Top Security News for 06/07/2023

ISC Stormcast For Thursday, July 6th, 2023 https://isc.sans.edu/podcastdetail/8560, (Thu, Jul 6th)
https://isc.sans.edu/diary/rss/30004

Four Must-haves to Strengthen Your Endpoint Security
https://malware.news/t/four-must-haves-to-strengthen-your-endpoint-security/71106#post_1

NEW 'Off The Hook' ONLINE
https://www.2600.com/hook/05-07-2023

Chinese cyberespionage described. SEO poisoning. Html smuggling. DDoS alert in the US. Hacktivist auxiliary in Russia's hybrid war.
https://thecyberwire.com/newsletters/daily-briefing/12/126

Actively Exploited ICS Hardware: SolarView Series
https://www.reddit.com/r/netsec/comments/14r5ki9/actively_exploited_ics_hardware_solarview_series/

Microsoft refutes Anonymous Sudan's massive data breach claims
https://malware.news/t/microsoft-refutes-anonymous-sudans-massive-data-breach-claims/71102#post_1

RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors
https://thehackernews.com/2023/07/redenergy-stealer-as-ransomware-threat.html

Extending Burp Suite for fun and profit - The Montoya way - Part 1
https://www.reddit.com/r/netsec/comments/14r66m2/extending_burp_suite_for_fun_and_profit_the/

StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability
https://www.reddit.com/r/netsec/comments/14rcfi0/stackrot_cve20233269_linux_kernel_privilege/

0day RCE in open source browsergame
https://0x00sec.org/t/0day-rce-in-open-source-browsergame/35895


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 07/07/2023

Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability
https://thehackernews.com/2023/07/researchers-uncover-new-linux-kernel.html

Two Stories for "What is CHERI?"
https://www.reddit.com/r/netsec/comments/14s3ibm/two_stories_for_what_is_cheri/

Methods of countering disinformation. False personae with traction. Disinformation in Russia's hybrid war.
https://thecyberwire.com/newsletters/disinformation-briefing/5/27

Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users
https://thehackernews.com/2023/07/iranian-hackers-sophisticated-malware.html

Threads' Instagram 'Trap' Shows Why Facebook Should Have Been Broken Up Years Ago
https://www.vice.com/en_us/article/bvjvb5/threads-instagram-trap-shows-why-facebook-should-have-been-broken-up-years-ago

Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911)
https://www.reddit.com/r/netsec/comments/14saj80/windows_installer_arbitrary_content_manipulation/

Silentbob Campaign: Cloud-Native Environments Under Attack
https://thehackernews.com/2023/07/silentbob-campaign-cloud-native.html

Backdooring NPM Modules via Hijacking S3 Buckets
https://www.reddit.com/r/netsec/comments/14rxqlr/backdooring_npm_modules_via_hijacking_s3_buckets/

Surviving the 800 Gbps Storm: Gain Insights from Gcore's 2023 DDoS Attack Statistics
https://thehackernews.com/2023/07/surviving-800-gbps-storm-gain-insights.html

Beware of the Growing Scourge of Job Recruitment Scams
https://securityintelligence.com/articles/beware-the-growing-scourge-of-job-recruitment-scams/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 08/07/2023

2023-07-04 - 30 days of Formbook: Day309, Tuesday 2023-07-04 - Formbook "MF6W"
https://malware.news/t/2023-07-04-30-days-of-formbook-day309-tuesday-2023-07-04-formbook-mf6w/71183#post_1

A man has been charged with a cyber attack on the Discovery Bay water treatment facility
https://securityaffairs.com/148258/cyber-crime/discovery-bay-water-treatment-facility-attck.html

Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks
https://thehackernews.com/2023/07/cybersecurity-agencies-sound-alarm-on.html

More than ChatGPT: Privacy and Confidentiality in the Age of LLMs
https://modernciso.com/2023/06/01/more-than-chatgpt-privacy-and-confidentiality-in-the-age-of-llms/

Close Security Gaps with Continuous Threat Exposure Management
https://thehackernews.com/2023/07/close-security-gaps-with-continuous.html

Mike Hamilton, former CISO from Seattle and CISO of cybersecurity firm, Critical Insight, discusses what you need to know about NIST 2.0.
https://thecyberwire.com/podcasts/interview-selects/166/notes

BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days
https://thehackernews.com/2023/07/blackbyte-20-ransomware-infiltrate.html

Joint advisory warns of Truebot. Operation Brainleaches in the supply chain. API key reset at Jumpcloud. More MOVEit vulnerability exploitation.
https://thecyberwire.com/podcasts/daily-podcast/1858/notes

Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities
https://thehackernews.com/2023/07/google-releases-android-patch-update.html

The Week that Was: LockBit 3.0 claims responsibility for Nagoya ransomware attack. BlackCat and SEO poisoning.
https://thecyberwire.com/newsletters/week-that-was/7/26


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 09/07/2023

Iran-linked APT TA453 targets Windows and macOS systems
https://securityaffairs.com/148275/apt/ta453-malware-windows-macos.html

Which router malware is capable of getting into wifi connected Android phones using vulnurability
https://www.reddit.com/r/Malware/comments/14ucvml/which_router_malware_is_capable_of_getting_into/

Eric Tillman: A creative way into cyber. [Intelligence]
https://thecyberwire.com/podcasts/career-notes/157/notes

Hiding In The Windows Event Log
https://malware.news/t/hiding-in-the-windows-event-log/71187#post_1

Google addressed 3 actively exploited flaws in Android
https://securityaffairs.com/148286/mobile-2/android-actively-exploited-flaws-fixed.html

Over $50M in cyber, CX investments awarded to federal agencies
https://malware.news/t/over-50m-in-cyber-cx-investments-awarded-to-federal-agencies/71185#post_1

Pentest Mapper Burp Suite extension 1.7 is released.
https://www.reddit.com/r/netsec/comments/14u5yhq/pentest_mapper_burp_suite_extension_17_is_released/

Security Affairs newsletter Round 427 by Pierluigi Paganini – International edition
https://securityaffairs.com/148291/breaking-news/security-affairs-newsletter-round-427-by-pierluigi-paganini-international-edition.html

Novel Linux kernel vulnerability exploitable for elevated privileges
https://malware.news/t/novel-linux-kernel-vulnerability-exploitable-for-elevated-privileges/71186#post_1

EasyScan: A Lightweight Web Vulnerability Scanner to Secure Your Website
https://www.reddit.com/r/netsec/comments/14ufxia/easyscan_a_lightweight_web_vulnerability_scanner/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 10/07/2023

ISC StormCast for Monday, July 10th, 2023
https://isc.sans.edu/podcastdetail/8564

Dig Security bolsters data security solution with optical character recognition
https://malware.news/t/dig-security-bolsters-data-security-solution-with-optical-character-recognition/71188#post_1

Overflows Exploitation
https://0x00sec.org/t/overflows-exploitation/35958

EdgeRouters's & AirCube's vulnerability allows LAN attackers to cause the service to overflow an internal heap and potentially execute arbitrary code
https://www.reddit.com/r/netsec/comments/14uszq0/edgerouterss_aircubes_vulnerability_allows_lan/

Widespread MOVEit hack impacts more organizations
https://malware.news/t/widespread-moveit-hack-impacts-more-organizations/71189#post_1

Sophisticated iOS malware, likely state backed.
https://www.reddit.com/r/Malware/comments/14vj1xq/sophisticated_ios_malware_likely_state_backed/

Why CISOs need enhanced legal protections in the age of breach lawsuits
https://malware.news/t/why-cisos-need-enhanced-legal-protections-in-the-age-of-breach-lawsuits/71191#post_1

ISC Stormcast For Monday, July 10th, 2023 https://isc.sans.edu/podcastdetail/8564, (Mon, Jul 10th)
https://malware.news/t/isc-stormcast-for-monday-july-10th-2023-https-isc-sans-edu-podcastdetail-8564-mon-jul-10th/71190#post_1

ISC Stormcast For Monday, July 10th, 2023 https://isc.sans.edu/podcastdetail/8564, (Mon, Jul 10th)
https://isc.sans.edu/diary/rss/30010

+Protecting Linux at Kernel Level Why and How
https://www.reddit.com/r/netsec/comments/14vil1d/protecting_linux_at_kernel_level_why_and_how/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 11/07/2023

New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security
https://thehackernews.com/2023/07/new-mozilla-feature-blocks-risky-add.html

Analysis of the Rekoobe Backdoor Being Used In Attacks Against Linux Systems in Korea
https://malware.news/t/analysis-of-the-rekoobe-backdoor-being-used-in-attacks-against-linux-systems-in-korea/71225#post_1

ISC StormCast for Tuesday, July 11th, 2023
https://isc.sans.edu/podcastdetail/8566

A week in security (July 3 - 9)
https://www.malwarebytes.com/blog/news/2023/07/a-week-in-security-july-3-9

Windows kernel driver signing - any way to only allow my drivers?
https://www.reddit.com/r/lowlevel/comments/14w2pdq/windows_kernel_driver_signing_any_way_to_only/

RomCom RAT Targeting NATO and Ukraine Support Groups
https://thehackernews.com/2023/07/romcom-rat-targeting-nato-and-ukraine.html

New German cybersecurity chief addresses reporters on policy. CIA head speaks on the future of US intelligence.
https://thecyberwire.com/newsletters/policy-briefing/5/129

Privacy Briefing for 07.10.23
https://thecyberwire.com/newsletters/privacy-briefing/5129/129

Cybercriminals Evolve Antidetect Tooling for Mobile OS-Based Fraud
https://securityaffairs.com/148341/cyber-crime/antidetect-tooling-mobile-fraud.html

New phishing campaigns. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress Software issues MOVEit patches. Telegram's role in Russia's war.
https://thecyberwire.com/newsletters/daily-briefing/12/129


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 12/07/2023

"TootRoot" Mastodon vulnerabilities fixed: Admins, patch now!
https://www.malwarebytes.com/blog/news/2023/07/tootroot-mastodon-vulnerabilities-fixed-admins-patch-now

Cl0p's use of MOVEit exploits. RedDelta focuses on Eastern Europe. TOITOIN Trojan targets Latin America. Big Head ransomware.
https://thecyberwire.com/newsletters/research-briefing/5/28

Collective defense in cyberspace. Notes on gangs, privateers, and hacktivist auxiliaries. Amazon Prime Day is now a commercial holiday (like Black Friday): crooks have noticed–stay safe.
https://thecyberwire.com/podcasts/daily-podcast/1860/notes

Loader activity for Formbook "QM18", (Wed, Jul 12th)
https://malware.news/t/loader-activity-for-formbook-qm18-wed-jul-12th/71284#post_1

Are we doomed to make the same security mistakes with AI?
https://securityintelligence.com/articles/are-we-doomed-to-make-the-same-security-mistakes-with-ai/

Scarleteel operation ups their cloud game with new targets and tools
https://www.reddit.com/r/netsec/comments/14wqud1/scarleteel_operation_ups_their_cloud_game_with/

SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign
https://thehackernews.com/2023/07/scarleteel-cryptojacking-campaign.html

Apple issued Rapid Security Response updates to fix a zero-day but pulled them due to a Safari bug
https://securityaffairs.com/148360/security/apple-issued-rapid-security-response.html

Security Alert: Microsoft Releases July 2023 Security Updates
https://malware.news/t/security-alert-microsoft-releases-july-2023-security-updates/71283#post_1

VMware warns customers of exploit available for critical vRealize RCE flaw CVE-2023-20864
https://securityaffairs.com/148346/hacking/vmware-vmware-rce-exploit.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 13/07/2023

The Risks and Preventions of AI in Business: Safeguarding Against Potential Pitfalls
https://thehackernews.com/2023/07/the-risks-and-preventions-of-ai-in.html

Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector
https://thehackernews.com/2023/07/chinese-hackers-deploy-microsoft-signed.html

Using MiTMProxy as a scriptable pre-proxy for BurpSuite
https://www.reddit.com/r/netsec/comments/14xzstx/using_mitmproxy_as_a_scriptable_preproxy_for/

Here’s how security and DevOps can collaborate and shift left
https://malware.news/t/here-s-how-security-and-devops-can-collaborate-and-shift-left/71337#post_1

SonicWall security advisory (AV23-402)
https://malware.news/t/sonicwall-security-advisory-av23-402/71332#post_1

How the EU's new cyber regs could affect ports. NSA and CyberCom chief nominee follows in predecessor’s footsteps. Hate crime grants highlight cybersecurity.
https://thecyberwire.com/newsletters/policy-briefing/5/131

Patch Tuesday retrospective: July 2023.
https://thecyberwire.com

Laws, lawsuits, and privacy.
https://thecyberwire.com/podcasts/caveat/179/notes

Python-Based PyLoose Fileless Attack Targets Cloud Workloads for Cryptocurrency Mining
https://thehackernews.com/2023/07/python-based-pyloose-fileless-attack.html

Could compiled code in dynamically linked libraries be statically baked into an executable?
https://www.reddit.com/r/lowlevel/comments/14xsxch/could_compiled_code_in_dynamically_linked/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 14/07/2023

AI and its potential use in disinformation. Meta's approach to disinformation in its new Threads platform. Influence and news in Russia's hybrid war.
https://thecyberwire.com/newsletters/disinformation-briefing/5/28

Penetrating the Apple: A Deep Dive into macOS Pentesting
https://www.reddit.com/r/netsec/comments/14yxfe2/penetrating_the_apple_a_deep_dive_into_macos/

Telemedicine, smart intercom apps at risk from QuickBlox vulns
https://www.reddit.com/r/netsec/comments/14ymyzb/telemedicine_smart_intercom_apps_at_risk_from/

Want to stay safer online? Beware Meta services
https://malware.news/t/want-to-stay-safer-online-beware-meta-services/71378#post_1

Brute-forcing a macOS user’s real name from a browser using mDNS
https://www.reddit.com/r/netsec/comments/14ytxv7/bruteforcing_a_macos_users_real_name_from_a/

Ransomware review: July 2023
https://www.malwarebytes.com/blog/threat-intelligence/2023/07/ransomware-review-july-2023

Resource Based Constrained Delegation - Practical Guide for Active Directory Privilege Escalation and Lateral Movement
https://www.reddit.com/r/netsec/comments/14ynluo/resource_based_constrained_delegation_practical/

Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.
https://thecyberwire.com/podcasts/daily-podcast/1862/notes

Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
https://thehackernews.com/2023/07/blog-post.html

ISC Stormcast For Friday, July 14th, 2023 https://isc.sans.edu/podcastdetail/8572, (Fri, Jul 14th)
https://malware.news/t/isc-stormcast-for-friday-july-14th-2023-https-isc-sans-edu-podcastdetail-8572-fri-jul-14th/71376#post_1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 15/07/2023

New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries
https://thehackernews.com/2023/07/new-soho-router-botnet-avrecon-spreads.html

Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
https://www.reddit.com/r/netsec/comments/14z96qn/uncovering_weaknesses_in_apple_macos_and_vmware/

Ransomware making big money through "big game hunting"
https://www.malwarebytes.com/blog/news/2023/07/ransomware-making-big-money-through-big-game-hunting

Tax preparation firms shared sensitive information with Meta
https://www.malwarebytes.com/blog/news/2023/07/tax-preparation-firms-shared-sensitive-information-with-meta

AI not yet a game-changer for healthcare hackers
https://malware.news/t/ai-not-yet-a-game-changer-for-healthcare-hackers/71408#post_1

The Week that Was: Chinese threat actor hit US organizations with a Microsoft cloud exploit. Training code turns out to be malicious in a new proof-of-concept attack discovered on GitHub.
https://thecyberwire.com/newsletters/week-that-was/7/27

Cybersecurity investment priorities examined
https://malware.news/t/cybersecurity-investment-priorities-examined/71406#post_1

Chris Cochran from Huntress is talking about the challenges small and medium sized businesses face with cyber security.
https://thecyberwire.com/podcasts/interview-selects/167/notes

The source code of the BlackLotus UEFI Bootkit was leaked on GitHub
https://securityaffairs.com/148482/malware/source-code-blacklotus-uefi-bootkit-leaked.html

Indexing Over 15 Million WordPress Websites with PWNPress
https://securityaffairs.com/148465/hacking/pwnpress-platform.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 16/07/2023

Jennifer Addie: Finding creative solutions. [COO]
https://thecyberwire.com/podcasts/career-notes/158/notes

WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks
https://thehackernews.com/2023/07/wormgpt-new-ai-tool-allows.html

Cryptovirology case
https://www.reddit.com/r/Malware/comments/150d9d1/cryptovirology_case/

Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens
https://thehackernews.com/2023/07/microsoft-bug-allowed-hackers-to-breach.html

Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition
https://securityaffairs.com/148500/breaking-news/security-affairs-newsletter-round-428-by-pierluigi-paganini-international-edition.html

Update of new youtube malware channel
https://www.reddit.com/r/Malware/comments/1506ws2/update_of_new_youtube_malware_channel/

Satellites lack standard security mechanisms found in mobile phones and laptops - Help Net Security
https://www.reddit.com/r/netsec/comments/150x6r6/satellites_lack_standard_security_mechanisms/

GitHub - FourCoreLabs/LolDriverScan: Scan vulnerable drivers on Windows System
https://www.reddit.com/r/netsec/comments/150el5p/github_fourcorelabsloldriverscan_scan_vulnerable/

Another new malware payload remix / trip
https://www.reddit.com/r/Malware/comments/15090kc/another_new_malware_payload_remix_trip/

Deep Analysis of GCleaner
https://malware.news/t/deep-analysis-of-gcleaner/71411#post_1


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 17/07/2023

ISC StormCast for Monday, July 17th, 2023
https://isc.sans.edu/podcastdetail/8574

Pompompurin, the BreachForums owner, pleads guilty to hacking charges and possession of child pornography
https://securityaffairs.com/148515/cyber-crime/pompompurin-pleas-guilty-hacking-charges.html

Brute-Force ZIP Password Cracking with zipdump.py: FP Fix, (Sun, Jul 16th)
https://malware.news/t/brute-force-zip-password-cracking-with-zipdump-py-fp-fix-sun-jul-16th/71413#post_1

Lessons to learn from last week’s email breach on federal agencies by a Chinese APT group
https://malware.news/t/lessons-to-learn-from-last-week-s-email-breach-on-federal-agencies-by-a-chinese-apt-group/71419#post_1

CERT-UA Uncovers Gamaredon's Rapid Data Exfiltration Tactics Following Initial Compromise
https://thehackernews.com/2023/07/cert-ua-uncovers-gamaredons-rapid-data.html

Vault Range - The Measure and Resilience of Weaponized Exploit Methods for Linux
https://www.reddit.com/r/netsec/comments/15168s3/vault_range_the_measure_and_resilience_of/

Malware source code investigation: BlackLotus - part 1
https://malware.news/t/malware-source-code-investigation-blacklotus-part-1/71416#post_1

Wireshark 4.0.7 Released, (Sat, Jul 15th)
https://isc.sans.edu/diary/rss/30030

Brute-Force ZIP Password Cracking with zipdump.py: FP Fix, (Sun, Jul 16th)
https://isc.sans.edu/diary/rss/30032

FUD Stealer warning for prysmax
https://www.reddit.com/r/Malware/comments/1514ubp/fud_stealer_warning_for_prysmax/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 18/07/2023

Ukraine at D+508: Preparatory attrition in the counteroffensive.
https://thecyberwire.com/stories/7cb85aa6cee446a5bcde4c816154387a/ukraine-at-d508

Malicious USB Drives Targetinging Global Targets with SOGU and SNOWYDRIVE Malware
https://thehackernews.com/2023/07/malicious-usb-drives-targetinging.html

Non-compliant Clients: Righting the Ship Before Regulators Pounce - Brian Johnson - CFH #27
https://malware.news/t/non-compliant-clients-righting-the-ship-before-regulators-pounce-brian-johnson-cfh-27/71449#post_1

ISC Stormcast For Tuesday, July 18th, 2023 https://isc.sans.edu/podcastdetail/8576, (Tue, Jul 18th)
https://malware.news/t/isc-stormcast-for-tuesday-july-18th-2023-https-isc-sans-edu-podcastdetail-8576-tue-jul-18th/71448#post_1

Admins of Genesis Market marketplace sold their infrastructure on a hacker forum
https://securityaffairs.com/148531/cyber-crime/genesis-market-infrastructure-sold.html

promptmap - automatically tests prompt injection attacks on ChatGPT instances
https://www.reddit.com/r/netsec/comments/1514dhr/promptmap_automatically_tests_prompt_injection/

Spy vs. spy: Exploring the LetMeSpy hack, with maia arson crimew
https://www.malwarebytes.com/blog/podcast/2023/07/spy-vs-spy-exploring-the-letmespy-hack-with-maia-arson-crimew

ISC Stormcast For Tuesday, July 18th, 2023 https://isc.sans.edu/podcastdetail/8576, (Tue, Jul 18th)
https://isc.sans.edu/diary/rss/30036

These 6 Questions Will Help You Choose the Best Attack Surface Management Platform
https://thehackernews.com/2023/07/these-6-questions-will-help-you-choose.html

"Ethics-free AI" in the C2C market. TeamTNT's return? British MPs targets of Chinese intelligence services. Gamaredon's fast theft, and other notes from the hybrid war.
https://thecyberwire.com/newsletters/daily-briefing/12/134


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 17/09/2023

The bogus CVE problem
https://www.reddit.com/r/netsec/comments/16kb5dq/the_bogus_cve_problem/

My nasm program crashes and I think I know how, but I don't know how
https://www.reddit.com/r/lowlevel/comments/16kpbg7/my_nasm_program_crashes_and_i_think_i_know_how/

Windows shadowcopy tool used in malware
https://www.reddit.com/r/Malware/comments/16kknap/windows_shadowcopy_tool_used_in_malware/

New analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples
https://www.reddit.com/r/netsec/comments/16ka325/new_analysis_tool_donutdecryptor_retrieve_inner/

Phishing With Chromium's Application Mode
https://mrd0x.com/phishing-with-chromium-application-mode/

New analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples
https://www.reddit.com/r/netsec/comments/16ka325/new_analysis_tool_donutdecryptor_retrieve_inner/

Twitter Recap - Part 1
https://mrd0x.com/twitter-recap-part-1/

Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition
https://securityaffairs.com/150931/breaking-news/security-affairs-newsletter-round-437-by-pierluigi-paganini-international-edition.html

TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.
https://thehackernews.com/2023/09/tiktok-faces-massive-345-million-fine.html

Similar issues detected in different cryptocurrency exchange backends
https://www.reddit.com/r/netsec/comments/16kcn6f/similar_issues_detected_in_different/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 18/09/2023

Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation
https://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/

CVE-2022-32947: macOS GPU-launched kernel privilege escalation exploit (walkthrough slides + demo)
https://www.reddit.com/r/netsec/comments/16kwvfl/cve202232947_macos_gpulaunched_kernel_privilege/

Tickling ksmbd: fuzzing SMB in the Linux kernel
https://www.reddit.com/r/netsec/comments/16kvckv/tickling_ksmbd_fuzzing_smb_in_the_linux_kernel/

ISC Stormcast For Monday, September 18th, 2023 https://isc.sans.edu/podcastdetail/8662, (Mon, Sep 18th)
https://malware.news/t/isc-stormcast-for-monday-september-18th-2023-https-isc-sans-edu-podcastdetail-8662-mon-sep-18th/73542#post_1

Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
https://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html

North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist
https://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html

Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation
https://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/

Clop gang stolen data from major North Carolina hospitals
https://securityaffairs.com/150949/cyber-crime/north-carolina-hospitals-data-breach.html

A Practical Approach to SBOM in CI/CD. Presenting concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.
https://www.reddit.com/r/netsec/comments/16l5vtu/a_practical_approach_to_sbom_in_cicd_presenting/

CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution
https://www.reddit.com/r/netsec/comments/16kvb77/cve202334040_spring_kafka_deserialization_remote/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 19/09/2023

Microsoft AI research division accidentally exposed 38TB of sensitive data
https://securityaffairs.com/151004/data-breach/microsoft-ai-data-leak.html

ThemeBleed exploit is another reason to patch Windows quickly
https://www.malwarebytes.com/blog/news/2023/09/themebleed-exploit-is-another-reason-to-patch-windows-quickly

Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data
https://thehackernews.com/2023/09/microsoft-ai-researchers-accidentally.html

Think Your MFA and PAM Solutions Protect You? Think Again
https://thehackernews.com/2023/09/think-your-mfa-and-pam-solutions.html

ISC Stormcast For Tuesday, September 19th, 2023 https://isc.sans.edu/podcastdetail/8664, (Tue, Sep 19th)
https://malware.news/t/isc-stormcast-for-tuesday-september-19th-2023-https-isc-sans-edu-podcastdetail-8664-tue-sep-19th/73586#post_1

Seven ways to secure instant messaging in corporate networks
https://malware.news/t/seven-ways-to-secure-instant-messaging-in-corporate-networks/73588#post_1

Security Alert: Alert Regarding Vulnerability in Trend Micro Multiple Endpoint Security Products for Enterprises
https://malware.news/t/security-alert-alert-regarding-vulnerability-in-trend-micro-multiple-endpoint-security-products-for-enterprises/73589#post_1

Monthly Threat Actor Group Intelligence Report, July 2023 (KOR)
https://malware.news/t/monthly-threat-actor-group-intelligence-report-july-2023-kor/73587#post_1

A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a view of cyberwar from Ukraine’s SSU.
https://thecyberwire.com/podcasts/daily-podcast/1908/notes

Risks in Liechtenstein's electronic health files and new vulns in the underlying Liferay portal software (article in German)
https://www.reddit.com/r/netsec/comments/16luoug/risks_in_liechtensteins_electronic_health_files/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 20/09/2023

YmplePay is on the Binance Smart Chain Network. This means it is much more flexible and fees are much lower than other blockchains like ETH. YmplePay is built for everyone to buy and BSC allows that to happen.
https://www.reddit.com/r/Malware/comments/16n7omc/ymplepay_is_on_the_binance_smart_chain_network/

#ShortAndMalicious — DarkGate
https://www.reddit.com/r/netsec/comments/16mormx/shortandmalicious_darkgate/

The indomitable maintainer spirit versus the indifferent cruelty of JavaScript
https://www.reddit.com/r/netsec/comments/16my3tn/the_indomitable_maintainer_spirit_versus_the/

The mystery of the CVEs that are not vulnerabilities
https://www.malwarebytes.com/blog/news/2023/09/the-mystery-of-the-cves-that-are-not-vulnerabilities

Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report
https://www.microsoft.com/en-us/security/blog/2023/09/19/forrester-names-microsoft-a-leader-in-the-2023-zero-trust-platform-providers-wave-report/

Ransomware in Colombia. An accidental data exposure. Cyberespionage hits unpatched systems. An attack on IT systems disrupts industrial production. Bots and bad actors.
https://thecyberwire.com/podcasts/daily-podcast/1909/notes

Compromised Free Download Manager website was delivering malware for years
https://www.malwarebytes.com/blog/news/2023/09/compromised-free-download-manager-website-was-delivering-malware-for-years

Policy Briefing for 09.19.23
https://thecyberwire.com/newsletters/policy-briefing/5/179

Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report
https://www.microsoft.com/en-us/security/blog/2023/09/19/forrester-names-microsoft-a-leader-in-the-2023-zero-trust-platform-providers-wave-report/

Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities
https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 21/09/2023

Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys
https://thehackernews.com/2023/09/fresh-wave-of-malicious-npm-packages.html

What's Normal? DNS TTL Values, (Wed, Sep 20th)
https://isc.sans.edu/diary/rss/30234

Fake WinRAR Exploit PoC Drops VenomRAT Malware
https://packetstormsecurity.com/news/view/35033/Fake-WinRAR-Exploit-PoC-Drops-VenomRAT-Malware.html

Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions
https://securityaffairs.com/151149/hacking/noname-ddos-attack-canadian-airports.html

Cyberattack hits International Criminal Court
https://malware.news/t/cyberattack-hits-international-criminal-court/73681#post_1

Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.
https://thecyberwire.com/podcasts/daily-podcast/1910/notes

Do You Really Trust Your Web Application Supply Chain?
https://thehackernews.com/2023/09/do-you-really-trust-your-web.html

BlackCat/ALPHV Reportedly Encrypted More Than 100 MGM ESXi Hypervisors
https://packetstormsecurity.com/news/view/35024/BlackCat-ALPHV-Reportedly-Encrypted-More-Than-100-MGM-ESXi-Hypervisors.html

Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with VenomRAT
https://thehackernews.com/2023/09/beware-fake-exploit-for-winrar.html

The pitfalls of SAS tokens. US software company discloses MOVEit-related breach exposing health data. Pizza Hut Australia discloses data breach.
https://thecyberwire.com/newsletters/privacy-briefing/5/180


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 22/09/2023

Malware-spreading phishing attacks target Chinese users
https://malware.news/t/malware-spreading-phishing-attacks-target-chinese-users/73734#post_1

ISC Stormcast For Friday, September 22nd, 2023 https://isc.sans.edu/podcastdetail/8670, (Fri, Sep 22nd)
https://isc.sans.edu/diary/rss/30240

ISC Stormcast For Friday, September 22nd, 2023 https://isc.sans.edu/podcastdetail/8670, (Fri, Sep 22nd)
https://malware.news/t/isc-stormcast-for-friday-september-22nd-2023-https-isc-sans-edu-podcastdetail-8670-fri-sep-22nd/73735#post_1

Overview of IoT threats in 2023
https://securelist.com/iot-threat-report-2023/110644/

The WebP 0day
https://www.reddit.com/r/netsec/comments/16ooziz/the_webp_0day/

Ukraine at D+574: Breaching the Surovikin Line.
https://thecyberwire.com/stories/ae9ca76fcc6c47d29af4a334f759e64d/ukraine-at-d574

Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS, (Thu, Sep 21st)
https://isc.sans.edu/diary/rss/30238

Funding round secures $40M for Legit Security
https://malware.news/t/funding-round-secures-40m-for-legit-security/73732#post_1

Sewage, Squatters, Disease: U.S. Military Barracks Are Depressing Hellholes, Watchdog Finds
https://www.vice.com/en_us/article/wxjp3b/sewage-squatters-disease-us-military-barracks-are-depressing-hellholes-watchdog-finds

The WebP 0day
https://www.reddit.com/r/netsec/comments/16ooziz/the_webp_0day/


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 23/09/2023

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware
https://securityaffairs.com/151218/mobile-2/apple-chrome-zero-days-predator-spyware.html

T-Mobile spills billing information to other customers
https://www.malwarebytes.com/blog/news/2023/09/t-mobile-spills-billing-information-to-other-customers

Iranian Nation-State Actor OilRig Targets Israeli Organizations
https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html

Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records
https://www.reddit.com/r/netsec/comments/16p752a/critical_dicom_server_misconfigurations_lead_to/

Experts warn of a 600X increase in P2Pinfect traffic
https://securityaffairs.com/151182/malware/p2pinfect-botnet-surge.html

Cryptomining malware detected on a Russian thesaurus with 5 Million+ monthly visits
https://www.reddit.com/r/netsec/comments/16p7yhe/cryptomining_malware_detected_on_a_russian/

Emergency update! Apple patches three zero-days
https://malware.news/t/emergency-update-apple-patches-three-zero-days/73772#post_1

Defeating Visual Studio Code embedded reverse shell
https://www.reddit.com/r/netsec/comments/16pjfsx/defeating_visual_studio_code_embedded_reverse/

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
https://thehackernews.com/2023/09/high-severity-flaws-uncovered-in.html

Enter the Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.
https://thecyberwire.com/podcasts/daily-podcast/1912/notes


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman

Top Security News for 24/09/2023

Scanning for Laravel - a PHP Framework for Web Artisants, (Sat, Sep 23rd)
https://malware.news/t/scanning-for-laravel-a-php-framework-for-web-artisants-sat-sep-23rd/73777#post_1

Government of Bermuda blames Russian threat actors for the cyber attack
https://securityaffairs.com/151273/hacking/government-of-bermuda-cyberattack.html

ESET's cutting-edge threat research at LABScon – Week in security with Tony Anscombe
https://malware.news/t/esets-cutting-edge-threat-research-at-labscon-week-in-security-with-tony-anscombe/73775#post_1

Stealth Falcon preying over Middle Eastern skies with Deadglyph
https://malware.news/t/stealth-falcon-preying-over-middle-eastern-skies-with-deadglyph/73776#post_1

Merritt Baer: No one has to go down for you to go up. [CISO]
https://thecyberwire.com/podcasts/career-notes/168/notes

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack
https://securityaffairs.com/151264/data-breach/city-of-dallas-royal-ransomware-attack-may.html

Rooting vs routing.
https://thecyberwire.com/podcasts/hacking-humans-goes-to-the-movies/22/notes

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
https://thehackernews.com/2023/09/latest-apple-zero-days-used-to-hack.html

False positive or not
https://www.reddit.com/r/Malware/comments/16qhrg3/false_positive_or_not/

Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics
https://thehackernews.com/2023/09/deadglyph-new-advanced-backdoor-with.html


Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman