capable of performing variety of tasks such as collecting system information and sending it to Command-and-Control (C2) servers, as well as - upload, download, create and delete files,...
https://fortiguard.fortinet.com/threat-signal-report/5167
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#StopRansomware: BianLian Ransomware
What is BianLian Ransomware?
BianLian is a ransomware threat actor whose modus operandi is to add victims to its own data leak site in June 2022. BianLian also refers to the file encryptor (ransomware) used by the threat actor. Victims reportedly include critical infrastructure organizations in the U.S. and Australia.
FortiGuard Labs previously reported BianLian in a Ransomware Roundup blog published on September 2nd, 2022.
What is the Attack?
The BianLian ransom threat actor leverages stolen and leaked Remote Desktop Protocol (RDP) credentials for initial access, FTP, Rclone, PowerShell scripts and a public could storage for data exfiltration, and abuses Impacket tools and PsExec for lateral movements. Furthermore, it installs Go-based backdoors and...
https://fortiguard.fortinet.com/threat-signal-report/5166
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back
https://www.proofpoint.com/us/newsroom/news/google-pushes-zip-and-mov-domains-internet-and-internet-pushes-back
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reported GuardDuty Finding Issue
Initial Publication Date: 05/18/2023 10:00AM EST
A security researcher recently reported an issue in Amazon GuardDuty in which a change to the policy of an S3 bucket not protected by Block Public Access (BPA) could be carried out to grant public access to the bucket without triggering a GuardDuty alert. This specific issue would occur if the S3 bucket policy was updated within a single new policy that included both an "Allow" for "Principal::"*" or "Principal":"AWS":"*" in one statement (making the bucket public) and also a “Deny” for "Action": "s3:GetBucketPublicAccessBlock in another, which altered all callers' ability (including GuardDuty) to check bucket configuration. Customers who use the recommended BPA feature would not have been impacted by this issue because the required previous...
https://aws.amazon.com/security/security-bulletins/AWS-2023-002/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oracle WebLogic Server Vulnerability (CVE-2023-21839) added to CISA Known Exploited Vulnerabilities (KEV) Catalog
What is Oracle WebLogic?
Oracle WebLogic is an enterprise
application server developed by Oracle. According to 6sense.com, the
application server is used by thousands of companies namely AT&T, NTT
Data, Verizon, etc.
What is the attack?
The attack targets
vulnerable Oracle WebLogic Server specifically in Oracle Fusion Middleware. The vulnerability is tracked under CVE-2023-21839 and exploits the flaw that allows unauthorized access to the
vulnerable servers via T3 and IIOP (Oracle proprietary protocol). The affected
versions are: 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.
The vulnerability has a CVSS base score of 7.5 and attack
complexity is rated "low" in the vendor advisory.
Why this is significant?
On May 1st, 2023, CISA
(Cybersecurity...
https://fortiguard.fortinet.com/threat-signal-report/5154
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Accessibility as a cyber security priority
Want security that works better for people? Make it accessible.
https://www.ncsc.gov.uk/blog-post/accessibility-as-a-cyber-security-priority
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Android & Google Device Vulnerability Reward Program Initiatives
Posted by Sarah Jacobus, Vulnerability Rewards Team
As technology continues to advance, so do efforts by cybercriminals who look to exploit vulnerabilities in software and devices. This is why at Google and Android, security is a top priority, and we are constantly working to make our products more secure. One way we do this is through our Vulnerability Reward Programs (VRP), which incentivize security researchers to find and report vulnerabilities in our operating system and devices.
We are pleased to announce that we are implementing a new quality rating system for security vulnerability reports to encourage more security research in higher impact areas of our products and ensure the security of our users. This system will rate vulnerability reports as High, Medium, or Low quality...
http://security.googleblog.com/2023/05/new-android-google-device-VRP.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Leaders Suffer Burnout as Pressures of the Job Intensify
https://www.proofpoint.com/us/newsroom/news/cybersecurity-leaders-suffer-burnout-pressures-job-intensify
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Teams is being hacked to crack Office 365 accounts - here's how to stay safe
https://www.proofpoint.com/us/newsroom/news/microsoft-teams-being-hacked-crack-office-365-accounts-heres-how-stay-safe
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Minas – on the way to complexity
Kaspersky analysis of a complicated multi-stage attack dubbed Minas that features a number of detection evasion and persistence techniques and results in a cryptocurrency miner infection.
https://securelist.com/minas-miner-on-the-way-to-complexity/109692/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Joins Joint Cyber Defense Collaborative
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-joins-joint-cyber-defense-collaborative
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows OLE Remote Code Execution Vulnerability (CVE-2023-29325)
What is Windows OLE?
What is Windows OLE?
OLE (Object Linking and Embedding) is a feature in Microsoft Windows that enables software to work together and share data. The feature, for example, allows a table created using Microsoft Excel either be embedded or linked to Microsoft PowerPoint.
What is the Attack?
CVE-2023-29325 is a remote code execution vulnerability in Microsoft Outlook and is stemmed from a buffer error when loading OleCache object. Successful exploitation could result in remote code execution under the context of the vulnerable application. CVE-2023-29325 has a CVSS base score of 8.1 and is rated critical by Microsoft.
Why is this Significant?
This is significant because, while exploitation of CVE-2023-29325 has not been reported...
https://fortiguard.fortinet.com/threat-signal-report/5165
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Ransomware “Black Suit†Targets Windows and Linux Platforms
FortiGuard Labs is aware of a report that a new ransomware "Black Suit" targeting both Windows and Linux platforms was discovered in the wild. Some reports suggest similarities with the infamous active Royal ransomware. Black Suit ransomware encrypts files on affected machines and adds a ".BlackSuit" file extension to the encrypted files. It also operates its own leak site on TOR designed to post information stolen from victims.Why is this Significant?This is significant because "Black Suit" is a new ransomware that targets both Windows and Linux platforms. The threat actor operates a data leak site on TOR, which typically means that the ransomware targets enterprises.What is "Black Suit" ransomware?"Black Suit" is a new ransomware that is used to target Windows and Linux platforms. Information...
https://fortiguard.fortinet.com/threat-signal-report/5164
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian Hacker “Wazawaka” Indicted for Ransomware
A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. U.S. prosecutors say Mikhail Pavolovich Matveev, a.k.a. "Wazawaka" and "Boriselcin" worked with three different ransomware gangs that extorted hundreds of millions of dollars from companies, schools, hospitals and government agencies.
https://krebsonsecurity.com/2023/05/russian-hacker-wazawaka-indicted-for-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anomali Cyber Watch: Lancefly APT Adopts Alternatives to Phishing, BPFdoor Removed Hardcoded Indicators, FBI Ordered Russian Malware to Self-Destruct
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, Credential theft, China, Exploits, Phishing, Ransomware, and Russia. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors
(published: May 15, 2023)
Symantec researchers detected a new cyberespionage campaign by the Lancefly China-sponsored group targeting organizations in South and Southeast Asia. From...
https://www.anomali.com/blog/anomali-cyber-watch-lancefly-apt-adopts-alternatives-to-phishing-bpfdoor-removed-hardcoded-indicators-fbi-ordered-russian-malware-to-self-destruct
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decoding the HackerOne Code of Conduct
As the industry continues to rapidly evolve, it is on HackerOne to try to ensure that we align with the industry norms of Code of Conduct management.
https://www.hackerone.com/hackerone-community-blog/decoding-hackerone-code-conduct
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pentagon Hacking Fears Fueled by Microsoft's Monopoly on Military IT
https://www.proofpoint.com/us/newsroom/news/pentagon-hacking-fears-fueled-microsofts-monopoly-military-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious code in PDF Toolbox extension
The PDF Toolbox extension for Google Chrome has more than 2 million users and an average rating of 4,2 in the Chrome Web Store. So I was rather surprised to discover obfuscated code in it that has apparently gone unnoticed for at least a year.
The code has been made to look like a legitimate extension API wrapper, merely with some convoluted logic on top. It takes a closer look to recognize unexpected functionality here, and quite some more effort to understand what it is doing.
This code allows serasearchtop[.]com website to inject arbitrary JavaScript code into all websites you visit. While it is impossible for me to tell what this is being used for, the most likely use is injecting ads. More nefarious uses are also possible however.
Update (2023-05-31): As I describe in a follow-up article,...
https://palant.info/2023/05/16/malicious-code-in-pdf-toolbox-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)