Top Security News for 15/04/2023
Detection Methods: Do You Know Where Your Credentials are?
https://securityintelligence.com/posts/detection-methods-do-you-know-where-your-credentials-are/
Lost in ChatGPT's memories: escaping ChatGPT-3.5 memory issues to write CVE PoCs
https://www.reddit.com/r/netsec/comments/12menep/lost_in_chatgpts_memories_escaping_chatgpt35/
Is AI being used for virtual kidnapping scams?
https://malware.news/t/is-ai-being-used-for-virtual-kidnapping-scams/68761#post_1
Escalating file write into RCE in Python
https://www.reddit.com/r/netsec/comments/12lplzy/escalating_file_write_into_rce_in_python/
"Read the Manual" and the ransomware-as-a-service market. Bitter APT against energy companies. Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Aan arrest in the Discord Papers case.
https://thecyberwire.com/podcasts/daily-podcast/1802/notes
PCI DSS reporting details to ensure when contracting quarterly CDE tests
https://malware.news/t/pci-dss-reporting-details-to-ensure-when-contracting-quarterly-cde-tests/68759#post_1
A cyberattack on the Cornwall Community Hospital in Ontario is causing treatment delays
https://securityaffairs.com/144811/cyber-crime/cyberattack-cornwall-community-hospital-ontario.html
uni-due-syssec/efcf-framework: Extremely Fast smart Contract Fuzzing
https://www.reddit.com/r/netsec/comments/12m8bqa/uniduesyssecefcfframework_extremely_fast_smart/
Google fixed the first Chrome zero-day of 2023
https://securityaffairs.com/144805/security/google-chrome-zero-day-2023.html
Botconf 2023 Wrap-Up Day #3
https://malware.news/t/botconf-2023-wrap-up-day-3/68764#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Detection Methods: Do You Know Where Your Credentials are?
https://securityintelligence.com/posts/detection-methods-do-you-know-where-your-credentials-are/
Lost in ChatGPT's memories: escaping ChatGPT-3.5 memory issues to write CVE PoCs
https://www.reddit.com/r/netsec/comments/12menep/lost_in_chatgpts_memories_escaping_chatgpt35/
Is AI being used for virtual kidnapping scams?
https://malware.news/t/is-ai-being-used-for-virtual-kidnapping-scams/68761#post_1
Escalating file write into RCE in Python
https://www.reddit.com/r/netsec/comments/12lplzy/escalating_file_write_into_rce_in_python/
"Read the Manual" and the ransomware-as-a-service market. Bitter APT against energy companies. Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Aan arrest in the Discord Papers case.
https://thecyberwire.com/podcasts/daily-podcast/1802/notes
PCI DSS reporting details to ensure when contracting quarterly CDE tests
https://malware.news/t/pci-dss-reporting-details-to-ensure-when-contracting-quarterly-cde-tests/68759#post_1
A cyberattack on the Cornwall Community Hospital in Ontario is causing treatment delays
https://securityaffairs.com/144811/cyber-crime/cyberattack-cornwall-community-hospital-ontario.html
uni-due-syssec/efcf-framework: Extremely Fast smart Contract Fuzzing
https://www.reddit.com/r/netsec/comments/12m8bqa/uniduesyssecefcfframework_extremely_fast_smart/
Google fixed the first Chrome zero-day of 2023
https://securityaffairs.com/144805/security/google-chrome-zero-day-2023.html
Botconf 2023 Wrap-Up Day #3
https://malware.news/t/botconf-2023-wrap-up-day-3/68764#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Intelligence
Detection Methods: Do You Know Where Your Credentials are?
Information-stealing malware has created a host of new problems for organizations. CredInt offers a way to detect a potential breach.
Top Security News for 16/04/2023
Own a Windows Keyboard
https://0x00sec.org/t/own-a-windows-keyboard/34534
Can we find the WannaCry source code?
https://0x00sec.org/t/can-we-find-the-wannacry-source-code/34528
The Proposal of Chat-GPT for an “AI Guardian” to Protect Privacy in Legal Cases
https://malware.news/t/the-proposal-of-chat-gpt-for-an-ai-guardian-to-protect-privacy-in-legal-cases/68765#post_1
Mandiant’s new solution allows exposure hunting for a proactive defense
https://www.csoonline.com/article/3693452/mandiants-new-solution-allows-exposure-hunting-for-a-proactive-defense.html#tk.rss_all
Remote Code Execution Vulnerability in Google They Are Not Willing To Fix
https://www.reddit.com/r/netsec/comments/12mtclt/remote_code_execution_vulnerability_in_google/
Vulnerability scanner for AWS customer-managed policies using ChatGPT w/ built-in account redaction.
https://www.reddit.com/r/netsec/comments/12nsrz1/vulnerability_scanner_for_aws_customermanaged/
Siemens Metaverse exposes sensitive corporate data
https://securityaffairs.com/144832/security/siemens-metaverse-data-leak.html
New Android malicious library Goldoson found in 60 apps +100M downloads
https://securityaffairs.com/144838/malware/goldoson-malicious-library-google-play.html
Jack Chapman: Shielding against the bad guys. [Threat Intelligence]
https://thecyberwire.com/podcasts/career-notes/145/notes
CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/144822/security/android-flaws-cisa-known-exploited-vulnerabilities-catalog.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Own a Windows Keyboard
https://0x00sec.org/t/own-a-windows-keyboard/34534
Can we find the WannaCry source code?
https://0x00sec.org/t/can-we-find-the-wannacry-source-code/34528
The Proposal of Chat-GPT for an “AI Guardian” to Protect Privacy in Legal Cases
https://malware.news/t/the-proposal-of-chat-gpt-for-an-ai-guardian-to-protect-privacy-in-legal-cases/68765#post_1
Mandiant’s new solution allows exposure hunting for a proactive defense
https://www.csoonline.com/article/3693452/mandiants-new-solution-allows-exposure-hunting-for-a-proactive-defense.html#tk.rss_all
Remote Code Execution Vulnerability in Google They Are Not Willing To Fix
https://www.reddit.com/r/netsec/comments/12mtclt/remote_code_execution_vulnerability_in_google/
Vulnerability scanner for AWS customer-managed policies using ChatGPT w/ built-in account redaction.
https://www.reddit.com/r/netsec/comments/12nsrz1/vulnerability_scanner_for_aws_customermanaged/
Siemens Metaverse exposes sensitive corporate data
https://securityaffairs.com/144832/security/siemens-metaverse-data-leak.html
New Android malicious library Goldoson found in 60 apps +100M downloads
https://securityaffairs.com/144838/malware/goldoson-malicious-library-google-play.html
Jack Chapman: Shielding against the bad guys. [Threat Intelligence]
https://thecyberwire.com/podcasts/career-notes/145/notes
CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/144822/security/android-flaws-cisa-known-exploited-vulnerabilities-catalog.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
0x00sec - The Home of the Hacker
Own a Windows Keyboard
Windows 10 Keylogger written in C++ FOREWORD I am a beginner in C/C++ and especially malware development in Windows. So I have made a keylogger for Windows, that is pretty basic, but probably a bit different from others. Please note that it was written…
Top Security News for 17/04/2023
10th April – Threat Intelligence Report
https://malware.news/t/10th-april-threat-intelligence-report/68768#post_1
IDA Memory Snapshot - Amadey Malware Unpacking & Initterm Poisoning
https://malware.news/t/ida-memory-snapshot-amadey-malware-unpacking-initterm-poisoning/68766#post_1
Australians report record $3.1bn losses to scams, with real amount even higher, ACCC says
https://www.theguardian.com/australia-news/2023/apr/17/australians-report-record-31bn-losses-to-scams-with-real-amount-even-higher-accc-says
NCR was the victim of BlackCat/ALPHV ransomware gang
https://securityaffairs.com/144866/cyber-crime/ncr-blackcat-alphv-ransomware.html
Security Affairs newsletter Round 415 by Pierluigi Paganini – International edition
https://securityaffairs.com/144863/breaking-news/security-affairs-newsletter-round-415-by-pierluigi-paganini.html
Could any of you be a hacker and not tell a soul?
https://0x00sec.org/t/could-any-of-you-be-a-hacker-and-not-tell-a-soul/34548
Trigona Ransomware Attacking MS-SQL Servers
https://malware.news/t/trigona-ransomware-attacking-ms-sql-servers/68771#post_1
WorLLMs
https://www.reddit.com/r/netsec/comments/12o1x14/worllms/
ISC Stormcast For Monday, April 17th, 2023 https://isc.sans.edu/podcastdetail.html?id=8456, (Mon, Apr 17th)
https://malware.news/t/isc-stormcast-for-monday-april-17th-2023-https-isc-sans-edu-podcastdetail-html-id-8456-mon-apr-17th/68770#post_1
Additional Activities of the Tick Group That Attacks with a Modified Q-Dir and Their Ties with Operation Triple Tiang
https://malware.news/t/additional-activities-of-the-tick-group-that-attacks-with-a-modified-q-dir-and-their-ties-with-operation-triple-tiang/68772#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
10th April – Threat Intelligence Report
https://malware.news/t/10th-april-threat-intelligence-report/68768#post_1
IDA Memory Snapshot - Amadey Malware Unpacking & Initterm Poisoning
https://malware.news/t/ida-memory-snapshot-amadey-malware-unpacking-initterm-poisoning/68766#post_1
Australians report record $3.1bn losses to scams, with real amount even higher, ACCC says
https://www.theguardian.com/australia-news/2023/apr/17/australians-report-record-31bn-losses-to-scams-with-real-amount-even-higher-accc-says
NCR was the victim of BlackCat/ALPHV ransomware gang
https://securityaffairs.com/144866/cyber-crime/ncr-blackcat-alphv-ransomware.html
Security Affairs newsletter Round 415 by Pierluigi Paganini – International edition
https://securityaffairs.com/144863/breaking-news/security-affairs-newsletter-round-415-by-pierluigi-paganini.html
Could any of you be a hacker and not tell a soul?
https://0x00sec.org/t/could-any-of-you-be-a-hacker-and-not-tell-a-soul/34548
Trigona Ransomware Attacking MS-SQL Servers
https://malware.news/t/trigona-ransomware-attacking-ms-sql-servers/68771#post_1
WorLLMs
https://www.reddit.com/r/netsec/comments/12o1x14/worllms/
ISC Stormcast For Monday, April 17th, 2023 https://isc.sans.edu/podcastdetail.html?id=8456, (Mon, Apr 17th)
https://malware.news/t/isc-stormcast-for-monday-april-17th-2023-https-isc-sans-edu-podcastdetail-html-id-8456-mon-apr-17th/68770#post_1
Additional Activities of the Tick Group That Attacks with a Modified Q-Dir and Their Ties with Operation Triple Tiang
https://malware.news/t/additional-activities-of-the-tick-group-that-attacks-with-a-modified-q-dir-and-their-ties-with-operation-triple-tiang/68772#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
10th April – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 10th April, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES Taiwanese computing hardware giant MSI has suffered a ransomware attack by the recently-founded group Money…
Top Security News for 18/04/2023
Israeli Spyware Vendor QuaDream to Shut Down Following Citizen Lab and Microsoft Expose
https://thehackernews.com/2023/04/israeli-spyware-vendor-quadream-to-shut.html
A Practical, AI-Generated Phishing PoC with ChatGPT
https://www.reddit.com/r/netsec/comments/12ps1zb/a_practical_aigenerated_phishing_poc_with_chatgpt/
Woman tracks down and turns table on Airbnb scammer
https://www.malwarebytes.com/blog/news/2023/04/woman-tracks-down-and-turns-table-on-airbnb-scammer
ASEC Weekly Malware Statistics (April 10th, 2023 – April 16th, 2023)
https://malware.news/t/asec-weekly-malware-statistics-april-10th-2023-april-16th-2023/68806#post_1
Ransomware in Germany, April 2022 – March 2023
https://www.malwarebytes.com/blog/threat-intelligence/2023/04/ransomware-review-germany
Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration
https://thehackernews.com/2023/04/vice-society-ransomware-using-stealthy.html
Developments in the Discord Papers, including notes on influencers and why they seek influence. Tax season scams. KillNet’s selling, but is anyone buying?
https://thecyberwire.com/podcasts/daily-podcast/1803/notes
Hey, I wrote a GCP pentesting guide, check it out if you are interested in cloud security and please lmk your thoughts. Appreciate it.
https://www.reddit.com/r/netsec/comments/12prarf/hey_i_wrote_a_gcp_pentesting_guide_check_it_out/
Security Operations Center (SOC) (noun)
https://thecyberwire.com/podcasts/word-notes/144/notes
7 cybersecurity mindsets that undermine practitioners and how to avoid them
https://www.csoonline.com/article/3693255/7-cybersecurity-mindsets-that-undermine-practitioners-and-how-to-avoid-them.html#tk.rss_all
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Israeli Spyware Vendor QuaDream to Shut Down Following Citizen Lab and Microsoft Expose
https://thehackernews.com/2023/04/israeli-spyware-vendor-quadream-to-shut.html
A Practical, AI-Generated Phishing PoC with ChatGPT
https://www.reddit.com/r/netsec/comments/12ps1zb/a_practical_aigenerated_phishing_poc_with_chatgpt/
Woman tracks down and turns table on Airbnb scammer
https://www.malwarebytes.com/blog/news/2023/04/woman-tracks-down-and-turns-table-on-airbnb-scammer
ASEC Weekly Malware Statistics (April 10th, 2023 – April 16th, 2023)
https://malware.news/t/asec-weekly-malware-statistics-april-10th-2023-april-16th-2023/68806#post_1
Ransomware in Germany, April 2022 – March 2023
https://www.malwarebytes.com/blog/threat-intelligence/2023/04/ransomware-review-germany
Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration
https://thehackernews.com/2023/04/vice-society-ransomware-using-stealthy.html
Developments in the Discord Papers, including notes on influencers and why they seek influence. Tax season scams. KillNet’s selling, but is anyone buying?
https://thecyberwire.com/podcasts/daily-podcast/1803/notes
Hey, I wrote a GCP pentesting guide, check it out if you are interested in cloud security and please lmk your thoughts. Appreciate it.
https://www.reddit.com/r/netsec/comments/12prarf/hey_i_wrote_a_gcp_pentesting_guide_check_it_out/
Security Operations Center (SOC) (noun)
https://thecyberwire.com/podcasts/word-notes/144/notes
7 cybersecurity mindsets that undermine practitioners and how to avoid them
https://www.csoonline.com/article/3693255/7-cybersecurity-mindsets-that-undermine-practitioners-and-how-to-avoid-them.html#tk.rss_all
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
r/netsec on Reddit: A Practical, AI-Generated Phishing PoC with ChatGPT
Posted by u/IndySecMan - 2 votes and no comments
Top Security News for 27/04/2023
Cyber Risk Quantification, Level 6 Cybersecurity, & Intel Briefing
https://thecyberwire.com/podcasts/rh-isac/26/notes
VMware Releases Critical Patches for Workstation and Fusion Software
https://thehackernews.com/2023/04/vmware-releases-critical-patches-for.html
ISC Stormcast For Thursday, April 27th, 2023 https://isc.sans.edu/podcastdetail.html?id=8472, (Thu, Apr 27th)
https://malware.news/t/isc-stormcast-for-thursday-april-27th-2023-https-isc-sans-edu-podcastdetail-html-id-8472-thu-apr-27th/69032#post_1
How AIoT Will Reshape the Security Industry in 2023
https://securityintelligence.com/articles/how-aiot-will-reshape-security-2023/
Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers
https://www.csoonline.com/article/3694850/iranian-cyberspies-deploy-new-malware-implant-on-microsoft-exchange-servers.html#tk.rss_all
Avast detected some harmful apps.
https://www.reddit.com/r/Malware/comments/130agyn/avast_detected_some_harmful_apps/
Fake Flipper Zero sellers are after your money
https://www.malwarebytes.com/blog/news/2023/04/fake-flipper-zero-sellers-are-after-your-money
Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China
https://thehackernews.com/2023/04/chinese-hackers-using-mgbot-malware-to.html
Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram
https://www.reddit.com/r/Malware/comments/12zz7x6/threat_actor_selling_new_atomic_macos_amos/
Palantir Demos AI to Fight Wars But Says It Will Be Totally Ethical Don’t Worry About It
https://www.vice.com/en_us/article/qjvb4x/palantir-demos-ai-to-fight-wars-but-says-it-will-be-totally-ethical-dont-worry-about-it
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Cyber Risk Quantification, Level 6 Cybersecurity, & Intel Briefing
https://thecyberwire.com/podcasts/rh-isac/26/notes
VMware Releases Critical Patches for Workstation and Fusion Software
https://thehackernews.com/2023/04/vmware-releases-critical-patches-for.html
ISC Stormcast For Thursday, April 27th, 2023 https://isc.sans.edu/podcastdetail.html?id=8472, (Thu, Apr 27th)
https://malware.news/t/isc-stormcast-for-thursday-april-27th-2023-https-isc-sans-edu-podcastdetail-html-id-8472-thu-apr-27th/69032#post_1
How AIoT Will Reshape the Security Industry in 2023
https://securityintelligence.com/articles/how-aiot-will-reshape-security-2023/
Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers
https://www.csoonline.com/article/3694850/iranian-cyberspies-deploy-new-malware-implant-on-microsoft-exchange-servers.html#tk.rss_all
Avast detected some harmful apps.
https://www.reddit.com/r/Malware/comments/130agyn/avast_detected_some_harmful_apps/
Fake Flipper Zero sellers are after your money
https://www.malwarebytes.com/blog/news/2023/04/fake-flipper-zero-sellers-are-after-your-money
Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China
https://thehackernews.com/2023/04/chinese-hackers-using-mgbot-malware-to.html
Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram
https://www.reddit.com/r/Malware/comments/12zz7x6/threat_actor_selling_new_atomic_macos_amos/
Palantir Demos AI to Fight Wars But Says It Will Be Totally Ethical Don’t Worry About It
https://www.vice.com/en_us/article/qjvb4x/palantir-demos-ai-to-fight-wars-but-says-it-will-be-totally-ethical-dont-worry-about-it
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Cyber Risk Quantification, Level 6 Cybersecurity, & Intel Briefing
In this episode of the Retail & Hospitality ISAC podcast, host Luke Vander Linden is joined by Cam Sabatini, senior analyst of information security, planning, and architecture at Abercrombie & Fitch Co., and Kristen Dalton, director of strategic cyber engagement…
Top Security News for 28/04/2023
Android greybox fuzzing with AFL++ Frida mode
https://www.reddit.com/r/netsec/comments/130uxye/android_greybox_fuzzing_with_afl_frida_mode/
User impersonation via stolen UUID code in KeyCloak (CVE-2023-0264)
https://www.reddit.com/r/netsec/comments/130km04/user_impersonation_via_stolen_uuid_code_in/
RTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts
https://thehackernews.com/2023/04/rtm-lockers-first-linux-ransomware.html
Zero Trust Data Security: It’s Time To Make the Shift
https://securityintelligence.com/articles/zero-trust-data-security-time-to-shift/
ISC StormCast for Friday, April 28th, 2023
https://isc.sans.edu/podcastdetail.html?id=8474
API and application attacks rising: Akamai.
https://thecyberwire.com
ISC Stormcast For Friday, April 28th, 2023 https://isc.sans.edu/podcastdetail.html?id=8474, (Fri, Apr 28th)
https://isc.sans.edu/diary/rss/29786
Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware
https://thehackernews.com/2023/04/microsoft-confirms-papercut-servers.html
Why you should practice rollbacks to prevent data loss in a ransomware attack
https://www.microsoft.com/en-us/security/blog/2023/04/27/why-you-should-practice-rollbacks-to-prevent-data-loss-in-a-ransomware-attack/
Smash PostScript Interpreters Using a Syntax-Aware Fuzzer
https://www.reddit.com/r/netsec/comments/130fg5s/smash_postscript_interpreters_using_a_syntaxaware/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Android greybox fuzzing with AFL++ Frida mode
https://www.reddit.com/r/netsec/comments/130uxye/android_greybox_fuzzing_with_afl_frida_mode/
User impersonation via stolen UUID code in KeyCloak (CVE-2023-0264)
https://www.reddit.com/r/netsec/comments/130km04/user_impersonation_via_stolen_uuid_code_in/
RTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts
https://thehackernews.com/2023/04/rtm-lockers-first-linux-ransomware.html
Zero Trust Data Security: It’s Time To Make the Shift
https://securityintelligence.com/articles/zero-trust-data-security-time-to-shift/
ISC StormCast for Friday, April 28th, 2023
https://isc.sans.edu/podcastdetail.html?id=8474
API and application attacks rising: Akamai.
https://thecyberwire.com
ISC Stormcast For Friday, April 28th, 2023 https://isc.sans.edu/podcastdetail.html?id=8474, (Fri, Apr 28th)
https://isc.sans.edu/diary/rss/29786
Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware
https://thehackernews.com/2023/04/microsoft-confirms-papercut-servers.html
Why you should practice rollbacks to prevent data loss in a ransomware attack
https://www.microsoft.com/en-us/security/blog/2023/04/27/why-you-should-practice-rollbacks-to-prevent-data-loss-in-a-ransomware-attack/
Smash PostScript Interpreters Using a Syntax-Aware Fuzzer
https://www.reddit.com/r/netsec/comments/130fg5s/smash_postscript_interpreters_using_a_syntaxaware/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
r/netsec on Reddit: Android greybox fuzzing with AFL++ Frida mode
Posted by u/jeandrew - 7 votes and no comments
👍1
Top Security News for 29/04/2023
Why Your Detection-First Security Approach Isn't Working
https://thehackernews.com/2023/04/why-your-detection-first-security.html
CVE-2022-37955: Vulnerability in Microsoft Windows Group Policy Updates Leads to Improper Link Resolution Before File Access (Privilege Escalation CWE-59)
https://www.reddit.com/r/netsec/comments/131mes1/cve202237955_vulnerability_in_microsoft_windows/
Attacks On PaperCut Servers Tied To Ransomware Groups
https://packetstormsecurity.com/news/view/34561/Attacks-On-PaperCut-Servers-Tied-To-Ransomware-Groups.html
Chinese Alloy Taurus Updates PingPull Malware
https://www.reddit.com/r/netsec/comments/131qxn8/chinese_alloy_taurus_updates_pingpull_malware/
What’s now being traded in the C2C markets. CISA would like comments on its software self-attestation form. And in Russia’s hybrid war, are there cyber war crimes, or real hacktivists?
https://thecyberwire.com/podcasts/daily-podcast/1812/notes
State of DNS Rebinding in 2023
https://www.reddit.com/r/netsec/comments/132ewi3/state_of_dns_rebinding_in_2023/
The UN's new cybercrime treaty raises human rights concerns. How China's new counter-espionage law could impact cyber business.
https://thecyberwire.com/newsletters/policy-briefing/5/82
CISA Warns of Critical Flaws in Illumina's DNA Sequencing Instruments
https://thehackernews.com/2023/04/cisa-warns-of-critical-flaws-in.html
LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities
https://www.malwarebytes.com/blog/news/2023/04/lockbit-and-cl0p-are-actively-exploiting-papercut-vulnerabilities
Breach roundup. Hackers steal more than hearts.
https://thecyberwire.com/podcasts/privacy-briefing/517/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Why Your Detection-First Security Approach Isn't Working
https://thehackernews.com/2023/04/why-your-detection-first-security.html
CVE-2022-37955: Vulnerability in Microsoft Windows Group Policy Updates Leads to Improper Link Resolution Before File Access (Privilege Escalation CWE-59)
https://www.reddit.com/r/netsec/comments/131mes1/cve202237955_vulnerability_in_microsoft_windows/
Attacks On PaperCut Servers Tied To Ransomware Groups
https://packetstormsecurity.com/news/view/34561/Attacks-On-PaperCut-Servers-Tied-To-Ransomware-Groups.html
Chinese Alloy Taurus Updates PingPull Malware
https://www.reddit.com/r/netsec/comments/131qxn8/chinese_alloy_taurus_updates_pingpull_malware/
What’s now being traded in the C2C markets. CISA would like comments on its software self-attestation form. And in Russia’s hybrid war, are there cyber war crimes, or real hacktivists?
https://thecyberwire.com/podcasts/daily-podcast/1812/notes
State of DNS Rebinding in 2023
https://www.reddit.com/r/netsec/comments/132ewi3/state_of_dns_rebinding_in_2023/
The UN's new cybercrime treaty raises human rights concerns. How China's new counter-espionage law could impact cyber business.
https://thecyberwire.com/newsletters/policy-briefing/5/82
CISA Warns of Critical Flaws in Illumina's DNA Sequencing Instruments
https://thehackernews.com/2023/04/cisa-warns-of-critical-flaws-in.html
LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities
https://www.malwarebytes.com/blog/news/2023/04/lockbit-and-cl0p-are-actively-exploiting-papercut-vulnerabilities
Breach roundup. Hackers steal more than hearts.
https://thecyberwire.com/podcasts/privacy-briefing/517/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
r/netsec on Reddit: CVE-2022-37955: Vulnerability in Microsoft Windows Group Policy Updates Leads to Improper Link Resolution Before…
Posted by u/usdAG - 16 votes and 2 comments
Top Security News for 01/05/2023
ISC StormCast for Monday, May 1st, 2023
https://isc.sans.edu/podcastdetail.html?id=8476
Update: zipdump.py Version 0.0.25
https://malware.news/t/update-zipdump-py-version-0-0-25/69074#post_1
Cybersecurity in space: not as far out as you’d think.
https://thecyberwire.com/stories/b4e997c1d2364e1180242df611d9c2a7/cybersecurity-in-space-not-as-far-out-as-youd-think
ISC Stormcast For Monday, May 1st, 2023 https://isc.sans.edu/podcastdetail.html?id=8476, (Mon, May 1st)
https://isc.sans.edu/diary/rss/29796
Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition
https://securityaffairs.com/145479/breaking-news/security-affairs-newsletter-round-417.html
Elastic Security Labs discovers the LOBSHOT malware
https://www.reddit.com/r/Malware/comments/133nj1u/elastic_security_labs_discovers_the_lobshot/
Perry Carpenter: Turning composition into computing. [Strategy]
https://thecyberwire.com/podcasts/career-notes/147/notes
SANS.edu Research Journal Volume 3 Released into the Wild. https://www.sans.edu/cyber-security-research @sans_edu #cybersecurity #research, (Sun, Apr 30th)
https://malware.news/t/sans-edu-research-journal-volume-3-released-into-the-wild-https-www-sans-edu-cyber-security-research-x40-sans-x5f-edu-cybersecurity-research-sun-apr-30th/69076#post_1
Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!
https://www.reddit.com/r/netsec/comments/133s5h6/sharing_a_tool_i_developed_to_help_blue_teamers/
Crooks broke into AT&T email accounts to empty their cryptocurrency wallets
https://securityaffairs.com/145508/hacking/att-email-accounts-hacked.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
ISC StormCast for Monday, May 1st, 2023
https://isc.sans.edu/podcastdetail.html?id=8476
Update: zipdump.py Version 0.0.25
https://malware.news/t/update-zipdump-py-version-0-0-25/69074#post_1
Cybersecurity in space: not as far out as you’d think.
https://thecyberwire.com/stories/b4e997c1d2364e1180242df611d9c2a7/cybersecurity-in-space-not-as-far-out-as-youd-think
ISC Stormcast For Monday, May 1st, 2023 https://isc.sans.edu/podcastdetail.html?id=8476, (Mon, May 1st)
https://isc.sans.edu/diary/rss/29796
Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition
https://securityaffairs.com/145479/breaking-news/security-affairs-newsletter-round-417.html
Elastic Security Labs discovers the LOBSHOT malware
https://www.reddit.com/r/Malware/comments/133nj1u/elastic_security_labs_discovers_the_lobshot/
Perry Carpenter: Turning composition into computing. [Strategy]
https://thecyberwire.com/podcasts/career-notes/147/notes
SANS.edu Research Journal Volume 3 Released into the Wild. https://www.sans.edu/cyber-security-research @sans_edu #cybersecurity #research, (Sun, Apr 30th)
https://malware.news/t/sans-edu-research-journal-volume-3-released-into-the-wild-https-www-sans-edu-cyber-security-research-x40-sans-x5f-edu-cybersecurity-research-sun-apr-30th/69076#post_1
Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!
https://www.reddit.com/r/netsec/comments/133s5h6/sharing_a_tool_i_developed_to_help_blue_teamers/
Crooks broke into AT&T email accounts to empty their cryptocurrency wallets
https://securityaffairs.com/145508/hacking/att-email-accounts-hacked.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
ISC StormCast for Monday, May 1st, 2023 - SANS ISC
Top Security News for 02/05/2023
Azure DevOps CICD Pipelines - Command Injection with Parameters, Variables and a discussion on Runner hijacking
https://www.reddit.com/r/netsec/comments/134gv4v/azure_devops_cicd_pipelines_command_injection/
Is misinformation the newest malware?
https://www.csoonline.com/article/3695014/is-misinformation-the-newest-malware.html#tk.rss_all
APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails
https://thehackernews.com/2023/05/apt28-targets-ukrainian-government.html
A week in security (April 24 -30)
https://malware.news/t/a-week-in-security-april-24-30/69096#post_1
Ukraine Is Now Using Steam Decks to Control Machine Gun Turrets
https://www.vice.com/en_us/article/5d9g9z/ukraine-is-now-using-steam-decks-to-control-machine-gun-turrets
1st May – Threat Intelligence Report
https://malware.news/t/1st-may-threat-intelligence-report/69098#post_1
The hidden security risks in tech layoffs and how to mitigate them
https://www.csoonline.com/article/3695070/the-hidden-security-risks-in-tech-layoffs-and-how-to-mitigate-them.html#tk.rss_all
Get in the game for your next leadership opportunity.
https://thecyberwire.com/stories/d974309ec4264b5f9c79711cc64459a4/get-in-the-game-for-your-next-leadership-opportunity
What does ChatGPT know about phishing?
https://securelist.com/chatgpt-anti-phishing/109590/
FDA warns of biomed device vulnerability. Ransomware's effects continue at US Marshals Service fugitive tracking. US DoJ shifts to disruption of cybercrime. GRU phishing. KillNet’s ask-me-anything.
https://thecyberwire.com/podcasts/daily-podcast/1813/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Azure DevOps CICD Pipelines - Command Injection with Parameters, Variables and a discussion on Runner hijacking
https://www.reddit.com/r/netsec/comments/134gv4v/azure_devops_cicd_pipelines_command_injection/
Is misinformation the newest malware?
https://www.csoonline.com/article/3695014/is-misinformation-the-newest-malware.html#tk.rss_all
APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails
https://thehackernews.com/2023/05/apt28-targets-ukrainian-government.html
A week in security (April 24 -30)
https://malware.news/t/a-week-in-security-april-24-30/69096#post_1
Ukraine Is Now Using Steam Decks to Control Machine Gun Turrets
https://www.vice.com/en_us/article/5d9g9z/ukraine-is-now-using-steam-decks-to-control-machine-gun-turrets
1st May – Threat Intelligence Report
https://malware.news/t/1st-may-threat-intelligence-report/69098#post_1
The hidden security risks in tech layoffs and how to mitigate them
https://www.csoonline.com/article/3695070/the-hidden-security-risks-in-tech-layoffs-and-how-to-mitigate-them.html#tk.rss_all
Get in the game for your next leadership opportunity.
https://thecyberwire.com/stories/d974309ec4264b5f9c79711cc64459a4/get-in-the-game-for-your-next-leadership-opportunity
What does ChatGPT know about phishing?
https://securelist.com/chatgpt-anti-phishing/109590/
FDA warns of biomed device vulnerability. Ransomware's effects continue at US Marshals Service fugitive tracking. US DoJ shifts to disruption of cybercrime. GRU phishing. KillNet’s ask-me-anything.
https://thecyberwire.com/podcasts/daily-podcast/1813/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Azure DevOps CICD Pipelines - Command Injection with Parameters, Variables and a discussion…
Posted by MysteriousHotel3017 - 103 votes and 5 comments
Top Security News for 03/05/2023
ISC Stormcast For Wednesday, May 3rd, 2023 https://isc.sans.edu/podcastdetail.html?id=8480, (Wed, May 3rd)
https://malware.news/t/isc-stormcast-for-wednesday-may-3rd-2023-https-isc-sans-edu-podcastdetail-html-id-8480-wed-may-3rd/69130#post_1
Ransomware recovery still underway at US Marshals Service
https://malware.news/t/ransomware-recovery-still-underway-at-us-marshals-service/69136#post_1
Rationalizing Your Hybrid Cloud Security Tools
https://securityintelligence.com/posts/rationalizing-your-hybrid-cloud-security-tools/
Veza releases access security, governance solution for SaaS applications
https://www.csoonline.com/article/3694897/veza-releases-access-security-governance-solution-for-saas-applications.html#tk.rss_all
Three Thoughts On The OT Security Workforce
https://dale-peterson.com/2023/05/02/three-thoughts-on-ot-security-workforce/?utm_source=rss&utm_medium=rss&utm_campaign=three-thoughts-on-ot-security-workforce
Windows devices under attack from novel LOBSHOT malware
https://malware.news/t/windows-devices-under-attack-from-novel-lobshot-malware/69131#post_1
Databricks platform root privilege escalation and bypassing cluster isolation
https://www.reddit.com/r/netsec/comments/135kulv/databricks_platform_root_privilege_escalation_and/
Over 500K devices compromised in malverposting campaign
https://malware.news/t/over-500k-devices-compromised-in-malverposting-campaign/69135#post_1
North Korea's ScarCruft Deploys RokRAT Malware via LNK File Infection Chains
https://thehackernews.com/2023/05/north-koreas-scarcruft-deploys-rokrat.html
NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/02-05-2023
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
ISC Stormcast For Wednesday, May 3rd, 2023 https://isc.sans.edu/podcastdetail.html?id=8480, (Wed, May 3rd)
https://malware.news/t/isc-stormcast-for-wednesday-may-3rd-2023-https-isc-sans-edu-podcastdetail-html-id-8480-wed-may-3rd/69130#post_1
Ransomware recovery still underway at US Marshals Service
https://malware.news/t/ransomware-recovery-still-underway-at-us-marshals-service/69136#post_1
Rationalizing Your Hybrid Cloud Security Tools
https://securityintelligence.com/posts/rationalizing-your-hybrid-cloud-security-tools/
Veza releases access security, governance solution for SaaS applications
https://www.csoonline.com/article/3694897/veza-releases-access-security-governance-solution-for-saas-applications.html#tk.rss_all
Three Thoughts On The OT Security Workforce
https://dale-peterson.com/2023/05/02/three-thoughts-on-ot-security-workforce/?utm_source=rss&utm_medium=rss&utm_campaign=three-thoughts-on-ot-security-workforce
Windows devices under attack from novel LOBSHOT malware
https://malware.news/t/windows-devices-under-attack-from-novel-lobshot-malware/69131#post_1
Databricks platform root privilege escalation and bypassing cluster isolation
https://www.reddit.com/r/netsec/comments/135kulv/databricks_platform_root_privilege_escalation_and/
Over 500K devices compromised in malverposting campaign
https://malware.news/t/over-500k-devices-compromised-in-malverposting-campaign/69135#post_1
North Korea's ScarCruft Deploys RokRAT Malware via LNK File Infection Chains
https://thehackernews.com/2023/05/north-koreas-scarcruft-deploys-rokrat.html
NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/02-05-2023
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
ISC StormCast for Wednesday, May 3rd, 2023 - SANS ISC
Top Security News for 04/05/2023
The AI message at RSAC was long on hype and short on specifics
https://malware.news/t/the-ai-message-at-rsac-was-long-on-hype-and-short-on-specifics/69196#post_1
Reverse engineering tricks: identifying opaque network protocols
https://www.reddit.com/r/netsec/comments/136n7bg/reverse_engineering_tricks_identifying_opaque/
Operation SpecTor: $53.4 Million Seized, 288 Vendors Arrested in Dark Web Drug Bust
https://thehackernews.com/2023/05/operation-spector-534-million-seized.html
Infostealer Embedded in a Word Document, (Thu, May 4th)
https://malware.news/t/infostealer-embedded-in-a-word-document-thu-may-4th/69197#post_1
Google rolls out passkey support across accounts on all major platforms
https://www.csoonline.com/article/3695173/google-rolls-out-passkey-support-across-accounts-on-all-major-platforms.html#tk.rss_all
GPT-4 Can’t Replace Striking TV Writers, But Studios Are Going to Try
https://www.vice.com/en_us/article/pkap3m/gpt-4-cant-replace-striking-tv-writers-but-studios-are-going-to-try
Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report
https://www.microsoft.com/en-us/security/blog/2023/05/03/forrester-names-microsoft-a-leader-in-2023-infrastructure-as-a-service-platform-native-security-report/
Vulnerability Spotlight: Vulnerabilities in IBM AIX could lead to command injection with elevated privileges
https://www.reddit.com/r/netsec/comments/136qw54/vulnerability_spotlight_vulnerabilities_in_ibm/
Your approach to efficient security compliance.
https://thecyberwire.com/podcasts/caveat/170/notes
Create slackbot using slack bolt API and Node.js
https://malware.news/t/create-slackbot-using-slack-bolt-api-and-node-js/69195#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The AI message at RSAC was long on hype and short on specifics
https://malware.news/t/the-ai-message-at-rsac-was-long-on-hype-and-short-on-specifics/69196#post_1
Reverse engineering tricks: identifying opaque network protocols
https://www.reddit.com/r/netsec/comments/136n7bg/reverse_engineering_tricks_identifying_opaque/
Operation SpecTor: $53.4 Million Seized, 288 Vendors Arrested in Dark Web Drug Bust
https://thehackernews.com/2023/05/operation-spector-534-million-seized.html
Infostealer Embedded in a Word Document, (Thu, May 4th)
https://malware.news/t/infostealer-embedded-in-a-word-document-thu-may-4th/69197#post_1
Google rolls out passkey support across accounts on all major platforms
https://www.csoonline.com/article/3695173/google-rolls-out-passkey-support-across-accounts-on-all-major-platforms.html#tk.rss_all
GPT-4 Can’t Replace Striking TV Writers, But Studios Are Going to Try
https://www.vice.com/en_us/article/pkap3m/gpt-4-cant-replace-striking-tv-writers-but-studios-are-going-to-try
Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report
https://www.microsoft.com/en-us/security/blog/2023/05/03/forrester-names-microsoft-a-leader-in-2023-infrastructure-as-a-service-platform-native-security-report/
Vulnerability Spotlight: Vulnerabilities in IBM AIX could lead to command injection with elevated privileges
https://www.reddit.com/r/netsec/comments/136qw54/vulnerability_spotlight_vulnerabilities_in_ibm/
Your approach to efficient security compliance.
https://thecyberwire.com/podcasts/caveat/170/notes
Create slackbot using slack bolt API and Node.js
https://malware.news/t/create-slackbot-using-slack-bolt-api-and-node-js/69195#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
The AI message at RSAC was long on hype and short on specifics
Overall, cybersecurity pros who attended RSAC tend to believe they have more to gain from AI than the threat actors – let’s hope that’s true. Article Link: The AI message at RSAC was long on hype and short on specifics | SC Media
Top Security News for 05/05/2023
White House unveils AI rules to address safety and privacy
https://www.computerworld.com/article/3695731/white-house-unveils-ai-rules-to-address-safety-and-privacy.html#tk.rss_all
ISC Stormcast For Friday, May 5th, 2023 https://isc.sans.edu/podcastdetail.html?id=8484, (Fri, May 5th)
https://malware.news/t/isc-stormcast-for-friday-may-5th-2023-https-isc-sans-edu-podcastdetail-html-id-8484-fri-may-5th/69237#post_1
Cisco Warns of Vulnerability in Popular Phone Adapter, Urges Migration to Newer Model
https://thehackernews.com/2023/05/cisco-warns-of-vulnerability-in-popular.html
Introducing SpiderSuite: Advance web security crawler
https://www.reddit.com/r/netsec/comments/137kbsj/introducing_spidersuite_advance_web_security/
How Microsoft can help you go passwordless this World Password Day
https://www.microsoft.com/en-us/security/blog/2023/05/04/how-microsoft-can-help-you-go-passwordless-this-world-password-day/
RansomHouse attack compromises AvidXchange
https://malware.news/t/ransomhouse-attack-compromises-avidxchange/69235#post_1
Not quite an Easter egg: a new family of Trojan subscribers on Google Play
https://securelist.com/fleckpe-a-new-family-of-trojan-subscribers-on-google-play/109643/
Verified Twitter Accounts Spread Misinfo About Imminent Nuclear Strike
https://www.vice.com/en_us/article/wxjd4y/verified-twitter-accounts-spread-misinfo-about-imminent-nuclear-strike
Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service
https://thehackernews.com/2023/05/researchers-discover-3-vulnerabilities.html
ISC Stormcast For Friday, May 5th, 2023 https://isc.sans.edu/podcastdetail.html?id=8484, (Fri, May 5th)
https://isc.sans.edu/diary/rss/29812
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
White House unveils AI rules to address safety and privacy
https://www.computerworld.com/article/3695731/white-house-unveils-ai-rules-to-address-safety-and-privacy.html#tk.rss_all
ISC Stormcast For Friday, May 5th, 2023 https://isc.sans.edu/podcastdetail.html?id=8484, (Fri, May 5th)
https://malware.news/t/isc-stormcast-for-friday-may-5th-2023-https-isc-sans-edu-podcastdetail-html-id-8484-fri-may-5th/69237#post_1
Cisco Warns of Vulnerability in Popular Phone Adapter, Urges Migration to Newer Model
https://thehackernews.com/2023/05/cisco-warns-of-vulnerability-in-popular.html
Introducing SpiderSuite: Advance web security crawler
https://www.reddit.com/r/netsec/comments/137kbsj/introducing_spidersuite_advance_web_security/
How Microsoft can help you go passwordless this World Password Day
https://www.microsoft.com/en-us/security/blog/2023/05/04/how-microsoft-can-help-you-go-passwordless-this-world-password-day/
RansomHouse attack compromises AvidXchange
https://malware.news/t/ransomhouse-attack-compromises-avidxchange/69235#post_1
Not quite an Easter egg: a new family of Trojan subscribers on Google Play
https://securelist.com/fleckpe-a-new-family-of-trojan-subscribers-on-google-play/109643/
Verified Twitter Accounts Spread Misinfo About Imminent Nuclear Strike
https://www.vice.com/en_us/article/wxjd4y/verified-twitter-accounts-spread-misinfo-about-imminent-nuclear-strike
Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service
https://thehackernews.com/2023/05/researchers-discover-3-vulnerabilities.html
ISC Stormcast For Friday, May 5th, 2023 https://isc.sans.edu/podcastdetail.html?id=8484, (Fri, May 5th)
https://isc.sans.edu/diary/rss/29812
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Computerworld
White House unveils AI rules to address safety and privacy
President Biden's rules are not legally binding, but they do offer guidance and begin a conversation at the national level about real and existential threats posed by generative AI technologies such as ChatGPT.
Top Security News for 06/05/2023
BrandPost: Effective Security Relies on Effective Communication
https://www.csoonline.com/article/3695848/effective-security-relies-on-effective-communication.html#tk.rss_all
Why Robot Vacuums Have Cameras (and What to Know About Them)
https://securityintelligence.com/articles/why-robot-vacuums-have-cameras-what-to-know/
Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users
https://malware.news/t/apple-releases-first-rapid-security-response-update-for-ios-ipados-and-macos-users/69270#post_1
Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN
https://thehackernews.com/2023/05/hackers-targeting-italian-corporate.html
New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks
https://thehackernews.com/2023/05/new-vulnerability-in-popular-wordpress.html
Redash SAML Authentication Bypass
https://www.reddit.com/r/netsec/comments/138gg7h/redash_saml_authentication_bypass/
Google launches entry-level cybersecurity certificate to teach threat detection skills
https://www.csoonline.com/article/3695575/google-launches-entry-level-cybersecurity-certificate-to-teach-threat-detection-skills.html#tk.rss_all
N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks
https://thehackernews.com/2023/05/n-korean-kimsuky-hackers-using-new.html
Newspaper evades Russian censors, hides news in Counter-Strike map
https://www.malwarebytes.com/blog/news/2023/05/evading-russian-media-restrictions-with-custom-video-game-maps
Phishing campaign takes the energy out of Chinese nuclear industry.
https://thecyberwire.com/podcasts/research-saturday/280/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
BrandPost: Effective Security Relies on Effective Communication
https://www.csoonline.com/article/3695848/effective-security-relies-on-effective-communication.html#tk.rss_all
Why Robot Vacuums Have Cameras (and What to Know About Them)
https://securityintelligence.com/articles/why-robot-vacuums-have-cameras-what-to-know/
Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users
https://malware.news/t/apple-releases-first-rapid-security-response-update-for-ios-ipados-and-macos-users/69270#post_1
Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN
https://thehackernews.com/2023/05/hackers-targeting-italian-corporate.html
New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks
https://thehackernews.com/2023/05/new-vulnerability-in-popular-wordpress.html
Redash SAML Authentication Bypass
https://www.reddit.com/r/netsec/comments/138gg7h/redash_saml_authentication_bypass/
Google launches entry-level cybersecurity certificate to teach threat detection skills
https://www.csoonline.com/article/3695575/google-launches-entry-level-cybersecurity-certificate-to-teach-threat-detection-skills.html#tk.rss_all
N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks
https://thehackernews.com/2023/05/n-korean-kimsuky-hackers-using-new.html
Newspaper evades Russian censors, hides news in Counter-Strike map
https://www.malwarebytes.com/blog/news/2023/05/evading-russian-media-restrictions-with-custom-video-game-maps
Phishing campaign takes the energy out of Chinese nuclear industry.
https://thecyberwire.com/podcasts/research-saturday/280/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
CSO
Effective Security Relies on Effective Communication
Taking a critical view of information from multiple viewpoints will help generate more comprehensive opinions and increase confidence in any decisions made based on them.
Top Security News for 07/05/2023
Google and Apple cooperate to address unwanted tracking
https://malware.news/t/google-and-apple-cooperate-to-address-unwanted-tracking/69279#post_1
FBI seized other domains used by the shadow eBook library Z-Library
https://securityaffairs.com/145854/cyber-crime/z-library-domains-seized.html
Google and Apple cooperate to address unwanted tracking
https://www.malwarebytes.com/blog/news/2023/05/google-and-apple-take-initiative-to-address-unwanted-tracking
Cookie Bugs - Smuggling & Injection
https://www.reddit.com/r/netsec/comments/139h4hd/cookie_bugs_smuggling_injection/
I created a GitHub repo for learning application security from scratch. It's perfect for beginners and includes a comprehensive list of reference links. But it's not complete yet! Contributors are welcome to add more details.
https://www.reddit.com/r/netsec/comments/139xxiv/i_created_a_github_repo_for_learning_application/
Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot
https://www.reddit.com/r/netsec/comments/139zv0d/dependabot_confusion_gaining_access_to_private/
Twitter confirmed that a security incident publicly exposed Circle tweets
https://securityaffairs.com/145865/social-networks/twitter-circle-security-incident.html
Twitter admits to ‘security incident’ involving Circles tweets
https://www.theguardian.com/technology/2023/may/06/twitter-admits-to-security-incident-involving-circles-tweets
Shelley Ma: The mystery behind cybersecurity. [Response Lead]
https://thecyberwire.com/podcasts/career-notes/148/notes
Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry
https://thehackernews.com/2023/05/dragon-breath-apt-group-using-double.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Google and Apple cooperate to address unwanted tracking
https://malware.news/t/google-and-apple-cooperate-to-address-unwanted-tracking/69279#post_1
FBI seized other domains used by the shadow eBook library Z-Library
https://securityaffairs.com/145854/cyber-crime/z-library-domains-seized.html
Google and Apple cooperate to address unwanted tracking
https://www.malwarebytes.com/blog/news/2023/05/google-and-apple-take-initiative-to-address-unwanted-tracking
Cookie Bugs - Smuggling & Injection
https://www.reddit.com/r/netsec/comments/139h4hd/cookie_bugs_smuggling_injection/
I created a GitHub repo for learning application security from scratch. It's perfect for beginners and includes a comprehensive list of reference links. But it's not complete yet! Contributors are welcome to add more details.
https://www.reddit.com/r/netsec/comments/139xxiv/i_created_a_github_repo_for_learning_application/
Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot
https://www.reddit.com/r/netsec/comments/139zv0d/dependabot_confusion_gaining_access_to_private/
Twitter confirmed that a security incident publicly exposed Circle tweets
https://securityaffairs.com/145865/social-networks/twitter-circle-security-incident.html
Twitter admits to ‘security incident’ involving Circles tweets
https://www.theguardian.com/technology/2023/may/06/twitter-admits-to-security-incident-involving-circles-tweets
Shelley Ma: The mystery behind cybersecurity. [Response Lead]
https://thecyberwire.com/podcasts/career-notes/148/notes
Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry
https://thehackernews.com/2023/05/dragon-breath-apt-group-using-double.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Google and Apple cooperate to address unwanted tracking
Google and Apple have announced that they are looking for input from industry participants and advocacy groups on a draft specification to alert users in the event of suspected unwanted tracking. Samsung, Tile, Chipolo, eufy Security, and Pebblebee have stated…
Top Security News for 08/05/2023
Quickly Finding Encoded Payloads in Office Documents, (Sun, May 7th)
https://malware.news/t/quickly-finding-encoded-payloads-in-office-documents-sun-may-7th/69281#post_1
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
https://thehackernews.com/2023/05/cert-ua-warns-of-smokeloader-and.html
After multiple cleanings with multiple antivirus programs I still get redirected to Bing. Assistance needed!
https://www.reddit.com/r/Malware/comments/13az2kv/after_multiple_cleanings_with_multiple_antivirus/
Cybersecurity teams hampered by economic downturn
https://malware.news/t/cybersecurity-teams-hampered-by-economic-downturn/69280#post_1
Quickly Finding Encoded Payloads in Office Documents, (Sun, May 7th)
https://isc.sans.edu/diary/rss/29818
AhnLab EDR Tracks and Responds against Link File (*.lnk) Distributing RokRAT
https://malware.news/t/ahnlab-edr-tracks-and-responds-against-link-file-lnk-distributing-rokrat/69284#post_1
ISC StormCast for Monday, May 8th, 2023
https://isc.sans.edu/podcastdetail.html?id=8486
ISC Stormcast For Monday, May 8th, 2023 https://isc.sans.edu/podcastdetail.html?id=8486, (Mon, May 8th)
https://isc.sans.edu/diary/rss/29820
ISC Stormcast For Monday, May 8th, 2023 https://isc.sans.edu/podcastdetail.html?id=8486, (Mon, May 8th)
https://malware.news/t/isc-stormcast-for-monday-may-8th-2023-https-isc-sans-edu-podcastdetail-html-id-8486-mon-may-8th/69286#post_1
Three ways to leverage cyberpsychology to prevent attacks
https://malware.news/t/three-ways-to-leverage-cyberpsychology-to-prevent-attacks/69287#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Quickly Finding Encoded Payloads in Office Documents, (Sun, May 7th)
https://malware.news/t/quickly-finding-encoded-payloads-in-office-documents-sun-may-7th/69281#post_1
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
https://thehackernews.com/2023/05/cert-ua-warns-of-smokeloader-and.html
After multiple cleanings with multiple antivirus programs I still get redirected to Bing. Assistance needed!
https://www.reddit.com/r/Malware/comments/13az2kv/after_multiple_cleanings_with_multiple_antivirus/
Cybersecurity teams hampered by economic downturn
https://malware.news/t/cybersecurity-teams-hampered-by-economic-downturn/69280#post_1
Quickly Finding Encoded Payloads in Office Documents, (Sun, May 7th)
https://isc.sans.edu/diary/rss/29818
AhnLab EDR Tracks and Responds against Link File (*.lnk) Distributing RokRAT
https://malware.news/t/ahnlab-edr-tracks-and-responds-against-link-file-lnk-distributing-rokrat/69284#post_1
ISC StormCast for Monday, May 8th, 2023
https://isc.sans.edu/podcastdetail.html?id=8486
ISC Stormcast For Monday, May 8th, 2023 https://isc.sans.edu/podcastdetail.html?id=8486, (Mon, May 8th)
https://isc.sans.edu/diary/rss/29820
ISC Stormcast For Monday, May 8th, 2023 https://isc.sans.edu/podcastdetail.html?id=8486, (Mon, May 8th)
https://malware.news/t/isc-stormcast-for-monday-may-8th-2023-https-isc-sans-edu-podcastdetail-html-id-8486-mon-may-8th/69286#post_1
Three ways to leverage cyberpsychology to prevent attacks
https://malware.news/t/three-ways-to-leverage-cyberpsychology-to-prevent-attacks/69287#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Quickly Finding Encoded Payloads in Office Documents, (Sun, May 7th)
Malicious documents like this RevengeRAT ppam file found on MalwareBazaar contain VBA code that you can analyze with oledump.py. Article Link: https://isc.sans.edu/diary/rss/29818
Top Security News for 10/05/2023
ISC Stormcast For Wednesday, May 10th, 2023 https://isc.sans.edu/podcastdetail.html?id=8490, (Wed, May 10th)
https://isc.sans.edu/diary/rss/29830
NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/09-05-2023
Malwarebytes releases Mobile Security for OneView to secure Chromebooks, Android, iOS devices
https://www.csoonline.com/article/3695774/malwarebytes-releases-mobile-security-for-oneview-to-secure-chromebooks-android-ios-devices.html#tk.rss_all
U.S. Authorities Seize 13 Domains Offering Criminal DDoS-for-Hire Services
https://thehackernews.com/2023/05/us-authorities-seize-13-domains.html
Passwordless authentication gaining traction among IT leaders
https://malware.news/t/passwordless-authentication-gaining-traction-among-it-leaders/69388#post_1
Ransomware attack on MSI led to compromised Intel Boot Guard private keys
https://www.malwarebytes.com/blog/news/2023/05/ransomware-attack-on-msi-led-to-compromised-intel-boot-guard-private-keys
Unwarranted Confidence On Mount Stupid
https://dale-peterson.com/2023/05/09/unwarranted-confidence-on-mount-stupid/?utm_source=rss&utm_medium=rss&utm_campaign=unwarranted-confidence-on-mount-stupid
Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet
https://securityaffairs.com/145980/cyber-crime/andoryubot-ddos-botnet.html
Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug
https://thehackernews.com/2023/05/microsofts-may-patch-tuesday-fixes-38.html
Is Your Cybersecurity “Too” Good?
https://securityintelligence.com/articles/is-your-cybersecurity-too-good/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
ISC Stormcast For Wednesday, May 10th, 2023 https://isc.sans.edu/podcastdetail.html?id=8490, (Wed, May 10th)
https://isc.sans.edu/diary/rss/29830
NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/09-05-2023
Malwarebytes releases Mobile Security for OneView to secure Chromebooks, Android, iOS devices
https://www.csoonline.com/article/3695774/malwarebytes-releases-mobile-security-for-oneview-to-secure-chromebooks-android-ios-devices.html#tk.rss_all
U.S. Authorities Seize 13 Domains Offering Criminal DDoS-for-Hire Services
https://thehackernews.com/2023/05/us-authorities-seize-13-domains.html
Passwordless authentication gaining traction among IT leaders
https://malware.news/t/passwordless-authentication-gaining-traction-among-it-leaders/69388#post_1
Ransomware attack on MSI led to compromised Intel Boot Guard private keys
https://www.malwarebytes.com/blog/news/2023/05/ransomware-attack-on-msi-led-to-compromised-intel-boot-guard-private-keys
Unwarranted Confidence On Mount Stupid
https://dale-peterson.com/2023/05/09/unwarranted-confidence-on-mount-stupid/?utm_source=rss&utm_medium=rss&utm_campaign=unwarranted-confidence-on-mount-stupid
Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet
https://securityaffairs.com/145980/cyber-crime/andoryubot-ddos-botnet.html
Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug
https://thehackernews.com/2023/05/microsofts-may-patch-tuesday-fixes-38.html
Is Your Cybersecurity “Too” Good?
https://securityintelligence.com/articles/is-your-cybersecurity-too-good/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
ISC StormCast for Wednesday, May 10th, 2023 - SANS ISC
Top Security News for 11/05/2023
IBM unveils end-to-end, quantum-safe tools to secure business, government data
https://www.csoonline.com/article/3695538/ibm-unveils-end-to-end-quantum-safe-tools-to-secure-business-government-data.html#tk.rss_all
Google Announces New Privacy, Safety, and Security Features Across Its Services
https://thehackernews.com/2023/05/google-announces-new-privacy-safety-and.html
Latest Developments in Unblob (Firmware Extraction Tool)
https://www.reddit.com/r/netsec/comments/13disgk/latest_developments_in_unblob_firmware_extraction/
Shareholder Arrested After Ranting at Warren Buffet for His Contributions to 'Woke Culture'
https://www.vice.com/en_us/article/ak3vp5/shareholder-arrested-after-ranting-at-warren-buffet-for-his-contributions-to-woke-culture
Stockfish, a very popular chess engine, has a buffer overflow vulnerability due to unsanatized input
https://www.reddit.com/r/netsec/comments/13dod03/stockfish_a_very_popular_chess_engine_has_a/
Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users
https://thehackernews.com/2023/05/twitter-finally-rolling-out-encrypted.html
Dell pushes security, devops integration in storage updates
https://www.networkworld.com/article/3696269/dell-pushes-security-devops-integration-in-storage-updates.html#tk.rss_all
Navigating mobile malware trends: Crucial insights and predictions for MSPs
https://www.malwarebytes.com/blog/business/2023/05/navigating-mobile-malware-trends-crucial-insights-and-predictions-for-msps
GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets
https://thehackernews.com/2023/05/github-extends-push-protection-to.html
Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft
https://thehackernews.com/2023/05/experts-detail-new-zero-click-windows.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
IBM unveils end-to-end, quantum-safe tools to secure business, government data
https://www.csoonline.com/article/3695538/ibm-unveils-end-to-end-quantum-safe-tools-to-secure-business-government-data.html#tk.rss_all
Google Announces New Privacy, Safety, and Security Features Across Its Services
https://thehackernews.com/2023/05/google-announces-new-privacy-safety-and.html
Latest Developments in Unblob (Firmware Extraction Tool)
https://www.reddit.com/r/netsec/comments/13disgk/latest_developments_in_unblob_firmware_extraction/
Shareholder Arrested After Ranting at Warren Buffet for His Contributions to 'Woke Culture'
https://www.vice.com/en_us/article/ak3vp5/shareholder-arrested-after-ranting-at-warren-buffet-for-his-contributions-to-woke-culture
Stockfish, a very popular chess engine, has a buffer overflow vulnerability due to unsanatized input
https://www.reddit.com/r/netsec/comments/13dod03/stockfish_a_very_popular_chess_engine_has_a/
Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users
https://thehackernews.com/2023/05/twitter-finally-rolling-out-encrypted.html
Dell pushes security, devops integration in storage updates
https://www.networkworld.com/article/3696269/dell-pushes-security-devops-integration-in-storage-updates.html#tk.rss_all
Navigating mobile malware trends: Crucial insights and predictions for MSPs
https://www.malwarebytes.com/blog/business/2023/05/navigating-mobile-malware-trends-crucial-insights-and-predictions-for-msps
GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets
https://thehackernews.com/2023/05/github-extends-push-protection-to.html
Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft
https://thehackernews.com/2023/05/experts-detail-new-zero-click-windows.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
CSO
IBM unveils end-to-end, quantum-safe tools to secure business, government data
Quantum Safe Technology combines expertise across cryptography and critical infrastructure to address the future security risks posed by quantum computing.
Top Security News for 12/05/2023
Ransomware and social engineering trends. Expired certificate addressed. Ransomware groups target schools. Cyber updates in the hybrid war.
https://thecyberwire.com/podcasts/daily-podcast/1821/notes
Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems
https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
New ransomware trends in 2023
https://securelist.com/new-ransomware-trends-in-2023/109660/
New DownEx malware campaign targets Central Asia
https://www.csoonline.com/article/3696429/new-downex-malware-campaign-targets-central-asia.html#tk.rss_all
Open Operational Technology Testing Guide (OOTTG)
https://www.reddit.com/r/netsec/comments/13ehg4d/open_operational_technology_testing_guide_oottg/
Volcanoes, resources, and living space in the world island. Bypassing censorship. Victory Day reviewed. Not disinformation, but persuasion.
https://thecyberwire.com/newsletters/disinformation-briefing/5/19
Healthcare cyberattacks cited in call to renew pandemic preparedness law
https://malware.news/t/healthcare-cyberattacks-cited-in-call-to-renew-pandemic-preparedness-law/69460#post_1
VOLUME 39 OF THE HACKER DIGEST RELEASED
https://www.2600.com/content/volume-39-hacker-digest-released
On Ashton Kutcher and Secure Multi-Party Computation
https://www.reddit.com/r/netsec/comments/13ett6a/on_ashton_kutcher_and_secure_multiparty/
ISC StormCast for Friday, May 12th, 2023
https://isc.sans.edu/podcastdetail/8494
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Ransomware and social engineering trends. Expired certificate addressed. Ransomware groups target schools. Cyber updates in the hybrid war.
https://thecyberwire.com/podcasts/daily-podcast/1821/notes
Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems
https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
New ransomware trends in 2023
https://securelist.com/new-ransomware-trends-in-2023/109660/
New DownEx malware campaign targets Central Asia
https://www.csoonline.com/article/3696429/new-downex-malware-campaign-targets-central-asia.html#tk.rss_all
Open Operational Technology Testing Guide (OOTTG)
https://www.reddit.com/r/netsec/comments/13ehg4d/open_operational_technology_testing_guide_oottg/
Volcanoes, resources, and living space in the world island. Bypassing censorship. Victory Day reviewed. Not disinformation, but persuasion.
https://thecyberwire.com/newsletters/disinformation-briefing/5/19
Healthcare cyberattacks cited in call to renew pandemic preparedness law
https://malware.news/t/healthcare-cyberattacks-cited-in-call-to-renew-pandemic-preparedness-law/69460#post_1
VOLUME 39 OF THE HACKER DIGEST RELEASED
https://www.2600.com/content/volume-39-hacker-digest-released
On Ashton Kutcher and Secure Multi-Party Computation
https://www.reddit.com/r/netsec/comments/13ett6a/on_ashton_kutcher_and_secure_multiparty/
ISC StormCast for Friday, May 12th, 2023
https://isc.sans.edu/podcastdetail/8494
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Ransomware and social engineering trends. Expired certificate addressed. Ransomware groups target schools. Cyber updates in the…
A Ransomware report highlights targeting and classification. Phishing remains a major threat. Cisco addresses an expired certificate issue. LockBit and Medusa hit school districts with ransomware. US and Canadian cyber units wrap up a hunt-forward mission…
Top Security News for 14/05/2023
All roads lead back to Wuhan… Xiaoruizhi Science and Technology Company
https://malware.news/t/all-roads-lead-back-to-wuhan-xiaoruizhi-science-and-technology-company/69505#post_1
Personal info of 90k hikers leaked by French tourism company La Malle Postale
https://securityaffairs.com/146191/data-breach/personal-info-of-90k-hikers-leaked-by-french-tourism-company-la-malle-postale.html
Crypter .Net/Native
https://0x00sec.org/t/crypter-net-native/35035
First Look: Ghidra 10.3 Emulator
https://www.reddit.com/r/netsec/comments/13gnfat/first_look_ghidra_103_emulator/
Intel Issues New CPU Microcode Going Back To Gen8 For New, Undisclosed Security Updates
https://www.reddit.com/r/netsec/comments/13ghgpr/intel_issues_new_cpu_microcode_going_back_to_gen8/
Data of more than 2M Toyota customers exposed in ten years-long data breach
https://securityaffairs.com/146178/data-breach/toyota-10-years-data-breach.html
Google adds unwanted tracker detection to Find My Device network
https://www.malwarebytes.com/blog/news/2023/05/google-adds-unwanted-tracker-detection-to-find-my-device-network
Steve Benton: Mixing like a DJ. [VP]
https://thecyberwire.com/podcasts/career-notes/149/notes
Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol
https://securityaffairs.com/146166/malware/checkmate-ransomware-file-sharing.html
Anonymous Sudan Targets Israeli Citizens, Leaks Info-stealers Data
https://www.reddit.com/r/Malware/comments/13gh2og/anonymous_sudan_targets_israeli_citizens_leaks/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
All roads lead back to Wuhan… Xiaoruizhi Science and Technology Company
https://malware.news/t/all-roads-lead-back-to-wuhan-xiaoruizhi-science-and-technology-company/69505#post_1
Personal info of 90k hikers leaked by French tourism company La Malle Postale
https://securityaffairs.com/146191/data-breach/personal-info-of-90k-hikers-leaked-by-french-tourism-company-la-malle-postale.html
Crypter .Net/Native
https://0x00sec.org/t/crypter-net-native/35035
First Look: Ghidra 10.3 Emulator
https://www.reddit.com/r/netsec/comments/13gnfat/first_look_ghidra_103_emulator/
Intel Issues New CPU Microcode Going Back To Gen8 For New, Undisclosed Security Updates
https://www.reddit.com/r/netsec/comments/13ghgpr/intel_issues_new_cpu_microcode_going_back_to_gen8/
Data of more than 2M Toyota customers exposed in ten years-long data breach
https://securityaffairs.com/146178/data-breach/toyota-10-years-data-breach.html
Google adds unwanted tracker detection to Find My Device network
https://www.malwarebytes.com/blog/news/2023/05/google-adds-unwanted-tracker-detection-to-find-my-device-network
Steve Benton: Mixing like a DJ. [VP]
https://thecyberwire.com/podcasts/career-notes/149/notes
Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol
https://securityaffairs.com/146166/malware/checkmate-ransomware-file-sharing.html
Anonymous Sudan Targets Israeli Citizens, Leaks Info-stealers Data
https://www.reddit.com/r/Malware/comments/13gh2og/anonymous_sudan_targets_israeli_citizens_leaks/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
All roads lead back to Wuhan… Xiaoruizhi Science and Technology Company
As our readers know from our investigation into Hainan Xiandun Technology Development Company, the Intrusion Truth team have become quite adept at spotting a fishy front company when we see one. Typically, these are ‘companies’ with a generic-sounding ‘technology’…
Top Security News for 15/05/2023
Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition
https://securityaffairs.com/146195/breaking-news/security-affairs-newsletter-round-419.html
LokiLocker, a Ransomware Similar to BlackBit Being Distributed in Korea
https://malware.news/t/lokilocker-a-ransomware-similar-to-blackbit-being-distributed-in-korea/69511#post_1
Having trouble with evilginx2, need help
https://0x00sec.org/t/having-trouble-with-evilginx2-need-help/35055
The latest variant of the RapperBot botnet adds cryptojacking capabilities
https://securityaffairs.com/146207/malware/rapperbot-botnet-adds-cryptojacking.html
Dynamic debugging of Dot Net without source code
https://www.reddit.com/r/netsec/comments/13hpnpg/dynamic_debugging_of_dot_net_without_source_code/
VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue, (Sun, May 14th)
https://isc.sans.edu/diary/rss/29842
VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue, (Sun, May 14th)
https://malware.news/t/vmware-aria-operations-addresses-multiple-local-privilege-escalations-and-a-deserialization-issue-sun-may-14th/69506#post_1
ISC Stormcast For Monday, May 15th, 2023 https://isc.sans.edu/podcastdetail/8496, (Mon, May 15th)
https://isc.sans.edu/diary/rss/29846
Flare-on 2022 - darn_mice - Solving 4th challenge
https://malware.news/t/flare-on-2022-darn-mice-solving-4th-challenge/69508#post_1
Capita warns customers to assume that their data was stolen
https://securityaffairs.com/146200/data-breach/capita-warns-customers.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition
https://securityaffairs.com/146195/breaking-news/security-affairs-newsletter-round-419.html
LokiLocker, a Ransomware Similar to BlackBit Being Distributed in Korea
https://malware.news/t/lokilocker-a-ransomware-similar-to-blackbit-being-distributed-in-korea/69511#post_1
Having trouble with evilginx2, need help
https://0x00sec.org/t/having-trouble-with-evilginx2-need-help/35055
The latest variant of the RapperBot botnet adds cryptojacking capabilities
https://securityaffairs.com/146207/malware/rapperbot-botnet-adds-cryptojacking.html
Dynamic debugging of Dot Net without source code
https://www.reddit.com/r/netsec/comments/13hpnpg/dynamic_debugging_of_dot_net_without_source_code/
VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue, (Sun, May 14th)
https://isc.sans.edu/diary/rss/29842
VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue, (Sun, May 14th)
https://malware.news/t/vmware-aria-operations-addresses-multiple-local-privilege-escalations-and-a-deserialization-issue-sun-may-14th/69506#post_1
ISC Stormcast For Monday, May 15th, 2023 https://isc.sans.edu/podcastdetail/8496, (Mon, May 15th)
https://isc.sans.edu/diary/rss/29846
Flare-on 2022 - darn_mice - Solving 4th challenge
https://malware.news/t/flare-on-2022-darn-mice-solving-4th-challenge/69508#post_1
Capita warns customers to assume that their data was stolen
https://securityaffairs.com/146200/data-breach/capita-warns-customers.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Affairs
Security Affairs newsletter Round 419 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you
Top Security News for 16/05/2023
New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems
https://thehackernews.com/2023/05/new-michaelkors-ransomware-as-service.html
Windows 11 is showing its first signs of Rust
https://www.malwarebytes.com/blog/news/2023/05/microsoft-introduces-rust-into-kernel-in-windows-11
Missing temporal metrics (Exploit Code Maturity and Remediation Level) in certain CVEs using NVD API for CVSS v3 and v3.1
https://www.reddit.com/r/netsec/comments/13i75pc/missing_temporal_metrics_exploit_code_maturity/
A week in security (May 8-14)
https://www.malwarebytes.com/blog/news/2023/05/a-week-in-security-may-8-14
ISC StormCast for Tuesday, May 16th, 2023
https://isc.sans.edu/podcastdetail/8498
AI Hacking Games (Jailbreak CTFs)
https://www.reddit.com/r/netsec/comments/13i3k0j/ai_hacking_games_jailbreak_ctfs/
Brightly Software's online platform impacted by data breach
https://malware.news/t/brightly-softwares-online-platform-impacted-by-data-breach/69566#post_1
CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware
https://thehackernews.com/2023/05/clr-sqlshell-malware-targets-ms-sql.html
QR code phishing (noun)
https://thecyberwire.com/podcasts/word-notes/148/notes
Microsoft Security highlights from RSA Conference 2023
https://www.microsoft.com/en-us/security/blog/2023/05/15/microsoft-security-highlights-from-rsa-conference-2023/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems
https://thehackernews.com/2023/05/new-michaelkors-ransomware-as-service.html
Windows 11 is showing its first signs of Rust
https://www.malwarebytes.com/blog/news/2023/05/microsoft-introduces-rust-into-kernel-in-windows-11
Missing temporal metrics (Exploit Code Maturity and Remediation Level) in certain CVEs using NVD API for CVSS v3 and v3.1
https://www.reddit.com/r/netsec/comments/13i75pc/missing_temporal_metrics_exploit_code_maturity/
A week in security (May 8-14)
https://www.malwarebytes.com/blog/news/2023/05/a-week-in-security-may-8-14
ISC StormCast for Tuesday, May 16th, 2023
https://isc.sans.edu/podcastdetail/8498
AI Hacking Games (Jailbreak CTFs)
https://www.reddit.com/r/netsec/comments/13i3k0j/ai_hacking_games_jailbreak_ctfs/
Brightly Software's online platform impacted by data breach
https://malware.news/t/brightly-softwares-online-platform-impacted-by-data-breach/69566#post_1
CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware
https://thehackernews.com/2023/05/clr-sqlshell-malware-targets-ms-sql.html
QR code phishing (noun)
https://thecyberwire.com/podcasts/word-notes/148/notes
Microsoft Security highlights from RSA Conference 2023
https://www.microsoft.com/en-us/security/blog/2023/05/15/microsoft-security-highlights-from-rsa-conference-2023/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
ThreatDown by Malwarebytes
Windows 11 is showing its first signs of Rust
We take a look at the slow introduction of programming language Rust into the Windows 11 kernel in an effort to make it more memory safe.