Top Security News for 14/07/2023
AI and its potential use in disinformation. Meta's approach to disinformation in its new Threads platform. Influence and news in Russia's hybrid war.
https://thecyberwire.com/newsletters/disinformation-briefing/5/28
Penetrating the Apple: A Deep Dive into macOS Pentesting
https://www.reddit.com/r/netsec/comments/14yxfe2/penetrating_the_apple_a_deep_dive_into_macos/
Telemedicine, smart intercom apps at risk from QuickBlox vulns
https://www.reddit.com/r/netsec/comments/14ymyzb/telemedicine_smart_intercom_apps_at_risk_from/
Want to stay safer online? Beware Meta services
https://malware.news/t/want-to-stay-safer-online-beware-meta-services/71378#post_1
Brute-forcing a macOS user’s real name from a browser using mDNS
https://www.reddit.com/r/netsec/comments/14ytxv7/bruteforcing_a_macos_users_real_name_from_a/
Ransomware review: July 2023
https://www.malwarebytes.com/blog/threat-intelligence/2023/07/ransomware-review-july-2023
Resource Based Constrained Delegation - Practical Guide for Active Directory Privilege Escalation and Lateral Movement
https://www.reddit.com/r/netsec/comments/14ynluo/resource_based_constrained_delegation_practical/
Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.
https://thecyberwire.com/podcasts/daily-podcast/1862/notes
Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
https://thehackernews.com/2023/07/blog-post.html
ISC Stormcast For Friday, July 14th, 2023 https://isc.sans.edu/podcastdetail/8572, (Fri, Jul 14th)
https://malware.news/t/isc-stormcast-for-friday-july-14th-2023-https-isc-sans-edu-podcastdetail-8572-fri-jul-14th/71376#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
AI and its potential use in disinformation. Meta's approach to disinformation in its new Threads platform. Influence and news in Russia's hybrid war.
https://thecyberwire.com/newsletters/disinformation-briefing/5/28
Penetrating the Apple: A Deep Dive into macOS Pentesting
https://www.reddit.com/r/netsec/comments/14yxfe2/penetrating_the_apple_a_deep_dive_into_macos/
Telemedicine, smart intercom apps at risk from QuickBlox vulns
https://www.reddit.com/r/netsec/comments/14ymyzb/telemedicine_smart_intercom_apps_at_risk_from/
Want to stay safer online? Beware Meta services
https://malware.news/t/want-to-stay-safer-online-beware-meta-services/71378#post_1
Brute-forcing a macOS user’s real name from a browser using mDNS
https://www.reddit.com/r/netsec/comments/14ytxv7/bruteforcing_a_macos_users_real_name_from_a/
Ransomware review: July 2023
https://www.malwarebytes.com/blog/threat-intelligence/2023/07/ransomware-review-july-2023
Resource Based Constrained Delegation - Practical Guide for Active Directory Privilege Escalation and Lateral Movement
https://www.reddit.com/r/netsec/comments/14ynluo/resource_based_constrained_delegation_practical/
Taking steps to stop a Chinese APT. Implementing the US National Cybersecurity Strategy. LokiBot is back. Malware masquerading as a proof-of-concept. Swapping cyber ops in a hybrid war.
https://thecyberwire.com/podcasts/daily-podcast/1862/notes
Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
https://thehackernews.com/2023/07/blog-post.html
ISC Stormcast For Friday, July 14th, 2023 https://isc.sans.edu/podcastdetail/8572, (Fri, Jul 14th)
https://malware.news/t/isc-stormcast-for-friday-july-14th-2023-https-isc-sans-edu-podcastdetail-8572-fri-jul-14th/71376#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
AI and its potential use in disinformation. Meta's approach to disinformation in its new Threads platform. Influence and news in…
AI and its potential use in disinformation. Meta's approach to disinformation in its new Threads platform. Telegram's role in Russia's war. Mr. Prigozhin's mansion, his continuing war on REMFs, and a comparison and contrast with President Putin's presentation…
Top Security News for 15/07/2023
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries
https://thehackernews.com/2023/07/new-soho-router-botnet-avrecon-spreads.html
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
https://www.reddit.com/r/netsec/comments/14z96qn/uncovering_weaknesses_in_apple_macos_and_vmware/
Ransomware making big money through "big game hunting"
https://www.malwarebytes.com/blog/news/2023/07/ransomware-making-big-money-through-big-game-hunting
Tax preparation firms shared sensitive information with Meta
https://www.malwarebytes.com/blog/news/2023/07/tax-preparation-firms-shared-sensitive-information-with-meta
AI not yet a game-changer for healthcare hackers
https://malware.news/t/ai-not-yet-a-game-changer-for-healthcare-hackers/71408#post_1
The Week that Was: Chinese threat actor hit US organizations with a Microsoft cloud exploit. Training code turns out to be malicious in a new proof-of-concept attack discovered on GitHub.
https://thecyberwire.com/newsletters/week-that-was/7/27
Cybersecurity investment priorities examined
https://malware.news/t/cybersecurity-investment-priorities-examined/71406#post_1
Chris Cochran from Huntress is talking about the challenges small and medium sized businesses face with cyber security.
https://thecyberwire.com/podcasts/interview-selects/167/notes
The source code of the BlackLotus UEFI Bootkit was leaked on GitHub
https://securityaffairs.com/148482/malware/source-code-blacklotus-uefi-bootkit-leaked.html
Indexing Over 15 Million WordPress Websites with PWNPress
https://securityaffairs.com/148465/hacking/pwnpress-platform.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries
https://thehackernews.com/2023/07/new-soho-router-botnet-avrecon-spreads.html
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
https://www.reddit.com/r/netsec/comments/14z96qn/uncovering_weaknesses_in_apple_macos_and_vmware/
Ransomware making big money through "big game hunting"
https://www.malwarebytes.com/blog/news/2023/07/ransomware-making-big-money-through-big-game-hunting
Tax preparation firms shared sensitive information with Meta
https://www.malwarebytes.com/blog/news/2023/07/tax-preparation-firms-shared-sensitive-information-with-meta
AI not yet a game-changer for healthcare hackers
https://malware.news/t/ai-not-yet-a-game-changer-for-healthcare-hackers/71408#post_1
The Week that Was: Chinese threat actor hit US organizations with a Microsoft cloud exploit. Training code turns out to be malicious in a new proof-of-concept attack discovered on GitHub.
https://thecyberwire.com/newsletters/week-that-was/7/27
Cybersecurity investment priorities examined
https://malware.news/t/cybersecurity-investment-priorities-examined/71406#post_1
Chris Cochran from Huntress is talking about the challenges small and medium sized businesses face with cyber security.
https://thecyberwire.com/podcasts/interview-selects/167/notes
The source code of the BlackLotus UEFI Bootkit was leaked on GitHub
https://securityaffairs.com/148482/malware/source-code-blacklotus-uefi-bootkit-leaked.html
Indexing Over 15 Million WordPress Websites with PWNPress
https://securityaffairs.com/148465/hacking/pwnpress-platform.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
Explore this post and more from the netsec community
👍1
Top Security News for 16/07/2023
Jennifer Addie: Finding creative solutions. [COO]
https://thecyberwire.com/podcasts/career-notes/158/notes
WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks
https://thehackernews.com/2023/07/wormgpt-new-ai-tool-allows.html
Cryptovirology case
https://www.reddit.com/r/Malware/comments/150d9d1/cryptovirology_case/
Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens
https://thehackernews.com/2023/07/microsoft-bug-allowed-hackers-to-breach.html
Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition
https://securityaffairs.com/148500/breaking-news/security-affairs-newsletter-round-428-by-pierluigi-paganini-international-edition.html
Update of new youtube malware channel
https://www.reddit.com/r/Malware/comments/1506ws2/update_of_new_youtube_malware_channel/
Satellites lack standard security mechanisms found in mobile phones and laptops - Help Net Security
https://www.reddit.com/r/netsec/comments/150x6r6/satellites_lack_standard_security_mechanisms/
GitHub - FourCoreLabs/LolDriverScan: Scan vulnerable drivers on Windows System
https://www.reddit.com/r/netsec/comments/150el5p/github_fourcorelabsloldriverscan_scan_vulnerable/
Another new malware payload remix / trip
https://www.reddit.com/r/Malware/comments/15090kc/another_new_malware_payload_remix_trip/
Deep Analysis of GCleaner
https://malware.news/t/deep-analysis-of-gcleaner/71411#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Jennifer Addie: Finding creative solutions. [COO]
https://thecyberwire.com/podcasts/career-notes/158/notes
WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks
https://thehackernews.com/2023/07/wormgpt-new-ai-tool-allows.html
Cryptovirology case
https://www.reddit.com/r/Malware/comments/150d9d1/cryptovirology_case/
Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens
https://thehackernews.com/2023/07/microsoft-bug-allowed-hackers-to-breach.html
Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition
https://securityaffairs.com/148500/breaking-news/security-affairs-newsletter-round-428-by-pierluigi-paganini-international-edition.html
Update of new youtube malware channel
https://www.reddit.com/r/Malware/comments/1506ws2/update_of_new_youtube_malware_channel/
Satellites lack standard security mechanisms found in mobile phones and laptops - Help Net Security
https://www.reddit.com/r/netsec/comments/150x6r6/satellites_lack_standard_security_mechanisms/
GitHub - FourCoreLabs/LolDriverScan: Scan vulnerable drivers on Windows System
https://www.reddit.com/r/netsec/comments/150el5p/github_fourcorelabsloldriverscan_scan_vulnerable/
Another new malware payload remix / trip
https://www.reddit.com/r/Malware/comments/15090kc/another_new_malware_payload_remix_trip/
Deep Analysis of GCleaner
https://malware.news/t/deep-analysis-of-gcleaner/71411#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Jennifer Addie: Finding creative solutions. [COO]
Jennifer Addie, COO and CWO from VentureScope and MACH37 Cyber Accelerator sits down to share her incredible story, bringing creativity into the cyber community. Growing up Jennifer always loved the human side of things, and learning that she had a knack…
Top Security News for 17/07/2023
ISC StormCast for Monday, July 17th, 2023
https://isc.sans.edu/podcastdetail/8574
Pompompurin, the BreachForums owner, pleads guilty to hacking charges and possession of child pornography
https://securityaffairs.com/148515/cyber-crime/pompompurin-pleas-guilty-hacking-charges.html
Brute-Force ZIP Password Cracking with zipdump.py: FP Fix, (Sun, Jul 16th)
https://malware.news/t/brute-force-zip-password-cracking-with-zipdump-py-fp-fix-sun-jul-16th/71413#post_1
Lessons to learn from last week’s email breach on federal agencies by a Chinese APT group
https://malware.news/t/lessons-to-learn-from-last-week-s-email-breach-on-federal-agencies-by-a-chinese-apt-group/71419#post_1
CERT-UA Uncovers Gamaredon's Rapid Data Exfiltration Tactics Following Initial Compromise
https://thehackernews.com/2023/07/cert-ua-uncovers-gamaredons-rapid-data.html
Vault Range - The Measure and Resilience of Weaponized Exploit Methods for Linux
https://www.reddit.com/r/netsec/comments/15168s3/vault_range_the_measure_and_resilience_of/
Malware source code investigation: BlackLotus - part 1
https://malware.news/t/malware-source-code-investigation-blacklotus-part-1/71416#post_1
Wireshark 4.0.7 Released, (Sat, Jul 15th)
https://isc.sans.edu/diary/rss/30030
Brute-Force ZIP Password Cracking with zipdump.py: FP Fix, (Sun, Jul 16th)
https://isc.sans.edu/diary/rss/30032
FUD Stealer warning for prysmax
https://www.reddit.com/r/Malware/comments/1514ubp/fud_stealer_warning_for_prysmax/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
ISC StormCast for Monday, July 17th, 2023
https://isc.sans.edu/podcastdetail/8574
Pompompurin, the BreachForums owner, pleads guilty to hacking charges and possession of child pornography
https://securityaffairs.com/148515/cyber-crime/pompompurin-pleas-guilty-hacking-charges.html
Brute-Force ZIP Password Cracking with zipdump.py: FP Fix, (Sun, Jul 16th)
https://malware.news/t/brute-force-zip-password-cracking-with-zipdump-py-fp-fix-sun-jul-16th/71413#post_1
Lessons to learn from last week’s email breach on federal agencies by a Chinese APT group
https://malware.news/t/lessons-to-learn-from-last-week-s-email-breach-on-federal-agencies-by-a-chinese-apt-group/71419#post_1
CERT-UA Uncovers Gamaredon's Rapid Data Exfiltration Tactics Following Initial Compromise
https://thehackernews.com/2023/07/cert-ua-uncovers-gamaredons-rapid-data.html
Vault Range - The Measure and Resilience of Weaponized Exploit Methods for Linux
https://www.reddit.com/r/netsec/comments/15168s3/vault_range_the_measure_and_resilience_of/
Malware source code investigation: BlackLotus - part 1
https://malware.news/t/malware-source-code-investigation-blacklotus-part-1/71416#post_1
Wireshark 4.0.7 Released, (Sat, Jul 15th)
https://isc.sans.edu/diary/rss/30030
Brute-Force ZIP Password Cracking with zipdump.py: FP Fix, (Sun, Jul 16th)
https://isc.sans.edu/diary/rss/30032
FUD Stealer warning for prysmax
https://www.reddit.com/r/Malware/comments/1514ubp/fud_stealer_warning_for_prysmax/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
ISC StormCast for Monday, July 17th, 2023 - SANS ISC
Top Security News for 18/07/2023
Ukraine at D+508: Preparatory attrition in the counteroffensive.
https://thecyberwire.com/stories/7cb85aa6cee446a5bcde4c816154387a/ukraine-at-d508
Malicious USB Drives Targetinging Global Targets with SOGU and SNOWYDRIVE Malware
https://thehackernews.com/2023/07/malicious-usb-drives-targetinging.html
Non-compliant Clients: Righting the Ship Before Regulators Pounce - Brian Johnson - CFH #27
https://malware.news/t/non-compliant-clients-righting-the-ship-before-regulators-pounce-brian-johnson-cfh-27/71449#post_1
ISC Stormcast For Tuesday, July 18th, 2023 https://isc.sans.edu/podcastdetail/8576, (Tue, Jul 18th)
https://malware.news/t/isc-stormcast-for-tuesday-july-18th-2023-https-isc-sans-edu-podcastdetail-8576-tue-jul-18th/71448#post_1
Admins of Genesis Market marketplace sold their infrastructure on a hacker forum
https://securityaffairs.com/148531/cyber-crime/genesis-market-infrastructure-sold.html
promptmap - automatically tests prompt injection attacks on ChatGPT instances
https://www.reddit.com/r/netsec/comments/1514dhr/promptmap_automatically_tests_prompt_injection/
Spy vs. spy: Exploring the LetMeSpy hack, with maia arson crimew
https://www.malwarebytes.com/blog/podcast/2023/07/spy-vs-spy-exploring-the-letmespy-hack-with-maia-arson-crimew
ISC Stormcast For Tuesday, July 18th, 2023 https://isc.sans.edu/podcastdetail/8576, (Tue, Jul 18th)
https://isc.sans.edu/diary/rss/30036
These 6 Questions Will Help You Choose the Best Attack Surface Management Platform
https://thehackernews.com/2023/07/these-6-questions-will-help-you-choose.html
"Ethics-free AI" in the C2C market. TeamTNT's return? British MPs targets of Chinese intelligence services. Gamaredon's fast theft, and other notes from the hybrid war.
https://thecyberwire.com/newsletters/daily-briefing/12/134
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Ukraine at D+508: Preparatory attrition in the counteroffensive.
https://thecyberwire.com/stories/7cb85aa6cee446a5bcde4c816154387a/ukraine-at-d508
Malicious USB Drives Targetinging Global Targets with SOGU and SNOWYDRIVE Malware
https://thehackernews.com/2023/07/malicious-usb-drives-targetinging.html
Non-compliant Clients: Righting the Ship Before Regulators Pounce - Brian Johnson - CFH #27
https://malware.news/t/non-compliant-clients-righting-the-ship-before-regulators-pounce-brian-johnson-cfh-27/71449#post_1
ISC Stormcast For Tuesday, July 18th, 2023 https://isc.sans.edu/podcastdetail/8576, (Tue, Jul 18th)
https://malware.news/t/isc-stormcast-for-tuesday-july-18th-2023-https-isc-sans-edu-podcastdetail-8576-tue-jul-18th/71448#post_1
Admins of Genesis Market marketplace sold their infrastructure on a hacker forum
https://securityaffairs.com/148531/cyber-crime/genesis-market-infrastructure-sold.html
promptmap - automatically tests prompt injection attacks on ChatGPT instances
https://www.reddit.com/r/netsec/comments/1514dhr/promptmap_automatically_tests_prompt_injection/
Spy vs. spy: Exploring the LetMeSpy hack, with maia arson crimew
https://www.malwarebytes.com/blog/podcast/2023/07/spy-vs-spy-exploring-the-letmespy-hack-with-maia-arson-crimew
ISC Stormcast For Tuesday, July 18th, 2023 https://isc.sans.edu/podcastdetail/8576, (Tue, Jul 18th)
https://isc.sans.edu/diary/rss/30036
These 6 Questions Will Help You Choose the Best Attack Surface Management Platform
https://thehackernews.com/2023/07/these-6-questions-will-help-you-choose.html
"Ethics-free AI" in the C2C market. TeamTNT's return? British MPs targets of Chinese intelligence services. Gamaredon's fast theft, and other notes from the hybrid war.
https://thecyberwire.com/newsletters/daily-briefing/12/134
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Ukraine at D+508: Preparatory attrition in the counteroffensive.
Ukraine wages a war of attrition, the Kerch Strait Bridge is dropped again, and Russia seems to be purging its general officers. The FSB's Gamaredon is showing renewed activity.
Top Security News for 17/09/2023
The bogus CVE problem
https://www.reddit.com/r/netsec/comments/16kb5dq/the_bogus_cve_problem/
My nasm program crashes and I think I know how, but I don't know how
https://www.reddit.com/r/lowlevel/comments/16kpbg7/my_nasm_program_crashes_and_i_think_i_know_how/
Windows shadowcopy tool used in malware
https://www.reddit.com/r/Malware/comments/16kknap/windows_shadowcopy_tool_used_in_malware/
New analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples
https://www.reddit.com/r/netsec/comments/16ka325/new_analysis_tool_donutdecryptor_retrieve_inner/
Phishing With Chromium's Application Mode
https://mrd0x.com/phishing-with-chromium-application-mode/
New analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples
https://www.reddit.com/r/netsec/comments/16ka325/new_analysis_tool_donutdecryptor_retrieve_inner/
Twitter Recap - Part 1
https://mrd0x.com/twitter-recap-part-1/
Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition
https://securityaffairs.com/150931/breaking-news/security-affairs-newsletter-round-437-by-pierluigi-paganini-international-edition.html
TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.
https://thehackernews.com/2023/09/tiktok-faces-massive-345-million-fine.html
Similar issues detected in different cryptocurrency exchange backends
https://www.reddit.com/r/netsec/comments/16kcn6f/similar_issues_detected_in_different/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The bogus CVE problem
https://www.reddit.com/r/netsec/comments/16kb5dq/the_bogus_cve_problem/
My nasm program crashes and I think I know how, but I don't know how
https://www.reddit.com/r/lowlevel/comments/16kpbg7/my_nasm_program_crashes_and_i_think_i_know_how/
Windows shadowcopy tool used in malware
https://www.reddit.com/r/Malware/comments/16kknap/windows_shadowcopy_tool_used_in_malware/
New analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples
https://www.reddit.com/r/netsec/comments/16ka325/new_analysis_tool_donutdecryptor_retrieve_inner/
Phishing With Chromium's Application Mode
https://mrd0x.com/phishing-with-chromium-application-mode/
New analysis tool: donut-decryptor: Retrieve inner payloads from Donut samples
https://www.reddit.com/r/netsec/comments/16ka325/new_analysis_tool_donutdecryptor_retrieve_inner/
Twitter Recap - Part 1
https://mrd0x.com/twitter-recap-part-1/
Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition
https://securityaffairs.com/150931/breaking-news/security-affairs-newsletter-round-437-by-pierluigi-paganini-international-edition.html
TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U.
https://thehackernews.com/2023/09/tiktok-faces-massive-345-million-fine.html
Similar issues detected in different cryptocurrency exchange backends
https://www.reddit.com/r/netsec/comments/16kcn6f/similar_issues_detected_in_different/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: The bogus CVE problem
Posted by keissiaresa - 43 votes and 8 comments
Top Security News for 18/09/2023
Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation
https://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/
CVE-2022-32947: macOS GPU-launched kernel privilege escalation exploit (walkthrough slides + demo)
https://www.reddit.com/r/netsec/comments/16kwvfl/cve202232947_macos_gpulaunched_kernel_privilege/
Tickling ksmbd: fuzzing SMB in the Linux kernel
https://www.reddit.com/r/netsec/comments/16kvckv/tickling_ksmbd_fuzzing_smb_in_the_linux_kernel/
ISC Stormcast For Monday, September 18th, 2023 https://isc.sans.edu/podcastdetail/8662, (Mon, Sep 18th)
https://malware.news/t/isc-stormcast-for-monday-september-18th-2023-https-isc-sans-edu-podcastdetail-8662-mon-sep-18th/73542#post_1
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
https://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html
North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist
https://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html
Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation
https://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/
Clop gang stolen data from major North Carolina hospitals
https://securityaffairs.com/150949/cyber-crime/north-carolina-hospitals-data-breach.html
A Practical Approach to SBOM in CI/CD. Presenting concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.
https://www.reddit.com/r/netsec/comments/16l5vtu/a_practical_approach_to_sbom_in_cicd_presenting/
CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution
https://www.reddit.com/r/netsec/comments/16kvb77/cve202334040_spring_kafka_deserialization_remote/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation
https://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/
CVE-2022-32947: macOS GPU-launched kernel privilege escalation exploit (walkthrough slides + demo)
https://www.reddit.com/r/netsec/comments/16kwvfl/cve202232947_macos_gpulaunched_kernel_privilege/
Tickling ksmbd: fuzzing SMB in the Linux kernel
https://www.reddit.com/r/netsec/comments/16kvckv/tickling_ksmbd_fuzzing_smb_in_the_linux_kernel/
ISC Stormcast For Monday, September 18th, 2023 https://isc.sans.edu/podcastdetail/8662, (Mon, Sep 18th)
https://malware.news/t/isc-stormcast-for-monday-september-18th-2023-https-isc-sans-edu-podcastdetail-8662-mon-sep-18th/73542#post_1
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks
https://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html
North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist
https://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html
Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation
https://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/
Clop gang stolen data from major North Carolina hospitals
https://securityaffairs.com/150949/cyber-crime/north-carolina-hospitals-data-breach.html
A Practical Approach to SBOM in CI/CD. Presenting concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.
https://www.reddit.com/r/netsec/comments/16l5vtu/a_practical_approach_to_sbom_in_cicd_presenting/
CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution
https://www.reddit.com/r/netsec/comments/16kvb77/cve202334040_spring_kafka_deserialization_remote/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin…
Posted by yqopmin - No votes and no comments
Top Security News for 19/09/2023
Microsoft AI research division accidentally exposed 38TB of sensitive data
https://securityaffairs.com/151004/data-breach/microsoft-ai-data-leak.html
ThemeBleed exploit is another reason to patch Windows quickly
https://www.malwarebytes.com/blog/news/2023/09/themebleed-exploit-is-another-reason-to-patch-windows-quickly
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data
https://thehackernews.com/2023/09/microsoft-ai-researchers-accidentally.html
Think Your MFA and PAM Solutions Protect You? Think Again
https://thehackernews.com/2023/09/think-your-mfa-and-pam-solutions.html
ISC Stormcast For Tuesday, September 19th, 2023 https://isc.sans.edu/podcastdetail/8664, (Tue, Sep 19th)
https://malware.news/t/isc-stormcast-for-tuesday-september-19th-2023-https-isc-sans-edu-podcastdetail-8664-tue-sep-19th/73586#post_1
Seven ways to secure instant messaging in corporate networks
https://malware.news/t/seven-ways-to-secure-instant-messaging-in-corporate-networks/73588#post_1
Security Alert: Alert Regarding Vulnerability in Trend Micro Multiple Endpoint Security Products for Enterprises
https://malware.news/t/security-alert-alert-regarding-vulnerability-in-trend-micro-multiple-endpoint-security-products-for-enterprises/73589#post_1
Monthly Threat Actor Group Intelligence Report, July 2023 (KOR)
https://malware.news/t/monthly-threat-actor-group-intelligence-report-july-2023-kor/73587#post_1
A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a view of cyberwar from Ukraine’s SSU.
https://thecyberwire.com/podcasts/daily-podcast/1908/notes
Risks in Liechtenstein's electronic health files and new vulns in the underlying Liferay portal software (article in German)
https://www.reddit.com/r/netsec/comments/16luoug/risks_in_liechtensteins_electronic_health_files/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Microsoft AI research division accidentally exposed 38TB of sensitive data
https://securityaffairs.com/151004/data-breach/microsoft-ai-data-leak.html
ThemeBleed exploit is another reason to patch Windows quickly
https://www.malwarebytes.com/blog/news/2023/09/themebleed-exploit-is-another-reason-to-patch-windows-quickly
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data
https://thehackernews.com/2023/09/microsoft-ai-researchers-accidentally.html
Think Your MFA and PAM Solutions Protect You? Think Again
https://thehackernews.com/2023/09/think-your-mfa-and-pam-solutions.html
ISC Stormcast For Tuesday, September 19th, 2023 https://isc.sans.edu/podcastdetail/8664, (Tue, Sep 19th)
https://malware.news/t/isc-stormcast-for-tuesday-september-19th-2023-https-isc-sans-edu-podcastdetail-8664-tue-sep-19th/73586#post_1
Seven ways to secure instant messaging in corporate networks
https://malware.news/t/seven-ways-to-secure-instant-messaging-in-corporate-networks/73588#post_1
Security Alert: Alert Regarding Vulnerability in Trend Micro Multiple Endpoint Security Products for Enterprises
https://malware.news/t/security-alert-alert-regarding-vulnerability-in-trend-micro-multiple-endpoint-security-products-for-enterprises/73589#post_1
Monthly Threat Actor Group Intelligence Report, July 2023 (KOR)
https://malware.news/t/monthly-threat-actor-group-intelligence-report-july-2023-kor/73587#post_1
A quick look at some threats from China and North Korea, some engaged in collection, some in theft. BlackCat and other ransomware operators. And a view of cyberwar from Ukraine’s SSU.
https://thecyberwire.com/podcasts/daily-podcast/1908/notes
Risks in Liechtenstein's electronic health files and new vulns in the underlying Liferay portal software (article in German)
https://www.reddit.com/r/netsec/comments/16luoug/risks_in_liechtensteins_electronic_health_files/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Affairs
Microsoft AI research division accidentally exposed 38TB of sensitive data
Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020.
Top Security News for 20/09/2023
YmplePay is on the Binance Smart Chain Network. This means it is much more flexible and fees are much lower than other blockchains like ETH. YmplePay is built for everyone to buy and BSC allows that to happen.
https://www.reddit.com/r/Malware/comments/16n7omc/ymplepay_is_on_the_binance_smart_chain_network/
#ShortAndMalicious — DarkGate
https://www.reddit.com/r/netsec/comments/16mormx/shortandmalicious_darkgate/
The indomitable maintainer spirit versus the indifferent cruelty of JavaScript
https://www.reddit.com/r/netsec/comments/16my3tn/the_indomitable_maintainer_spirit_versus_the/
The mystery of the CVEs that are not vulnerabilities
https://www.malwarebytes.com/blog/news/2023/09/the-mystery-of-the-cves-that-are-not-vulnerabilities
Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report
https://www.microsoft.com/en-us/security/blog/2023/09/19/forrester-names-microsoft-a-leader-in-the-2023-zero-trust-platform-providers-wave-report/
Ransomware in Colombia. An accidental data exposure. Cyberespionage hits unpatched systems. An attack on IT systems disrupts industrial production. Bots and bad actors.
https://thecyberwire.com/podcasts/daily-podcast/1909/notes
Compromised Free Download Manager website was delivering malware for years
https://www.malwarebytes.com/blog/news/2023/09/compromised-free-download-manager-website-was-delivering-malware-for-years
Policy Briefing for 09.19.23
https://thecyberwire.com/newsletters/policy-briefing/5/179
Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report
https://www.microsoft.com/en-us/security/blog/2023/09/19/forrester-names-microsoft-a-leader-in-the-2023-zero-trust-platform-providers-wave-report/
Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities
https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
YmplePay is on the Binance Smart Chain Network. This means it is much more flexible and fees are much lower than other blockchains like ETH. YmplePay is built for everyone to buy and BSC allows that to happen.
https://www.reddit.com/r/Malware/comments/16n7omc/ymplepay_is_on_the_binance_smart_chain_network/
#ShortAndMalicious — DarkGate
https://www.reddit.com/r/netsec/comments/16mormx/shortandmalicious_darkgate/
The indomitable maintainer spirit versus the indifferent cruelty of JavaScript
https://www.reddit.com/r/netsec/comments/16my3tn/the_indomitable_maintainer_spirit_versus_the/
The mystery of the CVEs that are not vulnerabilities
https://www.malwarebytes.com/blog/news/2023/09/the-mystery-of-the-cves-that-are-not-vulnerabilities
Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report
https://www.microsoft.com/en-us/security/blog/2023/09/19/forrester-names-microsoft-a-leader-in-the-2023-zero-trust-platform-providers-wave-report/
Ransomware in Colombia. An accidental data exposure. Cyberespionage hits unpatched systems. An attack on IT systems disrupts industrial production. Bots and bad actors.
https://thecyberwire.com/podcasts/daily-podcast/1909/notes
Compromised Free Download Manager website was delivering malware for years
https://www.malwarebytes.com/blog/news/2023/09/compromised-free-download-manager-website-was-delivering-malware-for-years
Policy Briefing for 09.19.23
https://thecyberwire.com/newsletters/policy-briefing/5/179
Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report
https://www.microsoft.com/en-us/security/blog/2023/09/19/forrester-names-microsoft-a-leader-in-the-2023-zero-trust-platform-providers-wave-report/
Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities
https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the Malware community on Reddit: YmplePay is on the Binance Smart Chain Network. This means it is much more flexible and fees…
Explore this post and more from the Malware community
Top Security News for 21/09/2023
Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys
https://thehackernews.com/2023/09/fresh-wave-of-malicious-npm-packages.html
What's Normal? DNS TTL Values, (Wed, Sep 20th)
https://isc.sans.edu/diary/rss/30234
Fake WinRAR Exploit PoC Drops VenomRAT Malware
https://packetstormsecurity.com/news/view/35033/Fake-WinRAR-Exploit-PoC-Drops-VenomRAT-Malware.html
Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions
https://securityaffairs.com/151149/hacking/noname-ddos-attack-canadian-airports.html
Cyberattack hits International Criminal Court
https://malware.news/t/cyberattack-hits-international-criminal-court/73681#post_1
Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.
https://thecyberwire.com/podcasts/daily-podcast/1910/notes
Do You Really Trust Your Web Application Supply Chain?
https://thehackernews.com/2023/09/do-you-really-trust-your-web.html
BlackCat/ALPHV Reportedly Encrypted More Than 100 MGM ESXi Hypervisors
https://packetstormsecurity.com/news/view/35024/BlackCat-ALPHV-Reportedly-Encrypted-More-Than-100-MGM-ESXi-Hypervisors.html
Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with VenomRAT
https://thehackernews.com/2023/09/beware-fake-exploit-for-winrar.html
The pitfalls of SAS tokens. US software company discloses MOVEit-related breach exposing health data. Pizza Hut Australia discloses data breach.
https://thecyberwire.com/newsletters/privacy-briefing/5/180
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys
https://thehackernews.com/2023/09/fresh-wave-of-malicious-npm-packages.html
What's Normal? DNS TTL Values, (Wed, Sep 20th)
https://isc.sans.edu/diary/rss/30234
Fake WinRAR Exploit PoC Drops VenomRAT Malware
https://packetstormsecurity.com/news/view/35033/Fake-WinRAR-Exploit-PoC-Drops-VenomRAT-Malware.html
Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions
https://securityaffairs.com/151149/hacking/noname-ddos-attack-canadian-airports.html
Cyberattack hits International Criminal Court
https://malware.news/t/cyberattack-hits-international-criminal-court/73681#post_1
Hacking the ICC. ShroudedSnooper active, simple, and novel. New criminal malware used against Chinese-speakers. More on the materiality of cyberattacks.
https://thecyberwire.com/podcasts/daily-podcast/1910/notes
Do You Really Trust Your Web Application Supply Chain?
https://thehackernews.com/2023/09/do-you-really-trust-your-web.html
BlackCat/ALPHV Reportedly Encrypted More Than 100 MGM ESXi Hypervisors
https://packetstormsecurity.com/news/view/35024/BlackCat-ALPHV-Reportedly-Encrypted-More-Than-100-MGM-ESXi-Hypervisors.html
Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with VenomRAT
https://thehackernews.com/2023/09/beware-fake-exploit-for-winrar.html
The pitfalls of SAS tokens. US software company discloses MOVEit-related breach exposing health data. Pizza Hut Australia discloses data breach.
https://thecyberwire.com/newsletters/privacy-briefing/5/180
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
SANS Internet Storm Center
Internet Storm Center Diary 2023-10-20 - SANS Internet Storm Center
Internet Storm Center Diary 2023-10-20, Author: Johannes Ullrich
Top Security News for 22/09/2023
Malware-spreading phishing attacks target Chinese users
https://malware.news/t/malware-spreading-phishing-attacks-target-chinese-users/73734#post_1
ISC Stormcast For Friday, September 22nd, 2023 https://isc.sans.edu/podcastdetail/8670, (Fri, Sep 22nd)
https://isc.sans.edu/diary/rss/30240
ISC Stormcast For Friday, September 22nd, 2023 https://isc.sans.edu/podcastdetail/8670, (Fri, Sep 22nd)
https://malware.news/t/isc-stormcast-for-friday-september-22nd-2023-https-isc-sans-edu-podcastdetail-8670-fri-sep-22nd/73735#post_1
Overview of IoT threats in 2023
https://securelist.com/iot-threat-report-2023/110644/
The WebP 0day
https://www.reddit.com/r/netsec/comments/16ooziz/the_webp_0day/
Ukraine at D+574: Breaching the Surovikin Line.
https://thecyberwire.com/stories/ae9ca76fcc6c47d29af4a334f759e64d/ukraine-at-d574
Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS, (Thu, Sep 21st)
https://isc.sans.edu/diary/rss/30238
Funding round secures $40M for Legit Security
https://malware.news/t/funding-round-secures-40m-for-legit-security/73732#post_1
Sewage, Squatters, Disease: U.S. Military Barracks Are Depressing Hellholes, Watchdog Finds
https://www.vice.com/en_us/article/wxjp3b/sewage-squatters-disease-us-military-barracks-are-depressing-hellholes-watchdog-finds
The WebP 0day
https://www.reddit.com/r/netsec/comments/16ooziz/the_webp_0day/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware-spreading phishing attacks target Chinese users
https://malware.news/t/malware-spreading-phishing-attacks-target-chinese-users/73734#post_1
ISC Stormcast For Friday, September 22nd, 2023 https://isc.sans.edu/podcastdetail/8670, (Fri, Sep 22nd)
https://isc.sans.edu/diary/rss/30240
ISC Stormcast For Friday, September 22nd, 2023 https://isc.sans.edu/podcastdetail/8670, (Fri, Sep 22nd)
https://malware.news/t/isc-stormcast-for-friday-september-22nd-2023-https-isc-sans-edu-podcastdetail-8670-fri-sep-22nd/73735#post_1
Overview of IoT threats in 2023
https://securelist.com/iot-threat-report-2023/110644/
The WebP 0day
https://www.reddit.com/r/netsec/comments/16ooziz/the_webp_0day/
Ukraine at D+574: Breaching the Surovikin Line.
https://thecyberwire.com/stories/ae9ca76fcc6c47d29af4a334f759e64d/ukraine-at-d574
Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS, (Thu, Sep 21st)
https://isc.sans.edu/diary/rss/30238
Funding round secures $40M for Legit Security
https://malware.news/t/funding-round-secures-40m-for-legit-security/73732#post_1
Sewage, Squatters, Disease: U.S. Military Barracks Are Depressing Hellholes, Watchdog Finds
https://www.vice.com/en_us/article/wxjp3b/sewage-squatters-disease-us-military-barracks-are-depressing-hellholes-watchdog-finds
The WebP 0day
https://www.reddit.com/r/netsec/comments/16ooziz/the_webp_0day/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Malware-spreading phishing attacks target Chinese users
More than 30 email phishing campaigns have been launched to deploy various malware strains against Chinese users since early this year, The Hacker News reports. Article Link: Malware-spreading phishing attacks target Chinese users | SC Media
Top Security News for 23/09/2023
Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware
https://securityaffairs.com/151218/mobile-2/apple-chrome-zero-days-predator-spyware.html
T-Mobile spills billing information to other customers
https://www.malwarebytes.com/blog/news/2023/09/t-mobile-spills-billing-information-to-other-customers
Iranian Nation-State Actor OilRig Targets Israeli Organizations
https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html
Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records
https://www.reddit.com/r/netsec/comments/16p752a/critical_dicom_server_misconfigurations_lead_to/
Experts warn of a 600X increase in P2Pinfect traffic
https://securityaffairs.com/151182/malware/p2pinfect-botnet-surge.html
Cryptomining malware detected on a Russian thesaurus with 5 Million+ monthly visits
https://www.reddit.com/r/netsec/comments/16p7yhe/cryptomining_malware_detected_on_a_russian/
Emergency update! Apple patches three zero-days
https://malware.news/t/emergency-update-apple-patches-three-zero-days/73772#post_1
Defeating Visual Studio Code embedded reverse shell
https://www.reddit.com/r/netsec/comments/16pjfsx/defeating_visual_studio_code_embedded_reverse/
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
https://thehackernews.com/2023/09/high-severity-flaws-uncovered-in.html
Enter the Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.
https://thecyberwire.com/podcasts/daily-podcast/1912/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware
https://securityaffairs.com/151218/mobile-2/apple-chrome-zero-days-predator-spyware.html
T-Mobile spills billing information to other customers
https://www.malwarebytes.com/blog/news/2023/09/t-mobile-spills-billing-information-to-other-customers
Iranian Nation-State Actor OilRig Targets Israeli Organizations
https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html
Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records
https://www.reddit.com/r/netsec/comments/16p752a/critical_dicom_server_misconfigurations_lead_to/
Experts warn of a 600X increase in P2Pinfect traffic
https://securityaffairs.com/151182/malware/p2pinfect-botnet-surge.html
Cryptomining malware detected on a Russian thesaurus with 5 Million+ monthly visits
https://www.reddit.com/r/netsec/comments/16p7yhe/cryptomining_malware_detected_on_a_russian/
Emergency update! Apple patches three zero-days
https://malware.news/t/emergency-update-apple-patches-three-zero-days/73772#post_1
Defeating Visual Studio Code embedded reverse shell
https://www.reddit.com/r/netsec/comments/16pjfsx/defeating_visual_studio_code_embedded_reverse/
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
https://thehackernews.com/2023/09/high-severity-flaws-uncovered-in.html
Enter the Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.
https://thecyberwire.com/podcasts/daily-podcast/1912/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Affairs
Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware
Citizen Lab and Google's TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware.
Top Security News for 24/09/2023
Scanning for Laravel - a PHP Framework for Web Artisants, (Sat, Sep 23rd)
https://malware.news/t/scanning-for-laravel-a-php-framework-for-web-artisants-sat-sep-23rd/73777#post_1
Government of Bermuda blames Russian threat actors for the cyber attack
https://securityaffairs.com/151273/hacking/government-of-bermuda-cyberattack.html
ESET's cutting-edge threat research at LABScon – Week in security with Tony Anscombe
https://malware.news/t/esets-cutting-edge-threat-research-at-labscon-week-in-security-with-tony-anscombe/73775#post_1
Stealth Falcon preying over Middle Eastern skies with Deadglyph
https://malware.news/t/stealth-falcon-preying-over-middle-eastern-skies-with-deadglyph/73776#post_1
Merritt Baer: No one has to go down for you to go up. [CISO]
https://thecyberwire.com/podcasts/career-notes/168/notes
City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack
https://securityaffairs.com/151264/data-breach/city-of-dallas-royal-ransomware-attack-may.html
Rooting vs routing.
https://thecyberwire.com/podcasts/hacking-humans-goes-to-the-movies/22/notes
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
https://thehackernews.com/2023/09/latest-apple-zero-days-used-to-hack.html
False positive or not
https://www.reddit.com/r/Malware/comments/16qhrg3/false_positive_or_not/
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics
https://thehackernews.com/2023/09/deadglyph-new-advanced-backdoor-with.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Scanning for Laravel - a PHP Framework for Web Artisants, (Sat, Sep 23rd)
https://malware.news/t/scanning-for-laravel-a-php-framework-for-web-artisants-sat-sep-23rd/73777#post_1
Government of Bermuda blames Russian threat actors for the cyber attack
https://securityaffairs.com/151273/hacking/government-of-bermuda-cyberattack.html
ESET's cutting-edge threat research at LABScon – Week in security with Tony Anscombe
https://malware.news/t/esets-cutting-edge-threat-research-at-labscon-week-in-security-with-tony-anscombe/73775#post_1
Stealth Falcon preying over Middle Eastern skies with Deadglyph
https://malware.news/t/stealth-falcon-preying-over-middle-eastern-skies-with-deadglyph/73776#post_1
Merritt Baer: No one has to go down for you to go up. [CISO]
https://thecyberwire.com/podcasts/career-notes/168/notes
City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack
https://securityaffairs.com/151264/data-breach/city-of-dallas-royal-ransomware-attack-may.html
Rooting vs routing.
https://thecyberwire.com/podcasts/hacking-humans-goes-to-the-movies/22/notes
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
https://thehackernews.com/2023/09/latest-apple-zero-days-used-to-hack.html
False positive or not
https://www.reddit.com/r/Malware/comments/16qhrg3/false_positive_or_not/
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics
https://thehackernews.com/2023/09/deadglyph-new-advanced-backdoor-with.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Scanning for Laravel - a PHP Framework for Web Artisants, (Sat, Sep 23rd)
Today while reviewing my honeypot logs, I noticed an HTTP request for a directory this week I had not noticed before that included Laravel: Article Link: https://isc.sans.edu/diary/rss/30242
Top Security News for 25/09/2023
Customer Reviews — A Powerful KPI for an E-Commerce Business
https://malware.news/t/customer-reviews-a-powerful-kpi-for-an-e-commerce-business/73782#post_1
Threat intelligence discussion with Chris Krebs.
https://thecyberwire.com/podcasts/special-edition/54/notes
CoinMiner Distribution Process within Infiltrated Systems (Detected by EDR)
https://malware.news/t/coinminer-distribution-process-within-infiltrated-systems-detected-by-edr/73778#post_1
ISC Stormcast For Monday, September 25th, 2023 https://isc.sans.edu/podcastdetail/8672, (Mon, Sep 25th)
https://malware.news/t/isc-stormcast-for-monday-september-25th-2023-https-isc-sans-edu-podcastdetail-8672-mon-sep-25th/73781#post_1
Past week in brief - Microsoft's 38TB Data Leak, Cisco's Splunk Acquisition, Apple's Triple Zero-Days, LastPass Security Update, and OpenAI's Red Teaming Initiative
https://www.reddit.com/r/netsec/comments/16qss5g/past_week_in_brief_microsofts_38tb_data_leak/
From ScreenConnect to Hive Ransomware in 61 hours
https://malware.news/t/from-screenconnect-to-hive-ransomware-in-61-hours/73779#post_1
New variant of BBTok Trojan targets users of +40 banks in LATAM
https://securityaffairs.com/151360/malware/bbtok-trojan-latam.html
National Student Clearinghouse data breach impacted approximately 900 US schools
https://securityaffairs.com/151281/data-breach/national-student-clearinghouse-data-breach.html
Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars
https://securityaffairs.com/151299/data-breach/alphv-ransomware-hacked-clarion.html
Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition
https://securityaffairs.com/151293/breaking-news/security-affairs-newsletter-round-438-by-pierluigi-paganini-international-edition.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Customer Reviews — A Powerful KPI for an E-Commerce Business
https://malware.news/t/customer-reviews-a-powerful-kpi-for-an-e-commerce-business/73782#post_1
Threat intelligence discussion with Chris Krebs.
https://thecyberwire.com/podcasts/special-edition/54/notes
CoinMiner Distribution Process within Infiltrated Systems (Detected by EDR)
https://malware.news/t/coinminer-distribution-process-within-infiltrated-systems-detected-by-edr/73778#post_1
ISC Stormcast For Monday, September 25th, 2023 https://isc.sans.edu/podcastdetail/8672, (Mon, Sep 25th)
https://malware.news/t/isc-stormcast-for-monday-september-25th-2023-https-isc-sans-edu-podcastdetail-8672-mon-sep-25th/73781#post_1
Past week in brief - Microsoft's 38TB Data Leak, Cisco's Splunk Acquisition, Apple's Triple Zero-Days, LastPass Security Update, and OpenAI's Red Teaming Initiative
https://www.reddit.com/r/netsec/comments/16qss5g/past_week_in_brief_microsofts_38tb_data_leak/
From ScreenConnect to Hive Ransomware in 61 hours
https://malware.news/t/from-screenconnect-to-hive-ransomware-in-61-hours/73779#post_1
New variant of BBTok Trojan targets users of +40 banks in LATAM
https://securityaffairs.com/151360/malware/bbtok-trojan-latam.html
National Student Clearinghouse data breach impacted approximately 900 US schools
https://securityaffairs.com/151281/data-breach/national-student-clearinghouse-data-breach.html
Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars
https://securityaffairs.com/151299/data-breach/alphv-ransomware-hacked-clarion.html
Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition
https://securityaffairs.com/151293/breaking-news/security-affairs-newsletter-round-438-by-pierluigi-paganini-international-edition.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Customer Reviews — A Powerful KPI for an E-Commerce Business
Customer Reviews — A Powerful KPI for an E-Commerce BusinessWhen was the last time you booked a hotel for your most-awaited trip or bought yourself a pretty dress from the comfort of your home? Maybe a few days or a few weeks back? And I am guessing you’d…
Top Security News for 26/09/2023
Analysis of CVE-2023-38831 Zero-Day vulnerability in WinRAR
https://www.reddit.com/r/netsec/comments/16s2b18/analysis_of_cve202338831_zeroday_vulnerability_in/
A week in security (September 18 - September 24)
https://www.malwarebytes.com/blog/news/2023/09/a-week-in-security-september-18-september-24
From ScreenConnect to Hive Ransomware in 61 hours
https://www.reddit.com/r/netsec/comments/16rqm3a/from_screenconnect_to_hive_ransomware_in_61_hours/
What does a car need to know about your sex life? Lock and Code S04E20
https://www.malwarebytes.com/blog/podcast/2023/09/what-does-a-car-need-to-know-about-your-sex-life
City Of Dallas Details Ransomware Attack Impact, Costs
https://packetstormsecurity.com/news/view/35048/City-Of-Dallas-Details-Ransomware-Attack-Impact-Costs.html
Gelsimium and other activity in China's interest. Cyber tabletop exercises. Spyware infestations. A shift in cyberespionage targeting.
https://thecyberwire.com/newsletters/daily-briefing/12/183
TikTok flooded with fake celebrity nude photo Temu referrals
https://www.malwarebytes.com/blog/personal/2023/09/tiktok-flooded-with-fake-celebrity-nude-photo-temu-referrals
Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals
https://thehackernews.com/2023/09/ukrainian-military-targeted-in-phishing.html
Nearly 900 colleges hit by MOVEit hack on National Student Clearinghouse
https://malware.news/t/nearly-900-colleges-hit-by-moveit-hack-on-national-student-clearinghouse/73823#post_1
Deal for Splunk brings new capabilities and competitors to Cisco
https://malware.news/t/deal-for-splunk-brings-new-capabilities-and-competitors-to-cisco/73825#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Analysis of CVE-2023-38831 Zero-Day vulnerability in WinRAR
https://www.reddit.com/r/netsec/comments/16s2b18/analysis_of_cve202338831_zeroday_vulnerability_in/
A week in security (September 18 - September 24)
https://www.malwarebytes.com/blog/news/2023/09/a-week-in-security-september-18-september-24
From ScreenConnect to Hive Ransomware in 61 hours
https://www.reddit.com/r/netsec/comments/16rqm3a/from_screenconnect_to_hive_ransomware_in_61_hours/
What does a car need to know about your sex life? Lock and Code S04E20
https://www.malwarebytes.com/blog/podcast/2023/09/what-does-a-car-need-to-know-about-your-sex-life
City Of Dallas Details Ransomware Attack Impact, Costs
https://packetstormsecurity.com/news/view/35048/City-Of-Dallas-Details-Ransomware-Attack-Impact-Costs.html
Gelsimium and other activity in China's interest. Cyber tabletop exercises. Spyware infestations. A shift in cyberespionage targeting.
https://thecyberwire.com/newsletters/daily-briefing/12/183
TikTok flooded with fake celebrity nude photo Temu referrals
https://www.malwarebytes.com/blog/personal/2023/09/tiktok-flooded-with-fake-celebrity-nude-photo-temu-referrals
Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals
https://thehackernews.com/2023/09/ukrainian-military-targeted-in-phishing.html
Nearly 900 colleges hit by MOVEit hack on National Student Clearinghouse
https://malware.news/t/nearly-900-colleges-hit-by-moveit-hack-on-national-student-clearinghouse/73823#post_1
Deal for Splunk brings new capabilities and competitors to Cisco
https://malware.news/t/deal-for-splunk-brings-new-capabilities-and-competitors-to-cisco/73825#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Analysis of CVE-2023-38831 Zero-Day vulnerability in WinRAR
Explore this post and more from the netsec community
Top Security News for 27/09/2023
Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents (some involving Cl0p). DeFi platforms hit. The UK hunts forward.
https://thecyberwire.com/podcasts/daily-podcast/1914/notes
A new spin on the ZeroFont phishing technique, (Tue, Sep 26th)
https://isc.sans.edu/diary/rss/30248
Apple Releases MacOS Sonoma Including Numerous Security Patches, (Tue, Sep 26th)
https://isc.sans.edu/diary/rss/30252
ISC Stormcast For Tuesday, September 26th, 2023 https://isc.sans.edu/podcastdetail/8674, (Tue, Sep 26th)
https://isc.sans.edu/diary/rss/30250
Webinar: Bridging digital transformation & cybersecurity
https://www.malwarebytes.com/blog/business/2023/09/webinar-bridging-digital-transformation-cybersecurity
ISC Stormcast For Wednesday, September 27th, 2023 https://isc.sans.edu/podcastdetail/8676, (Wed, Sep 27th)
https://malware.news/t/isc-stormcast-for-wednesday-september-27th-2023-https-isc-sans-edu-podcastdetail-8676-wed-sep-27th/73884#post_1
NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/26-09-2023
Xenomorph Android Banking Trojan Targeting Users In US, Canada
https://packetstormsecurity.com/news/view/35054/Xenomorph-Android-Banking-Trojan-Targeting-Users-In-US-Canada.html
Guide to hacking htmx applications
https://www.reddit.com/r/netsec/comments/16st64v/guide_to_hacking_htmx_applications/
CVE-2023-42793: Critical RCE Vulnerability in TeamCity On-Premises
https://malware.news/t/cve-2023-42793-critical-rce-vulnerability-in-teamcity-on-premises/73885#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents (some involving Cl0p). DeFi platforms hit. The UK hunts forward.
https://thecyberwire.com/podcasts/daily-podcast/1914/notes
A new spin on the ZeroFont phishing technique, (Tue, Sep 26th)
https://isc.sans.edu/diary/rss/30248
Apple Releases MacOS Sonoma Including Numerous Security Patches, (Tue, Sep 26th)
https://isc.sans.edu/diary/rss/30252
ISC Stormcast For Tuesday, September 26th, 2023 https://isc.sans.edu/podcastdetail/8674, (Tue, Sep 26th)
https://isc.sans.edu/diary/rss/30250
Webinar: Bridging digital transformation & cybersecurity
https://www.malwarebytes.com/blog/business/2023/09/webinar-bridging-digital-transformation-cybersecurity
ISC Stormcast For Wednesday, September 27th, 2023 https://isc.sans.edu/podcastdetail/8676, (Wed, Sep 27th)
https://malware.news/t/isc-stormcast-for-wednesday-september-27th-2023-https-isc-sans-edu-podcastdetail-8676-wed-sep-27th/73884#post_1
NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/26-09-2023
Xenomorph Android Banking Trojan Targeting Users In US, Canada
https://packetstormsecurity.com/news/view/35054/Xenomorph-Android-Banking-Trojan-Targeting-Users-In-US-Canada.html
Guide to hacking htmx applications
https://www.reddit.com/r/netsec/comments/16st64v/guide_to_hacking_htmx_applications/
CVE-2023-42793: Critical RCE Vulnerability in TeamCity On-Premises
https://malware.news/t/cve-2023-42793-critical-rce-vulnerability-in-teamcity-on-premises/73885#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents…
An advanced phishing campaign hits hospitality industry. An information-stealing campaign deploys ZenRAT. More MOVEit-related data breaches are disclosed. Mixin Network suspends deposits and withdrawals. The OpenSea NFT market warns of third-party risk to…
Top Security News for 28/09/2023
Xenomorph hunts cryptocurrency logins on Android
https://www.malwarebytes.com/blog/personal/2023/09/xenomorph-hunts-cryptocurrency-logins-on-android
New security features in Windows 11 protect users and empower IT
https://www.microsoft.com/en-us/security/blog/2023/09/26/new-security-features-in-windows-11-protect-users-and-empower-it/
What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.
https://thecyberwire.com/podcasts/daily-podcast/1915/notes
Chalk - Total visibility of your software engineering lifecycle
https://www.reddit.com/r/netsec/comments/16tpcbc/chalk_total_visibility_of_your_software/
Cyberespionage updates. Notes on the cyber underworld. Claims of a compromise at Sony. DDoS and API attacks hit the financial sector. FCC plans to restore net neutrality.
https://thecyberwire.com/newsletters/daily-briefing/12/185
Cisco advisory: Reports about bad Actors Hiding in Router Firmware
https://www.reddit.com/r/netsec/comments/16tvvfz/cisco_advisory_reports_about_bad_actors_hiding_in/
Cisco to acquire Splunk for $28 billion. Cato Networks secures $238 million. Ransomware increasingly cited in cyber insurance claims.
https://thecyberwire.com/newsletters/business-briefing/5/39
Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors
https://thehackernews.com/2023/09/red-cross-themed-phishing-attacks.html
DarkBeam leaks billions of email and password combinations
https://securityaffairs.com/151566/security/darkbeam-data-leak.html
Malwarebytes Admin update: New Detection screens to manage threats!
https://www.malwarebytes.com/blog/business/2023/09/malwarebytes-admin-1.2-update-new-detection-screens-to-manage-threats
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Xenomorph hunts cryptocurrency logins on Android
https://www.malwarebytes.com/blog/personal/2023/09/xenomorph-hunts-cryptocurrency-logins-on-android
New security features in Windows 11 protect users and empower IT
https://www.microsoft.com/en-us/security/blog/2023/09/26/new-security-features-in-windows-11-protect-users-and-empower-it/
What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.
https://thecyberwire.com/podcasts/daily-podcast/1915/notes
Chalk - Total visibility of your software engineering lifecycle
https://www.reddit.com/r/netsec/comments/16tpcbc/chalk_total_visibility_of_your_software/
Cyberespionage updates. Notes on the cyber underworld. Claims of a compromise at Sony. DDoS and API attacks hit the financial sector. FCC plans to restore net neutrality.
https://thecyberwire.com/newsletters/daily-briefing/12/185
Cisco advisory: Reports about bad Actors Hiding in Router Firmware
https://www.reddit.com/r/netsec/comments/16tvvfz/cisco_advisory_reports_about_bad_actors_hiding_in/
Cisco to acquire Splunk for $28 billion. Cato Networks secures $238 million. Ransomware increasingly cited in cyber insurance claims.
https://thecyberwire.com/newsletters/business-briefing/5/39
Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors
https://thehackernews.com/2023/09/red-cross-themed-phishing-attacks.html
DarkBeam leaks billions of email and password combinations
https://securityaffairs.com/151566/security/darkbeam-data-leak.html
Malwarebytes Admin update: New Detection screens to manage threats!
https://www.malwarebytes.com/blog/business/2023/09/malwarebytes-admin-1.2-update-new-detection-screens-to-manage-threats
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malwarebytes
Xenomorph hunts cryptocurrency logins on Android
We take a look at a new Android scam involving Xenomorph malware and a hunt for cryptocurrency credentials.
Top Security News for 29/09/2023
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
https://www.reddit.com/r/Malware/comments/16uqozg/exploring_scamclub_payloads_via_deobfuscation/
A Practical Approach to SBOM in CI/CD Part II — Deploying Dependency-Track
https://www.reddit.com/r/netsec/comments/16ujwre/a_practical_approach_to_sbom_in_cicd_part_ii/
Wifi without internet on a Southwest flight
https://www.reddit.com/r/netsec/comments/16v2z9s/wifi_without_internet_on_a_southwest_flight/
A Practical Approach to SBOM in CI/CD Part II — Deploying Dependency-Track
https://www.reddit.com/r/netsec/comments/16ujwre/a_practical_approach_to_sbom_in_cicd_part_ii/
A cryptor, a stealer and a banking trojan
https://securelist.com/crimeware-report-asmcrypt-loader-lumma-stealer-zanubis-banker/110512/
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
https://www.reddit.com/r/netsec/comments/16uqeyg/exploring_scamclub_payloads_via_deobfuscation/
Any way to convert yahoo raw messages to actual text?
https://www.reddit.com/r/lowlevel/comments/16uk8q7/any_way_to_convert_yahoo_raw_messages_to_actual/
Malicious ad served inside Bing's AI chatbot
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot
Vulnerability resolution enhanced by integrations
https://securityintelligence.com/posts/vulnerability-resolution-enhanced-by-integrations/
ISC Stormcast For Friday, September 29th, 2023 https://isc.sans.edu/podcastdetail/8680, (Fri, Sep 29th)
https://isc.sans.edu/diary/rss/30260
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
https://www.reddit.com/r/Malware/comments/16uqozg/exploring_scamclub_payloads_via_deobfuscation/
A Practical Approach to SBOM in CI/CD Part II — Deploying Dependency-Track
https://www.reddit.com/r/netsec/comments/16ujwre/a_practical_approach_to_sbom_in_cicd_part_ii/
Wifi without internet on a Southwest flight
https://www.reddit.com/r/netsec/comments/16v2z9s/wifi_without_internet_on_a_southwest_flight/
A Practical Approach to SBOM in CI/CD Part II — Deploying Dependency-Track
https://www.reddit.com/r/netsec/comments/16ujwre/a_practical_approach_to_sbom_in_cicd_part_ii/
A cryptor, a stealer and a banking trojan
https://securelist.com/crimeware-report-asmcrypt-loader-lumma-stealer-zanubis-banker/110512/
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
https://www.reddit.com/r/netsec/comments/16uqeyg/exploring_scamclub_payloads_via_deobfuscation/
Any way to convert yahoo raw messages to actual text?
https://www.reddit.com/r/lowlevel/comments/16uk8q7/any_way_to_convert_yahoo_raw_messages_to_actual/
Malicious ad served inside Bing's AI chatbot
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot
Vulnerability resolution enhanced by integrations
https://securityintelligence.com/posts/vulnerability-resolution-enhanced-by-integrations/
ISC Stormcast For Friday, September 29th, 2023 https://isc.sans.edu/podcastdetail/8680, (Fri, Sep 29th)
https://isc.sans.edu/diary/rss/30260
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the Malware community on Reddit: Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
Explore this post and more from the Malware community
Top Security News for 30/09/2023
FBI: Ransomware Actors Launching 'Dual' Attacks
https://malware.news/t/fbi-ransomware-actors-launching-dual-attacks/74022#post_1
2023-09-28 - IcedID (Bokbot) infection with Keyhole VNC and Cobalt Strike
https://malware.news/t/2023-09-28-icedid-bokbot-infection-with-keyhole-vnc-and-cobalt-strike/74026#post_1
Chatbot serves malvertising. Open source library issue. Cl0p switches to torrents. Influence ops and WMD.
https://thecyberwire.com/newsletters/daily-briefing/12/187
Johnson Controls Hit By Ransomware
https://packetstormsecurity.com/news/view/35073/Johnson-Controls-Hit-By-Ransomware.html
New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks
https://thehackernews.com/2023/09/new-critical-security-flaws-expose-exim.html
Dependabot impersonators cause trouble on GitHub
https://www.malwarebytes.com/blog/personal/2023/09/dependabot-impersonators-cause-trouble-on-github
Malicious ads in a chatbot.
https://thecyberwire.com/stories/b5f71f490fc14d62aaa1c6c8324b19a7/malicious-ads-in-a-chatbot
Update Chrome now! Google patches another actively exploited vulnerability
https://www.malwarebytes.com/blog/news/2023/09/update-chrome-now-google-patches-another-actively-exploited-vulnerability
A still unpatched zero-day RCE impacts more than 3.5M Exim servers
https://securityaffairs.com/151693/hacking/cve-2023-42115-exim-mail-transfer.html
Post-Quantum Cryptography: Finally Real in Consumer Apps?
https://thehackernews.com/2023/09/post-quantum-cryptography-finally-real.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
FBI: Ransomware Actors Launching 'Dual' Attacks
https://malware.news/t/fbi-ransomware-actors-launching-dual-attacks/74022#post_1
2023-09-28 - IcedID (Bokbot) infection with Keyhole VNC and Cobalt Strike
https://malware.news/t/2023-09-28-icedid-bokbot-infection-with-keyhole-vnc-and-cobalt-strike/74026#post_1
Chatbot serves malvertising. Open source library issue. Cl0p switches to torrents. Influence ops and WMD.
https://thecyberwire.com/newsletters/daily-briefing/12/187
Johnson Controls Hit By Ransomware
https://packetstormsecurity.com/news/view/35073/Johnson-Controls-Hit-By-Ransomware.html
New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks
https://thehackernews.com/2023/09/new-critical-security-flaws-expose-exim.html
Dependabot impersonators cause trouble on GitHub
https://www.malwarebytes.com/blog/personal/2023/09/dependabot-impersonators-cause-trouble-on-github
Malicious ads in a chatbot.
https://thecyberwire.com/stories/b5f71f490fc14d62aaa1c6c8324b19a7/malicious-ads-in-a-chatbot
Update Chrome now! Google patches another actively exploited vulnerability
https://www.malwarebytes.com/blog/news/2023/09/update-chrome-now-google-patches-another-actively-exploited-vulnerability
A still unpatched zero-day RCE impacts more than 3.5M Exim servers
https://securityaffairs.com/151693/hacking/cve-2023-42115-exim-mail-transfer.html
Post-Quantum Cryptography: Finally Real in Consumer Apps?
https://thehackernews.com/2023/09/post-quantum-cryptography-finally-real.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
FBI: Ransomware Actors Launching 'Dual' Attacks
The FBI is warning of dual ransomware attacks, where victim organizations are hit with two different types of ransomware variants in quick succession - sometimes within 48 hours of each other. Several factors are enabling these types of dual attacks. Attackers…
Top Security News for 24/10/2023
Social engineering for espionage and for profit.
https://thecyberwire.com/newsletters/daily-briefing/12/202
Java Deserialization Vulnerability Still Alive
https://www.reddit.com/r/netsec/comments/17elc1g/java_deserialization_vulnerability_still_alive/
Ukraine at D+606: Ukraine continues diversionary raids into Russian-occupied territory.
https://thecyberwire.com/stories/4a96f74f946b493aaa423637d0285111/ukraine-at-d606
Cybersecurity as a Service: A new, flexible model for security program development and operation
https://malware.news/t/cybersecurity-as-a-service-a-new-flexible-model-for-security-program-development-and-operation/74846#post_1
A Deep Dive into Cactus Ransomware
https://www.reddit.com/r/netsec/comments/17ejwup/a_deep_dive_into_cactus_ransomware/
ISC Stormcast For Tuesday, October 24th, 2023 https://isc.sans.edu/podcastdetail/8714, (Tue, Oct 24th)
https://malware.news/t/isc-stormcast-for-tuesday-october-24th-2023-https-isc-sans-edu-podcastdetail-8714-tue-oct-24th/74848#post_1
Unpacking the Use of Steganography in Recent Malware Attacks
https://malware.news/t/unpacking-the-use-of-steganography-in-recent-malware-attacks/74851#post_1
1Password Detects Suspicious Activity Following Okta Support Breach
https://thehackernews.com/2023/10/1password-detects-suspicious-activity.html
Cybersecurity Awareness Month 2023: Reflecting on 20 years of Patch Tuesday
https://malware.news/t/cybersecurity-awareness-month-2023-reflecting-on-20-years-of-patch-tuesday/74850#post_1
ISC StormCast for Tuesday, October 24th, 2023
https://isc.sans.edu/podcastdetail/8714
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Social engineering for espionage and for profit.
https://thecyberwire.com/newsletters/daily-briefing/12/202
Java Deserialization Vulnerability Still Alive
https://www.reddit.com/r/netsec/comments/17elc1g/java_deserialization_vulnerability_still_alive/
Ukraine at D+606: Ukraine continues diversionary raids into Russian-occupied territory.
https://thecyberwire.com/stories/4a96f74f946b493aaa423637d0285111/ukraine-at-d606
Cybersecurity as a Service: A new, flexible model for security program development and operation
https://malware.news/t/cybersecurity-as-a-service-a-new-flexible-model-for-security-program-development-and-operation/74846#post_1
A Deep Dive into Cactus Ransomware
https://www.reddit.com/r/netsec/comments/17ejwup/a_deep_dive_into_cactus_ransomware/
ISC Stormcast For Tuesday, October 24th, 2023 https://isc.sans.edu/podcastdetail/8714, (Tue, Oct 24th)
https://malware.news/t/isc-stormcast-for-tuesday-october-24th-2023-https-isc-sans-edu-podcastdetail-8714-tue-oct-24th/74848#post_1
Unpacking the Use of Steganography in Recent Malware Attacks
https://malware.news/t/unpacking-the-use-of-steganography-in-recent-malware-attacks/74851#post_1
1Password Detects Suspicious Activity Following Okta Support Breach
https://thehackernews.com/2023/10/1password-detects-suspicious-activity.html
Cybersecurity Awareness Month 2023: Reflecting on 20 years of Patch Tuesday
https://malware.news/t/cybersecurity-awareness-month-2023-reflecting-on-20-years-of-patch-tuesday/74850#post_1
ISC StormCast for Tuesday, October 24th, 2023
https://isc.sans.edu/podcastdetail/8714
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
N2K CyberWire
Social engineering for espionage and for profit.
Okta discloses a data exposure incident. Cisco works to fix zero-day. DPRK threat actors pose as IT workers. Five Eyes warn of AI-enabled Chinese espionage. Job posting as phishbait. The risk of first-party fraud. The Quasar RAT and DLL side-loading. Hacktivists…
Top Security News for 25/10/2023
CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
https://www.reddit.com/r/netsec/comments/17f9yci/cve202333466_exploiting_healthcare_servers_with/
[Crypto] Why authenticated encryption and MAC is so important
https://www.reddit.com/r/netsec/comments/17fg28x/crypto_why_authenticated_encryption_and_mac_is_so/
Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia
https://thehackernews.com/2023/10/ex-nsa-employee-pleads-guilty-to.html
AI vs. human deceit: Unravelling the new age of phishing tactics
https://securityintelligence.com/posts/ai-vs-human-deceit-unravelling-new-age-phishing-tactics/
ISC StormCast for Wednesday, October 25th, 2023
https://isc.sans.edu/podcastdetail/8716
Make API Management Less Scary for Your Organization
https://thehackernews.com/2023/10/make-api-management-less-scary-for-your.html
Two new things to worry about: how long it takes to read the fine print, and bed bug disinformation.
https://thecyberwire.com/podcasts/daily-podcast/1933/notes
Google Chrome wants to hide your IP address
https://www.malwarebytes.com/blog/news/2023/10/google-wants-to-introduce-ip-protection-feature-for-chrome
Amazon adds passkeys so you can sign in without a pesky password
https://malware.news/t/amazon-adds-passkeys-so-you-can-sign-in-without-a-pesky-password/74898#post_1
Now Android and Windows devices aren't safe from Flipper Zero either
https://malware.news/t/now-android-and-windows-devices-arent-safe-from-flipper-zero-either/74897#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
https://www.reddit.com/r/netsec/comments/17f9yci/cve202333466_exploiting_healthcare_servers_with/
[Crypto] Why authenticated encryption and MAC is so important
https://www.reddit.com/r/netsec/comments/17fg28x/crypto_why_authenticated_encryption_and_mac_is_so/
Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia
https://thehackernews.com/2023/10/ex-nsa-employee-pleads-guilty-to.html
AI vs. human deceit: Unravelling the new age of phishing tactics
https://securityintelligence.com/posts/ai-vs-human-deceit-unravelling-new-age-phishing-tactics/
ISC StormCast for Wednesday, October 25th, 2023
https://isc.sans.edu/podcastdetail/8716
Make API Management Less Scary for Your Organization
https://thehackernews.com/2023/10/make-api-management-less-scary-for-your.html
Two new things to worry about: how long it takes to read the fine print, and bed bug disinformation.
https://thecyberwire.com/podcasts/daily-podcast/1933/notes
Google Chrome wants to hide your IP address
https://www.malwarebytes.com/blog/news/2023/10/google-wants-to-introduce-ip-protection-feature-for-chrome
Amazon adds passkeys so you can sign in without a pesky password
https://malware.news/t/amazon-adds-passkeys-so-you-can-sign-in-without-a-pesky-password/74898#post_1
Now Android and Windows devices aren't safe from Flipper Zero either
https://malware.news/t/now-android-and-windows-devices-arent-safe-from-flipper-zero-either/74897#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
Explore this post and more from the netsec community