Skip to main content

Lorenzo reshared this.


MITRE has published a three-part series that looks at its security breach from earlier this year.

In its last part, published last week, MITRE looks at the group's malware—the BRICKSTORM backdoor and the BEEFLUSH web shell.

1-https://medium.com/mitre-engenuity/advanced-cyber-threats-impact-even-the-most-prepared-56444e980dc8

2-https://medium.com/mitre-engenuity/technical-deep-dive-understanding-the-anatomy-of-a-cyber-intrusion-080bddc679f3

3-https://medium.com/mitre-engenuity/infiltrating-defenses-abusing-vmware-in-mitres-cyber-intrusion-4ea647b83f5b

reshared this



Lorenzo reshared this.


Rostelecom's security team has discovered a new APT group attacking Russian government agencies and their contractors.

Named Shedding Zmiy, the group has links to the old Cobalt cybercrime operation. Rostelecom says the group switched from financial crimes to espionage in late 2022.

The Russian telco describes Shedding Zmiy as one of the most active and professional APT groups currently targeting Russia.

https://rt-solar.ru/solar-4rays/blog/4333/

reshared this




A leading cyber lawyer in Australia has warned CISOs and other IT leaders their organisations and careers could be at stake if they do not understand data risk and data governance practices.#claytonutz #databreach #datagovernance #datasecurity #privacyawarenessweekaustralia


Lorenzo reshared this.


How about you f*** off instead

reshared this

in reply to Catalin Cimpanu

"Learn". Like it's real, absolute, institutional knowledge of some kind.

Lorenzo reshared this.


Newsletter: https://news.risky.biz/risky-biz-news-backdoor-found-in-court-and-jail-av-recording-software/
Podcast: https://risky.biz/RBNEWS292/

-Backdoor found in court and jail AV recording software
-Kevin Mandia steps down
-TikTok takes down several influence networks
-LastPass will start encrypting URLs
-Microsoft publishes VBScript deprecation timeline
-Gala Games gets its hacked funds back
-pcTattletale spyware leaks user data
-TLS Session Tickets are GDPR compliant (if you were curious)
-Edge gets screenshot protection
-NVD backlog is getting worse by the week

reshared this

in reply to Catalin Cimpanu

Plus:

-Change Healthcare victims ask US HHS for HIPAA exemption
-NYSE fined over 2021 hack
-City of Eindhoven has a leak
-UK ICO to investigate Microsoft over Recall feature
-Apple's WPS is leaking
-US lawmakers propose Diverse Cybersecurity Workforce Act
-EU countries put out anti-propaganda statement
-Latvia wants to criminalize political deepfakes
-BEC money launderer sentenced
-Malware reports on Gootloader, bunch of new stealers, ShrinkLocker, and CatDDoS
-Loads of reports on Chinese APTs

Catalin Cimpanu reshared this.




Lorenzo reshared this.


The President of Latvia has asked the government to amend the country's criminal code to criminalize the creation of deepfakes for political use.

The proposal suggests that offenders should face punishment of up to five years in jail.

President Edgars Rinkēvičs' proposal comes after deepfakes were used in Slovakia's presidential and parliamentary election last year in support of an anti-EU and pro-Kremlin candidate.

https://eng.lsm.lv/article/politics/politics/22.05.2024-president-presents-deepfake-parliamentary-proposal-to-saeima.a554949/

reshared this


Lorenzo reshared this.


Chinese security firm QiAnXin is seeing a surge in activity in IoT botnets using a variant of the Mirai malware named CatDDoS.

The botnets have exploited over 80 vulnerabilities in different devices over the last three months to amass new bots and improve their attack capabilities.

CatDDoS-related botnets are currently launching attacks on more than 300 targets on a daily basis.

QiAnXin says it's seeing some of the botnets attempting to cannibalize each other's bots.

https://blog.xlab.qianxin.com/catddos-derivative-en/

reshared this


Lorenzo reshared this.


Relationship goals:

I want to meet someone who treats me as Russian bots and Russian media treat Elon Musk

reshared this


Lorenzo reshared this.


A suspected Chinese APT group named Sharp Dragon (Sharp Panda) has expanded its targeting to new regions, such as Africa and the Caribbean.

Check Point says the group is now using compromised accounts inside Southeast Asian governments of past victims to reach out to African and Caribbean governments and establish new footholds.

Researchers say the group is careful when selecting new targets and uses publicly and readily available tools to blend in with the noise.

https://research.checkpoint.com/2024/sharp-dragon-expands-towards-africa-and-the-caribbean/

reshared this



Penetration testing is vital in keeping an organization’s digital assets secure. Here are the top picks among the latest pen testing tools and software.

Penetration testing is vital in keeping an organization’s digital assets secure. Here are our top 8 picks among the latest pen testing tools and software.#penetrationtesting


Lorenzo reshared this.


More than three months after NIST stopped enriching the NVD database, the organization has yet to resume its normal activity.

93% of all vulnerabilities added to the NVD database over the last three months still lack crucial information.

According to a report from security firm VulnCheck, NIST's involvement with the NVD is slowing down, with fewer vulnerabilities processed with each passing week.

https://vulncheck.com/blog/nvd-backlog-exploitation

This entry was edited (2 days ago)

reshared this

in reply to Catalin Cimpanu

well this explains some things. Like why there’s a CVE filed against DHCP. Like the whole protocol


Lorenzo reshared this.


It's quite something when TikTok takes down more influence operations than Twitter:

https://www.tiktok.com/transparency/en/covert-influence-operations/

How the times have changed!

reshared this


Lorenzo reshared this.


Codean's Thomas Rinsma has published a write-up of a bug he found in Mozilla's PDF.js PDF file viewer.

The bug could have allowed threat actors to run malicious code inside apps where the PDF.js library was used and left misconfigured.

It's a pretty niche scenario, but 10/10 on the nasty scale.

https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/

reshared this

in reply to Catalin Cimpanu

@wdormann pointed out that the popular note-taking app Obsidian is vulnerable to CVE-2024-4367 (CVSSv3 score pending, disclosed 14 May 2024 by Mozilla, proof of concept available 20 May) This was addressed in Obsidian 1.6.1.


The European Union’s General Data Protection Regulation requires every business enterprise and public authority that collects personal data from EU customers and clients to protect that data from unauthorized access. Finding ideal candidates for the GDPR data protection compliance officer position will require thorough vetting, and potential candidates may be difficult to find. This hiring ...

Lorenzo reshared this.


Boost and ExpressVPN have published security audits this week.

The Boost audit found seven vulnerabilities, while the ExpressVPN audit looked at the company's no-logs policy.

https://www.shielder.com/blog/2024/05/boost-security-audit/

https://www.expressvpn.com/security-audit-reports/kpmg-privacy-policy-2023

reshared this


Lorenzo reshared this.


Google's Mandiant division warns about an increasing number of Chinese APT groups adopting ORB (operational relay box) networks to disguise their attack infrastructure.

Mandiant says it's tracking multiple ORB networks in the wild. The biggest are SPACEHOP and FLORAHOX, used by groups like APT5 and APT31, respectively.

https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks/

reshared this


Lorenzo reshared this.


The VBScript deprecation timeline is useless. It's in 3 f***ing years, with no removal date even set.

It's like saying to your wife "yeah, I'll fix it"....but not actually getting to it any time soon

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/vbscript-deprecation-timelines-and-next-steps/ba-p/4148301

reshared this



Lorenzo reshared this.


BlueSky adds DM support

https://bsky.app/profile/bsky.app/post/3kt3y33tk4w2m

reshared this


Lorenzo reshared this.


Just think about it!

In just 14 days, Microsoft pivoted from "do security" in an internal memo on May 5 to "let's install spyware on everyone's PC" on May 21.

That must be a world record in bad corporate management

This entry was edited (3 days ago)

reshared this

in reply to Catalin Cimpanu

is that why they want to activate bitlocker by default soon or is it an unrelated middle finger move?


Lorenzo reshared this.


Apparently, this actually happened: https://x.com/DrewPavlou/status/1791612346844209225

Press coverage: https://www.jpost.com/omg/article-801627

reshared this



This guide explains how you can change the location of your virtual private network for privacy, security or geolocation issues.#VPN #VPNlocation

Lorenzo reshared this.


Newsletter: https://news.risky.biz/risky-biz-news-dnsbomb-attack-is-here-pew-pew-pew/
Podcast: https://risky.biz/RBNEWS291/

-DNSBomb attack is here! Pew pew pew!!!
-Rockwell tells customers to disconnect ICS gear from the internet
-Linguistic Lumberjack vulnerability impacts most cloud providers
-Incognito Market admin arrested
-Gala Games hacked for $21mil
-US EPA announces future cyber enforcement
-US HHS launches UPGRADE cyber program
-BreachForums replacement announced
-Data destruction campaign in Italy
-Zerodium shutdown (???)

reshared this

in reply to Catalin Cimpanu

And:
-Auth bypass in GitHub ES
-Werewolves ransomware group hits Russia
-Malware reports on a new Exchange keylogger, GhostEngine, Latrodectus, SamsStealer, CLOUD#REVERSER
-DoppelGänger is everywhere right now
-Two Iranian APTs are working together, handing off access
-Academic work finds that AI safeguards suck
-POCs released for Git, FortiSIEM, and Ivanti bugs
-QNAP patches bug after POC release
-Bitbucket may leak plaintext creds
-CyberArk buys Venafi
-New Siren mailing list for FOSS projects

Catalin Cimpanu reshared this.


Lorenzo reshared this.


Security researcher Amal Murali has published a PoC for CVE-2024-32002, an RCE in the Windows Git client that can be triggered via a simple git clone operation.

https://amalmurali.me/posts/git-rce/

https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/?ref=news.risky.biz

reshared this



Lorenzo reshared this.


SentinelOne has published a profile on Ikaruz Red Team, a hacktivist group using ransomware attacks as part of its operations against the Philippines.

One of its past targets was an attack against the Department of Science and Technology, where the group tried to pose as the country's CERT service.

https://www.sentinelone.com/blog/ikaruz-red-team-hacktivist-group-leverages-ransomware-for-attention-not-profit/

reshared this


Lorenzo reshared this.


Ukraine's CERT team says that starting with May 20, it detected a huge wave of spam coming from fin-group UAC-0006 and targeting Ukrainian government and private organizations.

https://cert.gov.ua/article/6279366

reshared this


Lorenzo reshared this.


Last week, watchTowr Labs published a report about 15 vulnerabilities in QNAP NAS devices: https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/

QNAP patched only four.

Days after a PoC was published online, QNAP patched another five

https://www.qnap.com/en/security-advisory/qsa-24-23

reshared this

in reply to Catalin Cimpanu

Sometimes publishing a PoC is the most responsible disclosure one can do.
It seems to help getting things fixed.

Lorenzo reshared this.


Microsoft has published a blog post with all the security features shipping with Windows 11 in the coming months

https://www.microsoft.com/en-us/security/blog/2024/05/20/new-windows-11-features-strengthen-security-to-address-evolving-cyberthreat-landscape/

reshared this



Trying to figure out how to install a VPN on your router? Read our step-by-step guide to help you get started.#router #VPN


Lorenzo reshared this.


Tenable security researchers have found a vulnerability in the Fluent Bit monitoring and logging utility.

Named Linguistic Lumberjack (CVE-2024-4323), the vulnerability can be used for denial of service, information disclosure, or remote code execution.

A fix was committed to the Fluent Bit code last week, but the project has not released an official fix/

Tenable fears threat actors may exploit knowledge of the bug to launch attacks.

https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-432

reshared this


Lorenzo reshared this.


Check Point says that two Iranian APT groups have collaborated in attacks carried out over the past several years against targets in Albania and Israel.

The first group is focused on intelligence collection, while the second group deploys ransomware and data wipers and leaks data as part of information and influence operations.

Both groups are affiliated with Iran's MOIS and are using what appears to be a well-documented handoff procedure.

https://research.checkpoint.com/2024/bad-karma-no-justice-void-manticore-destructive-activities-in-israel/

reshared this