Reconstructing the Attack from a 4th party collector’s point of view Hamid Kashfi 18th December, Predator Sparrows launched a second attack against the fuel distribution system in Iran, similar to their previous operation in 2021. Since 2021, Iranian officials or third-party security vendors have not published any analysis or technical details about the original attack, which is not unusual. Their screenshots from the latest attacks provide some clues that only confirm our previous work, indicating connections to the “Yaas Arghavani” company, a VSAT and POS service provider for the fuel distribution system. The following is an old draft from December 2021, which I wrote for peer eyes rather than public view. The original draft focused on the first attack against the fuel distribution system. Still, some remarks remain valid and relevant to the recent attack on 18 Dec 2023, as little has changed regarding how the system works. The same infrastructure, same suppliers, and same 3rd party vendors, so we are likely just talking about a different attack vector and entry point from the previous case. I will probably draft a new note about the recent attack from scratch soon and when more details are gathered rather than updating the old speculative work.
Sophos has patched EOL Firewall versions against a critical flaw exploited in the wild, after identifying a new exploit.
UK-based cybersecurity firm Sophos this week announced patches for an exploited vulnerability in Firewall versions that have reached End-of-Life (EOL). The critical-severity flaw, tracked as CVE-2022-3236, was found to impact versions 19.0 MR1 (19.0.1) and older of the product. It was originally patched in September 2022, but only in supported versions of Sophos Firewall. Sophos describes the security defect as a code injection issue in the Firewall’s User Portal and Webadmin components, allowing attackers to achieve remote code execution (RCE).
7 December 2023 - Apache Struts version 6.3.0.2 General Availability
7 December 2023 - Apache Struts version 6.3.0.2 General Availability The Apache Struts group is pleased to announce that Apache Struts version 6.3.0.2 is available as a “General Availability” release. The GA designation is our highest quality grade. The Apache Struts is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework has been designed to streamline the full development cycle, from building, to deploying, to maintaining applications over time. This version addresses a potential security vulnerability identified as CVE-2023-50164 and described in S2-066 - please read the mentioned security bulletins for more details. This is a drop-in replacement and upgrade should be straightforward.
Rhadamanthys v0.5.0 - a deep dive into the stealer’s components
The Rhadamanthys stealer is a multi-layer malware, sold on the black market, and frequently updated. Recently the author released a new major version, 0.5.0. In the new version, the malware expands its stealing capabilities and also introduces some general-purpose spying functions. A new plugin system makes the malware expandable for specific distributor needs. The custom executable formats, used for modules, are unchanged since our last publication (XS1 and XS2 formats are still in distribution). Check Point Research (CPR) provides a comprehensive review of the agent modules, presenting their capabilities and implementation, with a focus on how the stealer components are loaded and how they work.
MongoDB says customer data was exposed in a cyberattack
MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week.
QNAP VioStor NVR vulnerability actively exploited by malware botnet
A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution (RCE) vulnerability in QNAP VioStor NVR (Network Video Recorder) devices to hijack and make them part of its DDoS (distributed denial of service) swarm. #Actively #Botnet #Computer #Exploited #FXC #InfectedSlurs #InfoSec #Malware #QNAP #Router #Security #Vulnerability
Microsoft’s AI Chatbot Replies to Election Questions With Conspiracies, Fake Scandals, and Lies
With less than a year to go before one of the most consequential elections in US history, Microsoft’s AI chatbot is responding to political queries with conspiracies, misinformation, and out-of-date or incorrect information. When WIRED asked the chatbot, initially called Bing Chat and recently renamed Microsoft Copilot, about polling locations for the 2024 US election, the bot referenced in-person voting by linking to an article about Russian president Vladimir Putin running for reelection next year. When asked about electoral candidates, it listed numerous GOP candidates who have already pulled out of the race.
Marketing Company Claims That It Actually Is Listening to Your Phone and Smart Speakers to Target Ads
A marketing team within media giant Cox Media Group (CMG) claims it has the capability to listen to ambient conversations of consumers through embedded microphones in smartphones, smart TVs, and other devices to gather data and use it to target ads, according to a review of CMG marketing materials by 404 Media and details from a pitch given to an outside marketing professional. Called “Active Listening,” CMG claims the capability can identify potential customers “based on casual conversations in real time.”
3CX warns customers to disable SQL database integrations
VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability.
Cyberextorsion : 2023, année de l’industrialisation
L’année qui s’achève aura été notamment marquée par plusieurs campagnes d’exploitation de vulnérabilités inédites, en masse, par Cl0p, à des fins de cyberextorsion. Une première à cette échelle. L'...
Paternity and fertility tests among data stolen in Asper Biogene cyberattack | News | ERR
Among the health data illegally downloaded from genetic testing company Asper Biogene's database were details related to paternity and fertility tests. Some of the data is easily understandable and can be directly connected to specific individuals, Pille Lehis, director general of the Data Protection Inspectorate, said on ETV morning show "Terevisioon.".
Apache Struts is a popular Java web application framework. On December 7, 2023 Apache published an advisory for CVE-2023-50164, a Struts parameter pollution vu…
Ledger's Web3 Connector library was compromised and replaced with a drainer
Ledger's software got hit with a serious security problem. banteg, a well-known crypto guy, tweeted that Ledger's library is messed up and now has a "drainer" in it.
Hackers are exploiting critical Apache Struts flaw using public PoC
Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.
Ukraine’s intelligence claims cyberattack on Russia’s state tax service
Ukraine's defense intelligence directorate (GUR) said it infected thousands of servers belonging to Russia's state tax service with malware, and destroyed databases and backups.
CALISTO doxxing : Sekoia.io findings concurs to Reuters’ investigation on FSB-related Andrey Korinets
Discover activities linking Korinets to CALISTO doxxing in our investigation. Uncover details from emails, domains & servers used to target UK Parliament & Cambridge University.
Apple’s new iPhone security setting keeps thieves out of your digital accounts
Apple added a feature to iOS 17.3 that appears to address an iPhone security vulnerability that lets thieves steal iCloud accounts using only a user’s iPhone PIN.