Top Security News for 18/05/2023

Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover
https://thehackernews.com/2023/05/threat-group-unc3944-abusing-azure.html

(Duplicate from /r/redteamsec) Active Directory Spotlight: Attacking The Microsoft Configuration Manager (SCCM/MECM)
https://www.reddit.com/r/netsec/comments/13k0u58/duplicate_from_rredteamsec_active_directory/

Emerging information-stealing malware families examined
https://malware.news/t/emerging-information-stealing-malware-families-examined/69682#post_1

In the wake of layoffs, how to solve the security issues off-boarding creates
https://malware.news/t/in-the-wake-of-layoffs-how-to-solve-the-security-issues-off-boarding-creates/69689#post_1

State-Sponsored Sidewinder Hacker Group's Covert Attack Infrastructure Uncovered
https://thehackernews.com/2023/05/state-sponsored-sidewinder-hacker.html

ISC Stormcast For Thursday, May 18th, 2023 https://isc.sans.edu/podcastdetail/8502, (Thu, May 18th)
https://isc.sans.edu/diary/rss/29856

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack
https://securityaffairs.com/146317/hacking/teltonika-industrial-cellular-routers-flaws.html

“Malverposting” — With Over 500K Estimated Infections, Facebook Ads Fuel This Evolving Stealer Campaign
https://www.reddit.com/r/netsec/comments/13jynqh/malverposting_with_over_500k_estimated_infections/

Shadow API threats, attacks spike
https://malware.news/t/shadow-api-threats-attacks-spike/69686#post_1

Researchers show ways to abuse Microsoft Teams accounts for lateral movement
https://www.csoonline.com/article/3696969/researchers-show-ways-to-abuse-microsoft-teams-accounts-for-lateral-movement.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 19/05/2023

ISC Stormcast For Friday, May 19th, 2023 https://isc.sans.edu/podcastdetail/8504, (Fri, May 19th)
https://isc.sans.edu/diary/rss/29862

Zip domains, a bad idea nobody asked for
https://www.malwarebytes.com/blog/news/2023/05/zip-domains

KeePass vulnerability allows attackers to access the master password
https://www.malwarebytes.com/blog/news/2023/05/keepass-vulnerability-allows-attackers-to-access-the-master-password

Three ways to improve collaborative risk management
https://malware.news/t/three-ways-to-improve-collaborative-risk-management/69726#post_1

Apple Thwarts $2 Billion in App Store Fraud, Rejects 1.7 Million App Submissions
https://thehackernews.com/2023/05/apple-thwarts-2-billion-in-app-store.html

Off-Boarding Cloud Builders and Security Practioners Poses Challenges for Companies With Cloud Environments
https://www.reddit.com/r/netsec/comments/13l5lax/offboarding_cloud_builders_and_security/

OX Security adds ChatGPT plugin for AppSec
https://www.csoonline.com/article/3697148/ox-security-adds-chatgpt-plugin-for-appsec.html#tk.rss_all

OSINT Industries - 180+ modules to do OSINT from an email address, free beta
https://www.reddit.com/r/netsec/comments/13lby3c/osint_industries_180_modules_to_do_osint_from_an/

APT attacks: Exploring Advanced Persistent Threats and their evasive techniques
https://www.malwarebytes.com/blog/business/2023/05/apt-attacks-exploring-advanced-persistent-threats-and-their-evasive-techniques

HEAT and EASM: What to Know About the Top Acronyms at RSA
https://securityintelligence.com/articles/heat-and-easm-what-to-know-top-acronyms-at-rsa/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 20/05/2023

Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware
https://thehackernews.com/2023/05/developer-alert-npm-packages-for-nodejs.html

Apple releases fixes for three zero-day exploits in Macs, iPhones
https://malware.news/t/apple-releases-fixes-for-three-zero-day-exploits-in-macs-iphones/69744#post_1

Release 0.2 · PyCript BurpSuite Extension
https://www.reddit.com/r/netsec/comments/13m24d8/release_02_pycript_burpsuite_extension/

Legitimate looking npm packages found hosting TurkoRat infostealer
https://www.csoonline.com/article/3697001/legitimate-looking-npm-packages-found-hosting-turkorat-infostealer.html#tk.rss_all

Fertility app overshared, the FTC alleges. Dunghill ransomware compromises Gentex data.
https://thecyberwire.com/podcasts/privacy-briefing/532/notes

[Control systems] Johnson Controls security advisory (AV23-282)
https://malware.news/t/control-systems-johnson-controls-security-advisory-av23-282/69748#post_1

Fertility app overshared, the FTC alleges. Dunghill ransomware compromises Gentex data.
https://thecyberwire.com/newsletters/privacy-briefing/5/97

Educating Your Board of Directors on Cybersecurity
https://securityintelligence.com/articles/educating-your-board-of-directors-on-cybersecurity/

Dr. Active Directory vs. Mr. Exposed Attack Surface: Who'll Win This Fight?
https://thehackernews.com/2023/05/dr-active-directory-vs-mr-exposed.html

Section 230 remains intact. FTC warns of biometric misuse. Satellite cybersecurity bill advances in the US Senate.
https://thecyberwire.com/newsletters/policy-briefing/5/97


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 21/05/2023

SparkRAT Being Distributed Within a Korean VPN Installer
https://www.reddit.com/r/Malware/comments/13my6l8/sparkrat_being_distributed_within_a_korean_vpn/

Being accused of triggering a ransomware attack...
https://www.reddit.com/r/Malware/comments/13mq3gx/being_accused_of_triggering_a_ransomware_attack/

Old Oracle WebLogic vulnerability leveraged in cryptomining attacks
https://malware.news/t/old-oracle-weblogic-vulnerability-leveraged-in-cryptomining-attacks/69752#post_1

PoC for Decrypting SAP Cloud Connector SSFS: Utilizing 'getRecord' Function to Decrypt SSFS Properties without Information of Encryption Algorithm
https://www.reddit.com/r/netsec/comments/13mwlse/poc_for_decrypting_sap_cloud_connector_ssfs/

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware
https://securityaffairs.com/146465/cyber-crime/fin7-delivering-clop-ransomware.html

Phishing Kit Collecting Victim's IP Address, (Sat, May 20th)
https://malware.news/t/phishing-kit-collecting-victims-ip-address-sat-may-20th/69750#post_1

Who says the perfect heist doesn't exist?
https://thecyberwire.com/podcasts/hacking-humans-goes-to-the-movies/19/notes

SFX Gateway removal
https://www.reddit.com/r/Malware/comments/13mzfmu/sfx_gateway_removal/

Millions of Android devices pre-installed with Guerilla malware
https://malware.news/t/millions-of-android-devices-pre-installed-with-guerilla-malware/69753#post_1

US CISA warns of a Samsung vulnerability under active exploitation
https://securityaffairs.com/146457/security/cisa-warns-samsung-flaw.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 22/05/2023

PyPI Repository temporarily suspends user sign-ups and package uploads due to ongoing attacks
https://securityaffairs.com/146488/cyber-crime/pypi-repository-suspends-sign-ups-package-uploads.html

PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted
https://thehackernews.com/2023/05/pypi-repository-under-attack-user-sign.html

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition
https://securityaffairs.com/146483/breaking-news/security-affairs-newsletter-round-420.html

ISC StormCast for Monday, May 22nd, 2023
https://isc.sans.edu/podcastdetail/8506

Distribution of Remcos RAT Exploiting sqlps.exe Utility of MS-SQL Servers
https://malware.news/t/distribution-of-remcos-rat-exploiting-sqlps-exe-utility-of-ms-sql-servers/69760#post_1

How the ILOVEYOU worm exposed human beings as the Achilles Heel of cybersecurity
https://malware.news/t/how-the-iloveyou-worm-exposed-human-beings-as-the-achilles-heel-of-cybersecurity/69764#post_1

Cybersecurity moneyball: First principles applied to the workforce gap.
https://thecyberwire.com/podcasts/cso-perspectives/104/notes

Another Malicious HTA File Analysis - Part 3, (Sun, May 21st)
https://malware.news/t/another-malicious-hta-file-analysis-part-3-sun-may-21st/69759#post_1

Ransomware with known Registry Persistence
https://www.reddit.com/r/Malware/comments/13nwu1c/ransomware_with_known_registry_persistence/

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer
https://securityaffairs.com/146496/malware/batloader-campaign-impersonates-chatgpt-midjourney.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 23/05/2023

passkey (noun)
https://thecyberwire.com/podcasts/word-notes/149/notes

Verified Twitter Accounts Spread AI-Generated Hoax of Pentagon Explosion
https://www.vice.com/en_us/article/7kx84b/ai-generated-pentagon-explosion-hoax-twitter

US medical center employee abuses access to patient data. New York bank discloses third-party data breach.
https://thecyberwire.com/podcasts/privacy-briefing/533/notes

Critical Security Vulnerability In PowerVM Hypervisor
https://www.reddit.com/r/netsec/comments/13op2gj/critical_security_vulnerability_in_powervm/

ISC Stormcast For Tuesday, May 23rd, 2023 https://isc.sans.edu/podcastdetail/8508, (Tue, May 23rd)
https://isc.sans.edu/diary/rss/29872

ports.sh
https://www.reddit.com/r/netsec/comments/13ooxgk/portssh/

A week in security (May 15-21)
https://www.malwarebytes.com/blog/news/2023/05/a-week-in-security-may-15-21

U.S. Intelligence Building System to Track Mass Movement of People Around the World
https://www.vice.com/en_us/article/88xq54/us-intelligence-building-system-to-track-mass-movement-of-people-around-the-world

Microsoft reports jump in business email compromise activity
https://www.csoonline.com/article/3697152/microsoft-reports-jump-in-business-email-compromise-activity.html#tk.rss_all

I'm looking for a reverse engineer
https://0x00sec.org/t/im-looking-for-a-reverse-engineer/35175


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 24/05/2023

Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach
https://www.csoonline.com/article/3697136/former-uber-cso-joe-sullivan-and-lessons-learned-from-the-infamous-2016-uber-breach.html#tk.rss_all

ISC Stormcast For Wednesday, May 24th, 2023 https://isc.sans.edu/podcastdetail/8510, (Wed, May 24th)
https://malware.news/t/isc-stormcast-for-wednesday-may-24th-2023-https-isc-sans-edu-podcastdetail-8510-wed-may-24th/69856#post_1

Google to pay $40m for "deceptive and unfair" location tracking practices
https://www.malwarebytes.com/blog/news/2023/05/google-out-of-pocket-by-40m-after-location-tracking-lawsuit

March 2023 Deep Web & Dark Web Threat Trend Report
https://malware.news/t/march-2023-deep-web-dark-web-threat-trend-report/69853#post_1

Against the Clock: Cyber Incident Response Plan
https://malware.news/t/against-the-clock-cyber-incident-response-plan/69855#post_1

China Bans U.S. Chip Giant Micron, Citing "Serious Cybersecurity Problems"
https://thehackernews.com/2023/05/china-bans-us-chip-giant-micron-citing.html

Teleport releases Teleport 13 with automatic vulnerability patching, enhanced DevOps security
https://www.csoonline.com/article/3697017/teleport-releases-teleport-13-with-automatic-vulnerability-patching-enhanced-devops-security.html#tk.rss_all

BlackCat Ransomware affiliate uses signed kernel driver to evade detection
https://securityaffairs.com/146536/malware/blackcat-ransomware-uses-kernel-driver.html

ASEC Weekly Malware Statistics (May 15th, 2023 – May 21st, 2023)
https://malware.news/t/asec-weekly-malware-statistics-may-15th-2023-may-21st-2023/69857#post_1

BlackCat ransomware group uses signed kernel driver to evade detection. AhRat exfiltrates files and records audio on Android devices. ChatGPT-themed fleeceware.
https://thecyberwire.com/podcasts/research-briefing/169/notes


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 25/05/2023

N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware
https://thehackernews.com/2023/05/n-korean-lazarus-group-targets.html

Hyatt’s CISO, Intel Briefing, & Third-Party Risk Management with Cyber GRX
https://thecyberwire.com/podcasts/rh-isac/28/notes

Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware
https://thehackernews.com/2023/05/iranian-agrius-hackers-targeting.html

Legion Malware Upgraded to Target SSH Servers and AWS Credentials
https://thehackernews.com/2023/05/legion-malware-upgraded-to-target-ssh.html

What if we had the SockPuppet vulnerability in iOS 16? - Apple Security Research
https://www.reddit.com/r/netsec/comments/13qgujz/what_if_we_had_the_sockpuppet_vulnerability_in/

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535
https://www.reddit.com/r/netsec/comments/13qt3l9/exploring_p4_protocol_usage_implementation_and/

GitHub - avilum/secimport: seccomp Python sandbox, powered by eBPF and Dtrace
https://www.reddit.com/r/netsec/comments/13qfd5x/github_avilumsecimport_seccomp_python_sandbox/

Obsidian ORB Ransomware Demands Gift Cards as Payment
https://malware.news/t/obsidian-orb-ransomware-demands-gift-cards-as-payment/69886#post_1

Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation
https://thehackernews.com/2023/05/cyber-attacks-strike-ukraines-state.html

BlackCat Ransomware Takes Control With New Kernel Driver
https://packetstormsecurity.com/news/view/34651/BlackCat-Ransomware-Takes-Control-With-New-Kernel-Driver.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 26/05/2023

How to check for new exploits in real time? VulnCheck has an answer
https://www.csoonline.com/article/3697749/how-to-check-for-new-exploits-in-real-time-vulncheck-has-an-answer.html#tk.rss_all

6 ways generative AI chatbots and LLMs can enhance cybersecurity
https://www.csoonline.com/article/3697137/6-ways-generative-ai-chatbots-and-llms-can-enhance-cybersecurity.html#tk.rss_all

BrandPost: Adding the operation focus to OT security
https://www.csoonline.com/article/3697730/adding-the-operation-focus-to-ot-security.html#tk.rss_all

Inactive accounts pose significant account takeover security risks
https://www.csoonline.com/article/3696941/inactive-accounts-pose-significant-account-takeover-security-risks.html#tk.rss_all

China's Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected
https://thehackernews.com/2023/05/chinas-stealthy-hackers-infiltrate-us.html

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/

Alert: Brazilian Hackers Targeting Users of Over 30 Portuguese Banks
https://thehackernews.com/2023/05/alert-brazilian-hackers-targeting-users.html

APTs increasingly target SMBs, regional MSPs
https://malware.news/t/apts-increasingly-target-smbs-regional-msps/69931#post_1

"Beautiful Cookie Consent Banner" WordPress plugin vulnerability: Update now!
https://malware.news/t/beautiful-cookie-consent-banner-wordpress-plugin-vulnerability-update-now/69933#post_1

Eating Disorder Helpline Fires Staff, Transitions to Chatbot After Unionization
https://www.vice.com/en_us/article/n7ezkm/eating-disorder-helpline-fires-staff-transitions-to-chatbot-after-unionization


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 27/05/2023

New PowerExchange Backdoor linked to an Iranian APT group
https://securityaffairs.com/146690/apt/powerexchange-backdoor-iran.html

DocuSign-themed email leads to script-based infection, (Sat, May 27th)
https://isc.sans.edu/diary/rss/29888

Kevin Kirkwood, Deputy CISO from LogRhythm, joins to discuss how to overcome extortion attempts.
https://thecyberwire.com/podcasts/interview-selects/160/notes

Zyxel patches two critical vulnerabilities
https://malware.news/t/zyxel-patches-two-critical-vulnerabilities/69958#post_1

2023-05-24 - Bye bye Pikabot... We're back to Qak! (obama264 Qakbot infection)
https://malware.news/t/2023-05-24-bye-bye-pikabot-were-back-to-qak-obama264-qakbot-infection/69957#post_1

CosmicEnergy: OT and ICS malware from Russia, maybe for red teaming. Updates on Volt Typhoon. Legion malware upgraded for the cloud. Natural-disaster-themed online fraud.
https://thecyberwire.com/podcasts/daily-podcast/1832/notes

Researchers find new ICS malware toolkit designed to cause electric power outages
https://www.csoonline.com/article/3697850/researchers-find-new-ics-malware-toolkit-designed-to-cause-electric-power-outages.html#tk.rss_all

5 Must-Know Facts about 5G Network Security and Its Cloud Benefits
https://thehackernews.com/2023/05/5-must-know-facts-about-5g-network.html

BrandPost: New report reveals tips for building a skilled cybersecurity workforce
https://www.csoonline.com/article/3697790/new-report-reveals-tips-for-building-a-skilled-cybersecurity-workforce.html#tk.rss_all

GCP CloudSQL Vulnerability Leads to Internal Container Access and Data Exposure
https://www.reddit.com/r/netsec/comments/13smejr/gcp_cloudsql_vulnerability_leads_to_internal/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 18/06/2023

How to find industrial control devices
https://0x00sec.org/t/how-to-find-industrial-control-devices/35620

Lorna Mahlock: Build bridges. [Combat support]
https://thecyberwire.com/podcasts/career-notes/154/notes

Reverse Engineering: iOS App Extraction & Analysis
https://www.reddit.com/r/netsec/comments/14bt9qe/reverse_engineering_ios_app_extraction_analysis/

From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet
https://thehackernews.com/2023/06/from-cryptojacking-to-ddos-attacks.html

The Week that Was: US Government discloses exploitation of MOVEit instances. An update on CosmicEnergy: it’s "not an immediate threat." AI-generated phishing attacks. A 2021 ransomware attack put a hospital under financial pressure that caused it to close.
https://thecyberwire.com/newsletters/week-that-was/7/23

CISA SBOM standards efforts stymied by confusion, inertia | TechTarget
https://www.reddit.com/r/netsec/comments/14bz3q5/cisa_sbom_standards_efforts_stymied_by_confusion/

Update: zipdump.py Version 0.0.26
https://malware.news/t/update-zipdump-py-version-0-0-26/70585#post_1

Explainer: Dominion vulnerabilities reported by Halderman
https://www.reddit.com/r/netsec/comments/14c6ep9/explainer_dominion_vulnerabilities_reported_by/

Law enforcement shutdown a long-standing DDoS-for-hire service
https://securityaffairs.com/147564/cyber-crime/ddos-for-eye-service-seized.html

harbian-audit v0.7 releases: security audit and hardening for Debian 12
https://www.reddit.com/r/netsec/comments/14boalg/harbianaudit_v07_releases_security_audit_and/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 19/06/2023

Soft DDOS technique to bypass Play Store security measures
https://www.reddit.com/r/netsec/comments/14baa2t/soft_ddos_technique_to_bypass_play_store_security/

PentestGPT, a gpt-powered penetration testing tool, open source
https://www.reddit.com/r/netsec/comments/14d25yr/pentestgpt_a_gptpowered_penetration_testing_tool/

Brute-Force ZIP Password Cracking with zipdump.py, (Sun, Jun 18th)
https://isc.sans.edu/diary/rss/29948

US govt offers $10 million bounty for info linking Clop ransomware gang to a foreign government.
https://securityaffairs.com/147577/cyber-crime/clop-ransomware-reward.html

Three attacks against geth-based Ethereum clients: "Speculative Denial-of-Service Attacks in Ethereum"
https://www.reddit.com/r/netsec/comments/14che5g/three_attacks_against_gethbased_ethereum_clients/

How to create an hacking lab on apple silicon
https://www.reddit.com/r/netsec/comments/14cim3p/how_to_create_an_hacking_lab_on_apple_silicon/

Microsoft: June Outlook and cloud platform outages were caused by DDoS
https://securityaffairs.com/147605/hacking/microsoft-outages-ddos.html

Need advice on unpacking .dll
https://0x00sec.org/t/need-advice-on-unpacking-dll/35635

CrowdStrike Automates Zero-Day Malware Classification | CrowdStrike
https://www.reddit.com/r/Malware/comments/14cdvyy/crowdstrike_automates_zeroday_malware/

Easiest Way to learn the WinAPI for Malware (Embedding Shellcode)
https://www.reddit.com/r/Malware/comments/14cswu8/easiest_way_to_learn_the_winapi_for_malware/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 20/06/2023

CISA (noun)
https://thecyberwire.com/podcasts/word-notes/153/notes

Finding the Nirvana of information access control or something like it
https://www.csoonline.com/article/3699397/finding-the-nirvana-of-information-access-control-or-something-like-it.html#tk.rss_all

US dangles $10 million reward for information about Cl0p ransomware gang
https://www.malwarebytes.com/blog/news/2023/06/rewards-up-to-10-million-for-information-about-cl0p-ransomware-operation

A week in security (June 12 - 18)
https://malware.news/t/a-week-in-security-june-12-18/70614#post_1

Expanding horizons—Microsoft Security’s continued commitment to multicloud
https://www.microsoft.com/en-us/security/blog/2023/06/14/expanding-horizons-microsoft-securitys-continued-commitment-to-multicloud/

ISC Stormcast For Tuesday, June 20th, 2023 https://isc.sans.edu/podcastdetail/8544, (Tue, Jun 20th)
https://malware.news/t/isc-stormcast-for-tuesday-june-20th-2023-https-isc-sans-edu-podcastdetail-8544-tue-jun-20th/70617#post_1

UK set to ramp up citizen surveillance program
https://malware.news/t/uk-set-to-ramp-up-citizen-surveillance-program/70620#post_1

8 notable entry-level cybersecurity career and skills initiatives in 2023
https://www.csoonline.com/article/3699668/8-notable-entry-level-cybersecurity-career-and-skills-initiatives-in-2023.html#tk.rss_all

EU member states are urged to restrict without delay 5G equipment from risky suppliers
https://securityaffairs.com/147617/laws-and-regulations/eu-restrict-5g-risky-suppliers.html

Hacktivist group Anonymous Sudan a ‘bear in wolf’s clothing’
https://malware.news/t/hacktivist-group-anonymous-sudan-a-bear-in-wolf-s-clothing/70618#post_1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 21/06/2023

CISO stress levels are out of control
https://malware.news/t/ciso-stress-levels-are-out-of-control/70676#post_1

NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/20-06-2023

Black Cat ransomware group wants $4.5m from Reddit or will leak stolen files
https://www.malwarebytes.com/blog/news/2023/06/black-cat-ransomware-group-wants-4-5m-from-reddit-or-will-leak-stolen-files

RedEyes Group Wiretapping Individuals (APT37)
https://malware.news/t/redeyes-group-wiretapping-individuals-apt37/70678#post_1

Western Digital blocks unpatched My Cloud devices
https://www.csoonline.com/article/3700050/western-digital-blocks-unpatched-my-cloud-devices.html#tk.rss_all

Leaking secrets through caching with Bunny CDN
https://www.reddit.com/r/netsec/comments/14edbp3/leaking_secrets_through_caching_with_bunny_cdn/

Reddit sees bad luck as a BlackCat attack crosses their path. The C2C market is more mystical nowadays. Hacktivist auxiliaries and false flags in the hybrid war.
https://thecyberwire.com/podcasts/daily-podcast/1847/notes

Keep it simple, Scanner
https://portswigger.net/blog/keep-it-simple-scanner

CYBER: Big Tech Wants You to Think AI Will Kill Us All
https://www.vice.com/en_us/article/wxjjay/cyber-big-tech-wants-you-to-think-ai-will-kill-us-all

Two US universities added to Cl0p's target list. The dangers of using public Wi-Fi.
https://thecyberwire.com/podcasts/privacy-briefing/852/notes


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 22/06/2023

Using Threat Intelligence to Counter Ransomware
https://malware.news/t/using-threat-intelligence-to-counter-ransomware/70718#post_1

Targeting Core OPC UA Components
https://www.reddit.com/r/netsec/comments/14f7822/targeting_core_opc_ua_components/

Risky chat applications.
https://thecyberwire.com/podcasts/hacking-humans/248/notes

BrandPost: Reducing Cyber Risks by Upskilling Your Security Talent
https://www.csoonline.com/article/3700648/reducing-cyber-risks-by-upskilling-your-security-talent.html#tk.rss_all

Apple patches exploited zero-days
https://malware.news/t/apple-patches-exploited-zero-days/70719#post_1

Android Malware on the Rise – A case study of AhMyth RAT
https://www.reddit.com/r/netsec/comments/14f8ix2/android_malware_on_the_rise_a_case_study_of/

GitHub Dataset Reveals Millions Potentially Vulnerable to RepoJacking
https://www.reddit.com/r/netsec/comments/14famln/github_dataset_reveals_millions_potentially/

extsyncrequest.com unknown
https://www.reddit.com/r/Malware/comments/14fh6ig/extsyncrequestcom_unknown/

ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks
https://thehackernews.com/2023/06/scarcruft-hackers-exploit-ably-service.html

Alert! Hackers Exploiting Critical Vulnerability in VMware's Aria Operations Networks
https://thehackernews.com/2023/06/alert-hackers-exploiting-critical.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 23/06/2023

Secfault Security - LibreOffice Arbitrary File Write (CVE-2023-1883)
https://www.reddit.com/r/netsec/comments/14fwsfz/secfault_security_libreoffice_arbitrary_file/

Apple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari, (Thu, Jun 22nd)
https://isc.sans.edu/diary/rss/29972

UPS warns customers of phishing attempts after data accessed
https://www.malwarebytes.com/blog/news/2023/06/ups-warns-customers-of-phishing-attempts-after-data-accessed

Hybrid Microsoft network/cloud legacy settings may impact your future security posture
https://www.csoonline.com/article/3700529/hybrid-microsoft-network-cloud-legacy-settings-may-impact-your-future-security-posture.html#tk.rss_all

Word Document with an Online Attached Template, (Fri, Jun 23rd)
https://isc.sans.edu/diary/rss/29976

Callisto - Automated Binary Vulnerability Discovery Tool
https://www.reddit.com/r/netsec/comments/14fvrzh/callisto_automated_binary_vulnerability_discovery/

Reducing your attack surface is more effective than playing patch-a-mole
https://www.malwarebytes.com/blog/news/2023/06/reducing-your-attack-surface-is-more-effective-than-playing-patch-a-mole

6 tips for a cybersecure honeymoon
https://www.malwarebytes.com/blog/personal/2023/06/6-tips-for-a-cybersecure-honeymoon

Need Help Identifying this Malware
https://www.reddit.com/r/Malware/comments/14em9zf/need_help_identifying_this_malware/

Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023
https://www.malwarebytes.com/blog/business/2023/06/malwarebytes-only-vendor-to-win-every-mrg-effitas-certification-award-in-2022


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 24/06/2023

US, India subjected to phishing attacks with RATs
https://malware.news/t/us-india-subjected-to-phishing-attacks-with-rats/70807#post_1

Fortinet fixes critical RCE flaw in FortiNAC zero-trust product
https://malware.news/t/fortinet-fixes-critical-rce-flaw-in-fortinac-zero-trust-product/70806#post_1

Emergency review of Japan's My Number cards. CalPERS and CalSTRS hit by third-party MOVEit breach. Extortionists threaten to expose plastic surgery photos.
https://thecyberwire.com/newsletters/privacy-briefing/5/120

JavaScript Dropper Delivers Bumblebee And IcedID Malware
https://packetstormsecurity.com/news/view/34748/JavaScript-Dropper-Delivers-Bumblebee-And-IcedID-Malware.html

A brief summary about a SSTI to RCE in Bagisto
https://www.reddit.com/r/netsec/comments/14gvrkp/a_brief_summary_about_a_ssti_to_rce_in_bagisto/

VMware fixed five memory corruption issues in vCenter Server
https://securityaffairs.com/147774/hacking/vmware-vcenter-server-memory-corruption-bugs.html

New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices
https://thehackernews.com/2023/06/new-cryptocurrency-mining-campaign.html

The Week that Was: 6.24.23
https://thecyberwire.com/newsletters/week-that-was/7/24

Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware
https://thehackernews.com/2023/06/powerful-javascript-dropper-pindos.html

Karen Worstell from VMware discusses technical debt.
https://thecyberwire.com/podcasts/interview-selects/164/notes


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 25/06/2023

Someone is sending mysterious smartwatches to the US Military personnel
https://securityaffairs.com/147788/intelligence/unsolicited-smartwatches-us-army.html

Email Spam with Attachment Modiloader, (Sat, Jun 24th)
https://malware.news/t/email-spam-with-attachment-modiloader-sat-jun-24th/70813#post_1

DFIR Core Principles
https://malware.news/t/dfir-core-principles/70812#post_1

Ukraine at D+485: “We are dying for the Russian people.”
https://thecyberwire.com/stories/bf07fd1eec87497a88e1a7704c42bce6/ukraine-at-d487

Slavik Markovich: Time is of the essence. [CEO]
https://thecyberwire.com/podcasts/career-notes/155/notes

Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam
https://thehackernews.com/2023/06/twitter-hacker-sentenced-to-5-years-in.html

Google pledges $20M for cyber clinic expansion
https://malware.news/t/google-pledges-20m-for-cyber-clinic-expansion/70810#post_1

NYC DOE Hacked.
https://www.reddit.com/r/Malware/comments/14i6eab/nyc_doe_hacked/

Email Spam with Attachment Modiloader, (Sat, Jun 24th)
https://isc.sans.edu/diary/rss/29978

U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog
https://thehackernews.com/2023/06/us-cybersecurity-agency-adds-6-flaws-to.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 26/06/2023

Cybersecurity Is a Social, Policy, and Wicked Problem
https://taosecurity.blogspot.com/2023/06/cybersecurity-is-social-policy-and.html

Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition
https://securityaffairs.com/147797/breaking-news/security-affairs-newsletter-round-425-by-pierluigi-paganini-international-edition.html

Ukraine at D+486: The march on Moscow is over.
https://thecyberwire.com/stories/8de9e9d7525146818e428fcc90c3f1fe/ukraine-at-d486

BSides Athens 2023 Wrap-Up
https://blog.rootshell.be/2023/06/25/bsides-athens-2023-wrap-up/

Bejtlich Skills and Interest Radar from July 2005
https://taosecurity.blogspot.com/2023/06/bejtlich-skills-and-interest-radar-from.html

Five ways to get the board to think more seriously about OT security
https://malware.news/t/five-ways-to-get-the-board-to-think-more-seriously-about-ot-security/70817#post_1

ISC StormCast for Monday, June 26th, 2023
https://isc.sans.edu/podcastdetail/8550

My Last Email with W. Richard Stevens
https://taosecurity.blogspot.com/2023/06/my-last-email-with-w-richard-stevens.html

HWL Ebsworth hack: sensitive information from dozens of government agencies may be compromised
https://www.theguardian.com/australia-news/2023/jun/26/hwl-ebsworth-hack-sensitive-information-from-dozens-of-government-agencies-may-be-compromised

Core Writing Word and Page Counts
https://taosecurity.blogspot.com/2023/06/core-writing-word-and-page-counts.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 27/06/2023

How CISOs can balance the risks and benefits of AI
https://www.csoonline.com/article/3700152/the-challenge-of-balancing-risks-and-benefits-of-ai-for-cisos.html#tk.rss_all

OpenSSH trojan campaign targets Linux systems and IoT devices
https://www.malwarebytes.com/blog/news/2023/06/openssh-trojan-campaign-targets-linux-systems-and-iot-devices

All About PowerShell Attacks: The No. 1 ATT&CK Technique
https://securityintelligence.com/articles/all-about-powershell-attacks/

2023-06-23 - 30 days of Formbook: Day 19, Friday 2023-06-23 - "P1A4"
https://malware.news/t/2023-06-23-30-days-of-formbook-day-19-friday-2023-06-23-p1a4/70854#post_1

The Importance of Malware Triage, (Tue, Jun 27th)
https://malware.news/t/the-importance-of-malware-triage-tue-jun-27th/70857#post_1

How cybercrime is impacting SMBs in 2023
https://securelist.com/smb-threat-report-2023/110097/

How Generative AI Can Dupe SaaS Authentication Protocols — And Effective Ways To Prevent Other Key AI Risks in SaaS
https://thehackernews.com/2023/06/how-generative-ai-can-dupe-saas.html

9 basic security tips for seniors
https://www.malwarebytes.com/blog/news/2023/06/9-basic-security-tips-for-seniors

The Importance of Malware Triage, (Tue, Jun 27th)
https://isc.sans.edu/diary/rss/29984

BrandPost: What is the key to optimized DevSecOps?
https://www.csoonline.com/article/3700611/what-is-the-key-to-optimized-devsecops.html#tk.rss_all


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 28/06/2023

Mockingjay process injection technique allows EDR bypass
https://securityaffairs.com/147887/hacking/mockingjay-process-injection-technique.html

Why endpoint management is key to securing an AI-powered future
https://www.microsoft.com/en-us/security/blog/2023/06/26/why-endpoint-management-is-key-to-securing-an-ai-powered-future/

New Mockingjay Process Injection Technique Could Let Malware Evade Detection
https://thehackernews.com/2023/06/new-mockingjay-process-injection.html

Time and Expectations
https://dale-peterson.com/2023/06/27/time-and-expectations/?utm_source=rss&utm_medium=rss&utm_campaign=time-and-expectations

Securing the Store of the Future & Intel Briefing
https://thecyberwire.com/podcasts/rh-isac/30/notes

ISC StormCast for Wednesday, June 28th, 2023
https://isc.sans.edu/podcastdetail/8554

Survey reveals mass concern over generative AI security risks
https://www.csoonline.com/article/3700613/survey-reveals-mass-concern-over-generative-ai-security-risks.html#tk.rss_all

Siemens Energy, UCLA Latest Confirmed Victims In MOVEit Hack
https://packetstormsecurity.com/news/view/34756/Siemens-Energy-UCLA-Latest-Confirmed-Victims-In-MOVEit-Hack.html

SupremeBot and Mario cross the finish line together
https://www.malwarebytes.com/blog/news/2023/06/supremebot-and-mario-cross-the-finish-line-together

Prominent Cryptocurrency Exchange Infected With Previously Unseen Mac Malware
https://packetstormsecurity.com/news/view/34757/Prominent-Cryptocurrency-Exchange-Infected-With-Previously-Unseen-Mac-Malware.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman