FreshRSS

🔒
△ 🔃
☐ ☆ ✇ The Hacker News

Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign

By Newsroom — October 16th 2023 at 13:55
Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems. "The attack involves the use of malicious archive files that exploit the recently discovered vulnerability affecting the WinRAR compression software versions prior to 6.23 and traced as CVE-
☐ ☆ ✇ The Hacker News

SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls

By Newsroom — October 16th 2023 at 12:11
The Android banking trojan known as SpyNote has been dissected to reveal its diverse information-gathering features. Typically spread via SMS phishing campaigns, attack chains involving the spyware trick potential victims into installing the app by clicking on the embedded link, according to F-Secure. Besides requesting invasive permissions to access call logs, camera, SMS messages, and external
☐ ☆ ✇ The Hacker News

The Fast Evolution of SaaS Security from 2020 to 2024 (Told Through Video)

By The Hacker News — October 16th 2023 at 11:46
SaaS Security’s roots are in configuration management. An astounding 35% of all security breaches begin with security settings that were misconfigured. In the past 3 years, the initial access vectors to SaaS data have widened beyond misconfiguration management. “SaaS Security on Tap” is a new video series that takes place in Eliana V's bar making sure that the only thing that leaks is beer (
☐ ☆ ✇ WIRED

Deepfake Porn Is Out of Control

By Matt Burgess — October 16th 2023 at 11:00
New research shows the number of deepfake videos is skyrocketing—and the world's biggest search engines are funneling clicks to dozens of sites dedicated to the nonconsensual fakes.
☐ ☆ ✇ The Hacker News

Signal Debunks Zero-Day Vulnerability Reports, Finds No Evidence

By Newsroom — October 16th 2023 at 09:31
Encrypted messaging app Signal has pushed back against "viral reports" of an alleged zero-day flaw in its software, stating it found no evidence to support the claim. "After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels," it said in a series of messages posted in X (formerly
☐ ☆ ✇ The Hacker News

Binance's Smart Chain Exploited in New 'EtherHiding' Malware Campaign

By Newsroom — October 16th 2023 at 04:59
Threat actors have been observed serving malicious code by utilizing Binance's Smart Chain (BSC) contracts in what has been described as the "next level of bulletproof hosting." The campaign, detected two months ago, has been codenamed EtherHiding by Guardio Labs. The novel twist marks the latest iteration in an ongoing malware campaign that leverages compromised WordPress sites to serve
☐ ☆ ✇ The Register - Security

Regulator, insurers and customers all coming for Progress after MOVEit breach

October 16th 2023 at 02:58

Also, CISA cataloging new ransomware data points, 17k WP sites hijacked by malware in Sept., and more critical vulns

Infosec in brief The fallout from the exploitation of bugs in Progress Software's MOVEit file transfer software continues, with the US Securities and Exchange Commission (SEC) now investigating the matter, and lots of affected parties seeking compensation. …

☐ ☆ ✇ Troy Hunt

Weekly Update 369

By Troy Hunt — October 15th 2023 at 06:53
Weekly Update 369

There seemed to be an awful lot of time gone on the 23andMe credential stuffing situation this week, but I think it strikes a lot of important chords. We're (us as end users) still reusing credentials, still not turning on MFA and still trying to sue when we don't do these things. And we as builders are still creating systems that allow this to happen en mass. All that said, I don't know how we build systems that are resilient to a single person coming along and entering someone else's (probably) reused credentials into a normal browser session, at least not without introducing additional barriers to entry that will upset the marketing manager. And so, I'm back at the only logical conclusion I think we can all agree on right now: it's a great time to be working in this industry 😊

Weekly Update 369
Weekly Update 369
Weekly Update 369
Weekly Update 369

References

  1. Sponsored by: Online fraud is everywhere. Secure your finances and personal info with Aura’s award-winning identity protection. Protect your identity now.
  2. 23andMe has been getting hammered in a credential stuffing attack (as I always say, defending against this is a shared responsibility: individuals need to work on their account security hygiene, and websites need to expect and defend against this sort of thing)
  3. And now they're getting sued in a class action, a mere 4 days after the event 🤦‍♂️ (someone really should write a blog post about how stupid this is...)
  4. ...here's a blog post about how stupid class actions like this are! (when I'm getting lawyers asking me to advertise their class action suits on HIBP, you know damn well who's getting rich out of all this, and it ain't the plaintiffs)
  5. The Bureau van Dijk data breach is now in HIBP (we should be asking a lot more questions about why data aggregators collecting this sort of info still exist)

☐ ☆ ✇ WIRED

The US Congress Was Targeted With Predator Spyware

By Andy Greenberg, Lily Hay Newman — October 14th 2023 at 13:00
Plus: Hamas raised millions in crypto, Exxon used hacked data, and more.
☐ ☆ ✇ The Hacker News

Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication

By Newsroom — October 14th 2023 at 06:29
Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. "The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN Manager (NTLM)," the tech giant said. "New features for Windows 11 include
☐ ☆ ✇ The Register - Security

530K people's info feared stolen from cloud PC gaming biz Shadow

October 13th 2023 at 18:57

Will players press start to continue with this outfit?

Shadow, which hosts Windows PC gaming in the cloud among other services, has confirmed criminals stole a database containing customer data following a social-engineering attack against one of its employees.…

☐ ☆ ✇ The Register - Security

Thwarted ransomware raid targeting WS_FTP servers demanded just 0.018 BTC

October 13th 2023 at 18:15

Early attempt to exploit latest Progress Software bug spotted in the wild

An early ransomware campaign against organizations by exploiting the vulnerability in Progress Software's WS_FTP Server was this week spotted by security researchers.…

☐ ☆ ✇ WIRED

Rumors of a ‘Global Day of Jihad’ Have Unleashed a Dangerous Wave of Disinformation

By David Gilbert — October 13th 2023 at 17:11
The rapid spread of violent videos and photos, combined with a toxic stew of mis- and disinformation, now threatens to spill over into real-world violence.
☐ ☆ ✇ The Register - Security

Calls for Visual Studio security tweak fall on deaf ears despite one-click RCE exploit

October 13th 2023 at 15:28

Two years on and Microsoft refuses to address the issue

Perceived weaknesses in the security of Microsoft's Visual Studio IDE are being raised once again this week with a fresh single-click exploit.…

☐ ☆ ✇ WeLiveSecurity

Staying on top of security updates – Week in security with Tony Anscombe

October 13th 2023 at 15:09
Why keeping software up to date is a crucial security practice that should be followed by everyone from individual users to SMBs and large enterprises
☐ ☆ ✇ The Hacker News

New PEAPOD Cyberattack Campaign Targeting Women Political Leaders

By Newsroom — October 13th 2023 at 14:31
European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD. Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the name Void Rabisu, which is also known as Storm-0978, Tropical Scorpius, and UNC2596, and is also
☐ ☆ ✇ WIRED

US House Republicans Had Their Phones Confiscated to Stop Leaks

By Matt Laslo — October 13th 2023 at 13:30
In an attempt to wrest control from raucous far-right hardliners amid the fight for a new House speaker, Republican Party leaders are instituting phone bans to keep backroom deals secret.
☐ ☆ ✇ The Hacker News

Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration

By Newsroom — October 13th 2023 at 11:53
The advanced persistent threat (APT) actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew's tactics and capabilities. The findings come from Kaspersky, which first shed light on the adversary last year, linking it to attacks against high-profile entities in Europe and Asia for nearly three
☐ ☆ ✇ The Hacker News

Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats?

By The Hacker News — October 13th 2023 at 11:07
Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to effectively bypass common defense strategies.  Cyble, a renowned cyber threat intelligence company recognized for its research and findings, recently released its 
☐ ☆ ✇ WIRED

HTTP/2 Rapid Reset: A New Protocol Vulnerability Will Haunt the Web for Years

By Lily Hay Newman — October 13th 2023 at 11:00
Dubbed “HTTP/2 Rapid Reset,” the flaw requires issuing patches to virtually every web server around the world before the problem can be eradicated.
☐ ☆ ✇ The Hacker News

DarkGate Malware Spreading via Messaging Services Posing as PDF Files

By Newsroom — October 13th 2023 at 10:36
A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications (VBA) loader script that masquerades as a PDF document, which, when opened, triggers the download and execution of an AutoIt script designed to launch the malware. "It's
☐ ☆ ✇ The Hacker News

FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure

By Newsroom — October 13th 2023 at 10:25
The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) detailing the ransomware-as-a-service (RaaS) operation's
☐ ☆ ✇ The Register - Security

Squid games: 35 security holes still unpatched in proxy after 2 years, now public

October 13th 2023 at 00:21

We'd like to say don't panic … but maybe?

35 vulnerabilities in the Squid caching proxy remain unfixed more than two years after being found and disclosed to the open source project's maintainers, according to the person who reported them.…

☐ ☆ ✇ The Register - Security

Everest cybercriminals offer corporate insiders cold, hard cash for remote access

October 12th 2023 at 12:42

The ransomware gang changes identities more than Jason Bourne

The Everest ransomware group is stepping up its efforts to purchase access to corporate networks directly from employees amid what researchers believe to be a major transition for the cybercriminals.…

☐ ☆ ✇ The Register - Security

Building cyber resilience with data vaults

October 12th 2023 at 12:29

How continuous data protection and isolated cyber recovery vaults provide effective defense against ransomware

Sponsored Feature In August 2023, Danish hosting subsidiaries CloudNordic and AzeroCloud were on the receiving end of one of the most serious ransomware attacks ever made public by a cloud services company.…

☐ ☆ ✇ WIRED

New Clues Suggest Stolen FTX Funds Went to Russia-Linked Money Launderers

By Andy Greenberg — October 12th 2023 at 12:00
Whoever looted FTX on the day of its bankruptcy has now moved the stolen money through a long string of intermediaries—and eventually some that look Russian in origin.
☐ ☆ ✇ The Register - Security

US construction giant unearths concrete evidence of cyberattack

October 12th 2023 at 10:55

Simpson Manufacturing yanks systems offline, warns of ongoing disruption

Simpson Manufacturing Company yanked some tech systems offline this week to contain a cyberattack it expects will "continue to cause disruption."…

☐ ☆ ✇ The Register - Security

HM Government has partnered with SANS to train cyber security experts

October 12th 2023 at 08:42

Partner Content According to the Cyber Security Breaches Survey 26 percent of medium businesses, 37 percent of large businesses and 25 percent of high-income charities have experienced cyber crime in the last 12 months.…

☐ ☆ ✇ The Register - Security

US Navy sailor admits selling secret military blueprints to China for $15K

October 11th 2023 at 19:42

Worth it for 20 years behind bars?

A US Navy service member pleaded guilty yesterday to receiving thousands of dollars in bribes from a Chinese spymaster in exchange for passing on American military secrets.…

☐ ☆ ✇ WIRED

A Graphic Hamas Video Donald Trump Jr. Shared on X Is Actually Real, Research Confirms

By David Gilbert — October 11th 2023 at 19:39
A video posted by Donald Trump Jr. showing Hamas militants attacking Israelis was falsely flagged in a Community Note as being years old, thus making X's disinformation problem worse, not better.
❌