Private and Secure Web Search Engines: DuckDuckGo, Brave, Kagi, Startpage

What you look for online is up to you—just make sure no one else is taking a peek.

Open Source Security Assessment Collaboration Platform

submitted by /u/ascetik
[link] [comments]

North Korean Software Supply Chain Attack Hits North America, Asia

Novel Mirai-Based DDoS Botnet Exploits 0-Days To Infect Routers And Security Cameras

Gulf Air Exposed To Data Breach, Vital Operations Not Affected

Sensitive Kubernetes Secrets Discovered Exposed

OpenCart Owner Turns Air Blue After Researcher Discloses Serious Vuln

Google’s Ad Blocker Crackdown Is Growing

Plus: North Korean supply chain attacks, a Russian USB worm spreads internationally, and more.

Telekopye's tricks of the trade – Week in security with Tony Anscombe

ESET's research team reveals details about the onboarding process of the Telekopye scam operation and the various methods that the fraudsters use to defraud people online

New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government

An unspecified government entity in Afghanistan was targeted by a previously undocumented web shell called HrServ in what’s suspected to be an advanced persistent threat (APT) attack. The web shell, a dynamic-link library (DLL) named “hrserv.dll,” exhibits “sophisticated features such as custom encoding methods for client communication and in-memory execution,” Kaspersky security researcher Mert

Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches

The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files. A brief description of the vulnerabilities is as follows - CVE-2023-49103 (CVSS score: 10.0) - Disclosure of sensitive credentials and configuration in containerized deployments impacting graphapi versions from

OpenCart owner turns air blue after researcher discloses serious vuln

Web storefront maker fixed the flaw, but not before blasting infoseccer

The owner of the e-commerce store management system OpenCart has responded with hostility to a security researcher disclosing a vulnerability in the product.…

Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale

More details have emerged about a malicious Telegram bot called Telekopye that's used by threat actors to pull off large-scale phishing scams. "Telekopye can craft phishing websites, emails, SMS messages, and more," ESET security researcher Radek Jizba said in a new analysis. The threat actors behind the operation – codenamed Neanderthals – are known to run the criminal enterprise as a

Go on a Psychedelic Journey of the Internet's Growth and Evolution

Security researcher Barrett Lyon, who makes visualizations of the internet's network infrastructure, is back with a new piece chronicling the rise of the IPv6 protocol.

Tell Me Your Secrets Without Telling Me Your Secrets

The title of this article probably sounds like the caption to a meme. Instead, this is an actual problem GitGuardian's engineers had to solve in implementing the mechanisms for their new HasMySecretLeaked service. They wanted to help developers find out if their secrets (passwords, API keys, private keys, cryptographic certificates, etc.) had found their way into public GitHub repositories. How

Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel

Cybersecurity researchers have shed light on a Rust version of a cross-platform backdoor called SysJoker, which is assessed to have been used by a Hamas-affiliated threat actor to target Israel amid the ongoing war in the region. “Among the most prominent changes is the shift to Rust language, which indicates the malware code was entirely rewritten, while still maintaining similar

Comprehensive guide on writing your first metasploit remote code execution module

submitted by /u/security_aaudit
[link] [comments]

Telekopye: Chamber of Neanderthals’ secrets

Insight into groups operating Telekopye bots that scam people in online marketplaces

Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories

Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks. “These encoded Kubernetes configuration secrets were uploaded to public repositories,” Aqua security researchers Yakir Kadkoda and Assaf Morag said in a new research published earlier this week. Some of those impacted include two top blockchain

BlackCat claims it is behind Fidelity National Financial ransomware shakedown

One of US's largest underwriters forced to shut down a number of key systems

Fortune 500 insurance biz Fidelity National Financial (FNF) has confirmed that it has fallen victim to a "cybersecurity incident."…

Hide files inside images

submitted by /u/JizosKasa
[link] [comments]

Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks

A new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts. The activity has been attributed to a threat actor called Konni, which is assessed to share overlaps with a North Korean cluster tracked as Kimsuky (aka APT43). "This campaign relies on a remote access trojan

It's Time to Log Off

There’s a devastating amount of heavy news these days. Psychology experts say you need to know your limits—and when to put down the phone.

CVE-2023-46604: Attacking & Defending ActiveMQ

submitted by /u/gfekkas
[link] [comments]

Industry piles in on North Korea for sustained rampage on software supply chains

Kim’s cyber cronies becoming more active, sophisticated in attempts to pwn global orgs

The national cybersecurity organizations of the UK and the Republic of Korea (ROK) have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. …

Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails

Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as WailingCrab. "The malware itself is split into multiple components, including a loader, injector, downloader and backdoor, and successful requests to C2-controlled servers are often necessary to retrieve the next stage," IBM X-Force researchers Charlotte Hammond, Ole Villadsen, and Kat

Attack on direct debit provider London & Zurich leaves customers with 6-figure backlogs

Customers complain of poor comms during huge outage that’s sparked payroll fears

A ransomware attack and resulting outages at direct debit collection company London & Zurich has forced at least one customer to take out a short-term loan as six-figure backlogs continue to cause cash flow mayhem.…

6 Steps to Accelerate Cybersecurity Incident Response

Modern security tools continue to improve in their ability to defend organizations’ networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible. That’s why it’s essential that these teams not only have the right tools but also understand how to effectively

Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks

An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service (DDoS) botnet. “The payload targets routers and network video recorder (NVR) devices with default admin credentials and installs Mirai variants when successful,” Akamai said in an advisory

Stop social engineering at the IT help desk

How Secure Service Desk thwarts social engineering attacks and secures user verification

Sponsored Post Ransomware can hit any organization at any time, and hackers are proving adept at social engineering techniques to gain access to sensitive data in any way they can.…

Mirai malware infects routers and cameras for new botnet

Akamai sounds the alarm – won't name the manufacturers yet

Akamai has uncovered two zero-day bugs capable of remote code execution, both being exploited to distribute the Mirai malware and built a botnet army for distributed denial of service (DDoS) attacks.…

N. Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack

A North Korean state-sponsored threat actor tracked as Diamond Sleet is distributing a trojanized version of a legitimate application developed by a Taiwanese multimedia software developer called CyberLink to target downstream customers via a supply chain attack. "This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code that downloads,

New Relic warns customers it's experienced a cyber … something

Users told to hold tight and await instructions as investigation continues

Web tracking and analytics outfit New Relic has issued a scanty security advisory warning customers it has experienced a scary cyber something.…

North Korea makes finding a gig even harder by attacking candidates and employers

That GitHub repo an interviewer wants you to work on could be malware

Palo Alto Networks' Unit 42 has detailed a pair of job market hacking schemes linked to state-sponsored actors in North Korea: one in which the threat actors pose as job seekers, the other as would-be employers.…

How to give Windows Hello the finger and login as someone on their stolen laptop

Not that we're encouraging anyone to defeat this fingerprint authentication

Hardware security hackers have detailed how it's possible to bypass Windows Hello's fingerprint authentication and login as someone else – if you can steal or be left alone with their vulnerable device.…

US nuke reactor lab hit by 'gay furry hackers' demanding cat-human mutants

Staff records swiped, leaked by gang who probably read one too many comics, sorry, graphic novels

The self-described "gay furry hackers" of SiegedSec are back: this time boasting they've broken into America's biggest nuclear power lab's computer systems and stolen records on thousands of employees. Some of that data has already been leaked, it appears.…

4 of the top 10 password strength tools are giving people bad password advice, and they don't care.

submitted by /u/ezzzzz
[link] [comments]

Diamond Sleet supply chain compromise distributes a modified CyberLink installer

submitted by /u/SCI_Rusher
[link] [comments]

New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login

A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws were discovered by researchers at hardware and software product security and offensive research firm Blackwing Intelligence, who found the weaknesses in the fingerprint sensors from Goodix,

IPSec Analysis (X-Post from /r/malware)

submitted by /u/tohitsugu
[link] [comments]

185,000 Individuals Impacted By MOVEit Hack At AutoZone

Sam Altman Is Back As OpenAI CEO Just Days After Being Removed, Along With A New Board

Kinsing Malware Exploits Critical Apache ActiveMQ Flaw To Mine Crypto

Windows Hello Fingerprint Authentication Bypassed On Popular Laptops

USB Worm Unleashed By Russian State Hackers Spreads Worldwide

Netflix Bug That Opened Smart TVs To Attacks Is Detailed, 4 Years Later

Your voice is my password

AI-driven voice cloning can make things far too easy for scammers – I know because I’ve tested it so that you don’t have to learn about the risks the hard way.

Pentesting Azure Mindmap

submitted by /u/Computer-sec
[link] [comments]

US cybercops take on 'pig butchering' org, return $9M in scammed crypto

Crims drain wallets of marks after letting them in on 'awesome crypto scheme secret'

The US has seized nearly $9 million in proceeds generated by exploiting more than 70 victims across the nation in so-called "pig butchering" scams.…

North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns

North Korean threat actors have been linked to two campaigns in which they masquerade as both job recruiters and seekers to distribute malware and obtain unauthorized employment with organizations based in the U.S. and other parts of the world. The activity clusters have been codenamed Contagious Interview and Wagemole, respectively, by Palo Alto Networks Unit 42. While the first set of attacks

AI Solutions Are the New Shadow IT

Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security RisksLike the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot.  Employees are covertly using AI with little regard for established IT and cybersecurity review procedures. Considering ChatGPT’s meteoric rise to 100 million users within 60 days of launch, especially with little

Microsoft's bug bounty turns 10. Are these kinds of rewards making code more secure?

Katie Moussouris, who pioneered Redmond's program, says folks are focusing on the wrong thing

Interview Microsoft's bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade – with $60 million awarded to bug hunters in the past five years alone, according to Redmond.…

UK's cookie crumble: Data watchdog serves up tougher recipe for consent banners

30 days to get compliant with tracking rules or face enforcement action

The UK's Information Commissioner's Office (ICO) is getting tough on website design, insisting that opting out of cookies must be as simple as opting in.…

ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer

The macOS information stealer known as Atomic is now being delivered to target via a bogus web browser update chain tracked as ClearFake. "This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system," Malwarebytes' Jérôme Segura said in a Tuesday analysis. Atomic

Fuel for thought: Can a driverless car get arrested?

What happens when problems caused by autonomous vehicles are not the result of errors, but the result of purposeful attacks?

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. The joint advisory comes from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI),

XXE, You Can Depend On Me (OpenCMS CVE-2023-42344 and Friends) - watchTowr Labs

submitted by /u/dx7r__
[link] [comments]

Binance and CEO admit financial crimes, billions coughed up to US govt

Chief quits, pays own penalty after helping crooks launder cash, aiding sanctions evaders

The world's largest cryptocurrency exchange just got a little smaller, with the US Department of Justice announcing Binance and its CEO Changpeng Zhao have both pleaded guilty to a multitude of financial crimes. As a result Binance will fork out $10 billion to Uncle Sam in fines and settlements.…

A Touch of Pwn: Attacking Windows Hello Fingerprint Authentication

submitted by /u/Titokhan
[link] [comments]

DOJ Charges Binance With Vast Money-Laundering Scheme and Sanctions Violations

From Russia to Iran, the feds have charged Binance with conducting well over $1 billion in transactions with sanctioned countries and criminal actors.