FreshRSS

🔒
❌ About FreshRSS
☷
△ 🔃
There are new available articles, click to refresh the page.
Before yesterdaySecurity

New Webinar: 5 Must-Know Trends Impacting AppSec

By The Hacker News
Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it's almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads when working with public clouds, vulnerabilities in containers hosting web applications, and many other

ServiceNow Data Exposure: A Wake-Up Call for Companies

By The Hacker News
Earlier this week, ServiceNow announced on its support site that misconfigurations within the platform could result in “unintended access” to sensitive data. For organizations that use ServiceNow, this security exposure is a critical concern that could have resulted in major data leakage of sensitive corporate data. ServiceNow has since taken steps to fix this issue.  This article fully analyzes

EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub

By Newsroom
A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate cryptojacking activities. "As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and

Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

By Newsroom
Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows -  CVE-2022-4886 (CVSS score: 8.8) - Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller CVE-2023-5043 (

Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware

By Newsroom
A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE. "MSIX is a Windows app package format that developers can leverage to package, distribute, and install their applications to Windows users," Elastic

LockBit alleges it boarded Boeing, stole 'sensitive data'

ALSO: CISA begs for a consistent budget, Las Vegas school breach; Nigeria arrests six cyber princes, the week's critical vulnerabilities

Security In Brief Notorious ransomware gang LockBit has reportedly exfiltrated “a tremendous amount of sensitive data from aerospace outfit Boeing.…

  • October 30th 2023 at 02:30
  • ↗

This Cryptomining Tool Is Stealing Secrets

By Lily Hay Newman
Plus: Details emerge of a US government social media-scanning tool that flags “derogatory” speech, and researchers find vulnerabilities in the global mobile communications network.

Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service

By Newsroom
New findings have shed light on what's said to be a lawful attempt to covertly intercept traffic originating from jabber[.]ru (aka xmpp[.]ru), an XMPP-based instant messaging service, via servers hosted on Hetzner and Linode (a subsidiary of Akamai) in Germany. "The attacker has issued several new TLS certificates using Let's Encrypt service which were used to hijack encrypted STARTTLS

Apple Private Wi-Fi hasn't worked for the past three years

Not exactly the MAC daddy

Three years after Apple introduced a menu setting called Private Wi-Fi Address, a way to spoof network identifiers called MAC addresses, the privacy protection may finally work as advertised, thanks to a software fix.…

  • October 27th 2023 at 22:30
  • ↗

The Destruction of Gaza’s Internet Is Complete

By Matt Burgess
As Israel increases its ground operation in Gaza, the last remaining internet and mobile connections have gone dark.

F5 hurriedly squashes BIG-IP remote code execution bug

Fixes came earlier than scheduled as vulnerability became known to outsiders

F5 has issued a fix for a remote code execution (RCE) bug in its BIG-IP suite carrying a near-maximum severity score.…

  • October 27th 2023 at 17:34
  • ↗

N. Korean Lazarus Group Targets Software Vendor Using Known Flaws

By Newsroom
The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and LPEClient, a known hacking tool used by the threat actor for

Roundcube Webmail servers under attack – Week in security with Tony Anscombe

The zero-day exploit deployed by the Winter Vivern APT group only requires that the target views a specially crafted message in a web browser
  • October 27th 2023 at 13:47
  • ↗

Microsoft unveils shady shenanigans of Octo Tempest and their cyber-trickery toolkit

Gang thought to be behind attack on MGM Resorts has a skillset larger than most cybercrime groups in existence

Microsoft's latest report on "one of the most dangerous financial criminal groups" operating offers security pros an abundance of threat intelligence to protect themselves from its myriad tactics.…

  • October 27th 2023 at 12:43
  • ↗

How to Keep Your Business Running in a Contested Environment

By The Hacker News
When organizations start incorporating cybersecurity regulations and cyber incident reporting requirements into their security protocols, it's essential for them to establish comprehensive plans for preparation, mitigation, and response to potential threats. At the heart of your business lies your operational technology and critical systems. This places them at the forefront of cybercriminal

Google Expands Its Bug Bounty Program to Tackle Artificial Intelligence Threats

By Newsroom
Google has announced that it's expanding its Vulnerability Rewards Program (VRP) to compensate researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in an effort to bolster AI safety and security. "Generative AI raises new and different concerns than traditional digital security, such as the potential for unfair bias, model manipulation or

King Charles III signs off on UK Online Safety Act, with unenforceable spying clause

It's now up to Ofcom to sort out this messy legislation

With the assent of King Charles, the United Kingdom's Online Safety Act has become law, one that the British government says will "make the UK the safest place in the world to be online."…

  • October 27th 2023 at 09:51
  • ↗

ESET APT Activity Report Q2–Q3 2023

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 and Q3 2023
  • October 26th 2023 at 09:30
  • ↗

Weekly Update 371

By Troy Hunt
Weekly Update 371

So I wrapped up this week's live stream then promptly blew hours mucking around with Zigbee on Home Assistant. Is it worth it, as someone asked in the chat? Uh, yeah, kinda, mostly. But seriously, having a highly automated house is awesome and I suggest that most people watching these vids harbour the same basic instinct as I do to try and improve our lives through technology. The coordination of lights with times of day, the security checks around open doors, the controlling of fans and air conditioning to keep everyone comfy, it just rocks... when it works 😎

Weekly Update 371
Weekly Update 371
Weekly Update 371
Weekly Update 371

References

  1. Sponsored by: Got Linux? (And Mac and Windows and iOS and Android?) Then Kolide has the device trust solution for you. Click here to watch the demo.
  2. 1Password got caught up in the Okta incident (it had no impact, but it does make you wonder about the soundness of passing around HAR files...)
  3. Does a service use HIBP for their "dark web" search? (it depends: some state it explicitly and some explicitly ask it not to be stated, so I simply neither confirm nor deny)
  4. It's finally time to migrate HIBP away from Table Storage (that post is almost a decade old now and explains why I went with this construct to begin with)
  5. I'm rolling all my Zigbee things from deCONZ with a Conbee to ZHA with Home Assistant Yellow (it's painful, but shout out to those who helped during the live stream and followed up later via Twitter)

F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution

By Newsroom
F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS score of 9.8 out of a maximum of 10. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP

Apple drops urgent patch against obtuse TriangleDB iPhone malware

Kaspersky first found this software nasty on its own phones

Apple pushed several security fixes on Wednesday, including one for all iPhone and iPads used before September last year that has already been exploited by cyber snoops.…

  • October 26th 2023 at 21:15
  • ↗

Forget the outside hacker, the bigger threat is inside by the coffee machine

After a week of incidents, Register vultures pick over the innards

Kettle In this week's Kettle the topic is one that's been much in the news this week - the much-underrated insider threat issue.…

  • October 26th 2023 at 20:15
  • ↗

TikTok Streamers Are Staging ‘Israel vs. Palestine’ Live Matches to Cash In on Virtual Gifts

By David Gilbert
TikTokkers are using a little-known livestreaming feature to falsely represent Israelis and Palestinians—and the company is taking a cut of costly in-app gifts viewers give to participants.

Side channel attacks take bite out of Apple silicon with iLeakage exploit

Nearly six years on from Spectre and Meltdown, novel method steals passwords, emails, texts

University researchers have developed a novel exploit that can steal information from virtually all modern Apple Macs, iPhones, and iPads.…

  • October 26th 2023 at 17:45
  • ↗

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A- and M-Series CPUs

By Newsroom
A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using

Maine Mass Shooting Disinformation Floods Social Media as Suspect Remains at Large

By David Gilbert
In the hours following the worst mass shooting in Maine’s history, disinformation about the suspected gunman flooded social media with false claims that he had been arrested.

Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware

By Newsroom
The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world. Microsoft, which disclosed the activities of the financially motivated hacking crew, described the adversary as "one of the most dangerous financial criminal

Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw

By Newsroom
Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed flaw called HTTP/2 Rapid Reset, 89 of which exceeded 100 million requests per second (RPS). "The campaign contributed to an overall increase of 65% in HTTP DDoS attack traffic in Q3 compared to the previous quarter," the web infrastructure

The Danger of Forgotten Pixels on Websites: A New Case Study

By The Hacker News
While cyberattacks on websites receive much attention, there are often unaddressed risks that can lead to businesses facing lawsuits and privacy violations even in the absence of hacking incidents. A new case study highlights one of these more common cases.  Download the full case study here. It's a scenario that could have affected any type of company, from healthcare to finance, e-commerce to

ServiceNow quietly addresses unauthenticated data exposure flaw from 2015

Researcher who publicized issue brands company’s communication 'appalling'

ServiceNow is issuing a fix for a flaw that exposes data after a researcher published a method for unauthenticated attackers to steal an organization's sensitive files.…

  • October 26th 2023 at 08:30
  • ↗

Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks

By Newsroom
The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. "IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader for further payloads," the PwC Threat Intelligence team said in a Wednesday analysis. "It uses

Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data

By Newsroom
Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as CVE-2023-43208, the vulnerability has been addressed in version 4.4.1 released on October 6, 2023. "This is an easily exploitable, unauthenticated remote code
❌