Blog Patrowl: OmniSpace, from automated 0day XSS to RCE by @Pepito_oh

submitted by /u/MaKyOtOx
[link] [comments]

Analyzing Security Vulnerabilities in XWiki: In-Depth Examination

submitted by /u/appsec1337
[link] [comments]

Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack

A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show. The flaw "could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations," Checkmarx security researcher Elad Rapoport said in a technical report shared with The Hacker News. "Successful exploitation of

7 Steps to Kickstart Your SaaS Security Program

SaaS applications are the backbone of modern businesses, constituting a staggering 70% of total software usage. Applications like Box, Google Workplace, and Microsoft 365 are integral to daily operations. This widespread adoption has transformed them into potential breeding grounds for cyber threats. Each SaaS application presents unique security challenges, and the landscape constantly evolves

Chinese Redfly Group Compromised a Nation's Critical Grid in 6-Month ShadowPad Campaign

A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad. "The attackers managed to steal credentials and compromise multiple computers on the organization's network," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with

Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper

A sophisticated phishing campaign is using a Microsoft Word document lure to distribute a trifecta of threats, namely Agent Tesla, OriginBotnet, and RedLine Clipper, to gather a wide range of information from compromised Windows machines. "A phishing email delivers the Word document as an attachment, presenting a deliberately blurred image and a counterfeit reCAPTCHA to lure the recipient into

China-Linked Hackers Breached a Power Grid—Again

Signs suggest the culprits worked within a notorious Chinese hacker group that may have also hacked Indian electric utilities years earlier.

Beware: MetaStealer Malware Targets Apple macOS in Recent Attacks

A new information stealer malware called MetaStealer has set its sights on Apple macOS, making the latest in a growing list of stealer families focused on the operating system after MacStealer, Pureland, Atomic Stealer, and Realst. "Threat actors are proactively targeting macOS businesses by posing as fake clients in order to socially engineer victims into launching malicious payloads,"

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR

Save the Children hit by ransomware, 7TB stolen

A new low, even for these lowlifes

Updated Cybercrime crew BianLian says it has broken into the IT systems of a top nonprofit and stolen a ton of files, including what the miscreants claim is financial, health, and medical data.…

MGM Resorts shuts down website, computer systems after 'cybersecurity incident'

Ransomware? Some would be willing to bet on that

MGM Resorts has shut down some of its IT systems following a "cybersecurity incident" that the casino-and-hotel giant says is currently under investigation.…

Activation Context Hell - DosDevices Remapping Attack under Impersonation

submitted by /u/hacksysteam
[link] [comments]

Huge DDoS attack against US financial institution thwarted

Akamai reckons traffic flood peaked at 55.1 million packets per second

Akamai says it thwarted a major distributed denial-of-service (DDoS) attack aimed at a US bank that peaked at 55.1 million packets per second earlier this month.…

Active North Korean Campaign Targets Security Researchers

Bookstore Chain Dymocks Discloses Data Breach Possibly Impacting 800k

Apple Patches Two Pegasus Spyware Zero Days

Microsoft Teams Used To Spread Burgeoning DarkGate Malware

Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger

A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' Business accounts. "Originating yet again from a Vietnamese-based group, this campaign uses a tiny compressed file attachment that packs a powerful Python-based stealer dropped in a

Charming Kitten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E.

The Iranian threat actor known as Charming Kitten has been linked to a new wave of attacks targeting different entities in Brazil, Israel, and the U.A.E. using a previously undocumented backdoor named Sponsor. Slovak cybersecurity firm is tracking the cluster under the name Ballistic Bobcat. Victimology patterns suggest that the group primarily singles out education, government, and healthcare

HijackLoader: a new malware downloader with modular architecture

submitted by /u/nareksays
[link] [comments]

GitHub - boringtools/git-alerts: A Public Git repository & misconfiguration detection tool

submitted by /u/predev0x00
[link] [comments]

How to Prevent API Breaches: A Guide to Robust Security

With the growing reliance on web applications and digital platforms, the use of application programming interfaces (APIs) has become increasingly popular. If you aren’t familiar with the term, APIs allow applications to communicate with each other and they play a vital role in modern software development. However, the rise of API use has also led to an increase in the number of API breaches.

Google Chrome Rolls Out Support for 'Privacy Sandbox' to Bid Farewell to Tracking Cookies

Google has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users, nearly four months after it announced the plans. "We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video," Anthony Chavez, vice president of Privacy Sandbox initiatives at Google, said. "Without viable

AI Chatbots Are Invading Your Local Government—and Making Everyone Nervous

State and local governments in the US are scrambling to harness tools like ChatGPT to unburden their bureaucracies, rushing to write their own rules—and avoid generative AI's many pitfalls.

Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor

ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor

Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows

A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatLabz. "In this campaign, the threat actors steal and exfiltrate NTLMv2 hashes using customized versions of Nishang's 

New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World

A new malware loader called HijackLoader is gaining traction among the cybercriminal community to deliver various payloads such as DanaBot, SystemBC, and RedLine Stealer. "Even though HijackLoader does not contain advanced features, it is capable of using a variety of modules for code injection and execution since it uses a modular architecture, a feature that most loaders do not have," Zscaler

Google warns infoseccers: Beware of North Korean spies sliding into your DMs

ALSO: Verizon turns self in for reduced fine, malvertising comes to macOS, and this week's critical vulnerabilities

Infosec in brief Watch out, cyber security researchers: Suspected North Korean-backed hackers are targeting members of the infosec community again, according to Google's Threat Analysis Group (TAG).…

“MrTonyScam” — Botnet of Facebook Users Launch High-Intent Messenger Phishing Attack on Business Accounts

submitted by /u/lowlet3443
[link] [comments]

Weekly Update 364

I'm in Spain! Alicante, to be specific, where we've spent the last few days doing family wedding things, and I reckon we scrubbed up pretty well:

Getting fancy in Spain 😍 pic.twitter.com/iDFmBORnHa

— Troy Hunt (@troyhunt) September 9, 2023

Next stop is Amsterdam and by the end of today, we'll be sipping cold beer canal side in the 31C heat 😎 Meanwhile, this week's video focuses mostly on the Dymocks breach and the noteworthiness of what appears to be excessive data retention. After recording this video, someone also pointed out that the data is already being abused in a pretty traceable fashion:

@troyhunt not sure if this is particularly useful but I just received this scam attempt. I use iCloud's Hide My Email service and the address this email was sent to was the same address iCloud generated for use with my Dymocks account. pic.twitter.com/GiFZ7EIDo2

— matt (@matt_0833) September 9, 2023

That's all for this week, a little shorter as I was rushing for the wedding, I'll come to you next week from our second home, Oslo 🇳🇴

References

1. Sponsored by: Fastmail. Check out Masked Email, built with 1Password. One click gets you a unique email address for every online signup. Try it now!
2. Dymocks Australia found themselves breached (I suspect the significant number of retained inactive records will cause them some grief)
3. No, data breaches don't typically just sit on the "dark web", they circulate broadly on easily accessible forums (that's true of the vast bulk of data in HIBP!)

Rustproofing Linux (Part 1/4 Leaking Addresses)

submitted by /u/meowerguy
[link] [comments]

Mozilla: Your New Car Is a Data Privacy Nightmare

Plus: Apple patches newly discovered flaws exploited by NSO Group spyware, North Korean hackers target security researchers, and more.

Azure Incident Response Cheat Sheet (PDF)

submitted by /u/0x636f6f6c
[link] [comments]

Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play

Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that’s designed to harvest sensitive information from compromised Android devices. According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and exfiltrate names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server. The

Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks

A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, with malicious scripts and uses

Cisco ASA Zero-Day Exploited In Akira Ransomware Attacks

The International Criminal Court Will Now Prosecute Cyberwar Crimes

New Flaw In Apple Devices Led To Spyware Infection, Researchers Say

New Phishing Campaign Launched Via Google Looker Studio

APTs Hit Aeronautic Firms With Zoho And Fortinet Bugs

Who Pulled Off A $41M Online Casino Heist? North Korea, FBI Says

Cybercriminals target Windows Advanced Installer to run crypto-mining malware

submitted by /u/nareksays
[link] [comments]

Top US Spies Meet With Privacy Experts Over Surveillance 'Crown Jewel'

Civil rights groups say efforts to get US intelligence agencies to adopt privacy reforms have largely failed. Without those changes, renewal of a post-911 surveillance policy may be doomed.

Axon's Ethics Board Resigned Over Taser-Armed Drones. Then the Company Bought a Military Drone Maker

The CEO’s vision for Taser-equipped drones includes a fictitious scenario in which the technology averts a shooting at a day care center.

U.K. and U.S. Sanction 11 Russia-based TrickBot Cybercrime Gang Members

The U.K. and U.S. governments on Thursday sanctioned 11 individuals who are alleged to be part of the notorious Russia-based TrickBot cybercrime gang. “Russia has long been a safe haven for cybercriminals, including the TrickBot group,” the U.S. Treasury Department said, adding it has “ties to Russian intelligence services and has targeted the U.S. Government and U.S. companies, including

Will you give X your biometric data? – Week in security with Tony Anscombe

The update to X's privacy policy has sparked some questions among privacy and security folks, including how long X will retain users' biometric information and how the data will be stored and secured

Apple races to patch the latest zero-day iPhone exploit

No user interaction needed for this one as Pegasus turns up via iMessage

Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild.…

Protecting Your Microsoft IIS Servers Against Malware Attacks

Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments.  Recently, a

Cisco Issues Urgent Fix for Authentication Bypass Bug Affecting BroadWorks Platform

Cisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition. The most severe of the issues is CVE-2023-20238, which has the maximum CVSS severity rating of 10.0. It’s described as an authentication bypass flaw in the Cisco BroadWorks

Bcrypt at 25: A retrospective on password security

submitted by /u/ScottContini
[link] [comments]

North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in an unspecified software over the past several weeks to infiltrate their machines. The findings come from Google’s Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social media platforms like X (formerly Twitter) and Mastodon to forge

How to DoS iOS devices with Bluetooth pairing messages using Android

submitted by /u/barakadua131
[link] [comments]

Microsoft, recently busted by Beijing, thinks it's across China's ever-changing cyber-offensive

Sometimes using AI to make hilariously wrong images that still drive social media engagement

Microsoft, which earlier this week admitted not being able to detect a Chinese attack on its own infrastructure, has published a report [PDF] titled "Digital threats from East Asia increase in breadth and effectiveness." In the report, Redmond's Threat Intelligence group expounds on its fresh insight into evolving online aggressions from both China and North Korea.…

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized

Orbeon Forms: The Final Form? On A Journey To RCE 0day

submitted by /u/dx7r__
[link] [comments]

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064

Russian infosec boss gets nine years for $100M insider-trading caper using stolen data

Confidential figures for Tesla, Snap, Roku, Avnet, others swiped and used to rack up millions in ill-gotten gains

Vladislav Klyushin, the Russian owner of security penetration testing firm M-13, was jailed for nine years in the US on Thursday for his involvement in a cyber-crime operation that stole top corporations' confidential financial information to make $93 million through insider trading.…

BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild

submitted by /u/Frostlike2816
[link] [comments]

US, UK sanction more Russians linked to Trickbot

Top admin, HR managers, devs go on transatlantic deny-list

The US and UK governments named and sanctioned 11 Russians said to be connected to the notorious Trickbot cybercrime crew this week.…

Nagios Plugins: Hacking Monitored Servers with check_by_ssh and Argument Injection: CVE-2023-37154

submitted by /u/MegaManSec2
[link] [comments]