Found 6141 bookmarks
Custom sorting
Synology NAS DSM Account Takeover: When Random is not Secure
Synology NAS DSM Account Takeover: When Random is not Secure
  • Team82 has uncovered the use of a weak random number generator in Synology’s DiskStation Manager (DSM) Linux-based operating system running on the company’s network-attached storage (NAS) products The insecure Math.random() method was used to generate the password of the admin password for the NAS device itself. Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin account. * The vulnerability, tracked as CVE-2023-2729, has been addressed by Synology. Synology’s advisory is here.
#claroty#team42#EN#2023#CVE-2023-2729#ynology#NAS#DSM#Account#Takeover#random
·claroty.com·
Synology NAS DSM Account Takeover: When Random is not Secure
The forgotten malvertising campaign
The forgotten malvertising campaign
In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are tracking have improved their techniques to evade detection throughout the delivery chain. We believe this evolution will have a real world impact among corporate users getting compromised via malicious ads eventually leading to the deployment of malware and ransomware. In this blog post, we look at a malvertising campaign that seems to have flown under the radar entirely for at least several months. It is unique in its way to fingerprint users and distribute time sensitive payloads.
#malwarebytes#EN#2023#Notepad++#GoogleAds#malvertising
·malwarebytes.com·
The forgotten malvertising campaign
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability
Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks.
#talosintelligence#EN#2023#Cisco#IOS#XE#Web#Management#CVE-2023-20198
·blog.talosintelligence.com·
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability
Breast Imaging During a Cyberattack and Global Pandemic: What We Did to Pick Up the Pieces - ScienceDirect
Breast Imaging During a Cyberattack and Global Pandemic: What We Did to Pick Up the Pieces - ScienceDirect
Cybersecurity in healthcare is a very real threat with the potential to severely disrupt patient care, place extra burden on an already strained system, and result in significant financial losses for a hospital or healthcare network. In October 2020, on the backdrop of the ongoing COVID-19 pandemic, our institution experienced one of the most significant cyberattacks on a healthcare system to date, lasting for nearly 40 days. By sharing our experience in radiology, and specifically in breast imaging, including the downtime procedures we relied upon and the lessons that we learned emerging from this cyberattack, we hope to help future victims of a healthcare cyberattack successfully weather such an experience.
#sciencedirect#EN#2023#healthcare#ransomware#impact#experience#Vermont#UVMMC
·sciencedirect.com·
Breast Imaging During a Cyberattack and Global Pandemic: What We Did to Pick Up the Pieces - ScienceDirect
Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack
Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack
During the month of September, an attacker operating under the pseudonym "kohlersbtuh15", attempted to exploit the open-source community by uploading a series of malicious packages to the PyPi package manager. Based on the names of these packages and the code contained within them, it appears that this attacker targeted developers that use Aliyun services (Alibaba Cloud), telegram, and AWS.
#checkmarx#EN#2023#PyPi#Supply-chain-attack#kohlersbtuh15
·checkmarx.com·
Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack
Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins
Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins
Discover the latest waves of the ongoing Balada Injector malware campaign targeting unpatched tagDiv premium WordPress themes. Dive into the technical details of the injected scripts, explore their functionality, and understand the potential threats they pose to site administrators.
#sucuri#2023#EN#WP#Wordpress#Balada#Injector#tagDiv#Plugin
·blog.sucuri.net·
Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins
AI Risks
AI Risks
There is no shortage of researchers and industry titans willing to warn us about the potential destructive power of artificial intelligence. Reading the headlines, one would hope that the rapid gains in AI technology have also brought forth a unifying realization of the risks—and the steps we need to take to mitigate them.
#Schneier#EN#2023#AI#Risks
·schneier.com·
AI Risks
90s Vulns In 90s Software (Exim) - Is the Sky Falling?
90s Vulns In 90s Software (Exim) - Is the Sky Falling?
A few days ago, ZDI went public with no less than six 0days in the popular mail server Exim. Ranging from ‘potentially world-ending' through to ‘a bit of a damp squib’, these bugs were apparently discovered way back in June 2022 (!) - but naturally got caught up in the void between the ZDI and Exim for quite some time. Mysterious void.
#labs.watchtowr#EN#2023#Exim#analysis#CVE-2023-42115
·labs.watchtowr.com·
90s Vulns In 90s Software (Exim) - Is the Sky Falling?
Android TV Boxes Infected with Backdoors, Compromising Home Networks
Android TV Boxes Infected with Backdoors, Compromising Home Networks
  • Cybersecurity Firm Human Security has discovered malware on dozens of streaming devices and iOS/Android apps. A huge number of Android TV boxes contain malware capable of conducting ad fraud, creating fake accounts, and selling access to home networks. Researchers found that the malware they have dubbed Badbox is not only tricky to detect but difficult to remove as well. Android TV box users must prefer installing apps from reliable sources and keep their devices up-to-date. Human Security has already shared details of its findings with concerned law enforcement agencies.
#hackread#EN#2023#Human-Security#AndroidTV#box#malware#Badbox
·hackread.com·
Android TV Boxes Infected with Backdoors, Compromising Home Networks
X-Force uncovers global NetScaler Gateway credential harvesting campaign
X-Force uncovers global NetScaler Gateway credential harvesting campaign
In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related incident response engagements were associated with the use of stolen credentials.
#securityintelligence#EN#2023#NetScaler#Gateway#CVE-2023-3519#credential#harvesting#campaign
·securityintelligence.com·
X-Force uncovers global NetScaler Gateway credential harvesting campaign
n their push for AI-generated content, tech companies are dancing on the edge between fucking around and finding out.
n their push for AI-generated content, tech companies are dancing on the edge between fucking around and finding out.
Tech companies continue to insist that AI-generated content is the future as they release more trendy chatbots and image-generating tools. But despite reassurances that these systems will have robust safeguards against misuse, the screenshots speak for themselves.
#vice#2023#EN#AI-generated#safeguards#misuse#AI
·vice.com·
n their push for AI-generated content, tech companies are dancing on the edge between fucking around and finding out.
Google Online Security Blog: Expanding our exploit reward program to Chrome and Cloud
Google Online Security Blog: Expanding our exploit reward program to Chrome and Cloud
In 2020, we launched a novel format for our vulnerability reward program (VRP) with the kCTF VRP and its continuation kernelCTF. For the first time, security researchers could get bounties for n-day exploits even if they didn’t find the vulnerability themselves. This format proved valuable in improving our understanding of the most widely exploited parts of the linux kernel. Its success motivated us to expand it to new areas and we're now excited to announce that we're extending it to two new targets: v8CTF and kvmCTF.
#googleblog#EN#2023#exploit#reward#program#bugbounty
·security.googleblog.com·
Google Online Security Blog: Expanding our exploit reward program to Chrome and Cloud
Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Several new Mirai variant families were widely deployed in September 2023, among which hailBot, kiraiBot and catDDoS are the most active.
#nsfocusglobal#EN#2023#analysis#Mirai#catDDoS#hailBot#kiraiBot
·nsfocusglobal.com·
Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
The evolutionary tale of a persistent Python threat 
The evolutionary tale of a persistent Python threat 
Since early April 2023, an attacker has been relentlessly deploying hundreds of malicious packages through various usernames, accumulating nearly 75,000 downloads. Our team at Checkmarx’s Supply Chain Security has been on this malicious actor’s trail since early April, documenting each step of its evolution. We have been actively observing an attacker who seems to be evermore refining their craft. 
#checkmarx#EN#2023#Supply-chain-attack#malicious#packages#Python
·checkmarx.com·
The evolutionary tale of a persistent Python threat