Fake WinRAR Exploit PoC Drops VenomRAT Malware

Marvell Disputes Claim Cavium Backdoored Chips For Uncle Sam

The Signal Protocol Used By 1+ Billion People Is Getting A Post-Quantum Makeover

DHS Publishes New Recommendations On Cyber Incident Reporting

Robocall Scammers Sentenced In US After Netting $1.2 Million

Pizza Hut Australia Got Hacked

Vast Majority Of Bot Attacks Emanate From China And Russia

Robocall scammers sentenced in US after netting $1.2M via India-based call centers

Part of network of crims who used 'trickery and threats' to target elderly

Two Indian nationals have each received 41-month prison sentences in the United States for their involvement in a $1.2 million robocall scam targeting the elderly, according to New Jersey prosecutors on Tuesday.…

Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace

Finnish law enforcement authorities have announced the takedown of PIILOPUOTI, a dark web marketplace that specialized in illegal narcotics trade since May 2022. "The site operated as a hidden service in the encrypted TOR network," the Finnish Customs (aka Tulli) said in a brief announcement on Tuesday. "The site has been used in anonymous criminal activities such as narcotics trade." The agency

Critical Security Flaws Exposed in Nagios XI Network Monitoring Software

Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure. The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, They have been patched as of September 11, 2023, with

Sysadmin and spouse admit to part in 'massive' pirated Avaya licenses scam

Could spend 20 years in prison after selling $88M in ADI software keys

A sysadmin and his partner pleaded guilty this week to being part of a "massive" international ring that sold software licenses worth $88 million for "significantly below the wholesale price."…

Do You Really Trust Your Web Application Supply Chain?

Well, you shouldn’t. It may already be hiding vulnerabilities. It's the modular nature of modern web applications that has made them so effective. They can call on dozens of third-party web components, JS frameworks, and open-source tools to deliver all the different functionalities that keep their customers happy, but this chain of dependencies is also what makes them so vulnerable. Many of

Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys

Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype said it has discovered 14 different npm packages so far: @am-fe/hooks, @am-fe/provider, @am-fe/request, @am-fe/utils, @am-fe/watermark, @am-fe/watermark-core, @

Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT

Chinese-language speakers have been increasingly targeted as part of multiple email phishing campaigns that aim to distribute various malware families such as Sainbox RAT, Purple Fox, and a new trojan called ValleyRAT. "Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity," enterprise security firm Proofpoint said in a report shared with The

Signal Messenger Introduces PQXDH Quantum-Resistant Encryption

Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH). "With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current

Broaden your cyber security knowhow at CyberThreat 2023

November’s two day conference sees experts from the cyber security community share their insight and knowledge

Sponsored Post Cyber security remains a top three priority for most, if not all, organisations. The risks associated with failure to implement adequate defences were once again highlighted by the ransomware incident which impacted several hospital computer systems across the US last month.…

GitLab Releases Urgent Security Patches for Critical Vulnerability

GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and before 16.3.4. "It was possible for an attacker to run pipelines as an arbitrary user via scheduled

Singapore may split liability for phishing losses between banks and victims

Won't someone please think of the banks?

Singapore officials announced on Monday that next month they will deliver a consultation paper detailing a split liability scheme that will mean both consumers and banks are on the hook for financial losses flowing from scams.…

Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability

Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that's bundled along with the software. The complete list of impacted

Marvell disputes claim Cavium backdoored chips for Uncle Sam

Allegations date back a decade to leaked Snowden docs

Cavium, a maker of semiconductors acquired in 2018 by Marvell, was allegedly identified in documents leaked in 2013 by Edward Snowden as a vendor of semiconductors backdoored for US intelligence. Marvell denies it or Cavium placed backdoors in products at the behest of the US government.…

Russian allegedly smuggled US weapons electronics to Moscow

Feds claim sniper scope displays sold in sanctions-busting move

A Russian national helped smuggle, via shell companies in Hong Kong, more than $1.6 million in microelectronics to Moscow potentially to support its war against Ukraine, it is claimed.…

Howtorotate.com - Open Source Guides on Key Rotations from the Most Popular Providers

submitted by /u/Phorcez
[link] [comments]

Chinese Hackers Use Never Before Seen Linux Backdoor

Hacker Conversations: Casey Ellis From Bugcrowd

The Clorox Company Admits Cyberattack Causing Disruption

Misconfigured SAS Token By Microsoft's AI Team Exposes 38TB Of GitHub Data

Chinese Spies Infected Dozens of Networks With Thumb Drive Malware

Security researchers found USB-based Sogu espionage malware spreading within African operations of European and US firms.

Crawlector Version 2.0 has been released. This is a milestone release.

submitted by /u/MFMokbel
[link] [comments]

ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies

Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop. "HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming requests for specific HTTP(S) URLs and execute that content on the

The Clorox Company admits cyberattack causing 'widescale disruption'

Back to 'manual' order processing for $7B household cleaning biz, financial impact will be 'material'

The Clorox Company, makers of bleach and other household cleaning products, doesn't expect operations to return to normal until near month end as it combs over "widescale disruption to operations" caused by cyber baddies.…

Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign

Targets located in Azerbaijan have been singled out as part of a new campaign that's designed to deploy Rust-based malware on compromised systems. Cybersecurity firm Deep Instinct is tracking the operation under the name Operation Rusty Flag. It has not been associated with any known threat actor or group. "The operation has at least two different initial access vectors," security researchers

#ShortAndMalicious — DarkGate

submitted by /u/OwnPreparation3424
[link] [comments]

Inside the Code of a New XWorm Variant

XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe.  Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its functionality and solidified its staying power.  The analyst team at ANY.RUN came across the newest

Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities

The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary's attacks against public and private sector entities across Asia, Australia, Europe, North America. Active since 2021, the group has relied on

Live Webinar: Overcoming Generative AI Data Leakage Risks

As the adoption of generative AI tools, like ChatGPT, continues to surge, so does the risk of data exposure. According to Gartner’s "Emerging Tech: Top 4 Security Risks of GenAI" report, privacy and data security is one of the four major emerging risks within generative AI. A new webinar featuring a multi-time Fortune 100 CISO and the CEO of LayerX, a browser extension solution, delves into this

Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data

Microsoft on Monday said it took steps to correct a glaring security gaffe that led to the exposure of 38 terabytes of private data. The leak was discovered on the company's AI GitHub repository and is said to have been inadvertently made public when publishing a bucket of open-source training data, Wiz said. It also included a disk backup of two former employees' workstations containing secrets

Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability

New research has found that close to 12,000 internet-exposed Juniper firewall devices are vulnerable to a recently disclosed remote code execution flaw. VulnCheck, which discovered a new exploit for CVE-2023-36845, said it could be exploited by an "unauthenticated and remote attacker to execute arbitrary code on Juniper firewalls without creating a file on the system." CVE-2023-36845 refers to a

DEF CON 31 Main Stage Talks

submitted by /u/albinowax
[link] [comments]

Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware

The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity. "CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects," SentinelOne security

Wind River VxWorks tarExtract directory traversal vulnerability (CVE-2023-38346)

submitted by /u/fr0r
[link] [comments]

Australia to build six 'cyber shields' to defend its shores

Local corporate regulator warns boards that cyber is totally a directorial duty

Australia will build "six cyber shields around our nation" declared home affairs minister Clare O'Neill yesterday, as part of a national cyber security strategy.…

10 tips to ace your cybersecurity job interview

Once you’ve made it past the initial screening process and secured that all-important interview, it’s time to seal the deal. These 10 tips will put you on the right track.

Ballistic Bobcat's Sponsor backdoor – Week in security with Tony Anscombe

Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States

Read it right! How to spot scams on Reddit

Do you know what types of scams and other fakery you should look out for when using a platform that once billed itself as “the front page of the Internet”?

ESET Research Podcast: Sextortion, digital usury and SQL brute-force

Closing intrusion vectors force cybercriminals to revisit old attack avenues, but also to look for new ways to attack their victims

Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor

ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor

Will you give X your biometric data? – Week in security with Tony Anscombe

The update to X's privacy policy has sparked some questions among privacy and security folks, including how long X will retain users' biometric information and how the data will be stored and secured

Staying ahead of threats: 5 cybercrime trends to watch

New reports from Europol and the UK’s National Crime Agency (NCA) shed a light on how the battle against cybercrime is being fought

Getting off the hook: 10 steps to take after clicking on a phishing link

Phishing emails are a weapon of choice for criminals intent on stealing people’s personal data and planting malware on their devices. The healing process does not end with antivirus scanning.

Fake Signal and Telegram apps – Week in security with Tony Anscombe

ESET research uncovers active campaigns targeting Android users and spreading espionage code through the Google Play store, Samsung Galaxy Store and dedicated websites

What you need to know about iCloud Private Relay

If you want to try to enter the world of VPNs with a small dip, then iCloud Private Relay is your friend — but is it a true VPN service? The devil is in the details.

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps

ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs

Recovering from a supply-chain attack: What are the lessons to learn from the 3CX hack?

The campaign started with a trojanized version of unsupported financial software

How a Telegram bot helps scammers target victims – Week in security with Tony Anscombe

ESET researchers uncover a Telegram bot that enables even less tech-savvy scammers to defraud people out of their money

Telekopye: Hunting Mammoths using Telegram bot

Analysis of Telegram bot that helps cybercriminals scam people on online marketplaces

Scarabs colon-izing vulnerable servers

Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle

A Bard’s Tale – how fake AI bots try to install malware

The AI race is on! It’s easy to lose track of the latest developments and possibilities, and yet everyone wants to see firsthand what the hype is about. Heydays for cybercriminals!

Evacuation of 30,000 hackers – Week in security with Tony Anscombe

DEF CON, the annual hacker convention in Las Vegas, was interrupted on Saturday evening when authorities evacuated the event's venue due to a bomb threat

DEF CON 31: US DoD urges hackers to go and hack ‘AI’

The limits of current AI need to be tested before we can rely on their output

Mass-spreading campaign targeting Zimbra users

ESET researchers have observed a new phishing campaign targeting users of the Zimbra Collaboration email server.