Top Security News for 31/03/2023

Revisiting Heaven's Gate with Lumma Stealer
https://www.reddit.com/r/netsec/comments/126o0hv/revisiting_heavens_gate_with_lumma_stealer/

'He Would Still Be Here': Man Dies by Suicide After Talking with AI Chatbot, Widow Says
https://www.vice.com/en_us/article/pkadgm/man-dies-by-suicide-after-talking-with-ai-chatbot-widow-says

Latest Microsoft Entra advancements strengthen identity security
https://www.microsoft.com/en-us/security/blog/2023/03/30/latest-microsoft-entra-advancements-strengthen-identity-security/

X-Force Prevents Zero Day from Going Anywhere
https://securityintelligence.com/posts/x-force-prevents-zero-day-from-going-anywhere/

We scanned every NPM and PyPI package for malware with ChatGPT
https://www.reddit.com/r/netsec/comments/12747u0/we_scanned_every_npm_and_pypi_package_for_malware/

With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets
https://www.reddit.com/r/netsec/comments/126lk1v/with_keyplug_chinas_redgolf_spies_on_steals_from/

‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics
https://www.theguardian.com/technology/2023/mar/30/vulkan-files-leak-reveals-putins-global-and-domestic-cyberwarfare-tactics

ISC StormCast for Friday, March 31st, 2023
https://isc.sans.edu/podcastdetail.html?id=8434

New: Burp Suite Enterprise Edition Unlimited pricing
https://portswigger.net/blog/new-burp-suite-enterprise-edition-unlimited-pricing

Medical data exposed in latest GoAnywhere hack. Toyota Italy accidentally leaks (phishing) fuel. Meriton becomes latest Australian company targeted by hackers.
https://thecyberwire.com/podcasts/privacy-briefing/497/notes


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 01/04/2023

Russian APT group Winter Vivern targets email portals of NATO and diplomats
https://securityaffairs.com/144263/intelligence/winter-vivern-email-portals-nato.html

3 tips to raise your backup game
https://www.malwarebytes.com/blog/news/2023/03/3-things-you-should-do-on-world-backup-day

Any antivirus related software automatically closes right after I open it
https://www.reddit.com/r/Malware/comments/12819jk/any_antivirus_related_software_automatically/

BOB DYLAN'S LOST SONG ABOUT HACKERS
https://www.2600.com/content/bob-dylans-lost-song-about-hackers

Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk!
https://thehackernews.com/2023/04/hackers-exploiting-wordpress-elementor.html

2023-03-31 - Qakbot (Qbot), obama247 distribution tag
https://malware.news/t/2023-03-31-qakbot-qbot-obama247-distribution-tag/68368#post_1

It’s hunting season for tax fraudsters. Judge rules against class action lawsuit for CareFirst breach. Top FBI official speaks out in support of Section 702.
https://thecyberwire.com/newsletters/privacy-briefing/5/62

3CX Supply Chain Attack Campaign
https://malware.news/t/3cx-supply-chain-attack-campaign/68365#post_1

A glimpse into Mr. Putin’s cyber war room. 3CXDesktopAppsupply chain risk. XSS flaw in Azure SFX can lead to remote code execution. AlienFox targets misconfigured servers.
https://thecyberwire.com/podcasts/daily-podcast/1792/notes

THE 28TH AMENDMENT TO THE UNITED STATES CONSTITUTION
https://www.2600.com/content/28th-amendment-united-states-constitution


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 02/04/2023

The Defender's Guide to the 3CX Supply Chain Attack - How it happened, why it matters, and what's being done about it
https://www.reddit.com/r/netsec/comments/128iamx/the_defenders_guide_to_the_3cx_supply_chain/

How to avoid the aCropalypse
https://www.reddit.com/r/netsec/comments/128bk1k/how_to_avoid_the_acropalypse/

Avoiding data backup failures – Week in security with Tony Anscombe
https://malware.news/t/avoiding-data-backup-failures-week-in-security-with-tony-anscombe/68369#post_1

Exploiting Hibernate Injection in "Order by" Clause (Oracle database)
https://www.reddit.com/r/netsec/comments/128hhao/exploiting_hibernate_injection_in_order_by_clause/

Using Linux grep and Windows findstr to Manipulate Files, (Fri, Mar 31st)
https://isc.sans.edu/diary/rss/29696

Leveraging LLMs for solving bounty hunting pain points
https://www.reddit.com/r/netsec/comments/128eokl/leveraging_llms_for_solving_bounty_hunting_pain/

Announcing Fibratus 1.10.0 - a modern Windows kernel tracing and threat detection engine
https://www.reddit.com/r/Malware/comments/128ejid/announcing_fibratus_1100_a_modern_windows_kernel/

Microsoft Fixes New Azure AD Vulnerability Impacting Bing Search and Major Apps
https://thehackernews.com/2023/04/microsoft-fixes-new-azure-ad.html

The Crazy Story Of The Pirate Bay
https://0x00sec.org/t/the-crazy-story-of-the-pirate-bay/34281

Developing a Robust Vulnerability Detection Tool for ink!
https://www.reddit.com/r/netsec/comments/128mtmj/developing_a_robust_vulnerability_detection_tool/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 03/04/2023

Update: re-search.py Version 0.0.22
https://malware.news/t/update-re-search-py-version-0-0-22/68375#post_1

Wipeout! Part Deux – Determining How an Android Was Setup
https://malware.news/t/wipeout-part-deux-determining-how-an-android-was-setup/68377#post_1

ASEC Weekly Phishing Email Threat Trends (March 19th, 2023 – March 25th, 2023)
https://malware.news/t/asec-weekly-phishing-email-threat-trends-march-19th-2023-march-25th-2023/68381#post_1

Update: oledump & MSI Files, (Sun, Apr 2nd)
https://malware.news/t/update-oledump-msi-files-sun-apr-2nd/68373#post_1

Darktrace/Email upgrade enhances generative AI email attack defense
https://www.csoonline.com/article/3692450/darktrace-email-upgrade-enhances-generative-ai-email-attack-defense.html#tk.rss_all

YARA v4.3.0 Release, (Sun, Apr 2nd)
https://malware.news/t/yara-v4-3-0-release-sun-apr-2nd/68374#post_1

Pinduoduo Is Straight Up Malware
https://packetstormsecurity.com/news/view/34486/Pinduoduo-Is-Straight-Up-Malware.html

Need help installing hackazon
https://www.reddit.com/r/netsec/comments/12a89je/need_help_installing_hackazon/

Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition
https://securityaffairs.com/144366/breaking-news/security-affairs-newsletter-round-413-by-pierluigi-paganini.html

Malicious ISO File Leads to Domain Wide Ransomware
https://www.reddit.com/r/netsec/comments/12a5epa/malicious_iso_file_leads_to_domain_wide_ransomware/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 04/04/2023

Why we must hit 'pause' on generative AI experiments
https://malware.news/t/why-we-must-hit-pause-on-generative-ai-experiments/68430#post_1

Multiple vulnerabilities in Aten PE8108 power distribution unit - There is no security firmware update, yet.
https://www.reddit.com/r/netsec/comments/12ag7yw/multiple_vulnerabilities_in_aten_pe8108_power/

Bypassing Amazon Kids+ Parental Controls
https://www.reddit.com/r/netsec/comments/12alyxj/bypassing_amazon_kids_parental_controls/

Oregon college cyberattack claimed by Vice Society
https://malware.news/t/oregon-college-cyberattack-claimed-by-vice-society/68427#post_1

Israeli cybersecurity firm launches managed services offering for MSPs
https://www.csoonline.com/article/3692628/israeli-cybersecurity-firm-launches-managed-services-offering-for-msps.html#tk.rss_all

Vice Society takes credit for Lewis & Clark cyberattack. BetterHelp agrees to settlement for sharing customer data without consent. Capita system outage stokes fears of data breach.
https://thecyberwire.com/podcasts/privacy-briefing/499/notes

TikTok: What’s going on and should I be worried?
https://www.malwarebytes.com/blog/news/2023/04/tiktok-whats-going-on-and-should-i-be-worried

What’s Fueling Growth for MSSPs Today? - Jessica C. Davis - CFH #15
https://malware.news/t/what-s-fueling-growth-for-mssps-today-jessica-c-davis-cfh-15/68429#post_1

Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/

Big changes to Twitter verification: How to spot a verified account
https://www.malwarebytes.com/blog/news/2023/04/big-changes-to-twitter-verification-how-to-spot-a-verified-account


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 05/04/2023

3CX software supply chain attack analysis
https://www.reddit.com/r/netsec/comments/12bbk6v/3cx_software_supply_chain_attack_analysis/

We put GPT-4 in Semgrep to point out false positives & fix code
https://www.reddit.com/r/netsec/comments/12byp4l/we_put_gpt4_in_semgrep_to_point_out_false/

Views of a hot cyberwar — the Ukrainian perspective on Russia’s online assault
https://www.csoonline.com/article/3692534/a-report-from-ukraine-s-cybersecurity-service-reveals-insight-into-what-the-country-has-been-facing.html#tk.rss_all

Pentah0wnage: Pre-Auth RCE in Pentaho Business Analytics Server · Aura Research Division
https://www.reddit.com/r/netsec/comments/12ba6lr/pentah0wnage_preauth_rce_in_pentaho_business/

Rorschach ransomware has the fastest file-encrypting routine to date
https://securityaffairs.com/144425/cyber-crime/rorschach-ransomware-fast-encryption.html

New Generation of Phishing Hides Behind Trusted Services
https://securityintelligence.com/articles/new-phishing-hides-behind-trusted-services/

AI - to create complex and new code, its limits and your opinion?
https://0x00sec.org/t/ai-to-create-complex-and-new-code-its-limits-and-your-opinion/34324

UK data regulator issues warning over generative AI data protection concerns
https://www.csoonline.com/article/3692438/uk-data-regulator-issues-warning-over-generative-ai-data-protection-concerns.html#tk.rss_all

TrustCloud releases TrustRegister to help gauge business impact of risks
https://www.csoonline.com/article/3692551/trustcloud-releases-trustregister-to-help-gauge-business-impact-of-risks.html#tk.rss_all

Proxyjacking - How attackers are monetizing internet bandwidth post exploitation
https://www.reddit.com/r/netsec/comments/12bikr1/proxyjacking_how_attackers_are_monetizing/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 06/04/2023

The Uninvited Guest: IDORs, Garage Doors, and Stolen Secrets
https://www.reddit.com/r/netsec/comments/12chcn5/the_uninvited_guest_idors_garage_doors_and_stolen/

Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks
https://thehackernews.com/2023/04/hackers-using-self-extracting-archives.html

Canada launches probe into OpenAI. The dangers of the AI race. A proposed Cyber Service.
https://thecyberwire.com/newsletters/policy-briefing/5/65

Western Digital confirms breach, affects My Cloud and SanDisk users
https://www.malwarebytes.com/blog/news/2023/04/western-digital-confirms-breach-affects-my-cloud-and-sandisk-users

X-Force Identifies Vulnerability in IoT Platform
https://securityintelligence.com/posts/x-force-identifies-vulnerability-iot-platform/

CryptoClippy: New Clipper Malware Targeting Portuguese Cryptocurrency Users
https://thehackernews.com/2023/04/cryptoclippy-new-clipper-malware.html

Google Mandates Android Apps to Offer Easy Account Deletion In-App and Online
https://thehackernews.com/2023/04/google-mandates-android-apps-to-offer.html

Strategic risk analysis is key to ensure customer trust in product, customer-facing app security
https://www.csoonline.com/article/3692351/cisos-need-strategic-risk-analysis-to-balance-internal-and-external-cybersecurity-demands.html#tk.rss_all

The Telegram phishing market
https://securelist.com/telegram-phishing-services/109383/

The Telegram phishing market
https://securelist.com/telegram-phishing-services/109383/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 07/04/2023

Visitors of tax return e-file service may have downloaded malware
https://www.malwarebytes.com/blog/news/2023/04/visitors-of-tax-return-e-file-service-may-have-downloaded-malware

Microsoft Takes Legal Action to Disrupt Cybercriminals' Illegal Use of Cobalt Strike Tool
https://thehackernews.com/2023/04/microsoft-takes-legal-action-to-disrupt.html

Default static key in ThingsBoard IoT platform can give attackers admin access
https://www.csoonline.com/article/3692818/default-static-key-in-thingsboard-iot-platform-can-give-attackers-admin-access.html#tk.rss_all

Detecting Suspicious API Usage with YARA Rules, (Fri, Apr 7th)
https://malware.news/t/detecting-suspicious-api-usage-with-yara-rules-fri-apr-7th/68556#post_1

Do cyber regulations actually make K–12 schools safer? Navigating compliance while securing school and student data
https://www.malwarebytes.com/blog/business/2023/04/do-cyber-regulations-actually-make-k12-schools-safer--navigating-compliance-while-securing-school-and-student-data

FBI Cracks Down on Genesis Market: 119 Arrested in Cybercrime Operation
https://thehackernews.com/2023/04/fbi-cracks-down-on-genesis-market-119.html

CyberGhostVPN Linux client vulnerable to MITM, RCE, LPE writeup
https://www.reddit.com/r/netsec/comments/12d8qp0/cyberghostvpn_linux_client_vulnerable_to_mitm_rce/

IoT garage door exploit allows for remote opening attack
https://www.malwarebytes.com/blog/news/2023/04/iot-garage-door-exploit-allows-for-remote-opening-attack

Supply Chain Attacks and Critical Infrastructure: How CISA Helps Secure a Nation's Crown Jewels
https://thehackernews.com/2023/04/supply-chain-attacks-and-critical.html

The challenges of content moderation. Disinformation in Russia's hybrid war, and propaganda of the deed.
https://thecyberwire.com/podcasts/privacy-briefing/502/notes


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 08/04/2023

US officials testify against TikTok before the House. Should the US follow in Australia’s cybersecurity footsteps? CISA director warns about the dangers of AI.
https://thecyberwire.com/newsletters/policy-briefing/5/67

I Went to Maggie Rogers' Ticketmasterless, In-Person Presale
https://www.vice.com/en_us/article/7kx9nq/i-went-to-maggie-rogers-ticketmasterless-in-person-presale

MERCURY and DEV-1084: Destructive attack on hybrid environment
https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/

Microsoft aims at stopping cybercriminals from using cracked copies of Cobalt Strike
https://securityaffairs.com/144537/hacking/microsoft-vs-cracked-copies-cobalt-strike.html

Researchers Uncover Thriving Phishing Kit Market on Telegram Channels
https://thehackernews.com/2023/04/researchers-uncover-thriving-phishing.html

Apple Releases Updates to Address Zero-Day Flaws in iOS, iPadOS, macOS, and Safari
https://thehackernews.com/2023/04/apple-releases-updates-to-address-zero.html

Genymotion – Proxying Android App Traffic Through Burp Suite | Cameron Cartier
https://malware.news/t/genymotion-proxying-android-app-traffic-through-burp-suite-cameron-cartier/68565#post_1

Your Ultimate Wiki for Learning INFOSEC & Pentesting
https://0x00sec.org/t/your-ultimate-wiki-for-learning-infosec-pentesting/34389

Pentagon’s Ukraine War Plans Leaked on Minecraft Discord Before Telegram and Twitter
https://www.vice.com/en_us/article/pkadnb/pentagons-ukraine-war-plans-leaked-on-minecraft-discord-before-telegram-and-twitter

U.K.'s ACRO investigating cybersecurity incident
https://malware.news/t/u-k-s-acro-investigating-cybersecurity-incident/68568#post_1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 09/04/2023

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/144561/security/veritas-backup-exec-known-exploited-vulnerabilities-catalog.html

advanced malware analysis at OMSCS Georgia Tech
https://www.reddit.com/r/Malware/comments/12foygx/advanced_malware_analysis_at_omscs_georgia_tech/

Security Challenges in Cloud Computing
https://0x00sec.org/t/security-challenges-in-cloud-computing/34416

Karen Worstell: Keep your feet planted. [Strategy]
https://thecyberwire.com/podcasts/career-notes/144/notes

Vulnerable version of WordPress that is provided monthly.
https://www.reddit.com/r/netsec/comments/12fljhg/vulnerable_version_of_wordpress_that_is_provided/

Update: dnsresolver.py Version 0.0.3
https://malware.news/t/update-dnsresolver-py-version-0-0-3/68574#post_1

Using Python to Operate in EDR blind spots
https://www.reddit.com/r/netsec/comments/12fmhya/using_python_to_operate_in_edr_blind_spots/

Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise
https://thehackernews.com/2023/04/iran-based-hackers-caught-carrying-out.html

Nonsense, mayhem, SameSite, cors and CSRF - Part 2
https://www.reddit.com/r/netsec/comments/12fgng7/nonsense_mayhem_samesite_cors_and_csrf_part_2/

🚀 Cilium Tetragon - eBPF-based Security Observability and Runtime Enforcement in Kubernetes Goat 🐐
https://www.reddit.com/r/netsec/comments/12fukqz/cilium_tetragon_ebpfbased_security_observability/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 10/04/2023

ISC Stormcast For Monday, April 10th, 2023 https://isc.sans.edu/podcastdetail.html?id=8446, (Mon, Apr 10th)
https://malware.news/t/isc-stormcast-for-monday-april-10th-2023-https-isc-sans-edu-podcastdetail-html-id-8446-mon-apr-10th/68577#post_1

ISC Stormcast For Monday, April 10th, 2023 https://isc.sans.edu/podcastdetail.html?id=8446, (Mon, Apr 10th)
https://isc.sans.edu/diary/rss/29732

Researchers disclose critical sandbox escape bug in vm2 sandbox library
https://securityaffairs.com/144582/hacking/vm2-rce-sandbox-escape.html

Securing Kubernetes Clusters using Kyverno Policy Engine - New Kubernetes Goat Scenario 🚀
https://www.reddit.com/r/netsec/comments/12gov4l/securing_kubernetes_clusters_using_kyverno_policy/

3CX DesktopApp Supply Chain Attack Also Detected in Korea
https://malware.news/t/3cx-desktopapp-supply-chain-attack-also-detected-in-korea/68576#post_1

Catching Threat Actors using honeypots
https://www.reddit.com/r/netsec/comments/12h2j8x/catching_threat_actors_using_honeypots/

CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required
https://thehackernews.com/2023/04/cisa-warns-of-5-actively-exploited.html

Opinion: Time is crucial when building secure components or infrastructures
https://diablohorn.com/2023/04/09/opinion-time-is-crucial-when-building-secure-components-or-infrastructures/

Cybercrime: be careful what you tell your chatbot helper…
https://www.theguardian.com/technology/2023/apr/09/cybercrime-chatbot-privacy-security-helper-chatgpt-google-bard-microsoft-bing-chat

Extracting Insights from Data: How to Build a Metadata Scraper for Digital Forensics (In Python)
https://0x00sec.org/t/extracting-insights-from-data-how-to-build-a-metadata-scraper-for-digital-forensics-in-python/34436


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 11/04/2023

hunt forward operations (noun)
https://thecyberwire.com/podcasts/word-notes/143/notes

Leaked Classified Documents Also Include Roleplaying Game Character Stats
https://www.vice.com/en_us/article/ak3d5z/leaked-classified-documents-also-include-roleplaying-game-character-stats

Ukraine at D+410: Static, sanguinary lines.
https://thecyberwire.com/stories/0f5fbff2ed65489c95cc4c972570127f/ukraine-at-d410

A look at Iran’s MERCURY APT. Updates on Russia's hybrid war, including some apparent leaks and some apparent doxing. And notes on cloud security trends.
https://thecyberwire.com/podcasts/daily-podcast/1798/notes

Firewalls and Internet Security: Repelling the Wily Hacker -- now released under a Creative Commons license
https://www.reddit.com/r/netsec/comments/12i2vdz/firewalls_and_internet_security_repelling_the/

Samsung employees leak company data on ChatGPT. Update on Queensland University of Technology attack.
https://thecyberwire.com/podcasts/privacy-briefing/504/notes

CISA adds zero-day bugs in iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/144638/security/apple-flaws-cisa-known-exploited-vulnerabilities-catalog.html

Hacking play-to-earn blockchain games: The case of Manarium
https://www.reddit.com/r/netsec/comments/12hnwmm/hacking_playtoearn_blockchain_games_the_case_of/

BrandPost: Evolving identity and permissions management for the multicloud world
https://www.csoonline.com/article/3693111/evolving-identity-and-permissions-management-for-the-multicloud-world.html#tk.rss_all

What is the true potential impact of artificial intelligence on cybersecurity?
https://www.csoonline.com/article/3692868/what-is-artificial-intelligence-s-true-potential-impact-on-cybersecurity.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 12/04/2023

As the west tries to limit TikTok’s reach, what about China’s other apps?
https://www.theguardian.com/technology/2023/apr/12/tiktok-china-apps-national-security-wechat-shein

Iranian APT group launches destructive attacks in hybrid Azure AD environments
https://www.csoonline.com/article/3692918/iranian-apt-group-launches-destructive-attacks-in-hybrid-azure-ad-environments.html#tk.rss_all

ZeroFox partners with Google Cloud to warn users against phishing domains
https://www.csoonline.com/article/3693016/zerofox-partners-with-google-cloud-to-warn-users-against-phishing-domains.html#tk.rss_all

Awesome Hacker Search Engines
https://www.reddit.com/r/netsec/comments/12in7ew/awesome_hacker_search_engines/

Top 10 Most Useful Pentesting tools
https://0x00sec.org/t/top-10-most-useful-pentesting-tools/34472

Why reporting an incident only makes the cybersecurity community stronger
https://www.csoonline.com/article/3692815/why-reporting-an-incident-only-makes-the-cybersecurity-community-stronger.html#tk.rss_all

Security Alert: Microsoft Releases April 2023 Security Updates
https://malware.news/t/security-alert-microsoft-releases-april-2023-security-updates/68664#post_1

Microsoft April 2023 Patch Tuesday, (Tue, Apr 11th)
https://isc.sans.edu/diary/rss/29736

Stowaway -- Multi-hop Proxy Tool for pentesters
https://www.reddit.com/r/netsec/comments/12hh8ve/stowaway_multihop_proxy_tool_for_pentesters/

Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 13/04/2023

An emperical and practical guide to LLM hacking
https://www.reddit.com/r/netsec/comments/12jrurl/an_emperical_and_practical_guide_to_llm_hacking/

Why does it take so long for security teams to remediate vulnerabilities?
https://malware.news/t/why-does-it-take-so-long-for-security-teams-to-remediate-vulnerabilities/68702#post_1

Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
https://thehackernews.com/2023/04/urgent-microsoft-issues-patches-for-97.html

Rooting a Common-Criteria Certified Printer to Improve OPSEC
https://www.reddit.com/r/netsec/comments/12jkjeq/rooting_a_commoncriteria_certified_printer_to/

AI Tasked With 'Destroying Humanity' Now 'Working on Control Over Humanity Through Manipulation'
https://www.vice.com/en_us/article/z3mxe3/ai-tasked-with-destroying-humanity-now-working-on-control-over-humanity-through-manipulation

[CVE-2023-21554] MSMQ (tcp/1801) Remote Code Execution (CVSS 9.8)
https://www.reddit.com/r/netsec/comments/12jet9f/cve202321554_msmq_tcp1801_remote_code_execution/

Addressing National Cyber Strategy.
https://thecyberwire.com/podcasts/caveat/168/notes

Following the Lazarus group by tracking DeathNote campaign
https://www.reddit.com/r/netsec/comments/12jnxa4/following_the_lazarus_group_by_tracking_deathnote/

Qakbot Being Distributed in Korea Through Email Hijacking
https://malware.news/t/qakbot-being-distributed-in-korea-through-email-hijacking/68698#post_1

Botconf 2023 Wrap-Up Day #1
https://blog.rootshell.be/2023/04/12/botconf-2023-wrap-up-day-1/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 14/04/2023

The FBI warns of juicejacking and other risks of public tech.
https://thecyberwire.com/stories/5cce3eded6df4a059dd9b383c4341b98/the-fbi-warns-of-juicejacking-and-other-risks-of-public-tech

Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign
https://thehackernews.com/2023/04/lazarus-hacker-group-evolves-tactics.html

Microsoft patches vulnerability used in Nokoyawa ransomware attacks
https://www.csoonline.com/article/3693351/microsoft-patches-vulnerability-used-in-nokoyawa-ransomware-attacks.html#tk.rss_all

Former TSB chief information officer fined £81,000 over IT meltdown in 2018
https://www.theguardian.com/business/2023/apr/13/former-tsb-bank-chief-information-officer-fined-2018

Dissecting threat intelligence lifecycle problems
https://www.csoonline.com/article/3692921/dissecting-threat-intelligence-lifecycle-problems.html#tk.rss_all

4 strategies to help reduce the risk of DNS tunneling
https://www.csoonline.com/article/3692876/4-strategies-to-help-reduce-the-risk-of-dns-tunneling.html#tk.rss_all

ShmooCon 2023 Conference Videos
https://www.reddit.com/r/netsec/comments/12kr8ha/shmoocon_2023_conference_videos/

HTTP: What's Left of it and the OCSP Problem, (Thu, Apr 13th)
https://isc.sans.edu/diary/rss/29744

WhatsApp adds key transparency for all users to strengthen the security of end-to-end encrypted messaging
https://www.reddit.com/r/netsec/comments/12kojo2/whatsapp_adds_key_transparency_for_all_users_to/

Cisco to offer Webex air-gapped cloud system for security, defense work
https://www.computerworld.com/article/3693449/cisco-to-offer-webex-air-gapped-cloud-system-for-security-defense-work.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 15/04/2023

Detection Methods: Do You Know Where Your Credentials are?
https://securityintelligence.com/posts/detection-methods-do-you-know-where-your-credentials-are/

Lost in ChatGPT's memories: escaping ChatGPT-3.5 memory issues to write CVE PoCs
https://www.reddit.com/r/netsec/comments/12menep/lost_in_chatgpts_memories_escaping_chatgpt35/

Is AI being used for virtual kidnapping scams?
https://malware.news/t/is-ai-being-used-for-virtual-kidnapping-scams/68761#post_1

Escalating file write into RCE in Python
https://www.reddit.com/r/netsec/comments/12lplzy/escalating_file_write_into_rce_in_python/

"Read the Manual" and the ransomware-as-a-service market. Bitter APT against energy companies. Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Aan arrest in the Discord Papers case.
https://thecyberwire.com/podcasts/daily-podcast/1802/notes

PCI DSS reporting details to ensure when contracting quarterly CDE tests
https://malware.news/t/pci-dss-reporting-details-to-ensure-when-contracting-quarterly-cde-tests/68759#post_1

A cyberattack on the Cornwall Community Hospital in Ontario is causing treatment delays
https://securityaffairs.com/144811/cyber-crime/cyberattack-cornwall-community-hospital-ontario.html

uni-due-syssec/efcf-framework: Extremely Fast smart Contract Fuzzing
https://www.reddit.com/r/netsec/comments/12m8bqa/uniduesyssecefcfframework_extremely_fast_smart/

Google fixed the first Chrome zero-day of 2023
https://securityaffairs.com/144805/security/google-chrome-zero-day-2023.html

Botconf 2023 Wrap-Up Day #3
https://malware.news/t/botconf-2023-wrap-up-day-3/68764#post_1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 16/04/2023

Own a Windows Keyboard
https://0x00sec.org/t/own-a-windows-keyboard/34534

Can we find the WannaCry source code?
https://0x00sec.org/t/can-we-find-the-wannacry-source-code/34528

The Proposal of Chat-GPT for an “AI Guardian” to Protect Privacy in Legal Cases
https://malware.news/t/the-proposal-of-chat-gpt-for-an-ai-guardian-to-protect-privacy-in-legal-cases/68765#post_1

Mandiant’s new solution allows exposure hunting for a proactive defense
https://www.csoonline.com/article/3693452/mandiants-new-solution-allows-exposure-hunting-for-a-proactive-defense.html#tk.rss_all

Remote Code Execution Vulnerability in Google They Are Not Willing To Fix
https://www.reddit.com/r/netsec/comments/12mtclt/remote_code_execution_vulnerability_in_google/

Vulnerability scanner for AWS customer-managed policies using ChatGPT w/ built-in account redaction.
https://www.reddit.com/r/netsec/comments/12nsrz1/vulnerability_scanner_for_aws_customermanaged/

Siemens Metaverse exposes sensitive corporate data
https://securityaffairs.com/144832/security/siemens-metaverse-data-leak.html

New Android malicious library Goldoson found in 60 apps +100M downloads
https://securityaffairs.com/144838/malware/goldoson-malicious-library-google-play.html

Jack Chapman: Shielding against the bad guys. [Threat Intelligence]
https://thecyberwire.com/podcasts/career-notes/145/notes

CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/144822/security/android-flaws-cisa-known-exploited-vulnerabilities-catalog.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 17/04/2023

10th April – Threat Intelligence Report
https://malware.news/t/10th-april-threat-intelligence-report/68768#post_1

IDA Memory Snapshot - Amadey Malware Unpacking & Initterm Poisoning
https://malware.news/t/ida-memory-snapshot-amadey-malware-unpacking-initterm-poisoning/68766#post_1

Australians report record $3.1bn losses to scams, with real amount even higher, ACCC says
https://www.theguardian.com/australia-news/2023/apr/17/australians-report-record-31bn-losses-to-scams-with-real-amount-even-higher-accc-says

NCR was the victim of BlackCat/ALPHV ransomware gang
https://securityaffairs.com/144866/cyber-crime/ncr-blackcat-alphv-ransomware.html

Security Affairs newsletter Round 415 by Pierluigi Paganini – International edition
https://securityaffairs.com/144863/breaking-news/security-affairs-newsletter-round-415-by-pierluigi-paganini.html

Could any of you be a hacker and not tell a soul?
https://0x00sec.org/t/could-any-of-you-be-a-hacker-and-not-tell-a-soul/34548

Trigona Ransomware Attacking MS-SQL Servers
https://malware.news/t/trigona-ransomware-attacking-ms-sql-servers/68771#post_1

WorLLMs
https://www.reddit.com/r/netsec/comments/12o1x14/worllms/

ISC Stormcast For Monday, April 17th, 2023 https://isc.sans.edu/podcastdetail.html?id=8456, (Mon, Apr 17th)
https://malware.news/t/isc-stormcast-for-monday-april-17th-2023-https-isc-sans-edu-podcastdetail-html-id-8456-mon-apr-17th/68770#post_1

Additional Activities of the Tick Group That Attacks with a Modified Q-Dir and Their Ties with Operation Triple Tiang
https://malware.news/t/additional-activities-of-the-tick-group-that-attacks-with-a-modified-q-dir-and-their-ties-with-operation-triple-tiang/68772#post_1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 18/04/2023

Israeli Spyware Vendor QuaDream to Shut Down Following Citizen Lab and Microsoft Expose
https://thehackernews.com/2023/04/israeli-spyware-vendor-quadream-to-shut.html

A Practical, AI-Generated Phishing PoC with ChatGPT
https://www.reddit.com/r/netsec/comments/12ps1zb/a_practical_aigenerated_phishing_poc_with_chatgpt/

Woman tracks down and turns table on Airbnb scammer
https://www.malwarebytes.com/blog/news/2023/04/woman-tracks-down-and-turns-table-on-airbnb-scammer

ASEC Weekly Malware Statistics (April 10th, 2023 – April 16th, 2023)
https://malware.news/t/asec-weekly-malware-statistics-april-10th-2023-april-16th-2023/68806#post_1

Ransomware in Germany, April 2022 – March 2023
https://www.malwarebytes.com/blog/threat-intelligence/2023/04/ransomware-review-germany

Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration
https://thehackernews.com/2023/04/vice-society-ransomware-using-stealthy.html

Developments in the Discord Papers, including notes on influencers and why they seek influence. Tax season scams. KillNet’s selling, but is anyone buying?
https://thecyberwire.com/podcasts/daily-podcast/1803/notes

Hey, I wrote a GCP pentesting guide, check it out if you are interested in cloud security and please lmk your thoughts. Appreciate it.
https://www.reddit.com/r/netsec/comments/12prarf/hey_i_wrote_a_gcp_pentesting_guide_check_it_out/

Security Operations Center (SOC) (noun)
https://thecyberwire.com/podcasts/word-notes/144/notes

7 cybersecurity mindsets that undermine practitioners and how to avoid them
https://www.csoonline.com/article/3693255/7-cybersecurity-mindsets-that-undermine-practitioners-and-how-to-avoid-them.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 27/04/2023

Cyber Risk Quantification, Level 6 Cybersecurity, & Intel Briefing
https://thecyberwire.com/podcasts/rh-isac/26/notes

VMware Releases Critical Patches for Workstation and Fusion Software
https://thehackernews.com/2023/04/vmware-releases-critical-patches-for.html

ISC Stormcast For Thursday, April 27th, 2023 https://isc.sans.edu/podcastdetail.html?id=8472, (Thu, Apr 27th)
https://malware.news/t/isc-stormcast-for-thursday-april-27th-2023-https-isc-sans-edu-podcastdetail-html-id-8472-thu-apr-27th/69032#post_1

How AIoT Will Reshape the Security Industry in 2023
https://securityintelligence.com/articles/how-aiot-will-reshape-security-2023/

Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers
https://www.csoonline.com/article/3694850/iranian-cyberspies-deploy-new-malware-implant-on-microsoft-exchange-servers.html#tk.rss_all

Avast detected some harmful apps.
https://www.reddit.com/r/Malware/comments/130agyn/avast_detected_some_harmful_apps/

Fake Flipper Zero sellers are after your money
https://www.malwarebytes.com/blog/news/2023/04/fake-flipper-zero-sellers-are-after-your-money

Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China
https://thehackernews.com/2023/04/chinese-hackers-using-mgbot-malware-to.html

Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram
https://www.reddit.com/r/Malware/comments/12zz7x6/threat_actor_selling_new_atomic_macos_amos/

Palantir Demos AI to Fight Wars But Says It Will Be Totally Ethical Don’t Worry About It
https://www.vice.com/en_us/article/qjvb4x/palantir-demos-ai-to-fight-wars-but-says-it-will-be-totally-ethical-dont-worry-about-it


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 28/04/2023

Android greybox fuzzing with AFL++ Frida mode
https://www.reddit.com/r/netsec/comments/130uxye/android_greybox_fuzzing_with_afl_frida_mode/

User impersonation via stolen UUID code in KeyCloak (CVE-2023-0264)
https://www.reddit.com/r/netsec/comments/130km04/user_impersonation_via_stolen_uuid_code_in/

RTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts
https://thehackernews.com/2023/04/rtm-lockers-first-linux-ransomware.html

Zero Trust Data Security: It’s Time To Make the Shift
https://securityintelligence.com/articles/zero-trust-data-security-time-to-shift/

ISC StormCast for Friday, April 28th, 2023
https://isc.sans.edu/podcastdetail.html?id=8474

API and application attacks rising: Akamai.
https://thecyberwire.com

ISC Stormcast For Friday, April 28th, 2023 https://isc.sans.edu/podcastdetail.html?id=8474, (Fri, Apr 28th)
https://isc.sans.edu/diary/rss/29786

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware
https://thehackernews.com/2023/04/microsoft-confirms-papercut-servers.html

Why you should practice rollbacks to prevent data loss in a ransomware attack
https://www.microsoft.com/en-us/security/blog/2023/04/27/why-you-should-practice-rollbacks-to-prevent-data-loss-in-a-ransomware-attack/

Smash PostScript Interpreters Using a Syntax-Aware Fuzzer
https://www.reddit.com/r/netsec/comments/130fg5s/smash_postscript_interpreters_using_a_syntaxaware/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman