LockBit lied: Stolen data is from a bank, not US Federal Reserve
Recently-disrupted LockBit ransomware group, in a desperate attempt to make a comeback, claimed this week that it had hit the Federal Reserve, the central bank of the United States. Except, the rumor has been quashed.
CVE-2024-5261 | LibreOffice - Free and private office suite - Based on OpenOffice - Compatible with Microsoft
LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents. LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers.
The company “identified a security incident that involved bad actors targeting a limited number of HubSpot customers and attempting to gain unauthorized access to their accounts” on June 22.
Indonesia president orders audit of data centres after cyberattack
Indonesian President Joko Widodo ordered on Friday an audit of government data centres after officials said the bulk of data affected by a recent ransomware cyberattack was not backed up, exposing the country's vulnerability to such attacks. Last week's cyberattack, the worst in Indonesia in recent years, has disrupted multiple government services including immigration and operations at major airports.
Critical GitLab bug lets attackers run pipelines as any user
A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user.
South Korean telecom company attacks torrent users with malware — over 600,000 customers report missing files, strange folders, and disabled PCs
Korean telecom company KT Corporation sent malware to its subscribers who use Webhard's Grid Service peer-to-peer sharing program to hide their files and stop them from using the service.
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer
P2Pinfect is a rust-based malware covered extensively by Cado Security in the past. Cado Security researchers first discovered it during triage of honeypot telemetry in July of 2023.
Progress Software elevates severity of new MOVEit bug to ‘critical’ as exploit attempts jump
The company updated an advisory about a bug affecting the MOVEit tool, warning a “newly identified vulnerability in a third-party component" had elevated the risks.
Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806)
Progress un-embargoed an authentication bypass vulnerability in Progress MOVEit Transfer. Many sysadmins may remember last year’s CVE-2023-34362, a cataclysmic vulnerability in Progress MOVEit Transfer that sent ripples through the industry, claiming such high-profile victims as the BBC and FBI. Sensitive data was leaked, and sensitive data was destroyed, as the cl0p ransomware gang leveraged 0days to steal data - and ultimately leaving a trail of mayhem.
US accuses Russian of helping Kremlin hack Ukraine’s state computer systems
According to the Department of Justice, 22-year-old Amin Stigal helped Russian military intelligence carry out cyber operations, including probing computers belonging to a federal government agency in Maryland.
Chinese Cyberspies Employ Ransomware in Attacks for Diversion
Cyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft.
ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
Threat actors in the cyberespionage ecosystem are using ransomware for financial gain, disruption, distraction, misattribution, and the removal of evidence.
Microsoft employee accidentally publishes PlayReady code
[German]A Microsoft software developer has accidentally shared internal PlayReady source code with the public (a developer forum). The data leak of 4 GByte is sufficient to compile the required DLL from the source code. This could be a real boon for people who want to reverse engineering or crack PlayReady. What is PlayReady? PlayReady is...
UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware
Summary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobile processors. The issue involves an unsafe variable in the Trusted Platform Module (TPM) configuration that could lead […]
The inside view of spyware’s 'dirty interference,' from two recent Pegasus victims
Andrei Sannikov and Evgeny Erlikh discuss the effects of discovering their devices had been infected with Pegasus — making them part of a rapidly expanding list of civil-society figures targeted with the commercial spyware.
CDK Begins Restoring Systems Amid Ransomware Payment Reports
CDK Global, the auto dealership software solutions firm that supplies services to an estimated 15,000 dealerships in the U.S. and Canada, said it has begun the
GrimResource - Microsoft Management Console for initial access and evasion
Elastic researchers uncovered a new technique, GrimResource, which allows full code execution via specially crafted MSC files. It underscores a trend of well-resourced attackers favoring innovative initial access methods to evade defenses.
Polyfill.io is a service that automatically provides front-end polyfills, making it very convenient to use. You just need to select the functionality you want to polyfill and then include a JavaScript
Recent Zyxel NAS Vulnerability Exploited by Botnet
A recently disclosed critical-severity vulnerability in discontinued Zyxel NAS devices is already exploited in botnet attacks, the Shadowserver Foundation warns. Tracked as CVE-2024-29973, the issue is described as a code injection flaw that can be exploited remotely without authentication. It was introduced last year, when Zyxel patched CVE-2023-27992, a similar code injection bug. “While patching this vulnerability, they added a new endpoint which uses the same approach as the old ones, and while doing so, implemented the same mistakes as its predecessors,” explains Outpost24 security researcher Timothy Hjort, who discovered and reported the security defect.
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
A few months ago, I stumbled upon a 24 years old buffer overflow in the glibc, the base library for linux programs. Despite being reachable in multiple well-known libraries or executables, it proved rarely exploitable — while it didn't provide much leeway, it required hard-to-achieve preconditions. Looking for targets lead mainly to disappointment. On PHP however, the bug shone, and proved useful in exploiting its engine in two different ways.
CISA confirms hackers may have accessed data from chemical facilities during January incident
The agency found no evidence that hackers exfiltrated information but noted the intrusion “may have resulted in the potential unauthorized access” to security plans, vulnerability assessments and user accounts within a national system to protect the chemicals sector.
New attack uses MSC files and Windows XSS flaw to breach networks
A novel command execution technique dubbed 'GrimResource' uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management Console.
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 observed a recent malvertising campaign luring users to download malicious installers for popular software like Google Chrome and Microsoft Teams.
