Found 1407 bookmarks
Custom sorting
Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day
Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day
It is not just APTs that like to target telephone systems, but ourselves at watchTowr too. We can't overstate the consequences of an attacker crossing the boundary from the 'computer system' to the 'telephone system'. We've seen attackers realise this in 2024, with hacks against legal intercept systems widely reported
#watchtowr#EN#2024#Mitel#MiCollab#CVE-2024-3528#CVE-2024-41713#0day#PoC
·labs.watchtowr.com·
Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day
At least 8 US telcos, dozens of countries impacted by Salt Typhoon breaches, White House says | The Record from Recorded Future News
At least 8 US telcos, dozens of countries impacted by Salt Typhoon breaches, White House says | The Record from Recorded Future News
Senators briefed on the wide-ranging breaches by Chinese hackers called for action on Wednesday to protect the country's telecommunications networks.
#therecord.media#EN#2024#telcos#US#Salt-Typhoon#China#breaches
·therecord.media·
At least 8 US telcos, dozens of countries impacted by Salt Typhoon breaches, White House says | The Record from Recorded Future News
Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples
Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples
We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed. We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed.
#unit42#EN#2024#macOS#ARD#AppleScript#attacks#lateral-movement#tactics
·unit42.paloaltonetworks.com·
Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples
Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud
Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud
The FBI is warning the public that criminals exploit generative artificial intelligence (AI) to commit fraud on a larger scale which increases the believability of their schemes. Generative AI reduces the time and effort criminals must expend to deceive their targets. Generative AI takes what it has learned from examples input by a user and synthesizes something entirely new based on that information. These tools assist with content creation and can correct for human errors that might otherwise serve as warning signs of fraud. The creation or distribution of synthetic content is not inherently illegal; however, synthetic content can be used to facilitate crimes, such as fraud and extortion.1 Since it can be difficult to identify when content is AI-generated, the FBI is providing the following examples of how criminals may use generative AI in their fraud schemes to increase public recognition and scrutiny.
#ic3.gov#EN#2024#warning#Criminals#Use#Generative#AI#Financial#Fraud#recommandations
·ic3.gov·
Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud
UN, international orgs create advisory body for submarine cables after incidents | The Record from Recorded Future News
UN, international orgs create advisory body for submarine cables after incidents | The Record from Recorded Future News
On Friday, the United Nations Agency for Digital Technologies said it is partnering with the International Telecommunication Union (ITU) and International Cable Protection Committee (ICPC) to create the International Advisory Body for Submarine Cable Resilience.
#therecord.media#EN#2024#UN#submarine#cables#advisory#body#ICPC#Resilience
·therecord.media·
UN, international orgs create advisory body for submarine cables after incidents | The Record from Recorded Future News
The Curious Case of an Egg-Cellent Resume
The Curious Case of an Egg-Cellent Resume
  • Initial access was via a resume lure as part of a TA4557/FIN6 campaign. The threat actor abused LOLbins like ie4uinit.exe and msxsl.exe to run the more_eggs malware. Cobalt Strike and python-based C2 Pyramid were employed by the threat actor for post-exploitation activity. The threat actor abused CVE-2023-27532 to exploit a Veeam server and facilitate lateral movement and privilege escalation activities. The threat actor installed Cloudflared to assist in tunneling RDP traffic. This case was first published as a Private Threat Brief for customers in April of 2024. Eight new rules were created from this report and added to our Private Detection Ruleset.
#thedfirreport#EN#2024#Egg-Cellent#Resume#lure#CV#Cloudflared
·thedfirreport.com·
The Curious Case of an Egg-Cellent Resume
Gaming Engines: An Undetected Playground for Malware Loaders
Gaming Engines: An Undetected Playground for Malware Loaders
  • Check Point Research discovered a new technique taking advantage of Godot Engine, a popular open-source game engine, to execute crafted GDScript, code which triggers malicious commands and delivers malware. The technique remains undetected by almost all antivirus engines in VirusTotal. Check Point identified GodLoader, a loader that employs this new technique. The threat actor behind this malware has been utilizing it since June 29, 2024, infecting over 17,000 machines The malicious GodLoader is distributed by the Stargazers Ghost Network, a GitHub network that distributes malware as a service. Throughout September and October, approximately 200 repositories and over 225 Stargazers were used to legitimize the repositories distributing the malware. This new technique allows threat actors to target and infect devices across multiple platforms, such as Windows, macOS, Linux, Android, and iOS. Check Point Research demonstrates how this multi-platform technique can successfully drop payloads in Linux and MacOS. * A potential attack can target over 1.2 million users of Godot-developed games. These scenarios involve taking advantage of legitimate Godot executables to load malicious scripts in the form of mods or other downloadable content.
#checkpoint#EN#2024#GodLoader#Godot#Engine#game#payloads#analysis
·research.checkpoint.com·
Gaming Engines: An Undetected Playground for Malware Loaders
Python Crypto Library Updated to Steal Private Keys
Python Crypto Library Updated to Steal Private Keys
Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean
#phylum#EN#2024#Python#Crypto#Library#PyPI#malicious#code#aiocpa#Supply-chain-attack
·blog.phylum.io·
Python Crypto Library Updated to Steal Private Keys
Gergely's hack blog – badmalloc (CVE-2023-32428) - a macOS LPE
Gergely's hack blog – badmalloc (CVE-2023-32428) - a macOS LPE
I recently realised that I still owe you guys some writeups, so since OBTSv7 is around the corner here's the one for badmalloc. I found this back in March 2023, and it got fixed in October. About the bug There's a bug in MallocStackLogging, Apple's "magical" framework that allows developers …
#gergelykalman#EN#2024#macOS#0day#CVE-2023-32428#MallocStackLogging#macos
·gergelykalman.com·
Gergely's hack blog – badmalloc (CVE-2023-32428) - a macOS LPE
The hidden network report
The hidden network report
Since February 2024, the World Watch Cyber Threat Intelligence team has been working on an extensive study of the private and public relationships within the Chinese cyber offensive ecosystem. This includes: An online map showcasing the links between 300+ entities; Historical context on the Chinese state entities dedicated to cyber offensive operations; An analysis of the role of universities and private companies in terms of capacity building; A focus on the ecosystem facilitating the acquisition of vulnerabilities for government use in cyber espionage campaigns.
#Orange#Cyberdefense#CERT#EN#2024#Threat#Research#China
·research.cert.orangecyberdefense.com·
The hidden network report
When Guardians Become Predators: How Malware Corrupts the Protectors
When Guardians Become Predators: How Malware Corrupts the Protectors
We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? Our Trellix Advanced Research Center team recently uncovered a malicious campaign that does just that. Instead of bypassing defenses, this malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda. The malware exploits the deep access provided by the driver to terminate security processes, disable protective software, and seize control of the infected system.
#trellix#EN#2024#research#Avast#Anti-Rootkit#driver#malware#aswArPot.sys#analysis
·trellix.com·
When Guardians Become Predators: How Malware Corrupts the Protectors
UK drinking water supplies disrupted by record number of undisclosed cyber incidents
UK drinking water supplies disrupted by record number of undisclosed cyber incidents
A record number of cyber incidents impacted Britain’s critical drinking water supplies this year without being publicly disclosed, according to information obtained by Recorded Future News. The exact nature of these incidents is unclear, and they may include operational failures as well as attacks. Under British cybersecurity laws — known as the NIS Regulations — critical infrastructure companies are required to report “significant incidents” to the government within three days or face a fine of up to £17 million ($21 million).
#therecord.media#EN#2024#record#number#cyber-incidents#UK#critical-infrastructure#drinking#water#supplies
·therecord.media·
UK drinking water supplies disrupted by record number of undisclosed cyber incidents