FreshRSS

🔒
△ 🔃
☐ ☆ ✇ The Hacker News

Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack

By THN — September 12th 2023 at 11:32
A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show. The flaw "could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations," Checkmarx security researcher Elad Rapoport said in a technical report shared with The Hacker News. "Successful exploitation of
☐ ☆ ✇ The Hacker News

7 Steps to Kickstart Your SaaS Security Program

By The Hacker News — September 12th 2023 at 10:42
SaaS applications are the backbone of modern businesses, constituting a staggering 70% of total software usage. Applications like Box, Google Workplace, and Microsoft 365 are integral to daily operations. This widespread adoption has transformed them into potential breeding grounds for cyber threats. Each SaaS application presents unique security challenges, and the landscape constantly evolves
☐ ☆ ✇ The Hacker News

Chinese Redfly Group Compromised a Nation's Critical Grid in 6-Month ShadowPad Campaign

By THN — September 12th 2023 at 10:18
A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad. "The attackers managed to steal credentials and compromise multiple computers on the organization's network," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with
☐ ☆ ✇ The Hacker News

Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper

By THN — September 12th 2023 at 10:01
A sophisticated phishing campaign is using a Microsoft Word document lure to distribute a trifecta of threats, namely Agent Tesla, OriginBotnet, and RedLine Clipper, to gather a wide range of information from compromised Windows machines. "A phishing email delivers the Word document as an attachment, presenting a deliberately blurred image and a counterfeit reCAPTCHA to lure the recipient into
☐ ☆ ✇ WIRED

China-Linked Hackers Breached a Power Grid—Again

By Andy Greenberg — September 12th 2023 at 10:00
Signs suggest the culprits worked within a notorious Chinese hacker group that may have also hacked Indian electric utilities years earlier.
☐ ☆ ✇ The Hacker News

Beware: MetaStealer Malware Targets Apple macOS in Recent Attacks

By THN — September 12th 2023 at 06:13
A new information stealer malware called MetaStealer has set its sights on Apple macOS, making the latest in a growing list of stealer families focused on the operating system after MacStealer, Pureland, Atomic Stealer, and Realst. "Threat actors are proactively targeting macOS businesses by posing as fake clients in order to socially engineer victims into launching malicious payloads,"
☐ ☆ ✇ The Hacker News

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

By THN — September 12th 2023 at 05:15
Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR
☐ ☆ ✇ The Register - Security

Save the Children hit by ransomware, 7TB stolen

September 11th 2023 at 22:21

A new low, even for these lowlifes

Updated Cybercrime crew BianLian says it has broken into the IT systems of a top nonprofit and stolen a ton of files, including what the miscreants claim is financial, health, and medical data.…

☐ ☆ ✇ The Register - Security

MGM Resorts shuts down website, computer systems after 'cybersecurity incident'

September 11th 2023 at 20:17

Ransomware? Some would be willing to bet on that

MGM Resorts has shut down some of its IT systems following a "cybersecurity incident" that the casino-and-hotel giant says is currently under investigation.…

☐ ☆ ✇ The Register - Security

Huge DDoS attack against US financial institution thwarted

September 11th 2023 at 18:46

Akamai reckons traffic flood peaked at 55.1 million packets per second

Akamai says it thwarted a major distributed denial-of-service (DDoS) attack aimed at a US bank that peaked at 55.1 million packets per second earlier this month.…

☐ ☆ ✇ The Hacker News

Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger

By THN — September 11th 2023 at 14:22
A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' Business accounts. "Originating yet again from a Vietnamese-based group, this campaign uses a tiny compressed file attachment that packs a powerful Python-based stealer dropped in a
☐ ☆ ✇ The Hacker News

Charming Kitten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E.

By THN — September 11th 2023 at 13:24
The Iranian threat actor known as Charming Kitten has been linked to a new wave of attacks targeting different entities in Brazil, Israel, and the U.A.E. using a previously undocumented backdoor named Sponsor. Slovak cybersecurity firm is tracking the cluster under the name Ballistic Bobcat. Victimology patterns suggest that the group primarily singles out education, government, and healthcare
☐ ☆ ✇ The Hacker News

How to Prevent API Breaches: A Guide to Robust Security

By The Hacker News — September 11th 2023 at 11:11
With the growing reliance on web applications and digital platforms, the use of application programming interfaces (APIs) has become increasingly popular. If you aren’t familiar with the term, APIs allow applications to communicate with each other and they play a vital role in modern software development. However, the rise of API use has also led to an increase in the number of API breaches.
☐ ☆ ✇ The Hacker News

Google Chrome Rolls Out Support for 'Privacy Sandbox' to Bid Farewell to Tracking Cookies

By THN — September 11th 2023 at 11:00
Google has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users, nearly four months after it announced the plans. "We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video," Anthony Chavez, vice president of Privacy Sandbox initiatives at Google, said. "Without viable
☐ ☆ ✇ WIRED

AI Chatbots Are Invading Your Local Government—and Making Everyone Nervous

By Todd Feathers — September 11th 2023 at 11:00
State and local governments in the US are scrambling to harness tools like ChatGPT to unburden their bureaucracies, rushing to write their own rules—and avoid generative AI's many pitfalls.
☐ ☆ ✇ WeLiveSecurity

Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor

September 11th 2023 at 09:30
ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor
☐ ☆ ✇ The Hacker News

Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows

By THN — September 11th 2023 at 07:54
A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatLabz. "In this campaign, the threat actors steal and exfiltrate NTLMv2 hashes using customized versions of Nishang's 
☐ ☆ ✇ The Hacker News

New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World

By THN — September 11th 2023 at 06:23
A new malware loader called HijackLoader is gaining traction among the cybercriminal community to deliver various payloads such as DanaBot, SystemBC, and RedLine Stealer. "Even though HijackLoader does not contain advanced features, it is capable of using a variety of modules for code injection and execution since it uses a modular architecture, a feature that most loaders do not have," Zscaler
☐ ☆ ✇ The Register - Security

Google warns infoseccers: Beware of North Korean spies sliding into your DMs

September 11th 2023 at 00:32

ALSO: Verizon turns self in for reduced fine, malvertising comes to macOS, and this week's critical vulnerabilities

Infosec in brief Watch out, cyber security researchers: Suspected North Korean-backed hackers are targeting members of the infosec community again, according to Google's Threat Analysis Group (TAG).…

☐ ☆ ✇ Troy Hunt

Weekly Update 364

By Troy Hunt — September 10th 2023 at 07:58
Weekly Update 364

I'm in Spain! Alicante, to be specific, where we've spent the last few days doing family wedding things, and I reckon we scrubbed up pretty well:

Getting fancy in Spain 😍 pic.twitter.com/iDFmBORnHa

— Troy Hunt (@troyhunt) September 9, 2023

Next stop is Amsterdam and by the end of today, we'll be sipping cold beer canal side in the 31C heat 😎 Meanwhile, this week's video focuses mostly on the Dymocks breach and the noteworthiness of what appears to be excessive data retention. After recording this video, someone also pointed out that the data is already being abused in a pretty traceable fashion:

@troyhunt not sure if this is particularly useful but I just received this scam attempt. I use iCloud's Hide My Email service and the address this email was sent to was the same address iCloud generated for use with my Dymocks account. pic.twitter.com/GiFZ7EIDo2

— matt (@matt_0833) September 9, 2023

That's all for this week, a little shorter as I was rushing for the wedding, I'll come to you next week from our second home, Oslo 🇳🇴

Weekly Update 364
Weekly Update 364
Weekly Update 364
Weekly Update 364

References

  1. Sponsored by: Fastmail. Check out Masked Email, built with 1Password. One click gets you a unique email address for every online signup. Try it now!
  2. Dymocks Australia found themselves breached (I suspect the significant number of retained inactive records will cause them some grief)
  3. No, data breaches don't typically just sit on the "dark web", they circulate broadly on easily accessible forums (that's true of the vast bulk of data in HIBP!)

☐ ☆ ✇ WIRED

Mozilla: Your New Car Is a Data Privacy Nightmare

By Dhruv Mehrotra, Andrew Couts — September 9th 2023 at 13:00
Plus: Apple patches newly discovered flaws exploited by NSO Group spyware, North Korean hackers target security researchers, and more.
☐ ☆ ✇ The Hacker News

Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play

By THN — September 9th 2023 at 08:14
Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that’s designed to harvest sensitive information from compromised Android devices. According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and exfiltrate names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server. The
☐ ☆ ✇ The Hacker News

Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks

By THN — September 9th 2023 at 06:25
A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, with malicious scripts and uses
☐ ☆ ✇ WIRED

Top US Spies Meet With Privacy Experts Over Surveillance 'Crown Jewel'

By Dell Cameron — September 8th 2023 at 18:00
Civil rights groups say efforts to get US intelligence agencies to adopt privacy reforms have largely failed. Without those changes, renewal of a post-911 surveillance policy may be doomed.
☐ ☆ ✇ WIRED

Axon's Ethics Board Resigned Over Taser-Armed Drones. Then the Company Bought a Military Drone Maker

By Ese Olumhense — September 8th 2023 at 17:46
The CEO’s vision for Taser-equipped drones includes a fictitious scenario in which the technology averts a shooting at a day care center.
☐ ☆ ✇ The Hacker News

U.K. and U.S. Sanction 11 Russia-based TrickBot Cybercrime Gang Members

By THN — September 8th 2023 at 17:04
The U.K. and U.S. governments on Thursday sanctioned 11 individuals who are alleged to be part of the notorious Russia-based TrickBot cybercrime gang. “Russia has long been a safe haven for cybercriminals, including the TrickBot group,” the U.S. Treasury Department said, adding it has “ties to Russian intelligence services and has targeted the U.S. Government and U.S. companies, including
☐ ☆ ✇ WeLiveSecurity

Will you give X your biometric data? – Week in security with Tony Anscombe

September 8th 2023 at 09:22
The update to X's privacy policy has sparked some questions among privacy and security folks, including how long X will retain users' biometric information and how the data will be stored and secured
☐ ☆ ✇ The Register - Security

Apple races to patch the latest zero-day iPhone exploit

September 8th 2023 at 11:36

No user interaction needed for this one as Pegasus turns up via iMessage

Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild.…

☐ ☆ ✇ The Hacker News

Protecting Your Microsoft IIS Servers Against Malware Attacks

By The Hacker News — September 8th 2023 at 11:27
Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments.  Recently, a
☐ ☆ ✇ The Hacker News

Cisco Issues Urgent Fix for Authentication Bypass Bug Affecting BroadWorks Platform

By THN — September 8th 2023 at 11:26
Cisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition. The most severe of the issues is CVE-2023-20238, which has the maximum CVSS severity rating of 10.0. It’s described as an authentication bypass flaw in the Cisco BroadWorks
☐ ☆ ✇ The Hacker News

North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

By THN — September 8th 2023 at 08:52
Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in an unspecified software over the past several weeks to infiltrate their machines. The findings come from Google’s Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social media platforms like X (formerly Twitter) and Mastodon to forge
☐ ☆ ✇ The Register - Security

Microsoft, recently busted by Beijing, thinks it's across China's ever-changing cyber-offensive

September 8th 2023 at 06:32

Sometimes using AI to make hilariously wrong images that still drive social media engagement

Microsoft, which earlier this week admitted not being able to detect a Chinese attack on its own infrastructure, has published a report [PDF] titled "Digital threats from East Asia increase in breadth and effectiveness." In the report, Redmond's Threat Intelligence group expounds on its fresh insight into evolving online aggressions from both China and North Korea.…

☐ ☆ ✇ The Hacker News

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities

By THN — September 8th 2023 at 05:36
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized
☐ ☆ ✇ The Hacker News

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

By THN — September 8th 2023 at 03:11
Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064
☐ ☆ ✇ The Register - Security

Russian infosec boss gets nine years for $100M insider-trading caper using stolen data

September 8th 2023 at 00:57

Confidential figures for Tesla, Snap, Roku, Avnet, others swiped and used to rack up millions in ill-gotten gains

Vladislav Klyushin, the Russian owner of security penetration testing firm M-13, was jailed for nine years in the US on Thursday for his involvement in a cyber-crime operation that stole top corporations' confidential financial information to make $93 million through insider trading.…

☐ ☆ ✇ The Register - Security

US, UK sanction more Russians linked to Trickbot

September 7th 2023 at 22:44

Top admin, HR managers, devs go on transatlantic deny-list

The US and UK governments named and sanctioned 11 Russians said to be connected to the notorious Trickbot cybercrime crew this week.…

❌