Yahoo's security team found four Ivanti bugs

https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-ivanti-issues-security-alert

https://files.mastodon.social/media_attachments/files/111/025/408/035/255/082/original/6fb5a75447ca9ca1.png 

 SilentPush has published details about a fast flux network used by the Russian Gamaredon cyber-espionage group.

Also:

"A large amount of Gamaredon subdomains used in spear phishing attacks are linked to the TLD .ru, registered via REGRU-RU and contain the number 71."

lol

https://www.silentpush.com/blog/from-russia-with-a-71 

 Apple releases iOS and macOS security updates to fix two zero-days, one discovered by CitizenLab

https://support.apple.com/en-us/HT201222

https://files.mastodon.social/media_attachments/files/111/025/110/396/535/064/original/3b5ce0ed51305a47.png 

 CISA: " Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475"

These are Zoho ManageEngine and Fortinet vulnerabilities

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a 

 Security firm Sekoia has published a map of China's offensive cyber operations, its APT groups, and their respective affiliations.

https://blog.sekoia.io/my-teas-not-cold-an-overview-of-china-cyber-threat/

https://files.mastodon.social/media_attachments/files/111/024/906/839/515/797/original/4cc6b016e4d93847.png 

 Google has spotted another online persona operated by North Korean hackers used to target and trick security researchers into infecting themselves with malware.

For the first time, the fake persona also operated accounts on Wire and Mastodon.

https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/ 

 Bitdefender has identified five vulnerabilities in the IRM Next Generation online booking system that have been exploited in the wild since 2021 to drop malware IRM servers

All five remain unpatched as the vendor has not responded to any private disclosure efforts

https://www.bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained/ 

 Organizational chart representing a snapshot of the functions and entities forming part of the CCP’s overt propaganda ecosystem

https://files.mastodon.social/media_attachments/files/111/024/325/320/806/825/original/a8fd06ba94887034.png 

 An investigation by the Qurium Media Foundation has found that the infrastructure of US-based proxy provider Rayobyte is being used to carry out DDoS attacks against independent news outlets in oppressive countries

https://www.qurium.org/press-releases/one-years-research-of-qurium-shows-how-proxy-and-vpn-providers-are-used-to-conduct-ddos-attacks/ 

 "We can not help you attributing the attacks as privacy of the crooks that buy our services is very important"

also known as the typical abuse report reply from any shady AS you can think of 

 AT&T Customers Doxed Themselves En Masse In Reply-All Nightmare

https://www.vice.com/en/article/bvjyz8/atandt-customers-doxed-themselves-en-masse-in-reply-all-nightmare 

 Security researcher Georgi Guninski disclosed a DoS bug that can flood Firefox's Downloads window with random files.

>>>>>"The user is notified about this in a small dialog, but there is no option to stop the downloads. The potential denial of service is that the user must manually delete the created files and this might be PITA."

PoC included (Don't access that on Firefox... kek)

https://seclists.org/fulldisclosure/2023/Sep/2 

 Emsisoft releases an urgent security updates asking customers to reboot all their devices after GlobalSign flubbed the company's certificate renewal

"Yesterday, GlobalSign reached out to us letting us know that they made a mistake with our certificate: namely, they entered our business number incorrectly. This means they must revoke the certificate on September 8th and re-issue a new one with the correct business number."

https://www.emsisoft.com/en/blog/44496/critical-software-update-urgent/ 

 Tenable has announced its intention to acquire cloud security firm Ermetic for $240 million

https://www.tenable.com/press-releases/tenable-announces-intent-to-acquire-ermetic 

 A threat actor tracked as PYTA31 is uploading malicious libraries to the PyPI portal infected with the WhiteSnake malware.

The group has continued its activities unabated even after its operations were exposed in April this year.

https://checkmarx.com/blog/threat-actor-continues-to-plague-the-open-source-ecosystem-with-sophisticated-info-stealing-malware/

https://files.mastodon.social/media_attachments/files/111/023/907/740/385/257/original/6a6d2060210541a9.png 

 Broadcom's Symantec division has spotted a new malware strain named RegStealer.

The malware is written in Python, operates as an infostealer, and has been seen in campaigns targeting South Korea.

https://www.broadcom.com/support/security-center/protection-bulletin#blt0db95c886e9921ba_en-us 

 More than 24,000 websites have been hacked as part of a campaign to redirect legitimate traffic to shady Q&A sites.

The campaign has been going on since September of last year when it was present on only 2,500 hacked sites.

The group behind the hacks is focused on generating revenue using Google ads displayed on the Q&A sites.

https://blog.sucuri.net/2023/09/bogus-url-shorteners-go-mobile-only-in-adsense-fraud-campaign.html 

 Cloud security firm Wiz has published a summary of all the cryptomining payloads it spotted in the wild over the past three months.

https://www.wiz.io/blog/cryptojacking-attacks-summer-2023

https://files.mastodon.social/media_attachments/files/111/023/584/436/757/382/original/669f33a28d100b65.png 

 Android 14 will block all changes to system certificates, even changes from root.

This happens because Google moved the management of a device's certificate root store into a separate component that can be updated via the Play Store.

The new mechanism prevents researchers from adding certificates to their devices for security and research work that requires intercepting HTTPS traffic.

"If you want to debug your own HTTPS traffic, you'll need to stick to Android 13."

https://httptoolkit.com/blog/android-14-breaks-system-certificate-installation/ 

 DarkGate goes from malspam to spamming employees via MS Teams with social-engineered HR-themed files

https://www.truesec.com/hub/blog/darkgate-loader-delivered-via-teams

https://files.mastodon.social/media_attachments/files/111/023/388/024/398/187/original/d77245c346fcbe21.webp 

 "This report demonstrates that the mandated vulnerability and threat-intelligence sharing from the MIIT’s new database to the CNCERT/CC’s CNVD facilitates access to reporting by a regional MSS office, a known PLA contractor, and a university research center with ties to PLA hacking campaigns and which conducts offensive and defense research." 

 An Atlantic Council report argues that Beijing has used a law passed in 2021 that mandates companies disclose security flaws to the government in two days to gain access to vulnerabilities its hackers can use in the wild.

https://www.atlanticcouncil.org/in-depth-research-reports/report/sleight-of-hand-how-china-weaponizes-software-vulnerability/ 

 Vulnerabilities in Proton Mail, Skiff, and Tutanota

https://www.sonarsource.com/blog/code-vulnerabilities-leak-emails-in-proton-mail/