FreshRSS

πŸ”’
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdaySecurity

Break the fake: The race is on to stop AI voice cloning scams

As AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on β€˜hi-fi’ scam calls – and what the future holds for deepfake detection
  • January 23rd 2024 at 10:30

The Unknown Risks of The Software Supply Chain: A Deep-Dive

By The Hacker News
In a world where more & more organizations are adopting open-source components as foundational blocks in their application's infrastructure, it's difficult to consider traditional SCAs as complete protection mechanisms against open-source threats. Using open-source libraries saves tons of coding and debugging time, and by that - shortens the time to deliver our applications. But, as

U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach

By Newsroom
Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank. Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to the breach of the Medibank network as well as the theft and release of Personally Identifiable

COVID-19 test lab accused of exposing 1.3 million patient records to open internet

Now that's a Dutch crunch

A password-less database containing an estimated 1.3 million sets of Dutch COVID-19 testing records was left exposed to the open internet, and it's not clear if anyone is taking responsibility.…

  • January 24th 2024 at 07:28

GCHQ's NCSC warns of 'realistic possibility' AI will help state-backed malware evade detection

That means Brit spies want the ability to do exactly that, huh?

The idea that AI could generate super-potent and undetectable malware has been bandied about for years – and also already debunked. However, an article published today by the UK National Cyber Security Centre (NCSC) suggests there is a "realistic possibility" that by 2025, the most sophisticated attackers’ tools will improve markedly thanks to AI models informed by data describing successful cyber-hits.…

  • January 24th 2024 at 06:26

Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin

By Newsroom
A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal," Fortra&

HP CEO Says They Brick Printers That Use Third-Party Ink Because of … Hackers

By Scharon Harding, Ars Technica
The company says it wants to protect you from β€œviruses.” Experts are skeptical.

CISA boss swatted: 'While my own experience was certainly harrowing, it was unfortunately not unique'

Election officials, judges, politicians, and gamers are in swatters' crosshairs

CISA Director Jen Easterly has confirmed she was the subject of a swatting attempt on December 30 after a bogus report of a shooting at her home.…

  • January 23rd 2024 at 18:30

Accused PII seller faces jail for running underground fraud op

More than 5,000 victims claimed over a 3-year period but filing reckons accused didn't even use a VPN

A Baltimore man faces a potential maximum 20-year prison sentence after being charged for his alleged role in running an online service that sold personal data which was later used for financial fraud.…

  • January 23rd 2024 at 16:00

VexTrio: The Uber of Cybercrime - Brokering Malware for 60+ Affiliates

By Newsroom
The threat actors behind ClearFake, SocGholish, and dozens of other e-crime outfits have established partnerships with another entity known as VexTrio as part of a massive "criminal affiliate program," new findings from Infoblox reveal. The latest development demonstrates the "breadth of their activities and depth of their connections within the cybercrime industry," the company said,

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

By Newsroom
Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from developer systems on which they were installed. The modules named warbeast2000 and kodiak2k were published at the start of the month, attracting 412 and 1,281 downloads before they were taken down by the npm

"Activator" Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets

By Newsroom
Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information and cryptocurrency wallet data. Kaspersky, which identified the artifacts in the wild, said they are designed to target machines running macOS Ventura 13.6 and later, indicating the malware's ability to infect Macs on both Intel and

UK water giant admits attackers broke into system as gang holds it to ransom

Comes mere months after Western intelligence agencies warned of attacks on water providers

Southern Water confirmed this morning that criminals broke into its IT systems, making off with a "limited amount of data."…

  • January 23rd 2024 at 11:48

From Megabits to Terabits: Gcore Radar Warns of a New Era of DDoS Attacks

By The Hacker News
As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to track DDoS attacks. Gcore’s broad, internationally distributed network of scrubbing centers allows them to follow attack trends over time. Read on to learn about DDoS attack trends for Q3–Q4 of 2023, and what they mean for developing a robust

BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time

By Newsroom
Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums. Fitzpatrick, who went by the online alias "pompompurin," was arrested in March 2023 in New York and was subsequently charged with conspiracy to commit access device fraud and possession of child pornography. He was later released on a

~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation

By Newsroom
Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as CVE-2023-22527 (CVSS score: 10.0), the vulnerability impacts out-of-date versions of the software, allowing unauthenticated attackers to achieve remote code execution on susceptible

Australia imposes cyber sanctions on Russian it says ransomwared health insurer

'Aleksandr Ermakov' isn't allowed down under after being linked to ten-million-record leak

Australia's government has used the "significant cyber incidents" sanctions regime it introduced in 2021 for the first time, against a Russian named Aleksandr Gennadievich Ermakov whom authorities have deemed responsible for the 2022 attack on health insurer Medibank Private.…

  • January 23rd 2024 at 03:01

Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now

By Newsroom
Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild. The issue, tracked as CVE-2024-23222, is a type confusion bug in the WebKit browser engine that could be exploited by a threat actor to achieve arbitrary code execution when processing maliciously crafted web content. The

Atlassian Confluence Server RCE attacks underway from 600+ IPs

If you're still running a vulnerable instance then 'assume a breach'

More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 – a critical bug in out–of-date versions of Atlassian Confluence Data Center and Server – according to non-profit security org Shadowserver.…

  • January 22nd 2024 at 23:37

Slug slimes aerospace biz AerCap with ransomware, brags about 1TB theft

Loanbase admits massive loss of customer data to thieves, too

AerCap, the world's largest aircraft leasing company, has reported a ransomware infection that occurred earlier this month, but claims it hasn't yet suffered any financial losses yet and all its systems are under control.…

  • January 22nd 2024 at 20:45

Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Protection

By Matt Burgess
Apple’s iOS 17.3 introduces Stolen Device Protection to iPhones, which could stop phone thieves from taking over your accounts. Here’s how to enable it right now.

North Korean Hackers Weaponize Research Lures to Deliver RokRAT Backdoor

By Newsroom
Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat intelligence like cybersecurity

MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries

By Newsroom
Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. "Access to projects can be hijacked through domain name purchases and since most default build configurations are vulnerable, it would be difficult or even impossible to know whether an attack was being performed

EFF adds Street Surveillance Hub so Americans can check who's checking on them

'The federal government has almost entirely abdicated its responsibility'

For a country that prides itself on being free, America does seem to have an awful lot of spying going on, as the new Street Surveillance Hub from the Electronic Frontier Foundation shows.…

  • January 22nd 2024 at 16:30

Ivanti and Juniper Networks accused of bending the rules with CVE assignments

Critics claim now-fixed vulnerabilities weren't disclosed, flag up grouping of multiple flaws under one CVE

Critics are accusing major tech companies of not sticking to the rules when it comes to registering vulnerabilities with the appropriate authorities.…

  • January 22nd 2024 at 15:00

Subway's data torpedoed by LockBit, ransomware gang claims

Fast food chain could face a footlong recovery process if allegations are true

The LockBit ransomware gang is claiming an attack on submarine sandwich slinger Subway, alleging it has made off with a platter of data.…

  • January 22nd 2024 at 14:00

Cops Used DNA to Predict a Suspect’s Faceβ€”and Tried to Run Facial Recognition on It

By Dhruv Mehrotra
Police around the US say they're justified to run DNA-generated 3D models of faces through facial recognition tools to help crack cold cases. Everyone but the cops thinks that’s a bad idea.

ICO fines spam slinging financial services biz

It's all very well offering 'Free Debt Help,' but recipients were unwilling, says watchdog...

A financial services company that illegally dispatched tens of thousands of spam messages promising to help the recipients magically wipe away their debts is itself now a debtor to the UK’s data regulator.…

  • January 22nd 2024 at 11:00

Safeguarding against the global ransomware threat

How Object First’s Ootbi delivers ransomware-proof and immutable backup storage that can be up and running in minutes

Sponsored Feature Ransomware is used by cybercriminals to steal and encrypt critical business data before demanding payment for its restoration. It represents one of, if not the most, serious cybersecurity threat currently facing governments, public/private sector organizations and enterprises around the world.…

  • January 22nd 2024 at 09:51

NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers

By Newsroom
Cybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts. The malware, named NS-STEALER, is propagated via ZIP archives masquerading as cracked software, Trellix security researcher Gurumoorthi Ramanathan said in an analysis published last week. The ZIP file contains

52% of Serious Vulnerabilities We Find are Related to Windows 10

By The Hacker News
We analyzed 2,5 million vulnerabilities we discovered in our customer’s assets. This is what we found. Digging into the data The dataset we analyze here is representative of a subset of clients that subscribe to our vulnerability scanning services. Assets scanned include those reachable across the Internet, as well as those present on internal networks. The data includes findings for network

FTC Bans InMarket for Selling Precise User Location Without Consent

By Newsroom
The U.S. Federal Trade Commission (FTC) is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data. The settlement is part of allegations that the Texas-based company did not inform or seek consent from consumers before using their location information for advertising and marketing purposes. "InMarket will also be prohibited from

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

By Newsroom
Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security and signature-based scanners," Trustwave said. "Notably, despite the binary's unknown file

BreachForums admin 'Pompourin' sentenced to 20 years of supervised release

Also: Another UEFI flaw found; Kaspersky discovers iOS log files actually work; and a few critical vulnerabilities

Infosec in brief Conor Brian Fitzpatrick – aka "Pompourin," a former administrator of notorious leak site BreachForums – has been sentenced to 20 years of supervised release.…

  • January 22nd 2024 at 02:29

Fujitsu Bugs That Sent Innocent People to Prison Were Known β€˜From the Start’

By Jon Brodkin, Ars Technica
Software flaws were allegedly hidden from lawyers of wrongly convicted UK postal workers.

Weekly Update 383

By Troy Hunt
Weekly Update 383

They're an odd thing, credential lists. Whether they're from a stealer as in this week's Naz.API incident, or just aggregated from multiple data breaches (which is also in Naz.API), I inevitably get some backlash after loading them: "this doesn't tell me anything useful, why are you loading this?!" The answer is easy: because that's what the vast majority of people want me to do:

If I have a MASSIVE spam list full of personal data being sold to spammers, should I load it into @haveibeenpwned?

β€” Troy Hunt (@troyhunt) November 15, 2016

Spam lists are the same kettle of fish in that once you learn you're in one, I can't provide you any further info about where it came from and there's no recourse available to you. You're just in there, good luck! And if you do find yourself in one of these lists and are unhappy not that you're in there, but rather that I've told you you're in there, you have 2 easy options:

  1. Ignore it
  2. Unsubscribe

Or, if you've come along to HIBP, done a search and then been unhappy with me, my guitar lessons blog post is an entertaining read 😊

That's all from Europe folks, see you from the sunny side next week!

Weekly Update 383
Weekly Update 383
Weekly Update 383
Weekly Update 383

References

  1. Sponsored by:Β Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. The Naz.API stealer logs and credential stuffing lists got a lot of attention (big shout out to the folks angry that I wouldn't either store truck loads of plain text passwords for them or link them through to the original breach of everyone's personal info πŸ€¦β€β™‚οΈ)
  3. Couple of phillips head screws through a laptop will stop it from disappearing (and if your takeaway is the correct identification of the laptop make, you're kinda missing the point...)

US Agencies Urged to Patch Ivanti VPNs That Are Actively Being Hacked

By Lily Hay Newman
Plus: Microsoft says attackers accessed employee emails, Walmart fails to stop gift card fraud, β€œpig butchering” scams fuel violence in Myanmar, and more.

Why many CISOs consider quitting – Week in security with Tony Anscombe

The job of a CISO is becoming increasingly stressful as cybersecurity chiefs face overwhelming workloads and growing concerns over personal liability for security failings
  • January 19th 2024 at 15:11

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

By Newsroom
An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. "UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected, and this latest example

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits

By Newsroom
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. The development arrives as the vulnerabilities β€“ an authentication bypass
  • January 20th 2024 at 04:31

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack

By Newsroom
Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments. The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as Midnight Blizzard (formerly

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

By Newsroom
The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files. "The PDFs
❌