Two privilege escalation flaws affect 40% of Ubuntu workloads in OverlayFS
Ubuntu patched the high-severity vulnerabilities on July 24 and recommends that users update their Ubuntu kernels.
Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws
Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices.
Zenbleed
It turns out that with precise scheduling, you can cause some processors to recover from a mispredicted vzeroupper incorrectly! This technique is CVE-2023-20593 and it works on all Zen 2 class processors, which includes at least the following products
Cryptojacking: Understanding and defending against cloud compute resource abuse
Cloud cryptojacking, a type of cyberattack that uses computing power to mine cryptocurrency, could result in financial loss to targeted organizations due to the compute fees that can be incurred from the abuse.
Apple issues third mobile OS update after zero-click spyware campaign
The patch is the latest to address issues associated with what cybersecurity firm Kaspersky called Operation Triangulation.
DDoS threat report for 2023 Q2
Q2 2023 saw an unprecedented escalation in DDoS attack sophistication. Pro-Russian hacktivists REvil, Killnet and Anonymous Sudan joined forces to attack Western sites. Mitel vulnerability exploits surged by a whopping 532%, and attacks on crypto rocketed up by 600%. Read the full story...
Apple slams UK surveillance-bill proposals
The technology giant says it could remove services such as FaceTime from the UK over potential changes
Threat Actors Add .zip Domains to Their Phishing Arsenals
In the evolving cybersecurity landscape, understanding the phishing threat has become more critical than ever. Read into a new threat resulting from the addition of a new Top-Level Domain (TLD), '.ZIP'.
JumpCloud says 'nation state' gang hit some customers
JumpCloud says a "sophisticated nation-state" attacker broke into its IT systems and targeted some of its customers. The identity and access management provider, particularly popular with sysadmins wrangling Macs on corporate networks, said it first discovered signs of an intrusion on June 27. The biz at the time determined persons unknown got "unauthorized access to a specific area of our infrastructure" using a "sophisticated spear-phishing campaign" that began five days prior.
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent
The Qualys Threat Research Unit (TRU) has discovered a remote code execution vulnerability in OpenSSH's forwarded ssh-agent. This vulnerability allows a remote…
Typo leaks millions of US military emails to Mali web operator.
Millions of US military emails have been misdirected to Mali through a “typo leak” that has exposed highly sensitive information, including diplomatic documents, tax returns, passwords and the travel details of top officers.
![[Security Update] Incident Details](https://rdl.ink/render/https%3A%2F%2Fjumpcloud.com%2F%2Fwp-content%2Fuploads%2F2023%2F07%2FOcean-blue-JC-logo-blog-image.png?width=92&height=&ar=&mode=&format=avif&dpr=2){kind=logo}
[Security Update] Incident Details
As a result, today we are publishing details of activity by a sophisticated nation-state sponsored threat actor that gained unauthorized access to our systems to target a small and specific set of our customers. Prior to sharing this information, we notified and worked with the impacted customers. We have also been working with our incident response (IR) partners and law enforcement on both our investigation and steps designed to make our systems and our customers’ operations even more secure. The attack vector used by the threat actor has been mitigated.
WormGPT - The Generative AI Tool Cybercriminals Are Using to Launch BEC Attacks
In this blog post, we'll look at the use of generative AI, including OpenAI's ChatGPT, and the cybercrime tool WormGPT, in BEC attacks.
Microsoft takes pains to obscure role in 0-days that caused email breach
Critics also decry Microsoft's "pay-to-play" monitoring that detected intrusions.
Inside the subsea cable firm secretly helping American take on China
SubCom is laying deepwater internet cables to boost U.S. economic and military might, including a secret mission to a remote island naval base, Reuters found.
WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks
A new generative AI cybercrime tool called WormGPT is making waves in underground forums. It empowers cybercriminals to automate phishing attacks.
WordPress plugin installed on 1 million+ sites logged plaintext passwords
AIOS bills itself as an "all-in-one" security solution. A just-fixed bug undermined that.
AVrecon malware infects 70,000 Linux routers to build botnet
Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.
BlackLotus UEFI Bootkit Source Code Leaked on GitHub
The source code for the BlackLotus UEFI bootkit has been shared publicly on GitHub, albeit with several modifications compared to the original malware. Designed specifically for Windows, the bootkit emerged on hacker forums in October last year, being advertised with APT-level capabilities such as secure boot and user access control (UAC) bypass and the ability to disable security applications and defense mechanisms on victim systems.
Cybercriminalité : sept suspects identifiés pour du « phishing / hameçonnage »
Entre avril 2022 et juin 2023, une quarantaine de plaintes relatives à des cas de « phishing / hameçonnage », pour un montant de plus de 170'000…
Piratage de Xplain: La Confédération menacée par une vague de plaintes
Depuis le piratage de la société Xplain, les données personnelles de plus de 760 personnes circulent sur le Darknet. Problème: elles auraient dû être effacées depuis 2015, mais sont restées stockées dans des serveurs. Une vague de plaintes se prépare.
Microsoft changes signing key system breached by Chinese hackers to steal US gov’t data
Microsoft has announced changes to a system that was exploited by Chinese hackers over the last month that allowed them to access email accounts and spy on the inner workings of two dozen organizations, including government agencies, a lawmaker’s staff and even Commerce Secretary Gina Raimondo.
ShadowVault is the latest Mac data-stealer malware, reportedly
ShadowVault data stealer Mac malware made headlines in the Apple press this week. Here is what we know about it so far.
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
Cisco Talos discovered 12 memory corruption vulnerabilities in MSRPC implementations on Apple macOS and VMWare vCenter. - Seven vulnerabilities affect Apple macOS only. - Two vulnerabilities affect VMWare vCenter. - Three vulnerabilities affect both.
Chinese hackers breached US government email accounts, Microsoft and White House say | CNN Politics
China-based hackers have breached email accounts at two-dozen organizations, including some United States government agencies, in an apparent spying campaign aimed at acquiring sensitive information, according to statements from Microsoft and the White House late Tuesday.
Chinese hackers breached U.S. and European government email through Microsoft bug
A Chinese hacking group exploited a bug in Microsoft’s cloud email service to spy on two-dozen organizations, including some government agencies, the tech giant said late Tuesday.
Les données de hooligans ayant sévi en Suisse publiées sur le darknet (update) | ICTjournal
Différentes données ultra sensibles pour la sécurité de la Suisse font partie des données volées au prestataire Xpl
Loader activity for Formbook "QM18"
Loader activity for Formbook "QM18", Author: Brad Duncan
The Spies Who Loved You: Infected USB Drives to Steal Secrets
In the first half of 2023, we observed a threefold increase in the number of attacks using infected USB drives to steal secrets.
Hackers exploit gaping Windows loophole to give their malware kernel access
Microsoft blocks a new batch of system drivers, but the loophole empowering them remains.