Malicious OAuth applications abuse cloud email services to spread spam
Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange Online service to launch spam runs.
Void Balaur | The Sprawling Infrastructure of a Careless Mercenary
The Void Balaur cyber mercenary group has thrived throughout 2022, attacking targets on a global scale with new phishing campaigns.
The Apple security landscape: Moving into the world of enterprise risk
With the enterprise adoption of MacOS and iOS devices increasing, the Apple security landscape is becoming increasingly complex.
Iranian State Actors Conduct Cyber Operations Against the Government of Albania
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to execution of encryption and wiper attacks. Additional information concerning files used by the actors during their exploitation of and cyber attack against the victim organization is provided in Appendices A and B.
Apple Kills Passwords in iOS 16 and macOS Ventura | WIRED
With iOS 16 and macOS Ventura, Apple is introducing passkeys—a more convenient and secure alternative to passwords.
Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime
Domain shadowing is a special case of DNS hijacking where attackers stealthily create malicious subdomains under compromised domain names.
Revealed: US Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data
The “Augury” platform includes highly sensitive network data that Team Cymru, a private company, is selling to the military. “It’s everything. There’s nothing else to capture except the smell of electricity,” one cybersecurity expert said.
Los Angeles School District Hit by Ransomware Attack
California's largest public school district and the second-largest in the U.S. is undergoing a ransomware attack. The attack has disrupted the district's email
Online Attack Disrupts Michigan School District for 2nd Day
School is out for more than 3,000 students of a suburban Detroit district undergoing its second day of forensics analysis following an online attack. Students have
LockBit ransomware builder leaked online by “angry developer”
The LockBit ransomware operation has suffered a breach, with an allegedly disgruntled developer leaking the builder for the gang's newest encryptor.
Azure Cloud Shell Command Injection Stealing User’s Access Tokens
This post describes how I took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users’ terminals.
Threat Alert: New Malware in the Cloud By TeamTNT
Could TeamTNT be back? Our honeypots were attacked by malware that bears a resemblance to these threat actors and we analyze the possible connection.
The Evolution of the Chromeloader Malware - VMware Security Blog - VMware
The VMware Carbon Black MDR team goes in depth on the latest variants of the Chromeloader malware and how to detect them.
Chromium Blog: Announcing the Launch of the Chrome Root Program
In 2020, we announced we were in the early phases of establishing the Chrome Root Program and launching the Chrome Root Store. The Chrome Root Program ultimately determines which website certificates are trusted by default in Chrome, and enables more consistent and reliable website certificate validation across platforms. This post shares an update on our progress and how these changes help us better protect Chrome’s users.
Record 25.3 Billion Request Multiplexing Attack Mitigated by Imperva
On June 27, 2022, Imperva mitigated a single attack with over 25.3 billion requests, setting a new record for Imperva’s application DDoS mitigation solution. While attacks with over one million requests per second (RPS) aren’t new, we’ve previously only seen them last for several seconds to a few minutes. On June 27, Imperva successfully mitigated a strong attack that lasted more than four hours and peaked at 3.9 million RPS.
Affaire Pegasus: l'Union européenne se penche sur le dossier suisse - rts.ch - Monde
Le Haut Commissariat aux droits de l’homme des Nations unies a publié vendredi un nouveau rapport extrêmement alarmant sur les menaces des nouvelles technologies de surveillance quant au respect de la vie privée et des droits humains. Les usages dénoncés font largement écho à la situation en Suisse.
Turning Your Computer Into a GPS Tracker With Apple Maps
One of the things Apple cares about in terms of its bug bounty program is your location data. Apple rightly categorizes real-time or historical precise location data as "sensitive data" which in some cases qualifies for a significant monetary award.
Six months into Breached: The legacy of RaidForums?
On March 14, 2022, a new English-language cybercrime forum called Breached (also known as BreachForums) launched, as a response to the closure and seizure of the popular RaidForums. Breached was launched with the same design by the threat actor “pompompurin” as “an alternative to RaidForums,” offering large-scale database leaks, login credentials, adult content, and hacking tools.
Incoscienti e sfacciati: le tecniche dei teenager che violano aziende
Specializzati soprattutto in social engineering, i ragazzini di oggi continuano, come un tempo, a essere protagonisti di gravi incidenti informatici. Come è possibile?
How Russian Trolls Helped Keep the Women’s March Out of Lock Step
As American feminists came together in 2017 to protest Donald Trump, Russia’s disinformation machine set about deepening the divides among them.
Chrome & Edge Enhanced Spellcheck Features Expose PII, Even Your Passwords
Some of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII, including username, email, and passwords
Unflattening ConfuserEx .NET Code in IDA
we’re studying the ConfuserEx1 obfuscation mechanism of a Ginzo .NET sample. This class of obfuscator is known as code flatteners. We describe how it can dealt with it using a Python script within IDA Pro2, a famous reverse-engineering tool.
Revolut hack exposes data of 50,000 users, fuels new phishing wave
Revolut is sending out notices of a data breach to a small percentage of impacted users, informing them of a security incident where an unauthorized third party accessed internal data.
Credential Gathering From Third-Party Software
Users often store passwords in third-party software for convenience – but credential gathering techniques can target this behavior.
Malvertising on Microsoft Edge's News Feed pushes tech support scams
We uncovered a campaign on the Microsoft Edge home page where malicious ads are luring victims into tech support scams.
Ermittlungserfolg gegen Ransomware-Gruppierung
In the context of an internationally coordinated operation against a ransomware group, the Zurich Public Prosecutor’s Office is leading criminal proceedings against an accused person. At the same time, cyber investigators of the Zurich Cantonal Police have been intensively analysing the data storage devices seized from that person in the past months. This analysis has revealed numerous private keys. They enable the aggrieved companies to recover their encrypted data.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F23904070%2F24ba6644deb404944cdbe64705285bbad80154a4.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
GTA 6 gameplay leaks online in 90 videos
A massive GTA VI leak appears to line up with previous reports.
Security update
Updates on security incident
Get root on macOS 12.3.1: proof-of-concepts for Linus Henze’s CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763)
Here are two proof-of-concepts for CVE-2022-26766 (CoreTrust allows any root certificate) and CVE-2022-26763 (IOPCIDevice::_MemoryAccess not checking bounds at all), two issues discovered by @LinusHenze and patched in macOS 12.4 / iOS 15.5.
Uber Investigating Breach of Its Computer Systems
The company said on Thursday that it was looking into the scope of the apparent hack.