Hugely expanded Section 702 surveillance powers set for US Senate vote

Opponents warn almost anyone could be asked to share info with Uncle Sam

On Thursday the US Senate is expected to reauthorize the contentious warrantless surveillance powers conferred by Section 702 of the Foreign Intelligence Surveillance Act (FISA), and may even strengthen them with language that, according to US Senator Ron Wyden (D-OR), "will force a huge range of companies and individuals to spy for the government."…

Kremlin's Sandworm blamed for cyberattacks on US, European water utilities

Water tank overflowed during one system malfunction, says Mandiant

The Russian military's notorious Sandworm crew was likely behind cyberattacks on US and European water plants that, in at least one case, caused a tank to overflow.…

An Obscure Actions Workflow Vulnerability in Google’s Flank

submitted by /u/louis11
[link] [comments]

Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes

Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024. OpenMetadata is an open-source platform that operates as a

Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor

A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. "The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords, thereby

Big Tech Says Spy Bill Turns Its Workers Into Informants

One of Silicon Valley’s most influential lobbying arms joins privacy reformers in a fight against the Biden administration–backed expansion of a major US surveillance program.

Debian Security Advisory 5655-2

Debian Linux Security Advisory 5655-2 - The update of cockpit released in DSA 5655-1 did not correctly build binary packages due to unit test failures when building against libssh 0.10.6. This update corrects that problem.

Debian Security Advisory 5662-1

Debian Linux Security Advisory 5662-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.

Ubuntu Security Notice USN-6726-2

Ubuntu Security Notice 6726-2 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6726-3

Ubuntu Security Notice 6726-3 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.

Red Hat Security Advisory 2024-1859-03

Red Hat Security Advisory 2024-1859-03 - OpenShift API for Data Protection 1.3.1 is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1865-03

Red Hat Security Advisory 2024-1865-03 - Red Hat Single Sign-On 7.6.8 Operator enhancement and security update.

Red Hat Security Advisory 2024-1868-03

Red Hat Security Advisory 2024-1868-03 - An update is now available for Red Hat build of Keycloak. Issues addressed include bypass, cross site scripting, and denial of service vulnerabilities.

Ubuntu Security Notice USN-6724-2

Ubuntu Security Notice 6724-2 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the Habana's AI Processors driver in the Linux kernel did not properly initialize certain data structures before passing them to user space. A local attacker could use this to expose sensitive information.

Ubuntu Security Notice USN-6725-2

Ubuntu Security Notice 6725-2 - Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service or possibly expose sensitive information. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2024-1856-03

Red Hat Security Advisory 2024-1856-03 - An update for opencryptoki is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-1835-03

Red Hat Security Advisory 2024-1835-03 - An update for shim is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2024-1836-03

Red Hat Security Advisory 2024-1836-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-1840-03

Red Hat Security Advisory 2024-1840-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-1841-03

Red Hat Security Advisory 2024-1841-03 - An update for pcs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1846-03

Red Hat Security Advisory 2024-1846-03 - An update for pcs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1832-03

Red Hat Security Advisory 2024-1832-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1834-03

Red Hat Security Advisory 2024-1834-03 - An update for shim is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2024-1770-03

Red Hat Security Advisory 2024-1770-03 - Red Hat OpenShift Container Platform release 4.15.9 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-1833-03

Red Hat Security Advisory 2024-1833-03 - An update for squid is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

Ivanti Patches 27 Vulns In Avalanche MDM Product

OpenAI's ChatGPT Can Exploit Real Vulnerabilities By Reading Advisories

Scammers Offer Cash To Phone Carrier Staff To Swap SIM Cards

Recent OT And Espionage Attacks Linked To Russia's Sandworm, Now Named APT44

Attackers Are Pummeling Networks Around The World With Millions Of Login Attempts

Exploit code for Palo Alto Networks zero-day now public

Race on to patch as researchers warn of mass exploitation of directory traversal bug

Various infosec researchers have released proof-of-concept (PoC) exploits for the maximum-severity vulnerability in Palo Alto Networks' PAN-OS used in GlobalProtect gateways.…

OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories

While some other LLMs appear to flat-out suck

AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed.…

Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities

Cyber Army of Russia Reborn, a group with ties to the Kremlin’s Sandworm unit, is crossing lines even that notorious cyberwarfare unit wouldn’t dare to.

[AI/ML Security] Scan and fix your LLM jailbreaks

submitted by /u/rukhrunnin
[link] [comments]

Japanese government rejects Yahoo! infosec improvement plan

Just doesn't believe it will sort out the mess that saw data leak from LINE messaging app

Japan's government has considered the proposed security improvements developed by Yahoo!, found them wanting, and ordered the onetime web giant to take new measures.…

Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks

A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked advanced persistent threat (APT) group tracked as Sandworm (aka APT44 or

Supercharging Cisco XDR with AI and Identity Intelligence at RSAC 2024

Cisco XDR is a leader in providing comprehensive threat detection and response across the entire attack surface. We’ll be showcasing new capabilities that will give security teams even more insight, a… Read more on Cisco Blogs

GenAI: A New Headache for SaaS Security Teams

The introduction of Open AI’s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing,

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, a

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to execute unauthorized code or

Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services

Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Cisco Talos said. Successful attacks could

Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack

Also warns of brute force attacks targeting its own VPNs, Check Point, Fortinet, SonicWall and more

Cisco is fighting fires on a couple cybersecurity fronts this week involving its Duo multi-factor authentication (MFA) service and its remote-access VPN services.…

A quick post on Chen’s algorithm

submitted by /u/feross
[link] [comments]

MGM says FTC can't possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time

What a twist!

MGM Resorts wants the FTC to halt a probe into last year's ransomware infection at the mega casino chain – because the watchdog's boss Lina Khan was a guest at one of its hotels during the cyberattack.…

A quick post on Chen’s algorithm

submitted by /u/feross
[link] [comments]

Change Healthcare’s New Ransomware Nightmare Goes From Bad to Worse

A cybercriminal gang called RansomHub claims to be selling highly sensitive patient information stolen from Change Healthcare following a ransomware attack by another group in February.

CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster

submitted by /u/hackers_and_builders
[link] [comments]

US Senate to Vote on a Wiretap Bill That Critics Call ‘Stasi-Like’

A controversial bill reauthorizing the Section 702 spy program may force whole new categories of businesses to eavesdrop on the US government’s behalf, including on fellow Americans.

Alleged cryptojacker accused of stealing $3.5M from cloud to mine under $1M in crypto

No prizes for guessing the victims

A Nebraska man will appear in court today to face charges related to allegations that he defrauded cloud service providers of more than $3.5 million in a long-running cryptojacking scheme.…

SIM swap crooks solicit T-Mobile US, Verizon staff via text to do their dirty work

No breach responsible for employee contact info getting out, says T-Mo

T-Mobile US employees say they are being sent text messages that offer them cash to perform illegal SIM swaps for supposed criminals.…

Debian Security Advisory 5661-1

Debian Linux Security Advisory 5661-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.

“All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass

submitted by /u/pwnplusplus
[link] [comments]

Debian Security Advisory 5660-1

Debian Linux Security Advisory 5660-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.

Open sourcerers say suspected xz-style attacks continue to target maintainers

Social engineering patterns spotted across range of popular projects

Open source groups are warning the community about a wave of ongoing attacks targeting project maintainers similar to those that led to the recent attempted backdooring of a core Linux library.…

Ubuntu Security Notice USN-6736-1

Ubuntu Security Notice 6736-1 - It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code.

Ubuntu Security Notice USN-6734-1

Ubuntu Security Notice 6734-1 - Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. It was discovered that libvirt incorrectly handled certain RPC library API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. It was discovered that libvirt incorrectly handled detaching certain host interfaces. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service.

Ubuntu Security Notice USN-6733-1

Ubuntu Security Notice 6733-1 - It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10.

Ubuntu Security Notice USN-6735-1

Ubuntu Security Notice 6735-1 - It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled the use of CRLF sequences to delimit HTTP requests. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain unauthorised access. This issue only affected Ubuntu 23.10.

Red Hat Security Advisory 2024-1831-03

Red Hat Security Advisory 2024-1831-03 - An update for kernel is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Issues addressed include out of bounds write and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6732-1

Ubuntu Security Notice 6732-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.