Top Security News for 29/04/2023

Why Your Detection-First Security Approach Isn't Working
https://thehackernews.com/2023/04/why-your-detection-first-security.html

CVE-2022-37955: Vulnerability in Microsoft Windows Group Policy Updates Leads to Improper Link Resolution Before File Access (Privilege Escalation CWE-59)
https://www.reddit.com/r/netsec/comments/131mes1/cve202237955_vulnerability_in_microsoft_windows/

Attacks On PaperCut Servers Tied To Ransomware Groups
https://packetstormsecurity.com/news/view/34561/Attacks-On-PaperCut-Servers-Tied-To-Ransomware-Groups.html

Chinese Alloy Taurus Updates PingPull Malware
https://www.reddit.com/r/netsec/comments/131qxn8/chinese_alloy_taurus_updates_pingpull_malware/

What’s now being traded in the C2C markets. CISA would like comments on its software self-attestation form. And in Russia’s hybrid war, are there cyber war crimes, or real hacktivists?
https://thecyberwire.com/podcasts/daily-podcast/1812/notes

State of DNS Rebinding in 2023
https://www.reddit.com/r/netsec/comments/132ewi3/state_of_dns_rebinding_in_2023/

The UN's new cybercrime treaty raises human rights concerns. How China's new counter-espionage law could impact cyber business.
https://thecyberwire.com/newsletters/policy-briefing/5/82

CISA Warns of Critical Flaws in Illumina's DNA Sequencing Instruments
https://thehackernews.com/2023/04/cisa-warns-of-critical-flaws-in.html

LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities
https://www.malwarebytes.com/blog/news/2023/04/lockbit-and-cl0p-are-actively-exploiting-papercut-vulnerabilities

Breach roundup. Hackers steal more than hearts.
https://thecyberwire.com/podcasts/privacy-briefing/517/notes


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 01/05/2023

ISC StormCast for Monday, May 1st, 2023
https://isc.sans.edu/podcastdetail.html?id=8476

Update: zipdump.py Version 0.0.25
https://malware.news/t/update-zipdump-py-version-0-0-25/69074#post_1

Cybersecurity in space: not as far out as you’d think.
https://thecyberwire.com/stories/b4e997c1d2364e1180242df611d9c2a7/cybersecurity-in-space-not-as-far-out-as-youd-think

ISC Stormcast For Monday, May 1st, 2023 https://isc.sans.edu/podcastdetail.html?id=8476, (Mon, May 1st)
https://isc.sans.edu/diary/rss/29796

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition
https://securityaffairs.com/145479/breaking-news/security-affairs-newsletter-round-417.html

Elastic Security Labs discovers the LOBSHOT malware
https://www.reddit.com/r/Malware/comments/133nj1u/elastic_security_labs_discovers_the_lobshot/

Perry Carpenter: Turning composition into computing. [Strategy]
https://thecyberwire.com/podcasts/career-notes/147/notes

SANS.edu Research Journal Volume 3 Released into the Wild. https://www.sans.edu/cyber-security-research @sans_edu #cybersecurity #research, (Sun, Apr 30th)
https://malware.news/t/sans-edu-research-journal-volume-3-released-into-the-wild-https-www-sans-edu-cyber-security-research-x40-sans-x5f-edu-cybersecurity-research-sun-apr-30th/69076#post_1

Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!
https://www.reddit.com/r/netsec/comments/133s5h6/sharing_a_tool_i_developed_to_help_blue_teamers/

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets
https://securityaffairs.com/145508/hacking/att-email-accounts-hacked.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 02/05/2023

Azure DevOps CICD Pipelines - Command Injection with Parameters, Variables and a discussion on Runner hijacking
https://www.reddit.com/r/netsec/comments/134gv4v/azure_devops_cicd_pipelines_command_injection/

Is misinformation the newest malware?
https://www.csoonline.com/article/3695014/is-misinformation-the-newest-malware.html#tk.rss_all

APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails
https://thehackernews.com/2023/05/apt28-targets-ukrainian-government.html

A week in security (April 24 -30)
https://malware.news/t/a-week-in-security-april-24-30/69096#post_1

Ukraine Is Now Using Steam Decks to Control Machine Gun Turrets
https://www.vice.com/en_us/article/5d9g9z/ukraine-is-now-using-steam-decks-to-control-machine-gun-turrets

1st May – Threat Intelligence Report
https://malware.news/t/1st-may-threat-intelligence-report/69098#post_1

The hidden security risks in tech layoffs and how to mitigate them
https://www.csoonline.com/article/3695070/the-hidden-security-risks-in-tech-layoffs-and-how-to-mitigate-them.html#tk.rss_all

Get in the game for your next leadership opportunity.
https://thecyberwire.com/stories/d974309ec4264b5f9c79711cc64459a4/get-in-the-game-for-your-next-leadership-opportunity

What does ChatGPT know about phishing?
https://securelist.com/chatgpt-anti-phishing/109590/

FDA warns of biomed device vulnerability. Ransomware's effects continue at US Marshals Service fugitive tracking. US DoJ shifts to disruption of cybercrime. GRU phishing. KillNet’s ask-me-anything.
https://thecyberwire.com/podcasts/daily-podcast/1813/notes


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 03/05/2023

ISC Stormcast For Wednesday, May 3rd, 2023 https://isc.sans.edu/podcastdetail.html?id=8480, (Wed, May 3rd)
https://malware.news/t/isc-stormcast-for-wednesday-may-3rd-2023-https-isc-sans-edu-podcastdetail-html-id-8480-wed-may-3rd/69130#post_1

Ransomware recovery still underway at US Marshals Service
https://malware.news/t/ransomware-recovery-still-underway-at-us-marshals-service/69136#post_1

Rationalizing Your Hybrid Cloud Security Tools
https://securityintelligence.com/posts/rationalizing-your-hybrid-cloud-security-tools/

Veza releases access security, governance solution for SaaS applications
https://www.csoonline.com/article/3694897/veza-releases-access-security-governance-solution-for-saas-applications.html#tk.rss_all

Three Thoughts On The OT Security Workforce
https://dale-peterson.com/2023/05/02/three-thoughts-on-ot-security-workforce/?utm_source=rss&utm_medium=rss&utm_campaign=three-thoughts-on-ot-security-workforce

Windows devices under attack from novel LOBSHOT malware
https://malware.news/t/windows-devices-under-attack-from-novel-lobshot-malware/69131#post_1

Databricks platform root privilege escalation and bypassing cluster isolation
https://www.reddit.com/r/netsec/comments/135kulv/databricks_platform_root_privilege_escalation_and/

Over 500K devices compromised in malverposting campaign
https://malware.news/t/over-500k-devices-compromised-in-malverposting-campaign/69135#post_1

North Korea's ScarCruft Deploys RokRAT Malware via LNK File Infection Chains
https://thehackernews.com/2023/05/north-koreas-scarcruft-deploys-rokrat.html

NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/02-05-2023


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 04/05/2023

The AI message at RSAC was long on hype and short on specifics
https://malware.news/t/the-ai-message-at-rsac-was-long-on-hype-and-short-on-specifics/69196#post_1

Reverse engineering tricks: identifying opaque network protocols
https://www.reddit.com/r/netsec/comments/136n7bg/reverse_engineering_tricks_identifying_opaque/

Operation SpecTor: $53.4 Million Seized, 288 Vendors Arrested in Dark Web Drug Bust
https://thehackernews.com/2023/05/operation-spector-534-million-seized.html

Infostealer Embedded in a Word Document, (Thu, May 4th)
https://malware.news/t/infostealer-embedded-in-a-word-document-thu-may-4th/69197#post_1

Google rolls out passkey support across accounts on all major platforms
https://www.csoonline.com/article/3695173/google-rolls-out-passkey-support-across-accounts-on-all-major-platforms.html#tk.rss_all

GPT-4 Can’t Replace Striking TV Writers, But Studios Are Going to Try
https://www.vice.com/en_us/article/pkap3m/gpt-4-cant-replace-striking-tv-writers-but-studios-are-going-to-try

Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report
https://www.microsoft.com/en-us/security/blog/2023/05/03/forrester-names-microsoft-a-leader-in-2023-infrastructure-as-a-service-platform-native-security-report/

Vulnerability Spotlight: Vulnerabilities in IBM AIX could lead to command injection with elevated privileges
https://www.reddit.com/r/netsec/comments/136qw54/vulnerability_spotlight_vulnerabilities_in_ibm/

Your approach to efficient security compliance.
https://thecyberwire.com/podcasts/caveat/170/notes

Create slackbot using slack bolt API and Node.js
https://malware.news/t/create-slackbot-using-slack-bolt-api-and-node-js/69195#post_1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 05/05/2023

White House unveils AI rules to address safety and privacy
https://www.computerworld.com/article/3695731/white-house-unveils-ai-rules-to-address-safety-and-privacy.html#tk.rss_all

ISC Stormcast For Friday, May 5th, 2023 https://isc.sans.edu/podcastdetail.html?id=8484, (Fri, May 5th)
https://malware.news/t/isc-stormcast-for-friday-may-5th-2023-https-isc-sans-edu-podcastdetail-html-id-8484-fri-may-5th/69237#post_1

Cisco Warns of Vulnerability in Popular Phone Adapter, Urges Migration to Newer Model
https://thehackernews.com/2023/05/cisco-warns-of-vulnerability-in-popular.html

Introducing SpiderSuite: Advance web security crawler
https://www.reddit.com/r/netsec/comments/137kbsj/introducing_spidersuite_advance_web_security/

How Microsoft can help you go passwordless this World Password Day
https://www.microsoft.com/en-us/security/blog/2023/05/04/how-microsoft-can-help-you-go-passwordless-this-world-password-day/

RansomHouse attack compromises AvidXchange
https://malware.news/t/ransomhouse-attack-compromises-avidxchange/69235#post_1

Not quite an Easter egg: a new family of Trojan subscribers on Google Play
https://securelist.com/fleckpe-a-new-family-of-trojan-subscribers-on-google-play/109643/

Verified Twitter Accounts Spread Misinfo About Imminent Nuclear Strike
https://www.vice.com/en_us/article/wxjd4y/verified-twitter-accounts-spread-misinfo-about-imminent-nuclear-strike

Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service
https://thehackernews.com/2023/05/researchers-discover-3-vulnerabilities.html

ISC Stormcast For Friday, May 5th, 2023 https://isc.sans.edu/podcastdetail.html?id=8484, (Fri, May 5th)
https://isc.sans.edu/diary/rss/29812


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 06/05/2023

BrandPost: Effective Security Relies on Effective Communication
https://www.csoonline.com/article/3695848/effective-security-relies-on-effective-communication.html#tk.rss_all

Why Robot Vacuums Have Cameras (and What to Know About Them)
https://securityintelligence.com/articles/why-robot-vacuums-have-cameras-what-to-know/

Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users
https://malware.news/t/apple-releases-first-rapid-security-response-update-for-ios-ipados-and-macos-users/69270#post_1

Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN
https://thehackernews.com/2023/05/hackers-targeting-italian-corporate.html

New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks
https://thehackernews.com/2023/05/new-vulnerability-in-popular-wordpress.html

Redash SAML Authentication Bypass
https://www.reddit.com/r/netsec/comments/138gg7h/redash_saml_authentication_bypass/

Google launches entry-level cybersecurity certificate to teach threat detection skills
https://www.csoonline.com/article/3695575/google-launches-entry-level-cybersecurity-certificate-to-teach-threat-detection-skills.html#tk.rss_all

N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks
https://thehackernews.com/2023/05/n-korean-kimsuky-hackers-using-new.html

Newspaper evades Russian censors, hides news in Counter-Strike map
https://www.malwarebytes.com/blog/news/2023/05/evading-russian-media-restrictions-with-custom-video-game-maps

Phishing campaign takes the energy out of Chinese nuclear industry.
https://thecyberwire.com/podcasts/research-saturday/280/notes


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 07/05/2023

Google and Apple cooperate to address unwanted tracking
https://malware.news/t/google-and-apple-cooperate-to-address-unwanted-tracking/69279#post_1

FBI seized other domains used by the shadow eBook library Z-Library
https://securityaffairs.com/145854/cyber-crime/z-library-domains-seized.html

Google and Apple cooperate to address unwanted tracking
https://www.malwarebytes.com/blog/news/2023/05/google-and-apple-take-initiative-to-address-unwanted-tracking

Cookie Bugs - Smuggling & Injection
https://www.reddit.com/r/netsec/comments/139h4hd/cookie_bugs_smuggling_injection/

I created a GitHub repo for learning application security from scratch. It's perfect for beginners and includes a comprehensive list of reference links. But it's not complete yet! Contributors are welcome to add more details.
https://www.reddit.com/r/netsec/comments/139xxiv/i_created_a_github_repo_for_learning_application/

Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot
https://www.reddit.com/r/netsec/comments/139zv0d/dependabot_confusion_gaining_access_to_private/

Twitter confirmed that a security incident publicly exposed Circle tweets
https://securityaffairs.com/145865/social-networks/twitter-circle-security-incident.html

Twitter admits to ‘security incident’ involving Circles tweets
https://www.theguardian.com/technology/2023/may/06/twitter-admits-to-security-incident-involving-circles-tweets

Shelley Ma: The mystery behind cybersecurity. [Response Lead]
https://thecyberwire.com/podcasts/career-notes/148/notes

Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry
https://thehackernews.com/2023/05/dragon-breath-apt-group-using-double.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 08/05/2023

Quickly Finding Encoded Payloads in Office Documents, (Sun, May 7th)
https://malware.news/t/quickly-finding-encoded-payloads-in-office-documents-sun-may-7th/69281#post_1

CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
https://thehackernews.com/2023/05/cert-ua-warns-of-smokeloader-and.html

After multiple cleanings with multiple antivirus programs I still get redirected to Bing. Assistance needed!
https://www.reddit.com/r/Malware/comments/13az2kv/after_multiple_cleanings_with_multiple_antivirus/

Cybersecurity teams hampered by economic downturn
https://malware.news/t/cybersecurity-teams-hampered-by-economic-downturn/69280#post_1

Quickly Finding Encoded Payloads in Office Documents, (Sun, May 7th)
https://isc.sans.edu/diary/rss/29818

AhnLab EDR Tracks and Responds against Link File (*.lnk) Distributing RokRAT
https://malware.news/t/ahnlab-edr-tracks-and-responds-against-link-file-lnk-distributing-rokrat/69284#post_1

ISC StormCast for Monday, May 8th, 2023
https://isc.sans.edu/podcastdetail.html?id=8486

ISC Stormcast For Monday, May 8th, 2023 https://isc.sans.edu/podcastdetail.html?id=8486, (Mon, May 8th)
https://isc.sans.edu/diary/rss/29820

ISC Stormcast For Monday, May 8th, 2023 https://isc.sans.edu/podcastdetail.html?id=8486, (Mon, May 8th)
https://malware.news/t/isc-stormcast-for-monday-may-8th-2023-https-isc-sans-edu-podcastdetail-html-id-8486-mon-may-8th/69286#post_1

Three ways to leverage cyberpsychology to prevent attacks
https://malware.news/t/three-ways-to-leverage-cyberpsychology-to-prevent-attacks/69287#post_1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 10/05/2023

ISC Stormcast For Wednesday, May 10th, 2023 https://isc.sans.edu/podcastdetail.html?id=8490, (Wed, May 10th)
https://isc.sans.edu/diary/rss/29830

NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/09-05-2023

Malwarebytes releases Mobile Security for OneView to secure Chromebooks, Android, iOS devices
https://www.csoonline.com/article/3695774/malwarebytes-releases-mobile-security-for-oneview-to-secure-chromebooks-android-ios-devices.html#tk.rss_all

U.S. Authorities Seize 13 Domains Offering Criminal DDoS-for-Hire Services
https://thehackernews.com/2023/05/us-authorities-seize-13-domains.html

Passwordless authentication gaining traction among IT leaders
https://malware.news/t/passwordless-authentication-gaining-traction-among-it-leaders/69388#post_1

Ransomware attack on MSI led to compromised Intel Boot Guard private keys
https://www.malwarebytes.com/blog/news/2023/05/ransomware-attack-on-msi-led-to-compromised-intel-boot-guard-private-keys

Unwarranted Confidence On Mount Stupid
https://dale-peterson.com/2023/05/09/unwarranted-confidence-on-mount-stupid/?utm_source=rss&utm_medium=rss&utm_campaign=unwarranted-confidence-on-mount-stupid

Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet
https://securityaffairs.com/145980/cyber-crime/andoryubot-ddos-botnet.html

Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug
https://thehackernews.com/2023/05/microsofts-may-patch-tuesday-fixes-38.html

Is Your Cybersecurity “Too” Good?
https://securityintelligence.com/articles/is-your-cybersecurity-too-good/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 11/05/2023

IBM unveils end-to-end, quantum-safe tools to secure business, government data
https://www.csoonline.com/article/3695538/ibm-unveils-end-to-end-quantum-safe-tools-to-secure-business-government-data.html#tk.rss_all

Google Announces New Privacy, Safety, and Security Features Across Its Services
https://thehackernews.com/2023/05/google-announces-new-privacy-safety-and.html

Latest Developments in Unblob (Firmware Extraction Tool)
https://www.reddit.com/r/netsec/comments/13disgk/latest_developments_in_unblob_firmware_extraction/

Shareholder Arrested After Ranting at Warren Buffet for His Contributions to 'Woke Culture'
https://www.vice.com/en_us/article/ak3vp5/shareholder-arrested-after-ranting-at-warren-buffet-for-his-contributions-to-woke-culture

Stockfish, a very popular chess engine, has a buffer overflow vulnerability due to unsanatized input
https://www.reddit.com/r/netsec/comments/13dod03/stockfish_a_very_popular_chess_engine_has_a/

Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users
https://thehackernews.com/2023/05/twitter-finally-rolling-out-encrypted.html

Dell pushes security, devops integration in storage updates
https://www.networkworld.com/article/3696269/dell-pushes-security-devops-integration-in-storage-updates.html#tk.rss_all

Navigating mobile malware trends: Crucial insights and predictions for MSPs
https://www.malwarebytes.com/blog/business/2023/05/navigating-mobile-malware-trends-crucial-insights-and-predictions-for-msps

GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets
https://thehackernews.com/2023/05/github-extends-push-protection-to.html

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft
https://thehackernews.com/2023/05/experts-detail-new-zero-click-windows.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 12/05/2023

Ransomware and social engineering trends. Expired certificate addressed. Ransomware groups target schools. Cyber updates in the hybrid war.
https://thecyberwire.com/podcasts/daily-podcast/1821/notes

Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems
https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html

New ransomware trends in 2023
https://securelist.com/new-ransomware-trends-in-2023/109660/

New DownEx malware campaign targets Central Asia
https://www.csoonline.com/article/3696429/new-downex-malware-campaign-targets-central-asia.html#tk.rss_all

Open Operational Technology Testing Guide (OOTTG)
https://www.reddit.com/r/netsec/comments/13ehg4d/open_operational_technology_testing_guide_oottg/

Volcanoes, resources, and living space in the world island. Bypassing censorship. Victory Day reviewed. Not disinformation, but persuasion.
https://thecyberwire.com/newsletters/disinformation-briefing/5/19

Healthcare cyberattacks cited in call to renew pandemic preparedness law
https://malware.news/t/healthcare-cyberattacks-cited-in-call-to-renew-pandemic-preparedness-law/69460#post_1

VOLUME 39 OF THE HACKER DIGEST RELEASED
https://www.2600.com/content/volume-39-hacker-digest-released

On Ashton Kutcher and Secure Multi-Party Computation
https://www.reddit.com/r/netsec/comments/13ett6a/on_ashton_kutcher_and_secure_multiparty/

ISC StormCast for Friday, May 12th, 2023
https://isc.sans.edu/podcastdetail/8494


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 14/05/2023

All roads lead back to Wuhan… Xiaoruizhi Science and Technology Company
https://malware.news/t/all-roads-lead-back-to-wuhan-xiaoruizhi-science-and-technology-company/69505#post_1

Personal info of 90k hikers leaked by French tourism company La Malle Postale
https://securityaffairs.com/146191/data-breach/personal-info-of-90k-hikers-leaked-by-french-tourism-company-la-malle-postale.html

Crypter .Net/Native
https://0x00sec.org/t/crypter-net-native/35035

First Look: Ghidra 10.3 Emulator
https://www.reddit.com/r/netsec/comments/13gnfat/first_look_ghidra_103_emulator/

Intel Issues New CPU Microcode Going Back To Gen8 For New, Undisclosed Security Updates
https://www.reddit.com/r/netsec/comments/13ghgpr/intel_issues_new_cpu_microcode_going_back_to_gen8/

Data of more than 2M Toyota customers exposed in ten years-long data breach
https://securityaffairs.com/146178/data-breach/toyota-10-years-data-breach.html

Google adds unwanted tracker detection to Find My Device network
https://www.malwarebytes.com/blog/news/2023/05/google-adds-unwanted-tracker-detection-to-find-my-device-network

Steve Benton: Mixing like a DJ. [VP]
https://thecyberwire.com/podcasts/career-notes/149/notes

Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol
https://securityaffairs.com/146166/malware/checkmate-ransomware-file-sharing.html

Anonymous Sudan Targets Israeli Citizens, Leaks Info-stealers Data
https://www.reddit.com/r/Malware/comments/13gh2og/anonymous_sudan_targets_israeli_citizens_leaks/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 15/05/2023

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition
https://securityaffairs.com/146195/breaking-news/security-affairs-newsletter-round-419.html

LokiLocker, a Ransomware Similar to BlackBit Being Distributed in Korea
https://malware.news/t/lokilocker-a-ransomware-similar-to-blackbit-being-distributed-in-korea/69511#post_1

Having trouble with evilginx2, need help
https://0x00sec.org/t/having-trouble-with-evilginx2-need-help/35055

The latest variant of the RapperBot botnet adds cryptojacking capabilities
https://securityaffairs.com/146207/malware/rapperbot-botnet-adds-cryptojacking.html

Dynamic debugging of Dot Net without source code
https://www.reddit.com/r/netsec/comments/13hpnpg/dynamic_debugging_of_dot_net_without_source_code/

VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue, (Sun, May 14th)
https://isc.sans.edu/diary/rss/29842

VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue, (Sun, May 14th)
https://malware.news/t/vmware-aria-operations-addresses-multiple-local-privilege-escalations-and-a-deserialization-issue-sun-may-14th/69506#post_1

ISC Stormcast For Monday, May 15th, 2023 https://isc.sans.edu/podcastdetail/8496, (Mon, May 15th)
https://isc.sans.edu/diary/rss/29846

Flare-on 2022 - darn_mice - Solving 4th challenge
https://malware.news/t/flare-on-2022-darn-mice-solving-4th-challenge/69508#post_1

Capita warns customers to assume that their data was stolen
https://securityaffairs.com/146200/data-breach/capita-warns-customers.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 16/05/2023

New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems
https://thehackernews.com/2023/05/new-michaelkors-ransomware-as-service.html

Windows 11 is showing its first signs of Rust
https://www.malwarebytes.com/blog/news/2023/05/microsoft-introduces-rust-into-kernel-in-windows-11

Missing temporal metrics (Exploit Code Maturity and Remediation Level) in certain CVEs using NVD API for CVSS v3 and v3.1
https://www.reddit.com/r/netsec/comments/13i75pc/missing_temporal_metrics_exploit_code_maturity/

A week in security (May 8-14)
https://www.malwarebytes.com/blog/news/2023/05/a-week-in-security-may-8-14

ISC StormCast for Tuesday, May 16th, 2023
https://isc.sans.edu/podcastdetail/8498

AI Hacking Games (Jailbreak CTFs)
https://www.reddit.com/r/netsec/comments/13i3k0j/ai_hacking_games_jailbreak_ctfs/

Brightly Software's online platform impacted by data breach
https://malware.news/t/brightly-softwares-online-platform-impacted-by-data-breach/69566#post_1

CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware
https://thehackernews.com/2023/05/clr-sqlshell-malware-targets-ms-sql.html

QR code phishing (noun)
https://thecyberwire.com/podcasts/word-notes/148/notes

Microsoft Security highlights from RSA Conference 2023
https://www.microsoft.com/en-us/security/blog/2023/05/15/microsoft-security-highlights-from-rsa-conference-2023/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 17/05/2023

University admission platform Leverage EDU exposed student passports
https://securityaffairs.com/146329/data-breach/university-admission-platform-leverage-edu-exposed-student-passports.html

Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems
https://thehackernews.com/2023/05/hackers-using-golang-variant-of-cobalt.html

Microsoft Is Scanning The Inside Of Password Protected Zip Files For Malware
https://packetstormsecurity.com/news/view/34624/Microsoft-Is-Scanning-The-Inside-Of-Password-Protected-Zip-Files-For-Malware.html

The nature of cyberincidents in 2022
https://securelist.com/kaspersky-incident-response-report-2022/109680/

Aqua Security releases Real-Time CSPM to tackle multi-cloud security risks
https://www.csoonline.com/article/3696355/aqua-security-releases-real-time-cspm-to-tackle-multi-cloud-security-risks.html#tk.rss_all

Increase in Malicious RAR SFX files, (Wed, May 17th)
https://isc.sans.edu/diary/rss/29852

U.S. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator
https://thehackernews.com/2023/05/us-offers-10-million-bounty-for-capture.html

web2shell - Automate converting webshells into reverse shells
https://www.reddit.com/r/netsec/comments/13jiur8/web2shell_automate_converting_webshells_into/

Arnica's real-time, code-risk scanning tools aim to secure supply chain
https://www.csoonline.com/article/3696436/arnicas-real-time-code-risk-scanning-tools-aim-to-secure-supply-chain.html#tk.rss_all

ISC StormCast for Wednesday, May 17th, 2023
https://isc.sans.edu/podcastdetail/8500


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 18/05/2023

Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover
https://thehackernews.com/2023/05/threat-group-unc3944-abusing-azure.html

(Duplicate from /r/redteamsec) Active Directory Spotlight: Attacking The Microsoft Configuration Manager (SCCM/MECM)
https://www.reddit.com/r/netsec/comments/13k0u58/duplicate_from_rredteamsec_active_directory/

Emerging information-stealing malware families examined
https://malware.news/t/emerging-information-stealing-malware-families-examined/69682#post_1

In the wake of layoffs, how to solve the security issues off-boarding creates
https://malware.news/t/in-the-wake-of-layoffs-how-to-solve-the-security-issues-off-boarding-creates/69689#post_1

State-Sponsored Sidewinder Hacker Group's Covert Attack Infrastructure Uncovered
https://thehackernews.com/2023/05/state-sponsored-sidewinder-hacker.html

ISC Stormcast For Thursday, May 18th, 2023 https://isc.sans.edu/podcastdetail/8502, (Thu, May 18th)
https://isc.sans.edu/diary/rss/29856

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack
https://securityaffairs.com/146317/hacking/teltonika-industrial-cellular-routers-flaws.html

“Malverposting” — With Over 500K Estimated Infections, Facebook Ads Fuel This Evolving Stealer Campaign
https://www.reddit.com/r/netsec/comments/13jynqh/malverposting_with_over_500k_estimated_infections/

Shadow API threats, attacks spike
https://malware.news/t/shadow-api-threats-attacks-spike/69686#post_1

Researchers show ways to abuse Microsoft Teams accounts for lateral movement
https://www.csoonline.com/article/3696969/researchers-show-ways-to-abuse-microsoft-teams-accounts-for-lateral-movement.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 19/05/2023

ISC Stormcast For Friday, May 19th, 2023 https://isc.sans.edu/podcastdetail/8504, (Fri, May 19th)
https://isc.sans.edu/diary/rss/29862

Zip domains, a bad idea nobody asked for
https://www.malwarebytes.com/blog/news/2023/05/zip-domains

KeePass vulnerability allows attackers to access the master password
https://www.malwarebytes.com/blog/news/2023/05/keepass-vulnerability-allows-attackers-to-access-the-master-password

Three ways to improve collaborative risk management
https://malware.news/t/three-ways-to-improve-collaborative-risk-management/69726#post_1

Apple Thwarts $2 Billion in App Store Fraud, Rejects 1.7 Million App Submissions
https://thehackernews.com/2023/05/apple-thwarts-2-billion-in-app-store.html

Off-Boarding Cloud Builders and Security Practioners Poses Challenges for Companies With Cloud Environments
https://www.reddit.com/r/netsec/comments/13l5lax/offboarding_cloud_builders_and_security/

OX Security adds ChatGPT plugin for AppSec
https://www.csoonline.com/article/3697148/ox-security-adds-chatgpt-plugin-for-appsec.html#tk.rss_all

OSINT Industries - 180+ modules to do OSINT from an email address, free beta
https://www.reddit.com/r/netsec/comments/13lby3c/osint_industries_180_modules_to_do_osint_from_an/

APT attacks: Exploring Advanced Persistent Threats and their evasive techniques
https://www.malwarebytes.com/blog/business/2023/05/apt-attacks-exploring-advanced-persistent-threats-and-their-evasive-techniques

HEAT and EASM: What to Know About the Top Acronyms at RSA
https://securityintelligence.com/articles/heat-and-easm-what-to-know-top-acronyms-at-rsa/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 20/05/2023

Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware
https://thehackernews.com/2023/05/developer-alert-npm-packages-for-nodejs.html

Apple releases fixes for three zero-day exploits in Macs, iPhones
https://malware.news/t/apple-releases-fixes-for-three-zero-day-exploits-in-macs-iphones/69744#post_1

Release 0.2 · PyCript BurpSuite Extension
https://www.reddit.com/r/netsec/comments/13m24d8/release_02_pycript_burpsuite_extension/

Legitimate looking npm packages found hosting TurkoRat infostealer
https://www.csoonline.com/article/3697001/legitimate-looking-npm-packages-found-hosting-turkorat-infostealer.html#tk.rss_all

Fertility app overshared, the FTC alleges. Dunghill ransomware compromises Gentex data.
https://thecyberwire.com/podcasts/privacy-briefing/532/notes

[Control systems] Johnson Controls security advisory (AV23-282)
https://malware.news/t/control-systems-johnson-controls-security-advisory-av23-282/69748#post_1

Fertility app overshared, the FTC alleges. Dunghill ransomware compromises Gentex data.
https://thecyberwire.com/newsletters/privacy-briefing/5/97

Educating Your Board of Directors on Cybersecurity
https://securityintelligence.com/articles/educating-your-board-of-directors-on-cybersecurity/

Dr. Active Directory vs. Mr. Exposed Attack Surface: Who'll Win This Fight?
https://thehackernews.com/2023/05/dr-active-directory-vs-mr-exposed.html

Section 230 remains intact. FTC warns of biometric misuse. Satellite cybersecurity bill advances in the US Senate.
https://thecyberwire.com/newsletters/policy-briefing/5/97


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 21/05/2023

SparkRAT Being Distributed Within a Korean VPN Installer
https://www.reddit.com/r/Malware/comments/13my6l8/sparkrat_being_distributed_within_a_korean_vpn/

Being accused of triggering a ransomware attack...
https://www.reddit.com/r/Malware/comments/13mq3gx/being_accused_of_triggering_a_ransomware_attack/

Old Oracle WebLogic vulnerability leveraged in cryptomining attacks
https://malware.news/t/old-oracle-weblogic-vulnerability-leveraged-in-cryptomining-attacks/69752#post_1

PoC for Decrypting SAP Cloud Connector SSFS: Utilizing 'getRecord' Function to Decrypt SSFS Properties without Information of Encryption Algorithm
https://www.reddit.com/r/netsec/comments/13mwlse/poc_for_decrypting_sap_cloud_connector_ssfs/

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware
https://securityaffairs.com/146465/cyber-crime/fin7-delivering-clop-ransomware.html

Phishing Kit Collecting Victim's IP Address, (Sat, May 20th)
https://malware.news/t/phishing-kit-collecting-victims-ip-address-sat-may-20th/69750#post_1

Who says the perfect heist doesn't exist?
https://thecyberwire.com/podcasts/hacking-humans-goes-to-the-movies/19/notes

SFX Gateway removal
https://www.reddit.com/r/Malware/comments/13mzfmu/sfx_gateway_removal/

Millions of Android devices pre-installed with Guerilla malware
https://malware.news/t/millions-of-android-devices-pre-installed-with-guerilla-malware/69753#post_1

US CISA warns of a Samsung vulnerability under active exploitation
https://securityaffairs.com/146457/security/cisa-warns-samsung-flaw.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 22/05/2023

PyPI Repository temporarily suspends user sign-ups and package uploads due to ongoing attacks
https://securityaffairs.com/146488/cyber-crime/pypi-repository-suspends-sign-ups-package-uploads.html

PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted
https://thehackernews.com/2023/05/pypi-repository-under-attack-user-sign.html

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition
https://securityaffairs.com/146483/breaking-news/security-affairs-newsletter-round-420.html

ISC StormCast for Monday, May 22nd, 2023
https://isc.sans.edu/podcastdetail/8506

Distribution of Remcos RAT Exploiting sqlps.exe Utility of MS-SQL Servers
https://malware.news/t/distribution-of-remcos-rat-exploiting-sqlps-exe-utility-of-ms-sql-servers/69760#post_1

How the ILOVEYOU worm exposed human beings as the Achilles Heel of cybersecurity
https://malware.news/t/how-the-iloveyou-worm-exposed-human-beings-as-the-achilles-heel-of-cybersecurity/69764#post_1

Cybersecurity moneyball: First principles applied to the workforce gap.
https://thecyberwire.com/podcasts/cso-perspectives/104/notes

Another Malicious HTA File Analysis - Part 3, (Sun, May 21st)
https://malware.news/t/another-malicious-hta-file-analysis-part-3-sun-may-21st/69759#post_1

Ransomware with known Registry Persistence
https://www.reddit.com/r/Malware/comments/13nwu1c/ransomware_with_known_registry_persistence/

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer
https://securityaffairs.com/146496/malware/batloader-campaign-impersonates-chatgpt-midjourney.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman