FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdaySecurity

Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware

By Ravie Lakshmanan
A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain calledΒ RustBucket. "[RustBucket] communicates with command and control (C2) servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron BradleyΒ saidΒ in a technical report published last week.Β  The Apple device management company attributed it

Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis

By Ravie Lakshmanan
Google's cloud division is following in theΒ footsteps of MicrosoftΒ with the launch ofΒ Security AI WorkbenchΒ that leverages generative AI models to gain better visibility into the threat landscape.Β  Powering the cybersecurity suite is Sec-PaLM, a specialized large language model (LLM) that's "fine-tuned for security use cases." The idea is to take advantage of the latest advances in AI to augment

Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

By Ravie Lakshmanan
Search giant Google on Monday unveiled a major update to itsΒ 12-year-oldΒ Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs)Β to the cloud. "This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security,"

Double zero-day in Chrome and Edge – check your versions now!

By Paul Ducklin
Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?

Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs

By Lily Hay Newman
To protect its Confidential Computing cloud infrastructure and gain critical insights, Google leans on its relationships with chipmakers.

Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering

By Ravie Lakshmanan
The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. "Tomiris's endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher and Ivan KwiatkowskiΒ saidΒ in an analysis published today. "The threat actor targets government and

Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack

By Ravie Lakshmanan
Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack. "The AuKill tool abuses an outdated version of theΒ driverΒ used by version 16.32 of the Microsoft utility,Β Process Explorer, to disable EDR processes before deploying

Study: 84% of Companies Use Breached SaaS Applications - Here's How to Fix it for Free!

By The Hacker News
A recent review by Wing Security, a SaaS security company that analyzed the data of over 500 companies,Β revealed some worrisome information. According to this review, 84% of the companies had employees using an average of 3.5 SaaS applications that were breached in the previous 3 months. While this is concerning, it isn't much of a surprise. The exponential growth in SaaS usage has security and

Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites

By Ravie Lakshmanan
Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, SucuriΒ revealedΒ in a report published last week. The plugin in question is Eval PHP, released by a developer named flashpixx. It allows users to insert PHP code pages and posts of WordPress sites that's then executed every time the posts are

How fiends abuse an out-of-date Microsoft Windows driver to infect victims

It's like those TV movies where a spy cuts a wire and the whole building's security goes out

Ransomware spreaders have built a handy tool that abuses an out-of-date Microsoft Windows driver to disable security defenses before dropping malware into the targeted systems.…

  • April 24th 2023 at 11:30
  • β†—

New All-in-One "EvilExtractor" Stealer for Windows Systems Surfaces on the Dark Web

By Ravie Lakshmanan
A new "all-in-one" stealer malware namedΒ EvilExtractorΒ (also spelled Evil Extractor) is being marketed for sale for other threat actors to steal data and files from Windows systems. "It includes several modules that all work via an FTP service," Fortinet FortiGuard Labs researcher Cara LinΒ said. "It also contains environment checking and Anti-VM functions. Its primary purpose seems to be to

Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers

By Ravie Lakshmanan
Print management software provider PaperCut said that it has "evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro. "PaperCut has conducted analysis on all customer reports, and the earliest signature of suspicious activity on a customer server potentially linked to this vulnerability is 14th April 01

That 3CX supply chain attack keeps getting worse: Other vendors hit

Also, Finland sentences CEO of breach company to prison (kind of), and this week's laundry list of critical vulns

In Brief We thought it was probably the case when the news came out, but now it's been confirmed: The X_Trader supply chain attack behind the 3CX compromise last month wasn't confined to the telco developer.…

  • April 24th 2023 at 03:27
  • β†—

Chinese scientists calculate the Milky Way's mass as 805 billion times that of our Sun

ALSO: Australia says offensive hacking is working; DJI hit with $279m patent suit; Philippines Police leak data; and more

Asia In Brief Chinese scientists have estimated the mass of the Milky Way.…

  • April 24th 2023 at 00:29
  • β†—

Hacker Group Names Are Now Absurdly Out of Control

By Andy Greenberg
Pumpkin Sandstorm. Spandex Tempest. Charming Kitten. Is this really how we want to name the hackers wreaking havoc worldwide?

Weekly Update 344

By Troy Hunt
Weekly Update 344

I feel like a significant portion of this week's video went to discussing "the Coinbase breach that wasn't a Coinbase breach". There are various services out there that are used by the likes of password managers to alert their customers to new breaches (including HIBP in 1Password) and whoever Dashlane is using frankly, royally cocked up the attribution. What was a garden variety list of email addresses someone had just chucked the "Coinbase" name on had absolutely nothing to do with a breach of the crypto company. It's frustrating to watch, and I suspect that will come through when you watch the video too. See what you think.

Weekly Update 344
Weekly Update 344
Weekly Update 344
Weekly Update 344

References

  1. I take an inordinate amount of pleasure in screwing with scammers / spammers (and judging by the reactions to that thread, so do you! 🀣)
  2. Misattributing a data breach can be a pretty serious issue, and Dashlane's provider incorrectly implicating Coinbase as having been pwned isn't a good look (I'm especially frustrated given how much time I invest doing verification so precisely this doesn't happen!)
  3. Domain searches via API are coming to HIBP! (that's a link to a "started" UserVoice idea, vote there if you'd like to be kept in the loop on progress)
  4. I'm trialling using a Twitter subscription to provide earlier insights into breaches and seek community support in handling and disclosing them (no need to explicitly let me know if that's not of interest, just don't sign up πŸ™‚)
  5. Sponsored by: Kolide ensures only secure devices can access your cloud apps. It's Zero Trust tailor-made for Okta. Book a demo today.

Criminals Are Using Tiny Devices to Hack and Steal Cars

By Matt Burgess
Apple thwarts NSO’s spyware, the rise of a GPT-4 black market, Russia targets Starlink internet connections, and more.

Vulkan Files

By /u/Snoo_27235
submitted by /u/Snoo_27235
[link] [comments]

European air traffic control confirms website 'under attack' by pro-Russia hackers

Another cyber nuisance in support of Putin's war, nothing too serious

Europe's air-traffic agency appears to be the latest target in pro-Russian miscreants' attempts to disrupt air travel.…

  • April 22nd 2023 at 07:09
  • β†—

Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach

By Ravie Lakshmanan
Lazarus, the prolific North Korean hacking group behind the cascadingΒ supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come courtesy ofΒ Symantec's Threat Hunter Team, confirm earlier suspicions that the

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug

By Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. TheΒ three vulnerabilitiesΒ are as follows - CVE-2023-28432Β (CVSS score - 7.5) - MinIO Information Disclosure VulnerabilityΒ  CVE-2023-27350Β (CVSS score - 9.8) - PaperCut MF/NG Improper Access Control

Microsoft pushes for more women in cybersecurity

Redmond tops industry average, still got a way to go

Microsoft has partnered with organizations around the globe to bring more women into infosec roles, though the devil is in the details.…

  • April 21st 2023 at 22:03
  • β†—

VMware patches break-and-enter hole in logging tools: update now!

By Paul Ducklin
You know jolly well/What we're going to say/And that's "Do not delay/Simply do it today."

The Case Against Automatic Dependency Updates

By /u/DevSec23

Are automatic dependency updates always a good idea?

submitted by /u/DevSec23
[link] [comments]

Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining

By Ravie Lakshmanan
A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run cryptocurrency miners. "The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack," cloud security firm Aqua said in a report shared with The Hacker News. The Israeli company, which dubbed the attackΒ 

GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform

By Ravie Lakshmanan
Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform (GCP) that could have enabled threat actors to conceal an unremovable, malicious application inside a victim's Google account. Dubbed GhostToken by Israeli cybersecurity startup Astrix Security, the shortcoming impacts all Google accounts, including enterprise-focused Workspace accounts. It

14 Kubernetes and Cloud Security Challenges and How to Solve Them

By The Hacker News
Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and adopt comprehensive security solutions to protect their digital assets. In response,Β Uptycs, the first

The War on Passwords Enters a Chaotic New Phase

By Lily Hay Newman
The transition from traditional logins to cryptographic passkeys is getting messy. But don’t worryβ€”there’s a plan.

International cops urge Meta not to implement secure encryption for all

Why? Well, think of the children, of course

An international group of law enforcement agencies are urging Meta not to standardize end-to-end encryption on Facebook Messenger and Instagram, which they say will harm their ability to fight child sexual abuse material (CSAM) online.…

  • April 21st 2023 at 10:28
  • β†—

Did you mistakenly sell your network access? – Week in security with Tony Anscombe

By Editor

Many routers that are offered for resale contain sensitive corporate information and allow third-party connections to corporate networks

The post Did you mistakenly sell your network access? – Week in security with Tony Anscombe appeared first on WeLiveSecurity

  • April 21st 2023 at 10:00
  • β†—

N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX

By Ravie Lakshmanan
The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors. Google-owned Mandiant, which isΒ trackingΒ the attack event under the monikerΒ UNC4736,Β saidΒ the incident marks the first time it has seen a "software supply chain attack lead to another software
❌