Cops Just Revealed a Record-Breaking Dark Web Dragnet

Operation SpecTor likely drew on leads from multiple dark web market busts, including the secret takedown of Monopoly Market in 2021.

Apple Uses Rapid Security Response Feature For The First Time

Russia's APT28 Targets Ukraine With Bogus Windows Updates

AI Godfather Geoffrey Hinton Warns Of Dangers As He Quits Google

White House To Study Employer Tools That Monitor Workers

T-Mobile Promises Better Security After Year's Second Breach

Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software

Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol (BGP) that could be weaponized to achieve a denial-of-service (DoS) condition on vulnerable BGP peers. The three vulnerabilities reside in version 8.4 of FRRouting, a popular open source internet routing protocol suite for Linux and Unix platforms. It's currently used by several

In the face of data disaster

How to recover from cyber attacks on Microsoft 365

Webinar Every organization needs a full set of data recovery tools. The sort that will get you back up and running quickly after a ransomware attack, outage, or accidental data deletion. And it's best to be prepared in advance rather than deal with the data disaster face to face when it happens.…

Easy Pentest Reporting Tool SysReptor released (Community Edition)

submitted by /u/Pleasant-Drawer729
[link] [comments]

Databricks platform root privilege escalation and bypassing cluster isolation

submitted by /u/0x9000
[link] [comments]

BouldSpy Android Spyware: Iranian Government's Alleged Tool for Spying on Minority Groups

A new Android surveillanceware possibly used by the Iranian government has been used to spy on over 300 individuals belonging to minority groups. The malware, dubbed BouldSpy, has been attributed with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Targeted victims include Iranian Kurds, Baluchis, Azeris, and Armenian Christian groups. "The spyware

Why Telecoms Struggle with SaaS Security

The telecom industry has always been a tantalizing target for cybercriminals. The combination of interconnected networks, customer data, and sensitive information allows cybercriminals to inflict maximum damage through minimal effort. It’s the breaches in telecom companies that tend to have a seismic impact and far-reaching implications — in addition to reputational damage, which can be

Data loss costs are going up – and not just for those who choose to pay thieves

Ransoms, investigations, and breach-related lawsuits are hitting companies in the wallet, law firm says

Data loss – particularly from ransomware attacks – has always been a costly proposition for enterprises. However, the price organizations have to pay is going up, not only in terms of the ransom demanded but also for the cost of investigating attacks and the lawsuits that increasingly follow in the wake of such breaches.…

SolarWinds: The Untold Story of the Boldest Supply-Chain Hack

The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation.

LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads

In yet another instance of how threat actors are abusing Google Ads to serve malware, a threat actor has been observed leveraging the technique to deliver a new Windows-based financial trojan and information stealer called LOBSHOT. "LOBSHOT continues to collect victims while staying under the radar," Elastic Security Labs researcher Daniel Stepanic said in an analysis published last week. "One

North Korea's ScarCruft Deploys RokRAT Malware via LNK File Infection Chains

The North Korean threat actor known as ScarCruft started experimenting with oversized LNK files as a delivery route for RokRAT malware as early as July 2022, the same month Microsoft began blocking macros across Office documents by default. "RokRAT has not changed significantly over the years, but its deployment methods have evolved, now utilizing archives containing LNK files that initiate

Russia's APT28 targets Ukraine government with bogus Windows updates

Nasty emails designed to infect systems with info-stealing malware

The Kremlin-backed threat group APT28 is flooding Ukrainian government agencies with email messages about bogus Windows updates in the hope of dropping malware that will exfiltrate system data.…

Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The security vulnerabilities are as follows - CVE-2023-1389 (CVSS score: 8.8) - TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046 (CVSS score: 9.0) - Apache Log4j2 Deserialization of Untrusted

Exploiting an Order of Operations Bug to Achieve RCE in Oracle Opera

submitted by /u/Mempodipper
[link] [comments]

CoinMiner (KONO DIO DA) Distributed to Linux SSH Servers

submitted by /u/montouesto
[link] [comments]

Feds rethink warrantless search stats and – oh look, a huge drop in numbers

119,000 instances of homeland snooping as the power to do so comes under review

Warrantless searches of US residents' communications by the FBI dropped sharply last year – from about 3.4 million in 2021 to 119,383 in 2022, according to Uncle Sam.…

Apple delivers first-ever Rapid Security Response “cyberattack” patch – leaves some users confused

Just when we'd got used to three-numbered versions, such as "13.3.1", here comes an update suffix, bringing you "13.3.1 (a)"...

IT giant Bitmarck shuts down customer, internal systems after cyberattack

Patient data 'was and is never endangered', says medical tech slinger

German IT services provider Bitmarck has shut down all of its customer and internal systems, including entire datacenters in some cases, following a cyberattack. …

[PAPERBUG] Nomadic Octopus’ Paperbug Campaign

submitted by /u/wtfse
[link] [comments]

Practical Risks to Machine Learning Systems -- Pickle Serialization of Shared Models

submitted by /u/SUPACOMPUTA
[link] [comments]

Cyber-Attack Sparks Fears That Criminals Could Target UK Gun Owners

High Severity SLP Bug Could Launch Amplified DoS Attacks

Sensitive Data Is Being Leaked From Servers Running Salesforce Software

ChatGPT Accessible Again In Italy

Centralized secrets management picks up pace

How cloud migration and machine identities are fueling enterprise demand for secrets management systems

Sponsored Feature There's no question that fast-feedback software delivery offers multiple advantages by streamlining processes for developers. But in software development, as in life, there is no such thing as a free lunch.…

New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks

An analysis of over 70 billion DNS records has led to the discovery of a new sophisticated malware toolkit dubbed Decoy Dog targeting enterprise networks. Decoy Dog, as the name implies, is evasive and employs techniques like strategic domain aging and DNS query dribbling, wherein a series of queries are transmitted to the command-and-control (C2) domains so as to not arouse any suspicion. "

Google adds account sync for Authenticator, without E2EE

Also: Your Salesforce Community site might be leaking; a new CPU side-channel; and this week's critical vunls

in brief You may have heard news this week that Google is finally updating its authenticator app to add Google account synchronization. Before you rush to ensure your two-factor secrets are safe in the event you lose your device, take heed: The sync process isn't end-to-end encrypted.…

The High-Stakes Scramble to Stop Classified Leaks

AI tools? A porn filter, but for Top Secret documents? Just classifying less stuff? US lawmakers are full of ideas but lack a silver bullet.

Wanted Dead or Alive: Real-Time Protection Against Lateral Movement

Just a few short years ago, lateral movement was a tactic confined to top APT cybercrime organizations and nation-state operators. Today, however, it has become a commoditized tool, well within the skillset of any ransomware threat actor. This makes real-time detection and prevention of lateral movement a necessity to organizations of all sizes and across all industries. But the disturbing truth

Vietnamese Threat Actor Infects 500,000 Devices Using 'Malverposting' Tactics

A Vietnamese threat actor has been attributed as behind a "malverposting" campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as S1deload Stealer and SYS01stealer. Malverposting refers to the use of promoted social media posts on services like Facebook and Twitter to mass propagate malicious

APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country. The agency attributed the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy. The email messages come with the subject line "

Azure DevOps CICD Pipelines - Command Injection with Parameters, Variables and a discussion on Runner hijacking

submitted by /u/MysteriousHotel3017
[link] [comments]

Your security failure was so bad we have to close the company … NOT!

There are pranks, and savage pranks, and this prank when the CTO and HR ganged up on a very stressed techie

Who, Me? Welcome once again, gentle reader, to the safe space we call Who, Me? in which Reg readers can confess to the naughty or not-quite-competent things they did at work, knowing they will not be judged.…

Google Blocks 1.43 Million Malicious Apps, Bans 173,000 Bad Accounts in 2022

Google disclosed that its improved security features and app review processes helped it block 1.43 million bad apps from being published to the Play Store in 2022. In addition, the company said it banned 173,000 bad accounts and fended off over $2 billion in fraudulent and abusive transactions through developer-facing features like Voided Purchases API, Obfuscated Account ID, and Play Integrity

China has 50 hackers for every FBI cyber agent, says Bureau boss

Combatting it is going to take more money. Lots of more money.

China has 50 hackers for every one of the FBI's cyber-centric agents, the Bureau's director told a congressional committee last week.…

Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!

submitted by /u/panscanner
[link] [comments]

Elastic Security Labs discovers the LOBSHOT malware

submitted by /u/montouesto
[link] [comments]

assetnote/ghostbuster: Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.

submitted by /u/Mempodipper
[link] [comments]

Apple, Google, and Microsoft Just Fixed Zero-Day Security Flaws

Firefox gets a needed tune-up, SolarWinds squashes two high-severity bugs, Oracle patches 433 vulnerabilities, and more updates you should make now.

Automate Burp Certificate Installation on Android with ChatGPT's Python Tool

submitted by /u/Ano_F
[link] [comments]

Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram

These malware peddlers are specifically going after Mac users. The hint's in the name: "Atomic macOS Stealer", or AMOS for short.

The Tragic Fallout From a School District’s Ransomware Breach

Plus: Cyber Command’s disruption of Iranian election hacking, an exposé on child sex trafficking on Meta’s platforms, and more.

ChatGPT is Back in Italy After Addressing Data Privacy Concerns

OpenAI, the company behind ChatGPT, has officially made a return to Italy after the company met the data protection authority's demands ahead of April 30, 2023, deadline. The development was first reported by the Associated Press. OpenAI's CEO, Sam Altman, tweeted, "we're excited ChatGPT is available in [Italy] again!" The reinstatement comes following Garante's decision to temporarily block 

State of DNS Rebinding in 2023

submitted by /u/Tough_Indication_710
[link] [comments]

Google wins court order to force ISPs to filter botnet traffic

CryptBot criminals are alleged to have plundered browser passwords, illicitly-snapped screenshots, cryptocurrency account data, and more.

DOJ Detected SolarWinds Breach Months Before Public Disclosure

In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.

How Cloud Environments Are Exploited for Smishing Campaigns

submitted by /u/permis0
[link] [comments]

Online Safety Bill age checks? We won't do 'em, says Wikipedia

World's encyclopedia warns draft law could boot it offline in UK

Wikipedia won't be age-gating its services no matter what final form the UK's Online Safety Bill takes, two senior folks from nonprofit steward the Wikimedia Foundation said this morning.…

What was hot at RSA Conference 2023? – Week in security with Tony Anscombe

The importance of understanding – and prioritizing – the privacy and security implications of large language models like ChatGPT cannot be overstated

The post What was hot at RSA Conference 2023? – Week in security with Tony Anscombe appeared first on WeLiveSecurity

Google Authenticator's New Syncing Feature Raises Security Concerns

Attacks On PaperCut Servers Tied To Ransomware Groups

Google Gets Court Order To Shut Down Malware Domains

6 Key Moments From House Republicans' Hearing On Warrant-Free FISA Surveillance

Chinese Alloy Taurus Updates PingPull Malware

submitted by /u/EspoJ
[link] [comments]

Finding XSS in a million websites (cPanel CVE-2023-29489)

submitted by /u/Mempodipper
[link] [comments]