FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdaySecurity

California passes bill to set up one-stop data deletion shop

Also, LockBit gets a new second stringer, AirTag owners find yet another illicit use, and this week's critical vulns

Infosec in brief Californians may be on their way to the nation's first "do not broker" list with the passage of a bill that would create a one-stop service for residents of the Golden State who want to opt out of being tracked by data brokers. …

  • September 18th 2023 at 12:45
  • β†—

New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services

By THN
A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamedΒ AMBERSQUIDΒ by cloud and container security firm Sysdig. "The AMBERSQUID operation was able to exploit cloud services without triggering the AWS

Think Your MFA and PAM Solutions Protect You? Think Again

By The Hacker News
When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA (Multi-Factor Authentication) and PAM (Privileged Access Management) solutions are almost never deployed comprehensively enough to provide resilience to identity

Hook: New Android Banking Trojan That Expands on ERMAC's Legacy

By THN
A new analysis of the Android banking trojan known as Hook has revealed that it's based on its predecessor called ERMAC. "The ERMAC source code was used as a base for Hook," NCC Group security researchers Joshua Kamp and Alberto SeguraΒ saidΒ in a technical analysis published last week. "All commands (30 in total) that the malware operator can send to a device infected with ERMAC malware, also

Cryptojackers spread their nets to capture more than just EC2

AMBERSQUID operation takes AWS's paths less travelled in search of compute

As cloud native computing continues to gain popularity, so does the risk posed by criminals seeking to exploit the unwary. One newly spotted method targets services on the AWS platform, but not necessarily the ones you might think.…

  • September 18th 2023 at 11:15
  • β†—

Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients

By THN
Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed aΒ Google Account cloud synchronization featureΒ recently introduced in April 2023 for making the breach worse, calling it a "dark pattern." "The fact that Google Authenticator syncs to

Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks

By THN
The financially motivated threat actor known asΒ UNC3944Β is pivoting to ransomware deployment as part of an expansion to its monetization strategies, Mandiant has revealed. "UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purposes and they appear to understand Western business practices, possibly due to the geographical composition of the group,

Weekly Update 365

By Troy Hunt
Weekly Update 365

It's another week of travels, this time from our "second home", Oslo. That's off the back of 4 days in the Netherlands and starting tomorrow, another 4 in Prague. But today, the 17th of September, is extra special 😊

1 year today ❀️ pic.twitter.com/vsRChdDshn

β€” Troy Hunt (@troyhunt) September 17, 2023

We'll be going out and celebrating accordingly as soon as I get this post published so I'll be brief: enjoy this week's video!

Weekly Update 365
Weekly Update 365
Weekly Update 365
Weekly Update 365

References

  1. Sponsored by: 1 in 3 families have been affected by fraud. Secure your personal info with Aura’s award-winning identity protection. Start free trial.
  2. We had a great visit to Politie Nederland in Rotterdam this week (lots of common goals shared, and I'm really happy we've been able to assist with victim notification via HIBP)
  3. 932k Viva Air email addresses went into HIBP (that's a Colombian airline which no longer exists, they were pwned and ransomed last year)
  4. 4.3M Malindo Air email addresses went into HIBP (it's a 2019 breach so not new, but a third of people in there had never appeared in a loaded breach before)
  5. Wasn't really expecting to be named on a notorious ransomware website, but here we are (2 days after recording I still haven't heard anything further)
  6. I wasn't expecting anything revolutionary, but I'd really hoped for more excitement in the new iPhones (but I ordered us both Pro Max units anyway 😎)

North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist

By THN
The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its hacks. According to multiple reports fromΒ Certik,Β Elliptic, andΒ ZachXBT, the infamous hacking group is said to be suspected behind the theft of $31 million in digital assets from theΒ CoinEx exchangeΒ on September 12, 2023. The crypto heist aimed at

TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.

By THN
The Irish Data Protection Commission (DPC) slapped TikTok with a €345 million (about $368 million) fine for violating the European Union's General Data Protection Regulation (GDPR) in relation to its handling of children's data. The investigation, initiated in September 2021,Β examinedΒ how the popular short-form video platform processed personal data relating to child users (those between the

Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle

By Lily Hay Newman
Cyberattacks on casinos grab attention, but a steady stream of less publicized attacks leave vulnerable victims struggling to recover.

Probe reveals previously secret Israeli spyware that infects targets via ads

Oh s#!t, Sherlock

Israeli software maker Insanet has reportedly developed a commercial product called Sherlock that can infect devices via online adverts to snoop on targets and collect data about them for the biz's clients.…

  • September 16th 2023 at 09:05
  • β†—

Scattered Spider traps 100+ victims in its web as it moves into ransomware

Mandiant warns casino raiders are doubling down on 'monetization strategies'

Scattered Spider, the crew behind at least one of the recent Las Vegas casino IT security breaches, has already hit some 100 organizations during its so-far brief tenure in the cybercrime scene, according to Mandiant.…

  • September 15th 2023 at 21:25
  • β†—

Google throws California $93M to make location tracking lawsuit disappear

Half a percent of last quarter's net income? That'll teach 'em

Google has been hit with another lawsuit alleging it deceived users about its collection, storage, and use of their location data, this time from the state of California.Β Yet it's over before it really began.…

  • September 15th 2023 at 17:15
  • β†—

The Interdependence between Automated Threat Intelligence Collection and Humans

By The Hacker News
The volume of cybersecurity vulnerabilities is rising, with close toΒ 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costingΒ $4.45M on average vs. $3.62M in 2017. In Q2 2023,Β a total of 1386 victims were claimedΒ by ransomware attacks compared with just 831 in Q1 2023. TheΒ MOVEit attack has claimed over 600 victimsΒ so far and that number is still

Google Agrees to $93 Million Settlement in California's Location-Privacy Lawsuit

By THN
Google has agreed to pay $93 million to settle a lawsuit filed by the U.S. state of California over allegations that the company's location-privacy practices misled consumers and violated consumer protection laws. "Our investigation revealed that Google was telling its users one thing – that it would no longer track their location once they opted out – but doing the opposite and continuing to

DDoS 2.0: IoT Sparks New DDoS Alert

By The Hacker News
TheΒ Internet of Things (IoT)Β is transforming efficiency in various sectors like healthcare and logistics but has also introduced new security risks, particularly IoT-driven DDoS attacks. This article explores how these attacks work, why they’re uniquely problematic, and how to mitigate them. What Is IoT? IoT (Internet of Things) refers to online, interconnected devices that collect and exchange

NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers

By THN
An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-basedΒ NodeStealerΒ and potentially take over their accounts for follow-on malicious activities.Β  "The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology

Greater Manchester Police ransomware attack another classic demo of supply chain challenges

Are you the weakest link?

The UK's Greater Manchester Police (GMP) has admitted that crooks have got their mitts on some of its data after a third-party supplier responsible for ID badges was attacked.…

  • September 15th 2023 at 09:45
  • β†—

Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads

By THN
The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. "This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchersΒ saidΒ in a new analysis published this

Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors

By THN
Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal. The tech giant, which is tracking the activity under the nameΒ Peach SandstormΒ (formerly Holmium), said the adversary pursued organizations in the satellite, defense, and pharmaceutical sectors to likely facilitate

US-Canada water org confirms 'cybersecurity incident' after ransomware crew threatens leak

NoEscape promises 'colossal wave of problems' if IJC doesn't pay up

The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB of data from the organization.…

  • September 15th 2023 at 00:15
  • β†—

Bypass SSL Pinning on Windows Application

By /u/HermaeusMora0

I have tried using CharlesProxy MITM proxy to obtain SSL traffic from a Windows Application, but Charles simply can't capture any traffic, even though it captures from my browser and other applications.

With that being said, I suspect the application uses SSL pinning, I don't want to go reverse engineer it when there's a simpler way for me to obtain their requests.

I need suggestions on what to do, and if reverse engineering is my only way, what would be recommended.

submitted by /u/HermaeusMora0
[link] [comments]

Caesars says cyber-crooks stole customer data as MGM casino outage drags on

Zero-days are so 2022. Why not just social engineer the help desk?

Updated Casino giant Caesars Entertainment has confirmed miscreants stole a database containing customer info, including driver license and social security numbers for a "significant number" of its loyalty program members, in a social engineering attack earlier this month.…

  • September 14th 2023 at 20:13
  • β†—

Rollbar might be good at tracking bugs, uninvited guests not so much

Company noticed data warehouse break-in via compromised account a month later

Cloud-based bug tracking and monitoring platform Rollbar has warned users that attackers have rifled through their data.…

  • September 14th 2023 at 15:00
  • β†—

Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems

By THN
A set of memory corruption flaws have been discovered in theΒ ncursesΒ (short forΒ new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. "Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program's context or perform other malicious

Ballistic Bobcat's Sponsor backdoor – Week in security with Tony Anscombe

Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States
  • September 14th 2023 at 14:01
  • β†—

Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years

By THN
A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack. The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system. The campaign, which took place between 2020 and 2022, is no longer active. "
❌