Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution

More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free bug impacting versions 1.10.0 and 1.11.1, which is the

China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices

The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced around July 2023, with the first confirmed attack against an unnamed victim

Cisco Hypershield – Our Vision to Combat Unknown Vulnerabilities

By now, I hope you have had a chance to learn about the first-of-its-kind, groundbreaking solution we recently announced: Cisco Hypershield.

As I covered in my previous blog, the unique architecture… Read more on Cisco Blogs

Cisco & Splunk: A Complete SOC Platform Purpose-Built for the AI-Driven Future

Organizations come in all shapes and sizes. From big companies to small, local companies to multi-nationals, unregulated to highly regulated — the size and sophistication of organizations operating i… Read more on Cisco Blogs

It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs

Cybercriminals are vipers. They’re like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into.  With cybercriminals becoming more sophisticated, SMBs like you must do more to protect themselves. But at what price? That’s the daunting question

Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components

Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data," mobile security firm

A New Surveillance Tool Invades Border Towns

Plus: An assassination plot, an AI security bill, a Project Nimbus revelation, and more of the week’s top security news.

Microsoft PlayReady toolkit - codes release

Posted by Security Explorations on May 06

Hello All,

We released codes for "Microsoft PlayReady toolkit", a tool that has
been developed as part of our research from 2022:

https://security-explorations.com/microsoft-playready.html#details

The toolkit illustrates the following:
- fake client device identity generation,
- acquisition of license and content keys for encrypted content,
- downloading and decryption of content,
- content inspection (MPEG-4 file format),
- Manifest...

Germany points finger at Fancy Bear for widespread 2023 hacks, DDoS attacks

ALSO: Microsoft promises to git gud on cybersecurity; unqualified attackers are targeting your water systems, and more

infosec in brief It was just around a year ago that a spate of allegedly Russian-orchestrated cyberattacks hit government agencies in Germany, and now German officials claim to know for a fact who did it: APT28, or Fancy Bear, a Russian threat actor linked to the GRU intelligence service.…

Malware Analysis Blog(Formbook info stealer analysis)

submitted by /u/AdvancedFinish6896
[link] [comments]

End-to-end encryption may be the bane of cops, but they can't close that Pandora's Box

Internet Society's Robin Wilton tells us the war on privacy won't be won by the plod

interview Police can complain all they like about strong end-to-end encryption making their jobs harder, but it doesn't matter because the technology is here and won't go away. …

pcap-did-what: Analyze pcaps with Zeek and a Grafana Dashboard

submitted by /u/thewanderer1999
[link] [comments]

Dating apps kiss'n'tell all sorts of sensitive personal info

Privacy Not Included label slapped on 22 of 25 top lonely-hearts corners

Interview Dating apps ask people to disclose all kinds of personal information in the hope of them finding love, or at least a hook-up.…

[webapps] Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure

[webapps] Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass

[webapps] Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass

[webapps] Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config Disclosure

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config Disclosure

[webapps] Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass

[webapps] Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure

Pay up, or else? – Week in security with Tony Anscombe

Organizations that fall victim to a ransomware attack are often caught between a rock and a hard place, grappling with the dilemma of whether to pay up or not

New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and Arm-based Macs. The exact distribution vector is currently unclear, although there are

Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The Czech Republic's Ministry of Foreign Affairs (MFA), in a statement, said some unnamed

Kaspersky hits back at claims its AI helped Russia develop military drone systems

Ready, set, sanctions?

AI built by Russian infosec firm Kaspersky was used in Russian drones for its war on Ukraine, volunteer intelligence gatherers claim.…

It may take decade to shore up software supply chain security, says infosec CEO

Sure, we're waking to the risk, but we gotta get outta bed, warns Endor Labs founder Varun Badhwar

interview The more cybersecurity news you read, the more often you seem to see a familiar phrase: Software supply chain (SSC) vulnerabilities. Varun Badhwar, founder and CEO at security firm Endor Labs, doesn't believe that's by coincidence. …

Flutter Windows Thick Client SSL Pinning Bypass

submitted by /u/Ano_F
[link] [comments]

Live2D Cubism refusing to fix validation issue leading to heap corruption.

Posted by PT via Fulldisclosure on May 03

Live2D Cubism is the dominant "vtuber" software suite for 2D avatars for use in livestreaming and integrating them in
other software.
They publish various SDKs and a frameworks for integrating their libraries with your own program. You're supposed to
use those to deserialize and render/animate the models created with their main software - often untrusted files from
random people on the internet.
While their main java-based...

Demystifying RCE Vulnerabilities in LLM-Integrated Apps

submitted by /u/louis11
[link] [comments]

Ubuntu Security Notice USN-6757-2

Ubuntu Security Notice 6757-2 - USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem. It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-6762-1

Ubuntu Security Notice 6762-1 - It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library might allow context-dependent attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. This issue only affected Ubuntu 14.04 LTS.

Red Hat Security Advisory 2024-2679-03

Red Hat Security Advisory 2024-2679-03 - An update for libxml2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-2674-03

Red Hat Security Advisory 2024-2674-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2024-2054-03

Red Hat Security Advisory 2024-2054-03 - Red Hat OpenShift Container Platform release 4.14.23 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-2049-03

Red Hat Security Advisory 2024-2049-03 - Red Hat OpenShift Container Platform release 4.13.41 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2068-03

Red Hat Security Advisory 2024-2068-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2071-03

Red Hat Security Advisory 2024-2071-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements.

Lessons From LOCKED SHIELDS 2024 Cyber Exercise

Europol Op Shutters 12 Scam Call Centers And Cuffs 21 Suspected Fraudsters

Botnet Disrupted By FBI Still Used By Russian Spies, Cybercriminals

Indonesia Sneakily Buys Spyware, Claims Amnesty International

Microsoft, Google Do A Victory Lap Around Passkeys

Adding insult to injury: crypto recovery scams

Once your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice over

Ever wondered where your inserted data went? Our Burp Suite Extension FlowMate helps you find out.

submitted by /u/usdAG
[link] [comments]

Expert-Led Webinar - Uncovering Latest DDoS Tactics and Learn How to Fight Back

In today's rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence. To address this urgent need, we are thrilled to announce our upcoming webinar, "Uncovering Contemporary

Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.

These Dangerous Scammers Don’t Even Bother to Hide Their Crimes

“Yahoo Boy” cybercriminals are openly running dozens of scams across Facebook, WhatsApp, Telegram, TikTok, YouTube, and more.

Europol op shutters 12 scam call centers and cuffs 21 suspected fraudsters

Cops prevented crims from bilking victims out of more than €10m - but couldn't stop crime against art

A Europol-led operation dubbed “Pandora” has shut down a dozen phone scam centers, and arrested 21 suspects. The cops reckon the action prevented criminals from bilking victims out of more than €10 million (£8.6 million, $11 million).…

Indonesia sneakily buys spyware, claims Amnesty International

A 'murky' web sees many purchases run through Singapore in a way that hides potential users

Indonesia has acquired spyware and surveillance technologies through a "murky network" that extends into Israel, Greece, Singapore and Malaysia for equipment sourcing, according to Amnesty International.…

Microsoft Developer Blogs Search Tool

submitted by /u/elliotkillick
[link] [comments]

Chinese government website security is often worryingly bad, say Chinese researchers

Bad configurations, insecure versions of jQuery, and crummy cookies are some of myriad problems

Exclusive Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week.…

Weekly Update 398

How many different angles can you have on one data breach? Facial recognition (which probably isn't actual biometrics), gambling, offshore developers, unpaid bills, extortion, sloppy password practices and now, an arrest. On pondering it more after today's livestream, it's the unfathomable stupidity of publishing this data publicly that really strikes me. By all means, have contractual disputes, get lawyers involved and showdown in the courts if you need to, but take data in this fashion and chuck it up online and you're well into criminal territory. It's just nuts, and I suspect there's a lot more yet to play out in this saga.

References

1. Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
2. Outabox - where do I even begin with this one?! (that's a link to the tweet thread, stay tuned for more there)
3. Qantas wasn't breached in any sort of malicious fashion, but they've still had a breach (looks like a classic cache key cock-up to me)
4. Did Bandcamp really email people with their passwords mail-merged into where their name should be? (no, but someone accidentally put their password in the username field and it then appeared in the mail merge... which is also funny 🤣)

Microsoft, Google do a victory lap around passkeys

Windows giant extends passwordless tech to everyone else

Microsoft today said it will now let us common folk — not just commercial subscribers — sign into their Microsoft accounts and apps using passkeys with their face, fingerprint, or device PIN.…

New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data

SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the existing security stack does not enable complete control or comprehensive monitoring of their usage.

NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources

The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State. "The

Google Announces Passkeys Adopted by Over 400 Million Accounts

Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times over the past two years. "Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than passwords," Heather Adkins, vice president of security engineering at Google, said.

Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks

HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems. Of the 10 security defects, four are rated critical in severity - CVE-2024-26304 (CVSS score: 9.8) - Unauthenticated Buffer Overflow Vulnerability in the L2/L3 Management Service Accessed via

Florida man gets 6 years behind bars for flogging fake Cisco kit to US military

Operation busted after dodgy devices ended up at Air Force

Miami resident Onur Aksoy has been sentenced to six and a half years in prison for running a multi-million-dollar operation selling fake Cisco equipment that ended up in the US military.…

Patch up – 4 critical bugs in ArubaOS lead to remote code execution

Ten vulnerabilities in total for admins to apply

Network admins are being urged to patch a bundle of critical vulnerabilities in ArubaOS that lead to remote code execution as a privileged user.…

The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics

Outabox, an Australian firm that scanned faces for bars and clubs, suffered a breach that shows the problems with giving companies your biometric data.

Federal frenzy to patch gaping GitLab account takeover hole

Warning comes exactly a year after the vulnerability was introduced

The US Cybersecurity and Infrastructure Security Agency (CISA) is forcing all federal agencies to patch a critical vulnerability in GitLab's Community and Enterprise editions, confirming it is very much under "active exploit."…

Debian Security Advisory 5676-1

Debian Linux Security Advisory 5676-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.