FreshRSS

🔒
❌ About FreshRSS
☷
△ 🔃
There are new available articles, click to refresh the page.
Before yesterdaySecurity

Cryptojackers spread their nets to capture more than just EC2

AMBERSQUID operation takes AWS's paths less travelled in search of compute

As cloud native computing continues to gain popularity, so does the risk posed by criminals seeking to exploit the unwary. One newly spotted method targets services on the AWS platform, but not necessarily the ones you might think.…

  • September 18th 2023 at 11:15
  • ↗

Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients

By THN
Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for making the breach worse, calling it a "dark pattern." "The fact that Google Authenticator syncs to

Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks

By THN
The financially motivated threat actor known as UNC3944 is pivoting to ransomware deployment as part of an expansion to its monetization strategies, Mandiant has revealed. "UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purposes and they appear to understand Western business practices, possibly due to the geographical composition of the group,

Weekly Update 365

By Troy Hunt
Weekly Update 365

It's another week of travels, this time from our "second home", Oslo. That's off the back of 4 days in the Netherlands and starting tomorrow, another 4 in Prague. But today, the 17th of September, is extra special 😊

1 year today ❤️ pic.twitter.com/vsRChdDshn

— Troy Hunt (@troyhunt) September 17, 2023

We'll be going out and celebrating accordingly as soon as I get this post published so I'll be brief: enjoy this week's video!

Weekly Update 365
Weekly Update 365
Weekly Update 365
Weekly Update 365

References

  1. Sponsored by: 1 in 3 families have been affected by fraud. Secure your personal info with Aura’s award-winning identity protection. Start free trial.
  2. We had a great visit to Politie Nederland in Rotterdam this week (lots of common goals shared, and I'm really happy we've been able to assist with victim notification via HIBP)
  3. 932k Viva Air email addresses went into HIBP (that's a Colombian airline which no longer exists, they were pwned and ransomed last year)
  4. 4.3M Malindo Air email addresses went into HIBP (it's a 2019 breach so not new, but a third of people in there had never appeared in a loaded breach before)
  5. Wasn't really expecting to be named on a notorious ransomware website, but here we are (2 days after recording I still haven't heard anything further)
  6. I wasn't expecting anything revolutionary, but I'd really hoped for more excitement in the new iPhones (but I ordered us both Pro Max units anyway 😎)

North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist

By THN
The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its hacks. According to multiple reports from Certik, Elliptic, and ZachXBT, the infamous hacking group is said to be suspected behind the theft of $31 million in digital assets from the CoinEx exchange on September 12, 2023. The crypto heist aimed at

TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.

By THN
The Irish Data Protection Commission (DPC) slapped TikTok with a €345 million (about $368 million) fine for violating the European Union's General Data Protection Regulation (GDPR) in relation to its handling of children's data. The investigation, initiated in September 2021, examined how the popular short-form video platform processed personal data relating to child users (those between the

Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle

By Lily Hay Newman
Cyberattacks on casinos grab attention, but a steady stream of less publicized attacks leave vulnerable victims struggling to recover.

Probe reveals previously secret Israeli spyware that infects targets via ads

Oh s#!t, Sherlock

Israeli software maker Insanet has reportedly developed a commercial product called Sherlock that can infect devices via online adverts to snoop on targets and collect data about them for the biz's clients.…

  • September 16th 2023 at 09:05
  • ↗

Scattered Spider traps 100+ victims in its web as it moves into ransomware

Mandiant warns casino raiders are doubling down on 'monetization strategies'

Scattered Spider, the crew behind at least one of the recent Las Vegas casino IT security breaches, has already hit some 100 organizations during its so-far brief tenure in the cybercrime scene, according to Mandiant.…

  • September 15th 2023 at 21:25
  • ↗

Google throws California $93M to make location tracking lawsuit disappear

Half a percent of last quarter's net income? That'll teach 'em

Google has been hit with another lawsuit alleging it deceived users about its collection, storage, and use of their location data, this time from the state of California. Yet it's over before it really began.…

  • September 15th 2023 at 17:15
  • ↗

The Interdependence between Automated Threat Intelligence Collection and Humans

By The Hacker News
The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared with just 831 in Q1 2023. The MOVEit attack has claimed over 600 victims so far and that number is still

Google Agrees to $93 Million Settlement in California's Location-Privacy Lawsuit

By THN
Google has agreed to pay $93 million to settle a lawsuit filed by the U.S. state of California over allegations that the company's location-privacy practices misled consumers and violated consumer protection laws. "Our investigation revealed that Google was telling its users one thing – that it would no longer track their location once they opted out – but doing the opposite and continuing to

DDoS 2.0: IoT Sparks New DDoS Alert

By The Hacker News
The Internet of Things (IoT) is transforming efficiency in various sectors like healthcare and logistics but has also introduced new security risks, particularly IoT-driven DDoS attacks. This article explores how these attacks work, why they’re uniquely problematic, and how to mitigate them. What Is IoT? IoT (Internet of Things) refers to online, interconnected devices that collect and exchange

NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers

By THN
An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities.  "The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology

Greater Manchester Police ransomware attack another classic demo of supply chain challenges

Are you the weakest link?

The UK's Greater Manchester Police (GMP) has admitted that crooks have got their mitts on some of its data after a third-party supplier responsible for ID badges was attacked.…

  • September 15th 2023 at 09:45
  • ↗

Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads

By THN
The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. "This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchers said in a new analysis published this

Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors

By THN
Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal. The tech giant, which is tracking the activity under the name Peach Sandstorm (formerly Holmium), said the adversary pursued organizations in the satellite, defense, and pharmaceutical sectors to likely facilitate

US-Canada water org confirms 'cybersecurity incident' after ransomware crew threatens leak

NoEscape promises 'colossal wave of problems' if IJC doesn't pay up

The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB of data from the organization.…

  • September 15th 2023 at 00:15
  • ↗

Bypass SSL Pinning on Windows Application

By /u/HermaeusMora0

I have tried using CharlesProxy MITM proxy to obtain SSL traffic from a Windows Application, but Charles simply can't capture any traffic, even though it captures from my browser and other applications.

With that being said, I suspect the application uses SSL pinning, I don't want to go reverse engineer it when there's a simpler way for me to obtain their requests.

I need suggestions on what to do, and if reverse engineering is my only way, what would be recommended.

submitted by /u/HermaeusMora0
[link] [comments]

Caesars says cyber-crooks stole customer data as MGM casino outage drags on

Zero-days are so 2022. Why not just social engineer the help desk?

Updated Casino giant Caesars Entertainment has confirmed miscreants stole a database containing customer info, including driver license and social security numbers for a "significant number" of its loyalty program members, in a social engineering attack earlier this month.…

  • September 14th 2023 at 20:13
  • ↗

Rollbar might be good at tracking bugs, uninvited guests not so much

Company noticed data warehouse break-in via compromised account a month later

Cloud-based bug tracking and monitoring platform Rollbar has warned users that attackers have rifled through their data.…

  • September 14th 2023 at 15:00
  • ↗

Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems

By THN
A set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. "Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program's context or perform other malicious

Ballistic Bobcat's Sponsor backdoor – Week in security with Tony Anscombe

Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States
  • September 14th 2023 at 14:01
  • ↗

Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years

By THN
A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack. The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system. The campaign, which took place between 2020 and 2022, is no longer active. "

Avoid These 5 IT Offboarding Pitfalls

By The Hacker News
Employee offboarding is no one’s favorite task, yet it is a critical IT process that needs to be executed diligently and efficiently. That’s easier said than done, especially considering that IT organizations have less visibility and control over employees’ IT use than ever. Today, employees can easily adopt new cloud and SaaS applications whenever and wherever they want, and the old IT

N-Able's Take Control Agent Vulnerability Exposes Windows Systems to Privilege Escalation

By THN
A high-severity security flaw has been disclosed in N-Able's Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges. Tracked as CVE-2023-27470 (CVSS score: 8.8), the issue relates to a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability, which, when successfully exploited, could be leveraged to delete arbitrary files on a Windows

Russian Journalist's iPhone Compromised by NSO Group's Zero-Click Spyware

By THN
The iPhone belonging to Galina Timchenko, a prominent Russian journalist and critic of the government, was compromised with NSO Group's Pegasus spyware, a new collaborative investigation from Access Now and the Citizen Lab has revealed. The infiltration is said to have happened on or around February 10, 2023. Timchenko is the executive editor and owner of Meduza, an independent news publication

FBI Hacker Dropped Stolen Airbus Data on 9/11

By BrianKrebs

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “USDoD” had infiltrated the FBI‘s vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold. But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while promising to visit the same treatment on top U.S. defense contractors.

USDoD’s avatar used to be the seal of the U.S. Department of Defense. Now it’s a charming kitten.

In a post on the English language cybercrime forum BreachForums, USDoD leaked information on roughly 3,200 Airbus vendors, including names, addresses, phone numbers, and email addresses. USDoD claimed they grabbed the data by using passwords stolen from a Turkish airline employee who had third-party access to Airbus’ systems.

USDoD didn’t say why they decided to leak the data on the 22nd anniversary of the 9/11 attacks, but there was definitely an aircraft theme to the message that accompanied the leak, which concluded with the words, “Lockheed martin, Raytheon and the entire defense contractos [sic], I’m coming for you [expletive].”

Airbus has apparently confirmed the cybercriminal’s account to the threat intelligence firm Hudson Rock, which determined that the Airbus credentials were stolen after a Turkish airline employee infected their computer with a prevalent and powerful info-stealing trojan called RedLine.

Info-stealers like RedLine typically are deployed via opportunistic email malware campaigns, and by secretly bundling the trojans with cracked versions of popular software titles made available online. Credentials stolen by info-stealers often end up for sale on cybercrime shops that peddle purloined passwords and authentication cookies (these logs also often show up in the malware scanning service VirusTotal).

Hudson Rock said it recovered the log files created by a RedLine infection on the Turkish airline employee’s system, and found the employee likely infected their machine after downloading pirated and secretly backdoored software for Microsoft Windows.

Hudson Rock says info-stealer infections from RedLine and a host of similar trojans have surged in recent years, and that they remain “a primary initial attack vector used by threat actors to infiltrate organizations and execute cyberattacks, including ransomware, data breaches, account overtakes, and corporate espionage.”

The prevalence of RedLine and other info-stealers means that a great many consequential security breaches begin with cybercriminals abusing stolen employee credentials. In this scenario, the attacker temporarily assumes the identity and online privileges assigned to a hacked employee, and the onus is on the employer to tell the difference.

In addition to snarfing any passwords stored on or transmitted through an infected system, info-stealers also siphon authentication cookies or tokens that allow one to remain signed-in to online services for long periods of time without having to resupply one’s password and multi-factor authentication code. By stealing these tokens, attackers can often reuse them in their own web browser, and bypass any authentication normally required for that account.

Microsoft Corp. this week acknowledged that a China-backed hacking group was able to steal one of the keys to its email kingdom that granted near-unfettered access to U.S. government inboxes. Microsoft’s detailed post-mortem cum mea culpa explained that a secret signing key was stolen from an employee in an unlucky series of unfortunate events, and thanks to TechCrunch we now know that the culprit once again was “token-stealing malware” on the employee’s system.

In April 2023, the FBI seized Genesis Market, a bustling, fully automated cybercrime store that was continuously restocked with freshly hacked passwords and authentication tokens stolen by a network of contractors who deployed RedLine and other info-stealer malware.

In March 2023, the FBI arrested and charged the alleged administrator of BreachForums (aka Breached), the same cybercrime community where USDoD leaked the Airbus data. In June 2023, the FBI seized the BreachForums domain name, but the forum has since migrated to a new domain.

USDoD’s InfraGard sales thread on Breached.

Unsolicited email continues to be a huge vector for info-stealing malware, but lately the crooks behind these schemes have been gaming the search engines so that their malicious sites impersonating popular software vendors actually appear before the legitimate vendor’s website. So take special care when downloading software to ensure that you are in fact getting the program from the original, legitimate source whenever possible.

Also, unless you really know what you’re doing, please don’t download and install pirated software. Sure, the cracked program might do exactly what you expect it to do, but the chances are good that it is also laced with something nasty. And when all of your passwords are stolen and your important accounts have been hijacked or sold, you will wish you had simply paid for the real thing.

❌