BuzzSec

Brian Krebs wrote: " A number of  Discord  communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/the-bookmark-trap-how-discord-admins-fell-prey-to-social-engineering

The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023. This includes educational entities, government agencies, military bodies, and non-profit organizations, indicating the adversarial crew’s continued focus on high-value targets. Dark Pink, also called Saaiwc from The Hacker News https://thehackernews.com/2023/05/dark-pink-apt-group-leverages.html

The threat actors behind RomCom RAT are leveraging a network of fake websites advertising rogue versions of popular software at least since July 2022 to infiltrate targets. Cybersecurity firm Trend Micro is tracking the activity cluster under the name Void Rabisu, which is also known as Tropical Scorpius (Unit 42) and UNC2596 (Mandiant). "These lure sites are most likely only meant for a small from The Hacker News https://thehackernews.com/2023/05/romcom-rat-using-deceptive-web-of-rogue.html

Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway (ESG) appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-2868 (CVSS score: N/A), has been actively exploited for at least seven months prior to its discovery. from The Hacker News https://thehackernews.com/2023/05/alert-hackers-exploit-barracuda-email.html

After the cyber attacks timelines, it’s time to publish the statistics of April 2023 where I collected... from HACKMAGEDDON https://www.hackmageddon.com/2023/05/30/april-2023-cyber-attacks-timeline/

A new open source remote access trojan (RAT) called DogeRAT targets Android users primarily located in India as part of a sophisticated malware campaign. The malware is distributed via social media and messaging platforms under the guise of legitimate applications like Opera Mini, OpenAI ChatGOT, and Premium versions of YouTube, Netflix, and Instagram. "Once installed on a victim's device, the from The Hacker News https://thehackernews.com/2023/05/sneaky-dogerat-trojan-poses-as-popular.html

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta , which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains. The volume of phishing websites registered through Freenom dropped considerably since the registrar was sued by Meta. Image: Interisle Consulting. Freenom is the domain name registry service provider for five so-called “country code top level domains” (ccTLDs), including .cf for the Central African Republic; .ga for Gabon; .gq for Equatorial Guinea; .ml for Mali; and .tk for Tokelau. Freenom has always waived the registration fees for domains in these country-code domains, but the registrar also reserves the right to take back free domains at any time, and to divert traffic to other sites — including adult websites. And there are countless reports

A new security flaw has been disclosed in the Google Cloud Platform's (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data. "The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition from The Hacker News https://thehackernews.com/2023/05/severe-flaw-in-google-clouds-cloud-sql.html

Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox). Predator was first documented by Google's Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android. The spyware, which is delivered by means of from The Hacker News https://thehackernews.com/2023/05/predator-android-spyware-researchers.html

5G is a game changer for mobile connectivity, including mobile connectivity to the cloud. The technology provides high speed and low latency when connecting smartphones and IoT devices to cloud infrastructure. 5G networks are a critical part of all infrastructure layers between the end user and the end service; these networks transmit sensitive data that can be vital for governments and from The Hacker News https://thehackernews.com/2023/05/5-must-know-facts-about-5g-network.html

Check out the 20 new pieces of training content added in May, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-may-2023

Cyberspace operations now officially has a physical dimension, meaning that the United States has official military doctrine about cyberattacks that also involve an actual human gaining physical access to a piece of computing infrastructure. A revised version of Joint Publication 3-12 Cyberspace Operations—published in December 2022 and while unclassified, is only available to those with DoD common access cards, according to a Joint Staff spokesperson—officially provides a definition for “expeditionary cyberspace operations,” which are “[c]yberspace operations that require the deployment of cyberspace forces within the physical domains.” […] “Developing access to targets in or through cyberspace follows a process that can often take significant time. In some cases, remote access is not possible or preferable, and close proximity may be required, using expeditionary [cyber operations],” the joint publication states. “Such operations are key to addressing the challenge of closed net

An unnamed government entity associated with the United Arab Emirates (U.A.E.) was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "simple yet effective" backdoor dubbed PowerExchange. According to a new report from Fortinet FortiGuard Labs, the intrusion relied on email phishing as an initial access pathway, leading to the execution of a .NET from The Hacker News https://thehackernews.com/2023/05/new-powerexchange-backdoor-used-in.html

The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems. "While the group doesn't develop its own ransomware, it does utilize what appears to be one custom-developed tool, an information stealer designed to search for and archive specified file types," Symantec said in a from The Hacker News https://thehackernews.com/2023/05/buhti-ransomware-gang-switches-tactics.html

Interesting essay on the poisoning of LLMs—ChatGPT in particular: Given that we’ve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, it’s entirely possible that bad actors have been poisoning ChatGPT for months. We don’t know because OpenAI doesn’t talk about their processes, how they validate the prompts they use for training, how they vet their training data set, or how they fine-tune ChatGPT. Their secrecy means we don’t know if ChatGPT has been safely managed. They’ll also have to update their training data set at some point. They can’t leave their models stuck in 2021 forever. Once they do update it, we only have their word— pinky-swear promises —that they’ve done a good enough job of filtering out keyword manipulations and other training data attacks, something that the AI researcher El Mahdi El Mhamdi posited is mathematically impossible in a paper he worked on while he was at Google . from Schneier

Egress, a cybersecurity company that provides intelligent email security, recently released their Email Security Risk Report 2023 . from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/seg-headache-more-than-half-of-cybersecurity-leaders-say-that-too-many-phishing-attacks-get-through

In the second half of April 2023 I collected 180 events (corresponding to 12 events/day), a sharp increase compared to... from HACKMAGEDDON https://www.hackmageddon.com/2023/05/25/16-30-april-2023-cyber-attacks-timeline/

A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said on Wednesday. The tech giant's threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the name Volt Typhoon. The from The Hacker News https://thehackernews.com/2023/05/chinas-stealthy-hackers-infiltrate-us.html

Gartner predicts that 50% of organizations will partner with an external MDR (Managed Detection and Response) service by 2025 for around-the-clock monitoring. What determines where healthcare organizations fall on that 50/50 split over using an outsourced SOC? It usually comes down to their ability to adapt to the current needs of the healthcare industry. A growing demand for improved healthcare services means more healthcare providers are turning to the cloud. But for a world built on strict regulations and literal life-or-death situations, migrating too quickly to the cloud can be a serious challenge. When healthcare teams take on cloud adoption too fast, then run the risk of: Accumulating cloud services that fall through security cracks—AKA shadow IT Expanding their organization’s attack surface without a means of defense, opening up more opportunities for breaches and leaks That’s where the help of an outsourced SOC comes in. With an extra team of experts on board, healthc

With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/financial-fraud-phishing

Malign persuasion can take many forms. We tend to hear the most about phishing (malicious emails) or smishing (malicious texts). Other threats are also worth some attention, like the risk of drive-by attacks. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/batloader-malware-drive-bys-attacks

New data shows that changes in cybercriminals’ phishing techniques are improving their game, making it easier to make their way into a potential victim user’s inbox. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/email-based-cyberattacks

It’s been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to eight . No private right of action in any of those, which means it’s up to the states to enforce the laws. from Schneier on Security https://www.schneier.com/blog/archives/2023/05/indiana-iowa-and-tennessee-pass-comprehensive-privacy-laws.html

Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app. The app (APK package name "com.tsoft.app.iscreenrecorder"), which accrued over 50,000 installations, was first uploaded on September 19, 2021. The malicious functionality from The Hacker News https://thehackernews.com/2023/05/data-stealing-malware-discovered-in.html

An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to compromise SSH servers and retrieve additional AWS-specific credentials from Laravel web applications," from The Hacker News https://thehackernews.com/2023/05/legion-malware-upgraded-to-target-ssh.html

CyberheistNews Vol 13 #21  |   May 23rd, 2023 [Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend New data sheds light on how likely your organization will succumb to a ransomware attack, whether you can recover your data, and what's inhibiting a proper security posture. You have a solid grasp on what your organization's cybersecurity stance does and does not include. But is it enough to stop today's ransomware attacks? CyberEdge's 2023 Cyberthreat Defense Report provides some insight into just how prominent ransomware attacks are and what's keeping orgs from stopping them. According to the report, in 2023: 7% of organizations were victims of a ransomware attack 7% of those paid a ransom 73% were able to recover data Only 21.6% experienced solely the encryption of data and no other form of extortion It's this last data point that interests me. Nearly 78% of victim organizations experienced one or more additional form

Microsoft has observed a thirty-eight percent increase in cybercrime-as-a-service (CaaS) offerings for launching business email compromise (BEC) attacks between 2019 and 2022. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/business-email-compromise-surges

JavaScript is heavily used in almost all modern web applications. Knowing how to format a .js file, set breakpoints, and alter a script’s logic on the fly can be very helpful when working with web applications. To start, let’s navigate to a website and view the application’s resources. For our example, we are using the angular.io website. To do this, we can navigate to the site’s homepage and press F12, or right-click on the homepage and choose the inspect option. Figure 1 – Inspect Page This opens the developer tools, and from there, we can select the Sources tab if we are in a Chromium-based browser such as Google Chrome or Brave. In Firefox, we can use the Debugger tab. Figure 2 – Developer Tools View Lists the resources by domain. Shows the HTML of the current page, including scripts. In this case, we are on the homepage of the application, which is called ‘index’. This would show the contents of the selected JavaScript file. In this case, the file is named main.34

The most precious asset in today's information age is the secret safeguarded under lock and key. Regrettably, maintaining secrets has become increasingly challenging, as highlighted by the 2023 State of Secrets Sprawl report, the largest analysis of public GitHub activity.  The report shows a 67% year-over-year increase in the number of secrets found, with 10 million hard-coded secrets detected from The Hacker News https://thehackernews.com/2023/05/the-rising-threat-of-secrets-sprawl-and.html

An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020. Fortinet Fortiguard Labs, which dubbed the artifact WINTAPIX (WinTapix.sys), attributed the malware with low confidence to an Iranian threat actor. "WinTapix.sys is essentially a loader," security researchers Geri Revay and Hossein Jazi said from The Hacker News https://thehackernews.com/2023/05/new-wintapixsys-malware-engages-in.html

In case you don’t have enough to worry about, someone has built a credible handwriting machine: This is still a work in progress, but the project seeks to solve one of the biggest problems with other homework machines, such as this one that I covered a few months ago after it blew up on social media. The problem with most homework machines is that they’re too perfect. Not only is their content output too well-written for most students, but they also have perfect grammar and punctuation ­ something even we professional writers fail to consistently achieve. Most importantly, the machine’s “handwriting” is too consistent. Humans always include small variations in their writing, no matter how honed their penmanship. Devadath is on a quest to fix the issue with perfect penmanship by making his machine mimic human handwriting. Even better, it will reflect the handwriting of its specific user so that AI-written submissions match those written by the student themselves. Like other machin