FreshRSS

🔒
❌ About FreshRSS
☷
△ 🔃
There are new available articles, click to refresh the page.
Before yesterdaySecurity

S3 Ep146: Tell us about that breach! (If you want to.)

By Paul Ducklin
Serious security stories explained clearly in plain English - listen now. (Full transcript available.)

Malicious Apps Use Sneaky Versioning Technique to Bypass Google Play Store Scanners

By THN
Threat actors are leveraging a technique called versioning to evade Google Play Store's malware detections and target Android users. "Campaigns using versioning commonly target users' credentials, data, and finances," Google Cybersecurity Action Team (GCAT) said in its August 2023 Threat Horizons Report shared with The Hacker News. While versioning is not a new phenomenon, it's sneaky and hard

New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3

By THN
Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive data and steal cryptocurrency. "It exhibits a higher level of sophistication through modular design, code obfuscation, adoption to the Chrome Extension Manifest V3, and additional features such as the ability to exfiltrate stolen data to a Telegram channel

Hundreds of Citrix NetScaler ADC and Gateway Servers Hacked in Major Cyber Attack

By THN
Hundreds of Citrix NetScaler ADC and Gateway servers have been breached by malicious actors to deploy web shells, according to the Shadowserver Foundation. The non-profit said the attacks take advantage of CVE-2023-3519, a critical code injection vulnerability that could lead to unauthenticated remote code execution. The flaw, patched by Citrix last month, carries a CVSS score of 9.8. The 

A Penetration Testing Buyer's Guide for IT Security Teams

By The Hacker News
The frequency and complexity of cyber threats are constantly evolving. At the same time, organizations are now collecting sensitive data that, if compromised, could result in severe financial and reputational damage. According to Cybersecurity Ventures, the cost of cybercrime is predicted to hit $8 trillion in 2023 and will grow to $10.5 trillion by 2025. There is also increasing public and

Microsoft Flags Growing Cybersecurity Concerns for Major Sporting Events

By THN
Microsoft is warning of the threat malicious cyber actors pose to stadium operations, warning that the cyber risk surface of live sporting events is "rapidly expanding." "Information on athletic performance, competitive advantage, and personal information is a lucrative target," the company said in a Cyber Signals report shared with The Hacker News. "Sports teams, major league and global

"Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches

By THN
A hacktivist group known as Mysterious Team Bangladesh has been linked to over 750 distributed denial-of-service (DDoS) attacks and 78 website defacements since June 2022. "The group most frequently attacks logistics, government, and financial sector organizations in India and Israel," Singapore-headquartered cybersecurity firm Group-IB said in a report shared with The Hacker News. "The group is

Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats

By THN
Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard (previously Nobelium). It's also called APT29, BlueBravo, Cozy Bear, Iron Hemlock, and The Dukes.

Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability

By THN
Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile (EPMM), prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 (CVSS score: 10.0) and discovered by Rapid7, the issue "allows unauthenticated attackers to access the API in older unsupported

Performance and security clash yet again in “Collide+Power” attack

By Paul Ducklin
It's a real vulnerability, but the data leakage rate can be as low as... let's just say that an IMAX-quality copy of the new "Oppenheimer" movie could take you 4 billion years to exfiltrate.

The grand theft of Jake Moore’s voice: The concept of a virtual kidnap

With powerful AI, it doesn’t take much to fake a person virtually, and while there are some limitations, voice-cloning can have some dangerous consequences.
  • August 2nd 2023 at 12:38
  • ↗

Russian Cyber Adversary BlueCharlie Alters Infrastructure in Response to Disclosures

By THN
A Russia-nexus adversary has been linked to 94 new domains starting March 2023, suggesting that the group is actively modifying its infrastructure in response to public disclosures about its activities. Cybersecurity firm Recorded Future linked the revamped infrastructure to a threat actor it tracks under the name BlueCharlie, a hacking crew that's broadly known by the names Blue Callisto,

Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023

By THN
About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year. According to data compiled by SynSaber, a total of 670 ICS product flaws were reported via the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in the first half of

Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign

By THN
A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure. "Those phishing campaigns cleverly evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook's Web Games platform,"

Top Industries Significantly Impacted by Illicit Telegram Networks

By The Hacker News
In recent years the rise of illicit activities conducted within online messaging platforms has become a growing concern for countless industries. One of the most notable platforms that has been host to many malicious actors and nefarious activities has been Telegram. Thanks to its accessibility, popularity, and user anonymity, Telegram has attracted a large number of threat actors driven by

Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan

By THN
Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments "The SSM agent, a legitimate tool used by admins to manage their instances, can be re-purposed by an attacker who has achieved high privilege access on an endpoint with

Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers

By THN
Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews. "Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U.S. sanctions – under the direction of someone going by the name Hassan Nozari," Halcyon said in a new

Australian Senate committee recommends bans on Chinese social media apps

WeChat accused of 'contempt for Parliament' as transparency rules floated for platforms

An Australian Senate Committee has recommended banning Chinese social media apps in the land down under, on grounds the Communist Party of China uses them to spread propaganda and misinformation.…

  • August 2nd 2023 at 06:30
  • ↗

Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability

By THN
Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian

Socket moves beyond JavaScript and Python and gets into Go

CEO, fresh with funds, lays out the dependency dilemma

Interview Open source security biz Socket is extending its source code dependency checker, which previously addressed only JavaScript and Python, by adding support for checking Go code.…

  • August 2nd 2023 at 01:58
  • ↗

Firefox fixes a flurry of flaws in the first of two releases this month

By Paul Ducklin
No zero-days, but some interesting patches with their very own "teachable moments".

Firefox

Bad news: Another data-leaking CPU flaw. Good news: It's utterly impractical

Collide+Power vulnerability leaks secrets bit by bit - but could take months or years to learn a useful secret

Boffins in Austria and Germany have devised a power-monitoring side-channel attack on modern computer chips that exposes sensitive data, but very slowly.…

  • August 1st 2023 at 17:00
  • ↗

New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets

By THN
Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency. Palo Alto Networks Unit 42 said it detected the previously undocumented strain as part of a campaign that commenced in December 2022. There is no evidence to suggest that the cyber offensive is currently active.

Mattress maker Tempur Sealy says it isolated tech system to contain cyber burglary

Sleeping giant says no sign yet personal info was stolen

Tempur Sealy, among the world's largest providers of bedding, has notified the Securities and Exchange Commission of a digital burglary by cyber crims that forced it to isolate parts of the tech infrastructure.…

  • August 1st 2023 at 14:31
  • ↗

European Bank Customers Targeted in SpyNote Android Trojan Campaign

By THN
Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023. "The spyware is distributed through email phishing or smishing campaigns and the fraudulent activities are executed with a combination of remote access trojan (RAT) capabilities and vishing attack," Italian cybersecurity

A New Attack Impacts ChatGPT—and No One Knows How to Stop It

By Will Knight
Researchers found a simple way to make ChatGPT, Bard, and other chatbots misbehave, proving that AI is hard to tame.

How AI May Be Used to Create Custom Disinformation Ahead of 2024

By Thor Benson
Generative AI won't just flood the internet with more lies—it may also create convincing disinformation that's targeted at groups or even individuals.

What is Data Security Posture Management (DSPM)?

By The Hacker News
Data Security Posture Management is an approach to securing cloud data by ensuring that sensitive data always has the correct security posture - regardless of where it's been duplicated or moved to. So, what is DSPM? Here's a quick example: Let's say you've built an excellent security posture for your cloud data. For the sake of this example, your data is in production, it's protected behind a

Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia

By THN
The threat actor known as Space Pirates has been linked to attacks against at least 16 organizations in Russia and Serbia over the past year by employing novel tactics and adding new cyber weapons to its arsenal. "The cybercriminals' main goals are still espionage and theft of confidential information, but the group has expanded its interests and the geography of its attacks," Positive

Quantum computing: Will it break crypto security within a few years?

Current cryptographic security methods watch out - quantum computing is coming for your lunch.
  • August 1st 2023 at 09:32
  • ↗

China's APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe

By THN
A nation-state actor with links to China is suspected of being behind a series of attacks against industrial organizations in Eastern Europe that took place last year to siphon data stored on air-gapped systems. Cybersecurity company Kaspersky attributed the intrusions with medium to high confidence to a hacking crew called APT31, which is also tracked under the monikers Bronze Vinewood,

US military battling cyber threats from within and without

As if attacks from China weren't enough, one of the Air Force's own has reportedly gone rogue

The US government is fighting a pair of cyber security incidents, one involving Chinese spies who potentially gained access to crucial American computer networks and the other related to an Air Force engineer allegedly compromised communications security by stealing sensitive equipment and taking it home.…

  • August 1st 2023 at 07:29
  • ↗

China bans export of drones some countries have already banned anyway

Some say retaliation for sanctions, but Beijing says it just wants world peace

China introduced restrictions on Monday that mean would-be exporters will require a license to ship certain drones and related equipment out of the Middle Kingdom.…

  • August 1st 2023 at 06:00
  • ↗
❌