Top Security News for 29/06/2023
Andariel’s silly mistakes and a new malware family
https://securelist.com/lazarus-andariel-mistakes-and-easyrat/110119/
The spy becomes the spied-upon. Genworth Financial suffers third-party data breach. Siemens and UCLA become latest victims of MOVEit bug.
https://thecyberwire.com/podcasts/privacy-briefing/858/notes
8Base Ransomware Spikes in Activity, Threatens U.S. and Brazilian Businesses
https://thehackernews.com/2023/06/8base-ransomware-spikes-in-activity.html
Critical cyber threats persist on federal networks despite recent directives
https://malware.news/t/critical-cyber-threats-persist-on-federal-networks-despite-recent-directives/70936#post_1
Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution
https://thehackernews.com/2023/06/critical-sql-injection-flaws-expose.html
A Software Bill of Materials Helps Secure Your Supply Chain
https://securityintelligence.com/posts/a-software-bill-of-materials-helps-secure-your-supply-chain/
Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control
https://thehackernews.com/2023/06/alert-new-electromagnetic-attacks-on.html
Log-in lookout: Verosint CTO details how adaptive identity proofing curbs account fraud
https://malware.news/t/log-in-lookout-verosint-cto-details-how-adaptive-identity-proofing-curbs-account-fraud/70935#post_1
Andariel’s silly mistakes and a new malware family
https://securelist.com/lazarus-andariel-mistakes-and-easyrat/110119/
High-severity Chrome vulnerabilities addressed
https://malware.news/t/high-severity-chrome-vulnerabilities-addressed/70932#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Andariel’s silly mistakes and a new malware family
https://securelist.com/lazarus-andariel-mistakes-and-easyrat/110119/
The spy becomes the spied-upon. Genworth Financial suffers third-party data breach. Siemens and UCLA become latest victims of MOVEit bug.
https://thecyberwire.com/podcasts/privacy-briefing/858/notes
8Base Ransomware Spikes in Activity, Threatens U.S. and Brazilian Businesses
https://thehackernews.com/2023/06/8base-ransomware-spikes-in-activity.html
Critical cyber threats persist on federal networks despite recent directives
https://malware.news/t/critical-cyber-threats-persist-on-federal-networks-despite-recent-directives/70936#post_1
Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution
https://thehackernews.com/2023/06/critical-sql-injection-flaws-expose.html
A Software Bill of Materials Helps Secure Your Supply Chain
https://securityintelligence.com/posts/a-software-bill-of-materials-helps-secure-your-supply-chain/
Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control
https://thehackernews.com/2023/06/alert-new-electromagnetic-attacks-on.html
Log-in lookout: Verosint CTO details how adaptive identity proofing curbs account fraud
https://malware.news/t/log-in-lookout-verosint-cto-details-how-adaptive-identity-proofing-curbs-account-fraud/70935#post_1
Andariel’s silly mistakes and a new malware family
https://securelist.com/lazarus-andariel-mistakes-and-easyrat/110119/
High-severity Chrome vulnerabilities addressed
https://malware.news/t/high-severity-chrome-vulnerabilities-addressed/70932#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
Kaspersky crimeware report: Andariel’s mistakes and EasyRat malware
In this crimeware report, Kaspersky researchers provide insights into Andariel’s activity targeting organizations: clumsy commands executed manually, off-the-shelf tools and EasyRat malware.
👍1
Top Security News for 30/06/2023
Log Centralization: The End Is Nigh?
https://medium.com/anton-on-security/log-centralization-the-end-is-nigh-b28efaa98379?source=rss----8e8c3ed26c4c---4
Top contenders in Endpoint Security revealed: G2 Summer 2023 results
https://www.malwarebytes.com/blog/business/2023/06/top-contenders-in-endpoint-security-revealed-g2-summer-2023-results
Malware Execution Method Using DNS TXT Record
https://malware.news/t/malware-execution-method-using-dns-txt-record/70981#post_1
2023-06-29 - 30 days of Formbook: Day 25, Thursday 2023-06-29 - "CS94"
https://malware.news/t/2023-06-29-30-days-of-formbook-day-25-thursday-2023-06-29-cs94/70978#post_1
Hacking Auto-GPT and escaping its docker container
https://www.reddit.com/r/netsec/comments/14m6uv9/hacking_autogpt_and_escaping_its_docker_container/
Webcrawlers copying my site
https://0x00sec.org/t/webcrawlers-copying-my-site/35803
New developments in the ransomware threat. Lazarus needs some AI? Charming Kitten spearphishes. Updates from the hybrid war.
https://thecyberwire.com/newsletters/daily-briefing/12/124
ISC Stormcast For Friday, June 30th, 2023 https://isc.sans.edu/podcastdetail/8558, (Fri, Jun 30th)
https://isc.sans.edu/diary/rss/29996
NoMoreCookies: Protection against stealers/rats
https://www.reddit.com/r/netsec/comments/14mmkok/nomorecookies_protection_against_stealersrats/
Discover the Power of OSINT: 350+ Integrated Tools for Passive Online Investigation and Analysis
https://www.reddit.com/r/netsec/comments/14lwi38/discover_the_power_of_osint_350_integrated_tools/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Log Centralization: The End Is Nigh?
https://medium.com/anton-on-security/log-centralization-the-end-is-nigh-b28efaa98379?source=rss----8e8c3ed26c4c---4
Top contenders in Endpoint Security revealed: G2 Summer 2023 results
https://www.malwarebytes.com/blog/business/2023/06/top-contenders-in-endpoint-security-revealed-g2-summer-2023-results
Malware Execution Method Using DNS TXT Record
https://malware.news/t/malware-execution-method-using-dns-txt-record/70981#post_1
2023-06-29 - 30 days of Formbook: Day 25, Thursday 2023-06-29 - "CS94"
https://malware.news/t/2023-06-29-30-days-of-formbook-day-25-thursday-2023-06-29-cs94/70978#post_1
Hacking Auto-GPT and escaping its docker container
https://www.reddit.com/r/netsec/comments/14m6uv9/hacking_autogpt_and_escaping_its_docker_container/
Webcrawlers copying my site
https://0x00sec.org/t/webcrawlers-copying-my-site/35803
New developments in the ransomware threat. Lazarus needs some AI? Charming Kitten spearphishes. Updates from the hybrid war.
https://thecyberwire.com/newsletters/daily-briefing/12/124
ISC Stormcast For Friday, June 30th, 2023 https://isc.sans.edu/podcastdetail/8558, (Fri, Jun 30th)
https://isc.sans.edu/diary/rss/29996
NoMoreCookies: Protection against stealers/rats
https://www.reddit.com/r/netsec/comments/14mmkok/nomorecookies_protection_against_stealersrats/
Discover the Power of OSINT: 350+ Integrated Tools for Passive Online Investigation and Analysis
https://www.reddit.com/r/netsec/comments/14lwi38/discover_the_power_of_osint_350_integrated_tools/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Medium
Log Centralization: The End Is Nigh?
So I woke up the other day [A.C. — well, the other year as this blog has lingered] with the scary thought: what if we will run out of the…
Top Security News for 01/07/2023
The Week that Was: Vulcan’s Q2 2023 Vulnerability Watch report details notable issues. Russia's hybrid war against Ukraine: lessons learned.
https://thecyberwire.com/newsletters/week-that-was/7/25
Manoj Sharma of Symantec to discuss trends he's hearing about generative AI.
https://thecyberwire.com/podcasts/interview-selects/165/notes
OpenAI faces lawsuit for scraping of internet data. Study shows 25% of kids apps violate COPPA. UoM attack reportedly exposed over one million NHS patients.
https://thecyberwire.com/newsletters/privacy-briefing/5/125
Reversing Citrix Gateway for XSS
https://www.reddit.com/r/netsec/comments/14n28jb/reversing_citrix_gateway_for_xss/
Sandfly Security, (Sat, Jul 1st)
https://malware.news/t/sandfly-security-sat-jul-1st/71013#post_1
Beware: New 'Rustbucket' Malware Variant Targeting macOS Users
https://thehackernews.com/2023/07/beware-new-rustbucket-malware-variant.html
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage
https://thehackernews.com/2023/06/3-reasons-saas-security-is-imperative.html
Sandfly Security, (Sat, Jul 1st)
https://isc.sans.edu/diary/rss/29998
"Free" Evil Dead Rise movie scam lurks in Amazon listings
https://www.malwarebytes.com/blog/news/2023/06/free-evil-dead-rise-movie-scam-lurks-in-amazon-listings
Most fucked up redirect
https://www.reddit.com/r/Malware/comments/14ng7df/most_fucked_up_redirect/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The Week that Was: Vulcan’s Q2 2023 Vulnerability Watch report details notable issues. Russia's hybrid war against Ukraine: lessons learned.
https://thecyberwire.com/newsletters/week-that-was/7/25
Manoj Sharma of Symantec to discuss trends he's hearing about generative AI.
https://thecyberwire.com/podcasts/interview-selects/165/notes
OpenAI faces lawsuit for scraping of internet data. Study shows 25% of kids apps violate COPPA. UoM attack reportedly exposed over one million NHS patients.
https://thecyberwire.com/newsletters/privacy-briefing/5/125
Reversing Citrix Gateway for XSS
https://www.reddit.com/r/netsec/comments/14n28jb/reversing_citrix_gateway_for_xss/
Sandfly Security, (Sat, Jul 1st)
https://malware.news/t/sandfly-security-sat-jul-1st/71013#post_1
Beware: New 'Rustbucket' Malware Variant Targeting macOS Users
https://thehackernews.com/2023/07/beware-new-rustbucket-malware-variant.html
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage
https://thehackernews.com/2023/06/3-reasons-saas-security-is-imperative.html
Sandfly Security, (Sat, Jul 1st)
https://isc.sans.edu/diary/rss/29998
"Free" Evil Dead Rise movie scam lurks in Amazon listings
https://www.malwarebytes.com/blog/news/2023/06/free-evil-dead-rise-movie-scam-lurks-in-amazon-listings
Most fucked up redirect
https://www.reddit.com/r/Malware/comments/14ng7df/most_fucked_up_redirect/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
The Week that Was: Vulcan’s Q2 2023 Vulnerability Watch report details notable issues. Russia's hybrid war against Ukraine: lessons…
Vulcan’s Q2 2023 Vulnerability Watch report details notable issues. Russia's hybrid war against Ukraine: lessons learned. The fracturing of Conti, and the rise of its successors. Canadian energy company SUNCOR reports a cyberattack. Report: Unauthorized access…
Top Security News for 03/07/2023
The Fifth Domain - Richard Clarke - BSW Vault
https://malware.news/t/the-fifth-domain-richard-clarke-bsw-vault/71027#post_1
HHS compromised in massive MOVEit hack
https://malware.news/t/hhs-compromised-in-massive-moveit-hack/71025#post_1
New ThirdEye infostealer, SeroXen RAT examined
https://malware.news/t/new-thirdeye-infostealer-seroxen-rat-examined/71021#post_1
Seven ways to prepare for double extortion ransomware
https://malware.news/t/seven-ways-to-prepare-for-double-extortion-ransomware/71026#post_1
DEFC: simple enumeration tool for detect AV/EDR
https://malware.news/t/defc-simple-enumeration-tool-for-detect-av-edr/71028#post_1
Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition
https://securityaffairs.com/148038/breaking-news/security-affairs-newsletter-round-426-by-pierluigi-paganini-international-edition.html
WordPress plugin vulnerability puts user accounts at risk
https://malware.news/t/wordpress-plugin-vulnerability-puts-user-accounts-at-risk/71019#post_1
New C2 framework leveraged by MuddyWater
https://malware.news/t/new-c2-framework-leveraged-by-muddywater/71024#post_1
BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising
https://thehackernews.com/2023/07/blackcat-operators-distributing.html
Fully Undetected shellcode loader featuring EDR killer PoC
https://www.reddit.com/r/netsec/comments/14olph5/fully_undetected_shellcode_loader_featuring_edr/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The Fifth Domain - Richard Clarke - BSW Vault
https://malware.news/t/the-fifth-domain-richard-clarke-bsw-vault/71027#post_1
HHS compromised in massive MOVEit hack
https://malware.news/t/hhs-compromised-in-massive-moveit-hack/71025#post_1
New ThirdEye infostealer, SeroXen RAT examined
https://malware.news/t/new-thirdeye-infostealer-seroxen-rat-examined/71021#post_1
Seven ways to prepare for double extortion ransomware
https://malware.news/t/seven-ways-to-prepare-for-double-extortion-ransomware/71026#post_1
DEFC: simple enumeration tool for detect AV/EDR
https://malware.news/t/defc-simple-enumeration-tool-for-detect-av-edr/71028#post_1
Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition
https://securityaffairs.com/148038/breaking-news/security-affairs-newsletter-round-426-by-pierluigi-paganini-international-edition.html
WordPress plugin vulnerability puts user accounts at risk
https://malware.news/t/wordpress-plugin-vulnerability-puts-user-accounts-at-risk/71019#post_1
New C2 framework leveraged by MuddyWater
https://malware.news/t/new-c2-framework-leveraged-by-muddywater/71024#post_1
BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising
https://thehackernews.com/2023/07/blackcat-operators-distributing.html
Fully Undetected shellcode loader featuring EDR killer PoC
https://www.reddit.com/r/netsec/comments/14olph5/fully_undetected_shellcode_loader_featuring_edr/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
The Fifth Domain - Richard Clarke - BSW Vault
Article Link: The Fifth Domain – Richard Clarke – BSW Vault | SC Media
Top Security News for 04/07/2023
Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets
https://thehackernews.com/2023/07/evasive-meduza-stealer-targets-19.html
A week in security (June 26 - July 2)
https://www.malwarebytes.com/blog/news/2023/07/a-week-in-security-june-26-july-2
SmugX: Chinese APT uses HTML smuggling to target European Ministries and embassies
https://securityaffairs.com/148091/apt/china-linked-apt-html-smuggling-europe.html
Chinese Hackers Use HTML Smuggling to Infiltrate European Ministries with PlugX
https://thehackernews.com/2023/07/chinese-hackers-use-html-smuggling-to.html
Brave browser will prevent websites from port scanning visitors
https://www.malwarebytes.com/blog/news/2023/07/brave-browser-will-prevent-websites-from-port-scanning-visitors
2023-07-01 - 30 days of Formbook: Day 27, Saturday 2023-07-01 - "NES8"
https://malware.news/t/2023-07-01-30-days-of-formbook-day-27-saturday-2023-07-01-nes8/71051#post_1
Hiring a Reverse Engineer
https://0x00sec.org/t/hiring-a-reverse-engineer/35864
A week in security (June 26 - July 2)
https://malware.news/t/a-week-in-security-june-26-july-2/71047#post_1
Live: Życie po Google, czyli co dalej
https://gynvael.coldwind.pl/?id=769
Of sharks, surveillance, and spied-on emails: This is Section 702, with Matthew Guariglia
https://www.malwarebytes.com/blog/podcast/2023/07/of-sharks-surveillance-and-spied-on-emails
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets
https://thehackernews.com/2023/07/evasive-meduza-stealer-targets-19.html
A week in security (June 26 - July 2)
https://www.malwarebytes.com/blog/news/2023/07/a-week-in-security-june-26-july-2
SmugX: Chinese APT uses HTML smuggling to target European Ministries and embassies
https://securityaffairs.com/148091/apt/china-linked-apt-html-smuggling-europe.html
Chinese Hackers Use HTML Smuggling to Infiltrate European Ministries with PlugX
https://thehackernews.com/2023/07/chinese-hackers-use-html-smuggling-to.html
Brave browser will prevent websites from port scanning visitors
https://www.malwarebytes.com/blog/news/2023/07/brave-browser-will-prevent-websites-from-port-scanning-visitors
2023-07-01 - 30 days of Formbook: Day 27, Saturday 2023-07-01 - "NES8"
https://malware.news/t/2023-07-01-30-days-of-formbook-day-27-saturday-2023-07-01-nes8/71051#post_1
Hiring a Reverse Engineer
https://0x00sec.org/t/hiring-a-reverse-engineer/35864
A week in security (June 26 - July 2)
https://malware.news/t/a-week-in-security-june-26-july-2/71047#post_1
Live: Życie po Google, czyli co dalej
https://gynvael.coldwind.pl/?id=769
Of sharks, surveillance, and spied-on emails: This is Section 702, with Matthew Guariglia
https://www.malwarebytes.com/blog/podcast/2023/07/of-sharks-surveillance-and-spied-on-emails
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malwarebytes
A list of topics we covered in the week of June 26 to July 2 of 2023
Top Security News for 05/07/2023
TeamsPhisher: Send phishing messages and attachments to Microsoft Teams users
https://www.reddit.com/r/netsec/comments/14pzz86/teamsphisher_send_phishing_messages_and/
MOVEit attack on Aon exposed data of the staff at the Dublin Airport
https://securityaffairs.com/148152/data-breach/dublin-airport-data-breach.html
Mexico-Based Hacker Targets Global Banks with Android Malware
https://thehackernews.com/2023/07/mexico-based-hacker-targets-global.html
Fake reviewers face big fines
https://www.malwarebytes.com/blog/news/2023/07/fake-reviewers-face-big-fines
How to Achieve AWS Operational Excellence in Your Cloud Workload
https://malware.news/t/how-to-achieve-aws-operational-excellence-in-your-cloud-workload/71057#post_1
Fake reviewers face big fines
https://malware.news/t/fake-reviewers-face-big-fines/71063#post_1
Dell security advisory (AV23-374)
https://malware.news/t/dell-security-advisory-av23-374/71058#post_1
Elderly targeted in car accident scam, kingpin arrested
https://www.malwarebytes.com/blog/news/2023/07/elderly-targeted-in-car-accident-scam-kingpin-arrested
Find GraphQL API vulnerabilities, with Burp Suite Professional
https://portswigger.net/blog/find-graphql-api-vulnerabilities-with-burp-suite-professional
DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors
https://thehackernews.com/2023/07/ddosia-attack-tool-evolves-with.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
TeamsPhisher: Send phishing messages and attachments to Microsoft Teams users
https://www.reddit.com/r/netsec/comments/14pzz86/teamsphisher_send_phishing_messages_and/
MOVEit attack on Aon exposed data of the staff at the Dublin Airport
https://securityaffairs.com/148152/data-breach/dublin-airport-data-breach.html
Mexico-Based Hacker Targets Global Banks with Android Malware
https://thehackernews.com/2023/07/mexico-based-hacker-targets-global.html
Fake reviewers face big fines
https://www.malwarebytes.com/blog/news/2023/07/fake-reviewers-face-big-fines
How to Achieve AWS Operational Excellence in Your Cloud Workload
https://malware.news/t/how-to-achieve-aws-operational-excellence-in-your-cloud-workload/71057#post_1
Fake reviewers face big fines
https://malware.news/t/fake-reviewers-face-big-fines/71063#post_1
Dell security advisory (AV23-374)
https://malware.news/t/dell-security-advisory-av23-374/71058#post_1
Elderly targeted in car accident scam, kingpin arrested
https://www.malwarebytes.com/blog/news/2023/07/elderly-targeted-in-car-accident-scam-kingpin-arrested
Find GraphQL API vulnerabilities, with Burp Suite Professional
https://portswigger.net/blog/find-graphql-api-vulnerabilities-with-burp-suite-professional
DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors
https://thehackernews.com/2023/07/ddosia-attack-tool-evolves-with.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: TeamsPhisher: Send phishing messages and attachments to Microsoft Teams users
Explore this post and more from the netsec community
👍1
Top Security News for 06/07/2023
ISC Stormcast For Thursday, July 6th, 2023 https://isc.sans.edu/podcastdetail/8560, (Thu, Jul 6th)
https://isc.sans.edu/diary/rss/30004
Four Must-haves to Strengthen Your Endpoint Security
https://malware.news/t/four-must-haves-to-strengthen-your-endpoint-security/71106#post_1
NEW 'Off The Hook' ONLINE
https://www.2600.com/hook/05-07-2023
Chinese cyberespionage described. SEO poisoning. Html smuggling. DDoS alert in the US. Hacktivist auxiliary in Russia's hybrid war.
https://thecyberwire.com/newsletters/daily-briefing/12/126
Actively Exploited ICS Hardware: SolarView Series
https://www.reddit.com/r/netsec/comments/14r5ki9/actively_exploited_ics_hardware_solarview_series/
Microsoft refutes Anonymous Sudan's massive data breach claims
https://malware.news/t/microsoft-refutes-anonymous-sudans-massive-data-breach-claims/71102#post_1
RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors
https://thehackernews.com/2023/07/redenergy-stealer-as-ransomware-threat.html
Extending Burp Suite for fun and profit - The Montoya way - Part 1
https://www.reddit.com/r/netsec/comments/14r66m2/extending_burp_suite_for_fun_and_profit_the/
StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability
https://www.reddit.com/r/netsec/comments/14rcfi0/stackrot_cve20233269_linux_kernel_privilege/
0day RCE in open source browsergame
https://0x00sec.org/t/0day-rce-in-open-source-browsergame/35895
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
ISC Stormcast For Thursday, July 6th, 2023 https://isc.sans.edu/podcastdetail/8560, (Thu, Jul 6th)
https://isc.sans.edu/diary/rss/30004
Four Must-haves to Strengthen Your Endpoint Security
https://malware.news/t/four-must-haves-to-strengthen-your-endpoint-security/71106#post_1
NEW 'Off The Hook' ONLINE
https://www.2600.com/hook/05-07-2023
Chinese cyberespionage described. SEO poisoning. Html smuggling. DDoS alert in the US. Hacktivist auxiliary in Russia's hybrid war.
https://thecyberwire.com/newsletters/daily-briefing/12/126
Actively Exploited ICS Hardware: SolarView Series
https://www.reddit.com/r/netsec/comments/14r5ki9/actively_exploited_ics_hardware_solarview_series/
Microsoft refutes Anonymous Sudan's massive data breach claims
https://malware.news/t/microsoft-refutes-anonymous-sudans-massive-data-breach-claims/71102#post_1
RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors
https://thehackernews.com/2023/07/redenergy-stealer-as-ransomware-threat.html
Extending Burp Suite for fun and profit - The Montoya way - Part 1
https://www.reddit.com/r/netsec/comments/14r66m2/extending_burp_suite_for_fun_and_profit_the/
StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability
https://www.reddit.com/r/netsec/comments/14rcfi0/stackrot_cve20233269_linux_kernel_privilege/
0day RCE in open source browsergame
https://0x00sec.org/t/0day-rce-in-open-source-browsergame/35895
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
ISC StormCast for Thursday, July 6th, 2023 - SANS ISC
Top Security News for 07/07/2023
Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability
https://thehackernews.com/2023/07/researchers-uncover-new-linux-kernel.html
Two Stories for "What is CHERI?"
https://www.reddit.com/r/netsec/comments/14s3ibm/two_stories_for_what_is_cheri/
Methods of countering disinformation. False personae with traction. Disinformation in Russia's hybrid war.
https://thecyberwire.com/newsletters/disinformation-briefing/5/27
Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users
https://thehackernews.com/2023/07/iranian-hackers-sophisticated-malware.html
Threads' Instagram 'Trap' Shows Why Facebook Should Have Been Broken Up Years Ago
https://www.vice.com/en_us/article/bvjvb5/threads-instagram-trap-shows-why-facebook-should-have-been-broken-up-years-ago
Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911)
https://www.reddit.com/r/netsec/comments/14saj80/windows_installer_arbitrary_content_manipulation/
Silentbob Campaign: Cloud-Native Environments Under Attack
https://thehackernews.com/2023/07/silentbob-campaign-cloud-native.html
Backdooring NPM Modules via Hijacking S3 Buckets
https://www.reddit.com/r/netsec/comments/14rxqlr/backdooring_npm_modules_via_hijacking_s3_buckets/
Surviving the 800 Gbps Storm: Gain Insights from Gcore's 2023 DDoS Attack Statistics
https://thehackernews.com/2023/07/surviving-800-gbps-storm-gain-insights.html
Beware of the Growing Scourge of Job Recruitment Scams
https://securityintelligence.com/articles/beware-the-growing-scourge-of-job-recruitment-scams/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability
https://thehackernews.com/2023/07/researchers-uncover-new-linux-kernel.html
Two Stories for "What is CHERI?"
https://www.reddit.com/r/netsec/comments/14s3ibm/two_stories_for_what_is_cheri/
Methods of countering disinformation. False personae with traction. Disinformation in Russia's hybrid war.
https://thecyberwire.com/newsletters/disinformation-briefing/5/27
Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users
https://thehackernews.com/2023/07/iranian-hackers-sophisticated-malware.html
Threads' Instagram 'Trap' Shows Why Facebook Should Have Been Broken Up Years Ago
https://www.vice.com/en_us/article/bvjvb5/threads-instagram-trap-shows-why-facebook-should-have-been-broken-up-years-ago
Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911)
https://www.reddit.com/r/netsec/comments/14saj80/windows_installer_arbitrary_content_manipulation/
Silentbob Campaign: Cloud-Native Environments Under Attack
https://thehackernews.com/2023/07/silentbob-campaign-cloud-native.html
Backdooring NPM Modules via Hijacking S3 Buckets
https://www.reddit.com/r/netsec/comments/14rxqlr/backdooring_npm_modules_via_hijacking_s3_buckets/
Surviving the 800 Gbps Storm: Gain Insights from Gcore's 2023 DDoS Attack Statistics
https://thehackernews.com/2023/07/surviving-800-gbps-storm-gain-insights.html
Beware of the Growing Scourge of Job Recruitment Scams
https://securityintelligence.com/articles/beware-the-growing-scourge-of-job-recruitment-scams/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Two Stories for "What is CHERI?"
Posted by Xadartt - No votes and no comments
Top Security News for 08/07/2023
2023-07-04 - 30 days of Formbook: Day309, Tuesday 2023-07-04 - Formbook "MF6W"
https://malware.news/t/2023-07-04-30-days-of-formbook-day309-tuesday-2023-07-04-formbook-mf6w/71183#post_1
A man has been charged with a cyber attack on the Discovery Bay water treatment facility
https://securityaffairs.com/148258/cyber-crime/discovery-bay-water-treatment-facility-attck.html
Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks
https://thehackernews.com/2023/07/cybersecurity-agencies-sound-alarm-on.html
More than ChatGPT: Privacy and Confidentiality in the Age of LLMs
https://modernciso.com/2023/06/01/more-than-chatgpt-privacy-and-confidentiality-in-the-age-of-llms/
Close Security Gaps with Continuous Threat Exposure Management
https://thehackernews.com/2023/07/close-security-gaps-with-continuous.html
Mike Hamilton, former CISO from Seattle and CISO of cybersecurity firm, Critical Insight, discusses what you need to know about NIST 2.0.
https://thecyberwire.com/podcasts/interview-selects/166/notes
BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days
https://thehackernews.com/2023/07/blackbyte-20-ransomware-infiltrate.html
Joint advisory warns of Truebot. Operation Brainleaches in the supply chain. API key reset at Jumpcloud. More MOVEit vulnerability exploitation.
https://thecyberwire.com/podcasts/daily-podcast/1858/notes
Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities
https://thehackernews.com/2023/07/google-releases-android-patch-update.html
The Week that Was: LockBit 3.0 claims responsibility for Nagoya ransomware attack. BlackCat and SEO poisoning.
https://thecyberwire.com/newsletters/week-that-was/7/26
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
2023-07-04 - 30 days of Formbook: Day309, Tuesday 2023-07-04 - Formbook "MF6W"
https://malware.news/t/2023-07-04-30-days-of-formbook-day309-tuesday-2023-07-04-formbook-mf6w/71183#post_1
A man has been charged with a cyber attack on the Discovery Bay water treatment facility
https://securityaffairs.com/148258/cyber-crime/discovery-bay-water-treatment-facility-attck.html
Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks
https://thehackernews.com/2023/07/cybersecurity-agencies-sound-alarm-on.html
More than ChatGPT: Privacy and Confidentiality in the Age of LLMs
https://modernciso.com/2023/06/01/more-than-chatgpt-privacy-and-confidentiality-in-the-age-of-llms/
Close Security Gaps with Continuous Threat Exposure Management
https://thehackernews.com/2023/07/close-security-gaps-with-continuous.html
Mike Hamilton, former CISO from Seattle and CISO of cybersecurity firm, Critical Insight, discusses what you need to know about NIST 2.0.
https://thecyberwire.com/podcasts/interview-selects/166/notes
BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days
https://thehackernews.com/2023/07/blackbyte-20-ransomware-infiltrate.html
Joint advisory warns of Truebot. Operation Brainleaches in the supply chain. API key reset at Jumpcloud. More MOVEit vulnerability exploitation.
https://thecyberwire.com/podcasts/daily-podcast/1858/notes
Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities
https://thehackernews.com/2023/07/google-releases-android-patch-update.html
The Week that Was: LockBit 3.0 claims responsibility for Nagoya ransomware attack. BlackCat and SEO poisoning.
https://thecyberwire.com/newsletters/week-that-was/7/26
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
2023-07-04 - 30 days of Formbook: Day309, Tuesday 2023-07-04 - Formbook "MF6W"
Article Link: Malware-Traffic-Analysis.net - 30 days of Formbook: Day 30, Tuesday 2023-07-04 - "mf6w"
Top Security News for 09/07/2023
Iran-linked APT TA453 targets Windows and macOS systems
https://securityaffairs.com/148275/apt/ta453-malware-windows-macos.html
Which router malware is capable of getting into wifi connected Android phones using vulnurability
https://www.reddit.com/r/Malware/comments/14ucvml/which_router_malware_is_capable_of_getting_into/
Eric Tillman: A creative way into cyber. [Intelligence]
https://thecyberwire.com/podcasts/career-notes/157/notes
Hiding In The Windows Event Log
https://malware.news/t/hiding-in-the-windows-event-log/71187#post_1
Google addressed 3 actively exploited flaws in Android
https://securityaffairs.com/148286/mobile-2/android-actively-exploited-flaws-fixed.html
Over $50M in cyber, CX investments awarded to federal agencies
https://malware.news/t/over-50m-in-cyber-cx-investments-awarded-to-federal-agencies/71185#post_1
Pentest Mapper Burp Suite extension 1.7 is released.
https://www.reddit.com/r/netsec/comments/14u5yhq/pentest_mapper_burp_suite_extension_17_is_released/
Security Affairs newsletter Round 427 by Pierluigi Paganini – International edition
https://securityaffairs.com/148291/breaking-news/security-affairs-newsletter-round-427-by-pierluigi-paganini-international-edition.html
Novel Linux kernel vulnerability exploitable for elevated privileges
https://malware.news/t/novel-linux-kernel-vulnerability-exploitable-for-elevated-privileges/71186#post_1
EasyScan: A Lightweight Web Vulnerability Scanner to Secure Your Website
https://www.reddit.com/r/netsec/comments/14ufxia/easyscan_a_lightweight_web_vulnerability_scanner/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Iran-linked APT TA453 targets Windows and macOS systems
https://securityaffairs.com/148275/apt/ta453-malware-windows-macos.html
Which router malware is capable of getting into wifi connected Android phones using vulnurability
https://www.reddit.com/r/Malware/comments/14ucvml/which_router_malware_is_capable_of_getting_into/
Eric Tillman: A creative way into cyber. [Intelligence]
https://thecyberwire.com/podcasts/career-notes/157/notes
Hiding In The Windows Event Log
https://malware.news/t/hiding-in-the-windows-event-log/71187#post_1
Google addressed 3 actively exploited flaws in Android
https://securityaffairs.com/148286/mobile-2/android-actively-exploited-flaws-fixed.html
Over $50M in cyber, CX investments awarded to federal agencies
https://malware.news/t/over-50m-in-cyber-cx-investments-awarded-to-federal-agencies/71185#post_1
Pentest Mapper Burp Suite extension 1.7 is released.
https://www.reddit.com/r/netsec/comments/14u5yhq/pentest_mapper_burp_suite_extension_17_is_released/
Security Affairs newsletter Round 427 by Pierluigi Paganini – International edition
https://securityaffairs.com/148291/breaking-news/security-affairs-newsletter-round-427-by-pierluigi-paganini-international-edition.html
Novel Linux kernel vulnerability exploitable for elevated privileges
https://malware.news/t/novel-linux-kernel-vulnerability-exploitable-for-elevated-privileges/71186#post_1
EasyScan: A Lightweight Web Vulnerability Scanner to Secure Your Website
https://www.reddit.com/r/netsec/comments/14ufxia/easyscan_a_lightweight_web_vulnerability_scanner/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Affairs
Iran-linked APT TA453 targets Windows and macOS systems
Iran-linked APT group tracked TA453 has been linked to a new malware campaign targeting both Windows and macOS systems.
Top Security News for 10/07/2023
ISC StormCast for Monday, July 10th, 2023
https://isc.sans.edu/podcastdetail/8564
Dig Security bolsters data security solution with optical character recognition
https://malware.news/t/dig-security-bolsters-data-security-solution-with-optical-character-recognition/71188#post_1
Overflows Exploitation
https://0x00sec.org/t/overflows-exploitation/35958
EdgeRouters's & AirCube's vulnerability allows LAN attackers to cause the service to overflow an internal heap and potentially execute arbitrary code
https://www.reddit.com/r/netsec/comments/14uszq0/edgerouterss_aircubes_vulnerability_allows_lan/
Widespread MOVEit hack impacts more organizations
https://malware.news/t/widespread-moveit-hack-impacts-more-organizations/71189#post_1
Sophisticated iOS malware, likely state backed.
https://www.reddit.com/r/Malware/comments/14vj1xq/sophisticated_ios_malware_likely_state_backed/
Why CISOs need enhanced legal protections in the age of breach lawsuits
https://malware.news/t/why-cisos-need-enhanced-legal-protections-in-the-age-of-breach-lawsuits/71191#post_1
ISC Stormcast For Monday, July 10th, 2023 https://isc.sans.edu/podcastdetail/8564, (Mon, Jul 10th)
https://malware.news/t/isc-stormcast-for-monday-july-10th-2023-https-isc-sans-edu-podcastdetail-8564-mon-jul-10th/71190#post_1
ISC Stormcast For Monday, July 10th, 2023 https://isc.sans.edu/podcastdetail/8564, (Mon, Jul 10th)
https://isc.sans.edu/diary/rss/30010
+Protecting Linux at Kernel Level Why and How
https://www.reddit.com/r/netsec/comments/14vil1d/protecting_linux_at_kernel_level_why_and_how/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
ISC StormCast for Monday, July 10th, 2023
https://isc.sans.edu/podcastdetail/8564
Dig Security bolsters data security solution with optical character recognition
https://malware.news/t/dig-security-bolsters-data-security-solution-with-optical-character-recognition/71188#post_1
Overflows Exploitation
https://0x00sec.org/t/overflows-exploitation/35958
EdgeRouters's & AirCube's vulnerability allows LAN attackers to cause the service to overflow an internal heap and potentially execute arbitrary code
https://www.reddit.com/r/netsec/comments/14uszq0/edgerouterss_aircubes_vulnerability_allows_lan/
Widespread MOVEit hack impacts more organizations
https://malware.news/t/widespread-moveit-hack-impacts-more-organizations/71189#post_1
Sophisticated iOS malware, likely state backed.
https://www.reddit.com/r/Malware/comments/14vj1xq/sophisticated_ios_malware_likely_state_backed/
Why CISOs need enhanced legal protections in the age of breach lawsuits
https://malware.news/t/why-cisos-need-enhanced-legal-protections-in-the-age-of-breach-lawsuits/71191#post_1
ISC Stormcast For Monday, July 10th, 2023 https://isc.sans.edu/podcastdetail/8564, (Mon, Jul 10th)
https://malware.news/t/isc-stormcast-for-monday-july-10th-2023-https-isc-sans-edu-podcastdetail-8564-mon-jul-10th/71190#post_1
ISC Stormcast For Monday, July 10th, 2023 https://isc.sans.edu/podcastdetail/8564, (Mon, Jul 10th)
https://isc.sans.edu/diary/rss/30010
+Protecting Linux at Kernel Level Why and How
https://www.reddit.com/r/netsec/comments/14vil1d/protecting_linux_at_kernel_level_why_and_how/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
ISC StormCast for Monday, July 10th, 2023 - SANS ISC
Top Security News for 11/07/2023
New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security
https://thehackernews.com/2023/07/new-mozilla-feature-blocks-risky-add.html
Analysis of the Rekoobe Backdoor Being Used In Attacks Against Linux Systems in Korea
https://malware.news/t/analysis-of-the-rekoobe-backdoor-being-used-in-attacks-against-linux-systems-in-korea/71225#post_1
ISC StormCast for Tuesday, July 11th, 2023
https://isc.sans.edu/podcastdetail/8566
A week in security (July 3 - 9)
https://www.malwarebytes.com/blog/news/2023/07/a-week-in-security-july-3-9
Windows kernel driver signing - any way to only allow my drivers?
https://www.reddit.com/r/lowlevel/comments/14w2pdq/windows_kernel_driver_signing_any_way_to_only/
RomCom RAT Targeting NATO and Ukraine Support Groups
https://thehackernews.com/2023/07/romcom-rat-targeting-nato-and-ukraine.html
New German cybersecurity chief addresses reporters on policy. CIA head speaks on the future of US intelligence.
https://thecyberwire.com/newsletters/policy-briefing/5/129
Privacy Briefing for 07.10.23
https://thecyberwire.com/newsletters/privacy-briefing/5129/129
Cybercriminals Evolve Antidetect Tooling for Mobile OS-Based Fraud
https://securityaffairs.com/148341/cyber-crime/antidetect-tooling-mobile-fraud.html
New phishing campaigns. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress Software issues MOVEit patches. Telegram's role in Russia's war.
https://thecyberwire.com/newsletters/daily-briefing/12/129
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security
https://thehackernews.com/2023/07/new-mozilla-feature-blocks-risky-add.html
Analysis of the Rekoobe Backdoor Being Used In Attacks Against Linux Systems in Korea
https://malware.news/t/analysis-of-the-rekoobe-backdoor-being-used-in-attacks-against-linux-systems-in-korea/71225#post_1
ISC StormCast for Tuesday, July 11th, 2023
https://isc.sans.edu/podcastdetail/8566
A week in security (July 3 - 9)
https://www.malwarebytes.com/blog/news/2023/07/a-week-in-security-july-3-9
Windows kernel driver signing - any way to only allow my drivers?
https://www.reddit.com/r/lowlevel/comments/14w2pdq/windows_kernel_driver_signing_any_way_to_only/
RomCom RAT Targeting NATO and Ukraine Support Groups
https://thehackernews.com/2023/07/romcom-rat-targeting-nato-and-ukraine.html
New German cybersecurity chief addresses reporters on policy. CIA head speaks on the future of US intelligence.
https://thecyberwire.com/newsletters/policy-briefing/5/129
Privacy Briefing for 07.10.23
https://thecyberwire.com/newsletters/privacy-briefing/5129/129
Cybercriminals Evolve Antidetect Tooling for Mobile OS-Based Fraud
https://securityaffairs.com/148341/cyber-crime/antidetect-tooling-mobile-fraud.html
New phishing campaigns. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress Software issues MOVEit patches. Telegram's role in Russia's war.
https://thecyberwire.com/newsletters/daily-briefing/12/129
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Analysis of the Rekoobe Backdoor Being Used In Attacks Against Linux Systems in Korea
Rekoobe is a backdoor known to be used by APT31, a threat group based in China. AhnLab Security Emergency Response Center (ASEC) has been receiving reports of the Rekoobe malware from tenants in Korea for several years, and will hereby share its brief analysis.…
Top Security News for 12/07/2023
"TootRoot" Mastodon vulnerabilities fixed: Admins, patch now!
https://www.malwarebytes.com/blog/news/2023/07/tootroot-mastodon-vulnerabilities-fixed-admins-patch-now
Cl0p's use of MOVEit exploits. RedDelta focuses on Eastern Europe. TOITOIN Trojan targets Latin America. Big Head ransomware.
https://thecyberwire.com/newsletters/research-briefing/5/28
Collective defense in cyberspace. Notes on gangs, privateers, and hacktivist auxiliaries. Amazon Prime Day is now a commercial holiday (like Black Friday): crooks have noticed–stay safe.
https://thecyberwire.com/podcasts/daily-podcast/1860/notes
Loader activity for Formbook "QM18", (Wed, Jul 12th)
https://malware.news/t/loader-activity-for-formbook-qm18-wed-jul-12th/71284#post_1
Are we doomed to make the same security mistakes with AI?
https://securityintelligence.com/articles/are-we-doomed-to-make-the-same-security-mistakes-with-ai/
Scarleteel operation ups their cloud game with new targets and tools
https://www.reddit.com/r/netsec/comments/14wqud1/scarleteel_operation_ups_their_cloud_game_with/
SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign
https://thehackernews.com/2023/07/scarleteel-cryptojacking-campaign.html
Apple issued Rapid Security Response updates to fix a zero-day but pulled them due to a Safari bug
https://securityaffairs.com/148360/security/apple-issued-rapid-security-response.html
Security Alert: Microsoft Releases July 2023 Security Updates
https://malware.news/t/security-alert-microsoft-releases-july-2023-security-updates/71283#post_1
VMware warns customers of exploit available for critical vRealize RCE flaw CVE-2023-20864
https://securityaffairs.com/148346/hacking/vmware-vmware-rce-exploit.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
"TootRoot" Mastodon vulnerabilities fixed: Admins, patch now!
https://www.malwarebytes.com/blog/news/2023/07/tootroot-mastodon-vulnerabilities-fixed-admins-patch-now
Cl0p's use of MOVEit exploits. RedDelta focuses on Eastern Europe. TOITOIN Trojan targets Latin America. Big Head ransomware.
https://thecyberwire.com/newsletters/research-briefing/5/28
Collective defense in cyberspace. Notes on gangs, privateers, and hacktivist auxiliaries. Amazon Prime Day is now a commercial holiday (like Black Friday): crooks have noticed–stay safe.
https://thecyberwire.com/podcasts/daily-podcast/1860/notes
Loader activity for Formbook "QM18", (Wed, Jul 12th)
https://malware.news/t/loader-activity-for-formbook-qm18-wed-jul-12th/71284#post_1
Are we doomed to make the same security mistakes with AI?
https://securityintelligence.com/articles/are-we-doomed-to-make-the-same-security-mistakes-with-ai/
Scarleteel operation ups their cloud game with new targets and tools
https://www.reddit.com/r/netsec/comments/14wqud1/scarleteel_operation_ups_their_cloud_game_with/
SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign
https://thehackernews.com/2023/07/scarleteel-cryptojacking-campaign.html
Apple issued Rapid Security Response updates to fix a zero-day but pulled them due to a Safari bug
https://securityaffairs.com/148360/security/apple-issued-rapid-security-response.html
Security Alert: Microsoft Releases July 2023 Security Updates
https://malware.news/t/security-alert-microsoft-releases-july-2023-security-updates/71283#post_1
VMware warns customers of exploit available for critical vRealize RCE flaw CVE-2023-20864
https://securityaffairs.com/148346/hacking/vmware-vmware-rce-exploit.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malwarebytes
"TootRoot" Mastodon vulnerabilities fixed: Admins, patch now!
We take a look at a collection of issues (now patched) which were affecting Mastodon servers. It's time to apply the fix for TootRoot.
Top Security News for 13/07/2023
The Risks and Preventions of AI in Business: Safeguarding Against Potential Pitfalls
https://thehackernews.com/2023/07/the-risks-and-preventions-of-ai-in.html
Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector
https://thehackernews.com/2023/07/chinese-hackers-deploy-microsoft-signed.html
Using MiTMProxy as a scriptable pre-proxy for BurpSuite
https://www.reddit.com/r/netsec/comments/14xzstx/using_mitmproxy_as_a_scriptable_preproxy_for/
Here’s how security and DevOps can collaborate and shift left
https://malware.news/t/here-s-how-security-and-devops-can-collaborate-and-shift-left/71337#post_1
SonicWall security advisory (AV23-402)
https://malware.news/t/sonicwall-security-advisory-av23-402/71332#post_1
How the EU's new cyber regs could affect ports. NSA and CyberCom chief nominee follows in predecessor’s footsteps. Hate crime grants highlight cybersecurity.
https://thecyberwire.com/newsletters/policy-briefing/5/131
Patch Tuesday retrospective: July 2023.
https://thecyberwire.com
Laws, lawsuits, and privacy.
https://thecyberwire.com/podcasts/caveat/179/notes
Python-Based PyLoose Fileless Attack Targets Cloud Workloads for Cryptocurrency Mining
https://thehackernews.com/2023/07/python-based-pyloose-fileless-attack.html
Could compiled code in dynamically linked libraries be statically baked into an executable?
https://www.reddit.com/r/lowlevel/comments/14xsxch/could_compiled_code_in_dynamically_linked/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The Risks and Preventions of AI in Business: Safeguarding Against Potential Pitfalls
https://thehackernews.com/2023/07/the-risks-and-preventions-of-ai-in.html
Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector
https://thehackernews.com/2023/07/chinese-hackers-deploy-microsoft-signed.html
Using MiTMProxy as a scriptable pre-proxy for BurpSuite
https://www.reddit.com/r/netsec/comments/14xzstx/using_mitmproxy_as_a_scriptable_preproxy_for/
Here’s how security and DevOps can collaborate and shift left
https://malware.news/t/here-s-how-security-and-devops-can-collaborate-and-shift-left/71337#post_1
SonicWall security advisory (AV23-402)
https://malware.news/t/sonicwall-security-advisory-av23-402/71332#post_1
How the EU's new cyber regs could affect ports. NSA and CyberCom chief nominee follows in predecessor’s footsteps. Hate crime grants highlight cybersecurity.
https://thecyberwire.com/newsletters/policy-briefing/5/131
Patch Tuesday retrospective: July 2023.
https://thecyberwire.com
Laws, lawsuits, and privacy.
https://thecyberwire.com/podcasts/caveat/179/notes
Python-Based PyLoose Fileless Attack Targets Cloud Workloads for Cryptocurrency Mining
https://thehackernews.com/2023/07/python-based-pyloose-fileless-attack.html
Could compiled code in dynamically linked libraries be statically baked into an executable?
https://www.reddit.com/r/lowlevel/comments/14xsxch/could_compiled_code_in_dynamically_linked/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Using MiTMProxy as a scriptable pre-proxy for BurpSuite
Explore this post and more from the netsec community
Top Security News for 14/07/2023
AI and its potential use in disinformation. Meta's approach to disinformation in its new Threads platform. Influence and news in Russia's hybrid war.
https://thecyberwire.com/newsletters/disinformation-briefing/5/28
Penetrating the Apple: A Deep Dive into macOS Pentesting
https://www.reddit.com/r/netsec/comments/14yxfe2/penetrating_the_apple_a_deep_dive_into_macos/
Telemedicine, smart intercom apps at risk from QuickBlox vulns
https://www.reddit.com/r/netsec/comments/14ymyzb/telemedicine_smart_intercom_apps_at_risk_from/
Want to stay safer online? Beware Meta services
https://malware.news/t/want-to-stay-safer-online-beware-meta-services/71378#post_1
Brute-forcing a macOS user’s real name from a browser using mDNS
https://www.reddit.com/r/netsec/comments/14ytxv7/bruteforcing_a_macos_users_real_name_from_a/
Ransomware review: July 2023
https://www.malwarebytes.com/blog/threat-intelligence/2023/07/ransomware-review-july-2023
Resource Based Constrained Delegation - Practical Guide for Active Directory Privilege Escalation and Lateral Movement
https://www.reddit.com/r/netsec/comments/14ynluo/resource_based_constrained_delegation_practical/
Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.
https://thecyberwire.com/podcasts/daily-podcast/1862/notes
Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
https://thehackernews.com/2023/07/blog-post.html
ISC Stormcast For Friday, July 14th, 2023 https://isc.sans.edu/podcastdetail/8572, (Fri, Jul 14th)
https://malware.news/t/isc-stormcast-for-friday-july-14th-2023-https-isc-sans-edu-podcastdetail-8572-fri-jul-14th/71376#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
AI and its potential use in disinformation. Meta's approach to disinformation in its new Threads platform. Influence and news in Russia's hybrid war.
https://thecyberwire.com/newsletters/disinformation-briefing/5/28
Penetrating the Apple: A Deep Dive into macOS Pentesting
https://www.reddit.com/r/netsec/comments/14yxfe2/penetrating_the_apple_a_deep_dive_into_macos/
Telemedicine, smart intercom apps at risk from QuickBlox vulns
https://www.reddit.com/r/netsec/comments/14ymyzb/telemedicine_smart_intercom_apps_at_risk_from/
Want to stay safer online? Beware Meta services
https://malware.news/t/want-to-stay-safer-online-beware-meta-services/71378#post_1
Brute-forcing a macOS user’s real name from a browser using mDNS
https://www.reddit.com/r/netsec/comments/14ytxv7/bruteforcing_a_macos_users_real_name_from_a/
Ransomware review: July 2023
https://www.malwarebytes.com/blog/threat-intelligence/2023/07/ransomware-review-july-2023
Resource Based Constrained Delegation - Practical Guide for Active Directory Privilege Escalation and Lateral Movement
https://www.reddit.com/r/netsec/comments/14ynluo/resource_based_constrained_delegation_practical/
Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.
https://thecyberwire.com/podcasts/daily-podcast/1862/notes
Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
https://thehackernews.com/2023/07/blog-post.html
ISC Stormcast For Friday, July 14th, 2023 https://isc.sans.edu/podcastdetail/8572, (Fri, Jul 14th)
https://malware.news/t/isc-stormcast-for-friday-july-14th-2023-https-isc-sans-edu-podcastdetail-8572-fri-jul-14th/71376#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
AI and its potential use in disinformation. Meta's approach to disinformation in its new Threads platform. Influence and news in…
AI and its potential use in disinformation. Meta's approach to disinformation in its new Threads platform. Telegram's role in Russia's war. Mr. Prigozhin's mansion, his continuing war on REMFs, and a comparison and contrast with President Putin's presentation…
Top Security News for 15/07/2023
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries
https://thehackernews.com/2023/07/new-soho-router-botnet-avrecon-spreads.html
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
https://www.reddit.com/r/netsec/comments/14z96qn/uncovering_weaknesses_in_apple_macos_and_vmware/
Ransomware making big money through "big game hunting"
https://www.malwarebytes.com/blog/news/2023/07/ransomware-making-big-money-through-big-game-hunting
Tax preparation firms shared sensitive information with Meta
https://www.malwarebytes.com/blog/news/2023/07/tax-preparation-firms-shared-sensitive-information-with-meta
AI not yet a game-changer for healthcare hackers
https://malware.news/t/ai-not-yet-a-game-changer-for-healthcare-hackers/71408#post_1
The Week that Was: Chinese threat actor hit US organizations with a Microsoft cloud exploit. Training code turns out to be malicious in a new proof-of-concept attack discovered on GitHub.
https://thecyberwire.com/newsletters/week-that-was/7/27
Cybersecurity investment priorities examined
https://malware.news/t/cybersecurity-investment-priorities-examined/71406#post_1
Chris Cochran from Huntress is talking about the challenges small and medium sized businesses face with cyber security.
https://thecyberwire.com/podcasts/interview-selects/167/notes
The source code of the BlackLotus UEFI Bootkit was leaked on GitHub
https://securityaffairs.com/148482/malware/source-code-blacklotus-uefi-bootkit-leaked.html
Indexing Over 15 Million WordPress Websites with PWNPress
https://securityaffairs.com/148465/hacking/pwnpress-platform.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries
https://thehackernews.com/2023/07/new-soho-router-botnet-avrecon-spreads.html
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
https://www.reddit.com/r/netsec/comments/14z96qn/uncovering_weaknesses_in_apple_macos_and_vmware/
Ransomware making big money through "big game hunting"
https://www.malwarebytes.com/blog/news/2023/07/ransomware-making-big-money-through-big-game-hunting
Tax preparation firms shared sensitive information with Meta
https://www.malwarebytes.com/blog/news/2023/07/tax-preparation-firms-shared-sensitive-information-with-meta
AI not yet a game-changer for healthcare hackers
https://malware.news/t/ai-not-yet-a-game-changer-for-healthcare-hackers/71408#post_1
The Week that Was: Chinese threat actor hit US organizations with a Microsoft cloud exploit. Training code turns out to be malicious in a new proof-of-concept attack discovered on GitHub.
https://thecyberwire.com/newsletters/week-that-was/7/27
Cybersecurity investment priorities examined
https://malware.news/t/cybersecurity-investment-priorities-examined/71406#post_1
Chris Cochran from Huntress is talking about the challenges small and medium sized businesses face with cyber security.
https://thecyberwire.com/podcasts/interview-selects/167/notes
The source code of the BlackLotus UEFI Bootkit was leaked on GitHub
https://securityaffairs.com/148482/malware/source-code-blacklotus-uefi-bootkit-leaked.html
Indexing Over 15 Million WordPress Websites with PWNPress
https://securityaffairs.com/148465/hacking/pwnpress-platform.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
Explore this post and more from the netsec community
👍1
Top Security News for 16/07/2023
Jennifer Addie: Finding creative solutions. [COO]
https://thecyberwire.com/podcasts/career-notes/158/notes
WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks
https://thehackernews.com/2023/07/wormgpt-new-ai-tool-allows.html
Cryptovirology case
https://www.reddit.com/r/Malware/comments/150d9d1/cryptovirology_case/
Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens
https://thehackernews.com/2023/07/microsoft-bug-allowed-hackers-to-breach.html
Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition
https://securityaffairs.com/148500/breaking-news/security-affairs-newsletter-round-428-by-pierluigi-paganini-international-edition.html
Update of new youtube malware channel
https://www.reddit.com/r/Malware/comments/1506ws2/update_of_new_youtube_malware_channel/
Satellites lack standard security mechanisms found in mobile phones and laptops - Help Net Security
https://www.reddit.com/r/netsec/comments/150x6r6/satellites_lack_standard_security_mechanisms/
GitHub - FourCoreLabs/LolDriverScan: Scan vulnerable drivers on Windows System
https://www.reddit.com/r/netsec/comments/150el5p/github_fourcorelabsloldriverscan_scan_vulnerable/
Another new malware payload remix / trip
https://www.reddit.com/r/Malware/comments/15090kc/another_new_malware_payload_remix_trip/
Deep Analysis of GCleaner
https://malware.news/t/deep-analysis-of-gcleaner/71411#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Jennifer Addie: Finding creative solutions. [COO]
https://thecyberwire.com/podcasts/career-notes/158/notes
WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks
https://thehackernews.com/2023/07/wormgpt-new-ai-tool-allows.html
Cryptovirology case
https://www.reddit.com/r/Malware/comments/150d9d1/cryptovirology_case/
Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens
https://thehackernews.com/2023/07/microsoft-bug-allowed-hackers-to-breach.html
Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition
https://securityaffairs.com/148500/breaking-news/security-affairs-newsletter-round-428-by-pierluigi-paganini-international-edition.html
Update of new youtube malware channel
https://www.reddit.com/r/Malware/comments/1506ws2/update_of_new_youtube_malware_channel/
Satellites lack standard security mechanisms found in mobile phones and laptops - Help Net Security
https://www.reddit.com/r/netsec/comments/150x6r6/satellites_lack_standard_security_mechanisms/
GitHub - FourCoreLabs/LolDriverScan: Scan vulnerable drivers on Windows System
https://www.reddit.com/r/netsec/comments/150el5p/github_fourcorelabsloldriverscan_scan_vulnerable/
Another new malware payload remix / trip
https://www.reddit.com/r/Malware/comments/15090kc/another_new_malware_payload_remix_trip/
Deep Analysis of GCleaner
https://malware.news/t/deep-analysis-of-gcleaner/71411#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Jennifer Addie: Finding creative solutions. [COO]
Jennifer Addie, COO and CWO from VentureScope and MACH37 Cyber Accelerator sits down to share her incredible story, bringing creativity into the cyber community. Growing up Jennifer always loved the human side of things, and learning that she had a knack…
Top Security News for 17/07/2023
ISC StormCast for Monday, July 17th, 2023
https://isc.sans.edu/podcastdetail/8574
Pompompurin, the BreachForums owner, pleads guilty to hacking charges and possession of child pornography
https://securityaffairs.com/148515/cyber-crime/pompompurin-pleas-guilty-hacking-charges.html
Brute-Force ZIP Password Cracking with zipdump.py: FP Fix, (Sun, Jul 16th)
https://malware.news/t/brute-force-zip-password-cracking-with-zipdump-py-fp-fix-sun-jul-16th/71413#post_1
Lessons to learn from last week’s email breach on federal agencies by a Chinese APT group
https://malware.news/t/lessons-to-learn-from-last-week-s-email-breach-on-federal-agencies-by-a-chinese-apt-group/71419#post_1
CERT-UA Uncovers Gamaredon's Rapid Data Exfiltration Tactics Following Initial Compromise
https://thehackernews.com/2023/07/cert-ua-uncovers-gamaredons-rapid-data.html
Vault Range - The Measure and Resilience of Weaponized Exploit Methods for Linux
https://www.reddit.com/r/netsec/comments/15168s3/vault_range_the_measure_and_resilience_of/
Malware source code investigation: BlackLotus - part 1
https://malware.news/t/malware-source-code-investigation-blacklotus-part-1/71416#post_1
Wireshark 4.0.7 Released, (Sat, Jul 15th)
https://isc.sans.edu/diary/rss/30030
Brute-Force ZIP Password Cracking with zipdump.py: FP Fix, (Sun, Jul 16th)
https://isc.sans.edu/diary/rss/30032
FUD Stealer warning for prysmax
https://www.reddit.com/r/Malware/comments/1514ubp/fud_stealer_warning_for_prysmax/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
ISC StormCast for Monday, July 17th, 2023
https://isc.sans.edu/podcastdetail/8574
Pompompurin, the BreachForums owner, pleads guilty to hacking charges and possession of child pornography
https://securityaffairs.com/148515/cyber-crime/pompompurin-pleas-guilty-hacking-charges.html
Brute-Force ZIP Password Cracking with zipdump.py: FP Fix, (Sun, Jul 16th)
https://malware.news/t/brute-force-zip-password-cracking-with-zipdump-py-fp-fix-sun-jul-16th/71413#post_1
Lessons to learn from last week’s email breach on federal agencies by a Chinese APT group
https://malware.news/t/lessons-to-learn-from-last-week-s-email-breach-on-federal-agencies-by-a-chinese-apt-group/71419#post_1
CERT-UA Uncovers Gamaredon's Rapid Data Exfiltration Tactics Following Initial Compromise
https://thehackernews.com/2023/07/cert-ua-uncovers-gamaredons-rapid-data.html
Vault Range - The Measure and Resilience of Weaponized Exploit Methods for Linux
https://www.reddit.com/r/netsec/comments/15168s3/vault_range_the_measure_and_resilience_of/
Malware source code investigation: BlackLotus - part 1
https://malware.news/t/malware-source-code-investigation-blacklotus-part-1/71416#post_1
Wireshark 4.0.7 Released, (Sat, Jul 15th)
https://isc.sans.edu/diary/rss/30030
Brute-Force ZIP Password Cracking with zipdump.py: FP Fix, (Sun, Jul 16th)
https://isc.sans.edu/diary/rss/30032
FUD Stealer warning for prysmax
https://www.reddit.com/r/Malware/comments/1514ubp/fud_stealer_warning_for_prysmax/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
ISC StormCast for Monday, July 17th, 2023 - SANS ISC
Top Security News for 18/07/2023
Ukraine at D+508: Preparatory attrition in the counteroffensive.
https://thecyberwire.com/stories/7cb85aa6cee446a5bcde4c816154387a/ukraine-at-d508
Malicious USB Drives Targetinging Global Targets with SOGU and SNOWYDRIVE Malware
https://thehackernews.com/2023/07/malicious-usb-drives-targetinging.html
Non-compliant Clients: Righting the Ship Before Regulators Pounce - Brian Johnson - CFH #27
https://malware.news/t/non-compliant-clients-righting-the-ship-before-regulators-pounce-brian-johnson-cfh-27/71449#post_1
ISC Stormcast For Tuesday, July 18th, 2023 https://isc.sans.edu/podcastdetail/8576, (Tue, Jul 18th)
https://malware.news/t/isc-stormcast-for-tuesday-july-18th-2023-https-isc-sans-edu-podcastdetail-8576-tue-jul-18th/71448#post_1
Admins of Genesis Market marketplace sold their infrastructure on a hacker forum
https://securityaffairs.com/148531/cyber-crime/genesis-market-infrastructure-sold.html
promptmap - automatically tests prompt injection attacks on ChatGPT instances
https://www.reddit.com/r/netsec/comments/1514dhr/promptmap_automatically_tests_prompt_injection/
Spy vs. spy: Exploring the LetMeSpy hack, with maia arson crimew
https://www.malwarebytes.com/blog/podcast/2023/07/spy-vs-spy-exploring-the-letmespy-hack-with-maia-arson-crimew
ISC Stormcast For Tuesday, July 18th, 2023 https://isc.sans.edu/podcastdetail/8576, (Tue, Jul 18th)
https://isc.sans.edu/diary/rss/30036
These 6 Questions Will Help You Choose the Best Attack Surface Management Platform
https://thehackernews.com/2023/07/these-6-questions-will-help-you-choose.html
"Ethics-free AI" in the C2C market. TeamTNT's return? British MPs targets of Chinese intelligence services. Gamaredon's fast theft, and other notes from the hybrid war.
https://thecyberwire.com/newsletters/daily-briefing/12/134
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Ukraine at D+508: Preparatory attrition in the counteroffensive.
https://thecyberwire.com/stories/7cb85aa6cee446a5bcde4c816154387a/ukraine-at-d508
Malicious USB Drives Targetinging Global Targets with SOGU and SNOWYDRIVE Malware
https://thehackernews.com/2023/07/malicious-usb-drives-targetinging.html
Non-compliant Clients: Righting the Ship Before Regulators Pounce - Brian Johnson - CFH #27
https://malware.news/t/non-compliant-clients-righting-the-ship-before-regulators-pounce-brian-johnson-cfh-27/71449#post_1
ISC Stormcast For Tuesday, July 18th, 2023 https://isc.sans.edu/podcastdetail/8576, (Tue, Jul 18th)
https://malware.news/t/isc-stormcast-for-tuesday-july-18th-2023-https-isc-sans-edu-podcastdetail-8576-tue-jul-18th/71448#post_1
Admins of Genesis Market marketplace sold their infrastructure on a hacker forum
https://securityaffairs.com/148531/cyber-crime/genesis-market-infrastructure-sold.html
promptmap - automatically tests prompt injection attacks on ChatGPT instances
https://www.reddit.com/r/netsec/comments/1514dhr/promptmap_automatically_tests_prompt_injection/
Spy vs. spy: Exploring the LetMeSpy hack, with maia arson crimew
https://www.malwarebytes.com/blog/podcast/2023/07/spy-vs-spy-exploring-the-letmespy-hack-with-maia-arson-crimew
ISC Stormcast For Tuesday, July 18th, 2023 https://isc.sans.edu/podcastdetail/8576, (Tue, Jul 18th)
https://isc.sans.edu/diary/rss/30036
These 6 Questions Will Help You Choose the Best Attack Surface Management Platform
https://thehackernews.com/2023/07/these-6-questions-will-help-you-choose.html
"Ethics-free AI" in the C2C market. TeamTNT's return? British MPs targets of Chinese intelligence services. Gamaredon's fast theft, and other notes from the hybrid war.
https://thecyberwire.com/newsletters/daily-briefing/12/134
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Ukraine at D+508: Preparatory attrition in the counteroffensive.
Ukraine wages a war of attrition, the Kerch Strait Bridge is dropped again, and Russia seems to be purging its general officers. The FSB's Gamaredon is showing renewed activity.
Top Security News for 17/09/2023
The bogus CVE problem
https://www.reddit.com/r/netsec/comments/16kb5dq/the_bogus_cve_problem/
My nasm program crashes and I think I know how, but I don't know how
https://www.reddit.com/r/lowlevel/comments/16kpbg7/my_nasm_program_crashes_and_i_think_i_know_how/
Windows shadowcopy tool used in malware
https://www.reddit.com/r/Malware/comments/16kknap/windows_shadowcopy_tool_used_in_malware/
New analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples
https://www.reddit.com/r/netsec/comments/16ka325/new_analysis_tool_donutdecryptor_retrieve_inner/
Phishing With Chromium's Application Mode
https://mrd0x.com/phishing-with-chromium-application-mode/
New analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples
https://www.reddit.com/r/netsec/comments/16ka325/new_analysis_tool_donutdecryptor_retrieve_inner/
Twitter Recap - Part 1
https://mrd0x.com/twitter-recap-part-1/
Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition
https://securityaffairs.com/150931/breaking-news/security-affairs-newsletter-round-437-by-pierluigi-paganini-international-edition.html
TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.
https://thehackernews.com/2023/09/tiktok-faces-massive-345-million-fine.html
Similar issues detected in different cryptocurrency exchange backends
https://www.reddit.com/r/netsec/comments/16kcn6f/similar_issues_detected_in_different/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The bogus CVE problem
https://www.reddit.com/r/netsec/comments/16kb5dq/the_bogus_cve_problem/
My nasm program crashes and I think I know how, but I don't know how
https://www.reddit.com/r/lowlevel/comments/16kpbg7/my_nasm_program_crashes_and_i_think_i_know_how/
Windows shadowcopy tool used in malware
https://www.reddit.com/r/Malware/comments/16kknap/windows_shadowcopy_tool_used_in_malware/
New analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples
https://www.reddit.com/r/netsec/comments/16ka325/new_analysis_tool_donutdecryptor_retrieve_inner/
Phishing With Chromium's Application Mode
https://mrd0x.com/phishing-with-chromium-application-mode/
New analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples
https://www.reddit.com/r/netsec/comments/16ka325/new_analysis_tool_donutdecryptor_retrieve_inner/
Twitter Recap - Part 1
https://mrd0x.com/twitter-recap-part-1/
Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition
https://securityaffairs.com/150931/breaking-news/security-affairs-newsletter-round-437-by-pierluigi-paganini-international-edition.html
TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.
https://thehackernews.com/2023/09/tiktok-faces-massive-345-million-fine.html
Similar issues detected in different cryptocurrency exchange backends
https://www.reddit.com/r/netsec/comments/16kcn6f/similar_issues_detected_in_different/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: The bogus CVE problem
Posted by keissiaresa - 43 votes and 8 comments
Top Security News for 18/09/2023
Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation
https://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/
CVE-2022-32947: macOS GPU-launched kernel privilege escalation exploit (walkthrough slides + demo)
https://www.reddit.com/r/netsec/comments/16kwvfl/cve202232947_macos_gpulaunched_kernel_privilege/
Tickling ksmbd: fuzzing SMB in the Linux kernel
https://www.reddit.com/r/netsec/comments/16kvckv/tickling_ksmbd_fuzzing_smb_in_the_linux_kernel/
ISC Stormcast For Monday, September 18th, 2023 https://isc.sans.edu/podcastdetail/8662, (Mon, Sep 18th)
https://malware.news/t/isc-stormcast-for-monday-september-18th-2023-https-isc-sans-edu-podcastdetail-8662-mon-sep-18th/73542#post_1
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
https://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html
North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist
https://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html
Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation
https://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/
Clop gang stolen data from major North Carolina hospitals
https://securityaffairs.com/150949/cyber-crime/north-carolina-hospitals-data-breach.html
A Practical Approach to SBOM in CI/CD. Presenting concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.
https://www.reddit.com/r/netsec/comments/16l5vtu/a_practical_approach_to_sbom_in_cicd_presenting/
CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution
https://www.reddit.com/r/netsec/comments/16kvb77/cve202334040_spring_kafka_deserialization_remote/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation
https://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/
CVE-2022-32947: macOS GPU-launched kernel privilege escalation exploit (walkthrough slides + demo)
https://www.reddit.com/r/netsec/comments/16kwvfl/cve202232947_macos_gpulaunched_kernel_privilege/
Tickling ksmbd: fuzzing SMB in the Linux kernel
https://www.reddit.com/r/netsec/comments/16kvckv/tickling_ksmbd_fuzzing_smb_in_the_linux_kernel/
ISC Stormcast For Monday, September 18th, 2023 https://isc.sans.edu/podcastdetail/8662, (Mon, Sep 18th)
https://malware.news/t/isc-stormcast-for-monday-september-18th-2023-https-isc-sans-edu-podcastdetail-8662-mon-sep-18th/73542#post_1
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
https://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html
North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist
https://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html
Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation
https://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/
Clop gang stolen data from major North Carolina hospitals
https://securityaffairs.com/150949/cyber-crime/north-carolina-hospitals-data-breach.html
A Practical Approach to SBOM in CI/CD. Presenting concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.
https://www.reddit.com/r/netsec/comments/16l5vtu/a_practical_approach_to_sbom_in_cicd_presenting/
CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution
https://www.reddit.com/r/netsec/comments/16kvb77/cve202334040_spring_kafka_deserialization_remote/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin…
Posted by yqopmin - No votes and no comments