Apple Drops Urgent Patch Against Obtuse TriangleDB iPhone Malware

iLeakage Attack Exploits Safari To Steal Sensitive Data From Macs, iPhones

Hackers Earn $350k On Second Day Of Pwn2Own Toronto 2023

iPhones Have Been Exposing Your Unique MAC Despite Apple's Promises Elsewise

Crypto King Tells Judge He Acted On Legal Advice

Microsoft Unveils Shady Shenanigans Of Octo Tempest

Microsoft unveils shady shenanigans of Octo Tempest and their cyber-trickery toolkit

Gang thought to be behind attack on MGM Resorts has a skillset larger than most cybercrime groups in existence

Microsoft's latest report on "one of the most dangerous financial criminal groups" operating offers security pros an abundance of threat intelligence to protect themselves from its myriad tactics.…

Cure53 | Pentest-Report Tor Browser & OONI 02.-03.2023

submitted by /u/shulginlegacy
[link] [comments]

How to Keep Your Business Running in a Contested Environment

When organizations start incorporating cybersecurity regulations and cyber incident reporting requirements into their security protocols, it's essential for them to establish comprehensive plans for preparation, mitigation, and response to potential threats. At the heart of your business lies your operational technology and critical systems. This places them at the forefront of cybercriminal

Google Expands Its Bug Bounty Program to Tackle Artificial Intelligence Threats

Google has announced that it's expanding its Vulnerability Rewards Program (VRP) to compensate researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in an effort to bolster AI safety and security. "Generative AI raises new and different concerns than traditional digital security, such as the potential for unfair bias, model manipulation or

King Charles III signs off on UK Online Safety Act, with unenforceable spying clause

It's now up to Ofcom to sort out this messy legislation

With the assent of King Charles, the United Kingdom's Online Safety Act has become law, one that the British government says will "make the UK the safest place in the world to be online."…

ESET APT Activity Report Q2–Q3 2023

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 and Q3 2023

Weekly Update 371

So I wrapped up this week's live stream then promptly blew hours mucking around with Zigbee on Home Assistant. Is it worth it, as someone asked in the chat? Uh, yeah, kinda, mostly. But seriously, having a highly automated house is awesome and I suggest that most people watching these vids harbour the same basic instinct as I do to try and improve our lives through technology. The coordination of lights with times of day, the security checks around open doors, the controlling of fans and air conditioning to keep everyone comfy, it just rocks... when it works 😎

References

1. Sponsored by: Got Linux? (And Mac and Windows and iOS and Android?) Then Kolide has the device trust solution for you. Click here to watch the demo.
2. 1Password got caught up in the Okta incident (it had no impact, but it does make you wonder about the soundness of passing around HAR files...)
3. Does a service use HIBP for their "dark web" search? (it depends: some state it explicitly and some explicitly ask it not to be stated, so I simply neither confirm nor deny)
4. It's finally time to migrate HIBP away from Table Storage (that post is almost a decade old now and explains why I went with this construct to begin with)
5. I'm rolling all my Zigbee things from deCONZ with a Conbee to ZHA with Home Assistant Yellow (it's painful, but shout out to those who helped during the live stream and followed up later via Twitter)

F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution

F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS score of 9.8 out of a maximum of 10. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP

Apple drops urgent patch against obtuse TriangleDB iPhone malware

Kaspersky first found this software nasty on its own phones

Apple pushed several security fixes on Wednesday, including one for all iPhone and iPads used before September last year that has already been exploited by cyber snoops.…

Forget the outside hacker, the bigger threat is inside by the coffee machine

After a week of incidents, Register vultures pick over the innards

Kettle In this week's Kettle the topic is one that's been much in the news this week - the much-underrated insider threat issue.…

TikTok Streamers Are Staging ‘Israel vs. Palestine’ Live Matches to Cash In on Virtual Gifts

TikTokkers are using a little-known livestreaming feature to falsely represent Israelis and Palestinians—and the company is taking a cut of costly in-app gifts viewers give to participants.

CVE-2023-46747: Pre-Auth Remote Code Execution in F5-BIGIP via AJP Request Smuggling

submitted by /u/bouncyhat
[link] [comments]

Side channel attacks take bite out of Apple silicon with iLeakage exploit

Nearly six years on from Spectre and Meltdown, novel method steals passwords, emails, texts

University researchers have developed a novel exploit that can steal information from virtually all modern Apple Macs, iPhones, and iPads.…

Threat Hunting: Detecting Browser Credential Stealing [T1555.003]

submitted by /u/achilles4828
[link] [comments]

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A- and M-Series CPUs

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using

Maine Mass Shooting Disinformation Floods Social Media as Suspect Remains at Large

In the hours following the worst mass shooting in Maine’s history, disinformation about the suspected gunman flooded social media with false claims that he had been arrested.

BeyondTrust, Cloudflare And 1Password Targeted After Okta Breach

Google Announces Bug Bounty Program And Other Initiatives To Secure AI

ServiceNow Quietly Addresses Unauthenticated Data Exposure Flaw From 2015

You Should Probably Buy A Flipper Zero Before It's Too Late

Pro-Russian Hackers Target XSS In Roundcube

Mandiant Intelligence Chief Raises Alarms Over China's Volt Typhoon Hackers In US Critical Infrastructure

Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware

The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world. Microsoft, which disclosed the activities of the financially motivated hacking crew, described the adversary as "one of the most dangerous financial criminal

Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw

Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed flaw called HTTP/2 Rapid Reset, 89 of which exceeded 100 million requests per second (RPS). "The campaign contributed to an overall increase of 65% in HTTP DDoS attack traffic in Q3 compared to the previous quarter," the web infrastructure

The Danger of Forgotten Pixels on Websites: A New Case Study

While cyberattacks on websites receive much attention, there are often unaddressed risks that can lead to businesses facing lawsuits and privacy violations even in the absence of hacking incidents. A new case study highlights one of these more common cases.  Download the full case study here. It's a scenario that could have affected any type of company, from healthcare to finance, e-commerce to

CVE-2023-4357: Libxslt arbitrary file reading using document() method and external entities

submitted by /u/poltess0
[link] [comments]

ServiceNow quietly addresses unauthenticated data exposure flaw from 2015

Researcher who publicized issue brands company’s communication 'appalling'

ServiceNow is issuing a fix for a flaw that exposes data after a researcher published a method for unauthenticated attackers to steal an organization's sensitive files.…

Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks

The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. "IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader for further payloads," the PwC Threat Intelligence team said in a Wednesday analysis. "It uses

Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data

Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as CVE-2023-43208, the vulnerability has been addressed in version 4.4.1 released on October 6, 2023. "This is an easily exploitable, unauthenticated remote code

YoroTrooper: Researchers Warn of Kazakhstan's Stealthy Cyber Espionage Group

A relatively new threat actor known as YoroTrooper is likely made up of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani entities, barring the government's Anti-Corruption Agency. "YoroTrooper attempts to obfuscate the

Perfect DLL Hijacking

submitted by /u/elliotkillick
[link] [comments]

Canada goosed as attackers shutter hospitals and China deepfakes its politicians

Eh? Canucks cracked by cyber crims

Cybercriminals have Canada in the crosshairs, with five Ontario hospitals and a fresh Spamoflague disinformation campaign targeting "dozens" of Canadian government officials, including the PM.…

Cisco IOS XE CVE-2023-20198 and CVE-2023-20273: WebUI Internals, Patch Diffs, and Theory Crafting

submitted by /u/scopedsecurity
[link] [comments]

Okta's Latest Security Breach Is Haunted by the Ghost of Incidents Past

A recent breach of authentication giant Okta has impacted nearly 200 of its clients. But repeated incidents and the company’s delayed disclosure have security experts calling foul.

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

submitted by /u/SCI_Rusher
[link] [comments]

Pro-Russia group exploits Roundcube zero-day in attacks on European government emails

With this zero-day, researchers say the 'scrappy' group is stepping up its operations

The Winter Vivern cyber spy group is exploiting an XSS zero-day vulnerability in attacks on European governments.…

Flaws In O-Auth's Social Sign-In Could Have Put Billions Of Users At Risk

Personal Information Stolen In City Of Philadelphia Email Hack

Ex-NSA Techie Pleads Guilty To Selling State Secrets To Russia

VMware vCenter Flaw So Critical, Patches Released For End-Of-Life Products

Ransomware Boom Hits All-Time High

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known

Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms

Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio, and Bukalapak, building upon previous shortcomings uncovered in Booking[.]com and Expo. The weaknesses, now addressed by the respective companies following responsible disclosure between February and April 2023, could have allowed malicious actors to

A fortified data vault to give you peace of mind

Watch our webinar to hear more about comprehensive data protection from Zerto and HPE

Webinar It's a challenge to maintain the availability and security of mission critical data in today's environment. As IT teams know only too well, there's no quiet season for enterprise IT operations or cyber threats.…

CVE-2021-27198 - Arbitrary Write to RCE

submitted by /u/securifera
[link] [comments]

The Rise of S3 Ransomware: How to Identify and Combat It

In today's digital landscape, around 60% of corporate data now resides in the cloud, with Amazon S3 standing as the backbone of data storage for many major corporations.  Despite S3 being a secure service from a reputable provider, its pivotal role in handling vast amounts of sensitive data (customer personal information, financial data, intellectual property, etc.), provides a juicy target for

Elon Musk Mocked Ukraine, and Russian Trolls Went Wild

Inauthentic accounts on X flocked to its owner’s post about Ukrainian president Vlodymr Zelensky, hailing “Comrade Musk” and boosting pro-Russia propaganda.

Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability

VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 (CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol. "A malicious actor with network access to vCenter Server may trigger an out-of-bounds

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers

ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible

Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware

The popularity of Brazil's PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX. Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off using malicious ads that are served when potential victims search for "WhatsApp web" on search engines. "The

Hunters International leaks pre-op plastic surgery pics in negotiation no-no

No honor among thieves as group denies Hive ransomware links

A newly emerged ransomware gang claims to have successfully gained access to the systems of a US plastic surgeon's clinic, leaking patients' pre-operation pictures in an attempt to hurry a ransom payment.…

Tenable + Ermetic

submitted by /u/JustifiedSimplicity
[link] [comments]

Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities

Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. "An unauthenticated, malicious actor can inject files

VMware reveals critical vCenter vuln that you may have patched already without knowing it

Takes rare step of issuing patches for end-of-life versions, as some staff report end-of-career letters

VMware has disclosed a critical vulnerability in its vCenter Server – and that it issued an update to fix it weeks ago, along with patches for unsupported versions of the software.…