The Hacker News

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam

The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in Atlanta and Los Angeles on April 12 and May 16, respectively. The foreign nationals have been "charged for leading a scheme

The Hacker News

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service (MaaS) model, target over 1,500 banks across the world, spanning more than 60 countries in Central and South

Exploit-DB Updates

[webapps] PopojiCMS 2.0.1 - Remote Command Execution (RCE)

PopojiCMS 2.0.1 - Remote Command Execution (RCE)

Exploit-DB Updates

[webapps] Backdrop CMS 1.27.1 - Remote Command Execution (RCE)

Backdrop CMS 1.27.1 - Remote Command Execution (RCE)

Exploit-DB Updates

[webapps] Apache OFBiz 18.12.12 - Directory Traversal

Apache OFBiz 18.12.12 - Directory Traversal

Exploit-DB Updates

[webapps] Wordpress Theme XStore 9.3.8 - SQLi

Wordpress Theme XStore 9.3.8 - SQLi

Exploit-DB Updates

[webapps] htmlLawed 1.2.5 - Remote Code Execution (RCE)

htmlLawed 1.2.5 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

/r/netsec - Information Security News & Discussion

RomHack CFP Closes May 31!

submitted by /u/smaury
[link] [comments]

The Register - Security

An attorney says she saw her library reading habits reflected in mobile ads. That's not supposed to happen

Follow us down this deep rabbit hole of privacy policy after privacy policy

Feature In April, attorney Christine Dudley was listening to a book on her iPhone while playing a game on her Android tablet when she started to see in-game ads that reflected the audiobooks she recently checked out of the San Francisco Public Library.…

/r/netsec - Information Security News & Discussion

A Basic Guide to Discovering Attack Surface with Ghidra and GDB

submitted by /u/cy1337
[link] [comments]

The Register - Security

Gawd, after that week, we wonder what's next for China and the Western world

For starters: Crypto, import tariffs, and Microsoft shipping out staff

Kettle It's been a fairly troubling week in terms of the relationship between China and the Western world.…

/r/netsec - Information Security News & Discussion

Freeway for Network Pentesting

submitted by /u/Material-Tonight8924
[link] [comments]

WIRED

US Official Warns a Cell Network Flaw Is Being Exploited for Spying

Plus: Three arrested in North Korean IT workers fraud ring, Tesla staffers shared videos from owners’ cars, and more.

The Register - Security

How two brothers allegedly swiped $25M in a 12-second Ethereum heist

Feds scoff at blockchain integrity while software bug said to have been at heart of the matter

The US Department of Justice has booked two brothers on allegations that they exploited open source software used in the Ethereum blockchain world to bag $25 million (£20 million).…

The Register - Security

Aussie cops probe MediSecure's 'large-scale ransomware data breach'

Throw another healthcare biz on the barby, mate

Australian prescriptions provider MediSecure is the latest healthcare org to fall victim to a ransomware attack, with crooks apparently stealing patients' personal and health data.…

The Register - Security

Three cuffed for 'helping North Koreans' secure remote IT jobs in America

Your local nail tech could be a secret agent for Kim’s cunning plan

Three individuals accused of helping North Korea fund its weapons programs using US money are now in handcuffs.…

WeLiveSecurity

The who, where, and how of APT attacks – Week in security with Tony Anscombe

This week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape

Security Tool Files ≈ Packet Storm

Zeek 6.0.4

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6778-1

Ubuntu Security Notice 6778-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6776-1

Ubuntu Security Notice 6776-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6777-1

Ubuntu Security Notice 6777-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6774-1

Ubuntu Security Notice 6774-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6775-1

Ubuntu Security Notice 6775-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6773-1

Ubuntu Security Notice 6773-1 - It was discovered that .NET did not properly handle memory in it's Double Parse routine. An attacker could possibly use this issue to achieve remote code execution. It was discovered that .NET did not properly handle the usage of a shared resource. An attacker could possibly use this to cause a dead-lock condition, resulting in a denial of service.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2889-03

Red Hat Security Advisory 2024-2889-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an information leakage vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2890-03

Red Hat Security Advisory 2024-2890-03 - An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2891-03

Red Hat Security Advisory 2024-2891-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2888-03

Red Hat Security Advisory 2024-2888-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2886-03

Red Hat Security Advisory 2024-2886-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2887-03

Red Hat Security Advisory 2024-2887-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2882-03

Red Hat Security Advisory 2024-2882-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2883-03

Red Hat Security Advisory 2024-2883-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2884-03

Red Hat Security Advisory 2024-2884-03 - An update for Firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2885-03

Red Hat Security Advisory 2024-2885-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2881-03

Red Hat Security Advisory 2024-2881-03 - An update for firefox is now available for Red Hat Enterprise Linux 7. Issues addressed include bypass and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2784-03

Red Hat Security Advisory 2024-2784-03 - Red Hat OpenShift Container Platform release 4.12.57 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a code execution vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2834-03

Red Hat Security Advisory 2024-2834-03 - An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Issues addressed include a server-side request forgery vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2781-03

Red Hat Security Advisory 2024-2781-03 - Red Hat OpenShift Container Platform release 4.12.57 is now available with updates to packages and images that fix several bugs.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2024-2782-03

Red Hat Security Advisory 2024-2782-03 - Red Hat OpenShift Container Platform release 4.12.57 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

News ≈ Packet Storm

Critical Flaw In AI Python Package Can Lead To System And Data Compromise

News ≈ Packet Storm

EU Probes Meta Over Its Provisions For Protecting Children

News ≈ Packet Storm

Google Patches 3rd Chrome Browser Zero Day Inside Of A Week

News ≈ Packet Storm

Microsoft Quick Assist Tool Abused For Ransomware Delivery

The Hacker News

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining

The Register - Security

First LockBit, now BreachForums: Are cops winning the war or just a few battles?

TLDR: Peace in our time is really really hard

Interview On Wednesday the FBI and international cops celebrated yet another cybercrime takedown – of ransomware brokerage site BreachForums – just a week after doxing and imposing sanctions on the LockBit ransomware crew's kingpin, and two months after compromising the gang's website.…

/r/netsec - Information Security News & Discussion

QNAP QTS - QNAPping At The Wheel (CVE-2024-27130 and friends) - watchTowr Labs

submitted by /u/dx7r__
[link] [comments]

The Hacker News

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

A new report from XM Cyber has found – among other insights - a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on hundreds of thousands of attack path assessments conducted by the XM Cyber

The Hacker News

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year. "Deuterbear, while similar to Waterbear in many ways, shows advancements in capabilities such as including support for shellcode plugins, avoiding handshakes

Security – Cisco Blog

Accessing Secure Client Cloud Management after the SecureX EoL

Secure Client Management capabilities aren’t going away with the SecureX EOL, the functionality is simply migrating to the Cisco Security Cloud Control service.

The Hacker News

Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks

The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir, is "structurally almost identical to GoBear, with extensive sharing of code between

The Hacker News

CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2014-100005 - A cross-site request forgery (CSRF) vulnerability impacting D-Link DIR-600 routers that allows an

The Register - Security

Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware

Spoiler alert: it's not really IT support controlling your device

A cybercrime gang has been abusing Microsoft's Quick Assist application in social engineering attacks that ultimately allow the crew to infect victims with Black Basta ransomware.…

/r/netsec - Information Security News & Discussion

Sasori: A dynamic web crawler built on top of Puppeteer

submitted by /u/5up3r54iy4n
[link] [comments]

WeLiveSecurity

To the Moon and back(doors): Lunar landing in diplomatic missions

ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

The Hacker News

New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The SSID Confusion attack, tracked as CVE-2023-52424, impacts all operating systems and Wi-Fi clients, including home and mesh networks that are based on

/r/netsec - Information Security News & Discussion

CSTC: Bringing the CyberChef to the BurpSuite

submitted by /u/usdAG
[link] [comments]

The Register - Security

EU probes Meta over its provisions for protecting children

Has social media biz done enough to comply with Digital Services Act? Maybe not

The European Commission has opened formal proceedings to assess whether Meta, the provider of Facebook and Instagram, may have breached the Digital Services Act (DSA) in areas linked to the protection of minors.…

/r/netsec - Information Security News & Discussion

How an Employee's Personal GitHub Repository Compromised Azure’s Internal Container Registry

submitted by /u/Pale_Fly_2673
[link] [comments]

The Register - Security

Stifling Beijing in cyberspace is now British intelligence’s number-one mission

Annual conference of cyber intel unit shows UK's alarm over China blaring louder than ever

CyberUK Regular attendees of CYBERUK, the annual conference hosted by British intelligence unit the National Cyber Security Centre (NCSC), will know that in addition to the expected conference panels, there is usually an interwoven theme to proceedings.…