BuzzSec

Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with from The Hacker News https://thehackernews.com/2024/10/apple-releases-critical-ios-and-ipados.html

Interesting map , from this paper . Blog moderation policy. from Schneier on Security https://www.schneier.com/blog/archives/2024/10/friday-squid-blogging-map-of-all-colossal-squid-sightings.html

New module content (3) cups-browsed Information Disclosure Authors: bcoles and evilsocket Type: Auxiliary Pull request: #19510 contributed by bcoles Path: scanner/misc/cups_browsed_info_disclosure Description: Adds scanner module to retrieve CUPS version and kernel version information from cups-browsed services. Acronis Cyber Infrastructure default password remote code execution Authors: Acronis International GmbH and h00die-gr3y Type: Exploit Pull request: #19463 contributed by h00die-gr3y Path: linux/http/acronis_cyber_infra_cve_2023_45249 AttackerKB reference: CVE-2023-45249 Description: This module exploits a default password vulnerability in Acronis Cyber Infrastructure (ACI) which allows an attacker to access the ACI PostgreSQL database and gain administrative access to the ACI Web Portal. This allows for the attacker to upload ssh keys that enables root access to the appliance/server. This attack can be remotely executed over the WAN as long as the PostgreSQL an

New research by Recorded Future provides insight into how advanced and sophisticated the threat group Marko Polo has become since launching in 2022. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/infostealer-threat-group-marko-polo-evolves-into-empire

In part one of this blog series, we looked at some of the core challenges that are driving the demand for a new approach to Attack Surface Management. In this second blog I explore some of the key technology approaches to ASM and also some of the core asset types we need to understand. We can break the attack surface down into two key perspectives (or generalized network locations), each of which covers hybrid environments (Cloud, On-Premise): External (EASM) - Public facing, internet exposed cyber assets Internal  - Private network accessible cyber assets External (EASM) Today, most available ASM solutions are focused on External Attack Surface Management (EASM) which provides an attacker’s perspective of an organization, an outside-in view. In fact, it’s common for organizations, and some analyst firms,  to refer to EASM as ASM. However, while this is important, it is only a small, and partial view of the attack surface in most organizations. EASM seeks to understand an organ

Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. "The Russian government ran this scheme to steal Americans' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials from The Hacker News https://thehackernews.com/2024/10/us-and-microsoft-seize-107-russian.html

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was from The Hacker News https://thehackernews.com/2024/10/wordpress-litespeed-cache-plugin.html

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape. Image: Shutterstock. Researchers at security firm Permiso Security say attacks against generative artificial intelligence (AI) infrastructure like Bedrock from Amazon Web Services (AWS) have increased markedly over the last six months, particularly when someone in the organization accidentally exposes their cloud credentials or key online, such as in a code repository like GitHub . Investigating the abuse of AWS accounts for several organizations, Permiso found attackers had seized on stolen AWS credentials to interact with the large language models (LLMs

Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware. The researcher provided the following details: While the exploitation attempts we have observed were indiscriminate in targeting, we haven’t seen a large volume of exploitation attempts Based on what we have researched and observed, exploitation of this vulnerability is very easy, but we do not have any information about how reliable the exploitation is Exploitation has remained about the same since we first spotted it on Sept. 28th There is a PoC available, and the exploit attempts appear opportunistic Exploitation is geographically diverse and appears indiscriminate The fact that the attacker is using the same server to send

INTERPOL has announced the arrest of eight individuals in Côte d'Ivoire and Nigeria as part of a crackdown on phishing scams and romance cyber fraud. Dubbed Operation Contender 2.0, the initiative is designed to tackle cyber-enabled crimes in West Africa, the agency said. One such threat involved a large-scale phishing scam targeting Swiss citizens that resulted in financial losses to the tune from The Hacker News https://thehackernews.com/2024/10/interpol-arrests-8-in-major-phishing.html

I aggregated the statistics created from the cyber attacks timelines published in Q2 2024. In this period, I collected 688 events dominated by Cyber Crime with ... from HACKMAGEDDON https://www.hackmageddon.com/2024/10/03/q2-2024-cyber-attacks-statistics/

A new wave of international law enforcement actions has led to four arrests and the takedown of nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspected LockBit developer in France while on holiday outside of Russia, two individuals in the U.K. who from The Hacker News https://thehackernews.com/2024/10/lockbit-ransomware-and-evil-corp.html

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical severity. "An from The Hacker News https://thehackernews.com/2024/10/ivanti-endpoint-manager-flaw-actively.html

A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. "The from The Hacker News https://thehackernews.com/2024/10/china-linked-ceranakeeper-targeting.html

Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack. "While the attackers didn't succeed in deploying ransomware on the networks of any of the organizations affected, it is likely that the attacks were financially motivated," Symantec, part of Broadcom, said in a from The Hacker News https://thehackernews.com/2024/10/andariel-hacker-group-shifts-focus-to.html

A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets. "The attack targeted users of Atomic, Trust Wallet, Metamask, Ronin, TronLink, Exodus, and other prominent wallets in the crypto ecosystem," from The Hacker News https://thehackernews.com/2024/10/pypi-repository-found-hosting-fake.html

The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in from The Hacker News https://thehackernews.com/2024/10/ai-powered-rhadamanthys-stealer-targets.html

In a world where cybersecurity incidents are no longer a matter of if they will happen, but when, having a solid incident response plan is a critical component of cyber resilience and business continuity. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cybersecurity-awareness-month-anna-collard-2024

More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft. "For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages," Palo Alto Networks Unit 42 researchers Shehroze Farooqi, from The Hacker News https://thehackernews.com/2024/10/free-sniper-dz-phishing-tools-fuel.html