BuzzSec

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. KrebsOnSecurity has learned that the defendant was busted in March 2022, after fleeing mandatory military service in Ukraine in the weeks following the Russian invasion. Ukrainian national Mark Sokolovsky, seen here in a Porsche Cayenne on Mar. 18 fleeing mandatory military service in Ukraine. This image was taken by Polish border authorities as Sokolovsky’s vehicle entered Germany. Image: KrebsOnSecurity.com. The U.S. Attorney for the Western District of Texas unsealed an indictment last week that named Mark Sokolvsky as the core developer for the Raccoon Infostealer business, which was marketed on several Russian-language cybercrime forums beginning in 2019. Raccoon was essentially a We

Let’s begin by looking at what culture is and why it matters. Culture is tacit and elusive in its very nature. It is often unspoken, based on behaviours, hidden in the thoughts and minds of people. We often see it embedded in the organisation’s framework: in its vision, mission and values, which can also describe the attitudes it has towards various things. Such as, does it value innovation over tradition? Does it focus on people or processes? Does it embrace change? Or, will it fight it every step of the way? from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/what-happens-to-an-organisation-when-it-has-no-security-culture

Security Magazine wrote this week about the recent eye opening SlashNext State of Phishing report.  " SlashNext analyzed billions of link-based URLs, attachments and natural language messages in email, mobile and browser channels over six months in 2022 and found more than 255 million attacks —a 61% increase in the rate of phishing attacks compared to 2021.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/eye-opener-phishing-attacks-61-up-over-2021.-a-whopping-255-million-attacks-this-year-so-far

Communication services provider Twilio this week disclosed that it experienced another "brief security incident" in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information. The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in from The Hacker News https://thehackernews.com/2022/10/twilio-reveals-another-breach-from-same.html

A newly released report on ransomware preparedness shows organizations are improving their security stance in comparison to last year, but overall still aren’t doing enough. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/over-two-thirds-of-organizations-have-no-ransomware-specific-incident-response-playbook

Five malicious dropper Android apps with over 130,000 cumulative installations have been discovered on the Google Play Store distributing banking trojans like SharkBot and Vultur, which are capable of stealing financial data and performing on-device fraud. "These droppers continue the unstopping evolution of malicious apps sneaking to the official store," Dutch mobile security firm ThreatFabric from The Hacker News https://thehackernews.com/2022/10/these-dropper-apps-on-play-store.html

There are no details yet, but it’s really important that you patch Open SSL 3.x when the new version comes out on Tuesday. How bad is “Critical”? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. It’s likely to be abused to disclose server memory contents, and potentially reveal user details, and could be easily exploited remotely to compromise server private keys or execute code execute remotely. In other words, pretty much everything you don’t want happening on your production systems. Slashdot thread . from Schneier on Security https://www.schneier.com/blog/archives/2022/10/critical-vulnerability-in-open-ssl.html

Check out the 29 new pieces of training content added in September, alongside the always fresh content update highlights and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-fresh-content-updates-october-2022

The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot (aka Silence), and Clop ransomware. It is "part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread," the Microsoft Security Threat Intelligence Center (MSTIC from The Hacker News https://thehackernews.com/2022/10/raspberry-robin-operators-selling.html

Unsurprisingly, the level of cyber activity continued to be quite sustained even during the second half of September. In this timeline... from HACKMAGEDDON https://www.hackmageddon.com/2022/10/28/16-30-september-2022-cyber-attacks-timeline/

Researchers at Cyren describe a phishing attack that resulted from the theft of a stolen iPad. The iPad was stolen on a train in Switzerland, and briefly appeared on Apple’s location services in Paris a few days later. The owner assumed the iPad was lost for good, but sent a message to the iPad with her phone number just in case. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/stolen-devices-and-phishing

Automobile, Energy, Media, Ransomware?When thinking about verticals, one may not instantly think of cyber-criminality. Yet, every move made by governments, clients, and private contractors screams toward normalizing those menaces as a new vertical. Ransomware has every trait of the classical economical vertical. A thriving ecosystem of insurers, negotiators, software providers, and managed from The Hacker News https://thehackernews.com/2022/10/ransomware-open-source-to-rescue.html

TL;DR Define the goal of an assessment. Take time to choose the right assessment type. The more detail you give about an asset, the better quality your report will be. Select the right environment for the assessment. Consider the timing for performing the assessment. Communicate internally and make sure everyone is up to speed. Do more than remediate findings—use findings to help remediate other areas of an environment. Fix low-severity issues. Ask questions and get feedback. Make sure to change things up once and a while. These are all just suggestions; do as you please. There are many types of penetration tests and security assessments. Although most of the suggestions below apply to a variety of tests, I am focusing specifically on the following: External and Internal Penetration Tests, and Black-Box, White-Box, Grey-Box, and Hybrid (Source-Assisted Grey-Box) Application Assessments. Define Goals: It is important to know why an assessment is being performed. Is it

A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said "an app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements. Credited with discovering and reporting the bug in August from The Hacker News https://thehackernews.com/2022/10/apple-ios-and-macos-flaw-couldve-let.html

A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency. Cybersecurity company CrowdStrike dubbed the activity Kiss-a-dog, with its command-and-control infrastructure overlapping with those associated with other groups like TeamTNT, which are known to strike misconfigured from The Hacker News https://thehackernews.com/2022/10/new-cryptojacking-campaign-targeting.html

In this episode of Security Nation, Jen and Tod talk to renowned password security expert Jeremi Gosney about how we are all guilty of bad password practices. He discusses the psychology of how we develop the various words/phrase combinations that become our crackable passwords. Stick around for the Rapid Rundown, where Tod and Jen dive into a great story for Cybersecurity Awareness Month as well as bad data-governance practices.     Jeremi Gosney Jeremi Gosney is a renowned password cracker and password security expert. He is a member of the Hashcat core development team, the former CEO of the password cracking firm Terahash, and the author of the Pufferfish and hmac-bcrypt password hashing functions. He also helps run the DEF CON Password Village and the PasswordsCon track at Security BSides Las Vegas. Show notes Interview links Jeremi on Password Nihilism The Rails bug Jeremi referenced Rapid Rundown links Risky Business Newsletter on fake PoCs: " GitHub aflood wi

After suffering two large, and embarrassing, data breaches in recent weeks, the Australian government increased the fine for serious data breaches from $2.2 million to a minimum of $50 million. (That’s $50 million AUD, or $32 million USD.) This is a welcome change. The problem is one of incentives, and Australia has now increased the incentive for companies to secure the personal data or their users and customers. from Schneier on Security https://www.schneier.com/blog/archives/2022/10/australia-increases-fines-for-massive-data-breaches.html

Cisco has warned of active exploitation attempts targeting a pair of two-year-old security flaws in the Cisco AnyConnect Secure Mobility Client for Windows. Tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), the vulnerabilities could enable local authenticated attackers to perform DLL hijacking and copy arbitrary files to system directories with elevated privileges. from The Hacker News https://thehackernews.com/2022/10/hackers-actively-exploiting-cisco.html

VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product. Tracked as CVE-2021-39144, the issue has been rated 9.8 out of 10 on the CVSS vulnerability scoring system, and relates to a remote code execution vulnerability via XStream open source library. "Due to an unauthenticated endpoint that leverages XStream for input serialization in from The Hacker News https://thehackernews.com/2022/10/vmware-releases-patch-for-critical-rce.html

Join SBS team members Laura Zannucci and Rick Olivier for a constructive discussion about National Cybersecurity Awareness Month and how we can use and train on key controls to #BeCyberSmart. from SBS CyberSecurity https://sbscyber.com/resources/discussing-national-cybersecurity-awareness-month-with-rick-and-laura

The post Webcast: How Bartending Made Me a Better Infosec Consultant w/ Ben Burkhart appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/webcast-how-bartending-made-me-a-better-infosec-consultant-w-ben-burkhart/

The post Webcast: How to Detect and Respond to Business Email (M365) Compromise w/ the BHIS DFIR Team  appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/webcast-how-to-detect-and-respond-to-business-email-m365-compromise-w-the-bhis-dfir-team/

The post Webcast: Atomic Red Team: Hands-on Getting Started Guide w/ Carrie & Darin Roberts appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/webcast-atomic-red-team-hands-on-getting-started-guide-w-carrie-darin-roberts/

The post Webcast: Modern C2 and Data Exfiltration w/ Kyle Avery appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/webcast-modern-c2-and-data-exfiltration-w-kyle-avery/

The post Webcast: Looking for Needles in Needlestacks w/ Threat Hunting Toolkit appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/webcast-looking-for-needles-in-needlestacks-w-threat-hunting-toolkit/

The post Webcast: Getting Started in Covert .NET Tradecraft for Post-Exploitation – Kyle Avery appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/webcast-getting-started-in-covert-net-tradecraft-for-post-exploitation-kyle-avery/

The post How to Play Competitive Backdoors & Breaches w/ Jason Blanchard (1-Hour) appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/how-to-play-competitive-backdoors-breaches-w-jason-blanchard-1-hour/

In this video, our Principal Research Analyst Scott Nusbaum goes over his research on LastPass Password Manager. He discusses how the credentials are exposed in memory to an attacker that is present on the host and is able to access the browser process. He also goes over on how LastPass could modify their extension to further protect the credentials in memory. The post LastPass in Memory Exposure appeared first on TrustedSec . from TrustedSec https://www.trustedsec.com/blog/lastpass-in-memory-exposure/

A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 released on July 21 from The Hacker News https://thehackernews.com/2022/10/22-year-old-vulnerability-reported-in.html

The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme. This allegedly comprises from The Hacker News https://thehackernews.com/2022/10/hive-ransomware-hackers-begin-leaking.html

Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary code with the highest privileges. Successful exploitation of from The Hacker News https://thehackernews.com/2022/10/apple-releases-patch-for-new-actively.html

Virtual Chief Information Security Officer (vCISO) services (also known as 'Fractional CISO' or 'CISO-as-a-Service') are growing in popularity, especially as growing cyber threats, tightening regulatory demands and strict cyber insurance requirements are driving small to medium-sized enterprises demand for strategic cybersecurity and compliance guidance and management. But vCISO services are from The Hacker News https://thehackernews.com/2022/10/download-ebook-top-virtual-cisos-share.html

     In The Wild - CyberSecurity Newsletter Welcome to the 298 th  issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!            Hacker Hour: Cybersecurity Awareness Month Round Table SBS Educational Resources Date: Wednesday, October 26 Time: 2:00 - 3:00 PM CT We would like to invite you to join SBS in celeb