Top Security News for 22/09/2023
Malware-spreading phishing attacks target Chinese users
https://malware.news/t/malware-spreading-phishing-attacks-target-chinese-users/73734#post_1
ISC Stormcast For Friday, September 22nd, 2023 https://isc.sans.edu/podcastdetail/8670, (Fri, Sep 22nd)
https://isc.sans.edu/diary/rss/30240
ISC Stormcast For Friday, September 22nd, 2023 https://isc.sans.edu/podcastdetail/8670, (Fri, Sep 22nd)
https://malware.news/t/isc-stormcast-for-friday-september-22nd-2023-https-isc-sans-edu-podcastdetail-8670-fri-sep-22nd/73735#post_1
Overview of IoT threats in 2023
https://securelist.com/iot-threat-report-2023/110644/
The WebP 0day
https://www.reddit.com/r/netsec/comments/16ooziz/the_webp_0day/
Ukraine at D+574: Breaching the Surovikin Line.
https://thecyberwire.com/stories/ae9ca76fcc6c47d29af4a334f759e64d/ukraine-at-d574
Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS, (Thu, Sep 21st)
https://isc.sans.edu/diary/rss/30238
Funding round secures $40M for Legit Security
https://malware.news/t/funding-round-secures-40m-for-legit-security/73732#post_1
Sewage, Squatters, Disease: U.S. Military Barracks Are Depressing Hellholes, Watchdog Finds
https://www.vice.com/en_us/article/wxjp3b/sewage-squatters-disease-us-military-barracks-are-depressing-hellholes-watchdog-finds
The WebP 0day
https://www.reddit.com/r/netsec/comments/16ooziz/the_webp_0day/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware-spreading phishing attacks target Chinese users
https://malware.news/t/malware-spreading-phishing-attacks-target-chinese-users/73734#post_1
ISC Stormcast For Friday, September 22nd, 2023 https://isc.sans.edu/podcastdetail/8670, (Fri, Sep 22nd)
https://isc.sans.edu/diary/rss/30240
ISC Stormcast For Friday, September 22nd, 2023 https://isc.sans.edu/podcastdetail/8670, (Fri, Sep 22nd)
https://malware.news/t/isc-stormcast-for-friday-september-22nd-2023-https-isc-sans-edu-podcastdetail-8670-fri-sep-22nd/73735#post_1
Overview of IoT threats in 2023
https://securelist.com/iot-threat-report-2023/110644/
The WebP 0day
https://www.reddit.com/r/netsec/comments/16ooziz/the_webp_0day/
Ukraine at D+574: Breaching the Surovikin Line.
https://thecyberwire.com/stories/ae9ca76fcc6c47d29af4a334f759e64d/ukraine-at-d574
Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS, (Thu, Sep 21st)
https://isc.sans.edu/diary/rss/30238
Funding round secures $40M for Legit Security
https://malware.news/t/funding-round-secures-40m-for-legit-security/73732#post_1
Sewage, Squatters, Disease: U.S. Military Barracks Are Depressing Hellholes, Watchdog Finds
https://www.vice.com/en_us/article/wxjp3b/sewage-squatters-disease-us-military-barracks-are-depressing-hellholes-watchdog-finds
The WebP 0day
https://www.reddit.com/r/netsec/comments/16ooziz/the_webp_0day/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Malware-spreading phishing attacks target Chinese users
More than 30 email phishing campaigns have been launched to deploy various malware strains against Chinese users since early this year, The Hacker News reports. Article Link: Malware-spreading phishing attacks target Chinese users | SC Media
Top Security News for 23/09/2023
Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware
https://securityaffairs.com/151218/mobile-2/apple-chrome-zero-days-predator-spyware.html
T-Mobile spills billing information to other customers
https://www.malwarebytes.com/blog/news/2023/09/t-mobile-spills-billing-information-to-other-customers
Iranian Nation-State Actor OilRig Targets Israeli Organizations
https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html
Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records
https://www.reddit.com/r/netsec/comments/16p752a/critical_dicom_server_misconfigurations_lead_to/
Experts warn of a 600X increase in P2Pinfect traffic
https://securityaffairs.com/151182/malware/p2pinfect-botnet-surge.html
Cryptomining malware detected on a Russian thesaurus with 5 Million+ monthly visits
https://www.reddit.com/r/netsec/comments/16p7yhe/cryptomining_malware_detected_on_a_russian/
Emergency update! Apple patches three zero-days
https://malware.news/t/emergency-update-apple-patches-three-zero-days/73772#post_1
Defeating Visual Studio Code embedded reverse shell
https://www.reddit.com/r/netsec/comments/16pjfsx/defeating_visual_studio_code_embedded_reverse/
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
https://thehackernews.com/2023/09/high-severity-flaws-uncovered-in.html
Enter the Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.
https://thecyberwire.com/podcasts/daily-podcast/1912/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware
https://securityaffairs.com/151218/mobile-2/apple-chrome-zero-days-predator-spyware.html
T-Mobile spills billing information to other customers
https://www.malwarebytes.com/blog/news/2023/09/t-mobile-spills-billing-information-to-other-customers
Iranian Nation-State Actor OilRig Targets Israeli Organizations
https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html
Critical DICOM Server Misconfigurations Lead to Exposure of 1.6M Medical Records
https://www.reddit.com/r/netsec/comments/16p752a/critical_dicom_server_misconfigurations_lead_to/
Experts warn of a 600X increase in P2Pinfect traffic
https://securityaffairs.com/151182/malware/p2pinfect-botnet-surge.html
Cryptomining malware detected on a Russian thesaurus with 5 Million+ monthly visits
https://www.reddit.com/r/netsec/comments/16p7yhe/cryptomining_malware_detected_on_a_russian/
Emergency update! Apple patches three zero-days
https://malware.news/t/emergency-update-apple-patches-three-zero-days/73772#post_1
Defeating Visual Studio Code embedded reverse shell
https://www.reddit.com/r/netsec/comments/16pjfsx/defeating_visual_studio_code_embedded_reverse/
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
https://thehackernews.com/2023/09/high-severity-flaws-uncovered-in.html
Enter the Sandman. A look at an initial access broker. Iran’s OilRig hits Israeli targets. Cyber ops and soft power. Update on casino ransomware attacks. Bermuda’s government sustains cyberattacks.
https://thecyberwire.com/podcasts/daily-podcast/1912/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Affairs
Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware
Citizen Lab and Google's TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware.
Top Security News for 24/09/2023
Scanning for Laravel - a PHP Framework for Web Artisants, (Sat, Sep 23rd)
https://malware.news/t/scanning-for-laravel-a-php-framework-for-web-artisants-sat-sep-23rd/73777#post_1
Government of Bermuda blames Russian threat actors for the cyber attack
https://securityaffairs.com/151273/hacking/government-of-bermuda-cyberattack.html
ESET's cutting-edge threat research at LABScon – Week in security with Tony Anscombe
https://malware.news/t/esets-cutting-edge-threat-research-at-labscon-week-in-security-with-tony-anscombe/73775#post_1
Stealth Falcon preying over Middle Eastern skies with Deadglyph
https://malware.news/t/stealth-falcon-preying-over-middle-eastern-skies-with-deadglyph/73776#post_1
Merritt Baer: No one has to go down for you to go up. [CISO]
https://thecyberwire.com/podcasts/career-notes/168/notes
City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack
https://securityaffairs.com/151264/data-breach/city-of-dallas-royal-ransomware-attack-may.html
Rooting vs routing.
https://thecyberwire.com/podcasts/hacking-humans-goes-to-the-movies/22/notes
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
https://thehackernews.com/2023/09/latest-apple-zero-days-used-to-hack.html
False positive or not
https://www.reddit.com/r/Malware/comments/16qhrg3/false_positive_or_not/
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics
https://thehackernews.com/2023/09/deadglyph-new-advanced-backdoor-with.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Scanning for Laravel - a PHP Framework for Web Artisants, (Sat, Sep 23rd)
https://malware.news/t/scanning-for-laravel-a-php-framework-for-web-artisants-sat-sep-23rd/73777#post_1
Government of Bermuda blames Russian threat actors for the cyber attack
https://securityaffairs.com/151273/hacking/government-of-bermuda-cyberattack.html
ESET's cutting-edge threat research at LABScon – Week in security with Tony Anscombe
https://malware.news/t/esets-cutting-edge-threat-research-at-labscon-week-in-security-with-tony-anscombe/73775#post_1
Stealth Falcon preying over Middle Eastern skies with Deadglyph
https://malware.news/t/stealth-falcon-preying-over-middle-eastern-skies-with-deadglyph/73776#post_1
Merritt Baer: No one has to go down for you to go up. [CISO]
https://thecyberwire.com/podcasts/career-notes/168/notes
City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack
https://securityaffairs.com/151264/data-breach/city-of-dallas-royal-ransomware-attack-may.html
Rooting vs routing.
https://thecyberwire.com/podcasts/hacking-humans-goes-to-the-movies/22/notes
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
https://thehackernews.com/2023/09/latest-apple-zero-days-used-to-hack.html
False positive or not
https://www.reddit.com/r/Malware/comments/16qhrg3/false_positive_or_not/
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics
https://thehackernews.com/2023/09/deadglyph-new-advanced-backdoor-with.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Scanning for Laravel - a PHP Framework for Web Artisants, (Sat, Sep 23rd)
Today while reviewing my honeypot logs, I noticed an HTTP request for a directory this week I had not noticed before that included Laravel: Article Link: https://isc.sans.edu/diary/rss/30242
Top Security News for 25/09/2023
Customer Reviews — A Powerful KPI for an E-Commerce Business
https://malware.news/t/customer-reviews-a-powerful-kpi-for-an-e-commerce-business/73782#post_1
Threat intelligence discussion with Chris Krebs.
https://thecyberwire.com/podcasts/special-edition/54/notes
CoinMiner Distribution Process within Infiltrated Systems (Detected by EDR)
https://malware.news/t/coinminer-distribution-process-within-infiltrated-systems-detected-by-edr/73778#post_1
ISC Stormcast For Monday, September 25th, 2023 https://isc.sans.edu/podcastdetail/8672, (Mon, Sep 25th)
https://malware.news/t/isc-stormcast-for-monday-september-25th-2023-https-isc-sans-edu-podcastdetail-8672-mon-sep-25th/73781#post_1
Past week in brief - Microsoft's 38TB Data Leak, Cisco's Splunk Acquisition, Apple's Triple Zero-Days, LastPass Security Update, and OpenAI's Red Teaming Initiative
https://www.reddit.com/r/netsec/comments/16qss5g/past_week_in_brief_microsofts_38tb_data_leak/
From ScreenConnect to Hive Ransomware in 61 hours
https://malware.news/t/from-screenconnect-to-hive-ransomware-in-61-hours/73779#post_1
New variant of BBTok Trojan targets users of +40 banks in LATAM
https://securityaffairs.com/151360/malware/bbtok-trojan-latam.html
National Student Clearinghouse data breach impacted approximately 900 US schools
https://securityaffairs.com/151281/data-breach/national-student-clearinghouse-data-breach.html
Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars
https://securityaffairs.com/151299/data-breach/alphv-ransomware-hacked-clarion.html
Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition
https://securityaffairs.com/151293/breaking-news/security-affairs-newsletter-round-438-by-pierluigi-paganini-international-edition.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Customer Reviews — A Powerful KPI for an E-Commerce Business
https://malware.news/t/customer-reviews-a-powerful-kpi-for-an-e-commerce-business/73782#post_1
Threat intelligence discussion with Chris Krebs.
https://thecyberwire.com/podcasts/special-edition/54/notes
CoinMiner Distribution Process within Infiltrated Systems (Detected by EDR)
https://malware.news/t/coinminer-distribution-process-within-infiltrated-systems-detected-by-edr/73778#post_1
ISC Stormcast For Monday, September 25th, 2023 https://isc.sans.edu/podcastdetail/8672, (Mon, Sep 25th)
https://malware.news/t/isc-stormcast-for-monday-september-25th-2023-https-isc-sans-edu-podcastdetail-8672-mon-sep-25th/73781#post_1
Past week in brief - Microsoft's 38TB Data Leak, Cisco's Splunk Acquisition, Apple's Triple Zero-Days, LastPass Security Update, and OpenAI's Red Teaming Initiative
https://www.reddit.com/r/netsec/comments/16qss5g/past_week_in_brief_microsofts_38tb_data_leak/
From ScreenConnect to Hive Ransomware in 61 hours
https://malware.news/t/from-screenconnect-to-hive-ransomware-in-61-hours/73779#post_1
New variant of BBTok Trojan targets users of +40 banks in LATAM
https://securityaffairs.com/151360/malware/bbtok-trojan-latam.html
National Student Clearinghouse data breach impacted approximately 900 US schools
https://securityaffairs.com/151281/data-breach/national-student-clearinghouse-data-breach.html
Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars
https://securityaffairs.com/151299/data-breach/alphv-ransomware-hacked-clarion.html
Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition
https://securityaffairs.com/151293/breaking-news/security-affairs-newsletter-round-438-by-pierluigi-paganini-international-edition.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Customer Reviews — A Powerful KPI for an E-Commerce Business
Customer Reviews — A Powerful KPI for an E-Commerce BusinessWhen was the last time you booked a hotel for your most-awaited trip or bought yourself a pretty dress from the comfort of your home? Maybe a few days or a few weeks back? And I am guessing you’d…
Top Security News for 26/09/2023
Analysis of CVE-2023-38831 Zero-Day vulnerability in WinRAR
https://www.reddit.com/r/netsec/comments/16s2b18/analysis_of_cve202338831_zeroday_vulnerability_in/
A week in security (September 18 - September 24)
https://www.malwarebytes.com/blog/news/2023/09/a-week-in-security-september-18-september-24
From ScreenConnect to Hive Ransomware in 61 hours
https://www.reddit.com/r/netsec/comments/16rqm3a/from_screenconnect_to_hive_ransomware_in_61_hours/
What does a car need to know about your sex life? Lock and Code S04E20
https://www.malwarebytes.com/blog/podcast/2023/09/what-does-a-car-need-to-know-about-your-sex-life
City Of Dallas Details Ransomware Attack Impact, Costs
https://packetstormsecurity.com/news/view/35048/City-Of-Dallas-Details-Ransomware-Attack-Impact-Costs.html
Gelsimium and other activity in China's interest. Cyber tabletop exercises. Spyware infestations. A shift in cyberespionage targeting.
https://thecyberwire.com/newsletters/daily-briefing/12/183
TikTok flooded with fake celebrity nude photo Temu referrals
https://www.malwarebytes.com/blog/personal/2023/09/tiktok-flooded-with-fake-celebrity-nude-photo-temu-referrals
Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals
https://thehackernews.com/2023/09/ukrainian-military-targeted-in-phishing.html
Nearly 900 colleges hit by MOVEit hack on National Student Clearinghouse
https://malware.news/t/nearly-900-colleges-hit-by-moveit-hack-on-national-student-clearinghouse/73823#post_1
Deal for Splunk brings new capabilities and competitors to Cisco
https://malware.news/t/deal-for-splunk-brings-new-capabilities-and-competitors-to-cisco/73825#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Analysis of CVE-2023-38831 Zero-Day vulnerability in WinRAR
https://www.reddit.com/r/netsec/comments/16s2b18/analysis_of_cve202338831_zeroday_vulnerability_in/
A week in security (September 18 - September 24)
https://www.malwarebytes.com/blog/news/2023/09/a-week-in-security-september-18-september-24
From ScreenConnect to Hive Ransomware in 61 hours
https://www.reddit.com/r/netsec/comments/16rqm3a/from_screenconnect_to_hive_ransomware_in_61_hours/
What does a car need to know about your sex life? Lock and Code S04E20
https://www.malwarebytes.com/blog/podcast/2023/09/what-does-a-car-need-to-know-about-your-sex-life
City Of Dallas Details Ransomware Attack Impact, Costs
https://packetstormsecurity.com/news/view/35048/City-Of-Dallas-Details-Ransomware-Attack-Impact-Costs.html
Gelsimium and other activity in China's interest. Cyber tabletop exercises. Spyware infestations. A shift in cyberespionage targeting.
https://thecyberwire.com/newsletters/daily-briefing/12/183
TikTok flooded with fake celebrity nude photo Temu referrals
https://www.malwarebytes.com/blog/personal/2023/09/tiktok-flooded-with-fake-celebrity-nude-photo-temu-referrals
Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals
https://thehackernews.com/2023/09/ukrainian-military-targeted-in-phishing.html
Nearly 900 colleges hit by MOVEit hack on National Student Clearinghouse
https://malware.news/t/nearly-900-colleges-hit-by-moveit-hack-on-national-student-clearinghouse/73823#post_1
Deal for Splunk brings new capabilities and competitors to Cisco
https://malware.news/t/deal-for-splunk-brings-new-capabilities-and-competitors-to-cisco/73825#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Analysis of CVE-2023-38831 Zero-Day vulnerability in WinRAR
Explore this post and more from the netsec community
Top Security News for 27/09/2023
Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents (some involving Cl0p). DeFi platforms hit. The UK hunts forward.
https://thecyberwire.com/podcasts/daily-podcast/1914/notes
A new spin on the ZeroFont phishing technique, (Tue, Sep 26th)
https://isc.sans.edu/diary/rss/30248
Apple Releases MacOS Sonoma Including Numerous Security Patches, (Tue, Sep 26th)
https://isc.sans.edu/diary/rss/30252
ISC Stormcast For Tuesday, September 26th, 2023 https://isc.sans.edu/podcastdetail/8674, (Tue, Sep 26th)
https://isc.sans.edu/diary/rss/30250
Webinar: Bridging digital transformation & cybersecurity
https://www.malwarebytes.com/blog/business/2023/09/webinar-bridging-digital-transformation-cybersecurity
ISC Stormcast For Wednesday, September 27th, 2023 https://isc.sans.edu/podcastdetail/8676, (Wed, Sep 27th)
https://malware.news/t/isc-stormcast-for-wednesday-september-27th-2023-https-isc-sans-edu-podcastdetail-8676-wed-sep-27th/73884#post_1
NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/26-09-2023
Xenomorph Android Banking Trojan Targeting Users In US, Canada
https://packetstormsecurity.com/news/view/35054/Xenomorph-Android-Banking-Trojan-Targeting-Users-In-US-Canada.html
Guide to hacking htmx applications
https://www.reddit.com/r/netsec/comments/16st64v/guide_to_hacking_htmx_applications/
CVE-2023-42793: Critical RCE Vulnerability in TeamCity On-Premises
https://malware.news/t/cve-2023-42793-critical-rce-vulnerability-in-teamcity-on-premises/73885#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents (some involving Cl0p). DeFi platforms hit. The UK hunts forward.
https://thecyberwire.com/podcasts/daily-podcast/1914/notes
A new spin on the ZeroFont phishing technique, (Tue, Sep 26th)
https://isc.sans.edu/diary/rss/30248
Apple Releases MacOS Sonoma Including Numerous Security Patches, (Tue, Sep 26th)
https://isc.sans.edu/diary/rss/30252
ISC Stormcast For Tuesday, September 26th, 2023 https://isc.sans.edu/podcastdetail/8674, (Tue, Sep 26th)
https://isc.sans.edu/diary/rss/30250
Webinar: Bridging digital transformation & cybersecurity
https://www.malwarebytes.com/blog/business/2023/09/webinar-bridging-digital-transformation-cybersecurity
ISC Stormcast For Wednesday, September 27th, 2023 https://isc.sans.edu/podcastdetail/8676, (Wed, Sep 27th)
https://malware.news/t/isc-stormcast-for-wednesday-september-27th-2023-https-isc-sans-edu-podcastdetail-8676-wed-sep-27th/73884#post_1
NEW 'Off The Wall' ONLINE
https://www.2600.com/wall/26-09-2023
Xenomorph Android Banking Trojan Targeting Users In US, Canada
https://packetstormsecurity.com/news/view/35054/Xenomorph-Android-Banking-Trojan-Targeting-Users-In-US-Canada.html
Guide to hacking htmx applications
https://www.reddit.com/r/netsec/comments/16st64v/guide_to_hacking_htmx_applications/
CVE-2023-42793: Critical RCE Vulnerability in TeamCity On-Premises
https://malware.news/t/cve-2023-42793-critical-rce-vulnerability-in-teamcity-on-premises/73885#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
Crooks phish for guests; spies phish for drone operators. ZenRAT is used in an info-stealing campaign. More MOVEit-related incidents…
An advanced phishing campaign hits hospitality industry. An information-stealing campaign deploys ZenRAT. More MOVEit-related data breaches are disclosed. Mixin Network suspends deposits and withdrawals. The OpenSea NFT market warns of third-party risk to…
Top Security News for 28/09/2023
Xenomorph hunts cryptocurrency logins on Android
https://www.malwarebytes.com/blog/personal/2023/09/xenomorph-hunts-cryptocurrency-logins-on-android
New security features in Windows 11 protect users and empower IT
https://www.microsoft.com/en-us/security/blog/2023/09/26/new-security-features-in-windows-11-protect-users-and-empower-it/
What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.
https://thecyberwire.com/podcasts/daily-podcast/1915/notes
Chalk - Total visibility of your software engineering lifecycle
https://www.reddit.com/r/netsec/comments/16tpcbc/chalk_total_visibility_of_your_software/
Cyberespionage updates. Notes on the cyber underworld. Claims of a compromise at Sony. DDoS and API attacks hit the financial sector. FCC plans to restore net neutrality.
https://thecyberwire.com/newsletters/daily-briefing/12/185
Cisco advisory: Reports about bad Actors Hiding in Router Firmware
https://www.reddit.com/r/netsec/comments/16tvvfz/cisco_advisory_reports_about_bad_actors_hiding_in/
Cisco to acquire Splunk for $28 billion. Cato Networks secures $238 million. Ransomware increasingly cited in cyber insurance claims.
https://thecyberwire.com/newsletters/business-briefing/5/39
Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors
https://thehackernews.com/2023/09/red-cross-themed-phishing-attacks.html
DarkBeam leaks billions of email and password combinations
https://securityaffairs.com/151566/security/darkbeam-data-leak.html
Malwarebytes Admin update: New Detection screens to manage threats!
https://www.malwarebytes.com/blog/business/2023/09/malwarebytes-admin-1.2-update-new-detection-screens-to-manage-threats
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Xenomorph hunts cryptocurrency logins on Android
https://www.malwarebytes.com/blog/personal/2023/09/xenomorph-hunts-cryptocurrency-logins-on-android
New security features in Windows 11 protect users and empower IT
https://www.microsoft.com/en-us/security/blog/2023/09/26/new-security-features-in-windows-11-protect-users-and-empower-it/
What up in the underworld’s C2C markets. An update on the Sony hack claims. Notes on cyberespionage, from Russia, China, and parts unknown. And there’s a market for bugs.
https://thecyberwire.com/podcasts/daily-podcast/1915/notes
Chalk - Total visibility of your software engineering lifecycle
https://www.reddit.com/r/netsec/comments/16tpcbc/chalk_total_visibility_of_your_software/
Cyberespionage updates. Notes on the cyber underworld. Claims of a compromise at Sony. DDoS and API attacks hit the financial sector. FCC plans to restore net neutrality.
https://thecyberwire.com/newsletters/daily-briefing/12/185
Cisco advisory: Reports about bad Actors Hiding in Router Firmware
https://www.reddit.com/r/netsec/comments/16tvvfz/cisco_advisory_reports_about_bad_actors_hiding_in/
Cisco to acquire Splunk for $28 billion. Cato Networks secures $238 million. Ransomware increasingly cited in cyber insurance claims.
https://thecyberwire.com/newsletters/business-briefing/5/39
Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors
https://thehackernews.com/2023/09/red-cross-themed-phishing-attacks.html
DarkBeam leaks billions of email and password combinations
https://securityaffairs.com/151566/security/darkbeam-data-leak.html
Malwarebytes Admin update: New Detection screens to manage threats!
https://www.malwarebytes.com/blog/business/2023/09/malwarebytes-admin-1.2-update-new-detection-screens-to-manage-threats
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malwarebytes
Xenomorph hunts cryptocurrency logins on Android
We take a look at a new Android scam involving Xenomorph malware and a hunt for cryptocurrency credentials.
Top Security News for 29/09/2023
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
https://www.reddit.com/r/Malware/comments/16uqozg/exploring_scamclub_payloads_via_deobfuscation/
A Practical Approach to SBOM in CI/CD Part II — Deploying Dependency-Track
https://www.reddit.com/r/netsec/comments/16ujwre/a_practical_approach_to_sbom_in_cicd_part_ii/
Wifi without internet on a Southwest flight
https://www.reddit.com/r/netsec/comments/16v2z9s/wifi_without_internet_on_a_southwest_flight/
A Practical Approach to SBOM in CI/CD Part II — Deploying Dependency-Track
https://www.reddit.com/r/netsec/comments/16ujwre/a_practical_approach_to_sbom_in_cicd_part_ii/
A cryptor, a stealer and a banking trojan
https://securelist.com/crimeware-report-asmcrypt-loader-lumma-stealer-zanubis-banker/110512/
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
https://www.reddit.com/r/netsec/comments/16uqeyg/exploring_scamclub_payloads_via_deobfuscation/
Any way to convert yahoo raw messages to actual text?
https://www.reddit.com/r/lowlevel/comments/16uk8q7/any_way_to_convert_yahoo_raw_messages_to_actual/
Malicious ad served inside Bing's AI chatbot
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot
Vulnerability resolution enhanced by integrations
https://securityintelligence.com/posts/vulnerability-resolution-enhanced-by-integrations/
ISC Stormcast For Friday, September 29th, 2023 https://isc.sans.edu/podcastdetail/8680, (Fri, Sep 29th)
https://isc.sans.edu/diary/rss/30260
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
https://www.reddit.com/r/Malware/comments/16uqozg/exploring_scamclub_payloads_via_deobfuscation/
A Practical Approach to SBOM in CI/CD Part II — Deploying Dependency-Track
https://www.reddit.com/r/netsec/comments/16ujwre/a_practical_approach_to_sbom_in_cicd_part_ii/
Wifi without internet on a Southwest flight
https://www.reddit.com/r/netsec/comments/16v2z9s/wifi_without_internet_on_a_southwest_flight/
A Practical Approach to SBOM in CI/CD Part II — Deploying Dependency-Track
https://www.reddit.com/r/netsec/comments/16ujwre/a_practical_approach_to_sbom_in_cicd_part_ii/
A cryptor, a stealer and a banking trojan
https://securelist.com/crimeware-report-asmcrypt-loader-lumma-stealer-zanubis-banker/110512/
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
https://www.reddit.com/r/netsec/comments/16uqeyg/exploring_scamclub_payloads_via_deobfuscation/
Any way to convert yahoo raw messages to actual text?
https://www.reddit.com/r/lowlevel/comments/16uk8q7/any_way_to_convert_yahoo_raw_messages_to_actual/
Malicious ad served inside Bing's AI chatbot
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot
Vulnerability resolution enhanced by integrations
https://securityintelligence.com/posts/vulnerability-resolution-enhanced-by-integrations/
ISC Stormcast For Friday, September 29th, 2023 https://isc.sans.edu/podcastdetail/8680, (Fri, Sep 29th)
https://isc.sans.edu/diary/rss/30260
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the Malware community on Reddit: Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees
Explore this post and more from the Malware community
Top Security News for 30/09/2023
FBI: Ransomware Actors Launching 'Dual' Attacks
https://malware.news/t/fbi-ransomware-actors-launching-dual-attacks/74022#post_1
2023-09-28 - IcedID (Bokbot) infection with Keyhole VNC and Cobalt Strike
https://malware.news/t/2023-09-28-icedid-bokbot-infection-with-keyhole-vnc-and-cobalt-strike/74026#post_1
Chatbot serves malvertising. Open source library issue. Cl0p switches to torrents. Influence ops and WMD.
https://thecyberwire.com/newsletters/daily-briefing/12/187
Johnson Controls Hit By Ransomware
https://packetstormsecurity.com/news/view/35073/Johnson-Controls-Hit-By-Ransomware.html
New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks
https://thehackernews.com/2023/09/new-critical-security-flaws-expose-exim.html
Dependabot impersonators cause trouble on GitHub
https://www.malwarebytes.com/blog/personal/2023/09/dependabot-impersonators-cause-trouble-on-github
Malicious ads in a chatbot.
https://thecyberwire.com/stories/b5f71f490fc14d62aaa1c6c8324b19a7/malicious-ads-in-a-chatbot
Update Chrome now! Google patches another actively exploited vulnerability
https://www.malwarebytes.com/blog/news/2023/09/update-chrome-now-google-patches-another-actively-exploited-vulnerability
A still unpatched zero-day RCE impacts more than 3.5M Exim servers
https://securityaffairs.com/151693/hacking/cve-2023-42115-exim-mail-transfer.html
Post-Quantum Cryptography: Finally Real in Consumer Apps?
https://thehackernews.com/2023/09/post-quantum-cryptography-finally-real.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
FBI: Ransomware Actors Launching 'Dual' Attacks
https://malware.news/t/fbi-ransomware-actors-launching-dual-attacks/74022#post_1
2023-09-28 - IcedID (Bokbot) infection with Keyhole VNC and Cobalt Strike
https://malware.news/t/2023-09-28-icedid-bokbot-infection-with-keyhole-vnc-and-cobalt-strike/74026#post_1
Chatbot serves malvertising. Open source library issue. Cl0p switches to torrents. Influence ops and WMD.
https://thecyberwire.com/newsletters/daily-briefing/12/187
Johnson Controls Hit By Ransomware
https://packetstormsecurity.com/news/view/35073/Johnson-Controls-Hit-By-Ransomware.html
New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks
https://thehackernews.com/2023/09/new-critical-security-flaws-expose-exim.html
Dependabot impersonators cause trouble on GitHub
https://www.malwarebytes.com/blog/personal/2023/09/dependabot-impersonators-cause-trouble-on-github
Malicious ads in a chatbot.
https://thecyberwire.com/stories/b5f71f490fc14d62aaa1c6c8324b19a7/malicious-ads-in-a-chatbot
Update Chrome now! Google patches another actively exploited vulnerability
https://www.malwarebytes.com/blog/news/2023/09/update-chrome-now-google-patches-another-actively-exploited-vulnerability
A still unpatched zero-day RCE impacts more than 3.5M Exim servers
https://securityaffairs.com/151693/hacking/cve-2023-42115-exim-mail-transfer.html
Post-Quantum Cryptography: Finally Real in Consumer Apps?
https://thehackernews.com/2023/09/post-quantum-cryptography-finally-real.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
FBI: Ransomware Actors Launching 'Dual' Attacks
The FBI is warning of dual ransomware attacks, where victim organizations are hit with two different types of ransomware variants in quick succession - sometimes within 48 hours of each other. Several factors are enabling these types of dual attacks. Attackers…
Top Security News for 24/10/2023
Social engineering for espionage and for profit.
https://thecyberwire.com/newsletters/daily-briefing/12/202
Java Deserialization Vulnerability Still Alive
https://www.reddit.com/r/netsec/comments/17elc1g/java_deserialization_vulnerability_still_alive/
Ukraine at D+606: Ukraine continues diversionary raids into Russian-occupied territory.
https://thecyberwire.com/stories/4a96f74f946b493aaa423637d0285111/ukraine-at-d606
Cybersecurity as a Service: A new, flexible model for security program development and operation
https://malware.news/t/cybersecurity-as-a-service-a-new-flexible-model-for-security-program-development-and-operation/74846#post_1
A Deep Dive into Cactus Ransomware
https://www.reddit.com/r/netsec/comments/17ejwup/a_deep_dive_into_cactus_ransomware/
ISC Stormcast For Tuesday, October 24th, 2023 https://isc.sans.edu/podcastdetail/8714, (Tue, Oct 24th)
https://malware.news/t/isc-stormcast-for-tuesday-october-24th-2023-https-isc-sans-edu-podcastdetail-8714-tue-oct-24th/74848#post_1
Unpacking the Use of Steganography in Recent Malware Attacks
https://malware.news/t/unpacking-the-use-of-steganography-in-recent-malware-attacks/74851#post_1
1Password Detects Suspicious Activity Following Okta Support Breach
https://thehackernews.com/2023/10/1password-detects-suspicious-activity.html
Cybersecurity Awareness Month 2023: Reflecting on 20 years of Patch Tuesday
https://malware.news/t/cybersecurity-awareness-month-2023-reflecting-on-20-years-of-patch-tuesday/74850#post_1
ISC StormCast for Tuesday, October 24th, 2023
https://isc.sans.edu/podcastdetail/8714
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Social engineering for espionage and for profit.
https://thecyberwire.com/newsletters/daily-briefing/12/202
Java Deserialization Vulnerability Still Alive
https://www.reddit.com/r/netsec/comments/17elc1g/java_deserialization_vulnerability_still_alive/
Ukraine at D+606: Ukraine continues diversionary raids into Russian-occupied territory.
https://thecyberwire.com/stories/4a96f74f946b493aaa423637d0285111/ukraine-at-d606
Cybersecurity as a Service: A new, flexible model for security program development and operation
https://malware.news/t/cybersecurity-as-a-service-a-new-flexible-model-for-security-program-development-and-operation/74846#post_1
A Deep Dive into Cactus Ransomware
https://www.reddit.com/r/netsec/comments/17ejwup/a_deep_dive_into_cactus_ransomware/
ISC Stormcast For Tuesday, October 24th, 2023 https://isc.sans.edu/podcastdetail/8714, (Tue, Oct 24th)
https://malware.news/t/isc-stormcast-for-tuesday-october-24th-2023-https-isc-sans-edu-podcastdetail-8714-tue-oct-24th/74848#post_1
Unpacking the Use of Steganography in Recent Malware Attacks
https://malware.news/t/unpacking-the-use-of-steganography-in-recent-malware-attacks/74851#post_1
1Password Detects Suspicious Activity Following Okta Support Breach
https://thehackernews.com/2023/10/1password-detects-suspicious-activity.html
Cybersecurity Awareness Month 2023: Reflecting on 20 years of Patch Tuesday
https://malware.news/t/cybersecurity-awareness-month-2023-reflecting-on-20-years-of-patch-tuesday/74850#post_1
ISC StormCast for Tuesday, October 24th, 2023
https://isc.sans.edu/podcastdetail/8714
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
N2K CyberWire
Social engineering for espionage and for profit.
Okta discloses a data exposure incident. Cisco works to fix zero-day. DPRK threat actors pose as IT workers. Five Eyes warn of AI-enabled Chinese espionage. Job posting as phishbait. The risk of first-party fraud. The Quasar RAT and DLL side-loading. Hacktivists…
Top Security News for 25/10/2023
CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
https://www.reddit.com/r/netsec/comments/17f9yci/cve202333466_exploiting_healthcare_servers_with/
[Crypto] Why authenticated encryption and MAC is so important
https://www.reddit.com/r/netsec/comments/17fg28x/crypto_why_authenticated_encryption_and_mac_is_so/
Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia
https://thehackernews.com/2023/10/ex-nsa-employee-pleads-guilty-to.html
AI vs. human deceit: Unravelling the new age of phishing tactics
https://securityintelligence.com/posts/ai-vs-human-deceit-unravelling-new-age-phishing-tactics/
ISC StormCast for Wednesday, October 25th, 2023
https://isc.sans.edu/podcastdetail/8716
Make API Management Less Scary for Your Organization
https://thehackernews.com/2023/10/make-api-management-less-scary-for-your.html
Two new things to worry about: how long it takes to read the fine print, and bed bug disinformation.
https://thecyberwire.com/podcasts/daily-podcast/1933/notes
Google Chrome wants to hide your IP address
https://www.malwarebytes.com/blog/news/2023/10/google-wants-to-introduce-ip-protection-feature-for-chrome
Amazon adds passkeys so you can sign in without a pesky password
https://malware.news/t/amazon-adds-passkeys-so-you-can-sign-in-without-a-pesky-password/74898#post_1
Now Android and Windows devices aren't safe from Flipper Zero either
https://malware.news/t/now-android-and-windows-devices-arent-safe-from-flipper-zero-either/74897#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
https://www.reddit.com/r/netsec/comments/17f9yci/cve202333466_exploiting_healthcare_servers_with/
[Crypto] Why authenticated encryption and MAC is so important
https://www.reddit.com/r/netsec/comments/17fg28x/crypto_why_authenticated_encryption_and_mac_is_so/
Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia
https://thehackernews.com/2023/10/ex-nsa-employee-pleads-guilty-to.html
AI vs. human deceit: Unravelling the new age of phishing tactics
https://securityintelligence.com/posts/ai-vs-human-deceit-unravelling-new-age-phishing-tactics/
ISC StormCast for Wednesday, October 25th, 2023
https://isc.sans.edu/podcastdetail/8716
Make API Management Less Scary for Your Organization
https://thehackernews.com/2023/10/make-api-management-less-scary-for-your.html
Two new things to worry about: how long it takes to read the fine print, and bed bug disinformation.
https://thecyberwire.com/podcasts/daily-podcast/1933/notes
Google Chrome wants to hide your IP address
https://www.malwarebytes.com/blog/news/2023/10/google-wants-to-introduce-ip-protection-feature-for-chrome
Amazon adds passkeys so you can sign in without a pesky password
https://malware.news/t/amazon-adds-passkeys-so-you-can-sign-in-without-a-pesky-password/74898#post_1
Now Android and Windows devices aren't safe from Flipper Zero either
https://malware.news/t/now-android-and-windows-devices-arent-safe-from-flipper-zero-either/74897#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
Explore this post and more from the netsec community
Top Security News for 26/10/2023
dup()'s shared file IO offset is a necessary part of Unix
https://www.reddit.com/r/lowlevel/comments/17g4ucp/dups_shared_file_io_offset_is_a_necessary_part_of/
StripedFly: Perennially flying under the radar
https://malware.news/t/stripedfly-perennially-flying-under-the-radar/74952#post_1
Unveil Data Security Paradoxes
https://thecyberwire.com/podcasts/uncovering-hidden-risks/13/notes
Expanding audit logging and retention within Microsoft Purview for increased security visibility
https://www.microsoft.com/en-us/security/blog/2023/10/18/expanding-audit-logging-and-retention-within-microsoft-purview-for-increased-security-visibility/
RTX (formerly known as Raytheon) is selling its cybersecurity business. Accenture acquires MNEMO Mexico. CISO challenges, across sectors.
https://thecyberwire.com/newsletters/business-briefing/5/43
Privacy landscapes for children.
https://thecyberwire.com/podcasts/caveat/192/notes
Perfect DLL Hijacking
https://www.reddit.com/r/Malware/comments/17go4v5/perfect_dll_hijacking/
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
https://www.reddit.com/r/netsec/comments/17g98dn/octo_tempest_crosses_boundaries_to_facilitate/
N2K Cyber and Microsoft expand collaboration with the launch of The Microsoft Threat Intelligence Podcast.
https://thecyberwire.com/stories/e29c68e1cd9a4660a0a65da33e95393a/n2k-cyber-and-microsoft-expand-collaboration-with-the-launch-of-the-microsoft-threat-intelligence-podcast
Application Security Posture Management: Providing AppSec (and DevOps) a big assist
https://malware.news/t/application-security-posture-management-providing-appsec-and-devops-a-big-assist/74950#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
dup()'s shared file IO offset is a necessary part of Unix
https://www.reddit.com/r/lowlevel/comments/17g4ucp/dups_shared_file_io_offset_is_a_necessary_part_of/
StripedFly: Perennially flying under the radar
https://malware.news/t/stripedfly-perennially-flying-under-the-radar/74952#post_1
Unveil Data Security Paradoxes
https://thecyberwire.com/podcasts/uncovering-hidden-risks/13/notes
Expanding audit logging and retention within Microsoft Purview for increased security visibility
https://www.microsoft.com/en-us/security/blog/2023/10/18/expanding-audit-logging-and-retention-within-microsoft-purview-for-increased-security-visibility/
RTX (formerly known as Raytheon) is selling its cybersecurity business. Accenture acquires MNEMO Mexico. CISO challenges, across sectors.
https://thecyberwire.com/newsletters/business-briefing/5/43
Privacy landscapes for children.
https://thecyberwire.com/podcasts/caveat/192/notes
Perfect DLL Hijacking
https://www.reddit.com/r/Malware/comments/17go4v5/perfect_dll_hijacking/
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
https://www.reddit.com/r/netsec/comments/17g98dn/octo_tempest_crosses_boundaries_to_facilitate/
N2K Cyber and Microsoft expand collaboration with the launch of The Microsoft Threat Intelligence Podcast.
https://thecyberwire.com/stories/e29c68e1cd9a4660a0a65da33e95393a/n2k-cyber-and-microsoft-expand-collaboration-with-the-launch-of-the-microsoft-threat-intelligence-podcast
Application Security Posture Management: Providing AppSec (and DevOps) a big assist
https://malware.news/t/application-security-posture-management-providing-appsec-and-devops-a-big-assist/74950#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the lowlevel community on Reddit: dup()'s shared file IO offset is a necessary part of Unix
Posted by skeeto - 7 votes and no comments
Top Security News for 27/10/2023
Why cybersecurity training isn’t working (and how to fix it)
https://securityintelligence.com/articles/why-cybersecurity-training-isnt-working-and-how-to-fix-it/
6 steps to accelerate cybersecurity incident response
https://malware.news/t/6-steps-to-accelerate-cybersecurity-incident-response/75002#post_1
F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution
https://thehackernews.com/2023/10/f5-issues-warning-big-ip-vulnerability.html
CVE-2023-46747: Pre-Auth Remote Code Execution in F5-BIGIP via AJP Request Smuggling
https://www.reddit.com/r/netsec/comments/17h253u/cve202346747_preauth_remote_code_execution_in/
A cascade of compromise: unveiling Lazarus’ new campaign
https://malware.news/t/a-cascade-of-compromise-unveiling-lazarus-new-campaign/75004#post_1
A cascade of compromise: unveiling Lazarus’ new campaign
https://securelist.com/unveiling-lazarus-new-campaign/110888/
Workflow of a zkSync Era transaction: from generation to finalization
http://blog.quarkslab.com/zksync-transaction-workflow.html
Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data
https://thehackernews.com/2023/10/critical-flaw-in-nextgens-mirth-connect.html
CVE-2023-46747: Pre-Auth Remote Code Execution in F5-BIGIP via AJP Request Smuggling
https://www.reddit.com/r/netsec/comments/17h253u/cve202346747_preauth_remote_code_execution_in/
StripedFly reclassified from petty larceny to APT.
https://thecyberwire.com/stories/e41efe29905a42dc86888a014624baf9/stripedfly-reclassified-from-petty-larceny-to-apt
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Why cybersecurity training isn’t working (and how to fix it)
https://securityintelligence.com/articles/why-cybersecurity-training-isnt-working-and-how-to-fix-it/
6 steps to accelerate cybersecurity incident response
https://malware.news/t/6-steps-to-accelerate-cybersecurity-incident-response/75002#post_1
F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution
https://thehackernews.com/2023/10/f5-issues-warning-big-ip-vulnerability.html
CVE-2023-46747: Pre-Auth Remote Code Execution in F5-BIGIP via AJP Request Smuggling
https://www.reddit.com/r/netsec/comments/17h253u/cve202346747_preauth_remote_code_execution_in/
A cascade of compromise: unveiling Lazarus’ new campaign
https://malware.news/t/a-cascade-of-compromise-unveiling-lazarus-new-campaign/75004#post_1
A cascade of compromise: unveiling Lazarus’ new campaign
https://securelist.com/unveiling-lazarus-new-campaign/110888/
Workflow of a zkSync Era transaction: from generation to finalization
http://blog.quarkslab.com/zksync-transaction-workflow.html
Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data
https://thehackernews.com/2023/10/critical-flaw-in-nextgens-mirth-connect.html
CVE-2023-46747: Pre-Auth Remote Code Execution in F5-BIGIP via AJP Request Smuggling
https://www.reddit.com/r/netsec/comments/17h253u/cve202346747_preauth_remote_code_execution_in/
StripedFly reclassified from petty larceny to APT.
https://thecyberwire.com/stories/e41efe29905a42dc86888a014624baf9/stripedfly-reclassified-from-petty-larceny-to-apt
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Intelligence
Why cybersecurity training isn’t working (and how to fix it)
Don’t look now, but cybersecurity training isn’t good enough. Here's what it tends to get wrong, and how to get it right.
Top Security News for 28/10/2023
An integrated incident response solution with Microsoft and PwC
https://www.microsoft.com/en-us/security/blog/2023/10/26/an-integrated-incident-response-solution-with-microsoft-and-pwc/
The evolution of 20 years of cybersecurity awareness
https://securityintelligence.com/articles/20-years-of-cybersecurity-awareness/
N. Korean Lazarus Group Targets Software Vendor Using Known Flaws
https://thehackernews.com/2023/10/n-korean-lazarus-group-targets-software.html
A new ransomware uses virtual machine to dodge security
https://www.reddit.com/r/netsec/comments/17hyw24/a_new_ransomware_uses_virtual_machine_to_dodge/
An integrated incident response solution with Microsoft and PwC
https://www.microsoft.com/en-us/security/blog/2023/10/26/an-integrated-incident-response-solution-with-microsoft-and-pwc/
No rest for the wicked HiatusRAT.
https://thecyberwire.com/podcasts/research-saturday/305/notes
Top insights and best practices from the new Microsoft Data Security Index report
https://www.microsoft.com/en-us/security/blog/2023/10/25/top-insights-and-best-practices-from-the-new-microsoft-data-security-index-report/
Federal network vulnerabilities curbed by CISA KEV catalog
https://malware.news/t/federal-network-vulnerabilities-curbed-by-cisa-kev-catalog/75043#post_1
Wade Baker from Cyentia Institute is sharing their latest IRIS report.
https://thecyberwire.com/podcasts/interview-selects/183/notes
De4py: Toolkit for python reverse engineering
https://www.reddit.com/r/netsec/comments/17hy8ga/de4py_toolkit_for_python_reverse_engineering/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
An integrated incident response solution with Microsoft and PwC
https://www.microsoft.com/en-us/security/blog/2023/10/26/an-integrated-incident-response-solution-with-microsoft-and-pwc/
The evolution of 20 years of cybersecurity awareness
https://securityintelligence.com/articles/20-years-of-cybersecurity-awareness/
N. Korean Lazarus Group Targets Software Vendor Using Known Flaws
https://thehackernews.com/2023/10/n-korean-lazarus-group-targets-software.html
A new ransomware uses virtual machine to dodge security
https://www.reddit.com/r/netsec/comments/17hyw24/a_new_ransomware_uses_virtual_machine_to_dodge/
An integrated incident response solution with Microsoft and PwC
https://www.microsoft.com/en-us/security/blog/2023/10/26/an-integrated-incident-response-solution-with-microsoft-and-pwc/
No rest for the wicked HiatusRAT.
https://thecyberwire.com/podcasts/research-saturday/305/notes
Top insights and best practices from the new Microsoft Data Security Index report
https://www.microsoft.com/en-us/security/blog/2023/10/25/top-insights-and-best-practices-from-the-new-microsoft-data-security-index-report/
Federal network vulnerabilities curbed by CISA KEV catalog
https://malware.news/t/federal-network-vulnerabilities-curbed-by-cisa-kev-catalog/75043#post_1
Wade Baker from Cyentia Institute is sharing their latest IRIS report.
https://thecyberwire.com/podcasts/interview-selects/183/notes
De4py: Toolkit for python reverse engineering
https://www.reddit.com/r/netsec/comments/17hy8ga/de4py_toolkit_for_python_reverse_engineering/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Microsoft Security Blog
An integrated incident response solution with Microsoft and PwC | Microsoft Security Blog
Microsoft Incident Response and PwC have announced a new global alliance to expand their joint Incident Response and Recovery capability, providing a more comprehensive and seamless incident response experience.
Top Security News for 29/10/2023
First time seeing this app
https://www.reddit.com/r/Malware/comments/17iek36/first_time_seeing_this_app/
Size Matters for Many Security Controls, (Sat, Oct 28th)
https://isc.sans.edu/diary/rss/30352
Turning a boring file move into a privilege escalation on Mac
https://www.reddit.com/r/netsec/comments/17ibj2e/turning_a_boring_file_move_into_a_privilege/
Finally a Offsec ML Framework
https://www.reddit.com/r/netsec/comments/17ietm0/finally_a_offsec_ml_framework/
Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service
https://thehackernews.com/2023/10/researchers-uncover-wiretapping-of-xmpp.html
Octo Tempest cybercriminal group is "a growing concern"—Microsoft
https://www.malwarebytes.com/blog/news/2023/10/ransomware-affiliate-octo-tempest-is-a-growing-concern-for-organizations-across-multiple-industries
Finally a Offsec ML Framework
https://www.reddit.com/r/netsec/comments/17ietm0/finally_a_offsec_ml_framework/
Isp>vpn>whoami>proxychain>tor
https://0x00sec.org/t/isp-vpn-whoami-proxychain-tor/37626
Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023
https://securityaffairs.com/153169/hacking/pwn2own-toronto-2023-ended.html
Spooky, scary, skeletons at the movies.
https://thecyberwire.com/podcasts/hacking-humans-goes-to-the-movies/23/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
First time seeing this app
https://www.reddit.com/r/Malware/comments/17iek36/first_time_seeing_this_app/
Size Matters for Many Security Controls, (Sat, Oct 28th)
https://isc.sans.edu/diary/rss/30352
Turning a boring file move into a privilege escalation on Mac
https://www.reddit.com/r/netsec/comments/17ibj2e/turning_a_boring_file_move_into_a_privilege/
Finally a Offsec ML Framework
https://www.reddit.com/r/netsec/comments/17ietm0/finally_a_offsec_ml_framework/
Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service
https://thehackernews.com/2023/10/researchers-uncover-wiretapping-of-xmpp.html
Octo Tempest cybercriminal group is "a growing concern"—Microsoft
https://www.malwarebytes.com/blog/news/2023/10/ransomware-affiliate-octo-tempest-is-a-growing-concern-for-organizations-across-multiple-industries
Finally a Offsec ML Framework
https://www.reddit.com/r/netsec/comments/17ietm0/finally_a_offsec_ml_framework/
Isp>vpn>whoami>proxychain>tor
https://0x00sec.org/t/isp-vpn-whoami-proxychain-tor/37626
Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023
https://securityaffairs.com/153169/hacking/pwn2own-toronto-2023-ended.html
Spooky, scary, skeletons at the movies.
https://thecyberwire.com/podcasts/hacking-humans-goes-to-the-movies/23/notes
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the Malware community on Reddit: First time seeing this app
Explore this post and more from the Malware community
👍1
Top Security News for 30/10/2023
Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware
https://thehackernews.com/2023/10/hackers-using-msix-app-packages-to.html
remote access trojan
https://www.reddit.com/r/Malware/comments/17j47j5/remote_access_trojan/
'Accidental' malvertising via Dynamic Search Ads delivers malware frenzy
https://malware.news/t/accidental-malvertising-via-dynamic-search-ads-delivers-malware-frenzy/75055#post_1
IT Army of Ukraine disrupted internet providers in territories occupied by Russia
https://securityaffairs.com/153192/hacktivism/it-army-of-ukraine-hit-russia-isp.html
Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION
https://securityaffairs.com/153186/breaking-news/security-affairs-newsletter-round-443-by-pierluigi-paganini-international-edition.html

Spam or Phishing? Looking for Credentials & Passwords, (Sun, Oct 29th)
https://isc.sans.edu/diary/rss/30354
Seeking Guidance on Writing a Malware Builder
https://0x00sec.org/t/seeking-guidance-on-writing-a-malware-builder/37630
ISC Stormcast For Monday, October 30th, 2023 https://isc.sans.edu/podcastdetail/8722, (Mon, Oct 30th)
https://malware.news/t/isc-stormcast-for-monday-october-30th-2023-https-isc-sans-edu-podcastdetail-8722-mon-oct-30th/75052#post_1
Help Everyone Do Better Security
https://www.reddit.com/r/netsec/comments/17jo8tx/help_everyone_do_better_security/
Spam or Phishing? Looking for Credentials & Passwords, (Sun, Oct 29th)
https://malware.news/t/spam-or-phishing-x3f-looking-for-credentials-passwords-sun-oct-29th/75050#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware
https://thehackernews.com/2023/10/hackers-using-msix-app-packages-to.html
remote access trojan
https://www.reddit.com/r/Malware/comments/17j47j5/remote_access_trojan/
'Accidental' malvertising via Dynamic Search Ads delivers malware frenzy
https://malware.news/t/accidental-malvertising-via-dynamic-search-ads-delivers-malware-frenzy/75055#post_1
IT Army of Ukraine disrupted internet providers in territories occupied by Russia
https://securityaffairs.com/153192/hacktivism/it-army-of-ukraine-hit-russia-isp.html
Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION
https://securityaffairs.com/153186/breaking-news/security-affairs-newsletter-round-443-by-pierluigi-paganini-international-edition.html

Spam or Phishing? Looking for Credentials & Passwords, (Sun, Oct 29th)
https://isc.sans.edu/diary/rss/30354
Seeking Guidance on Writing a Malware Builder
https://0x00sec.org/t/seeking-guidance-on-writing-a-malware-builder/37630
ISC Stormcast For Monday, October 30th, 2023 https://isc.sans.edu/podcastdetail/8722, (Mon, Oct 30th)
https://malware.news/t/isc-stormcast-for-monday-october-30th-2023-https-isc-sans-edu-podcastdetail-8722-mon-oct-30th/75052#post_1
Help Everyone Do Better Security
https://www.reddit.com/r/netsec/comments/17jo8tx/help_everyone_do_better_security/
Spam or Phishing? Looking for Credentials & Passwords, (Sun, Oct 29th)
https://malware.news/t/spam-or-phishing-x3f-looking-for-credentials-passwords-sun-oct-29th/75050#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the Malware community on Reddit: remote access trojan
Posted by young-jayy - 2 votes and 3 comments
Top Security News for 31/10/2023
New Webinar: 5 Must-Know Trends Impacting AppSec
https://thehackernews.com/2023/10/new-webinar-5-must-know-trends.html
What keeps incident responders up at night: Common pitfalls that cyber responders encounter when arriving at the scene
https://securityintelligence.com/posts/what-keeps-incident-responders-up-at-night-common-pitfalls-cyber-responders-encounter/
Flying under the Radar: The Privacy Impact of multicast DNS, (Mon, Oct 30th)
https://isc.sans.edu/diary/rss/30358
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware
https://thehackernews.com/2023/10/pro-hamas-hacktivists-targeting-israeli.html
LockBit claims a cyberattack against Boeing.
https://thecyberwire.com/stories/fe240f10e10049b9b2b9407216696e1b/lockbit-claims-a-cyberattack-against-boeing
Virtual credit card fraud: An old scam reinvented
https://securityintelligence.com/posts/virtual-credit-card-fraud-old-scam-reinvented/
ISC StormCast for Tuesday, October 31st, 2023
https://isc.sans.edu/podcastdetail/8724
ISC Stormcast For Tuesday, October 31st, 2023 https://isc.sans.edu/podcastdetail/8724, (Tue, Oct 31st)
https://isc.sans.edu/diary/rss/30360
Ukraine at D+613: ISPs disrupted in occupied territories.
https://thecyberwire.com/stories/9e6a9dfd309a4b1283d464c396ab9747/ukraine-at-d613
A week in security (October 16 – October 22)
https://www.malwarebytes.com/blog/news/2023/10/a-week-in-security-october-16-october-22-2
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
New Webinar: 5 Must-Know Trends Impacting AppSec
https://thehackernews.com/2023/10/new-webinar-5-must-know-trends.html
What keeps incident responders up at night: Common pitfalls that cyber responders encounter when arriving at the scene
https://securityintelligence.com/posts/what-keeps-incident-responders-up-at-night-common-pitfalls-cyber-responders-encounter/
Flying under the Radar: The Privacy Impact of multicast DNS, (Mon, Oct 30th)
https://isc.sans.edu/diary/rss/30358
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware
https://thehackernews.com/2023/10/pro-hamas-hacktivists-targeting-israeli.html
LockBit claims a cyberattack against Boeing.
https://thecyberwire.com/stories/fe240f10e10049b9b2b9407216696e1b/lockbit-claims-a-cyberattack-against-boeing
Virtual credit card fraud: An old scam reinvented
https://securityintelligence.com/posts/virtual-credit-card-fraud-old-scam-reinvented/
ISC StormCast for Tuesday, October 31st, 2023
https://isc.sans.edu/podcastdetail/8724
ISC Stormcast For Tuesday, October 31st, 2023 https://isc.sans.edu/podcastdetail/8724, (Tue, Oct 31st)
https://isc.sans.edu/diary/rss/30360
Ukraine at D+613: ISPs disrupted in occupied territories.
https://thecyberwire.com/stories/9e6a9dfd309a4b1283d464c396ab9747/ukraine-at-d613
A week in security (October 16 – October 22)
https://www.malwarebytes.com/blog/news/2023/10/a-week-in-security-october-16-october-22-2
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Security Intelligence
What keeps incident responders up at night: Common pitfalls that cyber responders encounter when arriving at the scene
What does the worst day look like for incident responders? What keeps them up at night, and what makes their jobs more difficult? Unpack the scary stories.
Top Security News for 01/11/2023
Supercharging Red-Teaming with Infrastructure as Code Integration
https://www.reddit.com/r/netsec/comments/17ks4u7/supercharging_redteaming_with_infrastructure_as/
Multiple Layers of Anti-Sandboxing Techniques, (Tue, Oct 31st)
https://isc.sans.edu/diary/rss/30362
Impersonating Slack Users - Red Team Tradecraft
https://www.reddit.com/r/netsec/comments/17l5qbg/impersonating_slack_users_red_team_tradecraft/
Not sure if this is the right place to post this but
https://www.reddit.com/r/Malware/comments/17l10gp/not_sure_if_this_is_the_right_place_to_post_this/
Canada Bans WeChat and Kaspersky Apps On Government Devices
https://thehackernews.com/2023/10/canada-bans-wechat-and-kaspersky-apps.html
Warning Against Infostealer Infections Upon Executing Legitimate EXE Files (DLL Hijacking)
https://malware.news/t/warning-against-infostealer-infections-upon-executing-legitimate-exe-files-dll-hijacking/75158#post_1
Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss
https://thehackernews.com/2023/10/atlassian-warns-of-new-critical.html
Patch now! BIG-IP Configuration utility is vulnerable for an authentication bypass
https://www.malwarebytes.com/blog/exploits-and-vulnerabilities/2023/10/patch-now-big-ip-configuration-utility-is-vulnerable-for-an-authentication-bypass
What would it take to get you kids into a nice, late-model malware mealkit?
https://thecyberwire.com/podcasts/daily-podcast/1938/notes
ISC Stormcast For Wednesday, November 1st, 2023 https://isc.sans.edu/podcastdetail/8726, (Wed, Nov 1st)
https://malware.news/t/isc-stormcast-for-wednesday-november-1st-2023-https-isc-sans-edu-podcastdetail-8726-wed-nov-1st/75157#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Supercharging Red-Teaming with Infrastructure as Code Integration
https://www.reddit.com/r/netsec/comments/17ks4u7/supercharging_redteaming_with_infrastructure_as/
Multiple Layers of Anti-Sandboxing Techniques, (Tue, Oct 31st)
https://isc.sans.edu/diary/rss/30362
Impersonating Slack Users - Red Team Tradecraft
https://www.reddit.com/r/netsec/comments/17l5qbg/impersonating_slack_users_red_team_tradecraft/
Not sure if this is the right place to post this but
https://www.reddit.com/r/Malware/comments/17l10gp/not_sure_if_this_is_the_right_place_to_post_this/
Canada Bans WeChat and Kaspersky Apps On Government Devices
https://thehackernews.com/2023/10/canada-bans-wechat-and-kaspersky-apps.html
Warning Against Infostealer Infections Upon Executing Legitimate EXE Files (DLL Hijacking)
https://malware.news/t/warning-against-infostealer-infections-upon-executing-legitimate-exe-files-dll-hijacking/75158#post_1
Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss
https://thehackernews.com/2023/10/atlassian-warns-of-new-critical.html
Patch now! BIG-IP Configuration utility is vulnerable for an authentication bypass
https://www.malwarebytes.com/blog/exploits-and-vulnerabilities/2023/10/patch-now-big-ip-configuration-utility-is-vulnerable-for-an-authentication-bypass
What would it take to get you kids into a nice, late-model malware mealkit?
https://thecyberwire.com/podcasts/daily-podcast/1938/notes
ISC Stormcast For Wednesday, November 1st, 2023 https://isc.sans.edu/podcastdetail/8726, (Wed, Nov 1st)
https://malware.news/t/isc-stormcast-for-wednesday-november-1st-2023-https-isc-sans-edu-podcastdetail-8726-wed-nov-1st/75157#post_1
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Supercharging Red-Teaming with Infrastructure as Code Integration
Explore this post and more from the netsec community
Top Security News for 02/11/2023
UEFI and The Digital Supply Chain - Dick Wilkins - BTS #16
https://malware.news/t/uefi-and-the-digital-supply-chain-dick-wilkins-bts-16/75190#post_1
ISC Stormcast For Thursday, November 2nd, 2023 https://isc.sans.edu/podcastdetail/8728, (Thu, Nov 2nd)
https://malware.news/t/isc-stormcast-for-thursday-november-2nd-2023-https-isc-sans-edu-podcastdetail-8728-thu-nov-2nd/75195#post_1
Pentagon 'Strongly' Urges Military Members to Report UFO Sightings With New Website
https://www.vice.com/en_us/article/bvjpaz/us-pentagon-ufo-uap-reporting-website-aaro
Critical phpFox RCE Vulnerability Risked Social Networks
https://www.reddit.com/r/netsec/comments/17l9uju/critical_phpfox_rce_vulnerability_risked_social/
Critical phpFox RCE Vulnerability Risked Social Networks
https://www.reddit.com/r/netsec/comments/17l9uju/critical_phpfox_rce_vulnerability_risked_social/
Official release of CVSS v4.0
https://www.reddit.com/r/netsec/comments/17lic7r/official_release_of_cvss_v40/
Weaponizing your out-of-office replies.
https://thecyberwire.com/podcasts/hacking-humans/264/notes
EKS Cluster Games: An EKS-focused CTF Challenge
https://www.reddit.com/r/netsec/comments/17lhfee/eks_cluster_games_an_eksfocused_ctf_challenge/
Hacktivism in two hybrid wars (with an excursus on gastropods).
https://thecyberwire.com/podcasts/daily-podcast/1939/notes
How to crack Windows Password
https://www.reddit.com/r/netsec/comments/17l2oea/how_to_crack_windows_password/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
UEFI and The Digital Supply Chain - Dick Wilkins - BTS #16
https://malware.news/t/uefi-and-the-digital-supply-chain-dick-wilkins-bts-16/75190#post_1
ISC Stormcast For Thursday, November 2nd, 2023 https://isc.sans.edu/podcastdetail/8728, (Thu, Nov 2nd)
https://malware.news/t/isc-stormcast-for-thursday-november-2nd-2023-https-isc-sans-edu-podcastdetail-8728-thu-nov-2nd/75195#post_1
Pentagon 'Strongly' Urges Military Members to Report UFO Sightings With New Website
https://www.vice.com/en_us/article/bvjpaz/us-pentagon-ufo-uap-reporting-website-aaro
Critical phpFox RCE Vulnerability Risked Social Networks
https://www.reddit.com/r/netsec/comments/17l9uju/critical_phpfox_rce_vulnerability_risked_social/
Critical phpFox RCE Vulnerability Risked Social Networks
https://www.reddit.com/r/netsec/comments/17l9uju/critical_phpfox_rce_vulnerability_risked_social/
Official release of CVSS v4.0
https://www.reddit.com/r/netsec/comments/17lic7r/official_release_of_cvss_v40/
Weaponizing your out-of-office replies.
https://thecyberwire.com/podcasts/hacking-humans/264/notes
EKS Cluster Games: An EKS-focused CTF Challenge
https://www.reddit.com/r/netsec/comments/17lhfee/eks_cluster_games_an_eksfocused_ctf_challenge/
Hacktivism in two hybrid wars (with an excursus on gastropods).
https://thecyberwire.com/podcasts/daily-podcast/1939/notes
How to crack Windows Password
https://www.reddit.com/r/netsec/comments/17l2oea/how_to_crack_windows_password/
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
UEFI and The Digital Supply Chain - Dick Wilkins - BTS #16
Article Link: UEFI and The Digital Supply Chain – Dick Wilkins – BTS #16 | SC Media
Top Security News for 03/11/2023
The beginning of an international consensus on AI governance may be emerging from Bletchley Park.
https://thecyberwire.com/podcasts/daily-podcast/1940/notes
Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign
https://thehackernews.com/2023/11/irans-muddywater-targets-israel-in-new.html
Vulnerable Apache ActiveMQ servers subjected to HelloKitty ransomware attack
https://malware.news/t/vulnerable-apache-activemq-servers-subjected-to-hellokitty-ransomware-attack/75247#post_1
Novel macOS malware launched by North Korean hackers
https://malware.news/t/novel-macos-malware-launched-by-north-korean-hackers/75245#post_1
ISC StormCast for Friday, November 3rd, 2023
https://isc.sans.edu/podcastdetail/8730
Advice For Catching a RedLine Stealer - includes tools to identify C2 protocol
https://www.reddit.com/r/netsec/comments/17m7dsr/advice_for_catching_a_redline_stealer_includes/
ISC Stormcast For Friday, November 3rd, 2023 https://isc.sans.edu/podcastdetail/8730, (Fri, Nov 3rd)
https://malware.news/t/isc-stormcast-for-friday-november-3rd-2023-https-isc-sans-edu-podcastdetail-8730-fri-nov-3rd/75248#post_1
Lazarus Group prospects blockchain engineers with KANDYKORN.
https://thecyberwire.com/stories/2fadf6cb2f084714ab3ae40bb8b2f889/lazarus-group-prospects-blockchain-engineers-with-kandykorn
Quick Tip For Artificially Inflated PE Files, (Thu, Nov 2nd)
https://isc.sans.edu/diary/rss/30370
FIRST Announces CVSS 4.0 - New Vulnerability Scoring System
https://thehackernews.com/2023/11/first-announces-cvss-40-new.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The beginning of an international consensus on AI governance may be emerging from Bletchley Park.
https://thecyberwire.com/podcasts/daily-podcast/1940/notes
Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign
https://thehackernews.com/2023/11/irans-muddywater-targets-israel-in-new.html
Vulnerable Apache ActiveMQ servers subjected to HelloKitty ransomware attack
https://malware.news/t/vulnerable-apache-activemq-servers-subjected-to-hellokitty-ransomware-attack/75247#post_1
Novel macOS malware launched by North Korean hackers
https://malware.news/t/novel-macos-malware-launched-by-north-korean-hackers/75245#post_1
ISC StormCast for Friday, November 3rd, 2023
https://isc.sans.edu/podcastdetail/8730
Advice For Catching a RedLine Stealer - includes tools to identify C2 protocol
https://www.reddit.com/r/netsec/comments/17m7dsr/advice_for_catching_a_redline_stealer_includes/
ISC Stormcast For Friday, November 3rd, 2023 https://isc.sans.edu/podcastdetail/8730, (Fri, Nov 3rd)
https://malware.news/t/isc-stormcast-for-friday-november-3rd-2023-https-isc-sans-edu-podcastdetail-8730-fri-nov-3rd/75248#post_1
Lazarus Group prospects blockchain engineers with KANDYKORN.
https://thecyberwire.com/stories/2fadf6cb2f084714ab3ae40bb8b2f889/lazarus-group-prospects-blockchain-engineers-with-kandykorn
Quick Tip For Artificially Inflated PE Files, (Thu, Nov 2nd)
https://isc.sans.edu/diary/rss/30370
FIRST Announces CVSS 4.0 - New Vulnerability Scoring System
https://thehackernews.com/2023/11/first-announces-cvss-40-new.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
The CyberWire
The beginning of an international consensus on AI governance may be emerging from Bletchley Park.
Bletchley Declaration represents a consensus starting point for AI governance. Lazarus Group prospects blockchain engineers with KANDYKORN. Boeing investigates ‘cyber incident’ affecting parts business. NodeStealer’s use in attacks against Facebook accounts.…
Top Security News for 04/11/2023
Okta employee data compromised in third-party breach
https://malware.news/t/okta-employee-data-compromised-in-third-party-breach/75289#post_1
Immediate patching of Atlassian Confluence flaw urged
https://malware.news/t/immediate-patching-of-atlassian-confluence-flaw-urged/75284#post_1
Keylogger keyboard leaks passwords via Apple's "Find My" location network
https://www.reddit.com/r/netsec/comments/17mv6a9/keylogger_keyboard_leaks_passwords_via_apples/
First handset with MTE on the market
https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html
Sandman doesn't slow malware down.
https://thecyberwire.com/podcasts/research-saturday/305/notes
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
https://thehackernews.com/2023/11/kinsing-actors-exploit-linux-flaw-to.html
Israel subjected to new MuddyWater spear-phishing attacks
https://malware.news/t/israel-subjected-to-new-muddywater-spear-phishing-attacks/75290#post_1
ZDI discloses four zero-day flaws in Microsoft Exchange
https://securityaffairs.com/153599/hacking/microsoft-exchange-zero-day-flaws.html
ram usage went high all of a sudden without using programs and i found this second explorer task which i cant close
https://www.reddit.com/r/Malware/comments/17n8np5/ram_usage_went_high_all_of_a_sudden_without_using/
CanesSpy Spyware Discovered in Modified WhatsApp Versions
https://thehackernews.com/2023/11/canesspy-spyware-discovered-in-modified.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Okta employee data compromised in third-party breach
https://malware.news/t/okta-employee-data-compromised-in-third-party-breach/75289#post_1
Immediate patching of Atlassian Confluence flaw urged
https://malware.news/t/immediate-patching-of-atlassian-confluence-flaw-urged/75284#post_1
Keylogger keyboard leaks passwords via Apple's "Find My" location network
https://www.reddit.com/r/netsec/comments/17mv6a9/keylogger_keyboard_leaks_passwords_via_apples/
First handset with MTE on the market
https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html
Sandman doesn't slow malware down.
https://thecyberwire.com/podcasts/research-saturday/305/notes
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
https://thehackernews.com/2023/11/kinsing-actors-exploit-linux-flaw-to.html
Israel subjected to new MuddyWater spear-phishing attacks
https://malware.news/t/israel-subjected-to-new-muddywater-spear-phishing-attacks/75290#post_1
ZDI discloses four zero-day flaws in Microsoft Exchange
https://securityaffairs.com/153599/hacking/microsoft-exchange-zero-day-flaws.html
ram usage went high all of a sudden without using programs and i found this second explorer task which i cant close
https://www.reddit.com/r/Malware/comments/17n8np5/ram_usage_went_high_all_of_a_sudden_without_using/
CanesSpy Spyware Discovered in Modified WhatsApp Versions
https://thehackernews.com/2023/11/canesspy-spyware-discovered-in-modified.html
Follow Top Cyber News at https://t.me/TopCyberTechNews
Feel free to DM me at https://twitter.com/ShayaFeedman
Malware Analysis, News and Indicators
Okta employee data compromised in third-party breach
Okta had 4,961 current and former employees' data, including names, health insurance plan numbers, and Social Security numbers, compromised following a breach at its third-party vendor Rightway Healthcare, reports The Register. Article Link: Okta employee…