Today's Core Dump is brought to you by ThreatPerspective

Biz & IT Ars Technica

Vulnerability in Cisco Smart Software Manager lets attackers change any user password

Yep, passwords for administrators can be changed, too. Vulnerability in Cisco Smart Software Manager lets attackers change any user password Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, including those of administrators with accounts, on Cisco Smart Software Manager On-Prem devi...

Published: 2024-07-17T19:47:38



Biz & IT Ars Technica

Rite Aid says breach exposes sensitive details of 2.2 million customers

Stolen data includes customer names, addresses, birth dates, and driver's license numbers. Rite Aid logo displayed at one of its stores. Rite Aid, the third biggest US drug store chain, said that more than 2.2 million of its customers have been swept into a data breach that stole personal information, including driver's license numbers, addresses, and dates of birth. The company sa...

Published: 2024-07-16T22:09:58



Biz & IT Ars Technica

Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice

Files available on the open source NPM repository underscore a growing sophistication. A cartoon door leads to a wall of computer code. Researchers have determined that two fake AWS packages downloaded hundreds of times from the open source NPM JavaScript repository contained carefully concealed code that backdoored developers' computers when executed. The packages img-aws-s3-obje...

Published: 2024-07-15T20:18:50



Biz & IT Ars Technica

Exim vulnerability affecting 1.5M servers lets attackers attach malicious files

Based on past attacks, it wouldn’t be surprising to see active targeting this time, too. Exim vulnerability affecting 1.5M servers lets attackers attach malicious files More than 1.5 million email servers are vulnerable to attacks that can deliver executable attachments to user accounts, security researchers said. The servers run versions of the Exim mail transfer agent that are vulnerable to a critical vulnerabi...

Published: 2024-07-11T20:47:26



Biz & IT Ars Technica

Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it

The goal of the exploits was to open Explorer and trick targets into running malicious code. Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it Threat actors carried out zero-day attacks that targeted Windows users with malware for more than a year before Microsoft fixed the vulnerability that made them possible, researchers said Tuesday. The vulnerability, present in both Windows 10 and ...

Published: 2024-07-10T21:44:12



The Register - Software

Cybercriminals quickly exploit CrowdStrike chaos

Who loves a global outage? Phishers, fraudsters and all manner of creeps Well that was fast. Criminals didn't waste any time taking advantage of the CrowdStrike-Microsoft chaos and quickly got to work phishing organizations and spinning up malicious

Published: 2024-07-19T15:22:07



The Register - Software

Life, interrupted: How CrowdStrike's patch failure is messing up the world

Oh, was it supposed to be Y2K24? Today is one of those days that will go down in history as an unmitigated IT disaster, with CrowdStrike responsible for taking systems down all over the globe. We know airports, hospitals and the usual critical infras

Published: 2024-07-19T14:58:09



The Register - Software

ZDI shames Microsoft for yet another coordinated vulnerability disclosure snafu

'It seems like they really don't have a full grasp of what's going on with this patch' Exclusive A Microsoft zero-day vulnerability that Trend Micro's Zero Day Initiative team claims it found and reported to Redmond in May was disclosed and patched

Published: 2024-07-15T15:00:11



The Verge - Securities

CrowdStrike CEO to testify about massive outage that halted flights and hospitals

Vector illustration of the Crowdstrike logo. CrowdStrike CEO George Kurtz was called to testify before the House Homeland Security Committee over the major outage affecting Windows PCs spurred by a faulty update that brought flights, hospital procedures, and broadcasters to a halt on ...

Published: 2024-07-22T18:28:11



The Verge - Securities

CrowdStrike and Microsoft: all the latest news on the global IT outage

Vector illustration of the Crowdstrike logo. A global IT outage grounded flights and resulted in outages at the London Stock Exchange and other systems early Friday morning. Industries ranging from healthcare to banking, air travel, and others are struggling with a global IT outage th...

Published: 2024-07-22T10:53:15



The Verge - Securities

CrowdStrike outage: Photos, videos, and tales of IT workers fixing BSODs

Vector illustration of the Crowdstrike logo. The CrowdStrike outage that hit millions of Windows machines on Friday has left IT workers scrambling to get their organizations’ computer infrastructure back up and running. Images and stories shared online are illustrating just how tediou...

Published: 2024-07-21T12:26:59



The Verge - Securities

CrowdStrike has a new guidance hub for dealing with the Windows outage

Vector illustration of the Crowdstrike logo. CrowdStrike has published a new “Remediation and Guidance Hub” that collects details related to its faulty update that crashed 8.5 million Windows computers across the globe on Friday. The page includes technical information on what caused...

Published: 2024-07-21T10:06:18



The Verge - Securities

CrowdStrike's faulty update crashed 8.5 million Windows devices, says Microsoft

Vector illustration of the Crowdstrike logo. CrowdStrike’s faulty update caused a worldwide tech disaster that affected 8.5 million Windows devices on Friday, according to Microsoft. Microsoft says that’s “less than one percent of all Windows machines,” but it was enough to create pro...

Published: 2024-07-20T13:20:45



The Verge - Securities

CrowdStrike outage Blue Screen of Death photos from around the world

Global IT Outage Affects Airlines, Banks And Retailers SLC, Utah. Terminal 1 pic.twitter.com/kMRXbXbnQC Guillermo Rauch (@rauchg) July 19, 2024 Everywhere you look: blue screens of death pic.twitter.com/Jh1fdVflTD Morning Brew (@MorningBrew) July 19, 2024 ...

Published: 2024-07-19T14:37:09



The Verge - Securities

Microsoft on CrowdStrike outage: have you tried turning it off and on? (15 times)

Have you turned it off and on again? That familiar refrain from IT departments and The IT Crowd is being echoed by Microsoft today as a recommended way of fixing the faulty CrowdStrike update that has taken down thousands of Windows PCs and...

Published: 2024-07-19T11:34:40



The Verge - Securities

What is CrowdStrike, and what happened?

An image showing a laptop with “Error” notifications on the screen On Friday morning, some of the biggest airlines, TV broadcasters, banks, and other essential services came to a standstill as a massive outage rippled across the globe. The outage, which has brought the Blue Screen of Death upon legions of ...

Published: 2024-07-19T10:20:02



The Verge - Securities

Here's how IT admins are fixing the Windows Blue Screen of Death chaos

Global IT Outage Affects Airlines, Banks And Retailers IT admins around the world are scrambling to fix a major issue with Windows computers today after a faulty update from cybersecurity provider CrowdStrike knocked thousands of PCs and servers offline with a Blue Screen of Death (BSOD) error....

Published: 2024-07-19T09:24:18



The Verge - Securities

Disney's internal Slack was leaked by hackers mad about AI

The Disney logo over a blue and black background with tiled circles in the style of Disney’s logo. Over a terabyte of data supposedly obtained from Disney’s internal messaging channels has been leaked online by a self-proclaimed “hacktivist group,” including login credentials, code, images, and information about unreleased projects. The ...

Published: 2024-07-16T06:32:44



BleepingComputer

Greece’s Land Registry agency breached in wave of 400 cyberattacks

The Land Registry agency in Greece has announced that it suffered a limited-scope data breach following a wave of 400 cyberattacks targeting its IT infrastructure over the last week. [...]

Published: 2024-07-22T18:46:31



BleepingComputer

US sanctions Russian hacktivists who breached water facilities

The US government has imposed sanctions on two Russian cybercriminals for cyberattacks targeting critical infrastructure. [...]

Published: 2024-07-22T14:16:25



BleepingComputer

New Play ransomware Linux version targets VMware ESXi VMs

Play ransomware is the latest ransomware gang to start deploying a dedicated Linux locker for encrypting VMware ESXi virtual machines. [...]

Published: 2024-07-22T13:01:51



BleepingComputer

Telegram zero-day allowed sending malicious Android APKs as videos

A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files. [...]

Published: 2024-07-22T10:41:55



BleepingComputer

Los Angeles Superior Court shuts down after ransomware attack

The largest trial court in the United States, the Superior Court of Los Angeles County, closed all 36 courthouse locations on Monday to restore systems affected by a Friday ransomware attack. [...]

Published: 2024-07-22T10:37:50



BleepingComputer

End-user cybersecurity errors that can cost you millions

An innocent mistake can lead to a corporate nightmare. Learn from Specops Software about five of the most frequent cybersecurity blunders that can let attackers breach a network. [...]

Published: 2024-07-22T10:02:04



BleepingComputer

Spain arrests three for using DDoSia hacktivist platform

The Spanish authorities have arrested three individuals for using DDoSia, a distributed denial of service platform operated by pro-Russian hacktivists, to conduct DDoS attacks against governments and organizations in NATO countries. [...]

Published: 2024-07-22T09:18:42



BleepingComputer

Fake CrowdStrike fixes target companies with malware, data wipers

Threat actors are exploiting the massive business disruption from CrowdStrike's glitchy update on Friday to target companies with data wipers and remote access tools. [...]

Published: 2024-07-21T15:31:34



BleepingComputer

UK arrests suspected Scattered Spider hacker linked to MGM attack

UK police have arrested a 17-year-old boy suspected of being involved in the 2023 MGM Resorts ransomware attack and a member of the Scattered Spider hacking collective. [...]

Published: 2024-07-20T15:05:35



Threat Intelligence

APT41 Has Arisen From the DUST

Written by: Mike Stokkel, Pierre Gerlings, Renato Fontana, Luis Rocha, Jared Wilson, Stephen Eckels, Jonathan Lepore Executive Summary In collaboration with Google’s Threat Analysis Group (TAG), Mandiant has observed a sustained campaign by the

Published: 2024-07-18T10:00:00



Threat Intelligence

Scaling Up Malware Analysis with Gemini 1.5 Flash

gemini-for-malware-analysis-part2-fig9 Written by:Bernardo Quintero, Founder of VirusTotal and Security Director, Google Cloud SecurityAlex Berry, Security Manager of the Mandiant FLARE Team, Google Cloud SecurityIlfak Guilfanov, author of IDA Pro and CTO, Hex-RaysVijay Bolina, Chief Info...

Published: 2024-07-15T14:00:00



Threat Intelligence

Emboldened and Evolving: A Snapshot of Cyber Threats Facing NATO

Written by: John Hultquist As North Atlantic Treaty Organization (NATO) members and partners gather for a historic summit, it is important to take stock of one of its most pressing challenges the cyber threat. The Alliance faces a barrage of mali

Published: 2024-07-08T14:00:00



ProPublica

The President Ordered a Board to Probe a Massive Russian Cyberattack. It Never Did.

by Craig Silverman ProPublica is a nonprofit newsroom t

Published: 2024-07-08T05:00:00



Krebs on Security

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Expe...

Published: 2024-07-15T15:24:46



Krebs on Security

Microsoft Patch Tuesday, July 2024 Edition

Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against ...

Published: 2024-07-09T19:50:33



Gizmodo

Samsung Galaxy Z Fold 6 Review: An Impressive Foldable Despite Repeat Compromises

It costs a ton, it's not the most durable device, and the camera still doesn't perform like the Galaxy S24 Ultra. ... Galaxy Z Fold 6 Hero

Published: 2024-07-22T18:00:08



Gizmodo

You’ll Soon Be Able to Blow Up Cybertrucks in ‘Fortnite’

Rejoice Tesla haters, the free-to-play online shooter will be a safe space for you to vent your rage at the ugliest vehicle ever made. ... Cybertruck

Published: 2024-07-22T17:30:55



The Register - Security

Google's plan to drop third-party cookies in Chrome crumbles

Ad giant promises to protect privacy, as critics say surveillance continues Google no longer intends to drop support for third-party cookies the online identifiers used by the ad industry to track people and target them with ads based on their online activities.

Published: 2024-07-23T00:03:53



The Register - Security

Global cops power down world's 'most prolific' DDoS dealership

One arrest was made weeks ago but no word on the suspect's identity yet A DDoS-for-hire site described by the UK's National Crime Agency (NCA) as the world's most prolific operator in the field is out-of-action following a law enforcement sting dubbed Operation Power Off.

Published: 2024-07-22T20:15:07



The Register - Security

LA County Superior Court closes doors to reboot justice after ransomware attack

Some rest for the wicked? Los Angeles County Superior Court, the largest trial court in America, closed all 36 of its courthouses today following an "unprecedented" ransomware attack on Friday.

Published: 2024-07-22T17:15:13



The Register - Security

Cybercrooks crafting solo careers in wake of ransomware takedowns

More baddies go it alone as trust in big gangs withers, claims Europol A fresh report from Europol suggests that the recent disruption of ransomware-as-a-service (RaaS) groups is fragmenting the threat landscape, making it more difficult to track.

Published: 2024-07-22T16:33:13



The Register - Security

Oracle coughs up $115M to make privacy case go away

Big Red agrees not to capture personal details after two-year class action Oracle has agreed to cough up $115 million to settle a two-year class action lawsuit that alleged misuse of user data.

Published: 2024-07-22T13:45:11



The Register - Security

EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft

Was a 2009 agreement on interoperability to blame? Did the EU force Microsoft to let third parties like CrowdStrike run riot in the Windows kernel as a result of a 2009 undertaking? This is the implication being peddled by the Redmond-based cloud and software titan.

Published: 2024-07-22T13:00:11



The Register - Security

Two Russians sanctioned over cyberattacks on US critical infrastructure

Supposed hacktivist efforts previously linked to the Kremlin's GRU Flying under the radar on Clownstrike day last week, two members of the Cyber Army of Russia Reborn (CARR) hacktivist crew are the latest additions to the US sanctions list.

Published: 2024-07-22T12:02:03



The Register - Security

Cellebrite got into Trump shooter's Samsung device in just 40 minutes

Also: Second-string Russian hackers sanctioned; Senators demand answers from Snowflake, and more Infosec in brief Unable to access the Samsung smartphone of the deceased Trump shooter for clues, the FBI turned to a familiar if controversial source to achieve its goal: digital forensics tools vendor Cellebrite.

Published: 2024-07-22T03:44:10



The Register - Security

CrowdStrike's Falcon Sensor also linked to Linux kernel panics and crashes

Rapid restore tool being tested as Microsoft estimates 8.5M machines went down CrowdStrike's now-infamous Falcon Sensor software, which last week led to widespread outages of Windows-powered computers, has also caused crashes of Linux machines.

Published: 2024-07-21T23:51:18



The Register - Security

UK cops arrest teen suspect in MGM Resorts cyberattack probe

17-year-old cuffed as FBI says it will 'relentlessly pursue' miscreants around the globe Cops in the UK have arrested a suspected member of the notorious Scattered Spider crime gang, which is accused of crippling MGM Resorts in Las Vegas with ransomware last summer.

Published: 2024-07-19T21:51:06



The Register - Security

CrowdStrike Windows patchpocalypse could take weeks to fix, IT admins fear

Our vultures gather to review this very freaky Friday Kettle If you're an IT administrator with Windows boxes on your network, Friday can't have been a lot of fun. What's likely millions of systems were or still are stuck in blue-screen boot loop hell, mostly requiring manual intervention to fix.

Published: 2024-07-19T17:54:07



The Register - Security

CrowdStrike file update bricks Windows machines around the world

Falcon Sensor putting hosts into deathloop - but there's a workaround Updated An update to a product from infosec vendor CrowdStrike is bricking computers running Windows globally.

Published: 2024-07-19T06:46:32



The Register - Security

North Korea likely behind takedown of Indian crypto exchange WazirX

Firm halts trades after seeing $230 million disappear Indian crypto exchange WazirX has revealed it lost virtual assets valued at over $230 million after a cyber attack that has since been linked to North Korea.

Published: 2024-07-19T05:59:07



The Register - Security

Beijing's attack gang Volt Typhoon was a false flag inside job conspiracy: China

Run by the NSA, the FBI, and Five Eyes nations, who fooled infosec researchers, apparently China has wildly claimed the Volt Typhoon gang, which Five Eyes nations accuse of being a Beijing-backed attacker that targets critical infrastructure, was in fact made up by the US intelligence community.

Published: 2024-07-19T05:09:48



The Register - Security

Judge mostly drags SEC's lawsuit against SolarWinds into the recycling bin

Russia-invaded software biz 'grateful for the support we have received' A judge has mostly thrown out a lawsuit brought by America's financial watchdog that accused SolarWinds and its chief infosec officer of misleading investors about its computer security practices and the backdooring of its Orion product.

Published: 2024-07-18T21:06:49



The Register - Security

Kaspersky challenges US government to put up or shut up about Kremlin ties

Stick an independent probe in our software, you won't find any Putin.DLL backdoor Kaspersky has hit back after the US government banned its products by proposing an independent verification that its software is above board and not backdoored by the Kremlin.

Published: 2024-07-18T16:29:05



The Register - Security

Russia's FIN7 is peddling its EDR-nerfing malware to ransomware gangs

Major vendors' products scuppered by novel techniques Prolific Russian cybercrime syndicate FIN7 is using various pseudonyms to sell its custom security solution-disabling malware to different ransomware gangs.

Published: 2024-07-18T13:40:24



The Register - Security

Maximum-severity Cisco vulnerability allows attackers to change admin passwords

You re going to want to patch this one Cisco just dropped a patch for a maximum-severity vulnerability that allows attackers to change the password of any user, including admins.

Published: 2024-07-18T10:37:09



The Register - Security

Firms skip security reviews of major app updates about half the time

Complicated, costly, time-consuming pick three Updated Cybersecurity workers review major updates to software applications only 54 percent of the time, according to a poll of tech managers.

Published: 2024-07-18T07:28:07



The Register - Security

Release the hounds! Securing datacenters may soon need sniffer dogs

Nothing else can detect attackers with implants designed to foil physical security Sniffer dogs may soon become a useful means of improving physical security in datacenters, as increasing numbers of people are adopting implants like NFC chips that have the potential to enable novel attacks on access control tools.

Published: 2024-07-18T00:54:10



The Register - Security

Merged Exabeam and LogRhythm cut jobs, face lawsuit

Unconfirmed reports suggest 30 percent reduction in headcount Exabeam and LogRhythm a pair of cyber security firms finalized their merger on Wednesday, an occasion The Register understands was marked by swift job cuts and shareholder action to investigate the transaction.

Published: 2024-07-17T23:27:13



The Register - Security

Kaspersky gives US customers six months of free updates as a parting gift

So long, farewell, do svidaniya, goodbye Updated Embattled Russian infosec shop Kaspersky is giving US customers six months of security updates for free as a parting gift as Uncle Sam kicks the antivirus maker out of the American market.

Published: 2024-07-17T18:20:07



The Register - Security

Ransomware continues to pile on costs for critical infrastructure victims

Millions more spent without any improvement in recovery times Costs associated with ransomware attacks on critical national infrastructure (CNI) organizations skyrocketed in the past year.

Published: 2024-07-17T15:01:13



The Register - Security

London council accuses watchdog of 'exaggerating' danger of 2020 raid on residents' data

You escaped a big fat fine! Take the win and run, won't you? London's inner city district of Hackney says the UK's data protection watchdog has misunderstood and "exaggerated" details surrounding a ransomware attack on its systems in 2020.

Published: 2024-07-17T11:45:06



The Register - Security

Craig Wright admits he isn't the inventor of Bitcoin after High Court judgment in UK

Aussie definitely not Satoshi Nakamoto, faces 6M legal bill and possible perjury trial Australian Craig Wright has finally admitted he is not the inventor of Bitcoin after losing several cases in the High Court of England and Wales, whose judge has suggested he be investigated for perjury.

Published: 2024-07-17T07:33:05



The Register - Security

Iran's MuddyWater phishes Israeli orgs with custom BugSleep backdoor

India, Turkey, also being targeted by campaign that relies on corporate email compromise MuddyWater, an Iranian government-backed cyber espionage crew, has upgraded its malware with a custom backdoor, which it's used to target Israeli organizations.

Published: 2024-07-17T00:00:51



The Register - Security

Cyber-crime super-crew Scattered Spider falls in love with RansomHub and Qilin

Extortionists left hanging after rivals crawled into the woodwork The Scattered Spider cybercrime group is now using RansomHub and Qilin ransomware variants in its attacks, illustrating a possible power shift among hacking groups.

Published: 2024-07-16T18:05:11



The Register - Security

Don't be complacent on cybersecurity resilience

Read the 2024 Cisco Cybersecurity Readiness Index for tips on how best to prepare Sponsored Post Protecting sensitive data and mission-critical applications, systems and services from the unwanted attention of hackers and cyber criminals is never easy.

Published: 2024-07-16T14:21:13



The Register - Security

Privacy warriors gripe to UK watchdog about Meta harvesting user data to train AI

Move follows Instagram and Facebook giant's decision to reverse direction in EU after protests A UK data rights campaign group has launched a complaint with the data law regulator against Meta's change of privacy policy which allows it to scrape user data to develop AI models.

Published: 2024-07-16T11:25:59



The Register - Security

FBI gains access to Trump rally shooter's phone

Hasn't said how it did it, but has form cracking devices The FBI on Monday revealed it has gained access to a phone it says was used by Thomas Matthew Crooks the man who shot at and wounded former US president Donald Trump on July 13 in an apparent failed assassination attempt.

Published: 2024-07-16T03:16:30



The Register - Security

Kaspersky culls staff, closes doors in US amid Biden's ban

After all we've done for you, America, sniffs antivirus lab Kaspersky has confirmed it will shutter its American operations and cut US-based jobs following President Biden's ban on the Russian business last month.

Published: 2024-07-15T21:32:15



The Register - Security

ZDI shames Microsoft for yet another coordinated vulnerability disclosure snafu

'It seems like they really don't have a full grasp of what's going on with this patch' Exclusive A Microsoft zero-day vulnerability that Trend Micro's Zero Day Initiative team claims it found and reported to Redmond in May was disclosed and patched by the Windows giant in July's Patch Tuesday but without any credit given to ZDI.

Published: 2024-07-15T15:00:11



The Register - Security

Infoseccers claim Squarespace migration linked to DNS hijackings at Web3 firms

Company keeps quiet amid high-profile compromises Security researchers are claiming a spate of DNS hijackings at web3 businesses is linked to Squarespace's acquisition of Google Domains last year.

Published: 2024-07-15T13:45:13



The Register - Security

Google reportedly in talks to buy infosec outfit Wiz for $23 billion

The security industry has never had a clear leader could it be the Chocolate Factory? Ask any techie to name who leads the market for OSes, databases, networks or ERP and the answers are clear: Microsoft, Oracle, Cisco, and SAP.

Published: 2024-07-15T04:39:35



The Register - Security

I spy another mSpy breach: Millions more stalkerware buyers exposed

Also: Velops routers love plaintext; everything is a dark pattern; Internet Explorer rises from the grave, and more Infosec in brief Commercial spyware maker mSpy has been breached again and millions of purchasers can be identified from the spilled records.

Published: 2024-07-15T02:01:14



The Register - Security

UK cyber-boss slams China's bug-hoarding laws

Plus: Japanese scientists ID ancient supernova; AWS dismisses China trouble rumor; and more ASIA IN BRIEF The interim CEO of the UK's National Cyber Security Centre (NCSC) has criticized China's approach to bug reporting.

Published: 2024-07-15T00:03:38



The Register - Security

Three words to send a chill down your spine: Snowflake. Intrusion. Alert

And can AI save us from the scourge of malware? In theory, why not, but in practice ... Color us skeptical Kettle For this week's Kettle episode, in which our journos as usual get together for an end-of-week chat about the news, it's security, security, security.

Published: 2024-07-13T15:04:12



The Register - Security

Car dealer software slinger CDK Global said to have paid $25M ransom after cyberattack

15K dealerships take estimated $600M+ hit CDK Global reportedly paid a $25 million ransom in Bitcoin after its servers were knocked offline by crippling ransomware.

Published: 2024-07-12T23:53:31



The Register - Security

White House urged to double check Microsoft isn't funneling AI to China via G42 deal

Windows maker insisted everything will be locked down and secure which given its reputation, uh-oh! Two House committee chairs have sent a public letter to the White House asking it to look into a deal between AI R&D outfit G42 and Microsoft.

Published: 2024-07-12T20:22:09



The Register - Security

CISA broke into a US federal agency, and no one noticed for a full 5 months

Red team exercise revealed a score of security fails The US Cybersecurity and Infrastructure Security Agency (CISA) says a red team exercise at a certain unnamed federal agency in 2023 revealed a string of security failings that exposed its most critical assets.

Published: 2024-07-12T18:01:08



The Register - Security

Call, text logs for 110M AT&T customers stolen from compromised cloud storage

Snowflake? Snowflake AT&T has admitted that cyberattackers grabbed a load of its data for the second time this year, and if you think the first haul was big, you haven't seen anything: This latest one includes data on "nearly all" AT&T wireless customers - and those served by mobile virtual network operators (MVNOs) running on AT&T's network.

Published: 2024-07-12T14:09:27



The Register - Security

Singapore's banks to ditch texted one-time passwords

Accessibility be damned, preventing phishing is the priority After around two decades of allowing one-time passwords (OTPs) delivered by text message to assist log ins to bank accounts in Singapore, the city-state will abandon the authentication technique.

Published: 2024-07-12T03:30:10



The Register - Security

China's APT41 crew adds a stealthy malware loader and fresh backdoor to its toolbox

Meet DodgeBox, son of StealthVector Chinese government-backed cyber espionage gang APT41 has very likely added a loader dubbed DodgeBox and a backdoor named MoonWalk to its malware toolbox, according to cloud security service provider Zscaler's ThreatLabz research team.

Published: 2024-07-12T01:29:11



The Register - Security

'Gay furry hackers' say they've disbanded after raiding Project 2025's Heritage Foundation

Ultra-conservative org funnily enough not ready to turn the other cheek After claiming to break into a database belonging to The Heritage Foundation, and then leaking 2GB of files belonging to the ultra-conservative think tank, the hacktivist crew SiegedSec says it has disbanded.

Published: 2024-07-12T00:22:14



The Register - Security

OpenSSH bug leaves RHEL 9 and the RHELatives vulnerable

Newly discovered flaw affects OpenSSH 8.7 and 8.8 daemon The founder of Openwall has discovered a new signal handler race condition in the core sshd daemon used in RHEL 9.x and its various offshoots.

Published: 2024-07-11T19:13:08



The Register - Security

Advance Auto Parts: 2.3M people's data accessed when crims broke into our Snowflake account

Letters from CISO Ethan Steiger suggest the data related to job applications Advance Auto Parts' CISO just revealed for the first time the number of individuals affected when criminals broke into its Snowflake instance a hefty 2.3 million.

Published: 2024-07-11T13:15:07



The Register - Security

Privacy expert put away for 9 years after 'grotesque' cyberstalking campaign

Scumbag targeted many victims and those who tried to help them A scumbag who used to work as a privacy consultant has been put behind bars for nine years for a "grotesque" cyberstalking campaign against more than a dozen victims.

Published: 2024-07-11T10:29:07



The Register - Security

You had a year to patch this Veeam flaw and now it's going to hurt some more

LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware Yet another new ransomware gang, this one dubbed EstateRansomware, is now exploiting a Veeam vulnerability that was patched more than a year ago to deploy file-encrypting malware, a LockBit variant, and extort payments from victims.

Published: 2024-07-11T07:28:13



The Register - Security

Japanese space agency spotted zero-day attacks while cleaning up raid on M365

Multiple malware assault saw personal data accessed, rocket science remained safe The Japanese Space Exploration Agency (JAXA) discovered it was under attack using zero-day exploits while working with Microsoft to probe a 2023 cyberattack on its systems.

Published: 2024-07-11T05:31:58



The Register - Security

Snowflake lets admins make MFA mandatory across all user accounts

Company announces intent following Ticketmaster, Santander break-ins A month after incident response giant Mandiant suggested the litany of data thefts linked to Snowflake account intrusions had the common component of lacking multi-factor authentication (MFA) controls, the cloud storage and data analytics company is offering a mandatory MFA option to admins.

Published: 2024-07-10T16:45:14



Security Latest

The Pentagon Wants to Spend $141 Billion on a Doomsday Machine

The DOD wants to refurbish ICBM silos that give it the ability to end civilization. But these missiles are useless as weapons, and their other main purpose attracting an enemy’s nuclear strikes serves no end.

Published: 2024-07-22T10:30:00



Security Latest

The Feds Say These Are the Russian Hackers Who Attacked US Water Utilities

Plus: The FBI unlocks the Trump shooter’s phone, a security researcher gets legal threats for exposing hackable traffic lights, and more.

Published: 2024-07-20T10:30:00



Security Latest

Don’t Fall for CrowdStrike Outage Scams

Swindlers are spinning up bogus websites in an attempt to dupe people with “CrowdStrike support” scams following the security firm's catastrophic software update.

Published: 2024-07-19T22:19:42



Security Latest

How One Bad CrowdStrike Update Crashed the World’s Computers

A defective CrowdStrike update sent computers around the globe into a reboot death spiral, taking down air travel, hospitals, banks, and more with it. Here’s how that’s possible.

Published: 2024-07-19T14:46:19



Security Latest

Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World

A software update from cybersecurity company CrowdStrike appears to have inadvertently disrupted IT systems globally.

Published: 2024-07-19T08:40:01



Security Latest

J.D. Vance Left His Venmo Public. Here’s What It Shows

The Republican VP nominee's Venmo network reveals connections ranging from the architects of Project 2025 to enemies of Donald Trump and the populist's close ties to the very elites he rails against.

Published: 2024-07-18T17:02:36



Security Latest

Alleged ‘Maniac Murder Cult’ Leader Indicted Over Plot to Kill Jews

US prosecutors have charged Michail Chkhikvishvili, also known as “Commander Butcher,” with a litany of crimes, including alleged attempts to poison Jewish children in NYC.

Published: 2024-07-17T22:02:50



Security Latest

The US Supreme Court Kneecapped US Cyber Strategy

After the Supreme Court limited the power of federal agencies to craft regulations, it’s likely up to Congress to keep US cybersecurity policy intact.

Published: 2024-07-17T10:00:00



Security Latest

Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages

A hacker group called “NullBulge” says it stole more than a terabyte of Disney’s internal Slack messages and files from nearly 10,000 channels in an apparent protest over AI-generated art.

Published: 2024-07-15T21:10:24



Security Latest

US Senators Secretly Work to Block Safeguards Against Surveillance Abuse

Senator Mark Warner is trying to pass new limits on when the government can wiretap Americans. At least two senators are quietly trying to stop him.

Published: 2024-07-15T17:48:33



Security Latest

AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records

A security researcher who assisted with the deal says he believes the only copy of the complete dataset of call and text records of “nearly all” AT&T customers has been wiped but some risks may remain.

Published: 2024-07-14T17:57:27



Security Latest

Spyware Users Exposed in Major Data Breach

Plus: The Heritage Foundation gets hacked over Project 2025, a car dealership software provider seems to have paid $25 million to a ransomware gang, and authorities disrupt a Russian bot farm.

Published: 2024-07-13T10:30:00



Security Latest

The Sweeping Danger of the AT&T Phone Records Breach

Telecom giant AT&T says a major data breach has exposed the call and text records of “nearly all” of its customers, epitomizing the dire state of data security.

Published: 2024-07-12T17:44:16



Security Latest

Pressure Grows in Congress to Treat Crypto Investigator Tigran Gambaryan, Jailed in Nigeria, as a Hostage

A new resolution echoes what 16 members of Congress have already said to the White House: It must do more to free one of the most storied crypto-focused federal agents in history.

Published: 2024-07-11T19:58:01



Security Latest

Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison

The cybercrime boss, who helped lead the prolific Zeus malware gang and was on the FBI’s “most wanted” list for years, has been sentenced to 18 years and ordered to pay more than $73 million.

Published: 2024-07-11T16:37:09



Security Latest

Google Is Adding Passkey Support for Its Most Vulnerable Users

Google is bringing the password-killing “passkey” tech to its Advanced Protection Program users more than a year after rolling them out broadly.

Published: 2024-07-10T10:00:00



Security Latest

The $11 Billion Marketplace Enabling the Crypto Scam Economy

Deepfake scam services. Victim data. Electrified shackles for human trafficking. Crypto tracing firm Elliptic found all were available for sale on an online marketplace linked to Cambodia’s ruling family.

Published: 2024-07-10T07:00:00



Security Latest

AI-Powered Super Soldiers Are More Than Just a Pipe Dream

The US military has abandoned its half-century dream of a suit of powered armor in favor of a “hyper enabled operator,” a tactical AI assistant for special operations forces.

Published: 2024-07-08T10:00:00



The Hacker News

Experts Uncover Chinese Cybercrime Network Behind Gambling and Human Trafficking

The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced "technology suite" that runs the whole cybercrime supply chain spectrum to spearhead its operations. Infoblox is tracking the proprietor

Published: 2024-07-22T18:35:00



The Hacker News

PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing

A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. "Serverless architectures are attractive to developers and enterprises for their flexibility, cost effectiveness, and ease of use," Google

Published: 2024-07-22T17:56:00



The Hacker News

How to Set up an Automated SMS Analysis Service with AI in Tines

The opportunities to use AI in workflow automation are many and varied, but one of the simplest ways to use AI to save time and enhance your organization’s security posture is by building an automated SMS analysis service. Workflow automation platform Tines provides a good example of how to do it. The vendor recently released their first native AI features, and security teams have already

Published: 2024-07-22T16:55:00



The Hacker News

MSPs & MSSPs: How to Increase Engagement with Your Cybersecurity Clients Through vCISO Reporting

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, “Your First 100 Days as a vCISO 5 Steps to Success”, which covers all the phases entailed in launching a successful vCISO engagement, along with recommended

Published: 2024-07-22T16:11:00



The Hacker News

SocGholish Malware Exploits BOINC Project for Covert Cyberattacks

The JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan called AsyncRAT as well as a legitimate open-source project called BOINC. BOINC, short for Berkeley Open Infrastructure Network Computing Client, is an open-source "volunteer computing" platform maintained by the University of California with an aim to carry out "large-scale

Published: 2024-07-22T12:15:00



The Hacker News

New Linux Variant of Play Ransomware Targeting VMware ESXi Systems

Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) that's designed to target VMware ESXi environments. "This development suggests that the group could be broadening its attacks across the Linux platform, leading to an expanded victim pool and more successful ransom negotiations," Trend Micro researchers said in a

Published: 2024-07-22T09:26:00



The Hacker News

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of providing a hotfix. The attack chains involve distributing a ZIP archive file named "crowdstrike-hotfix.zip,"

Published: 2024-07-20T21:31:00



The Hacker News

17-Year-Old Linked to Scattered Spider Cybercrime Syndicate Arrested in U.K.

Law enforcement officials in the U.K. have arrested a 17-year-old boy from Walsall who is suspected to be a member of the notorious Scattered Spider cybercrime syndicate. The arrest was made "in connection with a global cyber online crime group which has been targeting large organizations with ransomware and gaining access to computer networks," West Midlands police said. "The arrest is part of

Published: 2024-07-20T09:58:00



The Hacker News

Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide

Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty update pushed out by cybersecurity company CrowdStrike. "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts," the company's CEO George Kurtz said in a statement. "Mac and Linux hosts are not impacted. This is

Published: 2024-07-19T18:08:00



The Hacker News

Two Russian Nationals Plead Guilty in LockBit Ransomware Attacks

Two Russian nationals have pleaded guilty in a U.S. court for their participation as affiliates in the LockBit ransomware scheme and helping facilitate ransomware attacks across the world. The defendants include Ruslan Magomedovich Astamirov, 21, of Chechen Republic, and Mikhail Vasiliev, 34, a dual Canadian and Russian national of Bradford, Ontario. Astamirov was arrested in Arizona by U.S. law

Published: 2024-07-19T18:00:00



The Hacker News

Safeguard Personal and Corporate Identities with Identity Intelligence

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  In the current cyber threat landscape, the protection of personal and corporate identities has become vital.

Published: 2024-07-19T16:30:00



The Hacker News

Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware

A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed to harvest sensitive information. These attacks, attributed to an activity cluster codenamed OilAlpha, entail a new set of malicious mobile apps that come with their own supporting infrastructure, Recorded Future's Insikt Group said. Targets of the ongoing campaign

Published: 2024-07-19T14:59:00



The Hacker News

APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K.

Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. have become the target of a "sustained campaign" by the prolific China-based APT41 hacking group. "APT41 successfully infiltrated and maintained prolonged, unauthorized access to numerous victims' networks since

Published: 2024-07-19T12:54:00



The Hacker News

Summary of "AI Leaders Spill Their Secrets" Webinar

Event Overview The "AI Leaders Spill Their Secrets" webinar, hosted by Sigma Computing, featured prominent AI experts sharing their experiences and strategies for success in the AI industry. The panel included Michael Ward from Sardine, Damon Bryan from Hyperfinity, and Stephen Hillian from Astronomer, moderated by Zalak Trivedi, Sigma Computing's Product Manager. Key Speakers and Their

Published: 2024-07-19T12:50:00



The Hacker News

SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software

SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to access sensitive information or execute arbitrary code. Of the 13 vulnerabilities, eight are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0. The remaining five weaknesses have been rated High in severity, with four of them having a CVSS

Published: 2024-07-19T12:43:00



The Hacker News

WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach

Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets. "A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million," the company said in a statement. "This wallet was operated utilizing the services of Liminal's digital asset custody and

Published: 2024-07-19T09:37:00



The Hacker News

Alert: HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver

Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage, gets its name from the eponymous installer ("HotPage.exe"), according to new findings from ESET, which

Published: 2024-07-18T18:56:00



The Hacker News

AppSec Webinar: How to Turn Developers into Security Champions

Let's face it: AppSec and developers often feel like they're on opposing teams. You're battling endless vulnerabilities while they just want to ship code. Sound familiar? It's a common challenge, but there is a solution. Ever wish they proactively cared about security? The answer lies in a proven, but often overlooked, strategy: Security Champion Programs a way to turn developers from

Published: 2024-07-18T17:15:00



The Hacker News

Automated Threats Pose Increasing Risk to the Travel Industry

As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That’s according to research from Imperva, a Thales company. In their 2024 Bad Bot Report, Imperva finds that bad bots accounted for 44.5% of the industry’s web traffic in 2023 a significant jump from 37.4% in 2022. 

Published: 2024-07-18T16:30:00



The Hacker News

SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks

Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. "The vulnerabilities we found could have allowed attackers

Published: 2024-07-18T15:03:00



The Hacker News

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks

Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America,

Published: 2024-07-18T14:40:00



The Hacker News

Meta Halts AI Use in Brazil Following Data Protection Authority's Ban

Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said it has decided to suspend the tools while it is in talks with Brazil's National Data Protection Authority (ANPD) to address the

Published: 2024-07-18T11:44:00



The Hacker News

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0. "This vulnerability is due to improper

Published: 2024-07-18T11:31:00



The Hacker News

North Korean Hackers Update BeaverTail Malware to Target MacOS Users

Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People's Republic of Korea (DPRK) have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk image (DMG) file named "MiroTalk.dmg" that mimics the legitimate video call service of the same name,

Published: 2024-07-17T21:57:00



The Hacker News

Navigating Insider Risks: Are your Employees Enabling External Threats?

Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed. For example, in 2022, the FBI issued a warning1 that SIM swap attacks are growing: gain control of the phone and earn a gateway to email, bank accounts, stocks,

Published: 2024-07-17T16:39:00



The Hacker News

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums

The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a security dodging tool known to be used by ransomware groups like AvosLocker, Black Basta, BlackCat, LockBit, and Trigona. "AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been

Published: 2024-07-17T16:03:00



The Hacker News

China-linked APT17 Targets Italian Companies with 9002 RAT Malware

A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. "The first campaign on June 24, 2024 used an Office document, while the second

Published: 2024-07-17T14:17:00



The Hacker News

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its sophisticated social engineering schemes to breach targets and establish persistence for follow-on exploitation and data theft. It also has a history of

Published: 2024-07-17T11:20:00



The Hacker News

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are

Published: 2024-07-17T10:55:00



The Hacker News

'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins

Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. The campaign has been codenamed Konfety the Russian word for Candy owing to its abuse of a mobile advertising software development kit (SDK) associated with a Russia-based ad network called CaramelAds. "Konfety represents a new form of

Published: 2024-07-16T18:30:00



The Hacker News

Threat Prevention & Detection in SaaS Environments - 101

Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them.  According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat. Throw in attacks that use stolen credentials, over-provisioned accounts, and

Published: 2024-07-16T16:30:00



The Hacker News

Malicious npm Packages Found Using Image Files to Hide Backdoor Code

Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team. "They

Published: 2024-07-16T15:39:00



The Hacker News

Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks

The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management (RMM) software for maintaining persistent access. That's according to independent findings from cybersecurity firms Check Point and Sekoia, which have

Published: 2024-07-16T14:43:00



The Hacker News

Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer

An advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in mid-May 2024, said the vulnerability tracked as CVE-2024-38112 was used as part of a multi-stage

Published: 2024-07-16T14:30:00



The Hacker News

Kaspersky Exits U.S. Market Following Commerce Department Ban

Russian security vendor Kaspersky has said it's exiting the U.S. market nearly a month after the Commerce Department announced a ban on the sale of its software in the country citing a national security risk. News of the closure was first reported by journalist Kim Zetter. The company is expected to wind down its U.S. operations on July 20, 2024, the same day the ban comes into effect. It's also

Published: 2024-07-16T09:46:00



The Hacker News

CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data. It is the reference implementation of the Open

Published: 2024-07-16T09:31:00



The Hacker News

GitHub Token Leak Exposes Python's Core Repositories to Potential Attacks

Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF). JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub. "This case was

Published: 2024-07-15T21:48:00



The Hacker News

10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn’t it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that’s basically the state of things today. Welcome to the infostealer garden of low-hanging fruit. Over the last few years, the problem has grown bigger and bigger, and only now are we

Published: 2024-07-15T16:22:00



The Hacker News

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool

A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a tenfold surge, adding it includes "mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple [open-source

Published: 2024-07-15T15:54:00



The Hacker News

Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months

Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) on July 9, 2024. "Customers who have activated their digital

Published: 2024-07-15T12:49:00



The Hacker News

New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection

Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new obfuscation techniques to deter analysis efforts. "Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection," Cybereason researchers Kotaro Ogino and Koshi Oyama said in an analysis. "The passphrase needs to be provided during

Published: 2024-07-15T10:40:00



The Hacker News

AT&T Confirms Data Breach Affecting Nearly All Wireless Customers

American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators (MVNOs) using AT&T's wireless network. "Threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated

Published: 2024-07-13T11:21:00



The Hacker News

DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign

Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing Samba file shares hosting Visual Basic Script (VBS) and JavaScript files. Targets included North

Published: 2024-07-12T20:21:00



The Hacker News

Australian Defence Force Private and Husband Charged with Espionage for Russia

Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a "complex" law enforcement operation codenamed BURGAZADA. This includes a 40-year-old woman, an Australian Defence Force (ADF) Army Private, and her husband, a 62-year-old self-employed laborer. Media reports have identified them as Kira Korolev and Igor Korolev,

Published: 2024-07-12T17:54:00



The Hacker News

Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar

In today's digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility and vulnerability. Most people don't realize their credentials have been compromised until the damage is done. Imagine waking up to drained bank accounts, stolen identities, or a company's

Published: 2024-07-12T16:25:00



The Hacker News

Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments

A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes. The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. "Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass

Published: 2024-07-12T16:21:00



The Hacker News

U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation

The U.S. Department of Justice (DoJ) said it seized two internet domains and searched nearly 1,000 social media accounts that Russian threat actors allegedly used to covertly spread pro-Kremlin disinformation in the country and abroad on a large scale. "The social media bot farm used elements of AI to create fictitious social media profiles often purporting to belong to individuals in the

Published: 2024-07-12T14:00:00



The Hacker News

Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover. "Missing authentication

Published: 2024-07-11T20:49:00



The Hacker News

60 New Malicious Packages Uncovered in NuGet Supply Chain Attack

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply

Published: 2024-07-11T20:36:00



The Hacker News

Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk

The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk. The new variant of StealthVector which is also referred to as DUSTPAN has been designated DodgeBox by Zscaler ThreatLabz, which discovered the loader strain in

Published: 2024-07-11T18:01:00



Security Affairs

EvilVideo, a Telegram Android zero-day allowed sending malicious APKs disguised as videos

EvilVideo is a zero-day in the Telegram App for Android that allowed attackers to send malicious APK payloads disguised as videos. ESET researchers discovered a zero-day exploit named EvilVideo that targets the Telegram app for Android. The exploit was for sale on an underground forum from June 6, 2024, it allows attackers to share malicious […]

Published: 2024-07-22T21:53:20



Security Affairs

SocGholish malware used to spread AsyncRAT malware

The JavaScript downloader SocGholish (aka FakeUpdates) is being used to deliver the AsyncRAT and the legitimate open-source project BOINC. Huntress researchers observed the JavaScript downloader malware SocGholish (aka FakeUpdates) that is being used to deliver remote access trojan AsyncRAT and the legitimate open-source project BOINC (Berkeley Open Infrastructure Network Computing Client). The BOINC project is […]

Published: 2024-07-22T11:20:02



Security Affairs

UK police arrested a 17-year-old linked to the Scattered Spider gang

Law enforcement arrested a 17-year-old boy from Walsall, U.K., for suspected involvement in the Scattered Spider cybercrime syndicate. Law enforcement in the U.K. arrested a 17-year-old teenager from Walsall who is suspected to be a member of the Scattered Spider cybercrime group (also known as UNC3944, 0ktapus). The arrest is the result of a joint international law enforcement […]

Published: 2024-07-22T07:08:42



Security Affairs

Security Affairs Malware Newsletter Round 3

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Hardening of HardBit    10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit This Meeting Should Have Been an Email   Ransomware Detection Model Based on Adaptive Graph Neural Network Learning SEXi ransomware rebrands to APT INC, continues […]

Published: 2024-07-21T13:31:24



Security Affairs

Security Affairs newsletter Round 481 by Pierluigi Paganini INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Threat actors attempted to capitalize CrowdStrike incident Russian nationals plead guilty to participating in the LockBit ransomware group […]

Published: 2024-07-21T11:59:15



Security Affairs

U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of the flaws added to the KEV catalog: […]

Published: 2024-07-21T08:28:59



Security Affairs

Threat actors attempted to capitalize CrowdStrike incident

CrowdStrike warns that threat actors are exploiting the recent IT outage caused by their faulty update to distribute Remcos RAT malware. CrowdStrike spotted threat actors attempting to benefit from the recent IT outage caused by the faulty update of the cybersecurity firm to distribute Remcos RAT malware. The threat actors attempted to distribute the Remcos […]

Published: 2024-07-20T17:17:53



Security Affairs

Russian nationals plead guilty to participating in the LockBit ransomware group

Two Russian nationals pleaded guilty to participating in the LockBit ransomware group and carrying out attacks against victims worldwide. Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in Newark federal court for their roles in the LockBit ransomware operation. The LockBit ransomware operation has been active since January 2020, the group hit […]

Published: 2024-07-20T04:43:44



Security Affairs

MediSecure data breach impacted 12.9 million individuals

Personal and health information of 12.9 million individuals was exposed in a ransomware attack on Australian digital prescription services provider MediSecure. MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services in Australia. In May, the company was forced to shut down its website and phone lines following […]

Published: 2024-07-19T20:40:03



Security Affairs

CrowdStrike update epic fail crashed Windows systems worldwide

Windows machines worldwide displayed BSoD screen following a faulty update pushed out by cybersecurity firm CrowdStrike. A faulty update released by CrowdStrike Falcon is causing Windows systems to display a BSoD screen. The incident is causing widespread global disruptions, impacting critical infrastructure such as airports, hospitals, and TV stations. The company confirmed that the incident […]

Published: 2024-07-19T15:10:52



News Packet Storm

Delta Cancels Another 600 Flights On Monday In Wake Of Cyber Outage

CrowdStrike's Falcon Sensor Also Linked To Linux Kernel Panics

Two Russian Sanctioned Over Cyberattacks On US Critical Infrastructure

Suspected Scattered Spider Suspect Arrested In UK

Judge Mostly Tosses SEC Lawsuit Against SolarWinds

North Korea May Have Hacked Crypto Exchange WazirX

SAP AI Core Flaws Show Risks Of Training AI In Shared Environments

Seems Like CrowdStrike Caused A Global BSOD?

MarineMax Notifying 123,000 Of Data Breach

Recent Adobe Commerce Vulnerability Exploited In Wild

Pentagon Leaker Jack Teixeira To Face Military Court-Martial

Malware Scammers Gearing Up For 2024 Summer Olympics

Vulnerability In Cisco Smart Software Manager Lets Attacker Change Any User Password

FIN7 Is Peddling EDR-Nerfing Malware To Ransomware Operators

Iran Phishes Israeli Orgs With Custom BugSleep Backdoor

Ransomware Continues To Pile On Costs For Critical Infrastructure Victims

Atlassian Patches High Severity Vulns In Bamboo, Confluence, Jira

Rite Aid Says Hack Impacts 2.2 Million People

APT Exploits Windows Zero-Day To Execute Code Via Disabled Internet Explorer

Organizations Warned Of Exploited GeoServer Vulnerability

Case Of Man Who Falsely Claimed To Be Bitcoin Inventor Referred To CPS

New Phishing Tactic Hijacks Email Protections To Mask Links

Trojan Source Flaw Could Result In Covert App Poisoning

Kaspersky Culls Staff, Closes Doors In US Amid Biden's Ban

Infoseccers Claim Squarespace Migration Linked To DNS Hijackings At Web3 Firms

SecurityWeek

Linx Security Raises $33M to Tackle Digital Identity ThreatsIndustry Moves for the week of July 22, 2024 - SecurityWeek

Safety Equipment Giant Cadre Holdings Hit by Cyberattack

Two Members of LockBit Ransomware Group Plead Guilty in US Court

US Sanctions Russian Hacktivists for Targeting Critical Infrastructure

Application Security Startup Heeler Raises $8.5 Million in Seed Funding

Suspected Scattered Spider Member Arrested in UK

California Officials Say Largest Trial Court in US Victim of Ransomware Attack

CrowdStrike Incident Leveraged for Malware Delivery, Phishing, Scams

Microsoft Says 8.5 Million Windows Devices Impacted by CrowdStrike Incident, Publishes Recovery Tool

CrowdStrike Provides Remediation Guidance After Software Update Causes Worldwide IT Chaos

CISA News

CISA Announces Key Leadership Appointments in Cybersecurity and Stakeholder Engagement

CISA Releases Playbook for Infrastructure Resilience Planning

CISA Releases Guide to Operational Security for Election Officials

CISA Releases the Marine Transportation System Resilience Assessment Guide

CISA and Fauquier County Hold K-12 Active Shooter Exercise

CISA Releases Guide to Enhance Election Security Through Public Communications

CISA, JCDC, Government and Industry Partners Conduct AI Tabletop Exercise

Readout from CISA’s 2024 Second Quarter Cybersecurity Advisory Committee Meeting

CISA Hosts First Annual Information and Communications Technology Supply Chain Risk Management Task Force Conference

CISA and ONCD Award the Winners of the Fifth Annual President’s Cup Cybersecurity Competition

CISA Blog

NCSWIC Planning Training, and Exercise Committee releases the Human Factors Resource Guide

Continued Progress Towards a Secure Open Source Ecosystem

Looking Ahead to Better Prepare Today

Why SMBs Don’t Deploy Single Sign On (SSO)

CISA, SAFECOM and NCSWIC Publish SAFECOM Guidance on Emergency Communications Grants

CISA Releases the FY 2024 Rural Emergency Medical Communications Demonstration Project (REMCDP) Notice of Funding Opportunity

National Internet Safety Month: This June, Take 4 Easy Steps to Stay Safe Online

NCSWIC releases the NCSWIC Video Series

A Plan to Protect Critical Infrastructure from 21st Century Threats

Prepared Together Cyber Storm IX Recap

All CISA Advisories

Widespread IT Outage Due to CrowdStrike Update

Ivanti Releases Security Updates for Endpoint Manager

Subnet Solutions PowerSYSTEM Center

Cisco Releases Security Updates for Multiple Products

Philips Vue PACS

Oracle Releases Critical Patch Update Advisory for July 2024

Mitsubishi Electric MELSOFT MaiLab

CISA Releases Three Industrial Control Systems Advisories

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA Releases One Industrial Control Systems Advisory

Exploit-DB.com RSS Feed

[local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation

[webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection

[webapps] Azon Dominator Affiliate Marketing Script - SQL Injection

[webapps] Microweber 2.0.15 - Stored XSS

[webapps] Customer Support System 1.0 - Stored XSS

[webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

[webapps] SolarWinds Platform 2024.1 SR1 - Race Condition

[webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)

[webapps] Boelter Blue System Management 1.3 - SQL Injection

[webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)

[webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)

[webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)

[webapps] XMB 1.9.12.06 - Stored XSS

[webapps] Carbon Forum 5.9.0 - Stored XSS

[webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)

[webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)

[webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

[webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE)

[webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE)

[webapps] Dotclear 2.29 - Remote Code Execution (RCE)

[webapps] Serendipity 2.5.0 - Remote Code Execution (RCE)

[webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS)

[webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated)

[webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI)

[webapps] Check Point Security Gateway - Information Disclosure (Unauthenticated)

[webapps] Aquatronica Control System 5.1.6 - Information Disclosure

[webapps] changedetection < 0.45.20 - Remote Code Execution (RCE)

[webapps] ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)

[webapps] iMLog < 1.307 - Persistent Cross Site Scripting (XSS)

[webapps] BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection

[webapps] htmlLawed 1.2.5 - Remote Code Execution (RCE)

[webapps] PopojiCMS 2.0.1 - Remote Command Execution (RCE)

[webapps] Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)

[webapps] Apache OFBiz 18.12.12 - Directory Traversal

[webapps] Wordpress Theme XStore 9.3.8 - SQLi

[webapps] Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

[webapps] Prison Management System - SQL Injection Authentication Bypass

[webapps] PyroCMS v3.0.1 - Stored XSS

[webapps] CE Phoenix Version 1.0.8.20 - Stored XSS

[webapps] Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)

[webapps] Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)

[remote] CrushFTP < 11.1.0 - Directory Traversal

[local] Plantronics Hub 3.25.1 - Arbitrary File Read

[webapps] Apache mod_proxy_cluster - Stored XSS

[webapps] iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)

[webapps] Clinic Queuing System 1.0 - RCE

[webapps] Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure

[webapps] Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass

Full Disclosure

[KIS-2024-06] XenForo <= 2.2.15 (Template System) Remote Code Execution Vulnerability

[KIS-2024-05] XenForo <= 2.2.15 (Widget::actionSave) Cross-Site Request Forgery Vulnerability

CVE-2024-33326

CVE-2024-33327

CVE-2024-33328

CVE-2024-33329

CyberDanube Security Research 20240703-0 | Authenticated Command Injection in Helmholz Industrial Router REX100

SEC Consult SA-20240627-0 :: Local Privilege Escalation via MSI installer in SoftMaker Office / FreeOffice

SEC Consult SA-20240626-0 :: Multiple Vulnerabilities in Siemens Power Automation Products

Novel DoS Vulnerability Affecting WebRTC Media Servers

APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8

40 vulnerabilities in Toshiba Multi-Function Printers

17 vulnerabilities in Sharp Multi-Function Printers

SEC Consult SA-20240624-0 :: Multiple Vulnerabilities allowing complete bypass in Faronics WINSelect (Standard + Enterprise)

SEC Consult SA-20240620-0 :: Arbitrary File Upload in edu-sharing (metaVentis GmbH)

Open Source Security

GNU C Library version 2.40 released with 5 CVE fixes

CVE-2024-29070: Apache StreamPark: session not invalidated after logout

CVE-2024-38503: Apache Syncope: HTML tags can be injected into Console or Enduser text fields

CVE-2024-34457: Apache StreamPark IDOR Vulnerability

CVE-2024-23321: Apache RocketMQ: Unauthorized Exposure of Sensitive Data

Re: Fwd: Node.js security updates for all active release lines, July 2024

CVE-2024-41107: Apache CloudStack: SAML Signature Exclusion

[ANNOUNCE] Apache CloudStack CVE-2024-41107: SAML Signature Exclusion

CVE-2024-41172: Unrestricted memory consumption in CXF HTTP clients

CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE

CVE-2024-29736: Apache CXF: SSRF vulnerability via WADL stylesheet parameter

CVE-2024-29178: Apache StreamPark: FreeMarker SSTI RCE Vulnerability

CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows

CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType

Python Infrastructure Admin Token Leaked Through Docker Hub






© Segmentation Fault . All rights reserved.

Privacy | Terms of Use | Contact Us