SSH protects the world’s most sensitive networks. It just got a lot weaker
Novel Terrapin attack uses prefix truncation to downgrade the security of SSH channels.
Snikt! Rhysida dumps more than a terabyte of Insomniac Games’ internal data
The Rhysida ransomware gang publishes 98 per cent of leaked data minutes after the ransom deadline passes – Wolverine game files included.
Qakbot's Back, But Don't Y'all Panic: A Southern Tech Talk
Qakbot, a versatile malware threat, returned after a takedown in August. The new campaign targets the hospitality industry with IRS-themed phishing emails containing malicious PDFs. Microsoft identified the attack, offering two IP addresses for blocking and a way to detect the malware's digital signature.
Unveiling VISS: a revolutionary approach to vulnerability impact scoring
Our open-source vulnerability impact scoring system is now available and enhances incident response capabilities. Here's how VISS is unique.
Web injections are back on the rise: 40+ banks affected by new malware campaign
DanaBot is a sophisticated banking trojan targeting financial institutions and their customers. Now, a new global campaign has put more users at risk.
Terrapin attacks can downgrade security of OpenSSH connections
Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used.
Xfinity waited to patch critical Citrix Bleed 0-day. Now it’s paying the price
Data for almost 36 million customers now in the hands of unknown hackers.
Ransomware : Alphv/BlackCat, touché et presque coulé ?
Le site vitrine de la franchise Alphv/BlackCat affiche désormais un message indiquant qu’il a été saisi par les autorités. Mais une vitrine alternative est en ligne, mais le coup est très sérieux.
Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice
The Justice Department announced today a disruption campaign against the Blackcat ransomware group — also known as ALPHV or Noberus — that has targeted the computer networks of more than 1,000 victims and caused harm around the world since its inception, including networks that support U.S. critical infrastructure.
Authorities claim seizure of notorious ALPHV ransomware gang's dark web leak site | TechCrunch
The FBI says it has released a decryption tool allowing hundreds of ALPHV/BlackCat victims to restore their scrambled files.
Vans, Supreme owner VF Corp. says personal data stolen and orders impacted in suspected ransomware attack | TechCrunch
The U.S.-based owner of apparel brands including Vans, Supreme and The North Face says it cannot fulfill customer orders after a cyberattack.
Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains
Using machine learning to target stockpiled malicious domains, the results of our detection pipeline tool highlight campaigns from phishing to scams.
Suisse: Caméras de surveillance de l’armée jugées trop vulnérables
Obsolètes, des caméras sont des «proies faciles pour les pirates», conclut un audit interne qui affirme que l’armée néglige sa sécurité informatique.
Ransomware Diaries: Volume 1
The LockBit ransomware gang is one of the most notorious organized cybercrime syndicates that exists today. The gang is behind attacks targeting private-sector corporations and other high-profile industries worldwide. News and media outlets have documented many LockBit attacks, while security vendors offer technical assessments explaining how each occurred. Although these provide insight into the attacks, I wanted to know more about the human side of the operation to learn about the insights, motivations, and behaviors of the individuals on the other side of the keyboard. To prepare for this project, I spent months developing several online personas and established their credibility over time to gain access to the gang’s operation.
Schools hit by cyber attack and documents leaked
Confidential details including child passport scans and SEN data is published online, the BBC finds.
Shc Linux Malware Installing CoinMiner
The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl.
The Curious Case of Predatory Sparrow
Reconstructing the Attack from a 4th party collector’s point of view Hamid Kashfi 18th December, Predator Sparrows launched a second attack against the fuel distribution system in Iran, similar to their previous operation in 2021. Since 2021, Iranian officials or third-party security vendors have not published any analysis or technical details about the original attack, which is not unusual. Their screenshots from the latest attacks provide some clues that only confirm our previous work, indicating connections to the “Yaas Arghavani” company, a VSAT and POS service provider for the fuel distribution system. The following is an old draft from December 2021, which I wrote for peer eyes rather than public view. The original draft focused on the first attack against the fuel distribution system. Still, some remarks remain valid and relevant to the recent attack on 18 Dec 2023, as little has changed regarding how the system works. The same infrastructure, same suppliers, and same 3rd party vendors, so we are likely just talking about a different attack vector and entry point from the previous case. I will probably draft a new note about the recent attack from scratch soon and when more details are gathered rather than updating the old speculative work.
FBI: Play ransomware gang has attacked 300 orgs since 2022
Since it appeared in July 2022, Play ransomware has launched devastating attacks on municipalities and critical infrastructure, agencies said.
SMTP Smuggling - Spoofing E-Mails Worldwide
Introducing a novel technique for e-mail spoofing
Sophos has patched EOL Firewall versions against a critical flaw exploited in the wild, after identifying a new exploit.
UK-based cybersecurity firm Sophos this week announced patches for an exploited vulnerability in Firewall versions that have reached End-of-Life (EOL). The critical-severity flaw, tracked as CVE-2022-3236, was found to impact versions 19.0 MR1 (19.0.1) and older of the product. It was originally patched in September 2022, but only in supported versions of Sophos Firewall. Sophos describes the security defect as a code injection issue in the Firewall’s User Portal and Webadmin components, allowing attackers to achieve remote code execution (RCE).
7 December 2023 - Apache Struts version 6.3.0.2 General Availability
7 December 2023 - Apache Struts version 6.3.0.2 General Availability The Apache Struts group is pleased to announce that Apache Struts version 6.3.0.2 is available as a “General Availability” release. The GA designation is our highest quality grade. The Apache Struts is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework has been designed to streamline the full development cycle, from building, to deploying, to maintaining applications over time. This version addresses a potential security vulnerability identified as CVE-2023-50164 and described in S2-066 - please read the mentioned security bulletins for more details. This is a drop-in replacement and upgrade should be straightforward.
Ukrainian cellular and Internet still out, 1 day after suspected Russian cyberattack | Ars Technica
Hackers tied to Russian military take responsibility for hack on Ukraine's biggest provider.
Rhadamanthys v0.5.0 - a deep dive into the stealer’s components
- The Rhadamanthys stealer is a multi-layer malware, sold on the black market, and frequently updated. Recently the author released a new major version, 0.5.0. In the new version, the malware expands its stealing capabilities and also introduces some general-purpose spying functions. A new plugin system makes the malware expandable for specific distributor needs. The custom executable formats, used for modules, are unchanged since our last publication (XS1 and XS2 formats are still in distribution). Check Point Research (CPR) provides a comprehensive review of the agent modules, presenting their capabilities and implementation, with a focus on how the stealer components are loaded and how they work.
MongoDB says customer data was exposed in a cyberattack
MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week.
QNAP VioStor NVR vulnerability actively exploited by malware botnet
A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution (RCE) vulnerability in QNAP VioStor NVR (Network Video Recorder) devices to hijack and make them part of its DDoS (distributed denial of service) swarm. #Actively #Botnet #Computer #Exploited #FXC #InfectedSlurs #InfoSec #Malware #QNAP #Router #Security #Vulnerability
Microsoft’s AI Chatbot Replies to Election Questions With Conspiracies, Fake Scandals, and Lies
With less than a year to go before one of the most consequential elections in US history, Microsoft’s AI chatbot is responding to political queries with conspiracies, misinformation, and out-of-date or incorrect information. When WIRED asked the chatbot, initially called Bing Chat and recently renamed Microsoft Copilot, about polling locations for the 2024 US election, the bot referenced in-person voting by linking to an article about Russian president Vladimir Putin running for reelection next year. When asked about electoral candidates, it listed numerous GOP candidates who have already pulled out of the race.
Marketing Company Claims That It Actually Is Listening to Your Phone and Smart Speakers to Target Ads
A marketing team within media giant Cox Media Group (CMG) claims it has the capability to listen to ambient conversations of consumers through embedded microphones in smartphones, smart TVs, and other devices to gather data and use it to target ads, according to a review of CMG marketing materials by 404 Media and details from a pitch given to an outside marketing professional. Called “Active Listening,” CMG claims the capability can identify potential customers “based on casual conversations in real time.”
Exploiting GOG Galaxy XPC service for privilege escalation in macOS
Unpack the analysis of a GOG Galaxy XPC service vulnerability. More from IBM X-Force Red.
Imperva Uncovers CVE-2023-22524, A RCE Vulnerability
Learn about a RCE vulnerability, discovered by the Imperva Red Team, identified as CVE-2023-22524, in Atlassian Companion for macOS.
3CX warns customers to disable SQL database integrations
VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability.