Spam crusade lands charity in hot water with data watchdog

Penny Appeal sent more than 460,000 texts asking for money to help war-torn countries, no opt out

Typically it is energy improvement peddlers or debt help specialists that are disgraced by Britain's data watchdog for spamming unsuspecting households, but the latest entrant in the hall of shame is a charity.…

Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware

North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark. “The threat actor gained access to the victim workstation by exploiting the exposed setup wizard

Mitigating Lateral Movement with Zero Trust Access

Security service edge (SSE) technology was created to protect remote and branch users with a unified, cloud-delivered security stack. To understand how SSE solutions protect organizations and their… Read more on Cisco Blogs

What is Exposure Management and How Does it Differ from ASM?

Startups and scales-ups are often cloud-first organizations and rarely have sprawling legacy on-prem environments. Likewise, knowing the agility and flexibility that cloud environments provide, the mid-market is predominantly running in a hybrid state, partly in the cloud but with some on-prem assets. While there has been a bit of a backswing against the pricing and lock-in presented when using

Cybercriminals Using Novel DNS Hijacking Technique for Investment Scams

A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds. “Savvy Seahorse is a DNS threat actor who convinces victims to create accounts on fake investment platforms, make deposits to a personal account, and then transfers those deposits to a bank in Russia,” Infoblox said in a report

Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets

More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between January and October 2023, new findings from Group-IB show. These credentials were found within information stealer logs associated with LummaC2, Raccoon, and RedLine stealer malware. “The number of infected devices decreased slightly in mid- and late

Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes

The threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager (NTLM) hashes. The new attack chain “can be used for sensitive information gathering purposes and to enable follow-on activity,” enterprise security firm Proofpoint said in a Monday report. At least two campaigns taking advantage of this

Cloudflare wants to put a firewall in front of your LLM

Claims to protect against DDoS, sensitive data leakage

Cloudflare has tweaked its web application firewall (WAF) to add protections for applications using large language models.…

Relishing new Fickling features for securing ML systems

submitted by /u/dummypatty
[link] [comments]

Reverse Engineering Protobuf Definitions From Compiled Binaries

submitted by /u/arkadiyt
[link] [comments]

American Express admits card data exposed and blames third party

Don't leave home without … IT security

A security failure at a third-party vendor exposed an untold number of American Express card numbers, expiry dates, and other data to persons unknown.…

Change Healthcare attack latest: ALPHV bags $22M in Bitcoin amid affiliate drama

No honor among thieves?

ALPHV/BlackCat, the gang behind the Change Healthcare cyberattack, has received more than $22 million in Bitcoin in what might be a ransomware payment.…

Seoul accuses North Korea of stealing southern chipmakers' designs

Kim Jong Un's all in for home-built silicon says warning

North Korean government spies have broken into the servers of at least two chipmakers and stolen product designs as part of attempts to spur Kim Jong Un's plans for a domestic semiconductor industry, according to Seoul's security agency.…

German defense chat overheard by Russian eavesdroppers on Cisco's WebEx

Officials can't tell whether the tape was edited, but fear Kremlin has more juicy bits to release in the future

The German Ministry of Defense (Bundeswehr) has confirmed that a recording of a call between high-ranking officials discussing war efforts in Ukraine, leaked by Russian media, is legitimate.…

Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment

The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom.

Getting Bored of Cyberwar: Exploring the Role of Low-level Cybercrime Actors in the Russia-Ukraine Conflict

submitted by /u/Nervous--Astronomer
[link] [comments]

Planes, Ferries and Automobiles – How I Hacked Free Travel Across Iceland

submitted by /u/likezoidberg
[link] [comments]

Remote Stuxnet Style Attack Possible With Web Based PLC Malware

GTPDOOR - A Novel Backdoor Tailored For Covert Access Over The Roaming Exchange

Hikvision Patches Vuln In Security Management System

AppSec Survey Reveals Troubling Trends

Ransomware Ban Backers Insist Thugs Must Be Cut Off From Payday

Researchers Create AI Worms That Can Spread From One System To Another

German Authorities Take Down Crimemarket Cybercrime Website

Ransomware ban backers insist thugs must be cut off from payday

Increasingly clear number of permanent solutions is narrowing

Global law enforcement authorities' attempts to shutter the LockBit ransomware crew have sparked a fresh call for a ban on ransomware payments to perpetrators.…

On-Device Fraud on the rise: exposing a recent Copybara fraud campaign | Cleafy Labs

submitted by /u/f3d_0x0
[link] [comments]

Persistence – Visual Studio Code Extensions

submitted by /u/netbiosX
[link] [comments]

Threat Brief: WordPress Exploit Leads to Godzilla Web Shell, Discovery & New CVE

submitted by /u/TheDFIRReport
[link] [comments]

The federal bureau of trolling hits LockBit, but the joke's on us

When you can't lock 'em up, lock 'em out

Opinion The best cop shows excel at mind games: who's tricking whom, who really wins, and what price they pay. A twist of humor adds to the drama and keeps us hooked. It's rare enough in real life, far less so in the grim meat grinder of cybersecurity, yet sometimes it happens. It's happening right now.…

HTTP 403 bypass tool

submitted by /u/SmokeyShark_777
[link] [comments]

Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers

A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems. The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3. “The

How Cybercriminals are Exploiting India's UPI for Money Laundering Operations

Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is a "key tool for onboarding and managing these money mules," CloudSEK researchers Sparsh Kulshrestha, Abhishek Mathew, and Santripti Bhujel said in a report. Details about the scam 

From 500 to 5000 Employees - Securing 3rd Party App-Usage in Mid-Market Companies

A company’s lifecycle stage, size, and state have a significant impact on its security needs, policies, and priorities. This is particularly true for modern mid-market companies that are either experiencing or have experienced rapid growth. As requirements and tasks continue to accumulate and malicious actors remain active around the clock, budgets are often stagnant at best. Yet, it is crucial

Over 100 Malicious AI/ML Models Found on Hugging Face Platform

As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform. These include instances where loading a pickle file leads to code execution, software supply chain security firm JFrog said. "The model's payload grants the attacker a shell on the compromised machine, enabling them to gain full control over victims'

BSidesSATX CFP is open

submitted by /u/SciaticNerd
[link] [comments]

LockBit's contested claim of fresh ransom payment suggests it's been well hobbled

ALSO: CISA warns Ivanti vuln mitigations might not work, SAML hijack doesn't need ADFS, and crit vulns

Infosec in brief The infamous LockBit ransomware gang has been busy in the ten days since an international law enforcement operation took down many of its systems. But despite its posturing, the gang might have suffered more than it's letting on.…

Dont Gamble With Risk - Quantitative Risk Modeling of Complex Event Chains

submitted by /u/bcdefense
[link] [comments]

Ahead of Super Tuesday, US elections face existential and homegrown threats

Misinformation is rife, AI makes it easier to create, and 42 percent of the planet’s inhabitants get to vote this year

Feature Two US intelligence bigwigs last week issued stark warnings about foreign threats to American election integrity and security – and the nation's ability to counter these adversaries.…

How to Make Nmap Recognize New Services

submitted by /u/Salmiakkilakritsi
[link] [comments]

An intro to automated evasion and compilation of .NET offensive tools

submitted by /u/clod81
[link] [comments]

RattaGATTa: Scalable Bluetooth Low-Energy Survey

submitted by /u/netsecfriends
[link] [comments]

DUALITY: Advanced Red Team Persistence through Self-Reinfecting DLL Backdoors for Unyielding Control

submitted by /u/b1x3r
[link] [comments]

Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure

U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. “Structured as a ransomware-as-a-service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and

How to effortlessly setup Yubikeys for SSH/GIT on WSL

submitted by /u/KaanSK
[link] [comments]

SubSeekerPro

submitted by /u/TheArtHacker34
[link] [comments]

Weekly Update 389

How on earth are we still here? You know, that place where breached companies stand up and go all Iraqi information minister on the incident as if somehow, flatly denying the blatantly obvious will make it all go away. It's the ease of debunking the "no breach here" claim that I find particularly fascinating; the truth is always sitting there in the data and it doesn't take much to bring it to the surface. Ah well, as I always end up lamenting, with behaviour like this it's a good time to be in the industry 🤷‍♂️

References

1. Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
2. Cutout.Pro got breached and 20M email addresses leaked (for the most part, an unremarkable incident)
3. I've stood up a GitHub repo to start collaborating on the HIBP UX redesign (consider this a "soft launch" for the moment, I'll blog about it later on)
4. The Cutout.Pro breach isn't "alleged", it's real (it's crazy to say there's no evidence of a breach when there's all this evidence of a breach!)
5. The FedEx phish post went up just after last week's video (still kinda nuts that's even a thing...)
6. We're doing a full 3D printer build thread (watch the Prusa MK4 gradually take shape!)

GitHub - teler-sh/sebel: a Go package that provides functionality for checking SSL/TLS certificates against malicious connections, by identifying and blacklisting certificates used by botnet command and control (C&C) servers.

submitted by /u/dwisiswant0
[link] [comments]

The Privacy Danger Lurking in Push Notifications

Plus: Apple warns about sideloading apps, a court orders NSO group to turn over the code of its Pegasus spyware, and an investigation finds widely available security cams are wildly insecure.

Phrack #71: Call For Paper

submitted by /u/loselasso
[link] [comments]

U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp

A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other remote access trojans to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor. The decision marks a major legal victory for Meta, which filed the lawsuit in October 2019 for using its infrastructure to distribute the spyware to

Air National Guardsman Teixeira to admit he was Pentagon files leaker

Turns out bragging on Discord has unfortunate consequences

Updated Jack Teixeira, the Air National Guardsman accused of leaking dozens of classified Pentagon documents, is expected to plead guilty in a US court on Monday.…

Judge orders NSO to cough up Pegasus super-spyware source code

/* Hope no one ever reads these functions lmao */

NSO Group, the Israel-based maker of super-charged snoopware Pegasus, has been ordered by a federal judge in California to share the source code for "all relevant spyware" with Meta's WhatsApp.…

Iranian charged over attacks against US defense contractors, government agencies

$10M bounty for anyone with info leading to Alireza Shafie Nasab's identification or location

The US Department of Justice has unsealed an indictment accusing an Iranian national of a years-long campaign that compromised hundreds of thousands of accounts and attempting to infiltrate US defense contractors and multiple government agencies.…

Deceptive AI content and 2024 elections – Week in security with Tony Anscombe

As the specter of AI-generated disinformation looms large, tech giants vow to crack down on fabricated content that could sway voters and disrupt elections taking place around the world this year

U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture

The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including the U.S. Departments of the Treasury and State, defense contractors that support U.S. Department of

CISA Warns Of Windows Streaming Service Vulnerability Exploitation

A Child Could Hack These Popular Video Doorbells, Tests Show

Court Orders Makers Of Pegasus Spyware To Hand Over Code To WhatsApp

Golden Corral Data Breach Impacts 180,000 Employees

Ivanti Attacks Linked To Espionage Group Targeting Defense Contractors