Mattress maker Tempur Sealy says it isolated tech system to contain cyber burglary

Sleeping giant says no sign yet personal info was stolen

Tempur Sealy, among the world's largest providers of bedding, has notified the Securities and Exchange Commission of a digital burglary by cyber crims that forced it to isolate parts of the tech infrastructure.…

AWS IAM Persistence Methods - Hacking The Cloud

submitted by /u/RedTermSession
[link] [comments]

European Bank Customers Targeted in SpyNote Android Trojan Campaign

Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023. "The spyware is distributed through email phishing or smishing campaigns and the fraudulent activities are executed with a combination of remote access trojan (RAT) capabilities and vishing attack," Italian cybersecurity

A New Attack Impacts ChatGPT—and No One Knows How to Stop It

Researchers found a simple way to make ChatGPT, Bard, and other chatbots misbehave, proving that AI is hard to tame.

How AI May Be Used to Create Custom Disinformation Ahead of 2024

Generative AI won't just flood the internet with more lies—it may also create convincing disinformation that's targeted at groups or even individuals.

What is Data Security Posture Management (DSPM)?

Data Security Posture Management is an approach to securing cloud data by ensuring that sensitive data always has the correct security posture - regardless of where it's been duplicated or moved to. So, what is DSPM? Here's a quick example: Let's say you've built an excellent security posture for your cloud data. For the sake of this example, your data is in production, it's protected behind a

Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia

The threat actor known as Space Pirates has been linked to attacks against at least 16 organizations in Russia and Serbia over the past year by employing novel tactics and adding new cyber weapons to its arsenal. "The cybercriminals' main goals are still espionage and theft of confidential information, but the group has expanded its interests and the geography of its attacks," Positive

Quantum computing: Will it break crypto security within a few years?

Current cryptographic security methods watch out - quantum computing is coming for your lunch.

China's APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe

A nation-state actor with links to China is suspected of being behind a series of attacks against industrial organizations in Eastern Europe that took place last year to siphon data stored on air-gapped systems. Cybersecurity company Kaspersky attributed the intrusions with medium to high confidence to a hacking crew called APT31, which is also tracked under the monikers Bronze Vinewood,

US military battling cyber threats from within and without

As if attacks from China weren't enough, one of the Air Force's own has reportedly gone rogue

The US government is fighting a pair of cyber security incidents, one involving Chinese spies who potentially gained access to crucial American computer networks and the other related to an Air Force engineer allegedly compromised communications security by stealing sensitive equipment and taking it home.…

China bans export of drones some countries have already banned anyway

Some say retaliation for sanctions, but Beijing says it just wants world peace

China introduced restrictions on Monday that mean would-be exporters will require a license to ship certain drones and related equipment out of the Middle Kingdom.…

Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan

Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer, and spyware referred to as Ursnif (aka Gozi). "It is a sophisticated downloader with the objective of installing a second malware payload," Proofpoint said in a technical report. "The malware uses multiple mechanisms

Multi-threaded secretsdump.py

submitted by /u/edreatingmonkey
[link] [comments]

White House: Losing Section 702 spy powers would be among 'worst intelligence failures of our time'

As expert panel suggests some tweaks to boost public's confidence in FISA

The White House has weighed in on the Section 702 debate, urging lawmakers to reauthorize, "without new and operationally damaging restrictions," the controversial snooping powers before they expire at the end of the year.…

SEC demands four-day disclosure limit for cybersecurity breaches

When is a ransomware attack a reportable matter? And how long have you got to decide?

Second Ivanti EPMM Zero-Day Vulnerability Exploited In Targeted Attacks

Was Pro-Russian Group Behind Kenya Cyber-Attack?

Instead Of Warrants, The NSA Would Like To Keep Buying Your Data

Unpatched Apache Tomcat Servers Spread Mirai Botnet Malware

New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods

The P2PInfect peer-to-peer (P2) worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security researchers Nate Bill and Matt Muir said in a report shared with The Hacker News. "A common attack

Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor

Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also known by the names Operation Hangover and Zinc Emerson, is suspected to be a threat group that

Hikvision, Nvidia named in contract for 'Uyghur detection'

GPU giant says you can't stop secondary sales, surveillance gear maker maintains innocence

Updated Video surveillance equipment maker Hikvision was paid $6 million by the Chinese government last year to provide technology that could identify members of the nation's Uyghur people, a Muslim ethnic majority, according to physical security monitoring org IPVM.…

Webinar: Riding the vCISO Wave: How to Provide vCISO Services

Demand for Virtual CISO services is soaring. According to Gartner, the use of vCISO services among small and mid-size businesses and non-regulated enterprises was expected to grow by a whopping 1900% in just one year, from only 1% in 2021 to 20% in 2022! Offering vCISO services can be especially attractive for MSPs and MSSPs. By addressing their customers’ needs for proactive cyber resilience,

Apple iOS, Google Android Patch Zero-Days in July Security Updates

Plus: Mozilla fixes two high-severity bugs in Firefox, Citrix fixes a flaw that was used to attack a US-based critical infrastructure organization, and Oracle patches over 500 vulnerabilities.

SpyNote continues to attack financial institutions | Cleafy Labs

submitted by /u/f3d_0x0
[link] [comments]

AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service

More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office (SOHO) routers as part of a multi-year campaign active since at least May 2021. AVRecon was first disclosed by Lumen Black Lotus Labs earlier this month as malware capable of executing additional commands and stealing victim's bandwidth for what appears to be an

Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT

Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT. "Among the software in question are various instruments for fine-tuning CPUs, graphic cards, and BIOS; PC hardware-monitoring tools; and some other apps," cybersecurity

What would sustainable security even look like?

Clue: Nothing like what’s on offer today

Opinion "There seems to be something wrong with our bloody ships today," fumed Admiral David Beatty during 1916's Battle of Jutland. Fair enough: three of the Royal Navy's finest vessels had just blown up and sank.…

Gathering dust and data: How robotic vacuums can spy on you

Mitigate the risk of data leaks with a careful review of the product and the proper settings.

Bug Bounty: How I gained over 1000 REPUTATION on HackerOne in 3 Months

submitted by /u/kongwenbin
[link] [comments]

Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable

Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data. The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, Patchstack said in a report last week. Ninja Forms is installed on over 800,000 sites. A brief description

US senator victim-blames Microsoft for Chinese hack

ALSO: China says US hacked it right back, BreachForums users have been pwned, and this week's critical vulns

Infosec in brief US senator Ron Wyden (D-OR) thinks it's Microsoft's fault that Chinese hackers broke into Exchange Online, and he wants three separate government agencies to launch investigations and hold the Windows giant "responsible for its negligent cyber security practices." …

CVE-2023-27997: Critical Fortinet Fortigate RCE Vulnerability

submitted by /u/jpanixix
[link] [comments]

AMD 'Zenbleed' Bug Leaks Data From Zen 2 Ryzen, EPYC CPUs: Most Patches Coming Q4

submitted by /u/PsyOmega
[link] [comments]

Xep-WhoIs - A TypeScript WHOIS library which supports almost all the text-based WHOIS servers (minimal code)

submitted by /u/Oshan96
[link] [comments]

‘Call of Duty: Modern Warfare 2’ Players Hit With Worm Malware

Plus: Russia tightens social media censorship, new cyberattack reporting rules for US companies, and Google Street View returns to Germany.

New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data

A new Android malware strain called CherryBlos has been observed making use of optical character recognition (OCR) techniques to gather sensitive data stored in pictures. CherryBlos, per Trend Micro, is distributed via bogus posts on social media platforms and comes with capabilities to steal cryptocurrency wallet-related credentials and act as a clipper to substitute wallet addresses when a

RFP Template for Browser Security

Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group of experts have recognized the pressing need for comprehensive browser security solutions and collaborated to develop "The Definitive Browser Security RFP Template." This resource helps streamline the process of evaluating and procuring browser security platforms

Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse

Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection. "This will help ensure that apps only use these APIs for their intended purpose," the company said in a statement. "As part of this process, you'll need

Hackers Deploy "SUBMARINE" Backdoor in Barracuda Email Security Gateway Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday disclosed details of a "novel persistent backdoor" called SUBMARINE deployed by threat actors in connection with the hack on Barracuda Email Security Gateway (ESG) appliances. "SUBMARINE comprises multiple artifacts — including a SQL trigger, shell scripts, and a loaded library for a Linux daemon — that together enable

Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack

Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as CVE-2023-35081 (CVSS score: 7.8), impacts supported versions 11.10, 11.9, and 11.8, as well as those that are currently end-of-life (EoL). "CVE-

Florida man accused of hoarding America's secrets faces fresh charges

Mar-a-Lago IT director told 'the boss wanted the server deleted'

Federal prosecutors have expanded their criminal case against a famous Floridian and his loyal minions for allegedly mishandling national security secrets and not being forthright about the storage and handling of hundreds of classified documents.…

Millions of people's data stolen because web devs forget to check access perms

IDORs of the storm

Personal, financial, and health information belonging to millions of folks has been stolen via a particular class of website vulnerability, say cybersecurity agencies in the US and Australia. They're urging developers to review their code and squish these bugs for good.…

FBI boss: Congress must renew Section 702 spy powers – that's how we get nearly all our cyber intel

Also: China's 'got a bigger hacking program than that of every major nation combined'

Nearly all of the FBI's technical intelligence on malicious "cyber actors" in the first half of this year was obtained via Section 702 searches, according to FBI Director Christopher Wray.…

Chinese companies evade sanctions, fuel Moscow’s war on Ukraine, says report

PRC semiconductor exports curiously rose 19% y-o-y for first 9 months of 2022

Chinese companies, including state-owned defense companies, are evading tech sanctions and fueling Moscow’s war in Ukraine, according to a US report released on Thursday.…

MOVEit Bug Tied To Breach Of Up To 11M Records Via Govt Contractor

Exploitation Of Recent Citrix ShareFile RCE Vulnerability Begins

US Senator Blasts Microsoft For Negligent Cybersecurity Practices

NATO Probes Hacktivist Crew's Boasts Of Stolen Data

IcedID Malware Adapts and Expands Threat with Updated BackConnect Module

The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that's used for post-compromise activity on hacked systems, new findings from Team Cymru reveal. IcedID, also called BokBot, is a strain of malware similar to Emotet and QakBot that started off as a banking trojan in 2017, before switching to the role of an initial access facilitator

STARK#MULE Targets Koreans with U.S. Military-themed Document Lures

An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems. Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE. The scale of the attacks is currently not known, and it's not clear if any of these attack attempts turned out to be

Is backdoor access oppressive? – Week in security with Tony Anscombe

Bills granting access to end-to-end encrypted systems, opportunity for cybercriminals, abuse by authority, human rights, and tech companies leaving the UK?

A Data Exfiltration Attack Scenario: The Porsche Experience

As part of Checkmarx's mission to help organizations develop and deploy secure software, the Security Research team started looking at the security posture of major car manufacturers. Porsche has a well-established Vulnerability Reporting Policy (Disclosure Policy)[1], it was considered in scope for our research, so we decided to start there, and see what we could find. What we found is an

Hackers Abusing Windows Search Feature to Install Remote Access Trojans

A legitimate Windows search feature is being exploited by unknown malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT. The novel attack technique, per Trellix, takes advantage of the "search-ms:" URI protocol handler, which offers the ability for applications and HTML links to launch custom

BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities

The Russian nation-state actor known as BlueBravo has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton, exemplifying the continuous evolution of the threat. The phishing campaign is characterized by the use of legitimate internet services (LIS) for command-and-control (C2) obfuscation, Recorded Future said in

Weekly Update 358

IoT, breaches and largely business as usual so I'll skip that in the intro to this post and jump straight to the end: the impending HIBP domain search changes. As I say in the vid, I really value people's feedback on this so if nothing else, please skip through to 48:15, listen to that section and let me know what you think. By the time I do next week's vid my hope is that all the coding work is done and I'm a couple of days out from shipping it, so now is your time to provide input if you think there's something I'm missing that really should be in there 🙂

References

1. Sponsored by: Kolide ensures that if a device isn't secure, it can't access your apps. It's Device Trust for Okta. Watch the demo today!
2. Messing with door-knocking real estate agents is a really good use of Home Assistant and Ubiquiti IMHO (channelling my inner Password Purgatory demons on this one!)
3. The BookCrossing breach went into HIBP (plain text passwords FTW!)
4. An old Roblox breach surfaced and also went into HIBP (Roblox has had quite the time of it lately...)
5. BreachForums, was itself, breached (definitely legit too, given the presence of a "lurker" account I created there)

Introducing Chronometry by @yokai_network. A free tamper-proof tool designed for hackers to record and preserve Proof-of-Hacks (PoH)

submitted by /u/ant4g0nist
[link] [comments]

Trail of Bits Testing Handbook with the first chapter on Semgrep

submitted by /u/Zealousideal-Half863
[link] [comments]

Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required

Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an "extremely severe" flaw that could result in pre-authenticated remote code execution on affected installations. Tracked as CVE-2023-38646, the issue impacts open-source editions prior to 0.46.6.1 and Metabase Enterprise

Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches

Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. This includes a specific class of bugs called Insecure Direct Object Reference (IDOR), a type of access control flaw that occurs when an