BuzzSec

Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust from The Hacker News https://thehackernews.com/2024/06/google-to-block-entrust-certificates-in.html

Check out the 29 new pieces of training content added in June, alongside the always fresh content update highlights, events and new features. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-june-2024

Longtime NSA-watcher James Bamford has a long article on the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA). from Schneier on Security https://www.schneier.com/blog/archives/2024/06/james-bamford-on-section-702-extension.html

A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week. "This bottleneck influences the latency of network packets, allowing an attacker from The Hacker News https://thehackernews.com/2024/06/new-snailload-attack-exploits-network.html

In the second timeline of March 2024 I collected 104 events dominated by malware, exploitation of vulnerabilities and ransomware. The threat landscape was also characterized by several mega breaches, multiple cyber espionage operations and also some remarkable events related to cyber warfare. from HACKMAGEDDON https://www.hackmageddon.com/2024/06/28/16-31-march-2024-cyber-attacks-timeline/

Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and reside in versions 4.1.5 and prior. According to operational technology (OT) security firm Claroty, the from The Hacker News https://thehackernews.com/2024/06/researchers-warn-of-flaws-in-widely.html

TeamViewer on Thursday disclosed it detected an "irregularity" in its internal corporate IT environment on June 26, 2024. "We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures," the company said in a statement. It further noted that its corporate IT from The Hacker News https://thehackernews.com/2024/06/teamviewer-detects-security-breach-in.html

France’s cybersecurity agency ANSSI has issued an alert outlining a Russian spear phishing campaign targeting French diplomats, the Record reports. The agency attributes the campaign to “Nobelium,” a threat actor tied to Russia’s Foreign Intelligence Service (the SVR). from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/russian-threat-actor-launches-spear-phishing-attacks-against-french-diplomats

The US FBI and the Department of Health and Human Services (HHS) have released a joint advisory warning of a social engineering campaign that’s targeting the healthcare industry. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/fbi-warns-of-phishing-campaign-targeting-the-healthcare-industry

Singapore has become the latest target for cybercriminals looking to steal digital identities and exploit them for nefarious purposes. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cybercriminals-sights-digital-identities-singapore-citizens

The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates from The Hacker News https://thehackernews.com/2024/06/rust-based-p2pinfect-botnet-evolves.html

A group of cryptographers have analyzed the eiDAS 2.0 regulation (electronic identification and trust services) that defines the new EU Digital Identity Wallet. from Schneier on Security https://www.schneier.com/blog/archives/2024/06/security-analysis-of-the-eus-digital-wallet.html

Did you know it’s now possible to build blockchain applications, known also as decentralized applications (or “dApps” for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now. AlgoKit, an all-in-one development toolkit for Algorand, enables developers to build blockchain applications in pure from The Hacker News https://thehackernews.com/2024/06/how-to-use-python-to-build-secure.html

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case of prompt injection in the "ask" function that could be exploited to trick the library into executing arbitrary from The Hacker News https://thehackernews.com/2024/06/prompt-injection-flaw-in-vanna-ai.html

A 22-year-old Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia's full-blown military invasion of Ukraine in early 2022. Amin Timovich Stigal, the defendant in question, is assessed to be affiliated with the Main Directorate of the General Staff of the Armed Forces of the Russian from The Hacker News https://thehackernews.com/2024/06/russian-national-indicted-for-cyber.html

A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been addressed in version 5.1.6 build 139. "An SQL injection vulnerability in from The Hacker News https://thehackernews.com/2024/06/critical-sqli-vulnerability-found-in.html

This move has been coming for a long time. The Biden administration on Thursday said it’s banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The ban—­the first such action under authorities given to the Commerce Department in 2019­—follows years of warnings from the US intelligence community about Kaspersky being a national security threat because Moscow could allegedly commandeer its all-seeing antivirus software to spy on its customers. from Schneier on Security https://www.schneier.com/blog/archives/2024/06/the-us-is-banning-kaspersky.html

Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro. "When your headphones are seeking a connection request to one of your previously from The Hacker News https://thehackernews.com/2024/06/apple-patches-airpods-bluetooth.html

Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment information.  According to Sucuri, the latest campaign entails making malicious modifications to the from The Hacker News https://thehackernews.com/2024/06/new-credit-card-skimmer-targets.html

Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through five different botnets operated by various affiliates, cybersecurity firm Cleafy said in an analysis from The Hacker News https://thehackernews.com/2024/06/new-medusa-android-trojan-targets.html

from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-14-26-heads-up-tricky-fake-invoice-phishing-attack-uses-search-to-deliver-malware

Browser security is becoming increasingly popular, as organizations understand the need to protect at the point of risk - the browser. Network and endpoint solutions are limited in their ability to protect from web-borne threats like phishing websites or malicious browser extensions. They also do not protect from internal data exfiltration, like employees pasting sensitive data to ChatGPT. As it from The Hacker News https://thehackernews.com/2024/06/how-to-cut-costs-with-browser-security.html

WikiLeaks founder Julian Assange has been freed in the U.K. and has departed the country after serving more than five years in a maximum security prison at Belmarsh for what was described by the U.S. government as the "largest compromises of classified information in the history" of the country. Capping off a 14-year legal saga, Assange, 52, pleaded guilty to one criminal count of conspiring to from The Hacker News https://thehackernews.com/2024/06/wikileaks-julian-assange-released-from.html

The current landscape of artificial intelligence (AI) bears a striking resemblance to the early days of the internet. Just as the internet was once a wild, untamed frontier full of promise and potential, AI now stands at a similar crossroads. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/european-unions-ai-act

A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name RedJuliett, describing it as a cluster that operates Fuzhou, China, to support Beijing's intelligence from The Hacker News https://thehackernews.com/2024/06/redjuliett-cyber-espionage-campaign.html

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps. "It provides malicious actors with a powerful toolkit for remote administration and control, enabling a range of malicious activities from The Hacker News https://thehackernews.com/2024/06/iranian-hackers-deploy-rafel-rat-in.html

A new campaign is tricking users searching for the Meta Quest (formerly Oculus) application for Windows into downloading a new adware family called AdsExhaust. "The adware is capable of exfiltrating screenshots from infected devices and interacting with browsers using simulated keystrokes," cybersecurity firm eSentire said in an analysis, adding it identified the activity earlier this month. " from The Hacker News https://thehackernews.com/2024/06/warning-new-adware-campaign-targets.html

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions against a dozen individuals serving executive and senior leadership roles at Kaspersky Lab, a day after the Russian company was banned by the Commerce Department. The move "underscores our commitment to ensure the integrity of our cyber domain and to protect our citizens against malicious cyber from The Hacker News https://thehackernews.com/2024/06/us-treasury-sanctions-12-kaspersky.html

In today's cybersecurity landscape, staying ahead of evolving threats is crucial. The State of Security Panel from our Take Command summit held May 21st delved into how artificial intelligence (AI) is reshaping cyber attacks and defenses. The discussion highlighted the dual role of AI in cybersecurity, presenting both challenges and solutions. To learn more about these insights and protect your organization from sophisticated threats, watch the full video . Key takeaways from the 30 minute panel: AI-Enhanced Attacks : Friendly Hacker and CEO of SocialProof Security Rachel Tobac highlighted the growing use of AI by attackers, stating, “Eight times out of ten, I’m using AI tools during my attacks.” AI helps create convincing phishing emails and scripts, making attacks more efficient and scalable. Voice Cloning and Deepfakes : Attackers are now using AI for voice cloning and deep fakes, making it vital for organizations to verify identities through multiple communication channe

Created by John Tuckner and the team at automation and AI-powered workflow platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents.  A customizable, vendor-agnostic tool featuring lists of automation opportunities, it's from The Hacker News https://thehackernews.com/2024/02/how-to-use-tiness-soc-automation.html

The memorial service for Ross Anderson will be held on Saturday, at 2:00 PM BST. People can attend remotely on Zoom . (The passcode is “L3954FrrEF”.) from Schneier on Security https://www.schneier.com/blog/archives/2024/06/ross-andersons-memorial-service.html

A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader). That's according to findings from Rapid7, which identified lookalike websites hosting the malicious payloads that users are redirected to after searching for them on search engines like Google and Bing. The from The Hacker News https://thehackernews.com/2024/06/oyster-backdoor-spreading-via.html

A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine. Affecting all versions of the software prior to and including Serv-U 15.4.2 from The Hacker News https://thehackernews.com/2024/06/solarwinds-serv-u-vulnerability-under.html

The U.S. Department of Commerce's Bureau of Industry and Security (BIS) on Thursday announced a "first of its kind" ban that prohibits Kaspersky Lab's U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company's affiliates, subsidiaries and parent companies, the department said, adding the action is based on from The Hacker News https://thehackernews.com/2024/06/us-bans-kaspersky-software-citing.html

State-sponsored actors with ties to Russia have been linked to targeted cyber attacks aimed at French diplomatic entities, the country's information security agency ANSSI said in an advisory. The attacks have been attributed to a cluster tracked by Microsoft under the name Midnight Blizzard (formerly Nobelium), which overlaps with activity tracked as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, from The Hacker News https://thehackernews.com/2024/06/french-diplomatic-entities-targeted-in.html

Interesting summary of various ways to derive the public key from digitally signed files. Normally, with a signature scheme, you have the public key and want to know whether a given signature is valid. But what if we instead have a message and a signature, assume the signature is valid, and want to know which public key signed it? A rather delightful property if you want to attack anonymity in some proposed “everybody just uses cryptographic signatures for everything” scheme. from Schneier on Security https://www.schneier.com/blog/archives/2024/06/recovering-public-keys-from-signatures.html

Cyber espionage groups associated with China have been linked to a long-running campaign that has infiltrated several telecom operators located in a single Asian country at least since 2021. "The attackers placed backdoors on the networks of targeted companies and also attempted to steal credentials," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News from The Hacker News https://thehackernews.com/2024/06/chinese-cyber-espionage-targets-telecom.html

A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA dropper, VBA downloader, link downloader, and executable downloader -- with some of them using a from The Hacker News https://thehackernews.com/2024/06/new-rust-based-fickle-malware-uses.html

Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns targeting Chinese organizations. AT&T LevelBlue Labs, which first observed the malware in late April 2024, said it incorporates features that are designed to thwart static and dynamic analysis and ultimately evade detection. Attack chains leverage phishing emails that from The Hacker News https://thehackernews.com/2024/06/experts-uncover-new-evasive-squidloader.html

Happy 1st birthday to our KnowBe4 Community! We’re so excited to celebrate our community's first anniversary. It’s been filled with so many wholesome moments and learning opportunities. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/happy-1st-birthday-to-knowbe4-community

Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking tags and pixels are safely managed, then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when it forgot that you can’t afford to allow tags to go unmanaged or become misconfigured.  Read the from The Hacker News https://thehackernews.com/2024/06/new-case-study-unmanaged-gtm-tags.html

Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a proliferation of niche groups, who are defined by ideology or aesthetics instead of nationality or geography. This change reflects a material shift in the relationship between collective identity and power, and illustrates how states no longer have exclusive domain over either. Today, both power and culture are increasingly corporate. Blending Stewart Brand and Jean-Jacques Rousseau, McKenzie Wark writes in A Hacker Manifesto that “information wants to be free but is everywhere in chains.” 1 Sounding simultaneously harmless and revolutionary, Wark’s assertion as part of her analysis of the role of what she terms “the hacker class” in creating new world orders points to one of the main ideas that bec

A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft. The attack chains involve the use of a purported virtual meeting software named Vortax (and 23 other apps) that are used as a conduit to deliver Rhadamanthys, StealC, from The Hacker News https://thehackernews.com/2024/06/warning-markopolos-scam-targeting.html

Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances. Both shortcomings impact all versions of the software prior to version 2024-04, which was released on April 4, 2024. The issues were responsibly disclosed by SonarSource on March 22, 2024. The flaws from The Hacker News https://thehackernews.com/2024/06/mailcow-mail-server-flaws-expose.html

A controversial proposal put forth by the European Union to scan users' private messages for detection child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused messaging service of the same name. "Mandating mass scanning of private communications fundamentally from The Hacker News https://thehackernews.com/2024/06/signal-foundation-warns-against-eus.html

Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive files containing trojanized copies of a Cisco Webex Meetings App (ptService.exe)," Trellix security from The Hacker News https://thehackernews.com/2024/06/cybercriminals-exploit-free-software.html

There is a lot written about technology’s threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st century. They don’t align incentives well. And they are being hacked too effectively. At the same time, the cost of these hacked systems has never been greater, across all human history. We have become too powerful as a species. And our systems cannot keep up with fast-changing disruptive technologies. We need to create new systems of governance that align incentives and are resilient against hacking … at every scale. From the individual all the way up to the whole of society. For this, I need you to drop your 20th century either/or thinking. This is not about capitalism versus communism. It’s not about democracy versus autocracy. It’s not even about humans versus AI. It’s something new, somethi

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8) - Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could from The Hacker News https://thehackernews.com/2024/06/vmware-issues-patches-for-cloud.html

The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023. The unnamed individuals, aged 26 and 47, engaged in scams that tricked unsuspecting users into downloading malicious apps onto their Android devices via phishing campaigns with the aim of stealing from The Hacker News https://thehackernews.com/2024/06/singapore-police-extradites-malaysians.html

ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device," from The Hacker News https://thehackernews.com/2024/06/asus-patches-critical-authentication.html

Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle (either right before or after a service is deployed), the ensuing process of compiling and fixing vulnerabilities creates massive overhead for developers. The overhead that degrades velocity and puts production deadlines at risk. from The Hacker News https://thehackernews.com/2024/06/what-is-devsecops-and-why-is-it.html

Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The move is said to be a joint effort between the U.S. Federal Bureau of Investigation (FBI) and the from The Hacker News https://thehackernews.com/2024/06/uk-hacker-linked-to-notorious-scattered.html

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today reports the suspect was wanted by the FBI and arrested in Palma de Mallorca as he tried to board a flight to Italy. A still frame from a video released by the Spanish national police shows Tylerb in custody at the airport. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote . “According to Palma police, at one point he controlled Bitcoins worth $27 million.” The cybercrime-focused Twitter/X account vx-underground said the U.K. man arrested was a SIM-swapper who went by the alias “ Tyler .” In a SIM-swapping attack, crooks transfer the target’s phone number