New Microsoft Exchange zero-days allow RCE, data theft attacks
Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
ZDI-23-1578 | Zero Day Initiative
(0Day) Microsoft Exchange ChainedSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability
Cyber experts and officials raise alarms about exploits against Citrix and Apache productsoited vulnerability (KEV) list.
Several new vulnerabilities with critical severity scores are causing alarm among experts and cyber officials. Zero-day bugs affecting products from Citrix and Apache have recently been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) known exploited vulnerability (KEV) list. Incident responders at the cybersecurity company Rapid7 warned of hackers connected to the HelloKitty ransomware exploiting a vulnerability affecting Apache ActiveMQ, classified as CVE-2023-46604. Apache ActiveMQ is a Java-language open source message broker that facilitates communication between servers.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F24347781%2FSTK095_Microsoft_03.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Microsoft is overhauling its software security after major Azure cloud attacks
Microsoft is making big changes to its cybersecurity approach. It comes after major cloud attacks in recent years and will mean an overhaul to how software is built inside Microsoft.
How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime
In recent years, cybercriminals have become increasingly professional — fraudsters have consistently been improving their skills, making less crucial mistakes, and creating various “as-a-service” businesses to help lower-skilled threat actors launch scams and attacks, allowing the latter to run full cybercrime operations. There are different types of cybercrime services that exist today, including malware-as-a-service, where cybercriminals develop and sell malware services to other malicious actors; the service also includes creating and spreading malware types such as ransomware on compromised hosts. Meanwhile, other services require the use of multiple social media accounts to be successfully carried out, such as misinformation, spamming, and malware propagation. Indeed, it’s not uncommon for cybercriminals to send thousands of spam messages using thousands of accounts on social media platforms. But how do they manage to automate all of it?
Mozi botnet goes dark under mysterious circumstances
Researchers speculate that Chinese authorities may be responsible for turning off one of the internet’s most prolific IoT botnets.
How a tiny Pacific Island became the global capital of cybercrime | MIT Technology Review
Despite having a population of just 1,400, until recently, Tokelau’s .tk domain had more users than any other country. Here’s why.
FIRST Announces CVSS 4.0 - New Vulnerability Scoring System
FIRST announces CVSS v4.0, the latest version of the Common Vulnerability Scoring System. Discover how this update addresses critical vulnerabilities.
Microsoft profiles new threat group with unusual but effective practices
Octo Tempest employs tactics that many of its targets aren't prepared for.
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.
%2Fcloudfront-us-east-2.images.arcpublishing.com%2Freuters%2FO77RO7HYL5OJFDH6M33HYIGHJI.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Boeing says 'cyber incident' hit parts business after ransom threat | Reuters
Boeing , one of the world's largest defense and space contractors, said on Wednesday it was investigating a cyber incident that impacted elements of its parts and distribution business and cooperating with a law enforcement probe into it.
CVE-2023-46604
Apache ActiveMQ is a message broker service, designed to act as a communication bridge between disparate services. Developed in Java, it can broker multiple pr…
Massive ransomware attack hinders services in 70 German municipalities
Hackers encrypted the servers of the municipal service provider Südwestfalen IT, leading the company to restrict access to its infrastructure for over 70 municipalities in western Germany.
2022 RTF Global Ransomware Incident Map: Attacks continue worldwide, groups splinter, education sector hit hard
According to ecrime.ch data, confirmed ransomware incidents occurred in 105 countries, originating from 58 ransomware groups. This number is relatively consistent with last year’s data, in which we calculated that incidents impacted organizations in 109 countries and documented at least 60 distinct ransomware families. Though the overall statistics remain relatively consistent from last year to this year, there is more to the story: new trends in the ecosystem include the shifting dynamics of ransomware groups, the rise of the education sector as a key target, and the trends in geographic distribution of attacks.
Massive cybercrime URL shortening service uncovered via DNS data
A threat actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected.
CVE-2023-46747
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port…
Atlassian warns of critical Confluence flaw leading to data loss
Australian software company Atlassian warned admins to immediately patch Internet-exposed Confluence instances against a critical security flaw that could lead to data loss following successful exploitation.
SEC accuses SolarWinds CISO of misleading investors before Russian cyberattack | TechCrunch
The U.S. Securities and Exchange Commission has charged SolarWinds and its top cybersecurity executive Timothy Brown with fraud and internal control
Surge in QR Code Quishing: Check Point Records 587% Attack Spike
Check Point’s Harmony Email team has reported a startling increase of 587% in QR code phishing or Quishing attacks.
Two Developers of the Ragnar Locker Ransomware Arrested in Spain
An international law enforcement operation coordinated by Europol resulted in the dismantling of one of the largest groups involved in the distribution of
GHOSTPULSE haunts victims using defense evasion bag o' tricks
Elastic Security Labs reveals details of a new campaign leveraging defense evasion capabilities to infect vicitms with malicious MSIX executables.
FakeUpdateRU Chrome Update Infection Spreads Trojan Malware
Learn about the fake Google Chrome update malware, a common form of website malware that tricks users into downloading a remote access trojan disguised as a browser update. Understand how it works, its impact on websites, and how to protect your site from such threats. Stay updated on the latest malware trends with Sucuri.
3 new NGINX ingress controller Kubernetes related vulnerabilities
CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886 can be exploited by attacker to steal secret credentials from the cluster. Read all about it!
Introducing HAR Sanitizer: secure HAR sharing
As a follow-up to the most recent Okta breach, we are making a HAR file sanitizer available to everyone, not just Cloudflare customers, at no cost.
HackerOne paid ethical hackers over $300 million in bug bounties
HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception.
Turning a boring file move into a privilege escalation on Mac | pwn.win
While poking around Parallels Desktop I found a script which is invoked by a setuid-root binary, which has the following snippet: local prl_dir="${usr_home}/Library/Parallels" if [ -e "$prl_dir" -a ! -d "$prl_dir" ]; then log warning "'${prl_dir}' is not a directory. Renaming it." mv -f "$prl_dir"{,~} continue fi Here ${usr_home} represents the home directory of the user for which Parallels Desktop is installed. The code says if ~/Library/Parallels exists and is not a directory then move it to ~/Library/Parallels~, presumably to back it up before creating this path as a directory.
SIM Swappers Are Working Directly with Ransomware Gangs Now
Hackers connected to “the Comm,” a nebulous group that includes SIM swappers, are working with ALPHV, a ransomware group that has impacted some of the biggest companies on the planet, including MGM Casinos.
CVE-2023-45498: RCE in VinChin Backup
CVE-2023-45498/CVE-2023-45499 advisory
Compromising F5 BIGIP with Request Smuggling | CVE-2023-46747
Our team identified a request smuggling vulnerability that led to complete compromise of an F5 system with the TMUI exposed.
Chatbot Hallucinations Are Poisoning Web Search
Untruths spouted by chatbots ended up on the web—and Microsoft's Bing search engine served them up as facts. Generative AI could make search harder to trust.