BuzzSec

The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. "An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer intrusions designed from The Hacker News https://thehackernews.com/2024/11/fbi-seeks-public-help-to-identify.html

A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake . On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg first reported Moucka’s alleged ties to the Snowflake hacks on Monday. At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories used by some of the world’s largest corporations. Among those was AT&T , which  disclosed in July that cybercriminals had stolen personal information and phone and text message record

Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager. RISK:STATION is an " from The Hacker News https://thehackernews.com/2024/11/synology-urges-patch-for-critical-zero.html

Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander "Connor" Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the from The Hacker News https://thehackernews.com/2024/11/canadian-suspect-arrested-over.html

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories and its sub-directories, from The Hacker News https://thehackernews.com/2024/11/google-warns-of-actively-exploited-cve.html

In this video, Michael Allen discusses adversary-in-the-middle post-exploitation techniques and processes. The post Adversary in the Middle (AitM): Post-Exploitation appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/adversary-in-the-middle-aitm-post-exploitation-wrapup/

Cybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing (aka vishing) techniques to trick users into parting with their personal information. "FakeCall is an extremely sophisticated Vishing attack that leverages malware to take almost complete control of the mobile device, including the interception of incoming from The Hacker News https://thehackernews.com/2024/11/new-fakecall-malware-variant-hijacks.html

Pool Party Windows Process Injection This Metasploit-Framework release includes a new injection technique deployed on core Meterpreter functionalities such as process migration and DLL Injection. The research of a new injection technique known as PoolParty highlighted new ways to gain code execution on a remote process by abusing Thread-Pool management features included on Windows kernel starting from Windows Vista. During our research effort to integrate the new injection technique inside the Meterpreter code-base we encountered some technical challenges we would like to share.. Currently Meterpreter makes use of the (in)famous system feature provided by Microsoft, the kernel32!CreateRemoteThread to achieve code injection. Although nowadays every EDR should be able to prevent an injection using this API call, this still is the most features rich way to inject code in a target process. Our goal during the porting of this technique was to find the variant more suitable for our ne

Malicious exploitation of LNK files, commonly known as Windows shortcuts, is a well-established technique used by threat actors for delivery and persistence. While the value of LNK forensics for cyber threat intelligence (CTI) is fairly well-understood, analysts may overlook less well-known data points and miss valuable insights. In this post, we explore the structure of LNK files using Velociraptor, our open-source digital forensics and incident response (DFIR) tool. We will walk through each LNK structure and discuss some analysis techniques frequently used on the Rapid7 Labs team. Many of these capabilities are now featured in the latest Velociraptor, which we have shared with the community in the 0.73 release . So what is a LNK? Windows shortcut files are used by the Windows operating system to reference files, folders, or applications, and to enhance user experience. A LNK file often stores extensive metadata about the target object, including file paths, timestamps, network, a

Check out the 60 new pieces of training content added in October, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-october-2024

With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams. Misconfigurations are silent killers, leading to major from The Hacker News https://thehackernews.com/2024/11/5-saas-misconfigurations-leading-to.html

Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials from multiple Microsoft customers. "Active since at least 2021, Storm-0940 obtains initial access from The Hacker News https://thehackernews.com/2024/11/microsoft-warns-of-chinese-botnet.html

Microsoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it's taking the time to improve the experience. The development was first reported by The Verge. The artificial intelligence-powered tool was initially slated for a preview release starting in October. "We are committed to delivering a secure and trusted experience with Recall," the from The Hacker News https://thehackernews.com/2024/11/microsoft-delays-windows-copilot-recall.html

Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024. Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the offering used in attacks aimed at a variety of verticals, such as public sectors, postal, digital services from The Hacker News https://thehackernews.com/2024/11/new-phishing-kit-xiu-gou-targets-users.html

Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up. "While the iOS implant delivery method closely mirrors that of the macOS version, the post-exploitation and privilege escalation stages differ from The Hacker News https://thehackernews.com/2024/10/new-lightspy-spyware-version-targets.html

By Ray Van Hoose, Wade Wells, and Edna Jonsson || Guest Authors This post is comprised of 3 articles that were originally published in the second edition of the InfoSec […] The post Pentesting, Threat Hunting, and SOC: An Overview appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/pentesting-threat-hunting-and-soc-an-overview/

LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to release an updated version of the library. "On October 30th ~6:20 PM UTC - LottieFiles were notified that our popular open source npm package for the web player @lottiefiles/lottie-player had unauthorized new versions pushed with malicious code," the company said in a from The Hacker News https://thehackernews.com/2024/10/lottiefiles-issues-warning-about.html

In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as “the new perimeter”, the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms. This leaves them vulnerable to data from The Hacker News https://thehackernews.com/2024/10/enterprise-identity-threat-report-2024.html

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. "The plugin suffers from an unauthenticated privilege escalation vulnerability from The Hacker News https://thehackernews.com/2024/10/litespeed-cache-plugin-vulnerability.html

Sophos describes a QR code phishing (quishing) campaign that targeted its employees in an attempt to steal information. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/qr-code-phishing-is-growing-more-sophisticated

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed via both Python Package Index (PyPI) and bogus GitHub repositories. It was downloaded over 1,300 from The Hacker News https://thehackernews.com/2024/10/researchers-uncover-python-package.html

Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understand how to meet the requirements of each framework to keep your customer data safe. How Intruder from The Hacker News https://thehackernews.com/2024/10/embarking-on-compliance-journey-heres.html

As generative AI evolves and becomes a mainstream part of cyber attacks, deepfakes lead the way and new data shows how most organizations are experiencing them. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/three-quarters-of-organizations-have-experienced-a-deepfake-related-attack

Halloween-themed spam and phishing emails have surged over the past two months, with a significant increase beginning in October, according to researchers at Bitdefender. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/crooks-are-sending-halloween-themed-phishing-emails

from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-14-44-cyber-attacks-now-shift-to-mobile-are-your-users-prepared

The U.S. government (USG) has issued new guidance governing the use of the Traffic Light Protocol (TLP) to handle the threat intelligence information shared between the private sector, individual researchers, and Federal Departments and Agencies. "The USG follows TLP markings on cybersecurity information voluntarily shared by an individual, company, or other any organization, when not in from The Hacker News https://thehackernews.com/2024/10/us-government-issues-new-tlp-guidance.html

More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks. The attack, disclosed by ETH Zürich researchers Johannes Wikner and Kaveh Razavi, aims to undermine the Indirect Branch Predictor Barrier (IBPB) on x86 chips, a crucial mitigation from The Hacker News https://thehackernews.com/2024/10/new-research-reveals-spectre.html

A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said. "Through from The Hacker News https://thehackernews.com/2024/10/chinese-hackers-use-cloudscout-toolset.html

The cybersecurity landscape is transforming at an unprecedented pace, driven by the rapid evolution of AI. Over the next five to ten years, we will witness profound changes in the way attacks are launched and defended against, with AI acting as both a powerful weapon and a critical defense tool. These developments will introduce entirely new attack vectors that challenge traditional security paradigms, forcing organizations to rethink how they approach protection and risk management. The Rise of Autonomous AI-Driven Attacks One of the most significant changes on the horizon is the rise of autonomous AI-powered hacking systems . These systems will operate independently, continuously adapting their strategies in real time as they encounter different defenses. Unlike human-led attacks that follow predictable phases—reconnaissance, exploitation, and attack—autonomous systems will seamlessly pivot between tactics without human intervention. If a system detects that one vulnerability is patc