Top Security News for 06/05/2023

BrandPost: Effective Security Relies on Effective Communication
https://www.csoonline.com/article/3695848/effective-security-relies-on-effective-communication.html#tk.rss_all

Why Robot Vacuums Have Cameras (and What to Know About Them)
https://securityintelligence.com/articles/why-robot-vacuums-have-cameras-what-to-know/

Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users
https://malware.news/t/apple-releases-first-rapid-security-response-update-for-ios-ipados-and-macos-users/69270#post_1

Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN
https://thehackernews.com/2023/05/hackers-targeting-italian-corporate.html

New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks
https://thehackernews.com/2023/05/new-vulnerability-in-popular-wordpress.html

Redash SAML Authentication Bypass
https://www.reddit.com/r/netsec/comments/138gg7h/redash_saml_authentication_bypass/

Google launches entry-level cybersecurity certificate to teach threat detection skills
https://www.csoonline.com/article/3695575/google-launches-entry-level-cybersecurity-certificate-to-teach-threat-detection-skills.html#tk.rss_all

N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks
https://thehackernews.com/2023/05/n-korean-kimsuky-hackers-using-new.html

Newspaper evades Russian censors, hides news in Counter-Strike map
https://www.malwarebytes.com/blog/news/2023/05/evading-russian-media-restrictions-with-custom-video-game-maps

Phishing campaign takes the energy out of Chinese nuclear industry.
https://thecyberwire.com/podcasts/research-saturday/280/notes


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 07/05/2023

Google and Apple cooperate to address unwanted tracking
https://malware.news/t/google-and-apple-cooperate-to-address-unwanted-tracking/69279#post_1

FBI seized other domains used by the shadow eBook library Z-Library
https://securityaffairs.com/145854/cyber-crime/z-library-domains-seized.html

Google and Apple cooperate to address unwanted tracking
https://www.malwarebytes.com/blog/news/2023/05/google-and-apple-take-initiative-to-address-unwanted-tracking

Cookie Bugs - Smuggling & Injection
https://www.reddit.com/r/netsec/comments/139h4hd/cookie_bugs_smuggling_injection/

I created a GitHub repo for learning application security from scratch. It's perfect for beginners and includes a comprehensive list of reference links. But it's not complete yet! Contributors are welcome to add more details.
https://www.reddit.com/r/netsec/comments/139xxiv/i_created_a_github_repo_for_learning_application/

Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot
https://www.reddit.com/r/netsec/comments/139zv0d/dependabot_confusion_gaining_access_to_private/

Twitter confirmed that a security incident publicly exposed Circle tweets
https://securityaffairs.com/145865/social-networks/twitter-circle-security-incident.html

Twitter admits to ‘security incident’ involving Circles tweets
https://www.theguardian.com/technology/2023/may/06/twitter-admits-to-security-incident-involving-circles-tweets

Shelley Ma: The mystery behind cybersecurity. [Response Lead]
https://thecyberwire.com/podcasts/career-notes/148/notes

Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry
https://thehackernews.com/2023/05/dragon-breath-apt-group-using-double.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 08/05/2023

Quickly Finding Encoded Payloads in Office Documents, (Sun, May 7th)
https://malware.news/t/quickly-finding-encoded-payloads-in-office-documents-sun-may-7th/69281#post_1

CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
https://thehackernews.com/2023/05/cert-ua-warns-of-smokeloader-and.html

After multiple cleanings with multiple antivirus programs I still get redirected to Bing. Assistance needed!
https://www.reddit.com/r/Malware/comments/13az2kv/after_multiple_cleanings_with_multiple_antivirus/

Cybersecurity teams hampered by economic downturn
https://malware.news/t/cybersecurity-teams-hampered-by-economic-downturn/69280#post_1

Quickly Finding Encoded Payloads in Office Documents, (Sun, May 7th)
https://isc.sans.edu/diary/rss/29818

AhnLab EDR Tracks and Responds against Link File (*.lnk) Distributing RokRAT
https://malware.news/t/ahnlab-edr-tracks-and-responds-against-link-file-lnk-distributing-rokrat/69284#post_1

ISC StormCast for Monday, May 8th, 2023
https://isc.sans.edu/podcastdetail.html?id=8486

ISC Stormcast For Monday, May 8th, 2023 https://isc.sans.edu/podcastdetail.html?id=8486, (Mon, May 8th)
https://isc.sans.edu/diary/rss/29820

ISC Stormcast For Monday, May 8th, 2023 https://isc.sans.edu/podcastdetail.html?id=8486, (Mon, May 8th)
https://malware.news/t/isc-stormcast-for-monday-may-8th-2023-https-isc-sans-edu-podcastdetail-html-id-8486-mon-may-8th/69286#post_1

Three ways to leverage cyberpsychology to prevent attacks
https://malware.news/t/three-ways-to-leverage-cyberpsychology-to-prevent-attacks/69287#post_1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 10/05/2023

ISC Stormcast For Wednesday, May 10th, 2023 https://isc.sans.edu/podcastdetail.html?id=8490, (Wed, May 10th)
https://isc.sans.edu/diary/rss/29830

NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/09-05-2023

Malwarebytes releases Mobile Security for OneView to secure Chromebooks, Android, iOS devices
https://www.csoonline.com/article/3695774/malwarebytes-releases-mobile-security-for-oneview-to-secure-chromebooks-android-ios-devices.html#tk.rss_all

U.S. Authorities Seize 13 Domains Offering Criminal DDoS-for-Hire Services
https://thehackernews.com/2023/05/us-authorities-seize-13-domains.html

Passwordless authentication gaining traction among IT leaders
https://malware.news/t/passwordless-authentication-gaining-traction-among-it-leaders/69388#post_1

Ransomware attack on MSI led to compromised Intel Boot Guard private keys
https://www.malwarebytes.com/blog/news/2023/05/ransomware-attack-on-msi-led-to-compromised-intel-boot-guard-private-keys

Unwarranted Confidence On Mount Stupid
https://dale-peterson.com/2023/05/09/unwarranted-confidence-on-mount-stupid/?utm_source=rss&utm_medium=rss&utm_campaign=unwarranted-confidence-on-mount-stupid

Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet
https://securityaffairs.com/145980/cyber-crime/andoryubot-ddos-botnet.html

Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug
https://thehackernews.com/2023/05/microsofts-may-patch-tuesday-fixes-38.html

Is Your Cybersecurity “Too” Good?
https://securityintelligence.com/articles/is-your-cybersecurity-too-good/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 11/05/2023

IBM unveils end-to-end, quantum-safe tools to secure business, government data
https://www.csoonline.com/article/3695538/ibm-unveils-end-to-end-quantum-safe-tools-to-secure-business-government-data.html#tk.rss_all

Google Announces New Privacy, Safety, and Security Features Across Its Services
https://thehackernews.com/2023/05/google-announces-new-privacy-safety-and.html

Latest Developments in Unblob (Firmware Extraction Tool)
https://www.reddit.com/r/netsec/comments/13disgk/latest_developments_in_unblob_firmware_extraction/

Shareholder Arrested After Ranting at Warren Buffet for His Contributions to 'Woke Culture'
https://www.vice.com/en_us/article/ak3vp5/shareholder-arrested-after-ranting-at-warren-buffet-for-his-contributions-to-woke-culture

Stockfish, a very popular chess engine, has a buffer overflow vulnerability due to unsanatized input
https://www.reddit.com/r/netsec/comments/13dod03/stockfish_a_very_popular_chess_engine_has_a/

Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users
https://thehackernews.com/2023/05/twitter-finally-rolling-out-encrypted.html

Dell pushes security, devops integration in storage updates
https://www.networkworld.com/article/3696269/dell-pushes-security-devops-integration-in-storage-updates.html#tk.rss_all

Navigating mobile malware trends: Crucial insights and predictions for MSPs
https://www.malwarebytes.com/blog/business/2023/05/navigating-mobile-malware-trends-crucial-insights-and-predictions-for-msps

GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets
https://thehackernews.com/2023/05/github-extends-push-protection-to.html

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft
https://thehackernews.com/2023/05/experts-detail-new-zero-click-windows.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 12/05/2023

Ransomware and social engineering trends. Expired certificate addressed. Ransomware groups target schools. Cyber updates in the hybrid war.
https://thecyberwire.com/podcasts/daily-podcast/1821/notes

Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems
https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html

New ransomware trends in 2023
https://securelist.com/new-ransomware-trends-in-2023/109660/

New DownEx malware campaign targets Central Asia
https://www.csoonline.com/article/3696429/new-downex-malware-campaign-targets-central-asia.html#tk.rss_all

Open Operational Technology Testing Guide (OOTTG)
https://www.reddit.com/r/netsec/comments/13ehg4d/open_operational_technology_testing_guide_oottg/

Volcanoes, resources, and living space in the world island. Bypassing censorship. Victory Day reviewed. Not disinformation, but persuasion.
https://thecyberwire.com/newsletters/disinformation-briefing/5/19

Healthcare cyberattacks cited in call to renew pandemic preparedness law
https://malware.news/t/healthcare-cyberattacks-cited-in-call-to-renew-pandemic-preparedness-law/69460#post_1

VOLUME 39 OF THE HACKER DIGEST RELEASED
https://www.2600.com/content/volume-39-hacker-digest-released

On Ashton Kutcher and Secure Multi-Party Computation
https://www.reddit.com/r/netsec/comments/13ett6a/on_ashton_kutcher_and_secure_multiparty/

ISC StormCast for Friday, May 12th, 2023
https://isc.sans.edu/podcastdetail/8494


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 14/05/2023

All roads lead back to Wuhan… Xiaoruizhi Science and Technology Company
https://malware.news/t/all-roads-lead-back-to-wuhan-xiaoruizhi-science-and-technology-company/69505#post_1

Personal info of 90k hikers leaked by French tourism company La Malle Postale
https://securityaffairs.com/146191/data-breach/personal-info-of-90k-hikers-leaked-by-french-tourism-company-la-malle-postale.html

Crypter .Net/Native
https://0x00sec.org/t/crypter-net-native/35035

First Look: Ghidra 10.3 Emulator
https://www.reddit.com/r/netsec/comments/13gnfat/first_look_ghidra_103_emulator/

Intel Issues New CPU Microcode Going Back To Gen8 For New, Undisclosed Security Updates
https://www.reddit.com/r/netsec/comments/13ghgpr/intel_issues_new_cpu_microcode_going_back_to_gen8/

Data of more than 2M Toyota customers exposed in ten years-long data breach
https://securityaffairs.com/146178/data-breach/toyota-10-years-data-breach.html

Google adds unwanted tracker detection to Find My Device network
https://www.malwarebytes.com/blog/news/2023/05/google-adds-unwanted-tracker-detection-to-find-my-device-network

Steve Benton: Mixing like a DJ. [VP]
https://thecyberwire.com/podcasts/career-notes/149/notes

Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol
https://securityaffairs.com/146166/malware/checkmate-ransomware-file-sharing.html

Anonymous Sudan Targets Israeli Citizens, Leaks Info-stealers Data
https://www.reddit.com/r/Malware/comments/13gh2og/anonymous_sudan_targets_israeli_citizens_leaks/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 15/05/2023

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition
https://securityaffairs.com/146195/breaking-news/security-affairs-newsletter-round-419.html

LokiLocker, a Ransomware Similar to BlackBit Being Distributed in Korea
https://malware.news/t/lokilocker-a-ransomware-similar-to-blackbit-being-distributed-in-korea/69511#post_1

Having trouble with evilginx2, need help
https://0x00sec.org/t/having-trouble-with-evilginx2-need-help/35055

The latest variant of the RapperBot botnet adds cryptojacking capabilities
https://securityaffairs.com/146207/malware/rapperbot-botnet-adds-cryptojacking.html

Dynamic debugging of Dot Net without source code
https://www.reddit.com/r/netsec/comments/13hpnpg/dynamic_debugging_of_dot_net_without_source_code/

VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue, (Sun, May 14th)
https://isc.sans.edu/diary/rss/29842

VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue, (Sun, May 14th)
https://malware.news/t/vmware-aria-operations-addresses-multiple-local-privilege-escalations-and-a-deserialization-issue-sun-may-14th/69506#post_1

ISC Stormcast For Monday, May 15th, 2023 https://isc.sans.edu/podcastdetail/8496, (Mon, May 15th)
https://isc.sans.edu/diary/rss/29846

Flare-on 2022 - darn_mice - Solving 4th challenge
https://malware.news/t/flare-on-2022-darn-mice-solving-4th-challenge/69508#post_1

Capita warns customers to assume that their data was stolen
https://securityaffairs.com/146200/data-breach/capita-warns-customers.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 16/05/2023

New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems
https://thehackernews.com/2023/05/new-michaelkors-ransomware-as-service.html

Windows 11 is showing its first signs of Rust
https://www.malwarebytes.com/blog/news/2023/05/microsoft-introduces-rust-into-kernel-in-windows-11

Missing temporal metrics (Exploit Code Maturity and Remediation Level) in certain CVEs using NVD API for CVSS v3 and v3.1
https://www.reddit.com/r/netsec/comments/13i75pc/missing_temporal_metrics_exploit_code_maturity/

A week in security (May 8-14)
https://www.malwarebytes.com/blog/news/2023/05/a-week-in-security-may-8-14

ISC StormCast for Tuesday, May 16th, 2023
https://isc.sans.edu/podcastdetail/8498

AI Hacking Games (Jailbreak CTFs)
https://www.reddit.com/r/netsec/comments/13i3k0j/ai_hacking_games_jailbreak_ctfs/

Brightly Software's online platform impacted by data breach
https://malware.news/t/brightly-softwares-online-platform-impacted-by-data-breach/69566#post_1

CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware
https://thehackernews.com/2023/05/clr-sqlshell-malware-targets-ms-sql.html

QR code phishing (noun)
https://thecyberwire.com/podcasts/word-notes/148/notes

Microsoft Security highlights from RSA Conference 2023
https://www.microsoft.com/en-us/security/blog/2023/05/15/microsoft-security-highlights-from-rsa-conference-2023/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 17/05/2023

University admission platform Leverage EDU exposed student passports
https://securityaffairs.com/146329/data-breach/university-admission-platform-leverage-edu-exposed-student-passports.html

Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems
https://thehackernews.com/2023/05/hackers-using-golang-variant-of-cobalt.html

Microsoft Is Scanning The Inside Of Password Protected Zip Files For Malware
https://packetstormsecurity.com/news/view/34624/Microsoft-Is-Scanning-The-Inside-Of-Password-Protected-Zip-Files-For-Malware.html

The nature of cyberincidents in 2022
https://securelist.com/kaspersky-incident-response-report-2022/109680/

Aqua Security releases Real-Time CSPM to tackle multi-cloud security risks
https://www.csoonline.com/article/3696355/aqua-security-releases-real-time-cspm-to-tackle-multi-cloud-security-risks.html#tk.rss_all

Increase in Malicious RAR SFX files, (Wed, May 17th)
https://isc.sans.edu/diary/rss/29852

U.S. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator
https://thehackernews.com/2023/05/us-offers-10-million-bounty-for-capture.html

web2shell - Automate converting webshells into reverse shells
https://www.reddit.com/r/netsec/comments/13jiur8/web2shell_automate_converting_webshells_into/

Arnica's real-time, code-risk scanning tools aim to secure supply chain
https://www.csoonline.com/article/3696436/arnicas-real-time-code-risk-scanning-tools-aim-to-secure-supply-chain.html#tk.rss_all

ISC StormCast for Wednesday, May 17th, 2023
https://isc.sans.edu/podcastdetail/8500


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 18/05/2023

Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover
https://thehackernews.com/2023/05/threat-group-unc3944-abusing-azure.html

(Duplicate from /r/redteamsec) Active Directory Spotlight: Attacking The Microsoft Configuration Manager (SCCM/MECM)
https://www.reddit.com/r/netsec/comments/13k0u58/duplicate_from_rredteamsec_active_directory/

Emerging information-stealing malware families examined
https://malware.news/t/emerging-information-stealing-malware-families-examined/69682#post_1

In the wake of layoffs, how to solve the security issues off-boarding creates
https://malware.news/t/in-the-wake-of-layoffs-how-to-solve-the-security-issues-off-boarding-creates/69689#post_1

State-Sponsored Sidewinder Hacker Group's Covert Attack Infrastructure Uncovered
https://thehackernews.com/2023/05/state-sponsored-sidewinder-hacker.html

ISC Stormcast For Thursday, May 18th, 2023 https://isc.sans.edu/podcastdetail/8502, (Thu, May 18th)
https://isc.sans.edu/diary/rss/29856

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack
https://securityaffairs.com/146317/hacking/teltonika-industrial-cellular-routers-flaws.html

“Malverposting” — With Over 500K Estimated Infections, Facebook Ads Fuel This Evolving Stealer Campaign
https://www.reddit.com/r/netsec/comments/13jynqh/malverposting_with_over_500k_estimated_infections/

Shadow API threats, attacks spike
https://malware.news/t/shadow-api-threats-attacks-spike/69686#post_1

Researchers show ways to abuse Microsoft Teams accounts for lateral movement
https://www.csoonline.com/article/3696969/researchers-show-ways-to-abuse-microsoft-teams-accounts-for-lateral-movement.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 19/05/2023

ISC Stormcast For Friday, May 19th, 2023 https://isc.sans.edu/podcastdetail/8504, (Fri, May 19th)
https://isc.sans.edu/diary/rss/29862

Zip domains, a bad idea nobody asked for
https://www.malwarebytes.com/blog/news/2023/05/zip-domains

KeePass vulnerability allows attackers to access the master password
https://www.malwarebytes.com/blog/news/2023/05/keepass-vulnerability-allows-attackers-to-access-the-master-password

Three ways to improve collaborative risk management
https://malware.news/t/three-ways-to-improve-collaborative-risk-management/69726#post_1

Apple Thwarts $2 Billion in App Store Fraud, Rejects 1.7 Million App Submissions
https://thehackernews.com/2023/05/apple-thwarts-2-billion-in-app-store.html

Off-Boarding Cloud Builders and Security Practioners Poses Challenges for Companies With Cloud Environments
https://www.reddit.com/r/netsec/comments/13l5lax/offboarding_cloud_builders_and_security/

OX Security adds ChatGPT plugin for AppSec
https://www.csoonline.com/article/3697148/ox-security-adds-chatgpt-plugin-for-appsec.html#tk.rss_all

OSINT Industries - 180+ modules to do OSINT from an email address, free beta
https://www.reddit.com/r/netsec/comments/13lby3c/osint_industries_180_modules_to_do_osint_from_an/

APT attacks: Exploring Advanced Persistent Threats and their evasive techniques
https://www.malwarebytes.com/blog/business/2023/05/apt-attacks-exploring-advanced-persistent-threats-and-their-evasive-techniques

HEAT and EASM: What to Know About the Top Acronyms at RSA
https://securityintelligence.com/articles/heat-and-easm-what-to-know-top-acronyms-at-rsa/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 20/05/2023

Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware
https://thehackernews.com/2023/05/developer-alert-npm-packages-for-nodejs.html

Apple releases fixes for three zero-day exploits in Macs, iPhones
https://malware.news/t/apple-releases-fixes-for-three-zero-day-exploits-in-macs-iphones/69744#post_1

Release 0.2 · PyCript BurpSuite Extension
https://www.reddit.com/r/netsec/comments/13m24d8/release_02_pycript_burpsuite_extension/

Legitimate looking npm packages found hosting TurkoRat infostealer
https://www.csoonline.com/article/3697001/legitimate-looking-npm-packages-found-hosting-turkorat-infostealer.html#tk.rss_all

Fertility app overshared, the FTC alleges. Dunghill ransomware compromises Gentex data.
https://thecyberwire.com/podcasts/privacy-briefing/532/notes

[Control systems] Johnson Controls security advisory (AV23-282)
https://malware.news/t/control-systems-johnson-controls-security-advisory-av23-282/69748#post_1

Fertility app overshared, the FTC alleges. Dunghill ransomware compromises Gentex data.
https://thecyberwire.com/newsletters/privacy-briefing/5/97

Educating Your Board of Directors on Cybersecurity
https://securityintelligence.com/articles/educating-your-board-of-directors-on-cybersecurity/

Dr. Active Directory vs. Mr. Exposed Attack Surface: Who'll Win This Fight?
https://thehackernews.com/2023/05/dr-active-directory-vs-mr-exposed.html

Section 230 remains intact. FTC warns of biometric misuse. Satellite cybersecurity bill advances in the US Senate.
https://thecyberwire.com/newsletters/policy-briefing/5/97


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 21/05/2023

SparkRAT Being Distributed Within a Korean VPN Installer
https://www.reddit.com/r/Malware/comments/13my6l8/sparkrat_being_distributed_within_a_korean_vpn/

Being accused of triggering a ransomware attack...
https://www.reddit.com/r/Malware/comments/13mq3gx/being_accused_of_triggering_a_ransomware_attack/

Old Oracle WebLogic vulnerability leveraged in cryptomining attacks
https://malware.news/t/old-oracle-weblogic-vulnerability-leveraged-in-cryptomining-attacks/69752#post_1

PoC for Decrypting SAP Cloud Connector SSFS: Utilizing 'getRecord' Function to Decrypt SSFS Properties without Information of Encryption Algorithm
https://www.reddit.com/r/netsec/comments/13mwlse/poc_for_decrypting_sap_cloud_connector_ssfs/

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware
https://securityaffairs.com/146465/cyber-crime/fin7-delivering-clop-ransomware.html

Phishing Kit Collecting Victim's IP Address, (Sat, May 20th)
https://malware.news/t/phishing-kit-collecting-victims-ip-address-sat-may-20th/69750#post_1

Who says the perfect heist doesn't exist?
https://thecyberwire.com/podcasts/hacking-humans-goes-to-the-movies/19/notes

SFX Gateway removal
https://www.reddit.com/r/Malware/comments/13mzfmu/sfx_gateway_removal/

Millions of Android devices pre-installed with Guerilla malware
https://malware.news/t/millions-of-android-devices-pre-installed-with-guerilla-malware/69753#post_1

US CISA warns of a Samsung vulnerability under active exploitation
https://securityaffairs.com/146457/security/cisa-warns-samsung-flaw.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 22/05/2023

PyPI Repository temporarily suspends user sign-ups and package uploads due to ongoing attacks
https://securityaffairs.com/146488/cyber-crime/pypi-repository-suspends-sign-ups-package-uploads.html

PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted
https://thehackernews.com/2023/05/pypi-repository-under-attack-user-sign.html

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition
https://securityaffairs.com/146483/breaking-news/security-affairs-newsletter-round-420.html

ISC StormCast for Monday, May 22nd, 2023
https://isc.sans.edu/podcastdetail/8506

Distribution of Remcos RAT Exploiting sqlps.exe Utility of MS-SQL Servers
https://malware.news/t/distribution-of-remcos-rat-exploiting-sqlps-exe-utility-of-ms-sql-servers/69760#post_1

How the ILOVEYOU worm exposed human beings as the Achilles Heel of cybersecurity
https://malware.news/t/how-the-iloveyou-worm-exposed-human-beings-as-the-achilles-heel-of-cybersecurity/69764#post_1

Cybersecurity moneyball: First principles applied to the workforce gap.
https://thecyberwire.com/podcasts/cso-perspectives/104/notes

Another Malicious HTA File Analysis - Part 3, (Sun, May 21st)
https://malware.news/t/another-malicious-hta-file-analysis-part-3-sun-may-21st/69759#post_1

Ransomware with known Registry Persistence
https://www.reddit.com/r/Malware/comments/13nwu1c/ransomware_with_known_registry_persistence/

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer
https://securityaffairs.com/146496/malware/batloader-campaign-impersonates-chatgpt-midjourney.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 23/05/2023

passkey (noun)
https://thecyberwire.com/podcasts/word-notes/149/notes

Verified Twitter Accounts Spread AI-Generated Hoax of Pentagon Explosion
https://www.vice.com/en_us/article/7kx84b/ai-generated-pentagon-explosion-hoax-twitter

US medical center employee abuses access to patient data. New York bank discloses third-party data breach.
https://thecyberwire.com/podcasts/privacy-briefing/533/notes

Critical Security Vulnerability In PowerVM Hypervisor
https://www.reddit.com/r/netsec/comments/13op2gj/critical_security_vulnerability_in_powervm/

ISC Stormcast For Tuesday, May 23rd, 2023 https://isc.sans.edu/podcastdetail/8508, (Tue, May 23rd)
https://isc.sans.edu/diary/rss/29872

ports.sh
https://www.reddit.com/r/netsec/comments/13ooxgk/portssh/

A week in security (May 15-21)
https://www.malwarebytes.com/blog/news/2023/05/a-week-in-security-may-15-21

U.S. Intelligence Building System to Track Mass Movement of People Around the World
https://www.vice.com/en_us/article/88xq54/us-intelligence-building-system-to-track-mass-movement-of-people-around-the-world

Microsoft reports jump in business email compromise activity
https://www.csoonline.com/article/3697152/microsoft-reports-jump-in-business-email-compromise-activity.html#tk.rss_all

I'm looking for a reverse engineer
https://0x00sec.org/t/im-looking-for-a-reverse-engineer/35175


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 24/05/2023

Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach
https://www.csoonline.com/article/3697136/former-uber-cso-joe-sullivan-and-lessons-learned-from-the-infamous-2016-uber-breach.html#tk.rss_all

ISC Stormcast For Wednesday, May 24th, 2023 https://isc.sans.edu/podcastdetail/8510, (Wed, May 24th)
https://malware.news/t/isc-stormcast-for-wednesday-may-24th-2023-https-isc-sans-edu-podcastdetail-8510-wed-may-24th/69856#post_1

Google to pay $40m for "deceptive and unfair" location tracking practices
https://www.malwarebytes.com/blog/news/2023/05/google-out-of-pocket-by-40m-after-location-tracking-lawsuit

March 2023 Deep Web & Dark Web Threat Trend Report
https://malware.news/t/march-2023-deep-web-dark-web-threat-trend-report/69853#post_1

Against the Clock: Cyber Incident Response Plan
https://malware.news/t/against-the-clock-cyber-incident-response-plan/69855#post_1

China Bans U.S. Chip Giant Micron, Citing "Serious Cybersecurity Problems"
https://thehackernews.com/2023/05/china-bans-us-chip-giant-micron-citing.html

Teleport releases Teleport 13 with automatic vulnerability patching, enhanced DevOps security
https://www.csoonline.com/article/3697017/teleport-releases-teleport-13-with-automatic-vulnerability-patching-enhanced-devops-security.html#tk.rss_all

BlackCat Ransomware affiliate uses signed kernel driver to evade detection
https://securityaffairs.com/146536/malware/blackcat-ransomware-uses-kernel-driver.html

ASEC Weekly Malware Statistics (May 15th, 2023 – May 21st, 2023)
https://malware.news/t/asec-weekly-malware-statistics-may-15th-2023-may-21st-2023/69857#post_1

BlackCat ransomware group uses signed kernel driver to evade detection. AhRat exfiltrates files and records audio on Android devices. ChatGPT-themed fleeceware.
https://thecyberwire.com/podcasts/research-briefing/169/notes


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 25/05/2023

N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware
https://thehackernews.com/2023/05/n-korean-lazarus-group-targets.html

Hyatt’s CISO, Intel Briefing, & Third-Party Risk Management with Cyber GRX
https://thecyberwire.com/podcasts/rh-isac/28/notes

Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware
https://thehackernews.com/2023/05/iranian-agrius-hackers-targeting.html

Legion Malware Upgraded to Target SSH Servers and AWS Credentials
https://thehackernews.com/2023/05/legion-malware-upgraded-to-target-ssh.html

What if we had the SockPuppet vulnerability in iOS 16? - Apple Security Research
https://www.reddit.com/r/netsec/comments/13qgujz/what_if_we_had_the_sockpuppet_vulnerability_in/

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535
https://www.reddit.com/r/netsec/comments/13qt3l9/exploring_p4_protocol_usage_implementation_and/

GitHub - avilum/secimport: seccomp Python sandbox, powered by eBPF and Dtrace
https://www.reddit.com/r/netsec/comments/13qfd5x/github_avilumsecimport_seccomp_python_sandbox/

Obsidian ORB Ransomware Demands Gift Cards as Payment
https://malware.news/t/obsidian-orb-ransomware-demands-gift-cards-as-payment/69886#post_1

Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation
https://thehackernews.com/2023/05/cyber-attacks-strike-ukraines-state.html

BlackCat Ransomware Takes Control With New Kernel Driver
https://packetstormsecurity.com/news/view/34651/BlackCat-Ransomware-Takes-Control-With-New-Kernel-Driver.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 26/05/2023

How to check for new exploits in real time? VulnCheck has an answer
https://www.csoonline.com/article/3697749/how-to-check-for-new-exploits-in-real-time-vulncheck-has-an-answer.html#tk.rss_all

6 ways generative AI chatbots and LLMs can enhance cybersecurity
https://www.csoonline.com/article/3697137/6-ways-generative-ai-chatbots-and-llms-can-enhance-cybersecurity.html#tk.rss_all

BrandPost: Adding the operation focus to OT security
https://www.csoonline.com/article/3697730/adding-the-operation-focus-to-ot-security.html#tk.rss_all

Inactive accounts pose significant account takeover security risks
https://www.csoonline.com/article/3696941/inactive-accounts-pose-significant-account-takeover-security-risks.html#tk.rss_all

China's Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected
https://thehackernews.com/2023/05/chinas-stealthy-hackers-infiltrate-us.html

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/

Alert: Brazilian Hackers Targeting Users of Over 30 Portuguese Banks
https://thehackernews.com/2023/05/alert-brazilian-hackers-targeting-users.html

APTs increasingly target SMBs, regional MSPs
https://malware.news/t/apts-increasingly-target-smbs-regional-msps/69931#post_1

"Beautiful Cookie Consent Banner" WordPress plugin vulnerability: Update now!
https://malware.news/t/beautiful-cookie-consent-banner-wordpress-plugin-vulnerability-update-now/69933#post_1

Eating Disorder Helpline Fires Staff, Transitions to Chatbot After Unionization
https://www.vice.com/en_us/article/n7ezkm/eating-disorder-helpline-fires-staff-transitions-to-chatbot-after-unionization


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 27/05/2023

New PowerExchange Backdoor linked to an Iranian APT group
https://securityaffairs.com/146690/apt/powerexchange-backdoor-iran.html

DocuSign-themed email leads to script-based infection, (Sat, May 27th)
https://isc.sans.edu/diary/rss/29888

Kevin Kirkwood, Deputy CISO from LogRhythm, joins to discuss how to overcome extortion attempts.
https://thecyberwire.com/podcasts/interview-selects/160/notes

Zyxel patches two critical vulnerabilities
https://malware.news/t/zyxel-patches-two-critical-vulnerabilities/69958#post_1

2023-05-24 - Bye bye Pikabot... We're back to Qak! (obama264 Qakbot infection)
https://malware.news/t/2023-05-24-bye-bye-pikabot-were-back-to-qak-obama264-qakbot-infection/69957#post_1

CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Updates on Volt Typhoon. Legion malware upgraded for the cloud. Natural-disaster-themed online fraud.
https://thecyberwire.com/podcasts/daily-podcast/1832/notes

Researchers find new ICS malware toolkit designed to cause electric power outages
https://www.csoonline.com/article/3697850/researchers-find-new-ics-malware-toolkit-designed-to-cause-electric-power-outages.html#tk.rss_all

5 Must-Know Facts about 5G Network Security and Its Cloud Benefits
https://thehackernews.com/2023/05/5-must-know-facts-about-5g-network.html

BrandPost: New report reveals tips for building a skilled cybersecurity workforce
https://www.csoonline.com/article/3697790/new-report-reveals-tips-for-building-a-skilled-cybersecurity-workforce.html#tk.rss_all

GCP CloudSQL Vulnerability Leads to Internal Container Access and Data Exposure
https://www.reddit.com/r/netsec/comments/13smejr/gcp_cloudsql_vulnerability_leads_to_internal/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 18/06/2023

How to find industrial control devices
https://0x00sec.org/t/how-to-find-industrial-control-devices/35620

Lorna Mahlock: Build bridges. [Combat support]
https://thecyberwire.com/podcasts/career-notes/154/notes

Reverse Engineering: iOS App Extraction & Analysis
https://www.reddit.com/r/netsec/comments/14bt9qe/reverse_engineering_ios_app_extraction_analysis/

From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet
https://thehackernews.com/2023/06/from-cryptojacking-to-ddos-attacks.html

The Week that Was: US Government discloses exploitation of MOVEit instances. An update on CosmicEnergy: it’s "not an immediate threat." AI-generated phishing attacks. A 2021 ransomware attack put a hospital under financial pressure that caused it to close.
https://thecyberwire.com/newsletters/week-that-was/7/23

CISA SBOM standards efforts stymied by confusion, inertia | TechTarget
https://www.reddit.com/r/netsec/comments/14bz3q5/cisa_sbom_standards_efforts_stymied_by_confusion/

Update: zipdump.py Version 0.0.26
https://malware.news/t/update-zipdump-py-version-0-0-26/70585#post_1

Explainer: Dominion vulnerabilities reported by Halderman
https://www.reddit.com/r/netsec/comments/14c6ep9/explainer_dominion_vulnerabilities_reported_by/

Law enforcement shutdown a long-standing DDoS-for-hire service
https://securityaffairs.com/147564/cyber-crime/ddos-for-eye-service-seized.html

harbian-audit v0.7 releases: security audit and hardening for Debian 12
https://www.reddit.com/r/netsec/comments/14boalg/harbianaudit_v07_releases_security_audit_and/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman