Barracuda Thought It Drove 0-Day Hackers From Customer Networks

Ransomware Comic Looks To Bring Detective Noir To The Computer Age

Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices

Stealthy APT Exposed: TTPs Spill Secrets Of Sophisticated Campaigns

Anonymous Sudan Hacks X To Put Pressure On Elon Musk Over Starlink

Qakbot Botnet Brought Down In Major Global Operation Led By US

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps

ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs

Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military

Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to a Russian state-sponsored actor called Sandworm, has capabilities to “enable unauthorized access to compromised

New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists

A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear. The intrusion singled out an unnamed activist, who was contacted in late August 2023 and received a malicious LNK file from an address impersonating a member of the organization, non-profit entity Interlabs said in a new report. The LNK file, upon

It's a Zero-day? It's Malware? No! It's Username and Password

As cyber threats continue to evolve, adversaries are deploying a range of tools to breach security defenses and compromise sensitive data. Surprisingly, one of the most potent weapons in their arsenal is not malicious code but simply stolen or weak usernames and passwords. This article explores the seriousness of compromised credentials, the challenges they present to security solutions, and the

Classiscam Scam-as-a-Service Raked $64.5 Million During the COVID-19 Pandemic

The Classiscam scam-as-a-service program has reaped the criminal actors $64.5 million in illicit earnings since its emergence in 2019. "Classiscam campaigns initially started out on classified sites, on which scammers placed fake advertisements and used social engineering techniques to convince users to pay for goods by transferring money to bank cards," Group-IB said in a new report. "Since

SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations

An open-source .NET-based information stealer malware dubbed SapphireStealer is being used by multiple entities to enhance its capabilities and spawn their own bespoke variants. “Information-stealing malware like SapphireStealer can be used to obtain sensitive information, including corporate credentials, which are often resold to other threat actors who leverage the access for additional

North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository

Three additional rogue Python packages have been discovered in the Package Index (PyPI) repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. The findings come from ReversingLabs, which detected the packages tablediter, request-plus, and requestspro. First disclosed at the

A Deep Dive into Brute Ratel C4 payloads

submitted by /u/CyberMasterV
[link] [comments]

Google Fixes Serious Security Flaws in Chrome and Android

Plus: Mozilla patches more than a dozen vulnerabilities in Firefox, and enterprise companies Ivanti, Cisco, and SAP roll out a slew of updates to get rid of some high-severity bugs.

Numbers Don't Lie: Exposing the Harsh Truths of Cyberattacks in New Report

How often do cyberattacks happen? How frequently do threat actors target businesses and governments around the world? The BlackBerry® Threat Research and Intelligence Team recently analyzed 90 days of real-world data to answer these questions. Full results are in the latest BlackBerry Global Threat Intelligence Report, but read on for a teaser of several interesting cyber attack statistics.

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows

submitted by /u/Due_Lengthiness_9329
[link] [comments]

Converting Tokens to Session Cookies for Outlook Web Application

submitted by /u/Vast-Part7039
[link] [comments]

Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework

submitted by /u/Daniel24z25
[link] [comments]

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Last week I was contacted by CERT Poland. They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. The campaign began with a typical email requesting more information:

In this case, the email contained a fake purchase order attachment which requested login credentials that were then posted back to infrastructure controlled by the attacker:

All in all, CERT Poland identified 202 other phishing campaigns using the same infrastructure which has subsequently been taken offline. Data accumulated by the malicious activity spanned from October 2022 until just last week.

The advice to impacted individuals is as follows:

1. Get a digital password manager to help you make all passwords strong and unique
2. If you've been reusing passwords, change them to strong and unique versions now, starting with the most important services you use
3. Turn on multi-factor authentication wherever it's available, especially for important accounts such as email, social media and banking
4. Never open attachments or follow links unless you're confident in the trustworthiness of their origin and if in doubt, delete the email

Barracuda gateway attacks: How Chinese snoops keep a grip on victims' networks

Backdoors detailed, plus CISA releases more IOCs for IT depts to check

Nearly a third of organizations compromised by Chinese cyberspies via a critical bug in some Barracuda Email Security Gateways were government units, according to Mandiant.…

Microsoft ain't happy with Russia-led UN cybercrime treaty

Could be used to put ethical hackers, and citizens, behind bars

A controversial United Nations proposal has a new foe, Microsoft, which has joined the growing number of organizations warning delegates that the draft version of the UN cybercrime treaty only succeeds in justifying state surveillance — not stopping criminals, as originally intended.…

Unmasking Trickbot, One of the World’s Top Cybercrime Gangs

A WIRED investigation into a cache of documents posted by an unknown figure lays bare the Trickbot ransomware gang’s secrets, including the identity of a central member.

Bypassing Defender’s LSASS dump detection and PPL protection In Go

submitted by /u/tasty-pepperoni
[link] [comments]

NosyMonkey: API hooking and code injection made easy! - Anvil Secure

submitted by /u/anvilventures
[link] [comments]

GitHub - APT64/EternalHushFramework: EternalHush - new free advanced open-source c2 framework

submitted by /u/novkira03
[link] [comments]

British Officials Say AI Chatbots Could Carry Cyber Risks

University Cuts Itself Off From Internet After Mystery Security Snafu

Recent Juniper Flaws Chained In Attacks Following PoC Exploit Publication

BGP Flaw Can Be Exploited For Prolonged Internet Outages

Apple Security Boss Faces iPads For Gun Permits Bribery Charge Again

Anti-Deepfake Proposal

submitted by /u/endless
[link] [comments]

NetHunter Hacker VIII: Wi-Fi hacking using wifite, deauthentication and wardriving

submitted by /u/barakadua131
[link] [comments]

Extending Burp Suite for fun and profit - The Montoya way - Part 4

submitted by /u/0xdea
[link] [comments]

nvflashk - Flash any BIOS to NVIDIA GPUs - Safe board ID bypass up to 4xxx series

submitted by /u/hardenedvault
[link] [comments]

Mom’s Meals issues “Notice of Data Event”: What to know and what to do

It took six months for notifications to start, and we still don't know exactly what went down... but here's our advice on what to do.

Google Tests Watermark To Identify AI Images

More UK Cops' Names And Photos Exposed In Supplier Breach

US Spy Satellite Agency Isn't So Silent About New Silent Barker Mission

Meta Fights Sprawling Chinese Spamouflage Operation

Cybersecurity Experts Say The West Has Failed To Learn Lessons From Ukraine

ESET Research Podcast: Unmasking MoustachedBouncer

Listen as ESET's Director of Threat Research Jean-Ian Boutin unravels the tactics, techniques and procedures of MoustachedBouncer, an APT group taking aim at foreign embassies in Belarus

Earth Estries' Espionage Campaign Targets Governments and Tech Titans Across Continents

A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S. "The threat actors behind Earth Estries are working with high-level resources and functioning with sophisticated skills and experience in cyber espionage and illicit

Hackers Can Exploit Windows Container Isolation Framework to Bypass Endpoint Security

New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework. The findings were presented by Deep Instinct security researcher Daniel Avinoam at the DEF CON security conference held earlier this month. Microsoft's container architecture (and by extension, 

MMRat Android Trojan Executes Remote Financial Fraud Through Accessibility Feature

A previously undocumented Android banking trojan dubbed MMRat has been observed targeting mobile users in Southeast Asia since late June 2023 to remotely commandeer the devices and perform financial fraud. "The malware, named after its distinctive package name com.mm.user, can capture user input and screen content, and can also remotely control victim devices through various techniques, enabling

China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users

Cybersecurity researchers have discovered malicious Android apps for Signal and Telegram distributed via the Google Play Store and Samsung Galaxy Store that are engineered to deliver the BadBazaar spyware on infected devices. Slovakian company ESET attributed the campaign to a China-linked actor called GREF. "Most likely active since July 2020 and since July 2022, respectively, the campaigns

How to Prevent ChatGPT From Stealing Your Content & Traffic

ChatGPT and similar large language models (LLMs) have added further complexity to the ever-growing online threat landscape. Cybercriminals no longer need advanced coding skills to execute fraud and other damaging attacks against online businesses and customers, thanks to bots-as-a-service, residential proxies, CAPTCHA farms, and other easily accessible tools.  Now, the latest technology damaging

Malicious npm Packages Aim to Target Developers for Source Code Theft

An unknown threat actor is leveraging malicious npm packages to target developers with an aim to steal source code and configuration files from victim machines, a sign of how threats lurk consistently in open-source repositories. "The threat actor behind this campaign has been linked to malicious activity dating back to 2021," software supply chain security firm Checkmarx said in a report shared

Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits

Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild, according to multiple reports. The Shadowserver Foundation said that it's "seeing exploitation attempts from multiple IPs for Juniper J-Web CVE-2023-36844 (& friends) targeting /webauth_operation.php endpoint," the same day a proof-of-concept (PoC)

Analysis of Obfuscation Techniques Found in Apple FairPlay

submitted by /u/nicolodev
[link] [comments]

Diving into Starlink's User Terminal Firmware

submitted by /u/guedou
[link] [comments]

Thousands of Organizations Vulnerable to Subdomain Hijacking

submitted by /u/ma-ni
[link] [comments]

Toyota Japan back on the road after probably-not-cyber attack halted production

Malfunction took 14 plants offline for 36 hours. Oh, what a … nah, too obvious

Toyota Japan has recovered from what it's described as a "malfunction in the production order system" that halted production on 28 lines across 14 plants starting on Monday evening.…

Meta reckons China's troll farms could learn proper OpSec from Russia's fake news crews

Claims to have taken down two colossal networks, with 'Secondary Infektion' schooling 'Spamouflage'

Russia appears to be "better" at running online trolling campaigns aimed at pushing its political narratives than China, according to Meta's latest Adversarial Threat Report.…

Getting into AWS cloud security research as a n00bcake

submitted by /u/ScottContini
[link] [comments]

University cuts itself off from internet after mystery security snafu

Halls of learning are stuck offline, but go Wolverines!

Updated The University of Michigan has isolated itself from the internet but, hey, everything's fine!…

Google Cloud Functions are Secure, only if you know how to use them!

submitted by /u/Necessary-Reality-80
[link] [comments]

Apple security boss faces iPads-for-gun-permits bribery charge... again

'We will continue fighting this case' global chief's lawyer tells us

An appeals court has reversed a 2021 decision to drop a bribery charge against Apple's head of global security, who is accused of donating iPads worth up to $80,000 to a sheriff's office in exchange for giving his Cupertino agents concealed carry weapon licenses.…

FBI-led Operation Duck Hunt shoots down Qakbot

Totally plucked: Agents remotely roast Windows botnet malware on victims' machines

Uncle Sam today said an international law enforcement effort dismantled Qakbot, aka QBot, a notorious botnet and malware loader responsible for losses totaling hundreds of millions of dollars worldwide, and seized more than $8.6 million in illicit cryptocurrency.…

dtlspipe - like `stunnel`, but for UDP

submitted by /u/yarmak
[link] [comments]