Newsletter: https://news.risky.biz/risky-biz-news-cisco-zero-day-fun-time-is-here/
Podcast: https://risky.biz/RBNEWS280/
-Cisco zero-day fun time is here!
-PlugX USB worm infects 2.5 million devices
-El Salvador crypto-service hacked
-US takes down another crypto-mixing service
-Nothing phonemaker discloses data breach
-Meduza DDoS attack linked to residential proxy providers
-Coast Guard Reserve breach
-Google delays end of 3rd-party cookies
-Scam call center disrupted in UA
-BEC money launderer sentenced
-DPRK npm campaigns return
Risky Biz News: Cisco zero-day fun time is here!
In other news: PlugX USB worm infects 2.5 million devices; El Salvador crypto-service hacked; US takes down another crypto-mixing service.Catalin Cimpanu (Risky.Biz)
reshared this
OpenAI's GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities
An LLM agent based on OpenAI’s GPT-4 is able to exploit 87% of a list of vulnerabilities when provided with their NIST descriptions.Fiona Jackson (TechRepublic)
Talks from the Botconf 2024 security conference, which took place this week, are available on YouTube
https://www.youtube.com/playlist?list=PL8fFmUArVzKj1hTdulLfht1OosYqSp4sO
reshared this
Apparently Edge had support for mouse gestures for a year now and I haven't noticed
https://textslashplain.com/2024/04/23/mouse-gestures-in-edge/
Mouse Gestures in Edge
Over twenty years ago, the Opera browser got me hooked on mouse gestures, a way for you to perform common browser actions quickly. After I joined the IE team in 2004, I fell in love with a browser …text/plain
reshared this
In the aftermath of the Samourai Wallet crypto-mixing service takedown, the FBI has warned Americans not to use these types of shady services, as they risk losing access to their funds when takedowns happen.
reshared this
Sonar researchers have identified and helped patch an issue in the SourceForge code-hosting platform.
Researchers say the bug—residing in SourceForge's Apache Allura servers—would have allowed attackers to take full control of the platform.
https://www.sonarsource.com/blog/dangerous-import-sourceforge-patches-critical-code-vulnerability/
Dangerous Import: SourceForge Patches Critical Code Vulnerability
Our Vulnerability Research team discovered a critical code vulnerability in SourceForge, which attackers could have used to poison deployed files and spread malware to millions of users.Stefan Schiller (Sonar)
reshared this
Sekoia has sinkholed one of the C&C servers used by the PlugX USB worm.
Almost 100,000 infected devices are still pinging the server for commands on a daily basis.
The company says that over a period of six months, it saw more than 2.5 million distinct devices contact the server.
Sekoia says the malware supports a remote uninstall command and has offered to help national CERT teams perform what it described as a "sovereign disinfection" of each country's IP space.
https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/
Unplugging PlugX: Sinkholing the PlugX USB worm botnet
Learn about our process for collecting telemetry data from PlugX worm-infected workstations, as well as how to disinfect them.Felix Aimé, Charles M. and TDR (Threat Detection & Research) (Sekoia.io Blog)
reshared this
Google's Mandiant has published a list of state-sponsored groups likely to target election cycles across the world this year. It's quite the long list.
https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-global-elections
Poll Vaulting: Cyber Threats to Global Elections
The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats.Mandiant (Google Cloud)
reshared this
reshared this
Enzo Enriques Agnoletti
#25aprile
Dissidente, partigiano e politico
like this
reshared this
A group of Dutch security firms has published research looking at the Cactus ransomware's gang attacks on QlikSense servers: https://cyberveilignederland.nl/actueel/persbericht-samenwerkingsverband-melissa-vindt-diverse-nederlandse-slachtoffers-van-ransomwaregroepering-cactus
An English version of the research is available via Fox-IT: https://blog.fox-it.com/2024/04/25/sifting-through-the-spines-identifying-potential-cactus-ransomware-victims/
Persbericht: Samenwerkingsverband Melissa vindt diverse Nederlandse slachtoffers van ransomwaregroepering Cactus
Uit gezamenlijk onderzoek van cybersecuritybedrijven Fox-IT, Northwave en Responders, in het kader van project Melissa, zijn Nederlandse slachtoffers geïdentificeerd van de ransomwaregroepering ‘Cactus'.cyberveilignederland.nl
reshared this
Live stream of the 2nd day of the Botconf security conference
reshared this
Research from Hive Systems warns that some bcrypt-hashed passwords may be quite easily crackable using modern GPUs.
The time is here to start switching to longer passwords or passphrases.
https://www.hivesystems.com/blog/are-your-passwords-in-the-green
Are Your Passwords in the Green?
It's the 2024 update to our Hive Systems Password Table - including using a new “most-hacked” password hash. See why our Password Table has been shown and written about on the news, published by universities, and shared by companies across the globe.Corey Neskey (Hive Systems)
reshared this
DevSecOps company Phylum says that North Korean hackers have returned to uploading malicious packages on npm. They previously ran similar campaigns in November 2023 and January this year.
The latest campaign expanded to target macOS devices on top of Windows users.
Chinese security firm QiAnXin previously linked the campaign to the Lazarus Group.
https://blog.phylum.io/north-korean-state-actors/
Nation-State Threat Actors Renew Publications to npm
Back in November of 2023, we published a blog post highlighting the technical details of a sophisticated attack in npm attributed to North Korea.Phylum Research Team (Phylum)
reshared this
GitHub - mansk1es/CVE-2024-21111: Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability
Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability - mansk1es/CVE-2024-21111GitHub
reshared this
Qurium researchers have linked recent DDoS attacks against Russian independent media outlet Meduza to the infrastructure of three residential proxy providers. The most recent of these attacks took place on April 15 and lasted 48 consecutive hours.
Attacks were linked to Plainproxies, Min Proxy, and RapidSeedBox: https://www.qurium.org/alerts/meduza-io-under-denial-of-service-attack/
Qurium says the same providers were also behind coordinated DDoS attacks on independent Hungarian news sites last year: https://www.qurium.org/weaponizing-proxy-and-vpn-providers/ddos-attacks-traced-to-proxy-infrastructure-white-proxies/
Russian exiled media Meduza.io facing repeated DDoS attacks
Meduza is one of the largest and most influential Russian regime critical news site that delivers daily news from all across Russia in Russian and English languages.www.qurium.org
reshared this
US charges founders of the Samourai Wallet crypto mixing service for laundering $100 mil
Founders And CEO Of Cryptocurrency Mixing Service Arrested And Charged With Money Laundering And Unlicensed Money Transmitting Offenses
Damian Williams, the United States Attorney for the Southern District of New York; Thomas Fattorusso, the Special Agent in Charge of the New York Field Office of the Internal Revenue Service, Criminal Investigation (“IRS-CI”); and James Smith, the As…www.justice.gov
reshared this
Prompt Hacking, Private GPTs and Zero-Day Exploits: The Impacts of AI on Cyber Security Landscape
A new report by cyber security firm Radware identifies the four main impacts of AI on the threat landscape emerging in 2024.Fiona Jackson (TechRepublic)
Newsletter: https://news.risky.biz/risky-biz-news-first-us-spyware-visa-ban-hammer-falls-on-13-individuals/
Podcast: https://risky.biz/RBNEWS279/
-US imposes visa ban on 13 individuals linked to spyware
-Pegasus used against Polish female military officers
-Pegasus used against 92 Greek targets in 2022
-Russian hackers used a secret Windows zero-day for years
-US charges, sanctions four IRGC hackers
-Hackers breach Brazil govt's payment system
-ELTA fined €3mil for 2022 ransomware incident
-DPRK hackers breach 10 KOR defense companies
-Dwell times go down to 10 days
First US spyware visa ban hammer falls on 13 individuals
In other news: Pegasus used against Polish female military officers; Russian hackers used a secret Windows zero-day for years; US charges, sanctions four IRGC hackers.Catalin Cimpanu (Risky.Biz)
reshared this
Plus:
-Hackers steal data from 127 Singaporean schools
-Synlab shuts down Italian labs after ransomware attack
-Street lights stay on in Leicester after ransomware attack
-Russia sentences Meta exec to prison
-Grindr sued in the UK for selling user data
-HIPAA gets a privacy update
-Russia now blocks 150 VPNs
-Dutch AIVD and MIVD yearly reports are out
-France and Spain join on spyware investigation
-32 EU police bosses complain about E2EE
-Russian malware dev detained
-DDoSers detained in NL
reshared this
And:
-Spyware industry overview
-Reports on CoralRaider & Scaly Wolf groups
-New APT73 and Embargo RaaS
-Malware reports on SharpStealer, GuptiMiner, HydraCrypt
-APT reports on ToddyCat, APT-Q-31, MuddyWater
-Apache dependency confusion
-Vulnerabilities found in 8 cloud keyboards
-New tool—Dauthi
-ATT&CK v15 is out
-Veeam buys Coveware
-IBM to buy HashiCorp
-Server leaks DPRK's involvement in animation production
-Change Healthcare attack impacts "a substantial proportion of people in America"
Catalin Cimpanu reshared this.
US charges four Iranian hackers: https://www.justice.gov/opa/pr/justice-department-charges-four-iranian-nationals-multi-year-cyber-campaign-targeting-us
Sanctions also included: https://home.treasury.gov/news/press-releases/jy2292
And a $10mil reward: https://twitter.com/RFJ_USA/status/1782824365127500272
All of this is related to a 2016-2021 hacking campaign that targeted over a dozen US companies and the US State and Treasury depts.
Sanctions were also levied against two front companies operated by the IRGC-CEC, the IRGC cyber corps. One of the companies has been linked to multiple APTs, including Tortoiseshell.
Justice Department Charges Four Iranian Nationals for Multi-Year Cyber Campaign Targeting U.S. Companies
An indictment was unsealed today in Manhattan federal court charging Iranian nationals Hossein Harooni (حسین هارونی), Reza Kazemifar (رضا کاظمی فر), Komeil Baradaran Salmani (کمیل برادران سلمانی), and Alireza Shafie Nasab (علیرضا شفیعی نسب) for their…www.justice.gov
reshared this
Rapid7 confirms CrushFTP zero-day is indeed fully unauthenticated
reshared this
Threat intel analyst Rakesh Krishnan has published a blog post on APT73, a new ransomware gang that appears to have launched this month.
The group also goes by the name of Eraleig.
https://rakeshkrish.medium.com/apt73-eraleig-news-unveiling-new-ransomware-group-55aec3e873ff
APT73/ERALEIG NEWS: UNVEILING NEW RANSOMWARE GROUP - Rakesh Krishnan - Medium
Unlike other naming conventions attributed by Researchers to Threat Actors, this group decided themselves to call “APT” (Advanced Persistent Threat) followed by a number. APT73 is a Ransomware Group…Rakesh Krishnan (Medium)
reshared this
Security researcher Matt Burch has published Dauthi, a tool designed to perform authentication attacks against various Mobile Device Management (MDM) solutions: https://github.com/emptynebuli/dauthi
Burch says Dauthi can be used to hack BlackBerry MDM solutions: https://emptynebuli.github.io/tooling/2024/04/22/blackberryMDM.html
BlackBerry MDM Has Some Authentication Flaws
After detailing authentication issues with VMWare’s Airwatch and Ivanti’s MobileIron, I began to search other popular Mobile Device Management (MDM) tools for similar logic flaws. One of my primary targets for this effort was the BlackBerry MDM.Matt Burch (emptynebuli) (Into the Abyss)
reshared this
Progress Software has released a patch to fix an unauthenticated command injection vulnerability in its Kemp Flowmon network monitoring suite: https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability
Rhino Labs has published a write-up on the bug here: https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/
The issue is tracked as CVE-2024-2389.
CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon - Rhino Security Labs
CVE-2024-2389 unauthenticated command injection vulnerability found in Progress Flowmon server.Rhino Security Labs
reshared this
Mandiant's M-Trends report:
https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2024/
The median dwell time for security breaches has fallen last year to an all-time low of 10 days.
Mandiant says that 43% of all incidents were detected in one week or less.
The company observed a decrease in intrusions that remain undiscovered for long periods of time compared to previous years.
Only 6% of 2023 intrusions went undetected for more than a year.
In terms of ransomware, dwell times fell from 9 days in 2022 to 5 days last year.
M-Trends 2024: Our View from the Frontlines
M-Trends 2024 continues our tradition of providing relevant security metrics, analysis, and guidance.Jurgen Kutscher (Google Cloud)
reshared this
"Leicester street lights stuck on all day due to cyber attack"
lol
https://www.leicestermercury.co.uk/news/leicester-news/leicester-street-lights-stuck-day-9240197
Leicester street lights stuck on all day due to cyber attack
The cyber attack happened in early March and led to confidential documents being released onlineLeicestershire Live
reshared this
The photocell-controlled street lamp was introduced in the USA in 1949, thus creating lights that turned on when it was dark, and off when it was light.
This had the unintended side effect of streetlights that work during a total eclipse of the sun.
This is what the kids today call "DeLi", or "Decentralized Lighting" that requires no central server and is immune to cyber attack.
Russia has sentenced Meta's communications director Andy Stone to six years in prison for "promoting terrorism"
It's actually a sentence against Meta for not censoring Facebook content about its invasion of Ukraine
Petty Russia is petty
reshared this
"Avast discovered and analyzed a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers"
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - Avast Threat Labs
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers.Jan Rubín (Avast)
reshared this
After thinking about it, shouldn't this be an exploited zero-day vulnerability which should be assigned a CVE? @todb
The circumstances are that a threat actor successfully hijacked the eScan antivirus update mechanism to distribute backdoors and coinminers, and eScan later confirmed that the issue was fixed and successfully resolved.
@screaminggoat @todb yeah, it should be... but it's also an Indian firm where everything is perfect and they're never to blame
watch out... they might sue you screaming goat
Bloomberg has published a profile on Aleksanteri Kivimäki, the hacker behind the ransomware attack and subsequent extortion campaign against Finnish health provider Vastaamo and its patients.
reshared this
Police chiefs from 32 European countries have called on governments and industry groups to stop tech companies from rolling end-to-end encryption (E2EE)
European Police Chiefs call for industry and governments to take action against end-to-end encryption roll-out | Europol
European Police Chiefs call for industry and governments to take action against end-to-end encryption roll-outEuropol
reshared this
A while ago, I created this repository to show why banning end-to-end encryption won’t stop bad people from using it (though it will prevent vulnerable people from benefitting from it):
https://github.com/davidchisnall/banning-e2ee-is-stupid
Please share it with anyone who thinks banning end-to-end encryption is possible / a good idea.
GitHub - davidchisnall/banning-e2ee-is-stupid: Do you think banning end-to-end encryption is plausible? Think again.
Do you think banning end-to-end encryption is plausible? Think again. - davidchisnall/banning-e2ee-is-stupidGitHub
Yes, this is bad. But in my view part of the problem are privacy advocates, who just say NO, and never offer alternatives, or even acknowledge the legitimate challenges LE faces.
On of the biggest threats to privacy are criminals. So maybe it would make sense to think about ways to reduce abuse without compromising privacy.
"The Legit research team recently discovered a dependency confusion vulnerability in an archived Apache project. This discovery highlights the need to consider third-party projects and dependencies as potential weak links in the software development factory, especially archived open-source projects that may not receive regular updates or security patches."
Dependency Confusion Vulnerability Found in an Archived Apache Project
Legit Security | Dependency Confusion Vulnerability Found in an Archived Apache Project. Get details on the Legit research team's discovery of a dependency confusion vulnerability in an archived Apache project.Ofek Haviv (Legit Security)
reshared this
The Dutch Military Intelligence and Security Service (MIVD) has published its yearly security report.
The MIVD says it was involved in operations that disrupted Russian cyber attacks against Ukraine but did not provide additional details—for obvious reasons.
Jaarverslag MIVD 2023
In dit verslag legt de Militaire Inlichtingen- en Veiligheidsdienst (MIVD) verantwoording af over de werkzaamheden van 2023.www.defensie.nl
reshared this
The European Data Protection Board has published its strategy for 2024-2027, and the agency has promised more concerted efforts to enforce GDPR compliance
reshared this
Catalin Cimpanu
in reply to Catalin Cimpanu • • •Also:
-Malware reports on Grandoreiro, Brokewell, Sliver, Remcos, SSLoad, IDAT Loader, Cactus
-New Qiulong ransomware
-APT reports on Pakistani APTs and APT threat to elections
-Oracle VirtualBox PoC
-Vuln reports on Brocade, iSharing
-Bcrypt cracking research
-Botconf videos
-KnowBe4 acquires Egress
-FCC votes back net neutrality
-EU passes right to repair directive
-US bans non-competes
Catalin Cimpanu reshared this.