Learn How to Build an Incident Response Playbook Against Scattered Spider in Real-Time

In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what stands as one of the most impactful ransomware assaults in recent memory.  When organizations have no response plan in place for such an

Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now

ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems. The vulnerabilities are listed below - CVE-2024-1708 (CVSS score: 8.4) - Improper limitation of a pathname to a restricted directory aka "path traversal" CVE-2024-1709 (CVSS score:

Auto DNS poisoning: while charging Android smartphone via computer it is possible to perform automated and even remotely controlled DNS poisoning without any user interaction

submitted by /u/barakadua131
[link] [comments]

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6. It has been addressed by the theme developers in&

AS-REP Roasting

submitted by /u/netbiosX
[link] [comments]

Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative

Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. This includes destructive attacks against key Israeli organizations, hack-and-leak operations targeting entities in Israel and the U.S., phishing campaigns designed to steal intelligence, and information operations to turn public opinion against Israel. Iran

LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid

Update: The U.K. National Crime Agency (NCA) has confirmed the takedown of LockBit infrastructure. Read here for more details.An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns. While the full extent of the effort, codenamed 

Ivanti Connect Secure Under Attack: Uncovering Five Exploitable CVEs - XXE

submitted by /u/appsec1337
[link] [comments]

Code Review Like a Pro

submitted by /u/HayMiz
[link] [comments]

Top 10 web hacking techniques of 2023

submitted by /u/loselasso
[link] [comments]

Feds Post $15 Million Bounty For Info On ALPHV/BlackCat Ransomware Crew

Big Surprise - Musk's X Is Allowing Chinese Propaganda

New Google Initiative To Foster AI In Cybersecurity

How To Weaponize LLMs To Auto-Hijack Websites

Russia Exploits Roundcube Flaws Against European Governments

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

Meta Platforms said it took a series of steps to curtail malicious activity from eight different firms based in Italy, Spain, and the United Arab Emirates (U.A.E.) operating in the surveillance-for-hire industry. The findings are part of its Adversarial Threat Report for the fourth quarter of 2023. The spyware targeted iOS, Android, and Windows devices. "Their various malware included

A technical analysis of the BackMyData ransomware used to attack hospitals in Romania

submitted by /u/CyberMasterV
[link] [comments]

TPMs Hate Him! (Some Weird Tricks To Break FDE and Bypass Attestation)

submitted by /u/Elastic-Platypus
[link] [comments]

Hello Lucee! Let us hack Apple again?

submitted by /u/thewhippersnapper4
[link] [comments]

SiCat - an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively

submitted by /u/DrinkMoreCodeMore
[link] [comments]

CVE-2024-23724: Ghost CMS Stored XSS Leading to Owner Takeover

submitted by /u/hackers_and_builders
[link] [comments]

How to Achieve the Best Risk-Based Alerting (Bye-Bye SIEM)

Did you know that Network Detection and Response (NDR) has become the most effective technology to detect cyber threats? In contrast to SIEM, NDR offers adaptive cybersecurity with reduced false alerts and efficient threat response. Are you aware of Network Detection and Response (NDR) and how it’s become the most effective technology to detect cyber threats?  NDR massively

Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries

The Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed in November 2023. "Some of the droppers in the campaign successfully exploited the accessibility service, despite Google Play's enhanced detection and protection mechanisms," ThreatFabric said in a report shared with The Hacker News.

The Danger Lurking Just Below Ukraine's Surface

The widespread use of mines has left Ukrainians scrambling to find ways to clear the explosives. New efforts to develop mine-clearing technology may help them push back Russia's invading forces.

Analysis of Mirai variant leveraging CVE-2023-1389

submitted by /u/Permafr0stsec
[link] [comments]

Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws

Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations. These entities are primarily located in Georgia, Poland, and Ukraine, according to Recorded Future, which attributed the intrusion set to a threat

Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor

The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called BASICSTAR by creating a fake webinar portal. Charming Kitten, also called APT35, CharmingCypress, Mint Sandstorm, TA453, and Yellow Garuda, has a history of orchestrating a wide range of social engineering campaigns that cast a

FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty

A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U.S. last year. He was added to the FBI's most-wanted list in 2012. The U.S.

Weekly Update 387

It's a short video this week after a few days in Sydney doing both NDC and the Azure user group. For the most part, I spoke about the same things as I did at NDC Security in Oslo last month... except that since then we've had the Spoutibe incident. It was fascinating to talk about this in front of a live audience and see everyone's reactions first hand, let's just say there were a lot of "oh wow!" responses 😲

References

1. Sponsored by: Unpatched devices keeping you up at night? Kolide can get your entire fleet updated in days. It's Device Trust for Okta. Watch the demo!
2. That's another NDC Sydney done and dusted (my "How I Met Your Data" talk will eventually be online and free to watch)
3. Ransomware payments finally passed the $1B mark in 2023 (I've often commented over the last year that it feels like it's really up-ticked, now here we are)
4. We're presently rolling HIBP from Table Storage to serverless SQL Azure (by next week's update we should actually have this live and I'll be able to talk a lot more about it)
5. OpenAI's Sora is just mind-blowing mind 🤯 (it's the rate of change that has so many people stunned, just remember what AI video from text prompts looked like only a year ago...)

How to Not Get Scammed Out of $50,000

Plus: State-backed hackers test out generative AI, the US takes down a major Russian military botnet, and 100 hospitals in Romania go offline amid a major ransomware attack.

How Businesses Can Safeguard Their Communication Channels Against Hackers

Efficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid friction losses, misunderstandings, delays, and overlaps. Externally, frustration-free customer communication is directly correlated to a positive customer experience and higher satisfaction.  However, business communication channels are also a major target

Google Open Sources Magika: AI-Powered File Identification Tool

Google has announced that it's open-sourcing Magika, an artificial intelligence (AI)-powered tool to identify file types, to help defenders accurately detect binary and textual file types. "Magika outperforms conventional file identification methods providing an overall 30% accuracy boost and up to 95% higher precision on traditionally hard to identify, but potentially problematic content

SpaceX Launched Military Satellites Designed to Track Hypersonic Missiles

The prototype satellites hitched a ride on a Falcon 9 rocket.

Leak of Russian ‘Threat’ Part of a Bid to Kill US Surveillance Reform, Sources Say

A surprise disclosure of a national security threat by the House Intelligence chair was part of an effort to block legislation that aimed to limit cops and spies from buying Americans' private data.

Exploiting TRACE

submitted by /u/6W99ocQnb8Zy17
[link] [comments]

Exploiting Unsynchronised Clocks

submitted by /u/6W99ocQnb8Zy17
[link] [comments]

A Double Free vulnerability on the libdicom library and an in-depth analysis of the DICOM file format.

submitted by /u/voidz0r
[link] [comments]

CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it's being likely exploited in Akira ransomware attacks. The vulnerability in question is CVE-2020-

Feds Dismantle Russian GRU Botnet Built On 1,000+ Home, Small Biz Routers

Mysterious MMS Fingerprint Hack Used By Spyware Firm NSO Group Revealed

Ex-Employee's Admin Credentials Used In US Gov Agency hack

Hackers Got Nearly 7 Million People's Data From 23andMe

USPS Scam Smishing Campaigns Could Move To Cloud

RustDoor macOS Backdoor Targets Cryptocurrency Firms with Fake Job Offers

Multiple companies operating in the cryptocurrency sector are the target of an ongoing malware campaign that involves a newly discovered Apple macOS backdoor codenamed RustDoor. RustDoor was first documented by Bitdefender last week, describing it as a Rust-based malware capable of harvesting and uploading files, as well as gathering information about the infected machines. It's

Why We Must Democratize Cybersecurity

With breaches making the headlines on an almost weekly basis, the cybersecurity challenges we face are becoming visible not only to large enterprises, who have built security capabilities over the years, but also to small to medium businesses and the broader public. While this is creating greater awareness among smaller businesses of the need to improve their security posture, SMBs are often

Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks

A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services (AWS) Simple Notification Service (SNS). The SMS phishing messages are designed to propagate malicious links that are designed to capture victims' personally identifiable information (PII) and payment card details, SentinelOne 

U.S. State Government Network Breached via Former Employee's Account

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee. "This allowed the threat actor to successfully authenticate to an internal virtual private network (VPN) access point," the agency said in a joint advisory published

U.S. Government Disrupts Russia-Linked Botnet Engaged in Cyber Espionage

The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities. "These crimes included vast spear-phishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S.

Elon Musk’s X Gave Check Marks to Terrorist Group Leaders, Report Says

A new report cited 28 “verified” accounts on X that appear to be tied to sanctioned groups or individuals.

GitHub - deeexcee-io/duppy: python flask app which utilises ngrok and gunicorn to securely download and upload files to local machine over the internet. all handled by the bash script.

submitted by /u/Leading-Employer-828
[link] [comments]

Microsoft 365 AiTM detection: the lessons learned

submitted by /u/wez32
[link] [comments]

Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor

The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign targeting Polish non-governmental organizations in December 2023. "TinyTurla-NG, just like TinyTurla, is a small 'last chance' backdoor that is left behind to be used when all other unauthorized access/backdoor mechanisms have failed or been

Feds Want To Ban The World's Cutest Hacking Device. Experts Say It's A Scapegoat

ESET Patches High-Severity Privilege Escalation Vulnerability

Three Terms Sure To Grab Attention: Russia, Nuclear, Anti-Satellite Weapon

New Wi-Fi Auth Bypass Flaws Expose Home, Enterprise Networks

Microsoft Confirms Windows Exploits Bypassing Security Features

Cybercriminals Are Stealing Face ID Scans To Break Into Bank Accounts

Backdoors That Let Cops Decrypt Messages Violate Human Rights, EU Courts Says

Microsoft, OpenAI Reveal ChatGPT Use By State-Sponsored Hackers