A US Bill Would Ban Kids Under 13 From Joining Social Media

The legislation would insert the government into online platforms’ age-verification efforts—a move that makes some US lawmakers queasy.

DoJ, Treasury accuses 3 men of laundering crypto for North Korea

If the DPRK is named, you know it somehow involves Lazarus Group

The US government is aggressively pursuing three men accused of wide-ranging and complex conspiracies of laundering stolen and illicit cryptocurrency that the North Korean regime used to finance its massive weapons programs.…

Google leaking 2FA secrets – researchers advise against new “account sync” feature for now

You waited 13 years for this feature in Google Authenticator. Now researchers are advising you to wait a while longer, just in case...

Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks

The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. That's according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting South Africa and Nepal. Alloy Taurus is the constellation-themed moniker assigned to a

Evilflare: Circumventing Cloudflare's Protection

RDP is susceptible to a transparent Net-NTLMv2 hash-stealing attack. When disclosed, Microsoft responded: “not a vulnerability, […] by design”.

submitted by /u/obilodeau
[link] [comments]

Microsoft Launches Bug Bounty Program For The New Bing

How AI Subverts Democracy And How To Fight Back

Apache Superset: A Story Of Insecure Default Keys, Thousands Of Vulnerable Systems, Few Paying Attention

US Charges North Korean In Crypto Laundering Conspiracies

Google's New Two-Factor Authentication Isn't End-To-End Encrypted

Secure Your Infrastructure as Code with These DevOps Best Practices (+ Free Cheat Sheet)

submitted by /u/segtekdev
[link] [comments]

Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks

The prolific Iranian nation-state group known as Charming Kitten is actively targeting multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed BellaCiao, adding to its ever-expanding list of custom tools. Discovered by Bitdefender Labs, BellaCiao is a "personalized dropper" that's capable of delivering other malware payloads onto a victim machine based on

Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China

The advanced persistent threat (APT) group referred to as Evasive Panda has been observed targeting an international non-governmental organization (NGO) in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ. The attack chains are designed to distribute a Windows installer for MgBot malware, ESET security researcher Facundo Muñoz said in a new

Browser Security Survey: 87% of SaaS Adopters Exposed to Browser-borne Attacks

The browser serves as the primary interface between the on-premises environment, the cloud, and the web in the modern enterprise. Therefore, the browser is also exposed to multiple types of cyber threats and operational risks.  In light of this significant challenge, how are CISOs responding? LayerX, Browser Security platform provider, has polled more than 150 CISOs across multiple verticals and

Evasive Panda APT group delivers malware via updates for popular Chinese software

ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software

The post Evasive Panda APT group delivers malware via updates for popular Chinese software appeared first on WeLiveSecurity

Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks

The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access

The good, the bad and the generative AI

ChatGPT is just the beginning: CISOs need to prepare for the next wave of AI-powered attacks

Sponsored Feature Change in the tech industry is usually evolutionary, but perhaps more interesting are the exceptions to this rule – the microprocessor in 1968, the IBM PC in 1981, the web in 1989, the smartphone in 2007. These are the technologies whose appearance began new eras that completely reshaped the industry around them.…

So you think you can block Macros?

submitted by /u/munrobotic
[link] [comments]

VMware Releases Critical Patches for Workstation and Fusion Software

VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the

TheR1D/shell_gpt: A command-line productivity tool powered by ChatGPT, will help you accomplish your tasks faster and more efficiently.

submitted by /u/meowerguy
[link] [comments]

codingo/dorky: A tool to automate dorking of Github/Shodan and a variety of other sources

submitted by /u/meowerguy
[link] [comments]

Apache Superset: A story of insecure default keys, thousands of vulnerable systems, few paying attention

Two out of three public-facing app instances open to hijacking

Apache Superset until earlier this year shipped with an insecure default configuration that miscreants could exploit to login and take over the data visualization application, steal data, and execute malicious code.…

Menaced by miscreants, critical infrastructure needs a good ETHOS. Ah, here's one

OT firms construct handy early-warning info-sharing system

RSA Conference A group of some of the largest operational technology companies are using this year's RSA Conference as an opportunity to launch an open source early-threat-warning system designed for OT and industrial control systems (ICS) environments. …

A Security Team Is Turning This Malware Gang’s Tricks Against It

The cybercriminals behind the Gootloader malware have found clever ways to avoid detection. But researchers are using those same mechanisms to stop them.

PaperCut security vulnerabilities under active attack – vendor urges customers to patch

If you have the product, but you haven't patched - well, the crooks have now landed, so please don't delay. Do it today...

Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices

You can now sync sign-in codes across devices—but they aren’t end-to-end encrypted.

Capturing the Flag with GPT-4

submitted by /u/_vavkamil_
[link] [comments]

Eight Years Since The Obama-Xi Agreement, Chinese Hacking Is Worse Than Ever

Terra Co-Founder And 9 Staff Indicted For Role In Crypto Collapse

Google Adds Generative AI To Its Cloud Security Offerings

Artificial Intelligence Takes RSA Conference By Storm

New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks

Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets. "Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2,200 times, potentially making it

Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor

An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore, which exhibits "strong overlaps" with a hacking crew known as APT35, Charming Kitten,

CVE-2023-27524: Insecure Default Configuration in Apache Superset Leads to Remote Code Execution

submitted by /u/scopedsecurity
[link] [comments]

Modernizing Vulnerability Management: The Move Toward Exposure Management

Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding of

Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware

A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. "[RustBucket] communicates with command and control (C2) servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week.  The Apple device management company attributed it

Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis

Google's cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape.  Powering the cybersecurity suite is Sec-PaLM, a specialized large language model (LLM) that's "fine-tuned for security use cases." The idea is to take advantage of the latest advances in AI to augment

Intel Trust Domain Extensions (TDX) Security Review by Google Project Zero

submitted by /u/poltess0
[link] [comments]

KeepassXC audit report

submitted by /u/Blocikinio
[link] [comments]

Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) to the cloud. "This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security,"

How AI helps keeping Gmail inboxes malware free

submitted by /u/ebursztein
[link] [comments]

Double zero-day in Chrome and Edge – check your versions now!

Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?

New .NET Malware “WhiteSnake” Targets Python Developers, Uses Tor for C&C Communication

submitted by /u/SRMish3
[link] [comments]

Book Review: Red Team Blues

submitted by /u/feross
[link] [comments]

3D-Printable BusKill (USB Dead Man Switch) Prototype

submitted by /u/maltfield
[link] [comments]

Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs

To protect its Confidential Computing cloud infrastructure and gain critical insights, Google leans on its relationships with chipmakers.

c0c0n XVI | The cy0ps c0n - Call For Papers & Call For Workshops

submitted by /u/pr4jwal
[link] [comments]

Detecting and decrypting Sliver C2 – a threat hunter's guide

submitted by /u/kev-thehermit
[link] [comments]

Eating 4 Day Old Sushi - Replicating the SushiSwap Blockchain Hack (Blog and Live Video)

submitted by /u/mdulin2
[link] [comments]

If You Haven't Patched Microsoft Process Explorer, Prepare To Get Pwned

Capita Admits Data Stolen During Cyberattack

Pro-Russian Hackers Target European Air Traffic Control

GhostToken Vuln Could Permanently Expose Data Of Google Users

Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering

The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. "Tomiris's endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher and Ivan Kwiatkowski said in an analysis published today. "The threat actor targets government and

Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack

Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack. "The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying

Study: 84% of Companies Use Breached SaaS Applications - Here's How to Fix it for Free!

A recent review by Wing Security, a SaaS security company that analyzed the data of over 500 companies, revealed some worrisome information. According to this review, 84% of the companies had employees using an average of 3.5 SaaS applications that were breached in the previous 3 months. While this is concerning, it isn't much of a surprise. The exponential growth in SaaS usage has security and

Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites

Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, Sucuri revealed in a report published last week. The plugin in question is Eval PHP, released by a developer named flashpixx. It allows users to insert PHP code pages and posts of WordPress sites that's then executed every time the posts are

How fiends abuse an out-of-date Microsoft Windows driver to infect victims

It's like those TV movies where a spy cuts a wire and the whole building's security goes out

Ransomware spreaders have built a handy tool that abuses an out-of-date Microsoft Windows driver to disable security defenses before dropping malware into the targeted systems.…

PaperCut CVE-2023-27350 Deep Dive, Indicators of Compromise, and Exploit POC

submitted by /u/scopedsecurity
[link] [comments]