Researcher uncovers one of the biggest password dumps in recent history
Roughly 25 million of the passwords have never been seen before by widely used service.
cyberveille.decio.ch
Why Join The Navy If You Can Be A Pirate?
Analyzing a pirated application, that contains a (malicious) surprise A few days ago, malwrhunterteam tweeted about pirated macOS application that appeared to contain malware And even though as noted in the tweet the sample appeared to be from 2023, it was new to me so I decided to take some time to dig in deeper. Plus, I’m always interested in seeing if Objective-See’s free open-source tools can provide protection against recent macOS threats. In this blog post we’ll start with the disk image, then hone in on a malicious dynamic library, which turns out just to be the start!
A Victim of Mallox Ransomware: How Truesec CSIRT Fought Back
When a devastating Mallox ransomware attack hit a company, Truesec CSIRT got called into action. This blog post delves deep into the sophisticated techniques, tactics, and procedures (TTPs) employed by the Mallox threat actor, offering valuable lessons and insights.
The Many Faces of Undetected macOS InfoStealers | KeySteal, Atomic & CherryPie Continue to Adapt
Learn about the latest threats to macOS as Infostealers continue to rapidly adapt to evade static signatures.
MacOS info-stealers quickly evolve to evade XProtect detection
Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently.
iShutdown scripts can help detect iOS spyware on your iPhone
Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events. #Apple #Computer #InfoSec #Logging #Malware #Pegasus #Security #Spyware #iOS #iPhone
LeftoverLocals: Listening to LLM responses through leaked GPU local memory
By Tyler Sorensen and Heidy Khlaaf We are disclosing LeftoverLocals: a vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs. LeftoverLocals impacts the security posture of GPU applications as a whole, with particular significance to LLMs and ML models run on impacted GPU…
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
Some time ago, we intercepted a dubious ELF sample exhibiting zero detection on VirusTotal. This sample, named pandoraspear and employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed that it hardcoded nine C2 domain names, two of which had lapsed beyond their expiration protection period. We seized this opportunity to register these domains to gauge the botnet's scale. At its peak, we noted approximately 170,000 daily active bots, predominantly in Brazil.employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed that it hardcoded nine C2 domain names, two of which had lapsed beyond their expiration protection
NoName057(16) |
NoName057(16) relies heavily on HTTPS application-layer DDoS attacks, with many attacks repeatedly sourced from the same attack harness, networks, and targeting similar countries and industries.
CVE-2023-46805
Starting January 10, 2024, multiple parties (Ivanti, Volexity, and Mandiant) disclosed the existence of a zero-day exploit chain affecting Ivanti Connect Secur…
Le CHU de Nantes victime d’une cyberattaque
Le CHU de Nantes est sous le coup d’une cyberattaque depuis la nuit de dimanche 14 à lundi 15 janvier 2024. Le centre hospitalier a vu son réseau internet coupé ce lundi 15 janvier, et ne peut plus recevoir et envoyer de mails en externe.
Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic
Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware.
Ivanti Connect Secure VPN Exploitation Goes Global
On January 10, 2024, Volexity publicly shared details of targeted attacks by UTA00178 exploiting two zero-day vulnerabilities (CVE-2024-21887 and CVE-2023-46805) in Ivanti Connect Secure (ICS) VPN appliances. On the same day, Ivanti published a mitigation that could be applied to ICS VPN appliances to prevent exploitation of these vulnerabilities. Since publication of these details, Volexity has continued to monitor its existing customers for exploitation. Volexity has also been contacted by multiple organizations that saw signs of compromise by way of mismatched file detections. Volexity has been actively working multiple new cases of organizations with compromised ICS VPN appliances.
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows
Critical security flaw found in Opera Browsers. MyFlow sync feature lets attackers take over your Windows and macOS systems.
Chrome Users Now Worth 30% Less Money Thanks to Google's Cookie Killing, Ad Firm Says
A week into phase one of Google’s cookie killing project in Chrome, early tests show how it could hit the web’s bottom line.
Framework Data Breach - General Topics - Framework Community
Copypasta’d from an email from FW: Hello, Keating Consulting, Framework’s primary external accounting partner, brought to our attention at 8:13am PST on January 11th, 2024, that one of their accountants fell victim to…
Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days
SecurityScorecard has discovered the threat actor group Volt Typhoon has compromised 30% of Cisco RV320/325 Devices in 37 Days. Learn more.
Welcome To 2024, The SSLVPN Chaos Continues - Ivanti CVE-2023-46805 & CVE-2024-21887
Did you have a good break? Have you had a chance to breathe? Wake up. It’s 2024, and the chaos continues - thanks to Volexity (Volexity’s writeup), the industry has been alerted to in-the-wild exploitation of 2 incredibly serious 0days (CVE-2023-46805 and CVE-2024-21887 - two bugs, Command Injection
Further analysis of Denmark attacks leads to warning about unpatched network gear
What happened in Denmark can also happen to you, cybersecurity researchers are warning in a new report that examines attacks against the country’s energy sector last year. Waves of incidents in May that seemed like a highly-targeted effort by a nation-state actor — perhaps Russia’s Sandworm hacking group — might have been less connected than originally thought, according to a new report by Forescout. The researchers say their analysis found two distinct waves against Danish energy providers, and evidence suggests they were unrelated.
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products
QNAP has released patches for a dozen vulnerabilities in its products, including several high-severity flaws.
Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer
Beware of YouTube videos offering cracked software! They might be a gateway to the Lumma malware, stealing your sensitive information
Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe
Turkish hackers targeting poorly secured MS SQL servers across the U.S., European Union, and Latin America.
ShinyHunters member gets 3 years in prison for breaching 60 firms
The U.S. District Court in Seattle sentenced ShinyHunters member Sebastien Raoult to three years in prison and ordered a restitution of $5,000,000. #Broker #Computer #Customer #Data #Hackers #InfoSec #Legal #Prison #Security #ShinyHunters #Theft
Turkish hackers targeting database servers with Mimic ransomware
The “RE#TURGENCE” campaign is targeting victims in the E.U., U.S. and Latin America by going after Microsoft SQL, researchers with Securonix found.
Anthropic researchers find that AI models can be trained to deceive
A study co-authored by researchers at Anthropic finds that AI models can be trained to deceive -- and that this deceptive behavior is difficult to combat.
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
- Juniper Networks recently patched a critical pre-authentication Remote Code Execution (RCE) vulnerability in the J-Web configuration interface across all versions of Junos OS on SRX firewalls and EX switches. Unauthenticated actors could exploit this vulnerability to gain root access or initiate Denial of Service (DoS) attacks on devices that have not been patched. Ensure your systems are updated promptly to mitigate this risk. Check for exposed J-Web configuration interfaces using this Censys Search query: services.software.uniform_resource_identifier:
cpe:2.3:a:juniper:jweb:*:*:*:*:*:*:*:*. * As emphasized last year in CISA’s BOD 23-02 guidance, exposed network management interfaces continue to pose a significant risk. Restrict access to these interfaces from the public internet wherever possible.
Hackers can infect network-connected wrenches to install ransomware
Researchers identify 23 vulnerabilities, some of which can exploited with no authentication.
Cryptojacker arrested in Ukraine over EUR 1.8 million mining scheme
The 29-year-old individual was apprehended in Mykolaiv, Ukraine, on 9 January. Three properties were searched to gather evidence against the main suspect. The arrest comes after months of intensive collaboration between Ukrainian authorities, Europol and a cloud provider, who worked tirelessly to identify and locate the individual behind the widespread cryptojacking operation.The suspect is believed to have mined over USD...
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.
Attack of the week: Airdrop tracing – A Few Thoughts on Cryptographic Engineering
It's been a while since I wrote an "attack of the week" post, and the fault for this is entirely mine. I've been much too busy writing boring posts about Schnorr signatures! But this week's news brings an exciting story with both technical and political dimensions: new reports claim that Chinese security agencies have developed…