ποΈ Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid2022. "Showboat is a modular postexploitation framework designed for Linux systems, capable of spawning a remote shell, transferring files, and functioning as a SOCKS5 proxy," Lumen.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying. The danger is in normal things now updates, apps, cloud buttons, support chats, trusted accounts. AI.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1
ποΈ Microsoft Warns of Two Actively Exploited Defender Vulnerabilities ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft has disclosed that a privilege escalation and a denialofservice flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE202641091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. "Improper link resolution before file access 'link following' in Microsoft Defender.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ When Identity is the Attack Path ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minorleague attacker, could have opened a path to some 98 of entities in the company's cloud.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE202646333 CVSS score 5.5, is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Fake Gemini and Claude Code Sites Spread Infostealers
The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets
π Apple Blocked $2.2bn in App Store Fraud in the Last Year π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Total figure for fraudulent transactions Apple has blocked since 2020 now stands at over 11bn.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Apple Blocked $2.2bn in App Store Fraud in the Last Year
Total figure for fraudulent transactions Apple has blocked since 2020 now stands at over $11bn
π Cybercriminal VPN Dismantled in Europol Crackdown π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cybercriminal VPN Dismantled in Europol Crackdown
First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol
π GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
GitHub Breach Traced to Malicious βNx Consoleβ VS Code Extension
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace
β€1
π Three-Quarters of Firms Knowingly Ship Vulnerable Code π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Three-Quarters of Firms Knowingly Ship Vulnerable Code, Says Checkmarx
AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers
π Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Qualys finds nineyearold Linux ptrace flaw exposing SSH keys and password hashes locally.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π Grafana Labs Says Code Breach Stemmed from TanStack Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Grafana Labs Says Code Breach Stemmed from TanStack Attack
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack
βοΈ Lawmakers Demand Answers as CISA Tries to Contain Data Leak βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity Infrastructure Security Agency CISA after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of otherβ¦
β€1
ποΈ Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Belarusaligned threat actor known as Ghostwriter aka UAC0057 and UNC1151Ukraine's National Security and Defense Council has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine CERTUA, involves sending phishing emails to government.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity