BuzzSec

F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure that could result in the execution of arbitrary system commands as part of an exploit chain. Tracked as CVE-2023-46747 (CVSS score: 9.8), the vulnerability allows an unauthenticated attacker with network access to the BIG-IP system through the management port to achieve code execution from The Hacker News https://thehackernews.com/2023/11/alert-f5-warns-of-active-attacks.html

The threat actor known as Arid Viper (aka APT-C-23, Desert Falcon, or TAG-63) has been attributed as behind an Android spyware campaign targeting Arabic-speaking users with a counterfeit dating app designed to harvest data from infected handsets. "Arid Viper's Android malware has a number of features that enable the operators to surreptitiously collect sensitive information from victims' devices from The Hacker News https://thehackernews.com/2023/10/arid-viper-targeting-arabic-android.html

October 30, 2023 the Wall street Journal broke news that the United States Security and Exchange Commission sued Solarwinds. Here are the first few paragraphs and there is a link to the full WSJ article at the bottom : "the software company   victimized by Russian-linked hackers   over three years ago, alleging the firm defrauded shareholders by repeatedly misleading them about its cyber vulnerabilities and the ability of attackers to penetrate its systems. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/wsj-sec-sues-solarwinds-over-2020-hack-attributed-to-russians

Ukraine is using $400 drones to destroy tanks: Facing an enemy with superior numbers of troops and armor, the Ukrainian defenders are holding on with the help of tiny drones flown by operators like Firsov that, for a few hundred dollars, can deliver an explosive charge capable of destroying a Russian tank worth more than $2 million. […] A typical FPV weighs up to one kilogram, has four small engines, a battery, a frame and a camera connected wirelessly to goggles worn by a pilot operating it remotely. It can carry up to 2.5 kilograms of explosives and strike a target at a speed of up to 150 kilometers per hour, explains Pavlo Tsybenko, acting director of the Dronarium military academy outside Kyiv. “This drone costs up to $400 and can be made anywhere. We made ours using microchips imported from China and details we bought on AliExpress. We made the carbon frame ourselves. And, yeah, the batteries are from Tesla. One car has like 1,100 batteries that can be used to power these li

A pro-Hamas hacktivist group has been observed using a new Linux-based wiper malware dubbed BiBi-Linux Wiper, targeting Israeli entities amidst the ongoing Israeli-Hamas war. "This malware is an x64 ELF executable, lacking obfuscation or protective measures," Security Joes said in a new report published today. "It allows attackers to specify target folders and can potentially destroy an entire from The Hacker News https://thehackernews.com/2023/10/pro-hamas-hacktivists-targeting-israeli.html

The islands of Åland are an important tax hack : Although Åland is part of the Republic of Finland, it has its own autonomous parliament. In areas where Åland has its own legislation, the group of islands essentially operates as an independent nation. This allows Scandinavians to avoid the notoriously high alcohol taxes: Åland is a member of the EU and its currency is the euro, but Åland’s relationship with the EU is regulated by way of a special protocol. In order to maintain the important sale of duty-free goods on ferries operating between Finland and Sweden, Åland is not part of the EU’s VAT area. Basically, ferries between the two countries stop at the island, and people stock up—I mean really stock up, hand trucks piled with boxes—on tax-free alcohol. Åland gets the revenue, and presumably docking fees. The purpose of the special status of the Åland Islands was to maintain the right to tax free sales in the ship traffic. The ship traffic is of vital importance for the

Let me give you a quick introduction. My name is Stu Sjouwerman (pronounced shower-man). I’m the Founder and CEO of KnowBe4, my 5th startup. I have been in IT for 40+ years. The last 25 of those in Information Security. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/the-outstanding-roi-of-knowbe4s-security-awareness-training-platform

A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE. "MSIX is a Windows app package format that developers can leverage to package, distribute, and install their applications to Windows users," Elastic from The Hacker News https://thehackernews.com/2023/10/hackers-using-msix-app-packages-to.html

Let me give you a quick introduction. My name is Stu Sjouwerman (pronounced shower-man). I’m the Founder and CEO of KnowBe4, my 5th startup. I have been in IT for 40+ years. The last 25 of those in Information Security. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/the-outstanding-roi-of-knowbe4s-trusted-security-awareness-training

And seafood in general : A squid ship is a bustling, bright, messy place. The scene on deck looks like a mechanic’s garage where an oil change has gone terribly wrong. Scores of fishing lines extend into the water, each bearing specialized hooks operated by automated reels. When they pull a squid on board, it squirts warm, viscous ink, which coats the walls and floors. Deep-sea squid have high levels of ammonia, which they use for buoyancy, and a smell hangs in the air. The hardest labor generally happens at night, from 5 P.M. until 7 A.M. Hundreds of bowling-ball-size light bulbs hang on racks on both sides of the vessel, enticing the squid up from the depths. The blinding glow of the bulbs, visible more than a hundred miles away, makes the surrounding blackness feel otherworldly. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier

Several months ago, Netskope Threat Labs uncovered a surge in PDF phishing attachments infiltrating Microsoft Live Outlook. These attacks were part of a larger series of phishing campaigns aimed to trick unsuspecting users. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/alarming-new-amazon-themed-phishing-campaign-targets-microsoft-live-outlook-users

The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and LPEClient, a known hacking tool used by the threat actor for from The Hacker News https://thehackernews.com/2023/10/n-korean-lazarus-group-targets-software.html

Linking compliance training to specific outcomes is hard. Compliance training has a reputation for being challenging for organizations to offer, difficult to do right and employees are not engaged. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/live-demo-compliance-training-q4-2023

Check out the 27 new pieces of training content added in October, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-october-2023

When organizations start incorporating cybersecurity regulations and cyber incident reporting requirements into their security protocols, it's essential for them to establish comprehensive plans for preparation, mitigation, and response to potential threats. At the heart of your business lies your operational technology and critical systems. This places them at the forefront of cybercriminal from The Hacker News https://thehackernews.com/2023/10/how-to-keep-your-business-running-in.html

Google has announced that it's expanding its Vulnerability Rewards Program (VRP) to reward researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in an effort to bolster AI safety and security. "Generative AI raises new and different concerns than traditional digital security, such as the potential for unfair bias, model manipulation or from The Hacker News https://thehackernews.com/2023/10/google-expands-its-bug-bounty-program.html

Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate: The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired. However, jabber.ru found no expired certificates on the server, ­ as explained in a blog post by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation. The expired certificate was instead discovered on a single port being used by the service to establish an encrypted Transport Layer Security (TLS) connection with users. Before it had expired, it would have allowed someone to decrypt the traffic being exchanged over the service. from Schneier on Security https://www.schneier.com/blog/archives/2023/10/messaging-service-wiretap-discovered-through-expired-tls-cert.html

Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks that exploited a recently disclosed flaw called HTTP/2 Rapid Reset, 89 of which exceeded 100 million requests per second (RPS). "The campaign contributed to an overall increase of 65% in HTTP DDoS attack traffic in Q3 compared to the previous quarter," the web infrastructure from The Hacker News https://thehackernews.com/2023/10/record-breaking-100-million-rps-ddos.html

While cyberattacks on websites receive much attention, there are often unaddressed risks that can lead to businesses facing lawsuits and privacy violations even in the absence of hacking incidents. A new case study highlights one of these more common cases.  Download the full case study here. It's a scenario that could have affected any type of company, from healthcare to finance, e-commerce to from The Hacker News https://thehackernews.com/2023/10/the-danger-of-forgotten-pixels-on.html

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/live-demo-security-awareness-training-phishing-nov-2023

Interesting article about the Snowden documents, including comments from former Guardian editor Ewen MacAskill MacAskill, who shared the Pulitzer Prize for Public Service with Glenn Greenwald and Laura Poitras for their journalistic work on the Snowden files, retired from The Guardian in 2018. He told Computer Weekly that: As far as he knows, a copy of the documents is still locked in the New York Times office. Although the files are in the New York Times office, The Guardian retains responsibility for them. As to why the New York Times has not published them in a decade, MacAskill maintains “this is a complicated issue.” “There is, at the very least, a case to be made for keeping them for future generations of historians,” he said. Why was only 1% of the Snowden archive published by the journalists who had full access to it? Ewen MacAskill replied: “The main reason for only a small percentage—though, given the mass of documents, 1% is still a lot—was diminishing interest.

The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. "IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader for further payloads," the PwC Threat Intelligence said in a Wednesday analysis. "It uses email from The Hacker News https://thehackernews.com/2023/10/iranian-group-tortoiseshell-launches.html

Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as CVE-2023-43208, the vulnerability has been addressed in version 4.4.1 released on October 6, 2023. "This is an easily exploitable, unauthenticated remote code from The Hacker News https://thehackernews.com/2023/10/critical-flaw-in-nextgens-mirth-connect.html

A relatively new threat actor known as YoroTrooper is likely made of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani entities, barring the government's Anti-Corruption Agency. "YoroTrooper attempts to obfuscate the from The Hacker News https://thehackernews.com/2023/10/yorotrooper-researchers-warn-of.html

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known from The Hacker News https://thehackernews.com/2023/10/nation-state-hackers-exploiting-zero.html

Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio, and Bukalapak, building upon previous shortcomings uncovered in Booking[.]com and Expo. The weaknesses, now addressed by the respective companies following responsible disclosure between February and April 2023, could have allowed malicious actors to from The Hacker News https://thehackernews.com/2023/10/critical-oauth-flaws-uncovered-in.html

Microsoft has announced an early access program for its LLM-based security chatbot assistant: Security Copilot. I am curious whether this thing is actually useful. from Schneier on Security https://www.schneier.com/blog/archives/2023/10/microsoft-is-soft-launching-security-copilot.html

VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 (CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol. "A malicious actor with network access to vCenter Server may trigger an out-of-bounds from The Hacker News https://thehackernews.com/2023/10/act-now-vmware-releases-patch-for.html

The popularity of Brazil's PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX. Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off using malicious ads that are served when potential victims search for "WhatsApp web" on search engines. "The from The Hacker News https://thehackernews.com/2023/10/malvertising-campaign-targets-brazils.html

Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. "An unauthenticated, malicious actor can inject files from The Hacker News https://thehackernews.com/2023/10/alert-poc-exploits-released-for-citrix.html

A new technique is becoming increasingly common as a way to bypass security scanners. The challenge is that the specific execution is constantly evolving, making it difficult to detect, but not impossible to spot. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/functionality-misuse-legitimate-company-websites-example-of-site-hopping

An increase in the number of malicious emails being sent is resulting in more phishing attacks reaching inboxes. New data clarifies the factors that determine their malicious nature and identifies the most prevalent types of attacks. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/one-out-of-eight-emails-found-malicious

Several cybercriminal groups based in Vietnam are using fake job postings to trick users into installing malware, according to researchers at WithSecure. The researchers are tracking several related malware campaigns, including “DarkGate” and “Ducktail.” from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/fake-job-postings-deliver-malware

Spanish law enforcement officials have announced the arrest of 34 members of a criminal group that carried out various online scams, netting the gang about €3 million ($3.2 million) in illegal profits. Authorities conducted searches across 16 locations Madrid, Malaga, Huelva, Alicante, and Murcia, seizing two simulated firearms, a katana sword, a baseball bat, €80,000 in cash, four high-end from The Hacker News https://thehackernews.com/2023/10/34-cybercriminals-arrested-in-spain-for.html

While application development has evolved rapidly, the API management suites used to access these services remain a spooky reminder of a different era. Introducing new API management infrastructure with these legacy models still poses challenges for organizations as they modernize. Transitioning from monolithic architectures to agile microservices empowers developers to make quick changes. Using from The Hacker News https://thehackernews.com/2023/10/make-api-management-less-scary-for-your.html

The industry pushed back : Despite the EPA’s willingness to provide training and technical support to help states and public water system organizations implement cybersecurity surveys, the move garnered opposition from both GOP state attorneys and trade groups. Republican state attorneys that were against the new proposed policies said that the call for new inspections could overwhelm state regulators. The attorney generals of Arkansas, Iowa and Missouri all sued the EPA—claiming the agency had no authority to set these requirements. This led to the EPA’s proposal being temporarily blocked back in June. So now we have a piece of our critical infrastructure with substandard cybersecurity. This seems like a really bad outcome. from Schneier on Security https://www.schneier.com/blog/archives/2023/10/epa-wont-force-water-utilities-to-audit-their-cybersecurity.html

The backdoor implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software has been modified by the threat actor so as to escape visibility via previous fingerprinting methods. "Investigated network traffic to a compromised device has shown that the threat actor has upgraded the implant to do an extra header check," NCC Group's Fox-IT team said. "Thus, for a lot of devices from The Hacker News https://thehackernews.com/2023/10/backdoor-implant-on-hacked-cisco.html

Popular password management solution 1Password said it detected suspicious activity on its Okta instance on September 29 following the support system breach, but reiterated that no user data was accessed. "We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing," Pedro Canahuati, 1Password CTO,  from The Hacker News https://thehackernews.com/2023/10/1password-detects-suspicious-activity.html

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation (CSAE). She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isn’t the solution. from Schneier on Security https://www.schneier.com/blog/archives/2023/10/child-exploitation-and-the-crypto-wars.html

Europol on Friday announced the takedown of the infrastructure associated with Ragnar Locker ransomware, alongside the arrest of a "key target" in France. "In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain, and Latvia," the agency said. "The main perpetrator, suspected of being a developer of the Ragnar group, has been brought in front of the examining from The Hacker News https://thehackernews.com/2023/10/europol-dismantles-ragnar-locker.html

Identity services provider Okta on Friday disclosed a new security incident that allowed unidentified threat actors to leverage stolen credentials to access its support case management system. "The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases," David Bradbury, Okta's chief security officer, said. "It should be noted that the Okta from The Hacker News https://thehackernews.com/2023/10/oktas-support-system-breach-exposes.html

Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a malicious Lua-based implant on susceptible devices. Tracked as CVE-2023-20273 (CVSS score: 7.2), the issue relates to a privilege escalation flaw in the web UI feature and is said to have been used alongside CVE-2023-20198 as part of an exploit chain. "The attacker first from The Hacker News https://thehackernews.com/2023/10/cisco-zero-day-exploited-to-implant.html

They’re too big and we can’t recreate their habitat. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2023/10/friday-squid-blogging-why-there-are-no-giant-squid-in-aquariums.html

As the digital landscape continues to evolve, so do the tactics of cybercriminals. The Hoxhunt Challenge , a comprehensive study conducted across 38 organizations spanning nine industries and 125 countries, has uncovered a disconcerting trend in the world of QR code phishing attacks. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/qr-code-phishing-rise

Attacks leveraging the DarkGate commodity malware targeting entities in the U.K., the U.S., and India have been linked to Vietnamese actors associated with the use of the infamous Ducktail stealer. "The overlap of tools and campaigns is very likely due to the effects of a cybercrime marketplace," WithSecure said in a report published today. "Threat actors are able to acquire and use multiple from The Hacker News https://thehackernews.com/2023/10/vietnamese-hackers-target-uk-us-and.html

Due to the rapid evolution of technology, the Internet of Things (IoT) is changing the way business is conducted around the world. This advancement and the power of the IoT have been nothing short of transformational in making data-driven decisions, accelerating efficiencies, and streamlining operations to meet the demands of a competitive global marketplace. IoT At a Crossroads IoT, in its most from The Hacker News https://thehackernews.com/2023/10/unleashing-power-of-internet-of-things.html

If an AI breaks the rules for you, does that count as breaking the rules? This is the essential question being taken up by the Federal Election Commission this month, and public input is needed to curtail the potential for AI to take US campaigns (even more) off the rails. At issue is whether candidates using AI to create deepfaked media for political advertisements should be considered fraud or legitimate electioneering. That is, is it allowable to use AI image generators to create photorealistic images depicting Trump hugging Anthony Fauci? And is it allowable to use dystopic images generated by AI in political attack ads? For now, the answer to these questions is probably “yes.” These are fairly innocuous uses of AI, not any different than the old-school approach of hiring actors and staging a photoshoot, or using video editing software. Even in cases where AI tools will be put to scurrilous purposes, that’s probably legal in the US system. Political ads are, after all, a medium

A new information stealer named ExelaStealer has become the latest entrant to an already crowded landscape filled with various off-the-shelf malware designed to capture sensitive data from compromised Windows systems. "ExelaStealer is a largely open-source infostealer with paid customizations available from the threat actor," Fortinet FortiGuard Labs researcher James Slaughter said in a from The Hacker News https://thehackernews.com/2023/10/exelastealer-new-low-cost-cybercrime.html

The U.S. government has announced the seizure of 17 website domains used by North Korean information technology (IT) workers as part of an illicit scheme to defraud businesses across the world, evade sanctions, and fund the country's ballistic missile program. The Department of Justice (DoJ) said the U.S. confiscated approximately $1.5 million of the revenue that these IT workers collected from from The Hacker News https://thehackernews.com/2023/10/us-doj-cracks-down-on-north-korean-it_20.html

By Beau Bullock & Steve Borosh TL;DR We built a post-compromise toolset called GraphRunner for interacting with the Microsoft Graph API. It provides various tools for performing reconnaissance, persistence, and […] The post Introducing GraphRunner: A Post-Exploitation Toolset for Microsoft 365 appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/introducing-graphrunner/

Researchers at Fortra are tracking “Strox,” one of the most popular phishing operations of the past two years. Users of Strox phishing kits can easily create phishing campaigns by simply submitting a logo for the brand they want to impersonate. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-as-a-service-logo

October 18, 2023, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide,   Phishing Guidance: Stopping the Attack Cycle at Phase One .   The joint guide outlines phishing techniques malicious actors commonly use and provides guidance for both network defenders and software manufacturers to reduce the impact of phishing techniques used in obtaining credentials and deploying malware.   CISA and its partners encourage network defenders and software manufacturers to implement the recommendations in the guide to reduce the frequency and impact of phishing incidents. For more information, see CISA’s   Malware, Phishing, and Ransomware   and   Security-by-Design and -Default   webpages.   High on the list of mitigations, they recommend user training   "Implement user training on social eng

After the cyber attacks timelines (part I and part II), it’s time to publish the statistics of August 2023 where I have collected and analyzed 336 events, a number relatively... from HACKMAGEDDON https://www.hackmageddon.com/2023/10/19/august-2023-cyber-attacks-statistics/

Google has announced an update to its Play Protect with support for real-time scanning at the code level to tackle novel malicious apps prior to downloading and installing them on Android devices. "Google Play Protect will now recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats," the tech giant said. Google Play Protect is a  from The Hacker News https://thehackernews.com/2023/10/google-play-protect-introduces-real.html

Joe Sullivan, Uber’s CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company’s data security and privacy practices. The government argued that Sullivan should have informed the FTC of the 2016 incident, but instead went out of his way to conceal it from them. Prosecutors also accused Sullivan of attempting to conceal the breach itself by paying $100,000 to buy the silence of the two hackers behind the compromise. Sullivan had characterized the payment as a bug bounty similar to ones that other companies routinely make to researchers who report vulnerabilities and other security issues to them. His lawyers pointed out that Sullivan had made the payment with the full knowledge and blessing of Travis Kalanick, Uber’s CEO at the time, and other members of the ride-sharing giant’s lega

The Iran-linked OilRig threat actor targeted an unnamed Middle East government between February and September 2023 as part of an eight-month-long campaign. The attack led to the theft of files and passwords and, in one instance, resulted in the deployment of a PowerShell backdoor called PowerExchange, the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News from The Hacker News https://thehackernews.com/2023/10/iran-linked-oilrig-targets-middle-east.html

North Korean threat actors are actively exploiting a critical security flaw in JetBrains TeamCity to opportunistically breach vulnerable servers, according to Microsoft. The attacks, which entail the exploitation of CVE-2023-42793 (CVSS score: 9.8), have been attributed to Diamond Sleet (aka Labyrinth Chollima) and Onyx Sleet (aka Andariel or Silent Chollima). It's worth noting that both the from The Hacker News https://thehackernews.com/2023/10/microsoft-warns-of-north-korean-attacks.html

One of the oldest malware tricks in the book — hacked websites claiming visitors need to update their Web browser before they can view any content — has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain. In August 2023, security researcher Randy McEoin blogged about a scam he dubbed ClearFake , which uses hacked WordPress sites to serve visitors with a page that claims you need to update your browser before you can view the content. The fake browser alerts are specific to the browser you’re using, so if you’re surfing the Web with Chrome, for example, you’ll get a Chrome update prompt. Those who are fooled into clicking the update button will have a malicious file dropped on their system that tries to install an information steali

Imagine a monstrous entity emerging from the shadows to prey on vulnerable organizations, leaving havoc in its wake. No, we are not talking about ghoulish and scary creatures of the night. We are discussing the modern menace of ransomware attacks—specifically, an infamous threat discovered by KnowBe4: The Ransomwolf. Ironically, there are similar patterns between halting this cyber menace and the mythical tactics against stopping werewolves. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cybersecurity-awareness-month-ransomwolf

Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as CVE-2023-4966 (CVSS score: 9.4), the vulnerability impacts the following supported versions - NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 NetScaler ADC and NetScaler Gateway 13.1 before from The Hacker News https://thehackernews.com/2023/10/critical-citrix-netscaler-flaw.html

In the ever-evolving landscape of cybersecurity, attackers are always searching for vulnerabilities and exploits within organizational environments. They don't just target single weaknesses; they're on the hunt for combinations of exposures and attack methods that can lead them to their desired objective. Despite the presence of numerous security tools, organizations often have to deal with two from The Hacker News https://thehackernews.com/2023/10/unraveling-real-life-attack-paths-key.html

A threat actor, presumably from Tunisia, has been linked to a new campaign targeting exposed Jupyter Notebooks in a two-fold attempt to illicitly mine cryptocurrency and breach cloud environments. Dubbed Qubitstrike by Cado, the intrusion set utilizes Telegram API to exfiltrate cloud service provider credentials following a successful compromise. "The payloads for the Qubitstrike campaign are from The Hacker News https://thehackernews.com/2023/10/qubitstrike-targets-jupyter-notebooks.html

Government entities in the Asia-Pacific (APAC) region are the target of a long-running cyber espionage campaign dubbed TetrisPhantom. "The attacker covertly spied on and harvested sensitive data from APAC government entities by exploiting a particular type of secure USB drive, protected by hardware encryption to ensure the secure storage and transfer of data between computer systems," Kaspersky  from The Hacker News https://thehackernews.com/2023/10/tetrisphantom-cyber-espionage-via.html

This post ends my infosec Summer... In the second timeline of August, I collected 165 events, corresponding to... from HACKMAGEDDON https://www.hackmageddon.com/2023/10/18/16-31-august-2023-cyber-attacks-timeline/

A medium-severity flaw has been discovered in Synology's DiskStation Manager (DSM) that could be exploited to decipher an administrator's password and remotely hijack the account. "Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin account," from The Hacker News https://thehackernews.com/2023/10/new-admin-takeover-vulnerability.html

Amir Golestan , the 40-year-old CEO of the Charleston, S.C. based technology company Micfo LLC , has been sentenced to five years in prison for wire fraud. Golestan’s sentencing comes nearly two years after he pleaded guilty to using an elaborate network of phony companies to secure more than 735,000 Internet Protocol (IP) addresses from the American Registry for Internet Numbers (ARIN), the nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Caribbean. Amir Golestan, the former CEO of Micfo. In 2018, ARIN sued Golestan and Micfo, alleging they had obtained hundreds of thousands of IP addresses under false pretenses. ARIN and Micfo settled that dispute in arbitration, with Micfo returning most of the addresses that it hadn’t already sold. ARIN’s civil case caught the attention of federal prosecutors in South Carolina, who in May 2019 filed criminal wire fraud charges against Golestan , alleging he’d orchestrated a network of shell comp

In what's the latest evolution of threat actors abusing legitimate infrastructure for nefarious ends, new findings show that nation-state hacking groups have entered the fray in leveraging the social platform for targeting critical infrastructure. Discord, in recent years, has become a lucrative target, acting as a fertile ground for hosting malware using its content delivery network (CDN) as from The Hacker News https://thehackernews.com/2023/10/discord-playground-for-nation-state.html

Over the past decade, cloud computing has evolved into a cornerstone of modern business operations. Its flexibility, scalability, and efficiency have reshaped industries and brought unprecedented opportunities. However, this transformation has come with challenges—most notably those associated with cloud security. Our new cloud security webinar series will explore the dynamic landscape of cloud security, unveiling key trends, pinpointing critical challenges, and providing actionable insights tailored to security professionals. In Commanding Cloud Strategies , the first webinar of the series, Rapid7's Chief Security Officer Jaya Baloo and other experts will share their thoughts on the cloud challenges that security leaders face and offer insights on how to overcome them. Please register for the first episode of our Cloud Security Series here to find out what our security experts think are the top strategies to overcome these challenges and considerations. Armed with the knowle

Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems. The vulnerabilities, tracked as CVE-2023-37265 and CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10. Sonar security researcher Thomas Chauchefoin, who discovered the bugs,  from The Hacker News https://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html

Phishing tests are the catalyst to achieve a sustainable security culture within your organization. They are actually the start of a virtuous cycle that helps you move up to the highest maturity level.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-tests-start-the-virtuous-cycle-of-a-strong-security-culture

Recently, the cybersecurity landscape has been confronted with a daunting new reality – the rise of malicious Generative AI, like FraudGPT and WormGPT. These rogue creations, lurking in the dark corners of the internet, pose a distinctive threat to the world of digital security. In this article, we will look at the nature of Generative AI fraud, analyze the messaging surrounding these creations, from The Hacker News https://thehackernews.com/2023/10/exploring-realm-of-malicious-generative.html

A severity flaw impacting industrial cellular routers from Milesight may have been actively exploited in real-world attacks, new findings from VulnCheck reveal. Tracked as CVE-2023-43261 (CVSS score: 7.5), the vulnerability has been described as a case of information disclosure that affects UR5X, UR32L, UR32, UR35, and UR41 routers before version 35.3.0.7 that could enable attackers to access from The Hacker News https://thehackernews.com/2023/10/experts-warn-of-severe-flaws-affecting.html