Google Project Zero: Vendors are now quicker at fixing zero-days
Google's Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year.
cyberveille.decio.ch
UPnProxy: Eternal Silence
UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign.
FritzFrog: P2P Botnet Hops Back on the Scene
FritzFrog is a peer-to-peer botnet, which means its command and control server is not limited to a single, centralized machine, but rather can be done from every machine in its distributed network. In other words, every host running the malware process becomes part of the network, and is capable of sending, receiving, and executing the commands to control machines in the network.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
Zero Day Initiative — CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud
Yes, the title is right. This blog covers an XML eXternal Entity (XXE) injection vulnerability that I found in SharePoint. The bug was recently patched by Microsoft. In general, XXE vulnerabilities are not very exciting in terms of discovery and related technical aspects. They may sometimes be fun t
Spyware maker pcTattletale says it's 'out of business' and shuts down after data breach | TechCrunch
The spyware maker's founder, Bryan Fleming, said pcTattletale is "out of business and completely done," following a data breach.
Exiled, then spied on: Civil society in Latvia, Lithuania, and Poland targeted with Pegasus spyware
At least seven more Russian, Belarusian, Latvian, and Israeli journalists and activists have been targeted with Pegasus within the EU.
‘Operation Endgame’ Hits Malware Delivery Platforms
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort…
Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins
We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.
La nouvelle identité électronique étatique suisse
Après avoir été rejetée aux urnes le 7 mars 2021, la réglementation sur l’identité électronique renaît de ses cendres avec une nouvelle approche qui donne le rôle principal à l’État comme exploitant d’une infrastructure de confiance et comme émetteur de l’e-ID. La nouvelle infrastructure permet également aux acteurs publics et privé d'émettre d'autres justificatifs électroniques. Le nouveau projet de loi est actuellement entre les mains du Parlement fédéral.
OpenAI finds Russian, Chinese propaganda campaigns used its tech
Covert propagandists have already begun using generative artificial intelligence to boost their influence operations.
CVE-2024-34331: Parallels Repack Privilege Escalation
Another day, another accidental exploit 🥳. This time abusing Parallels Desktop’s trust in macOS installers, gaining local privilege escalation!
The Pumpkin Eclipse
Executive Summary Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP). The incident took place over a 72-hour period between October 25-27, rendered the infected devices permanently inoperable, and required a hardware-based replacement. Public scan data Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP).
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
Researchers have discovered several vulnerabilities in popular WordPress plugins that allow attackers to create rogue admin accounts. #attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader
Multiple TTPs utilized in this campaign bear some overlap with North Korean APT groups.
Data breach exposes details of 25,000 current and former BBC employees
Data breach at pension scheme being taken ‘extremely seriously’, but broadcaster says there is no evidence of a ransomware attack
Check Point - Wrong Check Point (CVE-2024-24919)
Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This time, it is Check Point who is the focus of our penetrative gaze. Check Point, for those unaware, is the vendor responsible for the 'CloudGuard Network Security' appliance, yet another device claiming to be secure and hardened. Their slogan - "you deserve the best security" - implies they are a company you can trust with the security of your network. A bold claim.
An Anonymous Source Shared Thousands of Leaked Google Search API Documents with Me; Everyone in SEO Should See Them
On Sunday, May 5th, I received an email from a person claiming to have access to a massive leak of API documentation from inside Google’s Search division.
macOS version of elusive 'LightSpy' spyware tool discovered
A macOS version of the LightSpy surveillance framework has been discovered, confirming the extensive reach of a tool only previously known for targeting Android and iOS devices.
Operators of 911 S5 residential proxy service subjected to US sanctions
Chinese nationals Yunhe Wang, Jingping Liu, and Yanni Zheng have been sanctioned by the U.S. Treasury Department for operating the residential proxy service 911 S5, which was a botnet comprised of over 19 million residential IP addresses that had been used to support various cybercrime groups' COVID-19 relief scams and bomb threats, Ars Technica reports.
Office of Public Affairs | 911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated International Operation | United States Department of Justice
A court-authorized international law enforcement operation led by the U.S. Justice Department disrupted a botnet used to commit cyber attacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations.
.webp?width=92&height=&ar=&mode=&format=avif&dpr=2)
PoC Exploit Released For macOS Privilege Escalation Vulnerability
A new vulnerability has been discovered in macOS Sonoma that is associated with privilege escalation. This vulnerability has been assigned
Troy Hunt: Operation Endgame
Today we loaded 16.5M email addresses and 13.5M unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. That link provides an excellent overview so start there then come back to this blog post which
Largest ever operation against botnets hits dropper malware ecosystem | Europol
Between 27 and 29 May 2024 Operation Endgame, coordinated from Europol’s headquarters, targeted droppers including, IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. The actions focused on disrupting criminal services through arresting High Value Targets, taking down the criminal infrastructures and freezing illegal proceeds. This approach had a global impact on the dropper ecosystem. The malware, whose infrastructure was taken down...
Botnets disrupted after international action
Continuing a string of successful botnet takedowns, on Thursday, May 30th 2024, a coalition of international law enforcement agencies announced "Operation Endgame". This effort targeted multiple botnets such as IcedID, Smokeloader, SystemBC, Pikabot and Bumblebee, as well as some of the operators of these botnets. These botnets played a key part in enabling ransomware, thereby causing damages to society estimated to be over a hundred million euros. This coordinated effort is the largest operation ever against botnets involved with ransomware.
Cybercriminals pose as "helpful" Stack Overflow users to push malware
Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware.
How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet | WIRED
Thanks to a flaw in a decade-old version of the RoboForm password manager and a bit of luck, researchers were able to unearth the password to a crypto wallet containing a fortune.
TeamCity Major Bug-Fix Release for All Versions: Update Your Server Now | The TeamCity Blog
Our customers’ safety is our utmost priority. In order to protect our customers from any potential security threats, we’ve rolled out major bug-fix releases for several older versions of TeamCity (versions 2022.04 through 2023.11).
Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)
A couple months ago, my colleague Winston Ho and I chained a series of unfortunate bugs into a zero-interaction local privilege escalation in Zscaler Client Connector. This was an interesting journey into Windows RPC caller validation and bypassing several checks, including Authenticode verification. Check out the original Medium blogpost for Winston’s own ZSATrayManager Arbitrary File Deletion (CVE-2023-41969)!
Cooler Master allegedly breached, members exposed
Cooler Master, a popular computer hardware maker, has allegedly suffered from a data breach, exposing the company’s corporate data as well as the personal details of members from its fan-based members program. The attackers claim to have stolen 103GB of data from the company’s servers on May 18th. According to the attacks’ perpetrators, the allegedly stolen information carries a trove of sensitive data, including Cooler Master’s Fanzone members’ payment card details.