Unpatchable vulnerability in Apple chip leaks secret encryption keys
Fixing newly discovered side channel will likely take a major toll on performance.
Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds | WIRED
The company behind the Saflok-brand door locks is offering a fix, but it may take months or years to reach some hotels.
Understanding and Responding to Distributed Denial-Of-Service Attacks
This joint guide, Understanding and Responding to Distributed Denial-Of-Service Attacks, addresses the specific needs and challenges faced by organizations in defending against DDoS attacks. The guidance now includes detailed insight into three different types of DDoS techniques: Volumetric, attacks aiming to consume available bandwidth. Protocol, attacks which exploit vulnerabilities in network protocols. * Application, attacks targeting vulnerabilities in specific applications or running services.
Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season
Read the new Microsoft Threat Intelligence tax season report to learn about the techniques that threat actors use to mislead taxpayers.
.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Managing Attack Surface | Huntress Blog
Huntress recently detected interesting activity on an endpoint; a threat actor was attempting to establish a foothold on an endpoint by using commands issued via MSSQL to upload a reverse shell accessible from the web server. All attempts were obviated by MAV and process detections, but boy-howdy, did they try!
The Updated APT Playbook: Tales from the Kimsuky threat actor group | Rapid7 Blog
Within Rapid7 Labs we continually track and monitor threat groups. As part of this process, we routinely identify evolving tactics from threat groups in what is an unceasing game of cat and mouse.
Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver
On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car.
Ivanti fixes critical Standalone Sentry bug reported by NATO
Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers.
AceCryptor malware has surged in Europe, researchers say
Researchers at ESET say they spotted thousands of new infections with AceCryptor, which allows malware to slip into systems without being detected by anti-virus software.
Microsoft Copilot for Security: General Availability details
Microsoft Copilot for Security will be generally available on April 1st. Read this blog to learn about new productivity research, product capabilities,..
Loop DoS: New Denial-of-Service attack targets application-layer protocols
A new Denial-of-Service (DoS) attack targets application-layer protocols that draw on the User Datagram Protocol (UDP) for end-to-end communication. The vulnerability affects both legacy and contemporary protocols. Discovered by Christian Rossow and Yepeng Pan, the attack puts an estimated 300,000 Internet hosts and their networks at risk.
Cyberattaque contre France Travail : trois personnes mises en examen et incarcérées après le vol massif de données
Les suspects, âgés de 21, 22 et 23 ans, ont été arrêtés dimanche. L'attaque qu'ils sont soupçonnés d'avoir menée concerne potentiellement les données de 43 millions d'inscrits.
Top 5 Russian-Speaking Dark Web Forums
...Among these, russian-speaking dark web forums hold a unique position due to their extensive user base and the intricate of their operations.
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Early this February, Fortinet released an advisory for an "out-of-bounds write vulnerability" that could lead to remote code execution. The issue affected the SSL VPN component of their FortiGate network appliance and was potentially already being exploited in the wild. In this post we detail the steps we took to identify the patched vulnerability and produce a working exploit.
Tech Giant Linked to France’s Cybersecurity Tumbles in Value
The French government said it would seek “a national solution” to protect Atos, a debt-burdened company that serves nuclear programs and the military.
Misconfigured Firebase instances leaked 19 million plaintext passwords
Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development.
CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and…
New Attack Techniques Bypassing ML Security
Threat actors are exercising new attack techniques to bypass machine learning security controls.
Finland, Germany, Ireland, Japan, Poland, South Korea added to US-led spyware agreement
The signees, which already included about a dozen other nations, agree to establish “robust guardrails and procedures" around spyware, while preventing the export of technology that will be used for malicious cyber activity.
Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild
Overview The SonicWall Capture Labs threat research team recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file […]
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.
Researchers spot updated version of malware that hit Viasat
Russian hackers have added new capabilities to the malware used to disable satellite modems at the outset of the invasion of Ukraine.
Cyberattaque contre Franz Carl Weber: données d'employés publiées sur le darknet (update)
Des cybercriminels ont attaqué le vendeur de jouets Franz Carl Weber.
IT helpdeskers increasingly targeted by cybercriminals
Wave of Okta attacks mark what researchers are calling the biggest security trend of the year
Elon Musk's SpaceX builds spy satellite network for U.S. intelligence
SpaceX’s dominance in the satellite internet market has given Musk enormous power in matters of war and geopolitics
What a Cluster: Local Volumes Vulnerability in Kubernetes
- Akamai security researcher Tomer Peled recently discovered a high-severity vulnerability in Kubernetes that was assigned CVE-2023-5528 with a CVSS score of 7.2. The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster. This vulnerability can lead to full takeover on all Windows nodes in a cluster. This vulnerability can be exploited on default installations of Kubernetes (earlier than version 1.28.4), and was tested against both on-prem deployments and Azure Kubernetes Service. In this blog post, we provide a proof-of-concept YAML file as well as an Open Policy Agent (OPA) rule for blocking this vulnerability.
'GhostRace' Speculative Execution Attack Impacts All CPU, OS Vendors
Like Spectre, the new exploit could give attackers a way to access sensitive information from system memory, and take other malicious actions.
APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme
The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. "The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production," IBM X-Force said in a report published last week.
Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns
X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents covering several topics. Learn more about this continuing threat.
National Vulnerability Database: Opaque changes and unanswered questions
Anchore engineers are investigating why as of February 15, 2024, NIST has almost completely stopped updating NVD with analysis for CVE IDs.