ICANN approves use of .internal domain for your network
Vint Cerf revealed Google already uses the string, as do plenty of others
Treasury Sanctions Leader and Primary Member of the Cyber Army of Russia Reborn | U.S. Department of the Treasury
The United States exposes the identity of and imposes sanctions on two members of the Russian government-aligned hacktivist group.WASHINGTON — Today, the United States designated Yuliya Vladimirovna Pankratova (Pankratova) and Denis Olegovich Degtyarenko (Degtyarenko), two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for their roles in cyber operations against U.S. critical infrastructure
%2520attacks%2520on%2520other%2520targets.%26imtext3%3D%2520%26imtext4%3D%2520%2520%2520%26font%3D25%26Gravity%3DCenter?width=92&height=&ar=&mode=&format=avif&dpr=2)
Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack
On July 15, 2024, Akamai prevented one of the largest distributed denial-of-service (DDoS) cyberattacks it has ever observed against a major financial services company in Israel. The highly sophisticated, high-volume attack lasted almost 24 hours. The attacker deployed larger-than-usual resources, indicating a serious risk for future attacks. Other Israeli financial institutions reportedly suffered outages and downtimes on the same day, potentially due to the same type of attack and the same aggressor.
WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive
I discovered an unauthenticated path traversal against the latest version of progress whatsup gold and turned it into a pre-auth RCE, following is how I did it, this is the story of CVE-2024-4885
Jenkins Security Advisory 2024-08-07 CVE-2024-43044 CVE-2024-43045
Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software
Windows Update Flaws Allow Undetectable Downgrade Attacks
Researcher showcases hack against Microsoft Windows Update architecture, turning fixed vulnerabilities into zero-days.
Open letter to UK online service providers
Today we've published an open letter to online service providers operating in the UK about the increased risk of their platforms being used to stir up hatred, provoke violence and commit other offences under UK law, in the context of recent acts of violence in the UK.
INTERPOL recovers over $40 million stolen in a BEC attack
A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore.
Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure
CloudSEK's threat research team has uncovered a ransomware attack disrupting India's banking system, targeting banks and payment providers. Initiated through a misconfigured Jenkins server at Brontoo Technology Solutions, the attack is linked to the RansomEXX group.
Critical Vulnerability in Apache OFBiz Requires Immediate Patching - Infosecurity Magazine
SonicWall discovered the Apache OFBiz flaw, identifying it as a critical issue enabling unauthenticated remote code execution
CrowdStrike says it isn't to blame for Delta's flight cancellations after July outage
Delta CEO Ed Bastian said the company plans to seek compensation from Microsoft and CrowdStrike.
Security Incident | August 2024
Mobile Guardian experienced a security incident that involved unauthorized access to the iOS and ChromeOS devices enrolled to the Mobile Guardian platform on the 4th of August. We have halted servers in order to prevent further disruption by the perpetrator. This is not related to an error in configuration that occurred on the 30th of July which affected Mobile Guardian iPads on our Singapore instance only.
Hackers breached MDM firm Mobile Guardian and wiped thousands of devices
Threat actors breached the UK-based mobile device management (MDM) firm Mobile Guardian and remotely wiped thousands of devices.
Exploring Anti-Phishing Measures in Microsoft 365
In this post we will explore some of the anti-phishing measures employed by Microsoft 365 (formally Office 365) as well as their weaknesses. Certitude was able to identify an issue in that allows malicious actors to bypass anti-phishing measures.
Threat Actors Capitalize On ServiceNow Vulnerability
Cyble observes how Dark Web forums reveal ServiceNow users falling victim to a Remote Code Execution vulnerability, which exposes sensitive data & escalates risks across sectors.
Ransomware gang targets IT workers with new SharpRhino malware
The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks.
New Hunters International RAT identified by Quorum Cyber
During a recent ransomware incident investigated by the Quorum Cyber Incident Response team, novel malware was identified previously unknown.
Google fixes Android kernel zero-day exploited in targeted attacks
Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks.
Moscow’s Spies Were Stealing US Tech — Until the FBI Started a Sabotage Campaign
One day at the dawn of the 1980s, an FBI agent in his 30s named Rick Smith walked into the Balboa Café, an ornate, historic watering hole in San Francisco’s leafy Cow Hollow neighborhood. Smith, who was single at the time, lived nearby and regularly frequented the spot. As he approached the oak wood bar to order a drink he suddenly spotted a familiar face — someone Smith had met about a year before, after the man had walked into the Soviet Consulate in San Francisco. He was Austrian by birth, but a denizen of Silicon Valley, an entrepreneur who operated as a middleman between American tech companies and European countries hungry for the latest hi-tech goods.
China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates
Chinese hacking group Evasive Panda compromises ISP to push malware, targeting companies through DNS poisoning and insecure update mechanisms.
Surge in Magniber ransomware attacks impact home users worldwide
A massive Magniber ransomware campaign is underway, encrypting home users' devices worldwide and demanding thousand-dollar ransoms to receive a decryptor. Magniber launched in 2017 as a successor to the Cerber ransomware operation when it was spotted being distributed by the Magnitude exploit kit. Since then, the ransomware operation has seen bursts of activity over the years, with the threat actors utilizing various methods to distribute Magniber and encrypt devices. These tactics include using Windows zero-days, fake Windows and browser updates, and trojanized software cracks and key generators.
Ten Arrests Made and 108 Charges Laid in Project Disrupt, a SIM Swap Fraud Investigation
The Toronto Police Service is making the public aware of 10 arrests made and 108 charges laid in a major SIM swap fraud investigation dubbed Project Disrupt. On Thursday, August 1, 2024, Detective David Coffey, from the Financial Crimes Unit, and Detective Constable Michael Gow, from the Coordinated Cyber Center (C3), held a news conference about Project Disrupt.
Light on Safety
To attract users across the Global Majority, many technology companies have introduced “lite” versions of their products: Applications that are designed for lower-bandwidth contexts. TikTok is no exception, with TikTok Lite estimated to have more than 1 billion users. Mozilla and AI Forensics research reveals that TikTok Lite doesn’t just reduce required bandwidth, however. In our opinion, it also reduces trust and safety. In comparing TikTok Lite with the classic TikTok app, we found several discrepancies between trust and safety features that could have potentially dangerous consequences in the context of elections and public health. Our research revealed TikTok Lite lacks basic protections that are afforded to other TikTok users, including content labels for graphic, AI-generated, misinformation, and dangerous acts videos. TikTok Lite users also encounter arbitrarily shortened video descriptions that can easily eliminate crucial context. Further, TikTok Lite users have fewer proactive controls at their disposal. Unlike traditional TikTok users, they cannot filter offensive keywords or implement screen management practices. Our findings are concerning, and reinforce patterns of double-standard. Technology platforms have a history of neglecting users outside of the US and EU, where there is markedly less potential for constraining regulation and enforcement. As part of our research, we discuss the implications of this pattern and also offer concrete recommendations for TikTok Lite to improve.
Russia-linked operations target Paris 2024 Olympics
Cross-platform efforts denigrated France's handling of the games and fomented fear of a potential terrorist attack
Acronis Product Vulnerability Exploited in the Wild
Cybersecurity and data protection technology company Acronis last week warned that threat actors are exploiting a critical-severity vulnerability patched nine months ago. Tracked as CVE-2023-45249 (CVSS score of 9.8), the security defect impacts Acronis Cyber Infrastructure (ACI) and allows threat actors to execute arbitrary code remotely due to the use of default passwords.
Apple Rolls Out Security Updates for iOS, macOS
Apple on Monday announced a hefty round of security updates that address dozens of vulnerabilities impacting both newer and older iOS and macOS devices. iOS 17.6 and iPadOS 17.6 were released for the latest generation iPhone and iPad devices with fixes for 35 security defects that could lead to authentication and policy bypasses, unexpected application termination or system shutdown, information disclosure, denial-of-service (DoS), and memory leaks.
Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware
Cloudflare's TryCloudflare is being exploited by cybercriminals for malware delivery via phishing emails, reports say.
Quartet of Trouble: XWorm, AsyncRAT, VenomRAT, and…
Learn more about how four malware, XWorm, AsyncRAT, VenomRAT, and PureLogs Stealer, are leveraging TryCloudflare and get security recommendations from our…
Black Basta ransomware switches to more evasive custom malware
The Black Basta ransomware gang has shown resilience and an ability to adapt to a constantly shifting space, using new custom tools and tactics to evade detection and spread throughout a network.
UNC4393 Goes Gently into the SILENTNIGHT
In mid-2022, Mandiant's Managed Defense detected multiple intrusions involving QAKBOT, leading to the deployment of BEACON coupled with other pre-ransomware indicators. This marked Mandiant's initial identification of UNC4393, the primary user of BASTA ransomware. Mandiant has responded to over 40 separate UNC4393 intrusions across 20 different industry verticals. While healthcare organizations have not traditionally been a focus for UNC4393, several breaches in the industry this year indicate a possible expansion of their interests. However, this represents only a fraction of the cluster's victims, with the Black Basta data leak site purporting over 500 victims since inception. Over the course of this blog post, Mandiant will detail the evolution of UNC4393's operational tactics and malware usage throughout its active lifespan, with a focus on the period following the QAKBOT botnet takedown. We will highlight the cluster's transition from readily available tools to custom malware development as well as its evolving reliance on access brokers and diversification of initial access techniques.