FreshRSS

🔒
❌ About FreshRSS
☷
△ 🔃
There are new available articles, click to refresh the page.
Yesterday — May 17th 2024Security

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

By Newsroom
The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining
  • May 17th 2024 at 17:20
  • ↗

First LockBit, now BreachForums: Are cops winning the war or just a few battles?

TLDR: Peace in our time is really really hard

Interview On Wednesday the FBI and international cops celebrated yet another cybercrime takedown – of ransomware brokerage site BreachForums – just a week after doxing and imposing sanctions on the LockBit ransomware crew's kingpin, and two months after compromising the gang's website.…

  • May 17th 2024 at 11:37
  • ↗

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

By The Hacker News
A new report from XM Cyber has found – among other insights - a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on hundreds of thousands of attack path assessments conducted by the XM Cyber
  • May 17th 2024 at 11:29
  • ↗

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

By Newsroom
Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year. "Deuterbear, while similar to Waterbear in many ways, shows advancements in capabilities such as including support for shellcode plugins, avoiding handshakes
  • May 17th 2024 at 11:20
  • ↗

Accessing Secure Client Cloud Management after the SecureX EoL

By Pete Davis
Secure Client Management capabilities aren’t going away with the SecureX EOL, the functionality is simply migrating to the Cisco Security Cloud Control service.

Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks

By Newsroom
The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir, is "structurally almost identical to GoBear, with extensive sharing of code between
  • May 17th 2024 at 08:46
  • ↗

CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now

By Newsroom
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2014-100005 - A cross-site request forgery (CSRF) vulnerability impacting D-Link DIR-600 routers that allows an
  • May 17th 2024 at 06:43
  • ↗

Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware

Spoiler alert: it's not really IT support controlling your device

A cybercrime gang has been abusing Microsoft's Quick Assist application in social engineering attacks that ultimately allow the crew to infect victims with Black Basta ransomware.…

  • May 16th 2024 at 23:30
  • ↗

To the Moon and back(doors): Lunar landing in diplomatic missions

ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs
  • May 15th 2024 at 09:15
  • ↗
Before yesterdaySecurity

New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks

By Newsroom
Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The SSID Confusion attack, tracked as CVE-2023-52424, impacts all operating systems and Wi-Fi clients, including home and mesh networks that are based on
  • May 16th 2024 at 16:02
  • ↗

EU probes Meta over its provisions for protecting children

Has social media biz done enough to comply with Digital Services Act? Maybe not

The European Commission has opened formal proceedings to assess whether Meta, the provider of Facebook and Instagram, may have breached the Digital Services Act (DSA) in areas linked to the protection of minors.…

  • May 16th 2024 at 15:45
  • ↗

Stifling Beijing in cyberspace is now British intelligence’s number-one mission

Annual conference of cyber intel unit shows UK's alarm over China blaring louder than ever

CyberUK Regular attendees of CYBERUK, the annual conference hosted by British intelligence unit the National Cyber Security Centre (NCSC), will know that in addition to the expected conference panels, there is usually an interwoven theme to proceedings.…

  • May 16th 2024 at 14:45
  • ↗

North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign

By Newsroom
The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers malware. "The threat actor created a Facebook account with a fake identity disguised as a public official working in the North Korean human rights field," South Korean cybersecurity company Genians
  • May 16th 2024 at 13:48
  • ↗

Email Security Reinvented: How AI is Revolutionizing Digital Defense

By Sergio Pinto
Explore the many ways that Secure Email Threat Defense leverages sophisticated AI and ML to protect against advanced threats.

NCSC CTO: Broken market must be fixed to usher in new tech

It may take ten years but vendors must be held accountable for the vulnerabilities they introduce

CYBERUK National Cyber Security Centre (NCSC) CTO Ollie Whitehouse kicked off day two of Britain's cyber watchdog's annual shindig, CYBERUK, with a tirade about the tech market, pulling it apart to demonstrate why he believes it's at fault for many of the security problems the industry is facing today. …

  • May 16th 2024 at 09:33
  • ↗

Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines

By Newsroom
Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that could be exploited by malicious actors to tamper with patient data and even install ransomware under certain circumstances. "The impacts enabled by these flaws are manifold: from the implant of ransomware on the ultrasound machine to the access and manipulation of
  • May 16th 2024 at 10:12
  • ↗

FBI takes down BreachForums ransomware website and Telegram channel

No more illicit gains, for a while at least

The FBI, in combination with police around the world, have taken control of the website and Telegram channel of ransomware brokerage site BreachForums.…

  • May 15th 2024 at 22:31
  • ↗

Crook brags about US Army and $75B defense biz pwnage

More government data allegedly stolen by prolific criminals

An extortionist claims to have stolen files from the US Army Aviation and Missile Command in August 2023, and now claims they are selling access to a $75 billion aerospace and defense company.…

  • May 15th 2024 at 22:30
  • ↗

Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks

By Newsroom
The Microsoft Threat Intelligence team said it has observed a threat actor it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta ransomware," the company said in a report published on May 15, 2024. The
  • May 16th 2024 at 03:16
  • ↗

Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability

By Newsroom
Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild. Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris
  • May 16th 2024 at 03:01
  • ↗

FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity

By Newsroom
Law enforcement agencies have officially seized control of the notorious BreachForums platform, an online bazaar known for peddling stolen data, for the second time within a year. The website ("breachforums[.]st") has been replaced by a seizure banner stating the clearnet cybercrime forum is under the control of the U.S. Federal Bureau of Investigation (FBI).  The operation is the
  • May 15th 2024 at 17:52
  • ↗

Improving cyber defense with open source SIEM and XDR

Developing an effective strategy is a continuous process which requires recurring evaluation and refinement

Partner Content A cyber defense strategy outlines policies, procedures, and technologies to prevent, detect, and respond to cyber attacks. This helps avoid financial loss, reputational damage, and legal repercussions.…

  • May 15th 2024 at 17:10
  • ↗

Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps

By Newsroom
Google is unveiling a set of new features in Android 15 to prevent malicious apps installed on the device from capturing sensitive data. This constitutes an update to the Play Integrity API that third-party app developers can take advantage of to secure their applications against malware. "Developers can check if there are other apps running that could be capturing the screen, creating
  • May 15th 2024 at 17:00
  • ↗

Android Update: Theft Detection Lock Knows When Your Phone Is Stolen

By Matt Burgess
Google is introducing new AI-powered safety tools in Android 15 that can lock down your phone if thieves nab it.

Google Launches AI-Powered Theft and Data Protection Features for Android Devices

By Newsroom
Google has announced a slew of privacy and security features in Android, including a suite of advanced protection features to help secure users' devices and data in the event of a theft. These features aim to help protect data before, during and after a theft attempt, the tech giant said, adding they are expected to be available via an update to Google Play services for devices running
  • May 15th 2024 at 17:00
  • ↗

Microsoft fixes a bug abused in QakBot attacks plus a second under exploit

Plus: Google Chrome, Apple bugs also exploited in the wild

Happy May Patch Tuesday. We've got a lot of vendors joining this month's patchapalooza, which includes a handful of bugs that have been exploited — either in the wild or at Pwn2Own — and now fixed by Microsoft, Apple, Google and VMware.…

  • May 14th 2024 at 22:15
  • ↗

FCC names and shames Royal Tiger AI robocall crew

Agency is on the lookout for a Prince among men

The US Federal Communications Commission has named its first robocall gang, dubbing the crew "Royal Tiger," and detailed its operations in an attempt to encourage international action against the scammers.…

  • May 14th 2024 at 21:30
  • ↗

Patch Tuesday, May 2024 Edition

By BrianKrebs

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.

First, the zero-days. CVE-2024-30051 is an “elevation of privilege” bug in a core Windows library. Satnam Narang at Tenable said this flaw is being used as part of post-compromise activity to elevate privileges as a local attacker.

“CVE-2024-30051 is used to gain initial access into a target environment and requires the use of social engineering tactics via email, social media or instant messaging to convince a target to open a specially crafted document file,” Narang said. “Once exploited, the attacker can bypass OLE mitigations in Microsoft 365 and Microsoft Office, which are security features designed to protect end users from malicious files.”

Kaspersky Lab, one of two companies credited with reporting exploitation of CVE-2024-30051 to Microsoft, has published a fascinating writeup on how they discovered the exploit in a file shared with Virustotal.com.

Kaspersky said it has since seen the exploit used together with QakBot and other malware. Emerging in 2007 as a banking trojan, QakBot (a.k.a. Qbot and Pinkslipbot) has morphed into an advanced malware strain now used by multiple cybercriminal groups to prepare newly compromised networks for ransomware infestations.

CVE-2024-30040 is a security feature bypass in MSHTML, a component that is deeply tied to the default Web browser on Windows systems. Microsoft’s advisory on this flaw is fairly sparse, but Kevin Breen from Immersive Labs said this vulnerability also affects Office 365 and Microsoft Office applications.

“Very little information is provided and the short description is painfully obtuse,” Breen said of Microsoft’s advisory on CVE-2024-30040.

The only vulnerability fixed this month that earned Microsoft’s most-dire “critical” rating is CVE-2024-30044, a flaw in Sharepoint that Microsoft said is likely to be exploited. Tenable’s Narang notes that exploitation of this bug requires an attacker to be authenticated to a vulnerable SharePoint Server with Site Owner permissions (or higher) first and to take additional steps in order to exploit this flaw, which makes this flaw less likely to be widely exploited as most attackers follow the path of least resistance.

Five days ago, Google released a security update for Chrome that fixes a zero-day in the popular browser. Chrome usually auto-downloads any available updates, but it still may require a complete restart of the browser to install them. If you use Chrome and see a “Relaunch to update” message in the upper right corner of the browser, it’s time to restart.

Apple has just shipped macOS Sonoma 14.5 update, which includes nearly two dozen security patches. To ensure your Mac is up-to-date, go to System Settings, General tab, then Software Update and follow any prompts.

Finally, Adobe has critical security patches available for a range of products, including Acrobat, Reader, Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate and Adobe Framemaker.

Regardless of whether you use a Mac or Windows system (or something else), it’s always a good idea to backup your data and or system before applying any security updates. For a closer look at the individual fixes released by Microsoft today, check out the complete list over at the SANS Internet Storm Center. Anyone in charge of maintaining Windows systems in an enterprise environment should keep an eye on askwoody.com, which usually has the scoop on any wonky Windows patches.

Update, May 15, 8:28 a.m.: Corrected misattribution of CVE-2024-30051.

Secrecy Concerns Mount Over Spy Powers Targeting US Data Centers

By Dell Cameron
A coalition of digital rights groups is demanding the US declassify records that would clarify just how expansive a major surveillance program really is.

Cybersec chiefs team up with insurers to say 'no' to ransomware bullies

Guidebook aims to undermine the criminal business model

The latest effort to reduce the number of ransom payments sent to cybercriminals in the UK involves the country's National Cyber Security Centre (NCSC) locking arms with insurance associations.…

  • May 14th 2024 at 16:15
  • ↗
❌