Posts

Showing posts from June, 2023

The Hacker News - Beware: New 'Rustbucket' Malware Variant Targeting macOS Users

Researchers have pulled back the curtain on an updated version of an Apple macOS malware called Rustbucket that comes with improved capabilities to establish persistence and avoid detection by security software. "This variant of Rustbucket, a malware family that targets macOS systems, adds persistence capabilities not previously observed," Elastic Security Labs researchers said in a report from The Hacker News https://thehackernews.com/2023/07/beware-new-rustbucket-malware-variant.html

KnowBe4 - [FREE Resource Kit] July Is Ransomware Awareness Month

Image
July is Ransomware Awareness Month, and we’ve got you covered with free resources! from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/ransomware-awareness-month-kit

KnowBe4 - Your KnowBe4 Fresh Content Updates from June 2023

Image
Check out the 34 new pieces of training content added in June, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-update-june-2023

The Hacker News - 3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage

In today's fast-paced digital landscape, the widespread adoption of AI (Artificial Intelligence) tools is transforming the way organizations operate. From chatbots to generative AI models, these SaaS-based applications offer numerous benefits, from enhanced productivity to improved decision-making. Employees using AI tools experience the advantages of quick answers and accurate results, enabling from The Hacker News https://thehackernews.com/2023/06/3-reasons-saas-security-is-imperative.html

Schneier - The US Is Spying on the UN Secretary General

The Washington Post is reporting that the US is spying on the UN Secretary General. The reports on Guterres appear to contain the secretary general’s personal conversations with aides regarding diplomatic encounters. They indicate that the United States relied on spying powers granted under the Foreign Intelligence Surveillance Act (FISA) to gather the intercepts. Lots of details about different conversations in the article, which are based on classified documents leaked on Discord by Jack Teixeira. There will probably a lot of faux outrage at this, but spying on foreign leaders is a perfectly legitimate use of the NSA’s capabilities and authorities. (If the NSA didn’t spy on the UN Secretary General, we should fire it and replace it with a more competent NSA.) It’s the bulk surveillance of whole populations that should outrage us. from Schneier on Security https://www.schneier.com/blog/archives/2023/06/the-us-is-spying-on-the-un-secretary-general.html

The Hacker News - Cybercriminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign

An active financially motivated campaign is targeting vulnerable SSH servers to covertly ensnare them into a proxy network. "This is an active campaign in which the attacker leverages SSH for remote access, running malicious scripts that stealthily enlist victim servers into a peer-to-peer (P2P) proxy network, such as Peer2Profit or Honeygain," Akamai researcher Allen West said in a Thursday from The Hacker News https://thehackernews.com/2023/06/cybercriminals-hijacking-vulnerable-ssh.html

The Hacker News - MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk?

MITRE has released its annual list of the Top 25 "most dangerous software weaknesses" for the year 2023. "These weaknesses lead to serious vulnerabilities in software," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said. "An attacker can often exploit these vulnerabilities to take control of an affected system, steal data, or prevent applications from working." The list is from The Hacker News https://thehackernews.com/2023/06/mitre-unveils-top-25-most-dangerous.html

The Hacker News - Android Spy App LetMeSpy Suffers Major Data Breach Exposing Users' Personal Data

Android-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated with thousands of Android users. "As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of messages collected on accounts," LetMeSpy said in an announcement on its website, noting the from The Hacker News https://thehackernews.com/2023/06/android-spy-app-letmespy-suffers-major.html

KnowBe4 - The face of 2023's cyber-threat landscape was an alarming surge in ransomware and phishing attacks

Image
When KnowBe4 went public in April 2021, I got to know a select group of analysts that served as co-managers on our IPO. These professionals all know our industry very well and we spoke with them quarterly during our earnings conference call where we discussed the past 3 months and expectations for the future. One of these firms was Baird Equity Research  and I am still on their mailing list, even though we went private this year as a Vista Equity Partners portfolio company. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/the-face-of-2023s-cyber-threat-landscape-was-an-alarming-surge-in-ransomware-and-phishing-attacks

The Hacker News - Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts

A critical security flaw has been disclosed in miniOrange's Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982 (CVSS score: 9.8), the authentication bypass flaw impacts all versions of the plugin, including and prior to 7.6.4. It was addressed on June 14, 2023 from The Hacker News https://thehackernews.com/2023/06/critical-security-flaw-in-social-login.html

The Hacker News - Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data

A previously undocumented Windows-based information stealer called ThirdEye has been discovered in the wild with capabilities to harvest sensitive data from infected hosts. Fortinet FortiGuard Labs, which made the discovery, said it found the malware in an executable that masqueraded as a PDF file with a Russian name "CMK Правила оформления больничных листов.pdf.exe," which translates to "CMK from The Hacker News https://thehackernews.com/2023/06/newly-uncovered-thirdeye-windows-based.html

The Hacker News - Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution

Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems. "These SQL injections happened despite the use of an Object-Relational Mapping (ORM) library and prepared statements," SonarSource researcher Thomas Chauchefoin said, adding they could result in RCE on Soko because of a "misconfiguration of the database. from The Hacker News https://thehackernews.com/2023/06/critical-sql-injection-flaws-expose.html

Rapid 7 - Standardizing SaaS Data to Drive Greater Cloud Security Efficacy

The way we do business has fundamentally changed, and as a result, so must security. Whether it’s legacy modernization initiatives, process improvements, or bridging the gap between physical and digital—most organizational strategies and initiatives involve embracing the cloud. However, investing in the cloud doesn’t come without its complexities. When organizations adopt new technologies and applications, they inadvertently introduce new opportunities for attackers through vulnerabilities and points of entry. To stay ahead of potential security concerns, teams need to rely on data in order to get an overview of their environment—ensuring protection. Where this becomes a bigger challenge is two fold: Security professionals need to secure SaaS applications, but each app has its own methodology for generating and storing vital security and usage data Even if a security team puts in the work to centralize all this data, it must be normalized and standardized in order to be usable, wh

TrustedSec - Introducing CoWitness: Enhancing Web Application Testing With External Service Interaction

Image
As a web application tester, I encounter a recurring challenge in my work: receiving incomplete responses from Burp Collaborator during DNS and HTTP response testing. Figure 1 – Burp Collaborator Responses For example, Collaborator will provide the IP address that performed the DNS look up or HTTP Request. Sometimes, these responses turn out to be false positives caused by intrusion protection systems or other mechanisms in front of the actual application. In many cases, I find that the request is coming from a device in front of the web application related to Akamai or CloudFlare rather than the target server itself. What’s also missing from the information in Collaborator is the URI and User-Agent. Both of these can be important for determining where the request originated and what actions the requests were taking. I developed CoWitness as a solution. CoWitness is an application that mimics an HTTP server and a DNS server. This saves time by not having to install and configu

The Hacker News - New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks

Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could lead to the execution of arbitrary code. Tracked as CVE-2023-33299, the flaw is rated 9.6 out of 10 for severity on the CVSS scoring system. It has been described as a case of Java untrusted object deserialization. "A deserialization of untrusted data from The Hacker News https://thehackernews.com/2023/06/new-fortinets-fortinac-vulnerability.html

The Hacker News - U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), two flaws in VMware (CVE-2023-20867 and CVE-2023-20887), and one shortcoming impacting Zyxel from The Hacker News https://thehackernews.com/2023/06/us-cybersecurity-agency-adds-6-flaws-to.html

The Hacker News - Twitter Hacker Sentenced to 5 Years in Prison for $120000 Crypto Scam

A U.K. citizen who took part in the massive July 2020 hack of Twitter has been sentenced to five years in prison in the U.S. Joseph James O'Connor (aka PlugwalkJoe), 24, was awarded the sentence on Friday in the Southern District of New York, a little over a month after he pleaded guilty to the criminal schemes. He was arrested in Spain in July 2021. The infamous Twitter breach allowed the from The Hacker News https://thehackernews.com/2023/06/twitter-hacker-sentenced-to-5-years-in.html

KnowBe4 - SolarWinds' Head Refuses to Back Down Amid Potential US Regulatory Action over Russian hack

Image
According to an internal email obtained by CNN, the CEO of SolarWinds informed employees on Friday that the company plans to vigorously defend itself against potential legal action from US regulators over its handling of the 2020 breach by alleged Russian hackers. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/solarwinds-head-refuses-to-back-down-amid-potential-us-regulatory-action-over-russian-hack

The Hacker News - Cybercrime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering

A threat actor known as Muddled Libra is targeting the business process outsourcing (BPO) industry with persistent attacks that leverage advanced social engineering ploys to gain initial access. "The attack style defining Muddled Libra appeared on the cybersecurity radar in late 2022 with the release of the 0ktapus phishing kit, which offered a prebuilt hosting framework and bundled templates," from The Hacker News https://thehackernews.com/2023/06/cybercrime-group-muddled-libra-targets.html

Schneier - UPS Data Harvested for SMS Phishing Attacks

I get UPS phishing spam on my phone all the time. I never click on it, because it’s so obviously spam. Turns out that hackers have been harvesting actual UPS delivery data from a Canadian tracking tool for its phishing SMSs. from Schneier on Security https://www.schneier.com/blog/archives/2023/06/ups-data-harvested-for-sms-phishing-attacks.html

SBS CyberSecurity - Webinar: New Interagency Guidance on Third-Party Relationships: Risk Management - What You MUST Know!

Get the must-know information on the new interagency playbook on vendor management. from SBS CyberSecurity https://sbscyber.com/resources/articleType/ArticleView/articleId/3966/webinar-new-interagency-guidance-on-third-party-relationships-risk-management--what-you-must-know

The Hacker News - The Power of Browser Fingerprinting: Personalized UX Fraud Detection and Secure Logins

The case for browser fingerprinting: personalizing user experience, improving fraud detection, and optimizing login security Have you ever heard of browser fingerprinting? You should! It's an online user identification technique that collects information about a visitor's web browser and its configuration preferences to associate individual browsing sessions with a single website visitor.  With from The Hacker News https://thehackernews.com/2023/06/the-power-of-browser-fingerprinting.html

The Hacker News - Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware

A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID. Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its "User-Agent" string. Both Bumblebee and IcedID serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware. A recent report from Proofpoint  from The Hacker News https://thehackernews.com/2023/06/powerful-javascript-dropper-pindos.html

The Hacker News - NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems

The U.S. National Security Agency (NSA) on Thursday released guidance to help organizations detect and prevent infections of a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus. To that end, the agency is recommending that "infrastructure owners take action by hardening user executable policies and monitoring the integrity of the boot partition." BlackLotus is an advanced  from The Hacker News https://thehackernews.com/2023/06/nsa-releases-guide-to-combat-powerful.html

The Hacker News - MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans

A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. "The attack chain ends with the victim machine infected with multiple unique RAT (remote access trojan) malware instances, such as Warzone RAT and Quasar RAT," Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov from The Hacker News https://thehackernews.com/2023/06/multistorm-campaign-targets-india-and.html

Rapid 7 - Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]

Image
Earlier this year, Rapid7 researchers undertook a project to analyze managed file transfer applications, due to the number of recent vulnerabilities discovered in those types of applications. We chose Fortra Globalscape EFT as a target since it's reasonably popular and seemed complex enough to have some bugs (plus, it's owned by the same company as GoAnywhere, which was exploited by the Cl0p ransomware gang earlier this year ). Today, we are disclosing four issues that we uncovered in the Globalscape administration server, the worst of which can lead to remote code execution as the SYSTEM user if successfully exploited (which is difficult, as we'll see below). The issues we reported affect Fortra Globalscape 8.0.x up to 8.1.0.14, and all but one are fixed in 8.1.0.16 (the outstanding issue is currently unfixed, but minor): CVE-2023-2989 - Authentication bypass via out-of-bounds memory read ( vendor advisory ) CVE-2023-2990 - Denial of service due to recursive Defla

Schneier - AI as Sensemaking for Public Comments

It’s become fashionable to think of artificial intelligence as an inherently dehumanizing technology , a ruthless force of automation that has unleashed legions of virtual skilled laborers in faceless form. But what if AI turns out to be the one tool able to identify what makes your ideas special, recognizing your unique perspective and potential on the issues where it matters most? You’d be forgiven if you’re distraught about society’s ability to grapple with this new technology. So far, there’s no lack of prognostications about the democratic doom that AI may wreak on the US system of government. There are legitimate reasons to be concerned that AI could spread misinformation , break public comment processes on regulations, inundate legislators with artificial constituent outreach, help to automate corporate lobbying , or even generate laws in a way tailored to benefit narrow interests. But there are reasons to feel more sanguine as well. Many groups have started demonstr

The Hacker News - Camaro Dragon Hackers Strike with USB-Driven Self-Propagating Malware

The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that spreads through compromised USB drives. "While their primary focus has traditionally been Southeast Asian countries, this latest discovery reveals their global reach and highlights the alarming role USB drives play in spreading malware," Check Point said in new from The Hacker News https://thehackernews.com/2023/06/camaro-dragon-hackers-strike-with-usb.html

KnowBe4 - Extremely Persistent Threat Group Demonstrates a Strong Understanding of the Modern Incident Response Frameworks

Image
A threat actor tracked as “Muddled Libra” is using the 0ktapus phishing kit to gain initial access to organizations in the software automation, business process outsourcing, telecommunications, and technology industries, according to researchers at Palo Alto Networks’ Unit 42 . from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/threat-group-understanding-incident-response

The Hacker News - Unveiling the Unseen: Identifying Data Exfiltration with Machine Learning

Why Data Exfiltration Detection is Paramount? The world is witnessing an exponential rise in ransomware and data theft employed to extort companies. At the same time, the industry faces numerous critical vulnerabilities in database software and company websites. This evolution paints a dire picture of data exposure and exfiltration that every security leader and team is grappling with. This from The Hacker News https://thehackernews.com/2023/06/unveiling-unseen-identifying-data.html

HACKMAGEDDON - 1-15 May 2023 Cyber Attacks Timeline

In the first half of May 2023 I collected 173 events (corresponding to 11.53 events/day), a value that confirms the sustained trend characterizing this year from an information security perspective. from HACKMAGEDDON https://www.hackmageddon.com/2023/06/22/1-15-may-2023-cyber-attacks-timeline/

The Hacker News - Critical Flaw Found in WordPress Plugin for WooCommerce Used by 30000 Websites

A critical security flaw has been disclosed in the WordPress "Abandoned Cart Lite for WooCommerce" plugin that's installed on more than 30,000 websites. "This vulnerability makes it possible for an attacker to gain access to the accounts of users who have abandoned their carts, who are typically customers but can extend to other high-level users when the right conditions are met," Defiant's from The Hacker News https://thehackernews.com/2023/06/critical-flaw-found-in-wordpress-plugin.html

Schneier - Ethical Problems in Computer Security

Tadayoshi Kohno, Yasemin Acar, and Wulf Loh wrote excellent paper on ethical thinking within the computer security community: “ Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversation “: Abstract: The computer security research community regularly tackles ethical questions. The field of ethics / moral philosophy has for centuries considered what it means to be “morally good” or at least “morally allowed / acceptable.” Among philosophy’s contributions are (1) frameworks for evaluating the morality of actions—including the well-established consequentialist and deontological frameworks—and (2) scenarios (like trolley problems) featuring moral dilemmas that can facilitate discussion about and intellectual inquiry into different perspectives on moral reasoning and decision-making. In a classic trolley problem, consequentialist and deontological analyses may render different opinions. In this research, we explicitly make and explore connections between mora

The Hacker News - New Report Exposes Operation Triangulation's Spyware Implant Targeting iOS Devices

More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation. Kaspersky, which discovered the operation after becoming one of the targets at the start of the year, said the malware has a lifespan of 30 days, after which it gets automatically uninstalled unless the time period is extended by the attackers. The Russian from The Hacker News https://thehackernews.com/2023/06/new-report-exposes-operation.html

The Hacker News - Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover

A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubbed it nOAuth. "nOAuth is an authentication implementation flaw that can affect Microsoft Azure AD from The Hacker News https://thehackernews.com/2023/06/critical-noauth-flaw-in-microsoft-azure.html

Rapid 7 - Cyber Asset Attack Surface Management 101

Image
Understanding CAASM This article was written by Ethan Smart, Co-Founder and Chief Solution Architect, appNovi (a Rapid7 integration partner). It's essential for security and IT teams to have a comprehensive view and control of their cyber assets. This is why Cyber Asset Attack Surface Management (CAASM) has received so much attention from security practitioners and leaders. According to Gartner, “ CAASM tools use API integrations to connect with existing data sources of the organization. These tools then continuously monitor and analyze detected vulnerabilities to drill down the most critical threats to the business and prioritize necessary remediation and mitigation actions for improved cyber security.” CAASM provides a unified view of all cyber assets to identify exposed assets and potential security gaps through data integration, conversion, and analytics. It is intended to be authoritative source of asset information complete with ownership, network, and business context