"Someone is attacking nostr:nprofile1qqszr7k0w6gclv3usnqmey68uzs6h2yt7dpw2dyeqt0sh8ehaxl8xyqpz4mhxue69uhhyetvv9ujumt0wd68ytnsw43qz9thwden5te0v35hgar09ec82c30wfjkccte89v5nr right now and has been for a few weeks. 

The attacker is spoofing the IPs of Tor Exit and Directory nodes, and blasting TCP SYN packets indiscriminately  on 22/TCP- spurring a large amount of abuse complaints to hosting providers, which are then temp blocking/banning Tor infrastructure which isn't actually doing anything wrong."

See more in the original Twitter post:
https://x.com/Andrew___Morris/status/1854289771197329517

#tor #privacy 

 Unpatched Vulnerabilities Allow Hacking of Mazda Cars: ZDI

Vulnerabilities in the infotainment system of multiple Mazda car models could allow attackers to execute arbitrary code with root privileges, Trend Micro’s Zero Day Initiative (ZDI) warns.

The issues, ZDI explains, exist because the Mazda Connect Connectivity Master Unit (CMU) system does not properly sanitize user-supplied input, which could allow a physically present attacker to send commands to the system by connecting a specially crafted USB device.

The CMU, popular among the modding community, which has released software tweaks to modify its operations, was manufactured by Visteon and runs software initially developed by Johnson Controls.

According to ZDI, the flaws, which were identified in software version 74.00.324A, could be used in conjunction to “achieve a complete and persistent compromise of the infotainment system”. Earlier software iterations might also be affected. Mazda 3 model year 2014-2021 and other car models are impacted.

See more: https://www.securityweek.com/unpatched-vulnerabilities-allow-hacking-of-mazda-cars-zdi/

#cybersecurity #mazda 

 Cyberattack on Microlise Disables Tracking in Prison Vans, Courier Vehicles

Tracking systems and panic alarms in prison vans and courier vehicles were disabled after Microlise, a provider of vehicle tracking solutions for fleet operators, fell victim to a cyberattack last week.

UK-based Microlise disclosed the incident on October 31, when it notified the London Stock Exchange that ‘unauthorized activity’ on its network affected a large portion of its services.

The company said it retained external cybersecurity experts to investigate the attack and immediately started work on restoring the affected services.

In a November 6 update, Microlise said it was “making substantial progress in containing and clearing the threat from its network” and that it has been bringing services online, with all of them expected to become operational by the end of next week.

The company said that no customer systems data has been compromised in the attack, but noted that some employee data was impacted.
 https://www.securityweek.com/cyberattack-on-microlise-disables-tracking-in-prison-vans-courier-vehicles/ 

 QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns

"In 2021, we began to investigate an attack on the telecom industry in South Asia. During the investigation, we discovered QSC: a multi-plugin malware framework that loads and runs plugins (modules) in memory. The framework includes a Loader, a Core module, a Network module, a Command Shell module and a File Manager module. It is dropped either as a standalone executable or as a payload file along with a loader DLL. In this post, we describe each component of the framework as well as its recent activity including a deployment scenario, an additional backdoor, post-compromise activity and a link to the CloudComputating group."

See more: https://securelist.com/cloudcomputating-qsc-framework/114438/

#cybersecurity #cyberespionage 

 Texas Oilfield Supplier Newpark Hit by Ransomware

Newpark Resources this week announced that access to certain information systems and business applications has been disrupted following a ransomware attack.

The incident was discovered on October 29 and a cybersecurity response plan was immediately activated, the Texas-based provider of drilling fluids systems and composite matting systems for the oilfield sector said in a filing with the Securities and Exchange Commission (SEC).

“The incident has caused disruptions and limitation of access to certain of the company’s information systems and business applications supporting aspects of the company’s operations and corporate functions, including financial and operating reporting systems,” Newpark said.

According to the company, reverting to downtime procedures allowed it to continue manufacturing and field operations uninterrupted. 

See more: https://www.securityweek.com/texas-oilfield-supplier-newpark-hit-by-ransomware

#cybersecurity #ransomware 

 Google's mysterious 'search[.]app' links leave Android users concerned

Google has left Android users puzzled after the most recent update to the Google mobile app causes links shared from the app to now be prepended with a mysterious "search[.]app" domain.

Put simply, search[.]app is a URL redirector domain, much like t[.]co used by X (formerly Twitter), Google's g[.]co, or Meta's m[.]me.

Prepending links with "https://search[.]app?link=" gives Google enhanced visibility into how links are being externally shared by the Google app users and who are clicking on these links (i.e. referrers).

In addition to collecting analytics, by placing itself between users and external links by using the "search[.]app" domain, Google now has the ability to block traffic to phishing or hacked domains, should a website go rogue, or in the event that users are mass-sharing questionable content with each other (such as a scam site).

See more: https://www.bleepingcomputer.com/news/security/googles-mysterious-searchapp-links-leave-android-users-concerned/

#cybersecurity #google 

 CISA warns of critical Palo Alto Networks bug exploited in attacks

CISA warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from Checkpoint, Cisco, and other vendors to PAN-OS.

This security flaw, tracked as CVE-2024-5910, was patched in July, and threat actors can remotely exploit it to reset application admin credentials on Internet-exposed Expedition servers.

"Palo Alto Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data," CISA says.

See more: https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-palo-alto-networks-bug-exploited-in-attacks/

#cybersecurity #exploit #paloalto 

 Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years while stealthily exfiltrating developers' Amazon Web Services (AWS) credentials.

The package in question is "fabrice," which typosquats a popular Python library known as "fabric," which is designed to execute shell commands remotely over SSH.

While the legitimate package has over 202 million downloads, its malicious counterpart has been downloaded more than 37,100 times to date. As of writing, "fabrice" is still available for download from PyPI. It was first published in March 2021.

The typosquatting package is designed to exploit the trust associated with "fabric," incorporating "payloads that steal credentials, create backdoors, and execute platform-specific scripts," security firm Socket said.

See more: https://thehackernews.com/2024/11/malicious-pypi-package-fabrice-found.html

#cybersecurity #pypi #typosquatting 

 New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus

Cybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts.

The "intriguing" campaign, codenamed CRON#TRAP, starts with a malicious Windows shortcut (LNK) file likely distributed in the form of a ZIP archive via a phishing email.

"What makes the CRON#TRAP campaign particularly concerning is that the emulated Linux instance comes pre-configured with a backdoor that automatically connects to an attacker-controlled command-and-control (C2) server," Securonix researchers Den Iuzvyk and Tim Peck said in an analysis.

See more: https://thehackernews.com/2024/11/new-crontrap-malware-infects-windows-by.html

#cybersecurity #malware 

 HPE warns of critical RCE flaws in Aruba Networking access points

Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points.

The two security issues could allow a remote attacker to perform unauthenticated command injection by sending specially crafted packets to Aruba's Access Point management protocol (PAPI) over UDP port 8211.

The critical flaws are tracked as CVE-2024-42509 and CVE-2024-47460, and have been assessed with a severity score of 9.8 and 9.0, respectively. Both are in the command line interface (CLI) service, which is accessed via the PAPI protocol.

Update fixes also a couple of others security vulnerabilities with severity score around 7.

See more: https://www.bleepingcomputer.com/news/security/hpe-warns-of-critical-rce-flaws-in-aruba-networking-access-points/

#cybersecurity #hpe #aruba 

 Androxgh0st Botnet Integrates Mozi, Expands Attacks on IoT Vulnerabilities

CloudSEK reports that the Androxgh0st botnet has integrated with the Mozi botnet and exploits a wide range of vulnerabilities in web applications and IoT devices. Learn about the specific vulnerabilities being targeted, the techniques used by the attackers, and how to protect your systems from this evolving threat.

Cybersecurity researchers at Contextual AI company, CloudSEK’s AI digital risk platform XVigil have uncovered a new development in the Androxgh0st botnet. This malicious network, initially targeting web servers since January 2024, has re-emerged after undergoing transformation.

Reportedly, the botnet now shares components from the infamous Mozi botnet, historically known for infecting internet-of-things (IoT) devices. The analysis of Androxgh0st‘s C&C logs revealed an operational change as the botnet now appears to be deploying Mozi-linked payloads. 

See more: https://hackread.com/androxgh0st-botnet-integrate-mozi-iot-vulnerabilities/

#cybersecurity #botnet 

 North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS

A threat actor with ties to the Democratic People's Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices.

Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk, attributed it with high confidence to BlueNoroff, which has been previously linked to malware families such as RustBucket, KANDYKORN, ObjCShellz, RustDoor (aka Thiefbucket), and TodoSwift.

The activity "uses emails propagating fake news about cryptocurrency trends to infect targets via a malicious application disguised as a PDF file," researchers Raffaele Sabato, Phil Stokes, and Tom Hegel said in a report shared with The Hacker News.

"The campaign likely began as early as July 2024 and uses email and PDF lures with fake news headlines or stories about crypto-related topics."

See more: https://thehackernews.com/2024/11/north-korean-hackers-target-crypto.html

#cybersecurity #crypto 

 Cisco Patches Critical Vulnerability in Industrial Networking Solution

Cisco on Wednesday announced patches for dozens of vulnerabilities in its enterprise products, including a critical-severity flaw in Unified Industrial Wireless software.

The critical bug, tracked as CVE-2024-20418 (CVSS score of 10/10), allows a remote, unauthenticated attacker to inject commands on the underlying operating system, with root privileges.

The issue exists because the web-based management interface of the industrial networking solution does not properly validate input, allowing an attacker to send crafted HTTP requests.

Furthermore other high-severity and mid-severity bugs patched, too.

See more: https://www.securityweek.com/cisco-patches-critical-vulnerability-in-industrial-networking-solution/

#cybersecurity #cisco 

 Android Banking Trojan ToxicPanda Targets Europe

The Cleafy threat intelligence team recently came across an Android banking trojan that has been observed targeting users in Europe and elsewhere.

The cybersecurity firm noticed in late October that there had been a significant increase in what initially appeared to be a campaign involving TgToxic, a China-linked piece of malware that has been used since at least mid-2022 to target Android users in Southeast Asia in an effort to steal cryptocurrency and funds from banking and other finance apps.

However, a closer analysis revealed differences in the code and Cleafy started tracking the new malware as ToxicPanda.

According to the online fraud management and prevention firm, ToxicPanda has remote access trojan (RAT) capabilities, enabling the attackers to conduct account takeover (ATO) through a technique known as on-device fraud (ODF). 

See more: https://www.securityweek.com/android-banking-trojan-toxicpanda-targets-europe/

#cybersecurity #android 

 Canada Orders TikTok to Shut Down Canadian Operations Over Security Concerns

The Canadian government on Wednesday ordered ByteDance-owned TikTok to dissolve its operations in the country, citing national security risks, but stopped short of instituting a ban on the popular video-sharing platform.

"The decision was based on the information and evidence collected over the course of the review and on the advice of Canada's security and intelligence community and other government partners," François-Philippe Champagne, Minister of Innovation, Science and Industry, said in a statement.

The government said it does not intend to block Canadians' access to the app itself or curtail their ability to create new content, stating the use of a social media application is a "personal choice." The use of the app has already been banned on Canadian government devices since February 2023.

See more: https://thehackernews.com/2024/11/canada-orders-tiktok-to-shut-down.html

#cybersecurity #tiktok 

 Zcash Zebra implementation walkthrough for developers from the Zcash foundation

See more:
https://youtu.be/aV93Ux3j4Gw

#zcash #privacy 

 Germany drafts law to protect researchers who find security flaws

The Federal Ministry of Justice in Germany has drafted a law to provide legal protection to security researchers who discover and responsibly report security vulnerabilities to vendors.

When security research is conducted within the specified boundaries, those responsible will be excluded from criminal liability and the risk of prosecution.

"Those who want to close IT security gaps deserve recognition—not a letter from the prosecutor," stated Federal Minister of Justice Dr. Marco Buschmann.

See more: https://www.bleepingcomputer.com/news/security/germany-drafts-law-to-protect-researchers-who-find-security-flaws/

#cybersecurity 

 New SteelFox malware hijacks Windows PCs using vulnerable driver

A new malicious package called 'SteelFox' mines for cryptocurrency and steals credit card data by using the “bring your own vulnerable driver” technique to get SYSTEM privileges on Windows machines.

The malware bundle dropper is distributed through forums and torrent trackers as a crack tool that activates legitimate versions of various software like Foxit PDF Editor, JetBrains and AutoCAD.

Using a vulnerable driver for privilege escalation is common for state-sponsored threat actors and ransomware groups. However, the technique now appears to extend to info-stealing malware attacks.

See more: https://www.bleepingcomputer.com/news/security/new-steelfox-malware-hijacks-windows-pcs-using-vulnerable-driver/

#cybersecurity #malware 

 VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware

An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi.

"Leveraging Microsoft SaaS services — including Teams, SharePoint, Quick Assist, and OneDrive — the attacker exploited the trusted infrastructures of previously compromised organizations to distribute spear-phishing attacks and store malware," Israeli cybersecurity company Hunters said in a new report.

"This cloud-centric strategy allowed the threat actor to avoid detection by conventional monitoring systems."

See more: https://thehackernews.com/2024/11/veildrive-attack-exploits-microsoft.html

#cybersecurity #malware 

 Winos4.0 Malware Found in Game Apps, Targets Windows Users

A new malicious software framework, “Winos4.0,” has been discovered embedded in game-related applications targeting Windows users.

According to researchers at FortiGuard Labs, this malware framework is a sophisticated variant derived from Gh0strat. Winos4.0 can execute multiple actions remotely and provides attackers with extensive control over affected systems.

The malware operates by distributing game-related applications, such as installation tools and performance boosters, to gain initial access to target devices.

See more: https://www.infosecurity-magazine.com/news/winos40-malware-found-game-windows/

#cybersecurity #malware 

 South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers

Meta has been fined 21.62 billion won ($15.67 million) by South Korea's data privacy watchdog for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and sharing it with advertisers without their consent.

The country's Personal Information Protection Commission (PIPC) said Meta gathered information such as religious affiliations, political views, and same-sex marital status of about 980,000 domestic Facebook users and shared it with 4,000 advertisers.

"Specifically, it was found that behavioral information, such as the pages that users 'liked' on Facebook and the ads they clicked on, was analyzed to create and operate advertising topics related to sensitive information," the PIPC said in a press statement.

See more: https://thehackernews.com/2024/11/south-korea-fines-meta-1567m-for.html

#privacy #meta 

 Google Cloud to make MFA mandatory by the end of 2025

Google has announced that multi-factor authentication (MFA) will be mandatory on all Cloud accounts by the end of 2025 to enhance security.

Google Cloud is a product designed for businesses, developers, and IT teams to build, deploy, and manage applications and infrastructure in the cloud.

The mandatory MFA rollout will affect both admins and any users with access to Google Cloud services but not general consumer Google accounts.

See more: https://www.bleepingcomputer.com/news/security/google-cloud-to-make-mfa-mandatory-by-the-end-of-2025/

#cybersecurity #google #mfa 

 ClickFix Exploits Users with Fake Errors and Malicious Code

A new social engineering tactic, known as ClickFix, has emerged, using deceptive error messages to prompt users to run harmful code.

The Sekoia Threat Detection & Research (TDR) team has recently detailed this tactic – first discovered by Proofpoint in March – in a new report published earlier today. This approach, called ClearFake, encourages users to copy and execute malicious PowerShell commands, enabling cybercriminals to infect users’ devices.

ClickFix exploits fake error messages across multiple platforms, such as Google Meet and Zoom, often mimicking error notifications on video conferencing pages to lure users.

See more: https://www.infosecurity-magazine.com/news/clickfix-fake-errors-malicious-code/

#cybersecurity #clickfix 

 Chinese Air Fryers May Be Spying on Consumers, Which? Warns

A consumer rights group has warned UK shoppers to research their next electronics purchases carefully, after finding evidence of “excessive smart device surveillance” from Chinese air fryers and other products.

Which? claimed that smart air fryers from Xiaomi, Cosori and Aigostar all wanted to know customers’ precise locations, as well as permission to record audio on the user’s phone.

The Xiaomi app linked to the smart device also connected to ad trackers from Facebook, TikTok’s Pangle ad network and Tencent, depending on the location of said user, the report claimed.

See more: https://www.infosecurity-magazine.com/news/chinese-air-fryers-spying/

#cybersecurity #privacy 

 Pakistani Hackers Targeted High-Profile Indian Entities using Custom RAT

A hacking group associated with the Pakistani government has repeatedly targeted high-profile entities in India with cyber espionage campaigns throughout 2024, according to cybersecurity provider Check Point.

Researchers at Check Point Research are closely tracking the persistent use of ElizaRAT, a custom implant deployed by Transparent Tribe, a cyber espionage group attributed to Pakistan, also known as APT36.

They observed several campaigns using the remote access trojan (RAT) in 2024, with many likely successful.

See more: https://www.infosecurity-magazine.com/news/pakistan-hackers-high-profile/

#cybersecurity 

 Interpol disrupts cybercrime activity on 22,000 IP addresses, arrests 41

Interpol announced it arrested 41 individuals and taken down 1,037 servers and infrastructure running on 22,000 IP addresses facilitating cybercrime in an international law enforcement action titled Operation Synergia II.

The operation took place between April and August 2024, spanning 95 countries and resulting in 41 arrests of those linked to various crimes, including ransomware, phishing, and information stealers.

Interpol said its enforcement action was backed by intelligence provided by private cybersecurity firms like Group-IB, Kaspersky, Trend Micro, and Team Cymru, leading to the identification of over 30,000 suspicious IP addresses.

See more: https://www.bleepingcomputer.com/news/security/interpol-disrupts-cybercrime-activity-on-22-000-ip-addresses-arrests-41/

#cybersecurity  

 Suspect behind Snowflake data-theft attacks arrested in Canada

Canadian authorities have arrested a man suspected of having stolen the data of hundreds of millions after targeting over 165 organizations, all of them customers of cloud storage company Snowflake.

According to Canada's Department of Justice, Alexander "Connor" Moucka (aka "Waifu" and "Judische") was taken into custody on Wednesday at the request of the United States and is scheduled to appear in court again today, as first reported by Bloomberg and confirmed by 404 Media.

"Following a request by the United States, Alexander Moucka (a.k.a. Connor Moucka) was arrested on a provisional arrest warrant on Wednesday October 30, 2024," Ian McLeod, a spokesperson for Canada's Department of Justice, told BleepingComputer on Tuesday.

See more: https://www.bleepingcomputer.com/news/security/suspect-behind-snowflake-data-theft-attacks-arrested-in-canada/

#cybersecurity #hacking 

 Researcher Discloses 36 Vulnerabilities Found in IBM Security Verify Access 

Security researcher Pierre Barre has drawn attention to three dozen vulnerabilities in IBM Security Verify Access (ISVA), including ones that could have allowed attackers to compromise the entire authentication infrastructure based on the authorization and network security policy management solution.

An attacker looking to exploit these issues would need to mount a man-in-the-middle (MiTM) attack or gain access to the internal network of an organization using IBM’s ISVA appliances and Docker images.

At least half of the security defects, including seven remote code execution flaws, one authentication bypass, eight privilege escalation bugs, and some other issues, could be exploited for full compromise.

See more: https://www.securityweek.com/researcher-discloses-32-vulnerabilities-found-in-ibm-security-verify-access/

#cybersecurity #ibm 

 Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices

Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution.

Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager.

RISK:STATION is an "unauthenticated zero-click vulnerability allowing attackers to obtain root-level code execution on the popular Synology DiskStation and BeeStation NAS devices, affecting millions of devices," the Dutch company said.

See more: https://thehackernews.com/2024/11/synology-urges-patch-for-critical-zero.html

#cybersecurity #zeroclick 

 OWASP Beefs Up GenAI Security Guidance Amid Growing Deepfakes

As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, next-generation threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate.

To help organizations develop stronger defenses against AI-based attacks, the Top 10 for LLM Applications & Generative AI group within the Open Worldwide Application Security Project (OWASP) released a trio of guidance documents for security organizations on Oct. 31. To its previously released AI cybersecurity and governance checklist, the group added a guide for preparing for deepfake events, a framework to create AI security centers of excellence, and a curated database on AI security solutions.

See more: https://www.darkreading.com/vulnerabilities-threats/owasp-genai-security-guidance-growing-deepfakes

#cybersecurity #ai #deepfake 

 Windows infected with backdoored Linux VMs in new phishing attacks

A new phishing campaign dubbed 'CRON#TRAP' infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks.

Using virtual machines to conduct attacks is nothing new, with ransomware gangs and cryptominers using them to stealthily perform malicious activity. However, threat actors commonly install these manually after they breach a network.

A new campaign spotted by Securonix researchers is instead using phishing emails to perform unattended installs of Linux virtual machines to breach and gain persistence on corporate networks.

The phishing emails pretend to be a "OneAmerica survey" that includes a large 285MB ZIP archive to install a Linux VM with a pre-installed backdoor.

See more: https://www.bleepingcomputer.com/news/security/windows-infected-with-backdoored-linux-vms-in-new-phishing-attacks/

#cybersecurity #windows 

 Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild.

The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories and its sub-directories, according to a code commit message.

The tech giant has also flagged CVE-2024-43047, a now-patched security bug in Qualcomm chipsets, as having been actively exploited. A use-after-free vulnerability in the Digital Signal Processor (DSP) Service, successful exploitation could lead to memory corruption.

See more: https://thehackernews.com/2024/11/google-warns-of-actively-exploited-cve.html

#cybersecurity #android 

 Nokia investigates breach after hacker claims to steal source code

Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company's stolen source code.

IntelBroker claimed to be selling Nokia source code that was stolen after they breached a third-party vendor's server.

IntelBroker states that the stolen data contains SSH keys, source code, RSA keys, BitBucket logins, SMTP accounts, webhooks, and hardcoded credentials.

The threat actor told BleepingComputer that they gained access to the third-party vendor's SonarQube server using default credentials, allowing them to download customers' Python projects, including those belonging to Nokia.

See more: https://www.bleepingcomputer.com/news/security/nokia-investigates-breach-after-hacker-claims-to-steal-source-code/

#cybersecurity #databreach 

 Zcashd 5.1.0 EOS halt tomorrow - upgrade your nodes if you run Zcashd implementation!

See more:
https://github.com/zcash/zcash/releases/tag/v6.0.0

Original tweet:
https://x.com/zksquirrel/status/1853543902747279382

#zcash #zcashd 

 The Zcash Foundation released the version of Zebra, version 2.0.1, with full support for NU6 on Mainnet. Please update your nodes

Zebra now implements all suggestions from the audit provided by LeastAuthority. Another notable feature is the addition of cookie-based authentication for Zebra’s RPC server.

Finally, the end-of-support (EOS) halt goes back to occurring 16 weeks from the release date.

See more:
https://zfnd.org/zebra-2-0-1-release/

#Zcash #Zebra 

 Okta used to allow login bypass for any usernames with 52+ characters. 

This vulnerability was resolved in Okta's production environment on October 30, 2024

See more: 
https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/

#cybersecurity 

 Hackers Leak 300,000 MIT Technology Review Magazine User Records

Hackers claim to have breached MIT Technology Review Magazine via a third-party contractor, leaking nearly 300,000 user records on Breach Forums. Data includes full names, email addresses, and activity details, posing risks for phishing and targeted scams.

See more: https://hackread.com/hackers-leak-mit-technology-review-user-records/

#cybersecurity #privacy 

 City of Columbus: Data of 500,000 stolen in July ransomware attack

The City of Columbus, Ohio, notified 500,000 individuals that a ransomware gang stole their personal and financial information in a July 2024 cyberattack.

See more: https://www.bleepingcomputer.com/news/security/city-of-columbus-data-of-500-000-stolen-in-july-ransomware-attack/

#cybersecurity #ransomware 

 Supply Chain Attack Uses Smart Contracts for C2 Ops

Security researchers claim to have discovered the first-ever open source supply chain attack combining blockchain technology with traditional attack vectors.

“The attacker used a classic typosquatting technique by misspelling ‘fetch’ as ‘fet’ while maintaining the key terms ‘jest’ and ‘mock,’” it wrote.

“Given that the legitimate packages are primarily used in development environments where developers typically have elevated system privileges, and are often integrated into CI/CD pipelines, we believe this attack specifically targets development infrastructure through the compromise of testing environments.”

See more: https://www.infosecurity-magazine.com/news/supply-chain-attack-smart/

#cybersecurity #smartcontract #supplychainattack 

 DocuSign's Envelopes API abused to send realistic fake invoices

Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal.

Using a legitimate service, the attackers bypass email security protections as they come from an actual DocuSign domain, docusign.net.

The goal is to have their targets e-sign the documents, which they can then use to authorize payments independently from the company's billing departments.

"If users e-sign this document, the attacker can use the signed document to request payment from the organization outside of DocuSign or send the signed document through DocuSign to the finance department for payment," explains Wallarm security researcher.

See more: https://www.bleepingcomputer.com/news/security/docusigns-envelopes-api-abused-to-send-realistic-fake-invoices/

#cybersecurity #docusign #phishing 

 Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime).

The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent, while the researchers were not able to find the same vulnerability using traditional fuzzing. 

"We believe this is the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used real-world software," the Big Sleep team said in a blog post shared with The Hacker News.

The vulnerability in question is a stack buffer underflow in SQLite, which occurs when a piece of software references a memory location prior to the beginning of the memory buffer, thereby resulting in a crash or arbitrary code execution.

The flaw was discovered in a development branch of the library, meaning it was flagged before it made it into an official release.

See more:
The Hackers News https://thehackernews.com/2024/11/googles-ai-tool-big-sleep-finds-zero.html

SecurityWeek:
https://www.securityweek.com/google-says-its-ai-found-sqlite-vulnerability-that-fuzzing-missed/

#cybersecurity #sqlite #ai 

 Meet Interlock — The new ransomware targeting FreeBSD servers

A relatively new ransomware operation named Interlock attacks organizations worldwide, taking the unusual approach of creating an encryptor to target FreeBSD servers.

Launched at the end of September 2024, Interlock has since claimed attacks on six organizations, publishing stolen data on their data leak site after a ransom was not paid. One of the victims is Wayne County, Michigan, which suffered a cyberattack at the beginning of October.

Not much is known about the ransomware operation, with some of the first information coming from incident responder Simo in early October, who found a new backdoor [VirusTotal] deployed in an Interlock ransomware incident.

See more: https://www.bleepingcomputer.com/news/security/meet-interlock-the-new-ransomware-targeting-freebsd-servers/

#cybersecurity #ransomware 

 In Other News: FBI’s Ransomware Disruptions, Recall Delayed Again, CrowdStrike Responds to Bloomberg Article

SecurityWeek sums up last week's news in the brief overview. Check if you have missed anything important 👀

See more: https://www.securityweek.com/in-other-news-fbis-ransomware-disruptions-recall-delayed-again-crowdstrike-responds-to-bloomberg-article/

#cybersecurity 

 GreyNoise Credits AI for Spotting Exploit Attempts on IoT Livestream Cams

Cybersecurity firm GreyNoise Intelligence is crediting an AI-powered tool for capturing attempts to exploit critical vulnerabilities in live streaming IoT cameras widely deployed at healthcare, industrial operations and government facilities. 

GreyNoise said it detected two distinct vulnerabilities — CVE-2024-8956 and CVE-2024-8957 — after an exploit attempt on its Sift automated threat-hunting honeypot system. An internal AI technology flagged the unusual activity which allows GreyNoise researchers discovered the zero-day vulnerabilities. 

The most severe of the two vulnerabilities (CVE-2024-8956) carries a CVSS score of 9.1 out of 10 and allows an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. 

See more: https://www.securityweek.com/greynoise-credits-ai-for-spotting-exploit-attempts-on-iot-livestream-cams/

#cybersecurity #ai 

 Critical Auth Bugs Expose Smart Factory Gear to Cyberattack

Critical security vulnerabilities affecting factory automation software from Mitsubishi Electric and Rockwell Automation could variously allow remote code execution (RCE), authentication bypass, product tampering, or denial-of-service (DoS).

That's according to the US Cybersecurity and Infrastructure Security Agency (CISA), which warned yesterday that an attacker could exploit the Mitsubishi Electric bug (CVE-2023-6943, CVSS score of 9.8) by calling a function with a path to a malicious library while connected to the device — resulting in authentication bypass, RCE, DoS, or data manipulation.

The Rockwell Automation bug (CVE-2024-10386, CVSS 9.8), meanwhile, stems from a missing authentication check; a cyberattacker with network access could exploit it by sending crafted messages to a device, potentially resulting in database manipulation.

See more: https://www.darkreading.com/vulnerabilities-threats/critical-auth-bugs-smart-factory-cyberattack

#cybersecurity 

 LastPass warns of fake support centers trying to steal customer data

LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by BleepingComputer.

LastPass is a popular password manager that utilizes a LastPass Chrome extension to generate, save, manage, and autofill website passwords.

Threat actors are attempting to target a large swath of the company's user base by leaving 5-star reviews with a fake LastPass customer support number.

See more: https://www.bleepingcomputer.com/news/security/lastpass-warns-of-fake-support-centers-trying-to-steal-customer-data/

#cybersecurity #lastpass 

 Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack

A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.

A popular device and application used by millions of individuals and businesses around the world to store documents is vulnerable to a zero-click flaw, a group of Dutch researchers have discovered.

The vulnerability, which is called zero-click because it doesn’t require a user to click on anything to be infected, affects a photo application installed by default on popular network-attached storage (NAS) devices made by the Taiwanese firm Synology. The bug would allow attackers to gain access to the devices to steal personal and corporate files, plant a backdoor, or infect the systems with ransomware to prevent users from accessing their data.

See more: https://www.wired.com/story/synology-zero-click-vulnerability/

#cybersecurity #zeroclick 

 Zcash explores proposal of transition into hybrid Proof- of-work/Proof-of-stake system called Crosslink

See more:
https://github.com/ShieldedLabs/crosslink-deployment/blob/main/Scoping.md

YouTube:
https://www.youtube.com/live/O4wQi_i7k0I

#zcash #zec #privacy 

 qBittorrent fixes flaw exposing users to MitM attacks for 14 years

qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app.

The flaw, introduced in a commit on April 6, 2010, was eventually fixed in the latest release, version 5.0.1, on October 28, 2024, more than 14 years later.

However, as security researcher Sharp Security highlighted in a blog post, the team fixed a notable flaw without adequately informing the users about it and without assigning a CVE to the problem.

See more: https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/

#cybersecurity #torrent 

 Couple of Windows related news. Bugs, patches and money milking grift. Microsoft being Microsoft 🤷‍♂️

1) Windows 11 Task Manager bug shows wrong number of running processes
See more: https://www.bleepingcomputer.com/news/microsoft/windows-11-task-manager-bug-shows-wrong-number-of-running-processes/

2) Microsoft fixes Windows 10 bug causing apps to stop working
See more: https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-bug-causing-apps-to-stop-working/

3) Microsoft wants $30 if you want to delay Windows 11 switch 
See more: https://www.bleepingcomputer.com/news/microsoft/microsoft-wants-30-if-you-want-to-delay-windows-11-switch/

#windows 

 Hackers target critical zero-day vulnerability in PTZ cameras 

See more: https://www.bleepingcomputer.com/news/security/hackers-target-critical-zero-day-vulnerability-in-ptz-cameras/

#cybersecurity #privacy 

 Sophos reveals 5-year battle with Chinese hackers attacking network devices

Sophos disclosed today a series of reports dubbed "Pacific Rim" that detail how the cybersecurity company has been sparring with Chinese threat actors for over 5 years as they increasingly targeted networking devices worldwide, including those from Sophos.

Sophos believes that many of the zero-day vulnerabilities are developed by Chinese researchers who not only share them with vendors, but also the Chinese government and associated state-sponsored threat actors.

While many of these attacks put cybersecurity researchers on the defensive, Sophos also had the opportunity to go on the offensive, planting custom implants on devices that were known to be compromised.

These implants allowed Sophos to collect valuable data about the threat actors, including a UEFI bootkit that was observed being deployed to a networking device.

See more: https://www.bleepingcomputer.com/news/security/sophos-reveals-5-year-battle-with-chinese-hackers-attacking-network-devices/

#cybersecurity #sophos 

 Tails 6.9 is out! It updates Tor Browser to 14.0.1 and fixes some reliability issues in automatic upgrades.

Changes and updates
- Update Tor Browser to 14.0.1.
- Update the Tor client to 0.4.8.13.
- Update Thunderbird to 115.16.0.

See more
https://tails.net/news/version_6.9/

#privacy #tails #tor 

 Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer

A malvertising campaign is exploiting Meta’s platform to spread SYS01 infostealer, targeting men 45+ via fake ads for popular software. The malware steals Facebook credentials, hijacks accounts espicially those administrating business pages, and spreads further attacks globally.

See more: https://hackread.com/fake-meta-ads-hijacking-facebook-sys01-infostealer/

#cybersecurity #facebook
 

 Interbank confirms data breach following failed extortion, data leak

​Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online.

Previously known as the International Bank of Peru (Banco Internacional del Perú), the company provides financial services to over 2 million customers.

See more: https://www.bleepingcomputer.com/news/security/interbank-confirms-data-breach-following-failed-extortion-data-leak/

#privacy #cybersecurity 

 FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities

The sophisticated vishing malware known as FakeCall (aka Fakecalls) has become more sophisticated. New research shows an increase in evasion and espionage capabilities for an Android malware that has been known and classified as a banking trojan largely targeting South Korea.

In addition to vishing (voice phishing), FakeCall could also capture live audio and video streams from the infected devices, allowing attackers to steal sensitive data without victim interaction.

Callie Guenther, senior manager of cyber threat research at Critical Start, told SecurityWeek, “The techniques used, such as native API utilization, advanced obfuscation, and remote surveillance, resemble TTPs seen in state-sponsored campaigns. Although not definitively attributed, these capabilities align with those observed in APT groups focused on espionage and high-value financial targeting.”

See more:
Security week:
https://www.securityweek.com/fakecall-android-trojan-evolves-with-new-evasion-tactics-and-expanded-espionage-capabilities/

Bleeping Comuper:
https://www.bleepingcomputer.com/news/security/android-malware-fakecall-now-reroutes-bank-calls-to-attackers/

#cybersecurity #vishing 

 Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information

A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs.

The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said.

To demonstrate the issue, the company said it managed to publish a seemingly harmless browser extension to the Chrome Web Store that could then exploit the flaw when installed on Opera, making it an instance of a cross-browser-store attack.

The issue has been addressed by Opera as of September 24, 2024, following responsible disclosure. That said, this is not the first time security flaws have been identified in the browser.

See more: https://thehackernews.com/2024/10/opera-browser-fixes-big-security-hole.html

#cybersecurity #opera 

 Google and Mozilla on Tuesday announced security updates for their Chrome and Firefox web browsers, and some of the vulnerabilities they patch are potentially severe.

See more:
https://www.securityweek.com/google-patches-critical-chrome-vulnerability-reported-by-apple/

#cybersecurity #chrome #mozilla 

 Hackers steal 15,000 cloud credentials from exposed Git config files

A large-scale malicious operation named "EmeraldWhale" scanned for exposed Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories.

Git configuration files, such as /.git/config or .gitlab-ci[.]yml, are used to define various options like repository paths, branches, remotes, and sometimes even authentication information like API keys, access tokens, and passwords.

According to Sysdig, who discovered the campaign, the operation involves using automated tools that scan IP ranges for exposed Git configuration files, which may include authentication tokens.

These tokens are then used to download repositories stored on GitHub, GitLab, and BitBucket, which are scanned for further credentials.

See more: https://www.bleepingcomputer.com/news/security/hackers-steal-15-000-cloud-credentials-from-exposed-git-config-files/

#cybersecurity #git 

 LottieFiles hit in npm supply chain attack targeting users' crypto

LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied.

As discovered yesterday, following multiple user reports about strange code injections, the affected versions are Lottie Web Player (“lottie-player”) 2.0.5, 2.0.6, and 2.0.7, all published yesterday.

LottieFiles quickly released a new version, 2.0.8, which is based on the clean 2.0.4, advising users to upgrade to it as soon as possible.

See more: https://www.bleepingcomputer.com/news/security/lottiefiles-hit-in-npm-supply-chain-attack-targeting-users-crypto/

#cybersecurity #crypto 

 Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials

Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and Microsoft Sway to their advantage.

"The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for multiple company webmail platforms, as well as Microsoft 365 login credentials," Netskope Threat Labs researcher Jan Michael Alcantara said in an analysis.

See more: https://thehackernews.com/2024/10/cybercriminals-use-webflow-to-deceive.html

#cybersecurity #crypto #phising 

 Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland

The popular hacking competition set up camp in Trend Micro’s Cork office for the first time last week, with competitors discovering and demonstrating exploits for over 70 zero-day vulnerabilities. These will now be responsibly disclosed to the relevant vendors for patching

A growing number of manufacturers are getting involved in the competition in order to place their products in front of a highly motivated bunch of ethical hackers.

For the first time, Pwn2Own welcomed Meta as a sponsor this year, although no teams were able to find a workable exploit for WhatsApp in a new Messenger App category of the competition. It is zero-click vulnerabilities like this that commercial spyware makers are notorious for finding and exploiting for their customers.

See more: https://www.infosecurity-magazine.com/news/researchers-70-zeroday-bugspwn/

#cybersecurity #zeroday 

 ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using Hexadecimal Encoding and Emojis

Malicious instructions encoded in hexadecimal format could have been used to bypass ChatGPT safeguards designed to prevent misuse. 

The new jailbreak was disclosed on Monday by Marco Figueroa, gen-AI bug bounty programs manager at Mozilla, through the 0Din bug bounty program.

If a user instructs the chatbot to write an exploit for a specified CVE, they are informed that the request violates usage policies. However, if the request was encoded in hexadecimal format, the guardrails were bypassed and ChatGPT not only wrote the exploit, but also attempted to execute it “against itself”, according to Figueroa.

See more
Security Week: https://www.securityweek.com/first-chatgpt-jailbreak-disclosed-via-mozillas-new-ai-bug-bounty-program/

Dark Reading: https://www.darkreading.com/application-security/chatgpt-manipulated-hex-code

#cybersecurity #ai #chatgpt #jailbreak 

 Italian Politicians Express Alarm at Latest Data Breach Allegedly Affecting 800,000 Citizens

Italian politicians called Monday for better protection of citizens’ online data following a probe into a hacking scheme that allegedly breached law enforcement, tax authority and other sensitive public data.

According to prosecutors in Milan, the data of at least 800,000 Italians was compromised in breaches dating from 2022 by a private investigative agency that compiled dossiers for a fee on top Italian business and political figures. Prosecutors were still investigating which officials had been targeted.

See more: https://www.securityweek.com/italian-politicians-express-alarm-at-latest-data-breach-allegedly-affecting-800000-citizens/

#cybersecurity #privacy 

 Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products

Apple on Monday announced fresh security updates for both iOS and macOS users, addressing over 70 CVEs across its platforms, including several bugs leading to protected file system modifications.

iOS 18.1 and iPadOS 18.1 are now rolling out to mobile users with patches for 28 vulnerabilities that could lead to information leaks, the disclosure of process memory, denial-of-service, sandbox escape, modification of protected system files, heap corruption, and access to restricted files.

The tech giant points to similar outcomes and resolutions for 59 security defects that were resolved with the macOS Sequoia 15.1 update that started rolling out on Monday. The patches address 15 issues that were also addressed in iOS and several flaws in third-party dependencies.

Additionally, Apple released macOS Sonoma 14.7.1 and macOS Ventura 13.7.1 with fixes for over 40 defects each, and announced the rollout of watchOS, tvOS, and visionOS security updates as well.

See more: https://www.securityweek.com/apple-patches-over-70-vulnerabilities-across-ios-macos-other-products/

#cybersecurity #apple #ios 

 Free, France’s second largest ISP, confirms data breach after leak

Free, a major internet service provider (ISP) in France, confirmed over the weekend that hackers breached its systems and stole customer personal information.

The company, which says it had over 22.9 million mobile and fixed subscribers at the end of June, is the second-largest telecommunications company in France and a subsidiary of the Iliad Group, Europe's sixth-largest mobile operator by number of subscribers.

Free has since filed a criminal complaint with the public prosecutor and notified the French National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI) of the incident.

See more: https://www.bleepingcomputer.com/news/security/free-frances-second-largest-isp-confirms-data-breach-after-leak/

#cybersecurity #security #privacy 

 Google Invests in Alternative Neutral Atom Quantum Technology

Google has privately invested in a firm developing a very different and potentially rival quantum computer technology.

Google, a major figure in quantum computer development using superconducting technology to produce quantum bits (qubits), has invested a multi-million dollar sum into a firm developing an entirely different quantum technology: neutral atoms.

In mid-October 2024 – five years after Google announced it had achieved ‘quantum supremacy’ in 2019 – it invested in the quantum hardware firm QuEra Computing. This was a private investment in a private firm that was founded in 2018. The investment is outside of venture funding, and there are no disclosed details.

See more: https://www.securityweek.com/google-invests-in-alternative-neutral-atom-quantum-technology/

#technology #cybersecurity #google #quantumcomputing 

 Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

A critical vulnerability just received a fix with the latest Kubernetes Image Builder release. The vulnerability existed due to hard-coded credentials allowing unauthorized access to an adversary

According to its latest advisory, two security issues received patches with the latest Kubernetes Image Builder. One of these, identified as CVE-2024-9486 (CVSS score of 9.8), existed due to hard-coded credentials enabled during the image-building process. These credentials would remain enabled even with the virtual machines (VMs) built with the Proxmox provider, exposing any nodes using the images to root access from an unauthorized adversary.

In addition, the same Image Builder release also addressed another security flaw, identified as CVE-2024-9594. This medium-severity vulnerability (CVSS 6.3) is the same issue explained above; however, the severity is less for images built with Nutanix, OVA, QEMU, or raw providers. Hence, it’s identified separately and explained here on GitHub.

Users must ensure updating to the Kubernetes Image Builder version 0.1.38 or later to receive all the patches.

See more: https://latesthackingnews.com/2024/10/28/hard-coded-credentials-vulnerability-found-in-kubernetes-image-builder/

#cybersecurity #security #kubernetes 

 New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors

More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks.

The attack, disclosed by ETH Zürich researchers Johannes Wikner and Kaveh Razavi, aims to undermine the Indirect Branch Predictor Barrier (IBPB) on x86 chips, a crucial mitigation against speculative execution attacks.

Speculative execution refers to a performance optimization feature wherein modern CPUs execute certain instructions out-of-order by predicting the branch a program will take beforehand, thus speeding up the task if the speculatively used value was correct.

"Intel users should make sure their intel-microcode is up to date," the researchers said. "AMD users should make sure to install kernel updates."

See more: https://thehackernews.com/2024/10/new-research-reveals-spectre.html

#cybersecurity #security 

 New tool bypasses Google Chrome’s new cookie encryption system

A researcher has released a tool to bypass Google's new App-Bound encryption cookie-theft defenses and extract saved credentials from the Chrome web browser.

The tool, named 'Chrome-App-Bound-Encryption-Decryption,' was released by cybersecurity researcher Alexander Hagenah after he noticed that others were already figuring out similar bypasses.

Although the tool achieves what multiple infostealer operations have already added to their malware, its public availability raises the risk for Chrome users who continue to store sensitive data in their browsers.
 https://www.bleepingcomputer.com/news/security/new-tool-bypasses-google-chromes-new-cookie-encryption-system/

#cybersecurity #security #privacy 

 Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services

A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout.

"The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said. "Through a plugin, CloudScout works seamlessly with MgBot, Evasive Panda's signature malware framework."

The use of the .NET-based malware tool, per the Slovak cybersecurity company, was detected between May 2022 and February 2023. It incorporates 10 different modules, written in C#, out of which three are meant for stealing data from Google Drive, Gmail, and Outlook. The purpose of the remaining modules remains unknown.

See more: https://thehackernews.com/2024/10/chinese-hackers-use-cloudscout-toolset.html

#cybersecurity #security 

 US says Chinese hackers breached multiple telecom providers

The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States.

The breached entities have been warned, and the agencies are proactively alerting other potential targets of the elevated cyber activity.

"The U.S. Government is investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People's Republic of China," reads the announcement.

See more: https://www.bleepingcomputer.com/news/security/us-says-chinese-hackers-breached-multiple-telecom-providers/

#cybersecurity #security 

 Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks.

"This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," SafeBreach researcher Alon Leviev said in a report shared with The Hacker News.

The latest findings build on an earlier analysis that uncovered two privilege escalation flaws in the Windows update process (CVE-2024-21302 and CVE-2024-38202) that could be weaponized to rollback an up-to-date Windows software to an older version containing unpatched security vulnerabilities.

See more:
TheHackerNews: https://thehackernews.com/2024/10/researchers-uncover-os-downgrade.html

SecurityWeek:
https://www.securityweek.com/more-details-shared-on-windows-downgrade-attacks-after-microsoft-rolls-out-mitigations/

#cybersecurity #security 

 https://image.nostr.build/568e1824567a4e9f616be1e0af575dfee2d6bf6e224d23389c2e15b0922038e7.jpg

Happy Birthday Zcash! On this day, 28th October 2016, 8 years ago was generated the genesis block of the Zcash blockchain.

Zcash was the first real-world application of zero-knowledge proofs, a novel method by which one party (the prover) can prove to another (the verifier) that a statement is true, without revealing any information beyond the validity of the statement itself.

#zcash #zk #privacy 

 Several Linux Kernel Driver Maintainers Removed Due To Their Association To Russia.

It was described as due to "compliance requirements" but vague in what those requirements entailed. Linus Torvalds then commented on the Russian Linux maintainers being de-listed and made it clear that they were done due to government compliance requirements / legal issues around Russia. Now today some additional light has been shed on those new Linux kernel "compliance requirements".

Longtime Linux developer and EXT4 file-system maintainer Ted Ts'o has also provided some clarity on a separate Linux kernel mailing list thread. In response to a suggested patch removing Huawei from the MAINTAINERS file given their known relations with the Chinese government there was more discussion about possible future removals.

See original news:
https://www.phoronix.com/news/Russian-Linux-Maintainers-Drop

See Torvalds statement:
https://www.phoronix.com/news/Linus-Torvalds-Russian-Devs

See Compliance Requirements update:
https://www.phoronix.com/news/Linux-Compliance-Requirements

See the original commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e90b675cf94

#linux #cybersecurity 

 QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3

The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now stands at $874,875.

Pwn2Own, a global hacking competition, challenges top security researchers to exploit a range of software and hardware devices, with the ultimate goal of earning the prestigious "Master of Pwn" title and claiming up to $1 million in rewards.

On Day 1, participants uncovered 52 zero-day vulnerabilities, and on Day 2, another 51 zero-days were added.

Yesterday, the competition saw impressive performances from teams representing Viettel Cyber Security, DEVCORE, and PHP Hooligans/Midnight Blue, among others.

See more: https://www.bleepingcomputer.com/news/security/qnap-synology-lexmark-devices-hacked-on-pwn2own-day-3/

#cybersecurity #security 

 Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations

The Irish data protection watchdog on Thursday fined LinkedIn €310 million ($335 million) for violating the privacy of its users by conducting behavioral analyses of personal data for targeted advertising.

"The inquiry examined LinkedIn's processing of personal data for the purposes of behavioral analysis and targeted advertising of users who have created LinkedIn profiles (members)," the Data Protection Commission (DPC) said. "The decision [...] concerns the lawfulness, fairness and transparency of this processing."

See more: https://thehackernews.com/2024/10/irish-watchdog-imposes-record-310.html

#cybersecurity #security #privacy 

 Insurance admin Landmark says data breach impacts 800,000 people

Insurance administrative services company Landmark Admin warns that a data breach impacts over 800,000 people from a May cyberattack

Due to the sensitive nature of the stolen data, impacted people should monitor their credit reports and bank accounts for suspicious activity.

See more: https://www.bleepingcomputer.com/news/security/insurance-admin-landmark-says-data-breach-impacts-800-000-people/

#cybersecurity #security #privacy 

 UnitedHealth says data of 100 million stolen in Change Healthcare breach

UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, marking this as the largest healthcare data breach in recent years.

This data breach was caused by a February ransomware attack on UnitedHealth subsidiary Change Healthcare, which led to widespread outages in the U.S. healthcare system.

During the attack, the threat actors stole 6 TB of data and ultimately encrypted computers on the network, causing the company to shut down IT systems to prevent the spread of the attack.

See more: https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/

#cybersecurity #security #privacy 

 Cisco fixes VPN DoS flaw discovered in password spray attacks

Cisco fixed a denial of service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software, which was discovered during large-scale brute force attacks against Cisco VPN devices in April.

The flaw is tracked as CVE-2024-20481 and impacts all versions of Cisco ASA and Cisco FTD up until the latest versions of the software.

"A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service," reads the CVE-2024-20481 security advisory.

See more: https://www.bleepingcomputer.com/news/security/cisco-fixes-vpn-dos-flaw-discovered-in-password-spray-attacks/

#cybersecurity #security 

 IBM Boosts Guardium Platform to Address Shadow AI, Quantum Cryptography

IBM is updating and upgrading its Guardium platform to provide security for the two primary new technology problems: AI models and quantum safety. 

IBM Guardium AI Security and IBM Guardium Quantum Safe combine to form the newly launched IBM Guardium Data Security Center, which operates across the entire enterprise hybrid infrastructure

See more: https://www.securityweek.com/ibm-boosts-guardium-platform-to-address-shadow-ai-quantum-cryptography/

#cybersecurity 

 CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation.

The vulnerability, tracked as CVE-2024-38094 (CVSS score: 7.2), has been described as a deserialization vulnerability impacting SharePoint that could result in remote code execution.

"An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server," Microsoft said in an alert for the flaw.

See more: https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html

#cybersecurity #security 

 WhatsApp now encrypts contact databases for privacy-preserving synching

The WhatsApp messenger platform has introduced Identity Proof Linked Storage (IPLS), a new privacy-preserving encrypted storage system designed for contact management.

The new system solves two long-standing problems WhatsApp users have been dealing with for years, namely the risk of losing their contact lists if they lose their phone and the inability to sync contacts between different devices.

With IPLS, WhatsApp contact lists will now bind to the account rather than the device, allowing users to easily manage them between device changes or replacements.

See more: https://www.bleepingcomputer.com/news/security/whatsapp-now-encrypts-contact-databases-for-privacy-preserving-synching/

#cybersecurity #security 

 Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day

The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space.

Kaspersky discovered the attacks on May 13, 2024, and reported the Chrome zero-day flaw to Google.

Google issued a fix for CVE-2024-4947 on May 25, with Chrome version 125.0.6422.60/.61.

See more: https://www.bleepingcomputer.com/news/security/lazarus-hackers-used-fake-defi-game-to-exploit-google-chrome-zero-day/

#cybersecurity #security 

 Tor 14.0 browser is out! It’s based on Firefox ESR 128, with enhanced privacy protections and bug fixes.

This is the first stable release based on Firefox ESR 128, incorporating a year's worth of changes shipped upstream in Firefox. 

Android adds desktop feature "New circuit for this site", allowing mobile users to request a new circuit, to refresh the connection, in a more targeted fashion.

Extended support for legacy platforms: Windows 7, 8 and 8.1 and macOS 10.12, 10.13 and 10.14  will continue to receive critical security updates updates on a temporary basis until at least March 2025!

See more:
https://blog.torproject.org/new-release-tor-browser-140/

Twitter post:
https://x.com/torproject/status/1848835179294691396

#privacy #tor #security 

 Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks

Germany’s CERT@VDE has alerted organizations to several critical and high-severity vulnerabilities discovered recently in industrial routers. Impacted vendors have released patches for their products. 

See more: https://www.securityweek.com/critical-vulnerabilities-expose-mbnet-mini-helmholz-industrial-routers-to-attacks/

#cybersecurity #security 

 VMware fixes bad patch for critical vCenter Server RCE flaw

VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024.

The flaw is rated critical (CVSS v3.1 score: 9.8) and stems from a heap overflow weakness in vCenter's DCE/RPC protocol implementation, impacting the vCenter Server and any products incorporating it, such as vSphere and Cloud Foundation.

The flaw does not require user interaction for exploitation, as remote code execution is triggered when a specially crafted network packet is received.

See more: https://www.bleepingcomputer.com/news/security/vmware-fixes-bad-patch-for-critical-vcenter-server-rce-flaw/

#cybersecurity #security 

 Google Warns of Samsung Zero-Day Exploited in the Wild

A zero-day vulnerability in Samsung’s mobile processors has been leveraged as part of an exploit chain for arbitrary code execution, Google’s Threat Analysis Group (TAG) warns.

Tracked as CVE-2024-44068 (CVSS score of 8.1) and patched as part of Samsung’s October 2024 set of security fixes, the issue is described as a use-after-free bug that could be abused to escalate privileges on a vulnerable Android device.

“An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920. A use-after-free in the mobile processor leads to privilege escalation,” a NIST advisory reads.

See more: https://www.securityweek.com/google-warns-of-samsung-zero-day-exploited-in-the-wild/

#cybersecurity #security 

 Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira

Atlassian has announced security updates that resolve six high-severity vulnerabilities in Bitbucket, Confluence, and Jira Service Management products.

See more: https://www.securityweek.com/atlassian-patches-vulnerabilities-in-bitbucket-confluence-jira/

#cybersecurity #security 

 Roundcube Webmail Vulnerability Exploited in Government Attack

A threat actor was caught attempting to exploit a recent vulnerability in Roundcube Webmail against a governmental organization in a Commonwealth of Independent States (CIS) country, cybersecurity firm Positive Technologies reports.

Tracked as CVE-2024-37383 and described as a cross-site scripting (XSS) issue affecting the way Roundcube was handling SVG animate attributes, the bug was patched on May 19 in Roundcube Webmail versions 1.5.7 and 1.6.7.

See more: https://www.securityweek.com/roundcube-webmail-vulnerability-exploited-in-government-attack/

#cybersecurity #security