Echoing the past two years of Rust evangelism and C/C++ ennui, Google reports that Rust shines in production, to the point that its developers are twice as productive using the language compared to C++.β¦
A serious but not sombre intro this week: I mentioned at the start of the vid that I had the classic visor hat on as I'd had a mole removed from my forehead during the week, along with another on the back of my hand. Here in Australia, we have one of the highest rates of skin cancer in the world with apparently about two-thirds of us being diagnosed with it before turning 70. At present, the bits they cut off me were entirely unremarkable (small dot about an inch over my left eye if you're really curious), but the point I wanted to make was what I mentioned in the video about us doing annual checks; every year, we voluntarily front up at the GP and he checks (almost) every square inch of skin for stuff that we'd never normally notice but under the microscope, may look a bit dodgy. It's an absolute no-brainer that takes about 10 minutes and if he does decide to remove something, there's another 10 minutes and a stitch. If you're in the sun a lot like us, just do it π
With that community service notice done, let's get into today's video:
Red Hat on Friday warned that a malicious backdoor found in the widely used data compression software library xz may be present in instances of Fedora Linux 40 and the Fedora Rawhide developer distribution.β¦
A Linux privilege-escalation proof-of-concept exploit has been published that, according to the bug hunter who developed it, typically works effortlessly on kernel versions between at least 5.14 and 6.6.14.Β β¦
Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipientβs natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Hereβs the story of a thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.
In Sept. 2023, the Pennsylvania news outlet LancasterOnline.com published a story about Adam Kidan, a wealthy businessman with a criminal past who is a major donor to Republican causes and candidates, including Rep. Lloyd Smucker (R-Pa).
The LancasterOnline story about Adam Kidan.
Several months after that piece ran, the storyβs author Brett Sholtis received two emails from Kidan, both of which contained attachments. One of the messages appeared to be a lengthy conversation between Kidan and a colleague, with the subject line, βRe: Successfully sent data.β The second missive was a more brief email from Kidan with the subject, βAcknowledge New Work Order,β and a message that read simply, βPlease find the attached.β
Sholtis said he clicked the attachment in one of the messages, which then launched a web page that looked exactly like a Microsoft Office 365 login page. An analysis of the webpage reveals it would check any submitted credentials at the real Microsoft website, and return an error if the user entered bogus account information. A successful login would record the submitted credentials and forward the victim to the real Microsoft website.
But Sholtis said he didnβt enter his Outlook username and password. Instead, he forwarded the messages to LancasterOnelineβs IT team, which quickly flagged them as phishing attempts.
LancasterOnline Executive Editor Tom Murse said the two phishing messages from Mr. Kidan raised eyebrows in the newsroom because Kidan had threatened to sue the news outlet multiple times over Sholtisβs story.
βWe were just perplexed,β Murse said. βIt seemed to be a phishing attempt but we were confused why it would come from a prominent businessman weβve written about. Our initial response was confusion, but we didnβt know what else to do with it other than to send it to the FBI.β
The phishing lure attached to the thread hijacking email from Mr. Kidan.
In 2006, Kidan was sentenced to 70 months in federal prison after pleading guilty to defrauding lenders along with Jack Abramoff, the disgraced lobbyist whose corruption became a symbol of the excesses of Washington influence peddling. He was paroled in 2009, and in 2014 moved his family to a home in Lancaster County, Pa.
The FBI hasnβt responded to LancasterOnlineβs tip. Messages sent by KrebsOnSecurity to Kidanβs emails addresses were returned as blocked. Messages left with Mr. Kidanβs company, Empire Workforce Solutions, went unreturned.
No doubt the FBI saw the messages from Kidan for what they likely were: The result of Mr. Kidan having his Microsoft Outlook account compromised and used to send malicious email to people in his contacts list.
Thread hijacking attacks are hardly new, but that is mainly true because many Internet users still donβt know how to identify them. The email security firm Proofpoint says it has tracked north of 90 million malicious messages in the last five years that leverage this attack method.
One key reason thread hijacking is so successful is that these attacks generally do not include the tell that exposes most phishing scams: A fabricated sense of urgency. A majority of phishing threats warn of negative consequences should you fail to act quickly β such as an account suspension or an unauthorized high-dollar charge going through.
In contrast, thread hijacking campaigns tend to patiently prey on the natural curiosity of the recipient.
Ryan Kalember, chief strategy officer at Proofpoint, said probably the most ubiquitous examples of thread hijacking are βCEO fraudβ or βbusiness email compromiseβ scams, wherein employees are tricked by an email from a senior executive into wiring millions of dollars to fraudsters overseas.
But Kalember said these low-tech attacks can nevertheless be quite effective because they tend to catch people off-guard.
βIt works because you feel like youβre suddenly included in an important conversation,β Kalember said. βIt just registers a lot differently when people start reading, because you think youβre observing a private conversation between two different people.β
Some thread hijacking attacks actually involve multiple threat actors who are actively conversing while copying β but not addressing β the recipient.
βWe call these multi-persona phishing scams, and theyβre often paired with thread hijacking,β Kalember said. βItβs basically a way to build a little more affinity than just copying people on an email. And the longer the conversation goes on, the higher their success rate seems to be because some people start replying to the thread [and participating] psycho-socially.β
The best advice to sidestep phishing scams is to avoid clicking on links or attachments that arrive unbidden in emails, text messages and other mediums. If youβre unsure whether the message is legitimate, take a deep breath and visit the site or service in question manually β ideally, using a browser bookmark so as to avoid potential typosquatting sites.
Updated JetBrains TeamCity users are urged to apply the latest version upgrade this week after the vendor disclosed 26 new security issues in the CI/CD web application.β¦
Fallen crypto-king Sam Bankman-Fried has been jailed for 25 years after New York federal judge Lewis Kaplan expressed disbelief at almost every argument from his legal team.β¦
Nvidia's AI-powered ChatRTX app launched just six week ago but already has received patches for two security vulnerabilities that enabled attack vectors, including privilege escalation and remote code execution.β¦
drozer 3.0.0 is compatible with Python 3 and modern Java was released. drozer is a very popular security testing framework for Android
America's long-awaited cyber attack reporting rules for critical infrastructure operators are inching closer to implementation, after the Feds posted a notice of proposed rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).β¦
After multiple waves of cryptocurrency credential-stealing apps were uploaded to the Snap store, Canonical is changing its policies.β¦
NHS Scotland says it managed to contain a ransomware group's malware to a regional branch, preventing the spread of infection across the entire institution.β¦
The German Federal Office for Information Security (BSI) has issued an urgent alert about the poor state of Microsoft Exchange Server patching in the country.β¦
In-depth Several big businesses have published source code that incorporates a software package previously hallucinated by generative AI.β¦
Two executives were issued arrest warrants in Japan on Wednesday, reportedly for charges related to establishing a business that outsourced work to North Korean IT engineers.β¦
The military junta controlling Myanmar has struggled to control all of its territory thanks in part to China backing rebel forces as a way of expressing its displeasure about cyberscam centers operating from the country.β¦
Apple device owners, consider yourselves warned: a targeted multi-factor authentication bombing campaign is under way, with the goal of exhausting iUsers into allowing an unwanted password reset.β¦
More than half of Americans are using ad blocking software, and among advertising, programming, and security professionals that fraction is more like two-thirds to three-quarters.β¦
Thousands of companies remain vulnerable to a remote-code-execution bug in Ray, an open-source AI framework used by Amazon, OpenAI, and others, that is being abused by miscreants in the wild to steal sensitive data and illicitly mine for cryptocurrency.β¦