The Register - Security

UK's Investigatory Powers Bill to become law despite tech world opposition

Only minor changes from original proposals that kicked up privacy storm

The UK's contentious Investigatory Powers (Amendment) Bill (IPB) 2024 has officially received the King's nod of approval and will become law.…

The Register - Security

Four trends to top the CISO’s packed agenda

Check out the SANS CISO Primer for tips on hardening your organisation’s security posture in 2024

Sponsored Post Ever get nostalgic for the good old days of cybersecurity protection? When attacks were for the most part amateurish and infrequent, and perhaps more in the nature of an occasional nuisance rather than a daily existential threat?…

The Register - Security

Flaws in Chinese keyboard apps leave 750 million users open to snooping, researchers claim

Huawei is OK, but Xiaomi, OPPO, and Samsung are in strife. And Honor isn't living its name

Many Chinese keyboard apps, some from major handset manufacturers, can leak keystrokes to determined snoopers, leaving perhaps three quarters of a billion people at risk according to research from the University of Toronto’s Citizen Lab.…

The Register - Security

Cops cuff man for allegedly framing colleague with AI-generated hate speech clip

Athletics boss accused of deep-faking Baltimore school principal

Baltimore police have arrested Dazhon Leslie Darien, the former athletic director of Pikesville High School (PHS), for allegedly impersonating the school's principal using AI software to make it seem as if he made racist and antisemitic remarks.…

/r/netsec - Information Security News & Discussion

Dependency Confusion Vulnerability Found in an Archived Apache Project

submitted by /u/roy_6472
[link] [comments]

/r/netsec - Information Security News & Discussion

Postman users are exposing Thousands of live Passwords/API keys

submitted by /u/wifihack
[link] [comments]

The Register - Security

Ring dinged for $5.6M after, among other claims, rogue insider spied on 'pretty girls'

Cash to go out as refunds to punters

The FTC today announced it would be sending refunds totaling $5.6 million to Ring customers, paid from the Amazon subsidiary's coffers.…

/r/netsec - Information Security News & Discussion

Coverage Guided Fuzzing - Extending Instrumentation to Hunt Down Bugs Faster! - Include Security Research Blog

submitted by /u/907jessejones
[link] [comments]

The Register - Security

Two cuffed in Samourai Wallet crypto dirty money sting

Suspects in Portugal and the US said to have laundered over $100M

Two men alleged to be co-founders of cryptocurrency biz Samourai Wallet face serious charges and potentially decades in US prison over claims they owned a product that facilitated the laundering of over $100 million in criminal cash.…

/r/netsec - Information Security News & Discussion

How MFA Is Falling Short

submitted by /u/KolideKenny
[link] [comments]

The Hacker News

10 Critical Endpoint Security Tips You Should Know

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT

The Hacker News

New 'Brokewell' Android Malware Spread Through Fake Browser Updates

Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday. The malware is said to be in active development,

The Hacker News

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in

The Hacker News

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.9.2.0. "This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as

The Hacker News

North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT as part of attacks targeting specific individuals in the Asia region in summer 2023. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL

/r/netsec - Information Security News & Discussion

Moriarty v1.2 has been released!

submitted by /u/Hubble_BC_Security
[link] [comments]

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6750-1

Ubuntu Security Notice 6750-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Bartek Nowotarski discovered that Thunderbird did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6743-3

Ubuntu Security Notice 6743-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6657-2

Ubuntu Security Notice 6657-2 - USN-6657-1 fixed several vulnerabilities in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Dnsmasq incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. It was discovered that Dnsmasq incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. It was discovered that Dnsmasq incorrectly set the maximum EDNS.0 UDP packet size as required by DNS Flag Day 2020. This issue only affected Ubuntu 23.10.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6749-1

Ubuntu Security Notice 6749-1 - It was discovered that FreeRDP incorrectly handled certain context resets. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

/r/netsec - Information Security News & Discussion

Multiple Vulnerabilities in Open Devin (Autonomous AI Software Engineer)

submitted by /u/Standard_Arm_4476
[link] [comments]

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2060-03

Red Hat Security Advisory 2024-2060-03 - Red Hat OpenShift Virtualization release 4.14.5 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2044-03

Red Hat Security Advisory 2024-2044-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an information leakage vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2055-03

Red Hat Security Advisory 2024-2055-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2045-03

Red Hat Security Advisory 2024-2045-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2042-03

Red Hat Security Advisory 2024-2042-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2038-03

Red Hat Security Advisory 2024-2038-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2039-03

Red Hat Security Advisory 2024-2039-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2040-03

Red Hat Security Advisory 2024-2040-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2041-03

Red Hat Security Advisory 2024-2041-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2037-03

Red Hat Security Advisory 2024-2037-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2036-03

Red Hat Security Advisory 2024-2036-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

News ≈ Packet Storm

Russia, Iran Pose Most Aggressive Threat To 2024 Election

News ≈ Packet Storm

Palo Alto Networks Shares Remediation Advice

News ≈ Packet Storm

FTC Sending $5.6 Million To Ring Customers Over Security Failures

News ≈ Packet Storm

Nation-State Hackers Exploit Cisco Firewall Zero Days To Backdoor Government Networks

The Register - Security

Russia, Iran pose most aggressive threat to 2024 elections, say infoseccers

Google security crew reveal ‘the four Ds’ to be on the watch for

It may come as a surprise to absolutely nobody that experts say, in revealing the most prevalent and likely tactics to meddle with elections this year, that state-sponsored cybercriminals pose the biggest threat.…

The Hacker News

Network Threats: A Step-by-Step Attack Demonstration

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit

/r/netsec - Information Security News & Discussion

Exploring Vulnerabilities in Embedded Devices: A Case Study of an IP Phone

submitted by /u/security_aaudit
[link] [comments]

The Register - Security

What to do in the age of the critical breach

Why the triple threat of ransomware, data breaches, and extortion is a cybersecurity crisis

Webinar The UK government could be forgiven for wanting to forget March 2024 ever happened.…

/r/netsec - Information Security News & Discussion

Literal Security Measures

submitted by /u/samsbp97
[link] [comments]

The Register - Security

Indian bank’s IT is so shabby it’s been banned from opening new accounts

After two years of warnings, and outages, regulators ran out of patience with Kotak Mahindra Bank

India’s central bank has banned Kotak Mahindra Bank from signing up new customers for accounts or credit cards through its online presence and app.…

The Register - Security

Australia’s spies and cops want ‘accountable encryption’ - aka access to backdoors

And warn that AI is already being used by extremists to plot attacks

The director general of Australia’s lead intelligence agency and the commissioner of its Federal Police yesterday both called for social networks to offer more assistance to help their investigators work on cases involving terrorism, child exploitation, and racist nationalism.…

The Register - Security

Governments issue alerts after 'sophisticated' state-backed actor found exploiting flaws in Cisco security boxes

Don't get too comfortable: 'Line Dancer' malware may be targeting other vendors, too

A previously unknown and "sophisticated" nation-state group compromised Cisco firewalls as early as November 2023 for espionage purposes — and possibly attacked network devices made by other vendors including Microsoft, according to warnings from the networking giant and three Western governments.…

Full Disclosure

Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers

Posted by Stefan Kanthak on Apr 24

Hi @ll,

this post is a continuation of
<https://seclists.org/fulldisclosure/2023/Oct/17> and
<https://seclists.org/fulldisclosure/2021/Oct/17>

With the release of .NET Framework 4.8 in April 2019, Microsoft updated
the following paragraph of the MSDN article "What's new in .NET Framework"
<https://msdn.microsoft.com/en-us/library/ms171868.aspx>

| Starting with .NET Framework 4.5, the clrcompression.dll assembly...

/r/netsec - Information Security News & Discussion

Cisco ASA exploit in the wild.

submitted by /u/MrSanford
[link] [comments]

Full Disclosure

Response to CVE-2023-26756 - Revive Adserver

Posted by Matteo Beccati on Apr 24

CVE-2023-26756 has been recently filed against the Revive Adserver project.

The action was taken without first contacting us, and it did not follow
the security process that is thoroughly documented on our website. The
project team has been given no notice before or after the disclosure.

Our team has been made aware of this report by a community member via a
GitHub issue. All of this resulted in an inability for us to produce an
appropriate...

WIRED

'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks

Sources suspect China is behind the targeted exploitation of two zero-day vulnerabilities in Cisco’s security appliances.

/r/netsec - Information Security News & Discussion

18 vulnerabilities in Brocade SANnav

submitted by /u/PierreKimSec
[link] [comments]

WIRED

5 Best VPN Services (2024): For Routers, PC, iPhone, Android, and More

It won’t solve all of your privacy problems, but a virtual private network can make you a less tempting target for hackers.

WeLiveSecurity

What makes Starmus unique? – A Q&A with award-winning filmmaker Todd Miller

The director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges as well as why he became involved with Starmus.

WeLiveSecurity

How technology drives progress – A Q&A with Nobel laureate Michel Mayor

We spoke to Michel Mayor about the importance of public engagement with science and fostering responsibility among the youth for the preservation of our changing planet

WeLiveSecurity

The vision behind Starmus – A Q&A with the festival’s co-founder Garik Israelian

Dr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and the strong sense of community within the Starmus universe

The Hacker News

DOJ Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactions

The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds. To that end, Keonne Rodriguez, 35, and William Lonergan Hill, 65, have been charged

The Hacker News

Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny

Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative. The tech giant said it's working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end of the year. As part of the

The Hacker News

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft). "UAT4356

The Register - Security

Shouldn't Teams, Zoom, Slack all interoperate securely for the Feds? Wyden is asking

Doctorow: 'The most amazing part is that this isn't already the way it's done'

Collaboration software used by federal government agencies — this includes apps from Microsoft, Zoom, Slack, and Google — will be required to work together and be securely end-to-end encrypted, if legislation proposed by US Senator Ron Wyden (D-OR) passes.…

The Register - Security

Microsoft cannot keep its own security in order, so what hope for its add-ons customers?

Secure-by-default... if your pockets are deep enough

Microsoft has come under fire for charging for security add-ons despite the company's own patchy record when it comes to vulnerabilities and breaches.…

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6747-1

Ubuntu Security Notice 6747-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6748-1

Ubuntu Security Notice 6748-1 - It was discovered that Sanitize incorrectly handled noscript elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting attack. This issue only affected Ubuntu 22.04 LTS. It was discovered that Sanitize incorrectly handled style elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting attack.