CacheWarp
CacheWarp is a new software fault attack on AMD SEV-ES and SEV-SNP. It allows attackers to hijack control flow, break into encrypted VMs, and perform privilege escalation inside the VM.
Google researchers discover 'Reptar,’ a new CPU vulnerability
A new CPU vulnerability, ‘Reptar,’ found by Google researchers, has been patched by Google and Intel. Here’s what you need to know. ... The impact of this vulnerability is demonstrated when exploited by an attacker in a multi-tenant virtualized environment, as the exploit on a guest machine causes the host machine to crash resulting in a Denial of Service to other guest machines running on the same host. Additionally, the vulnerability could potentially lead to information disclosure or privilege escalation.
District of Puerto Rico | Russian and Moldovan National Pleads Guilty to Operating Illegal Botnet Proxy Service that Infected Tens of Thousands of Internet-Connected Devices Around the World | United States Department of Justice
A Russian and Moldovan national pled guilty to three counts of violating 18 U.S.C. § 1030(a)(5)(A) Fraud and Related Activity in Connection with Computers. The FBI today revealed US law enforcement’s dismantlement of a botnet proxy network and its infrastructure associated with the IPStorm malware. According to online reports, the botnet infrastructure had infected Windows systems then further expanded to infect Linux, Mac, and Android devices, victimizing computers and other electronic devices around the world, including in Asia, Europe, North America and South America.
Microsoft Patch Tuesday November 2023
Today, Microsoft released patches for 64 different vulnerabilities in Microsoft products, 14 vulnerabilities in Chromium affecting Microsoft Edge, and five vulnerabilities affecting Microsoft's Linux distribution, Mariner. Three of these vulnerabilities are already being exploited, and three have been made public before the release of the patches.
Reptar
We have a CPU mystery! We found a way to cause some processors to enter a glitch state where the normal rules don’t apply, but what does that mean…? If you’re interested what can go wrong inside modern CPUs, read on!
The $2,000 Phones that Let Anyone Make Robocalls
Videos collected by 404 Media over months give a peep inside the world of spoofing numbers, automated call scripts, and a specific seller of the phones.
Child sexual abuse online: effective measures, no mass surveillance
On Tuesday, the Civil Liberties Committee adopted its position on new measures to protect children online by preventing and stopping child sexual abuse.
Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification
Python’s e-mail libraries smtplib, imaplib, and poplib do not verify server certificates unless a proper SSL context is passed to the API. This leads to security problems.
GameOver(lay) - Local Privilege Escalation in Ubuntu Kernel
GameOver(lay) encompasses two significant vulnerabilities within the Ubuntu kernel, CVE-2023-2640, and CVE-2023-32629, each carrying a high-severity rating with CVSS scores of 7.8. These vulnerabilities pose a critical threat, potentially affecting around 40% of Ubuntu users. The vulnerability lies within the OverlayFS module of the Ubuntu kernel, enabling a
Malaysian Police Dismantle “BulletProftLink” Phishing Operation
Several arrested and servers seized
Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyberattack
Huntress has uncovered a series of unauthorized access, revealing a threat actor using ScreenConnect to infiltrate multiple healthcare organizations.
Ivanti EPMM CVE-2023-39335/39337
We have discovered two new vulnerabilities in Ivanti Endpoint Manager Mobile. We are reporting these vulnerabilities as CVE-2023-39335 and CVE-2023-39337.
Here’s How Violent Extremists Are Exploiting Generative AI Tools
Experts are finding thousands of examples of AI-created content every week that could allow terrorist groups and other violent extremists to bypass automated detection systems. #algorithms #censorship #content #disinformation #israel-hamas #moderation #terrorism #war
DP World: Australian ports to remain closed as AFP investigates cybersecurity breach
DP World: Australian ports to remain closed as AFP investigates cybersecurity breach"
Boeing breach: LockBit leaks 50 GB of data
The Boeing Company, a jetliner manufacturer and US defense contractor, had the company’s data leaked by the LockBit ransomware gang. So far, around 50 gigabytes of compressed data was uploaded LockBit's dark web blog. LockBit has allegedly started leaking data that the gang stole from Boeing in late October. The Cybernews research team noted there's around of 50 GB of supposedly Boeing's data. Bulk of the data appears to be various backups.
Apple neglects to patch multiple critical vulnerabilities in macOS
Apple is neglecting to patch high-severity vulnerabilities in open-source components of macOS Sonoma, including curl and LibreSSL.
CVE-2023-38548
On November 6, 2023, Veeam published an advisory for several vulnerabilities affecting Veeam ONE, an IT monitoring and analytics platform for enterprises. One …
Detecting “Effluence”, an Unauthenticated Confluence Web Shell
Discovering Effluence, a unique web shell accessible on every page of an infected Confluence
ICBC hit by ransomware impacting global trades
China's largest bank, ICBC, was hit by ransomware that resulted in disruption of financial services (FS) systems on Thursday Beijing time, according to a notice on its website
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
On October 27, Phylum’s automated risk detection platform began alerting us to a series of suspicious publications on npm. Over the course of the following few days, we discovered a campaign involving at least 48 different publications. These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to
Nude “before and after” photos stolen from plastic surgeon, posted online, and sent to victims' family and friends
The FBI is investigating a data breach where cybercriminals were able to steal patients’ records from a Las Vegas plastic surgeon's office and then publish them online.
Ransomware attack on ICBC disrupts trades in US Treasury market
Chinese bank says it has contained a hack that affected some fixed income and equities transactions
Cloudflare website downed by DDoS attack claimed by Anonymous Sudan
Cloudflare is investigating an ongoing outage causing 'We're sorry
Microsoft Temporarily Blocked Internal Access to ChatGPT, Citing Data Concerns
The company later restored access to the chatbot, which is owned by OpenAI.
SysAid On-Prem Software CVE-2023-47246 Vulnerability Disclosure
On Nov 2nd, our security team received reports regarding a potential vulnerability in our on-premise software which was being actively exploited. We immediately initiated our incident response protocol and began proactively communicating with our on-premise customers to ensure they could implement a mitigation solution we had identified. We engaged Profero, a cyber security incident response company, to assist us in our investigation. The investigation determined that there was a zero-day vulnerability in the SysAid on-premises software. We urge all customers with SysAid on-prem server installations to ensure that your SysAid systems are updated to version 23.3.36, which remediates the identified vulnerability, and conduct a comprehensive compromise assessment of your network to look for any indicators further discussed below. Should you identify any indicators, take immediate action and follow your incident response protocols.
Atlassian confirms ransomware is exploiting latest Confluence bug
An Atlassian spokesperson said the company had evidence to support what cybersecurity researchers reported over the weekend: A vulnerability affecting the Confluence Data Center and Confluence Server products was being used in cybercrime.
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology
This ICS/OT attack represents the latest evolution in Russia's cyber physical attack capability.
Malvertiser copies PC news site to deliver infostealer
Users looking to download a popular PC utility may be tricked in this campaign where a threat actor has registered a website that copies content from a PC and Windows news portal.
Android Kitchen Sink: Send BLE spam to iOS, Android and Windows at once using Android app - Mobile Hacker
The Kitchen Sink is a name of Bluetooth Low Energy (BLE) attack that sends random advertisement packets that targets iOS, Android, and Windows devices the same time in the vicinity. The attack is called “Kitchen Sink” because it tries to send every possible packet in the list, similar to the phrase “everything but the kitchen
SysAid Zero-Day Vulnerability Exploited by Ransomware Group - SecurityWeek
CVE-2023-47246, a zero-day vulnerability in SysAid IT service management software has been exploited by Cl0p ransomware affiliates.