Posts

Showing posts from September, 2023

Krebs - A Closer Look at the Snatch Data Ransom Group

Image
Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang’s internal operations. Today, we’ll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name. According to a September 20, 2023 joint advisory from the FBI and the U.S. Cybersecurity and Infrastructure Security Administratio n (CISA), Snatch was originally named Team Truniger , based on the nickname of the group’s founder and organizer — Truniger. The FBI/CISA report says Truniger previously operated as an affiliate of GandCrab , an early ransomware-as-a-service offering that closed up shop after several years and claims to have extorted more than $2 billion from victims . GandCrab dissolved in July 2019, and is thought to have become “ REvil ,” one of the most ruthless and rapacious Russian ransomware groups of all...

The Hacker News - FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies

The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants from The Hacker News https://thehackernews.com/2023/09/fbi-warns-of-rising-trend-of-dual.html

The Hacker News - Iranian APT Group OilRig Using New Menorah Malware for Covert Operations

Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine, and downloading another file or malware," Trend Micro researchers Mohamed Fahmy and Mahmoud Zohdy  from The Hacker News https://thehackernews.com/2023/09/iranian-apt-group-oilrig-using-new.html

The Hacker News - Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar

Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.," Kaspersky said in an analysis published this week. DoubleFinger was first from The Hacker News https://thehackernews.com/2023/09/cybercriminals-using-new-asmcrypt.html

Rapid 7 - Critical Vulnerabilities in WS_FTP Server

Image
On September 27, 2023, Progress Software published a security advisory on multiple vulnerabilities affecting the Ad Hoc Transfer module in WS_FTP Server , a secure file transfer solution. There are a number of vulnerabilities in the advisory, two of which are critical (CVE-2023-40044 and CVE-2023-42657). Rapid7 is not aware of any exploitation in the wild as of September 29, 2023. Our research team has identified what appears to be the .NET deserialization vulnerability (CVE-2023-40044) and confirmed that it is exploitable with a single HTTPS POST request and a pre-existing ysoserial.net gadget. The vulnerabilities in the advisory span a range of affected versions, and several affect only WS_FTP servers that have the Ad Hoc Transfer module enabled. Nevertheless, Progress Software’s advisory urges all customers to update to WS_FTP Server 8.8.2, which is the latest version of the software. Rapid7 echoes this recommendation.The vendor advisory has guidance on upgrading, along with inf...

KnowBe4 - Your KnowBe4 Fresh Content Updates from September 2023

Image
Check out the 66 new pieces of training content added in September, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-september-2023

Rapid 7 - Unlock Broader Detections and Forensics with Velociraptor in Rapid7 XDR

Image
Nearly 70% of companies that are breached are likely to get breached again within twelve months ( CPO ). Effective remediation and addressing attacks at the root is key to staying ahead of threats and recurring breaches on the endpoint. Strong Digital Forensics and Incident Response (DFIR) ready to go when any incident occurs is a critical piece of a security team’s toolkit and drives successful response and remediation. With this in mind, we’re excited to announce the integration of Velociraptor , Rapid7’s leading open-source DFIR framework, into the Insight Platform for InsightIDR Ultimate users — all with no additional deployment or configurations required. Already utilized in the field by our Incident Response experts on behalf of Managed Detection and Response (MDR) customers, InsightIDR Ultimate users can now experience the power of Velociraptor, from daily threat monitoring and hunting to swift threat response. Key benefits of Velociraptor in InsightIDR: Hunt for threats a...

The Hacker News - Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm

The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted company were contacted by a fake recruiter via LinkedIn and tricked into opening a malicious executable file presenting itself as a coding from The Hacker News https://thehackernews.com/2023/09/lazarus-group-impersonates-recruiter.html

The Hacker News - Post-Quantum Cryptography: Finally Real in Consumer Apps?

Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping them up tonight.  Today, many rely on encryption in their daily lives to protect their fundamental digital privacy and security, whether for messaging friends and family, storing files and photos, or from The Hacker News https://thehackernews.com/2023/09/post-quantum-cryptography-finally-real.html

The Hacker News - Microsoft's AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites

Malicious ads served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools. The findings come from Malwarebytes, which revealed that unsuspecting users can be tricked into visiting booby-trapped sites and installing malware directly from Bing Chat conversations. Introduced by Microsoft in February 2023, Bing Chat is an  from The Hacker News https://thehackernews.com/2023/09/microsofts-ai-powered-bing-chat-ads-may.html

The Hacker News - Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server

Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions of the software are impacted by the flaw. "In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a from The Hacker News https://thehackernews.com/2023/09/progress-software-releases-urgent.html

KnowBe4 - Zero-Point Fonts in Phishing Emails

Image
Attackers are using zero-point fonts to make phishing emails appear as though they’ve been verified by security scanners, BleepingComputer reports. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/zero-point-fonts-phishing-emails

KnowBe4 - Cyber Insurance Claims Increased by 12% in First Half of 2023, Attacks More Frequent and Severe Than Ever

Image
The latest cyber claims report from Coalition , a digital risk insurance provider, finds a 12% increase in cyber insurance claims in the first half of 2023 over the second half of 2022, due to surging attack frequency and severity. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyber-insurance-claims-increase

KnowBe4 - New Threat Actor Impersonates the Red Cross to Deliver Malware

Image
Researchers at NSFOCUS are tracking a phishing campaign by a new threat actor called “AtlasCross” that’s impersonating the Red Cross in order to deliver malware. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/red-cross-impersonation-malware

KnowBe4 - [LIVE DEMO] Are Your Users Making Risky Security Mistakes? Deliver Real-Time Coaching in Response to Risky User Behavior with SecurityCoach

Image
Do you need an easy, automated way to provide real-time feedback the moment your users make risky mistakes to help reinforce the training campaigns you manage today? from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/live-demo-securitycoach-october-2023

KnowBe4 - Exploring the DORA: Key Takeaways from the New EU Financial Sector Risk Regulation

Image
When asked why he robbed banks, Willie Sutton, one of the first fugitives named to the U.S. FBI’s most wanted list, reportedly replied, “Because that’s where the money is.”  As any infosec professional working for a financial institution can tell you, loads of cybercriminals will likely agree with that sentiment.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/exploring-dora-takeways-eu-financial-sector-regulation

The Hacker News - The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world. The limitations of Browser Isolation, such as degraded browser performance and inability to tackle from The Hacker News https://thehackernews.com/2023/09/the-dark-side-of-browser-isolation-and.html

The Hacker News - China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as Budworm using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the adversary deploying an improved version of its SysUpdate toolkit, the Symantec Threat Hunter Team, from The Hacker News https://thehackernews.com/2023/09/china-linked-budworm-targeting-middle.html

Krebs - ‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Image
The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams , Adobe Reader , Mozilla Thunderbird , and Discord . First spotted in 2018 , the Snatch ransomware group has published data stolen from hundreds of organizations that refused to pay a ransom demand. Snatch publishes its stolen data at a website on the open Internet, and that content is mirrored on the Snatch team’s darknet site, which is only reachable using the global anonymity network Tor . The victim shaming website for the Snatch ransomware gang. KrebsOnSecurity has learned that Snatch’s darknet site exposes its “server status” page, which includes information about th...

Schneier - Critical Vulnerability in libwebp Library

Both Apple and Google have recently reported critical vulnerabilities in their systems—iOS and Chrome, respectively—that are ultimately the result of the same vulnerability in the libwebp library: On Thursday, researchers from security firm Rezillion published evidence that they said made it “highly likely” both indeed stemmed from the same bug, specifically in libwebp, the code library that apps, operating systems, and other code libraries incorporate to process WebP images. Rather than Apple, Google, and Citizen Lab coordinating and accurately reporting the common origin of the vulnerability, they chose to use a separate CVE designation, the researchers said. The researchers concluded that “millions of different applications” would remain vulnerable until they, too, incorporated the libwebp fix. That, in turn, they said, was preventing automated systems that developers use to track known vulnerabilities in their offerings from detecting a critical vulnerability that’s under act...

The Hacker News - New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software

A new malware strain called ZenRAT has emerged in the wild that's distributed via bogus installation packages of the Bitwarden password manager. "The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web page," enterprise security firm Proofpoint said in a technical report. "The malware is a modular remote access trojan (RAT) with information from The Hacker News https://thehackernews.com/2023/09/new-zenrat-malware-targeting-windows.html

The Hacker News - Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score

Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the Huffman coding algorithm - With a specially from The Hacker News https://thehackernews.com/2023/09/new-libwebp-vulnerability-under-active.html

KnowBe4 - CyberheistNews Vol 13 #39 How Chinese Bad Actors Infected Networks With Thumb Stick Malware

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-13-39-how-chinese-bad-actors-infected-networks-with-thumb-stick-malware

HACKMAGEDDON - 1-15 August 2023 Cyber Attacks Timeline

In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July... from HACKMAGEDDON https://www.hackmageddon.com/2023/09/26/1-15-august-2023-cyber-attacks-timeline/

The Hacker News - Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign

A "multi-year" Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations. Recorded Future's Insikt Group, which is tracking the activity under the moniker TAG-74, said the adversary has been linked to "Chinese military intelligence and poses a significant threat to academic, aerospace and defense, government, from The Hacker News https://thehackernews.com/2023/09/chinese-hackers-tag-74-targets-south.html

The Hacker News - Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as CVE-2023-42793, carries a CVSS score of 9.8 and has been addressed in TeamCity version 2023.05.4 following responsible disclosure on September 6, from The Hacker News https://thehackernews.com/2023/09/critical-jetbrains-teamcity-flaw-could.html

KnowBe4 - [YIKES] AI Now Enables Subliminal Image "Inception"

Image
Seen Christopher Nolan's movie Inception ? If you haven't, it's about a thief who is given the task of planting an idea into the mind of a CEO. The technology of implanting ideas is nothing new. Communist regimes were the very early countries developing mind control technologies. American psychologists have also experimented with subliminal messaging including in advertising . from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/yikes-ai-now-enables-subliminal-image-inception

The Hacker News - Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics

Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign. "Deadglyph's architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly," ESET said in a new report shared with The Hacker News. "This combination from The Hacker News https://thehackernews.com/2023/09/deadglyph-new-advanced-backdoor-with.html

The Hacker News - Apple and Chrome Zero-Days Exploited to Hack Egyptian ex-MP with Predator Spyware

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the from The Hacker News https://thehackernews.com/2023/09/latest-apple-zero-days-used-to-hack.html

Black Hills InfoSec - Talkin’ About Infosec News – 9/18/2023

The post Talkin’ About Infosec News – 9/18/2023 appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/talkin-about-infosec-news-9-18-2023/

Rapid 7 - Metasploit Weekly Wrap-Up

Image
Improved Ticket Forging Metasploit’s admin/kerberos/forge_ticket module has been updated to work with Server 2022. In Windows Server 2022, Microsoft started requiring additional new PAC elements to be present - the PAC requestor and PAC attributes. The newly forged tickets will have the necessary elements added automatically based on the user provided domain SID and user RID. For example: msf6 auxiliary(admin/kerberos/forge_ticket) > run aes_key=4a52b73cf37ba06cf693c40f352e2f4d2002ef61f6031f64924fb50be1e23978 domain_sid=S-1-5-21-1242350107-3695253863-3717863007 USER_RID=500 domain=demo.local user=Administrator action=FORGE_GOLDEN [*] TGT MIT Credential Cache ticket saved to /Users/user/.msf4/loot/20230915213733_default_unknown_mit.kerberos.cca_219182.bin [*] Primary Principal: Administrator@DEMO.LOCAL Ccache version: 4 .... Pac Requestor: SID: S-1-5-21-1242350107-3695253863-3717863007-500 Pac Attributes: Flag length: 2 ...

The Hacker News - New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks

An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. "The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the victims into entering its 2FA code to their bank accounts or into entering their payment card number," from The Hacker News https://thehackernews.com/2023/09/new-variant-of-banking-trojan-bbtok.html

The Hacker News - How to Interpret the 2023 MITRE ATT&CK Evaluation Results

Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluation.  This testing is critical for evaluating vendors because it’s virtually impossible to evaluate cybersecurity vendors based on their own from The Hacker News https://thehackernews.com/2023/09/how-to-interpret-2023-mitre-att.html

The Hacker News - Iranian Nation-State Actor OilRig Targets Israeli Organizations

Israeli organizations were targeted as part of two different campaigns orchestrated by the Iranian nation-state actor known as OilRig in 2021 and 2022. The campaigns, dubbed Outer Space and Juicy Mix, entailed the use of two previously documented first-stage backdoors called Solar and Mango, which were deployed to collect sensitive information from major browsers and the Windows Credential from The Hacker News https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html

The Hacker News - High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution. The Australian software services provider said that the four high-severity flaws were fixed in new versions shipped last month. This includes - CVE-2022-25647 (CVSS score: 7.5) - A deserialization from The Hacker News https://thehackernews.com/2023/09/high-severity-flaws-uncovered-in.html

TrustedSec - Basic Authentication Versus CSRF

I was recently involved in an engagement where access was controlled by Basic Authentication. One (1) of the findings I discovered was a Cross-Site Request Forgery (CSRF) vulnerability. The client was unsure of the best approach to prevent CSRF in the context of using Basic Authentication. In this blog post, I will examine the security deficiencies of Basic Authentication, compare it to token-based and JWT-based authentication and authorization, and explore strategies for mitigating CSRF vulnerabilities while utilizing Basic Authentication. The Deficiencies of Basic Authentication Basic Authentication has been a foundational method of user authentication on the web for decades. However, as technology and security threats evolve, the deficiencies of Basic Authentication have become increasingly apparent. Let’s examine the inherent weaknesses of Basic Authentication and why it’s important to consider alternative authentication methods. One (1) of the most critical deficiencies of Basi...

Schneier - New Revelations from the Snowden Documents

Jake Appelbaum’s PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden. Nothing major, but a few more tidbits. Kind of amazing that that all happened ten years ago. At this point, those documents are more historical than anything else. And it’s unclear who has those archives anymore. According to Appelbaum, The Intercept destroyed their copy. I recently published an essay about my experiences ten years ago. from Schneier on Security https://www.schneier.com/blog/archives/2023/09/new-revelations-from-the-snowden-documents.html

The Hacker News - The Rise of the Malicious App

Security teams are familiar with threats emanating from third-party applications that employees add to improve their productivity. These apps are inherently designed to deliver functionality to users by connecting to a “hub” app, such as Salesforce, Google Workspace, or Microsoft 365. Security concerns center on the permission scopes that are granted to the third party apps, and the potential from The Hacker News https://thehackernews.com/2023/09/the-rise-of-malicious-app.html

The Hacker News - China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers

China's Ministry of State Security (MSS) has accused the U.S. of breaking into Huawei's servers, stealing critical data, and implanting backdoors since 2009, amid mounting geopolitical tensions between the two countries. In a message posted on WeChat, the government authority said U.S. intelligence agencies have "done everything possible" to conduct surveillance, secret theft, and intrusions on from The Hacker News https://thehackernews.com/2023/09/china-accuses-us-of-decade-long-cyber.html

The Hacker News - Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers

A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit (CTU) has dubbed the e-crime group Gold Melody, which is also known by the names Prophet Spider (CrowdStrike) and UNC961 (Mandiant). "This financially motivated from The Hacker News https://thehackernews.com/2023/09/cyber-group-gold-melody-selling.html

The Hacker News - Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack

The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website being used to distribute malicious Linux software. "It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software," it said in an alert last week. "Only a small subset of users, specifically from The Hacker News https://thehackernews.com/2023/09/ukrainian-hacker-suspected-to-be-behind.html

The Hacker News - Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with VenomRAT

A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with VenomRAT malware. "The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited a SQL injection vulnerability in an application called GeoServer, which is tracked as from The Hacker News https://thehackernews.com/2023/09/beware-fake-exploit-for-winrar.html

KnowBe4 - Data Breach Costs Rise, But Cybersecurity Pros Still Take Risks

Image
The latest data from IBM shows that the average cost of a data breach has gone up by 2% to a whopping $4.45 million. You would think that in the cybersecurity industry, people would be all about safety and security, right? I mean, it's literally in the name. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/data-breach-costs-rise-cybersecurity-pros-take-risks

The Hacker News - Signal Messenger Introduces PQXDH Quantum-Resistant Encryption

Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH). "With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current from The Hacker News https://thehackernews.com/2023/09/signal-messenger-introduces-pqxdh.html

The Hacker News - GitLab Releases Urgent Security Patches for Critical Vulnerability

GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and before 16.3.4. "It was possible for an attacker to run pipelines as an arbitrary user via scheduled from The Hacker News https://thehackernews.com/2023/09/gitlab-releases-urgent-security-patches.html

The Hacker News - Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability

Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that's bundled along with the software. The complete list of impacted from The Hacker News https://thehackernews.com/2023/09/trend-micro-releases-urgent-fix-for.html

The Hacker News - Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign

Targets located in Azerbaijan have been singled out as part of a new campaign that's designed to deploy Rust-based malware on compromised systems. Cybersecurity firm Deep Instinct is tracking the operation under the name Operation Rusty Flag. It has not been associated with any known threat actor or group. "The operation has at least two different initial access vectors," security researchers from The Hacker News https://thehackernews.com/2023/09/operation-rusty-flag-azerbaijan.html

The Hacker News - Inside the Code of a New XWorm Variant

XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe.  Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its functionality and solidified its staying power.  The analyst team at ANY.RUN came across the newest from The Hacker News https://thehackernews.com/2023/09/inside-code-of-new-xworm-variant.html

The Hacker News - Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities

The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary's attacks against public and private sector entities across Asia, Australia, Europe, North America. Active since 2021, the group has relied on from The Hacker News https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html

Schneier - Detecting AI-Generated Text

There are no reliable ways to distinguish text written by a human from text written by an large language model. OpenAI writes : Do AI detectors work? In short, no. While some (including OpenAI) have released tools that purport to detect AI-generated content, none of these have proven to reliably distinguish between AI-generated and human-generated content. Additionally, ChatGPT has no “knowledge” of what content could be AI-generated. It will sometimes make up responses to questions like “did you write this [essay]?” or “could this have been written by AI?” These responses are random and have no basis in fact. To elaborate on our research into the shortcomings of detectors, one of our key findings was that these tools sometimes suggest that human-written content was generated by AI. When we at OpenAI tried to train an AI-generated content detector, we found that it labeled human-written text like Shakespeare and the Declaration of Independence as AI-generated. There were also i...

The Hacker News - Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware

The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity. "CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects," SentinelOne security from The Hacker News https://thehackernews.com/2023/09/transparent-tribe-uses-fake-youtube.html

The Hacker News - Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data

Microsoft on Monday said it took steps to correct a glaring security gaffe that led to the exposure of 38 terabytes of private data. The leak was discovered on the company's AI GitHub repository and is said to have been inadvertently made public when publishing a bucket of open-source training data, Wiz said. It also included a disk backup of two former employees' workstations containing secrets from The Hacker News https://thehackernews.com/2023/09/microsoft-ai-researchers-accidentally.html

TrustedSec - Okta for Red Teamers

Image
For a long time, Red Teamers have been preaching the mantra “Don’t make Domain Admin the goal of the assessment” and it appears that customers are listening. Now, you’re much more likely to see objectives focused on services critical to an organization, with many being hosted in the cloud. With this shift in delegating some of the security burden to cloud services, it’s commonplace to find Identity Providers (IDP) like Microsoft Entra ID or Okta being used. This means that our attention as attackers also needs to shift to encompass these services too. In this blog post, I’ll discuss some of the post-exploitation techniques that I’ve found to be useful against one such provider, Okta, which has been one of the more popular solutions found in customer environments. It should be noted that everything in this post is by design. You’ll find no 0dayz here, and many of the techniques require administrative access to pull off. However, to say that the methods demonstrated in this post have ...