Found 4945 bookmarks
Custom sorting
Tennessee, Georgia colleges respond to cyberattacks as school year wraps up
Tennessee, Georgia colleges respond to cyberattacks as school year wraps up
Hackers infiltrated networks of at least two colleges over the last week, disrupting the schools during the season of final exams and commencement ceremonies. Tennessee’s Chattanooga State Community College has been responding to a cyberattack since Saturday, forcing the school to cancel classes on Monday and modify schedules for staff members. The school serves more than 11,000 students.
#therecord#EN#2023#Schools#cyberattack#colleges#disrupting#US#chattanooga
·therecord.media·
Tennessee, Georgia colleges respond to cyberattacks as school year wraps up
New phishing-as-a-service tool “Greatness” already seen in the wild
New phishing-as-a-service tool “Greatness” already seen in the wild
  • A previously unreported phishing-as-a-service (PaaS) offering named “Greatness” has been used in several phishing campaigns since at least mid-2022. Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots. * Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates with an attachment and link builder that creates highly convincing decoy and login pages. It contains features such as having the victim’s email address pre-filled and displaying their appropriate company logo and background image, extracted from the target organization’s real Microsoft 365 login page. This makes Greatness particularly well-suited for phishing business users. * An analysis of the domains targeted in several ongoing and past campaigns revealed the victims were almost exclusively companies in the U.S., U.K., Australia, South Africa, and Canada, and the most commonly targeted sectors were manufacturing, health care and technology. The exact distribution of victims in each country and sector varies slightly between campaigns. * To use Greatness, affiliates must deploy and configure a provided phishing kit with an API key that allows even unskilled threat actors to easily take advantage of the service’s more advanced features. The phishing kit and API work as a proxy to the Microsoft 365 authentication system, performing a “man-in-the-middle” attack and stealing the victim’s authentication credentials or cookies.
#talosintelligence#EN#2023#Greatness#Phishing#phishing-kits#analysis
·blog.talosintelligence.com·
New phishing-as-a-service tool “Greatness” already seen in the wild
Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years
Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years
While Intel is still investigating the incident, the security industry is bracing itself for years of potential firmware insecurity if the keys indeed were exposed. The potential leak from MSI Gaming of signing keys for an important security feature in Intel-based firmware could cast a shadow on firmware security for years to come and leave devices that use the keys highly vulnerable to cyberattacks, security experts say.
#darkreading#EN#2023#MSI#leak#Intel#firmware
·darkreading.com·
Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years
Global Surveillance: The Secretive Swiss Dealer Enabling Israeli Spy Firms - National Security & Cyber
Global Surveillance: The Secretive Swiss Dealer Enabling Israeli Spy Firms - National Security & Cyber
The International Mobile System Is Exposed and a Loophole Allows Hackers, Cybercriminals and States to Geolocate Targets and Even Hijack Email and Web Accounts. Israelis Can Be Found Among the Victims - and the Attackers
#haaretz#EN#2023#privacy#surveillance#Geolocation#Cyber-Warfare#Spy#Israel-arms-exports#Swiss
·haaretz.com·
Global Surveillance: The Secretive Swiss Dealer Enabling Israeli Spy Firms - National Security & Cyber
Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by Russia's Federal Security Service
Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by Russia's Federal Security Service
“Russia used sophisticated malware to steal sensitive information from our allies, laundering it through a network of infected computers in the United States in a cynical attempt to conceal their crimes.  Meeting the challenge of cyberespionage requires creativity and a willingness to use all lawful means to protect our nation and our allies,” stated United States Attorney Peace.  “The court-authorized remote search and remediation announced today demonstrates my Office and our partners’ commitment to using all of the tools at our disposal to protect the American people.”
#justice.gov#US#2023#EN#Operation-MEDUSA#Snake#Malware#Network#FBI#cyberespionage#espionnage#PERSEUS#Russia#FSB
·justice.gov·
Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by Russia's Federal Security Service
Snake: Coming soon in Mac OS X flavour – Fox-IT International blog
Snake: Coming soon in Mac OS X flavour – Fox-IT International blog
Summary Snake, also known as Turla, Uroburos and Agent.BTZ, is a relatively complex malware framework used for targeted attacks. Over the past year Fox-IT has been involved in multiple incident response cases where the Snake framework was used to steal sensitive information. Targets include government institutions, military and large corporates. Researchers who have previously analyzed…
#fox-it#2017#EN#Snake#Turla#Uroburos#malware#framework#macos#OSX
·blog.fox-it.com·
Snake: Coming soon in Mac OS X flavour – Fox-IT International blog
Hunting Russian Intelligence “Snake” Malware
Hunting Russian Intelligence “Snake” Malware
The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets. To conduct operations using this tool, the FSB created a covert peer-to-peer (P2P) network of numerous Snake-infected computers worldwide. Many systems in this P2P network serve as relay nodes which route disguised operational traffic to and from Snake implants on the FSB’s ultimate targets. Snake’s custom communications protocols employ encryption and fragmentation for confidentiality and are designed to hamper detection and collection efforts.
#cisa#EN#2023#Snake#Malware#Russia#Intelligence#FSB#espionnage#implant#PERSEUS
·cisa.gov·
Hunting Russian Intelligence “Snake” Malware
Leaked Intel Boot Guard keys:What happened? How does it affect the software supply chain?
Leaked Intel Boot Guard keys:What happened? How does it affect the software supply chain?
Binarly is the world's most advanced automated firmware supply chain security platform. Using cutting-edge machine-learning techniques, Binary identifies both known and unknown vulnerabilities, misconfigurations, and malicious code in firmware and hardware components.
#binarly#EN#2023#MSI#BootGuard#Leaked#Intel#supplychain
·binarly.io·
Leaked Intel Boot Guard keys:What happened? How does it affect the software supply chain?
Microsoft May 2023 Patch Tuesday
Microsoft May 2023 Patch Tuesday
This month we got patches for 49 vulnerabilities. Of these, 6 are critical, and 2 are already being exploited, according to Microsoft. One of the exploited vulnerabilities is a Win32k Elevation of Privilege Vulnerability (CVE-2023-29336). This vulnerability has low attack complexity, low privilege, and none user interaction. The attack vector is local, the CVSS is 7.8, and the severity is Important.
#sansedu#EN#2023#May2023#vulnerabilities#PatchTuesday
·isc.sans.edu·
Microsoft May 2023 Patch Tuesday
oss-sec: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory
oss-sec: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory
An issue has been discovered in the Linux kernel that can be abused by unprivileged local users to escalate privileges. The issue is about Netfilter nf_tables accepting some invalid updates to its configuration.
#seclists.org#EN#2023#CVE-2023-32233#Linux#Kernel#Netfilter#nf_tables#arbitrary#memory#vulnerability
·seclists.org·
oss-sec: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory
‘PlugwalkJoe’ pleads guilty for the massive 2020 Twitter hack - The Verge
‘PlugwalkJoe’ pleads guilty for the massive 2020 Twitter hack - The Verge
PlugwalkJoe, aka Joseph James O’Connor, a UK citizen connected to the 2020 Twitter hack affecting many high-profile accounts, including Elon Musk, Joe Biden, Barack Obama, and Apple, has pled guilty to cyberstalking and other crimes. On Tuesday, the Department of Justice (DOJ) announced that O’Connor has been extradited to the US.
#theverge#EN#2023#PlugwalkJoe#Twitter#hack#Obama#Apple#extradited#UK#US
·theverge.com·
‘PlugwalkJoe’ pleads guilty for the massive 2020 Twitter hack - The Verge
The Team of Sleuths Quietly Hunting Cyberattack-for-Hire Services
The Team of Sleuths Quietly Hunting Cyberattack-for-Hire Services
For a decade, a group called Big Pipes has worked behind the scenes with the FBI to target the worst cybercriminal “booter” services plaguing the internet. WHEN THE FBI announced the takedown of 13 cyberattack-for-hire services yesterday, it may have seemed like just another day in law enforcement’s cat-and-mouse game with a criminal industry that has long plagued the internet’s infrastructure, bombarding victims with relentless waves of junk internet traffic to knock them offline. In fact, it was the latest win for a discreet group of detectives that has quietly worked behind the scenes for nearly a decade with the goal of ending that plague for good.
#wired#EN#2023#cyberattack-for-hire#busted#FBI#US#BigPipes#DDoS
·wired.com·
The Team of Sleuths Quietly Hunting Cyberattack-for-Hire Services
CVE-2023-25394 - VideoStream Local Privilege Escalation
CVE-2023-25394 - VideoStream Local Privilege Escalation
Videostream is a user-friendly wireless application designed to stream videos, music, and images to Google Chromecast devices. Boasting simplicity and reliability, this app enables you to wirelessly play any local video file with a single click. Videostream even transcodes audio and video from incompatible files into Chromecast-supported formats. With over 5 million installations, Videostream has made its mark in the streaming industry. This figure was obtained from their official website (https://getvideostream.com), while the Chrome app store lists 900,000+ users.
#danrevah#EN#2023#VideoStream#LPE#CVE-2023-25394#macOS
·danrevah.github.io·
CVE-2023-25394 - VideoStream Local Privilege Escalation
WordPress Advanced Custom Fields Pro plugin 6.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
WordPress Advanced Custom Fields Pro plugin 6.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Advanced Custom Fields PRO Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 6.1.6.
#patchstack#EN#2023#WP#CVE-2023-30777#Advanced#Custom#Fields#Pro#plugin#XSS#vulnerability#Wordpress
·patchstack.com·
WordPress Advanced Custom Fields Pro plugin 6.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Dump these Cisco phone adapters because it's not fixing them
Dump these Cisco phone adapters because it's not fixing them
There is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take is dumping the hardware and migrating to new kit. In an advisory, Cisco this week warned about the vulnerability in the SPA112 2-Port Adapter that, if exploited, could allow a remote attacker to essentially take control of a compromised device by seizing full privileges and executing arbitrary code. The flaw, tracked as CVE-2023-20126, is rated as "critical," with a base score o
#theregister#EN#2023#Cisco#CVE-2023-20126#SPA112#2-Port#phone#adaptor
·theregister.com·
Dump these Cisco phone adapters because it's not fixing them
TikTok spied on me. Why?
TikTok spied on me. Why?
One evening in late December last year, I received a cryptic phone call from a PR director at TikTok, the popular social media app. I’d written extensively about the company for the Financial Times, so we’d spoken before. But it was puzzling to hear from her just before the holidays, especially since I wasn’t working on anything related to the company at the time.
#Financial-Times#EN#2023#TikTok#spy#journalist
·archive.is·
TikTok spied on me. Why?
MSI Breach Leaks Intel BootGuard & OEM Image Signing Keys, Compromises Security of Over 200 Devices & Major Vendors
MSI Breach Leaks Intel BootGuard & OEM Image Signing Keys, Compromises Security of Over 200 Devices & Major Vendors
A recent breach in MSI's servers exposed Intel's BootGuard keys and has now put the security of various devices at risk. Major MSI Breach Affects The Security of Various Intel Devices Last month, a hacker group by the name of Money Message revealed that they had breached MSI's servers and stolen 1.5 TBs of data from the company's servers including source code amongst a list of various files that are important to the integrity of the company. The group asked MSI to pay $4.0 million in ransom to avert them from releasing the files to the public but MSI refused the payment.
#wccftech#EN#2023#MSI#leak#Intel#BootGuard#OEM#Image#Signing#Keys
·wccftech.com·
MSI Breach Leaks Intel BootGuard & OEM Image Signing Keys, Compromises Security of Over 200 Devices & Major Vendors
Who Gets the Algorithm? The Bigger TikTok Danger
Who Gets the Algorithm? The Bigger TikTok Danger
Controversy surrounding TikTok, the popular Chinese company-owned social media platform, has continued to give rise to impasse in recent weeks. Just days after the Biden administration issued a divestiture-or-ban ultimatum to the company and Beijing firmly opposed a forced sale, TikTok CEO Shou Zi Chew testified in Congress to try to save the app’s U.S. operations.
#lawfareblog#EN#2023#TikTok#Algorithm#Danger
·lawfareblog.com·
Who Gets the Algorithm? The Bigger TikTok Danger
Can Better Training Reduce the Success Rate of Phishing Attacks?
Can Better Training Reduce the Success Rate of Phishing Attacks?
A review of Arun Vishwanath, “The Weakest Link: How to Diagnose, Detect, and Defend Users From Phishing Attacks” (MIT Press, 2022) Many elements of the cyber threat landscape have changed significantly over the past two decades. For one, the number of attackers has grown dramatically, aided by the increasing availability of hacking tools and services as commodities for purchase in online marketplaces. The value of the losses cyber criminals have been able to inflict on their victims has also grown, though the dollar estimates vary widely in absolute terms. In recent years, the popularity of ransomware has increased substantially, prompting the Biden administration to initiate an ongoing diplomatic effort to foster cross-border efforts to curb this dangerous form of cyber-enabled extortion.
#lawfareblog#EN#2023#Phishing#Training
·lawfareblog.com·
Can Better Training Reduce the Success Rate of Phishing Attacks?
From Campus Rape Cases to Child Abuse Reports, ‘Worst-Case’ Data Breach Rocks MN Schools
From Campus Rape Cases to Child Abuse Reports, ‘Worst-Case’ Data Breach Rocks MN Schools
It took two years of middle school girls accusing their Minneapolis English teacher of eyeballing their bodies in a “weird creepy way,” for district investigators to substantiate their complaints. Their drawn-out response is revealed in confidential and highly sensitive Minneapolis Public Schools investigative records that are now readily available online — just one folder in a trove of tens of thousands of leaked files that outline campus rape cases, child abuse inquiries, student mental health crises and suspension reports.
#the74million#EN#2023#Schools#Abuse#Leak#ransomware#Medusa#US#Minneapolis#Public
·the74million.org·
From Campus Rape Cases to Child Abuse Reports, ‘Worst-Case’ Data Breach Rocks MN Schools
Large Language Models and Elections
Large Language Models and Elections
Earlier this week, the Republican National Committee released a video that it claims was “built entirely with AI imagery.” The content of the ad isn’t especially novel—a dystopian vision of America under a second term with President Joe Biden—but the deliberate emphasis on the technology used to create it stands out: It’s a “Daisy” moment for the 2020s.
#Schneier#EN#2023#LLM#election#disinformation#AI
·schneier.com·
Large Language Models and Elections
macOS' Rapid Security Response: Designed into a Corner
macOS' Rapid Security Response: Designed into a Corner
With macOS 13.3.1 dropping a few weeks ago, some people have been wondering what happened to Apple’s featured “Rapid Security Response” system they showed off back at WWDC 2022? For some reason, Apple keeps shipping their usual slow, bulky security updates as opposed to the new small and “rapid” security updates. Today we’ll look into how the Rapid Security Response was implemented and how Apple’s Engineers designed themselves into a corner with this new system.
#khronokernel#EN#2023#macOS#Rapid-Security-Response
·khronokernel.github.io·
macOS' Rapid Security Response: Designed into a Corner