BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Tool

Technology, research, and government sectors in the Asia-Pacific region have been targeted by a threat actor called BlackTech as part of a recent cyber attack wave. The intrusions pave the way for an updated version of modular backdoor dubbed Waterbear as well as its enhanced successor referred to as Deuterbear. "Waterbear is known for its complexity, as it

How Attackers Can Own a Business Without Touching the Endpoint

Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps and identities. Here’s how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services.  Before getting into the details of the attack techniques being used, let’s discuss why

Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia," cybersecurity agencies from the Netherlands and the U.S.,

Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers

Source blames BlackSuit infection – as separately ISP Frontier confirms cyberattack

Octapharma Plasma has blamed IT "network issues" for the ongoing closure of its 150-plus centers across the US. It's feared a ransomware infection may be the root cause of the medical firm's ailment.…

Crooks exploit OpenMetadata holes to mine crypto – and leave a sob story for victims

'I want to buy a car. That's all'

Crooks are exploiting month-old OpenMetadata vulnerabilities in Kubernetes environments to mine cryptocurrency using victims' resources, according to Microsoft.…

The Trump Jury Has a Doxing Problem

One juror in former US president Donald Trump’s criminal case in New York has been excused over fears she could be identified. It could get even messier.

On Windows Registry by researcher who got 50+ CVEs there

submitted by /u/gynvael
[link] [comments]

Hackers Target Middle East Governments with Evasive "CR4T" Backdoor

Government entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T. Russian cybersecurity company Kaspersky said it discovered the activity in February 2024, with evidence suggesting that it may have been active since at least a year prior. The campaign has been codenamed 

House passes bill banning Uncle Sam from snooping on citizens via data brokers

Vote met strong opposition from Biden's office

A draft law to restrict the US government's ability to procure data on citizens through data brokers will progress to the Senate after being passed in the House of Representatives.…

Fraudsters abused Apple Stores' third-party pickup policy to phish for profits

Scam prevalent across Korea and Japan actually had some winners

Black Hat Asia Speaking at the Black Hat Asia conference on Thursday, a Korean researcher revealed how the discovery of a phishing operation led to the exposure of a criminal operation that used stolen credit cards and second-hand stores to make money by abusing Apple Stores’ practice of letting third parties pick up purchases.…

Debian Security Advisory 5664-1

Debian Linux Security Advisory 5664-1 - Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service.

Debian Security Advisory 5665-1

Debian Linux Security Advisory 5665-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.

Ubuntu Security Notice USN-6737-1

Ubuntu Security Notice 6737-1 - Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.

Clam AntiVirus Toolkit 1.3.1

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS source code release.

Ubuntu Security Notice USN-6729-2

Ubuntu Security Notice 6729-2 - USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.

Red Hat Security Advisory 2024-1901-03

Red Hat Security Advisory 2024-1901-03 - OpenShift container images for the Red Hat Service Interconnect 1.5 release.

Red Hat Security Advisory 2024-1904-03

Red Hat Security Advisory 2024-1904-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-1883-03

Red Hat Security Advisory 2024-1883-03 - An update for shim is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2024-1881-03

Red Hat Security Advisory 2024-1881-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1882-03

Red Hat Security Advisory 2024-1882-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-1879-03

Red Hat Security Advisory 2024-1879-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2024-1880-03

Red Hat Security Advisory 2024-1880-03 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include denial of service and privilege escalation vulnerabilities.

Red Hat Security Advisory 2024-1877-03

Red Hat Security Advisory 2024-1877-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include denial of service, information leakage, null pointer, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1878-03

Red Hat Security Advisory 2024-1878-03 - An updated version of Red Hat Update Infrastructure is now available. RHUI 4.8 fixes several security an operational bugs, adds some new features and upgrades the underlying Pulp to a newer version. Issues addressed include HTTP request smuggling, crlf injection, denial of service, and traversal vulnerabilities.

Red Hat Security Advisory 2024-1873-03

Red Hat Security Advisory 2024-1873-03 - An update for shim is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, E4S Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2024-1874-03

Red Hat Security Advisory 2024-1874-03 - An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7.

Red Hat Security Advisory 2024-1875-03

Red Hat Security Advisory 2024-1875-03 - An update for less is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-1876-03

Red Hat Security Advisory 2024-1876-03 - An update for shim is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2024-1864-03

Red Hat Security Advisory 2024-1864-03 - A new image is available for Red Hat Single Sign-On 7.6.8, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2024-1866-03

Red Hat Security Advisory 2024-1866-03 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2024-1867-03

Red Hat Security Advisory 2024-1867-03 - A bug update is now available for Red Hat build of Keycloak 22.0.10 images running on OpenShift Container Platform. This is an enhancement and security update with Moderate impact rating. Issues addressed include bypass, cross site scripting, denial of service, and traversal vulnerabilities.

Red Hat Security Advisory 2024-1872-03

Red Hat Security Advisory 2024-1872-03 - An update for mod_http2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1861-03

Red Hat Security Advisory 2024-1861-03 - New Red Hat Single Sign-On 7.6.8 deliverables are now available for Red Hat Enterprise Linux 8. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2024-1862-03

Red Hat Security Advisory 2024-1862-03 - New Red Hat Single Sign-On 7.6.8 deliverables are now available for Red Hat Enterprise Linux 9. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2024-1860-03

Red Hat Security Advisory 2024-1860-03 - New Red Hat Single Sign-On 7.6.8 deliverables are now available for Red Hat Enterprise Linux 7. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2024-1827-03

Red Hat Security Advisory 2024-1827-03 - An update is now available for OpenJDK. Issues addressed include an integer overflow vulnerability.

Lawmakers Are Kicking Warrantless Wiretapping Into Overdrive

Kremlin-Backed Actors Spread Disinformation Ahead Of US Elections

EU Tells Meta It Can't Paywall Privacy

Russia's Sandworm APT Linked To Attack On Texas Water Plant

Phishing Platform LabHost Shut Down By Law Enforcement

Five Eyes Agencies Release New AI Security Guidance

Introducing Cloud Console Cartographer: An Open-Source Tool To Help Security Teams Easily Understand Log Events Generated by AWS Console Activity

submitted by /u/permis0
[link] [comments]

185K people's sensitive data in the pits after ransomware raid on Cherry Health

Extent of information seized will be a concern for those affected

Ransomware strikes at yet another US healthcare organization led to the theft of sensitive data belonging to just shy of 185,000 people.…

EU tells Meta it can't paywall privacy

Platforms should not confront users with 'binary choice' over personal data use

The EU's Data Protection Board (EDPB) has told large online platforms they should not offer users a binary choice between paying for a service and consenting to their personal data being used to provide targeted advertising.…

The Real-Time Deepfake Romance Scams Have Arrived

Watch how smooth-talking scammers known as “Yahoo Boys” use widely available face-swapping tech to carry out elaborate romance scams.

Breaking Custom Encryption Using Frida (Mobile Application Pentesting)

submitted by /u/Waste-Kick-6814
[link] [comments]

Prolific phishing-made-easy emporium LabHost knocked offline in cyber-cop op

Police emit Spotify Wrapped-style videos to let crims know they're being hunted

Feature Cops have brought down a dark-web souk that provided cyber criminals with convincing copies of trusted brands' websites for use in phishing campaigns.…

Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers - Shielder

submitted by /u/smaury
[link] [comments]

Cisco creates architecture to improve security and sell you new switches

Hypershield detects bad behavior and automagically reconfigures networks to snuff out threats

Cisco has developed a product called Hypershield that it thinks represents a new way to do network security.…

OfflRouter Malware Evades Detection in Ukraine for Almost a Decade

Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform since 2018. More than 20 such documents have been uploaded since 2022. "The documents contained VBA

FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor

The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak (aka Anunak). "FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights," the BlackBerry research and intelligence team said in a new write-up. "They

Recover from Ransomware in 5 Minutes—We will Teach You How!

Super Low RPO with Continuous Data Protection:Dial Back to Just Seconds Before an Attack Zerto, a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use

New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks

A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure. The malware is "notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest," Kaspersky researcher Dmitry Kalinin said in a technical analysis.

How to Conduct Advanced Static Analysis in a Malware Sandbox

Sandboxes are synonymous with dynamic malware analysis. They help to execute malicious files in a safe virtual environment and observe their behavior. However, they also offer plenty of value in terms of static analysis. See these five scenarios where a sandbox can prove to be a useful tool in your investigations. Detecting Threats in PDFs PDF files are frequently exploited by threat actors to

Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide

As many as 37 individuals have been arrested as part of an international crackdown on a cybercrime service called LabHost that has been used by criminal actors to steal personal credentials from victims around the world. Described as one of the largest Phishing-as-a-Service (PhaaS) providers, LabHost offered phishing pages targeting banks, high-profile organizations, and other service

Cisco Hypershield: A New Era of Distributed, AI-Native Security

AI is transformative, driving huge productivity gains. The engine of AI — the data center — will grow substantially, maybe an order of magnitude or more over the coming years.

The industry went thr… Read more on Cisco Blogs

Cisco Hypershield: Reimagining Security

It is no secret that cybersecurity defenders struggle to keep up with the volume and craftiness of current-day cyber-attacks. A significant reason for the struggle is that security infrastructure has… Read more on Cisco Blogs

Singapore infosec boss warns China/West tech split will be bad for interoperability

When you decide not to trust a big chunk of the supply chain, tech (and trade) get harder

One of the biggest challenges Singapore faces is the potential for a split between tech stacks developed and used by China and the West, according to the island nation's Cyber Security Administration (CSA) chief executive David Koh.…

Taiwanese film studio snaps up Chinese surveillance camera specialist Dahua

Stymied by sanctions, it had to go … but where?

Chinese surveillance camera manufacturer Zhejiang Dahua Technology, which has found itself on the USA’s entity list of banned orgs, has fully sold off its stateside subsidiary for $15 million to Taiwan's Central Motion Picture Corporation, according to the firm's annual report released on Monday.…