New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices

A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it's developed using an open-source mobile app framework called Xamarin and abuses the operating system's accessibility permissions to fulfill its objectives.

Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining

Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS) attacks. "Threat actors can also choose to install only scanners and sell the breached IP and account credentials on

2023 Rewind: The Year In Cybersecurity

Hackers Use Six Year Old Microsoft Office Bug To Spread Agent Tesla

Carbanak Banking Malware Resurfaces with New Ransomware Tactics

The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. "Carbanak returned last month through new

Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies

The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after Group-IB's formal exit from Russia earlier this year. Cloud Atlas, active since at

Check out OpenSSF's "Source Code Management Platform Configuration Best Practices" and Legitify - a cli tool that helps you comply

submitted by /u/roy_6472
[link] [comments]

GitHub - dwisiswant0/ngocok: ngrok Collaborator Link — yet another Burp Collaborator alternative for free with ngrok.

submitted by /u/dwisiswant0
[link] [comments]

PNLS: Tool that captures and displays SSIDs from device's Preferred Network List in the nearby vicinity.

submitted by /u/ssj_aleksa
[link] [comments]

Developers are juicy targets: DCOM & Visual Studio

submitted by /u/gid0rah
[link] [comments]

British LAPSUS$ Teen Members Sentenced for High-Profile Attacks

Two British teens part of the LAPSUS$ cyber crime and extortion gang have been sentenced for their roles in orchestrating a string of high-profile attacks against a number of companies. Arion Kurtaj, an 18-year-old from Oxford, has been sentenced to an indefinite hospital order due to his intent to get back to cybercrime "as soon as possible," BBC reported. Kurtaj, who is autistic, was

Weekly Update 379

It's that time of the year again, time to head from the heat to the cold as we jump on the big plane(s) back to Europe. The next 4 weekly updates will all be from places of varying degrees colder than home, most of them done with Scott Helme too so they'll be a little different to usual. For now, here's a pretty casual Christmas edition, see you next week from the other side 🙂

References

1. Sponsored by: Unpatched devices keeping you up at night? Kolide can get your entire fleet updated in days. It's Device Trust for Okta. Watch the demo!
2. K'gari / Fraser Island is just exceedingly beautiful (and now we need a bigger wall to put these photos up on 🤣)
3. The Ubiquiti Dream Wall is a really sweet looking piece of kit (awesome solution to avoid having a full rack setup if you don't need it)
4. I'll be back as NDC Oslo in June for the first time since 2019 (this is the event that gave me everything from a career to a wife - it's kinda special to me 😊)
5. The story about a marketing company pitching ads based on eavesdropped conversations by mobile devices is really wild (for so long, this amounted to tinfoil-hattery, now here we are...)

Iranian cyberspies target US defense orgs with a brand new backdoor

Also: International cops crackdown on credit card stealers and patch these critical vulns

Infosec in brief Iranian cyberspies are targeting defense industrial base organizations with a new backdoor called FalseFont, according to Microsoft.…

Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft

Threat hunters have discovered a rogue WordPress plugin that's capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri. "As with many other malicious or fake WordPress plugins it contains some deceptive information at

Cyber sleuths reveal how they infiltrate the biggest ransomware gangs

How do you break into the bad guys' ranks? Master the lingo and research, research, research

Feature When AlphV/BlackCat's website went dark this month, it was like Chrimbo came early for cybersecurity defenders, some of whom seemingly believed law enforcement had busted one of the most menacing cyber criminal crews.…

80% Of Struts Downloads Are For Versions Featuring Critical Flaw

From CZ To SBF, 2023 Was The Year Of The Fallen Crypto Bro

GTA 6 Hacker Sentenced To Life In Hospital Prison

Iranian Hackers Target US Defense Sector With New Backdoor

Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities

Indian government entities and the defense sector have been targeted by a phishing campaign that's engineered to drop Rust-based malware for intelligence gathering. The activity, first detected in October 2023, has been codenamed Operation RusticWeb by enterprise security firm SEQRITE. "New Rust-based payloads and encrypted PowerShell commands have been utilized to exfiltrate

Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers' unfamiliarity can hamper their investigation," Netskope researchers Ghanashyam Satpathy and Jan Michael Alcantara&nbsp

SSH ProxyCommand == unexpected code execution (CVE-2023-51385)

submitted by /u/nex25519
[link] [comments]

Facebook Marketplace Is Being Ruined by Zelle Scammers

I tried to sell a futon on Facebook Marketplace and nearly all I got were scammers.

Congress Sure Made a Lot of Noise About Kids’ Privacy in 2023—and Not Much Else

Members of the US Congress touted improvements to children’s privacy protections as an urgent priority. So why didn’t they do anything about it?

Key findings from ESET Threat Report H2 2023 – Week in security with Tony Anscombe

How cybercriminals take advantage of the popularity of ChatGPT and other tools of its ilk to direct people to sketchy sites, plus other interesting findings from ESET's latest Threat Report

Safeguard the joy: 10 tips for securing your shiny new device

Unwrapping a new gadget this holiday season will put a big smile on your face but things may quickly turn sour if the device and data on it aren’t secured properly

These aren’t the Androids you should be looking for

You may get more than you bargained for when you buy a budget-friendly smartphone and forgo safeguards baked into Google Play

UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. "The threat actor targets Ukrainian employees working for companies outside of Ukraine," cybersecurity firm Deep Instinct said in a Thursday analysis. UAC-0099 was first

Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector

Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach Sandstorm (formerly Holmium), which is also known as APT33, Elfin, and Refined Kitten. "

Lapsus$ teen sentenced to indefinite detention in hospital for Nvidia, GTA cyberattacks

Arion Kurtaj will remain hospitalized until a mental health tribunal says he can leave

Two British teens who were members of the Lapsus$ gang have been sentenced for their roles in a cyber-crime spree that included compromising Uber, Nvidia, and fintech firm Revolut, and also blackmailing Grand Theft Auto maker Rockstar Games.…

Ghidriff: Ghidra Binary Diffing Engine

submitted by /u/onlinereadme
[link] [comments]

Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected Android system (it had it on iOS)," Cisco Talos researchers Mike Gentile, Asheer Malhotra, and Vitor

Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication

Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. "Representing a restructured and enhanced iteration of its predecessor, this evolved Chameleon variant excels in executing Device Takeover (DTO) using the accessibility service, all while expanding its targeted region,

Weaponizing DHCP DNS Spoofing: Part 2 — A Hands-On Guide

submitted by /u/oridavid1231
[link] [comments]

Four in five Apache Struts 2 downloads are for versions featuring critical flaw

Seriously, people - please check the stuff you fetch more carefully

Security vendor Sonatype believes developers are failing to address the critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, based on recent downloads of the code.…

ESO Solutions Data Breach Impacts 2.7 Million Individuals

Google Rushes To Patch Eighth Chrome Zero Day This Year

Mozilla Decides Trusted Types Is A Worthy Security Feature

Something Nasty Injected Login Stealing JavaScript Code Into 50k Online Banking Sessions

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world. The activity cluster, which employs JavaScript web injections, is estimated to have led to at least 50,000 infected user sessions spanning North America, South America, Europe, and Japan.

Command line tool for extracting secrets such as passwords, API keys, and tokens from WARC (Web ARChive) files

submitted by /u/neathack
[link] [comments]

A detailed analysis of the Menorah malware used by APT34

submitted by /u/CyberMasterV
[link] [comments]

Terrapin - SSH prefix truncation attack - CVE-2023-48795

submitted by /u/lubricin
[link] [comments]

Understanding The Workings of Russian Hacker “Wazawaka”

submitted by /u/wtfse
[link] [comments]

CVE-2023-42793 - Attacking and Defending JetBrains Teamcity

submitted by /u/gfekkas
[link] [comments]

Retro Gaming Vulnerability Research: Warcraft 2

submitted by /u/poltess0
[link] [comments]

Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1

submitted by /u/poltess0
[link] [comments]

How Microsoft might have lured unsuspecting end-users into the hands of criminals

submitted by /u/vaizor
[link] [comments]

Marvin Attack on rsa ( Rust ): potential key recovery through timing sidechannels

submitted by /u/hardenedvault
[link] [comments]

Kerberos OPSEC: Offense & Detection Strategies for Red and Blue Team - Part 1 : Kerberoasting

submitted by /u/-vzh-
[link] [comments]

Mozilla decides Trusted Types is a worthy security feature

DOM-XSS attacks have become scarce on Google websites since TT debuted

Mozilla last week revised its position on a web security technology called Trusted Types, which it has decided to implement in its Firefox browser.…

Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices

John Hanley of IBM Security shares 4 key findings from the highly acclaimed annual Cost of a Data Breach Report 2023 What is the IBM Cost of a Data Breach Report? The IBM Cost of a Data Breach Report is an annual report that provides organizations with quantifiable information about the financial impacts of breaches. With this data, they can make data driven decisions about how they implement

German Authorities Dismantle Dark Web Hub 'Kingdom Market' in Global Operation

German law enforcement has announced the disruption of a dark web platform called Kingdom Market that specialized in the sales of narcotics and malware to "tens of thousands of users." The exercise, which involved collaboration from authorities from the U.S., Switzerland, Moldova, and Ukraine, began on December 16, 2023, the Federal Criminal Police Office (BKA) said. Kingdom

Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware

Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.8), a memory corruption vulnerability in Office's

Data loss prevention isn't rocket science, but NASA hasn't made it work in Microsoft 365

Privacy review finds breach response plan is a mess, training could be better, but protection regime mostly holds up

NASA's Office of Inspector General has run its eye over the aerospace agency's privacy regime and found plenty to like – but improvements are needed.…

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. Clément

Something nasty injected login-stealing JavaScript into 50K online banking sessions

Why keeping your PC secure and free of malware remains paramount

IBM Security has dissected some JavaScript code that was injected into people's online banking pages to steal their login credentials, saying 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious software in 2023.…

Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials

Research highlights how major attacks like those exploiting Booking.com are executed

Cybercriminals are preying on the inherent helpfulness of hotel staff during the sector's busy holiday season.…

Remote Encryption Attacks Surge: How One Vulnerable Device Can Spell Disaster

Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their campaigns. "Companies can have thousands of computers connected to their network, and with remote ransomware, all it takes is one underprotected device to compromise the entire network," Mark Loman, vice

Microsoft Outlook Vulnerability Chain Leads To Zero Click RCE