UK businesses shockingly unaware of how to handle security threats

Many decide to make no changes after detecting a breach

UK businesses' response to security breaches has "astounded" experts following the release of the government's official cybercrime stats for 2024.…

10-Year-Old 'RUBYCARP' Romanian Hacker Group Surfaces with Botnet

A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks. The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report shared with The Hacker News. "Its primary method of operation

Hackers Targeting Human Rights Activists in Morocco and Western Sahara

Human rights activists in Morocco and the Western Sahara region are the targets of a new threat actor that leverages phishing attacks to trick victims into installing bogus Android apps and serve credential harvesting pages for Windows users. Cisco Talos is tracking the activity cluster under the name Starry Addax, describing it as primarily singling out activists associated with

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024. The

Defusing the threat of compromised credentials

Let’s say that, during the middle of a busy day, you receive what looks like a work-related email with a QR code. The email claims to come from a coworker, requesting your help in reviewing a d… Read more on Cisco Blogs

CL0P's Ransomware Rampage - Security Measures for 2024

2023 CL0P Growth  Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the ‘CryptoMix’ ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to 2022. But in 2023 the CL0P ransomware gang took itself to new heights and became one of the

US insurers use drone photos to deny home insurance policies

Of course, it helps if you don't live in a potential disaster zone

US insurance companies are reportedly relying on aerial photos from drones to deny claims.…

Streamline Threat Hunting: Shortemall Automates Short URL Analysis with a Click

submitted by /u/osint_matter
[link] [comments]

Home Depot confirms worker data leak after miscreant dumps info online

SaaS slip up leads to scumbags seeking sinecure

Home Depot has confirmed that a third-party company accidentally exposed some of its employees' personal details after a criminal copy-pasted the data online.…

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks

Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in

Puppies, kittens, data at risk after 'cyber incident' at veterinary giant

IT systems pulled offline for chance to paws and reflect

First, they came for hospitals, then it was charities and cancer centers. Now, cyber scumbags are coming for the puppies and kittens.…

Company Offering $30 Million For Android, iOS, Browser Zero-Day Exploits

US Lawmakers Strike Deal On Data Privacy Legislation

Confidential VMs Hacked Via New Ahoi Attacks

Bing Ad Posing As NordVPN Aims To Spread SecTopRAT Malware

Change Healthcare Faces Second Ransomware Dilemma

Change Healthcare faces second ransomware dilemma weeks after ALPHV attack

Theories abound over who's truly responsible

Change Healthcare is allegedly being extorted by a second ransomware gang, mere weeks after recovering from an ALPHV attack.…

AI Scam Calls: How to Protect Yourself, How to Detect

AI tools are getting better at cloning people’s voices, and scammers are using these new capabilities to commit fraud. Avoid getting swindled by following these expert tips.

Head of Israeli cyber spy unit exposed ... by his own privacy mistake

Plus: Another local government hobbled by ransomware; Huge rise in infostealing malware; and critical vulns

Infosec in brief Protecting your privacy online is hard. So hard, in fact, that even a top Israeli spy who managed to stay incognito for 20 years has found himself exposed after one basic error.…

Weekly Update 394

I suggest, based on my experiences with data breaches over the years, that AT&T is about to have a very bad time of it. Class actions following data breaches have become all too common and I've written before about how much I despise them. The trouble for AT&T (in my non-legal but "hey, I'm the data breach guy" opinion), will be their denial of a breach in 2021 and the subsequent years in which tens of millions of social security numbers were floating around. As much as it's hard for the victim of identity theft to say "this happened because of that breach", it's also hard for the corporate victim of a breach to say that identity theft didn't happen because of their breach. Particularly in such a litigious part of the world, I wouldn't be at all surprised if the legal cost of this runs into the tens if not hundreds of millions of dollars. I doubt the plaintiffs will see much of this, but there's sure going to be some happy lawyers out there!

References

1. Sponsored by: Kolide ensures only secure devices can access your cloud apps. It's Device Trust tailor-made for Okta. Book a demo today.
2. AT&T have now confirmed their data breach (well, kind of: "AT&T data-specific fields were contained in a data set")
3. The big telco is already getting hit with a bunch of class action law suits (that's at least 10 from one US state alone!)
4. Pandabuy got breached (and very quickly tried to stop people talking about it!)
5. Surveylama also got breached (that's another 4.4M email addresses now out there)
6. Now that the new Prusa Mk4 is up and running, we're printing a modular hydroponic tower (the embedded video on that Printables page gives a great overview)

Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks

Google has announced support for what's called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 security technical lead Samuel Groß, aims to prevent "memory corruption in V8 from spreading within the host process." The search behemoth has described V8 Sandbox as a lightweight, in-process sandbox

Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox

Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said in a joint analysis published last week, adding it's designed to retrieve

The Drop in Ransomware Attacks in 2024 and What it Means

The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure

Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme

A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. "The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice," Trustwave SpiderLabs researcher Karla Agregado said. The email message, the company said, originates from an email

Google Sues App Developers Over Fake Crypto Investment App Scam

Google has filed a lawsuit in the U.S. against two app developers for allegedly engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of promising higher returns. The individuals in question are Yunfeng Sun (aka Alphonse Sun) and Hongnam

A Breakthrough Online Privacy Proposal Hits Congress

While some states have made data privacy gains, the US has so far been unable to implement protections at a federal level. A new bipartisan proposal called APRA could break the impasse.

What can be done to protect open source devs from next xz backdoor drama?

What happened, how it was found, and what your vultures have made of it all

Kettle It's been about a week since the shock discovery of a hidden and truly sophisticated backdoor in the xz software library that ordinarily is used by countless systems.…

Best Privacy Browsers (2024): Brave, Safari, Ghostery, Firefox, DuckDuckGo

Ad trackers are out of control. Use a browser that reins them in.

Identity Thief Lived as a Different Man for 33 Years

Plus: Microsoft scolded for a “cascade” of security failures, AI-generated lawyers send fake legal threats, a data broker quietly lobbies against US privacy legislation, and more.

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way for arbitrary code execution. It was addressed by the company as part of

Israel's Justice Ministry Reviewing Cyber Incident After Hacktivists Claim Breach

Microsoft's Security Chickens Have Come Home To Roost

Latrodectus Uses Sandbox Evasion Techniques To Launch Malicious Payloads

Ivanti CEO Pledges To Fundamentally Transform Its Hard-Hit Security Model

Cisco Warns Of Vulnerability In Discontinued Small Business Routers

Acuity Responds To US Government Data Theft Claims

Omni Hotels Blames Cyberattack For Widespread Tech Outage

Academics Probe Apple's Privacy Settings And Get Lost And Confused

Don't trust the cache :Exposing Web cache vulnerabilities

submitted by /u/anasbetis94
[link] [comments]

Galactical Bug Hunting: How we discovered new issues in CD Projekt Red’s Gaming Platform

submitted by /u/proccessunknown
[link] [comments]

US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products

In what other sphere does a bad supplier not feel pain for its foulups?

Analysis You might think that when a government supplier fails in one of its key duties it would find itself shunned or at least feel financial pain.…

Hotel check-in terminal bug spews out access codes for guest rooms

Attacks could be completed in seconds, compromising customer safety

A self-service check-in terminal used in a German Ibis budget hotel was found leaking hotel room keycodes, and the researcher behind the discovery claims the issue could potentially affect hotels around Europe.…

AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks

New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers' models, and even take over the continuous integration and continuous deployment (CI/CD) pipelines. "Malicious models represent a major risk to AI systems,

CISO Perspectives on Complying with Cybersecurity Regulations

Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means compliance is a time-consuming, high-stakes process that demands strong organizational and

From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware

Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan. The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader application to view the content. According to Fortinet FortiGuard Labs, clicking the URL

Wifi credential dumping

submitted by /u/S3cur3Th1sSh1t
[link] [comments]

Security Advisory: Systems with a SONIX Technology Webcam vulnerable to DLL hijacking attack allowing attackers to execute malicious DLL and escalate privileges

submitted by /u/usdAG
[link] [comments]

Diving Deeper into AI Package Hallucinations

submitted by /u/mowaptpop
[link] [comments]

Academics probe Apple's privacy settings and get lost and confused

Just disabling Siri requires visits to five submenus

A study has concluded that Apple's privacy practices aren't particularly effective, because default apps on the iPhone and Mac have limited privacy settings and confusing configuration options.…

World's second-largest eyeglass lens-maker blinded by infosec incident

Japan's Hoya also makes components for chips, displays, and hard disks, and has spent four days groping for a fix

If ever there was an incident that brings the need for good infosec into sharp focus, this is the one: Japan's Hoya – a maker of eyeglass and contact lenses, plus kit used to make semiconductor manufacturing, flat panel displays, and hard disk drives – has halted some production and sales activity after experiencing an attack on its IT systems.…

Feds probe alleged classified US govt data theft and leak

State Dept keeps schtum 'for security reasons'

Updated Uncle Sam is investigating claims that some miscreant stole and leaked classified information from the Pentagon and other national security agencies.…

New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA

Financial organizations in the Asia-Pacific (APAC) and Middle East and North Africa (MENA) are being targeted by a new version of an "evolving threat" called JSOutProx. "JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET," Resecurity said in a technical report published this week. "It employs the .NET (de)serialization feature to interact with a core

Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws

Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the uncategorized monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Also previously linked to the exploitation spree is a Chinese

Vietnam-Based Hackers Steal Financial Data Across Asia with Malware

A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name CoralRaider, describing it as financially motivated. Targets of the campaign include India, China, South Korea, Bangladesh, Pakistan, Indonesia,

New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware

An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. "The phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transportation in a PDF that mentions a significant fine for the incident," Cofense researcher Dylan Duncan said. The

Ivanti commits to secure-by-design overhaul after vulnerability nightmare

CEO addresses whirlwind start to 2024 and how it plans to prevent a repeat

Ivanti has committed to adopting a secure-by-design approach to security as it gears up for an organizational overhaul in response to the multiple vulnerabilities in Connect Secure exploited earlier this year.…

WordPress LayerSlide Plugin Bug Risks Password Hash Extraction

Israel Used AI To Identify 37,000 Hamas Targets

US Cancer Center Data Breach Impacting 800,000