Cybersecurity
- Ransomware gang targets Windows admins via PuTTy, WinSCP malvertisingwww.bleepingcomputer.com Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising
A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP.
> A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP.
- Banking malware Grandoreiro returns after police disruptionwww.bleepingcomputer.com Banking malware Grandoreiro returns after police disruption
The banking trojan "Grandoreiro" is spreading in a large-scale phishing campaign in over 60 countries, targeting customer accounts of roughly 1,500 banks.
> The banking trojan "Grandoreiro" is spreading in a large-scale phishing campaign in over 60 countries, targeting customer accounts of roughly 1,500 banks.
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)www.helpnetsecurity.com Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) - Help Net Security
New versions of Git are out, with fixes for CVE-2024-32002, which can be used to remotely execute code during a "clone" operation.
- Microsoft to start enforcing Azure multi-factor authentication in Julywww.bleepingcomputer.com Microsoft to start enforcing Azure multi-factor authentication in July
Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources.
> Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources.
- Norway recommends replacing SSL VPN to prevent breacheswww.bleepingcomputer.com Norway recommends replacing SSL VPN to prevent breaches
The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.
> The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.
- Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secretswww.aquasec.com Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets
Our research reveals that personal repositories often expose sensitive corporate data, leading to severe security breaches
- Llama Drama: Critical Flaw in AI Python Package Can Lead to System and Data Compromise (CVE-2024-34359)www.securityweek.com Critical Flaw in AI Python Package Can Lead to System and Data Compromise
A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.
- Russian hackers use new Lunar malware to breach a European govt's agencieswww.bleepingcomputer.com Russian hackers use new Lunar malware to breach a European govt's agencies
Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad.
- US AI experts targeted in cyberespionage campaign using SugarGh0st RATwww.csoonline.com US AI experts targeted in cyberespionage campaign using SugarGh0st RAT
Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence.
> Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence.
- Kimsuky hackers deploy new Linux backdoor in attacks on South Koreawww.bleepingcomputer.com Kimsuky hackers deploy new Linux backdoor in attacks on South Korea
The North Korean hacker group Kimsuki has been using a new Linux malware called Gomir that is a version of the GoBear backdoor delivered via trojanized software installers.
- Threat actors misusing Quick Assist in social engineering attacks leading to ransomwarewww.microsoft.com Threat actors misusing Quick Assist in social engineering attacks leading to ransomware | Microsoft Security Blog
Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment.
- Google patches third exploited Chrome zero-day in a weekwww.bleepingcomputer.com Google patches third exploited Chrome zero-day in a week
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
> Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
- BreachForums, an online bazaar for stolen data, seized by FBIarstechnica.com BreachForums, an online bazaar for stolen data, seized by FBI
An earlier iteration of the site was taken down last year; now its reincarnation is gone.
cross-posted from: https://lemmy.zip/post/15519717 >> An earlier iteration of the site was taken down last year; now its reincarnation is gone.
- Microsoft fixes three zero-day vulnerabilities, two actively exploitedwww.csoonline.com Microsoft fixes three zero-day vulnerabilities, two actively exploited
The company’s Patch Tuesday includes fixes for flaws in Windows Desktop Window Manager, Windows MSHTML, and Visual Studio, among others, that IT security orgs should prioritize.
> The company’s Patch Tuesday includes fixes for flaws in Windows Desktop Window Manager, Windows MSHTML, and Visual Studio, among others, that IT security orgs should prioritize.
- Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reacharstechnica.com Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.
- Prison for cybersecurity expert selling private videos from inside 400,000 homeswww.bitdefender.com Prison for cybersecurity expert selling private videos from inside 400,000 homes
A Korean cybersecurity expert has been sentenced to prison for illegally accessing and distributing private videos from vulnerable "wallpad" cameras in 400,000 private households.
> A Korean cybersecurity expert has been sentenced to prison for illegally > accessing and distributing private videos from vulnerable "wallpad" cameras in > 400,000 private households.
- Russian Actors Weaponize Legitimate Services in Multi-Malware Attackwww.infosecurity-magazine.com Russian Actors Weaponize Legitimate Services in Multi-Malware Attack
Recorded Future details a novel campaign that abuses legitimate internet services to deploy multiple malware variants for credential theft
- Dangerous Google Chrome Zero-Day Allows Sandbox Escapewww.darkreading.com Dangerous Google Chrome Zero-Day Allows Sandbox Escape
Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.
- Log4Shell shows no sign of fading, spotted in 30% of CVE exploitswww.helpnetsecurity.com Log4Shell shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security
Organizations continue to run insecure protocols across their WAN, making it easier for cybercriminals to move across networks.
- Zero-day alert! Apple security updates are out, including 0-day fixes for iOS 16 and macOS 13pducklin.com Zero-day alert! Apple security updates are out, including 0-day fixes for iOS 16 and macOS 13
Plenty of patches for everyone, even if your product doesn’t include the zero-day fix.
- Dell API abused to steal 49 million customer records in data breach | Cybersafe News Dell API abused to steal 49 million customer records in data breachcybersafe.news Dell API abused to steal 49 million customer records in data breach | Cybersafe News Dell API abused to steal 49 million customer records in data breach
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using a partner portal API they accessed as a fake company. Dell had started to send notifications warning customers that their personal data was stolen in a data breach. This data br...
- Backlogs at National Vulnerability Database prompt action from NIST and CISAwww.csoonline.com Backlogs at National Vulnerability Database prompt action from NIST and CISA
A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases.
> A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases.
- Microsoft fixes Windows zero-day exploited in QakBot malware attackswww.bleepingcomputer.com Microsoft fixes Windows zero-day exploited in QakBot malware attacks
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
> Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
- VMware Patches Severe Security Flaws in Workstation and Fusion Productsthehackernews.com VMware Patches Severe Security Flaws in Workstation and Fusion Products
Researchers have uncovered a critical vulnerability in VMware's Bluetooth device, allowing code execution by malicious actors.
> Researchers have uncovered a critical vulnerability in VMware's Bluetooth device, allowing code execution by malicious actors.
- Southeast Asian scam syndicates stealing $64 billion annually, researchers findtherecord.media Southeast Asian scam syndicates stealing $64 billion annually, researchers find
In Cambodia, Laos and Myanmar, the groups are estimated to reap about $43.8 billion each year through scams — some 40 percent of the three nations’ combined formal GDP.
- Malicious Go Binary Delivered via Steganography in PyPIblog.phylum.io Malicious Go Binary Delivered via Steganography in PyPI
On May 10, 2024, Phylum’s automated risk detection platform alerted us to a suspicious publication on PyPI. The package was called requests-darwin-lite and appeared to be a fork of the ever-popular requests package with a few key differences, most notably the inclusion of a malicious Go binary packe...
- Hackers use DNS tunneling for network scanning, tracking victimswww.bleepingcomputer.com Hackers use DNS tunneling for network scanning, tracking victims
Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities.
> Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities.
- Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flawswww.bleepingcomputer.com Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.
- CISA Adds Google Chromium Vulnerability (CVE-2024-4671) to Known Exploited Vulnerabilities Catalogwww.cisa.gov Known Exploited Vulnerabilities Catalog | CISA
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal...
- VMware fixes three zero-day bugs exploited at Pwn2Own 2024www.bleepingcomputer.com VMware fixes three zero-day bugs exploited at Pwn2Own 2024
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest.
- FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RATthehackernews.com FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT
The notorious FIN7 hacking group is at it again! This time, they're using malicious Google ads to trick users into downloading malware disguised as le
- PyPi package backdoors Macs using the Sliver pen-testing suitewww.bleepingcomputer.com PyPi package backdoors Macs using the Sliver pen-testing suite
A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks.
> A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks.
- Apple backports fix for RTKit iOS zero-day to older iPhoneswww.bleepingcomputer.com Apple backports fix for RTKit iOS zero-day to older iPhones
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks.
> Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks.
- Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Modelsthehackernews.com Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models
Researchers have uncovered a new attack called "LLMjacking" that targets large language models (LLMs) hosted on cloud services.
- 'The Mask' Espionage Group Resurfaces After 10-Year Hiatuswww.darkreading.com 'The Mask' Espionage Group Resurfaces After 10-Year Hiatus
Researchers recently spotted the Spanish-speaking threat actor —with nearly 400 previous victims under its belt — in a new campaign in Latin America and Central Africa.
- How Did Authorities Identify the Alleged Lockbit Boss?
> Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “LockBitSupp” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev. This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years.
- Cyberthreat landscape permanently altered by Chinese operations, US officials saytherecord.media Cyberthreat landscape permanently altered by Chinese operations, US officials say
The wide-ranging hacking campaign by the state-backed group Volt Typhoon is seen as a prelude of what's to come.
- Botnet sent millions of emails in LockBit Black ransomware campaignwww.bleepingcomputer.com Botnet sent millions of emails in LockBit Black ransomware campaign
Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign.
> Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign.
- Pro-Russia hackers targeted Kosovo government websitessecurityaffairs.com Pro-Russia hackers targeted Kosovo government websites
Pro-Russia hackers targeted government websites in Kosovo in retaliation for the government's support to Ukraine with military equipment.
- Actor IntelBroker is selling data from Europol in Breachforumsbreachforums.st Europol Data Breach [SOLD] | BreachForums
Hello BreachForums Community,Today, I am selling the entire data breach belonging to Europol. Thank...
Data offered include Alliance employees, FOUO source code, PDFs, Documents for recon and guidelines.