FreshRSS

🔒
△ 🔃
☐ ☆ ✇ The Register - Security

California passes bill to set up one-stop data deletion shop

September 18th 2023 at 12:45

Also, LockBit gets a new second stringer, AirTag owners find yet another illicit use, and this week's critical vulns

Infosec in brief Californians may be on their way to the nation's first "do not broker" list with the passage of a bill that would create a one-stop service for residents of the Golden State who want to opt out of being tracked by data brokers. …

☐ ☆ ✇ The Hacker News

New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services

By THN — September 18th 2023 at 12:30
A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container security firm Sysdig. "The AMBERSQUID operation was able to exploit cloud services without triggering the AWS
☐ ☆ ✇ The Hacker News

Think Your MFA and PAM Solutions Protect You? Think Again

By The Hacker News — September 18th 2023 at 12:21
When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA (Multi-Factor Authentication) and PAM (Privileged Access Management) solutions are almost never deployed comprehensively enough to provide resilience to identity
☐ ☆ ✇ The Hacker News

Hook: New Android Banking Trojan That Expands on ERMAC's Legacy

By THN — September 18th 2023 at 12:11
A new analysis of the Android banking trojan known as Hook has revealed that it's based on its predecessor called ERMAC. "The ERMAC source code was used as a base for Hook," NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last week. "All commands (30 in total) that the malware operator can send to a device infected with ERMAC malware, also
☐ ☆ ✇ The Register - Security

Cryptojackers spread their nets to capture more than just EC2

September 18th 2023 at 11:15

AMBERSQUID operation takes AWS's paths less travelled in search of compute

As cloud native computing continues to gain popularity, so does the risk posed by criminals seeking to exploit the unwary. One newly spotted method targets services on the AWS platform, but not necessarily the ones you might think.…

☐ ☆ ✇ The Hacker News

Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients

By THN — September 18th 2023 at 07:00
Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for making the breach worse, calling it a "dark pattern." "The fact that Google Authenticator syncs to
☐ ☆ ✇ The Hacker News

Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks

By THN — September 18th 2023 at 03:16
The financially motivated threat actor known as UNC3944 is pivoting to ransomware deployment as part of an expansion to its monetization strategies, Mandiant has revealed. "UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purposes and they appear to understand Western business practices, possibly due to the geographical composition of the group,
☐ ☆ ✇ Troy Hunt

Weekly Update 365

By Troy Hunt — September 17th 2023 at 14:11
Weekly Update 365

It's another week of travels, this time from our "second home", Oslo. That's off the back of 4 days in the Netherlands and starting tomorrow, another 4 in Prague. But today, the 17th of September, is extra special 😊

1 year today ❤️ pic.twitter.com/vsRChdDshn

— Troy Hunt (@troyhunt) September 17, 2023

We'll be going out and celebrating accordingly as soon as I get this post published so I'll be brief: enjoy this week's video!

Weekly Update 365
Weekly Update 365
Weekly Update 365
Weekly Update 365

References

  1. Sponsored by: 1 in 3 families have been affected by fraud. Secure your personal info with Aura’s award-winning identity protection. Start free trial.
  2. We had a great visit to Politie Nederland in Rotterdam this week (lots of common goals shared, and I'm really happy we've been able to assist with victim notification via HIBP)
  3. 932k Viva Air email addresses went into HIBP (that's a Colombian airline which no longer exists, they were pwned and ransomed last year)
  4. 4.3M Malindo Air email addresses went into HIBP (it's a 2019 breach so not new, but a third of people in there had never appeared in a loaded breach before)
  5. Wasn't really expecting to be named on a notorious ransomware website, but here we are (2 days after recording I still haven't heard anything further)
  6. I wasn't expecting anything revolutionary, but I'd really hoped for more excitement in the new iPhones (but I ordered us both Pro Max units anyway 😎)

☐ ☆ ✇ The Hacker News

North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist

By THN — September 17th 2023 at 06:32
The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its hacks. According to multiple reports from Certik, Elliptic, and ZachXBT, the infamous hacking group is said to be suspected behind the theft of $31 million in digital assets from the CoinEx exchange on September 12, 2023. The crypto heist aimed at
☐ ☆ ✇ WIRED

You Need to Update Google Chrome or Whatever Browser You Use

By Andrew Couts — September 16th 2023 at 13:00
Plus: Spyware-packing ads, TikTok GDPR violations, Elon Musk investigations, and more.
☐ ☆ ✇ The Hacker News

TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.

By THN — September 16th 2023 at 13:00
The Irish Data Protection Commission (DPC) slapped TikTok with a €345 million (about $368 million) fine for violating the European Union's General Data Protection Regulation (GDPR) in relation to its handling of children's data. The investigation, initiated in September 2021, examined how the popular short-form video platform processed personal data relating to child users (those between the
☐ ☆ ✇ WIRED

Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle

By Lily Hay Newman — September 16th 2023 at 11:00
Cyberattacks on casinos grab attention, but a steady stream of less publicized attacks leave vulnerable victims struggling to recover.
☐ ☆ ✇ The Register - Security

Probe reveals previously secret Israeli spyware that infects targets via ads

September 16th 2023 at 09:05

Oh s#!t, Sherlock

Israeli software maker Insanet has reportedly developed a commercial product called Sherlock that can infect devices via online adverts to snoop on targets and collect data about them for the biz's clients.…

☐ ☆ ✇ The Register - Security

Scattered Spider traps 100+ victims in its web as it moves into ransomware

September 15th 2023 at 21:25

Mandiant warns casino raiders are doubling down on 'monetization strategies'

Scattered Spider, the crew behind at least one of the recent Las Vegas casino IT security breaches, has already hit some 100 organizations during its so-far brief tenure in the cybercrime scene, according to Mandiant.…

☐ ☆ ✇ The Register - Security

Google throws California $93M to make location tracking lawsuit disappear

September 15th 2023 at 17:15

Half a percent of last quarter's net income? That'll teach 'em

Google has been hit with another lawsuit alleging it deceived users about its collection, storage, and use of their location data, this time from the state of California. Yet it's over before it really began.…

☐ ☆ ✇ The Hacker News

The Interdependence between Automated Threat Intelligence Collection and Humans

By The Hacker News — September 15th 2023 at 11:13
The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared with just 831 in Q1 2023. The MOVEit attack has claimed over 600 victims so far and that number is still
☐ ☆ ✇ The Hacker News

Google Agrees to $93 Million Settlement in California's Location-Privacy Lawsuit

By THN — September 15th 2023 at 11:10
Google has agreed to pay $93 million to settle a lawsuit filed by the U.S. state of California over allegations that the company's location-privacy practices misled consumers and violated consumer protection laws. "Our investigation revealed that Google was telling its users one thing – that it would no longer track their location once they opted out – but doing the opposite and continuing to
☐ ☆ ✇ The Hacker News

DDoS 2.0: IoT Sparks New DDoS Alert

By The Hacker News — September 15th 2023 at 10:25
The Internet of Things (IoT) is transforming efficiency in various sectors like healthcare and logistics but has also introduced new security risks, particularly IoT-driven DDoS attacks. This article explores how these attacks work, why they’re uniquely problematic, and how to mitigate them. What Is IoT? IoT (Internet of Things) refers to online, interconnected devices that collect and exchange
☐ ☆ ✇ The Hacker News

NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers

By THN — September 15th 2023 at 10:20
An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the Python-based NodeStealer and potentially take over their accounts for follow-on malicious activities.  "The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology
☐ ☆ ✇ The Register - Security

Greater Manchester Police ransomware attack another classic demo of supply chain challenges

September 15th 2023 at 09:45

Are you the weakest link?

The UK's Greater Manchester Police (GMP) has admitted that crooks have got their mitts on some of its data after a third-party supplier responsible for ID badges was attacked.…

☐ ☆ ✇ The Hacker News

Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads

By THN — September 15th 2023 at 08:49
The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. "This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchers said in a new analysis published this
☐ ☆ ✇ The Hacker News

Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors

By THN — September 15th 2023 at 04:14
Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal. The tech giant, which is tracking the activity under the name Peach Sandstorm (formerly Holmium), said the adversary pursued organizations in the satellite, defense, and pharmaceutical sectors to likely facilitate
☐ ☆ ✇ The Register - Security

US-Canada water org confirms 'cybersecurity incident' after ransomware crew threatens leak

September 15th 2023 at 00:15

NoEscape promises 'colossal wave of problems' if IJC doesn't pay up

The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB of data from the organization.…

☐ ☆ ✇ /r/netsec - Information Security News & Discussion

Bypass SSL Pinning on Windows Application

By /u/HermaeusMora0 — September 14th 2023 at 20:59

I have tried using CharlesProxy MITM proxy to obtain SSL traffic from a Windows Application, but Charles simply can't capture any traffic, even though it captures from my browser and other applications.

With that being said, I suspect the application uses SSL pinning, I don't want to go reverse engineer it when there's a simpler way for me to obtain their requests.

I need suggestions on what to do, and if reverse engineering is my only way, what would be recommended.

submitted by /u/HermaeusMora0
[link] [comments]
☐ ☆ ✇ The Register - Security

Caesars says cyber-crooks stole customer data as MGM casino outage drags on

September 14th 2023 at 20:13

Zero-days are so 2022. Why not just social engineer the help desk?

Updated Casino giant Caesars Entertainment has confirmed miscreants stole a database containing customer info, including driver license and social security numbers for a "significant number" of its loyalty program members, in a social engineering attack earlier this month.…

☐ ☆ ✇ The Register - Security

Rollbar might be good at tracking bugs, uninvited guests not so much

September 14th 2023 at 15:00

Company noticed data warehouse break-in via compromised account a month later

Cloud-based bug tracking and monitoring platform Rollbar has warned users that attackers have rifled through their data.…

☐ ☆ ✇ The Hacker News

Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems

By THN — September 14th 2023 at 14:07
A set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. "Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program's context or perform other malicious
☐ ☆ ✇ WeLiveSecurity

Ballistic Bobcat's Sponsor backdoor – Week in security with Tony Anscombe

September 14th 2023 at 14:01
Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States
☐ ☆ ✇ The Hacker News

Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years

By THN — September 14th 2023 at 13:18
A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack. The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system. The campaign, which took place between 2020 and 2022, is no longer active. "
❌