Gird your loins, there’s a new pre-auth RCE in Ivanti boxes landing
"Code execution in 0 seconds (3 seconds to be more accurate), no limitation, no authentication..."
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s internal data storage directory, which could lead to arbitrary code execution and token theft, among other impacts. We have shared our findings with Google’s Android Application Security Research team, as well as the developers of apps found vulnerable to this issue. We anticipate that the vulnerability pattern could be found in other applications. We’re sharing this research more broadly so developers and publishers can check their apps for similar issues, fix as appropriate, and prevent them from being introduced into new apps or releases.
Google shares update on passkeys and new ways to protect accounts
For World Password Day, we’re sharing updates to passkeys across our products and sharing more ways we’re keeping people safe online.
Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online
Marriot revealed in a court case around a massive 2018 data breach that it had been using secure hash algorithm 1 and not the much more secure AES-1 encryption as it had earlier maintained.
Analysis of TargetCompany's Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware)
While monitoring attacks targeting MS-SQL servers, AhnLab SEcurity intelligence Center (ASEC) recently identified cases of the TargetCompany ransomware group installing the Mallox ransomware. The TargetCompany ransomware group primarily targets improperly managed MS-SQL servers to install the Mallox ransomware. While these attacks have been ongoing for several years, here we will outline the correlation between the newly identified malware and previous attack cases involving the distribution of the Tor2Mine CoinMiner and BlueSky ransomware.
New “Goldoon” Botnet Targeting D-Link Devices
FortiGuard Labs discovered the new botnet “Goldoon” targeting D-Link devices through related vulnerability CVE-2015-2051.
Operation PANDORA shuts down 12 phone fraud call centres
Operation PANDORA started with a bank teller in Freiburg, Germany. When in December 2023 a customer asked to withdraw over EUR 100 000 in cash, the bank teller grew suspicious and quickly learned the customer had fallen victim to a ‘fake police officer scam’. He informed the real police, which prevented the victim from handing the money over to the...
Op Pandora puts suspected phone fraudsters back in the box
Cops prevented crims from bilking victims out of more than €10m - but couldn't stop crime against art
Eight Arms to Hold You: The Cuttlefish Malware
Executive Summary: The Black Lotus Labs team at Lumen Technologies is tracking a malware platform we’ve named Cuttlefish, that targets networking equipment, specifically enterprise-grade small office/home office (SOHO) routers. This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent local area network (LAN). A
Hacker free-for-all fights for control of home and office routers everywhere
How and why nation-state hackers and cybercriminals coexist in the same router botnet.
macOS Adload | Prolific Adware Pivots Just Days After Apple’s XProtect Clampdown
Learn about the latest Adload adware variants, written in Go and intended to bypass Apple's recent XProtect updates.
French hospital CHC-SV refuses to pay LockBit extortion demand
The Hôpital de Cannes - Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang, saying they refuse to pay the ransom.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F25299208%2FSTK453_PRIVACY_E_CVirginia.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Microsoft needs to win back trust
Microsoft has faced a series of security issues in recent years. Now, the company is trying to win back trust and focus on security as a top priority.
Unveiling the depths of residential proxies providers
Analysts from Sekoia.io and Orange Cyberdefense delve into the phenomenon of RESIP, explore the actual market landscape, which is composed of multiple shady providers, and explain how cyber threat actors abuse or even directly provide such services.
Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams
Attackers are using Docker Hub for malicious campaigns of various types, including spreading malware, phishing and scams. Read the analysis of 3 malware campaigns.
Baltic countries blame Russia for GPS jamming of commercial flights
State officials from Lithuania and Estonia are among those raising the alarm about Russian interference with navigation signals.
Vastaamo hack: Therapy notes hacker jailed for blackmail
Julius Kivimäki threatened thousands of patients he would publish details of their therapy sessions.
Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware
Kandji's threat research team has discovered a piece of malware that combines aspects of an infostealer and spyware. Here's how it works.
Global attacker median dwell time continues to fall
The global attacker median dwell time continued trending downwards in 2023, and is now 10 days (from 16 days in the previous year).
From IcedID to Dagon Locker Ransomware in 29 Days
- In late August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was then used through-out the intrusion. The threat actor leveraged a bespoke PowerShell tool known as AWScollector to facilitate a range of malicious activities including discovery, lateral movement, data exfiltration, and ransomware deployment. Group Policy was used to distribute Cobalt Strike beacons at login to a specific privileged user group. The threat actor utilized a suite of tools to support their activities, deploying Rclone, Netscan, Nbtscan, AnyDesk, Seatbelt, Sharefinder, and AdFind. * This case had a TTR (time to ransomware) of 29 days.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F25419756%2F247094_When_the_walls_of_Apple_s_garden_came_tumbling_down_MWares.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
The walls of Apple’s garden are tumbling down
Since the very first iPhone, the walls of Apple’s meticulously manicured garden have grown ever higher. Now, they’re starting to crumble.
WP Automatic WordPress plugin hit by millions of SQL injection attacks
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.
Okta warns of "unprecedented" credential stuffing attacks on customers
Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks.
PS4/PS5: TheFloW discloses Kernel vulnerability relying on old bug from 2006, impacts PS4 up to 11.00 & PS5 up to 8.20, more details in May
A few months ago, I wrote about a rumor that TheFloW‘s yet-to-be-disclosed PS4/PS5 Kernel exploit was relying on an 18 year old vulnerability. What sounded like an obvious troll initially, then looked more and...
El Salvador: Hackers leak code of state Bitcoin wallet
After leaking the entire database of Chivo users in early April, the hacker group CiberInteligenciaSV started releasing the wallet’s code.
Chinese Keyboard App Vulnerabilities Explained
We analyzed third-party keyboard apps Tencent QQ, Baidu, and iFlytek, on the Android, iOS, and Windows platforms. Along with Tencent Sogou, they comprise over 95% of the market share for third-party keyboard apps in China. This is an FAQ for the full report titled "The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers."
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns.
Unplugging PlugX: Sinkholing the PlugX USB worm botnet
Learn about our process for collecting telemetry data from PlugX worm-infected workstations, as well as how to disinfect them.
France seeks new EU sanctions to target Russian disinformation
A draft proposal, offered ahead of European elections in June, reportedly would allow the EU to impose tougher restrictions on individuals and entities involved in Russia-backed influence operations worldwide.
'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks
Sources suspect China is behind the targeted exploitation of two zero-day vulnerabilities in Cisco’s security appliances.