Discord will switch to temporary file links to block malware delivery
Discord will switch to temporary file links for all users by the end of the year to block attackers from using its CDN (content delivery network) for hosting and pushing malware.
GhostSec offers Ransomware-as-a-Service Possibly Used to Target Israel
The hacker collective called GhostSec has unveiled an innovative Ransomware-as-a-Service (RaaS) framework called GhostLocker. They provide comprehensive assistance to customers interested in acquiring this service through a dedicated Telegram channel. Presently, GhostSec is focusing its attacks on Israel. This move represents a surprising departure from their past activities and stated agenda.
New macOS 'KandyKorn' malware targets cryptocurrency engineers
A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform. The attackers impersonate members of the cryptocurrency community on Discord channels to spread Python-based modules that trigger a multi-stage KandyKorn infection chain. Elastic Security discovered and attributed the attacks to Lazarus based on overlaps with past campaigns concerning the employed techniques, network infrastructure, code-signing certificates, and custom Lazarus detection rules.
Suspected Exploitation of Apache ActiveMQ CVE-2023-46604
On October 27, Rapid7 Managed Detection & Response identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in 2 separate customer environments.
Apple 'Find My' network can be abused to steal keylogged passwords
Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced Apple devices, including iPhones, iPads, Macs, Apple Watches, AirPods, and Apple Tags. The service relies on GPS and Bluetooth data crowd-sourced from millions of Apple devices worldwide to find devices reported as lost or stolen, even if those are offline.
Send My: Arbitrary data transmission via Apple's Find My network | Positive Security
Apple AirTags: Arbitrary data can be uploaded from non-internet-connected devices by sending Find My BLE broadcasts to nearby Apple devices. We're releasing an ESP32 firmware that turns the microcontroller into an (upload only) modem, and a macOS application to retrieve, decode and display the uploaded data.
New Microsoft Exchange zero-days allow RCE, data theft attacks
Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
Cyber experts and officials raise alarms about exploits against Citrix and Apache productsoited vulnerability (KEV) list.
Several new vulnerabilities with critical severity scores are causing alarm among experts and cyber officials. Zero-day bugs affecting products from Citrix and Apache have recently been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) known exploited vulnerability (KEV) list. Incident responders at the cybersecurity company Rapid7 warned of hackers connected to the HelloKitty ransomware exploiting a vulnerability affecting Apache ActiveMQ, classified as CVE-2023-46604. Apache ActiveMQ is a Java-language open source message broker that facilitates communication between servers.
Microsoft is overhauling its software security after major Azure cloud attacks
Microsoft is making big changes to its cybersecurity approach. It comes after major cloud attacks in recent years and will mean an overhaul to how software is built inside Microsoft.
How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime
In recent years, cybercriminals have become increasingly professional — fraudsters have consistently been improving their skills, making less crucial mistakes, and creating various “as-a-service” businesses to help lower-skilled threat actors launch scams and attacks, allowing the latter to run full cybercrime operations. There are different types of cybercrime services that exist today, including malware-as-a-service, where cybercriminals develop and sell malware services to other malicious actors; the service also includes creating and spreading malware types such as ransomware on compromised hosts. Meanwhile, other services require the use of multiple social media accounts to be successfully carried out, such as misinformation, spamming, and malware propagation. Indeed, it’s not uncommon for cybercriminals to send thousands of spam messages using thousands of accounts on social media platforms. But how do they manage to automate all of it?
Les sanctions américaines et l'assurance cyberattaque
L'assureur qui veut s'opposer au paiement de la prestation d’assurance suite à une cyberattaque, en invoquant les sanctions américaines, doit prouver que la cyberattaque a servi les intérêts d'une entité visée par ces sanctions et qu'il risque ainsi concrètement d'être réprimandé par l'autorité américaine compétente. Le simple fait que le type de logiciel utilisé pour la cyberattaque en question soit habituellement déployé par un groupe de cyberpirates sous sanction (in casu Evil Corp) ne suffit pas pour refuser le paiement de la prestation d’assurance.
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.
Boeing says 'cyber incident' hit parts business after ransom threat | Reuters
Boeing , one of the world's largest defense and space contractors, said on Wednesday it was investigating a cyber incident that impacted elements of its parts and distribution business and cooperating with a law enforcement probe into it.
Analyse d’impact relative à la protection des données personnelles: comment faire?
La nouvelle loi sur la protection des données a introduit l’obligation d’établir, dans certains cas, une analyse d’impact relative à la protection des données personnelles (AIPD). Elle vise à identifier préalablement les risques potentiellement élevés pour la personnalité et les droits fondamentaux, afin de prendre les mesures adéquates pour les réduire à un niveau acceptable. Si l’exercice peut faire peur, il suffit de suivre quelques étapes très concrètes.
Apache ActiveMQ is a message broker service, designed to act as a communication bridge between disparate services. Developed in Java, it can broker multiple pr…
Massive ransomware attack hinders services in 70 German municipalities
Hackers encrypted the servers of the municipal service provider Südwestfalen IT, leading the company to restrict access to its infrastructure for over 70 municipalities in western Germany.
2022 RTF Global Ransomware Incident Map: Attacks continue worldwide, groups splinter, education sector hit hard
According to ecrime.ch data, confirmed ransomware incidents occurred in 105 countries, originating from 58 ransomware groups. This number is relatively consistent with last year’s data, in which we calculated that incidents impacted organizations in 109 countries and documented at least 60 distinct ransomware families. Though the overall statistics remain relatively consistent from last year to this year, there is more to the story: new trends in the ecosystem include the shifting dynamics of ransomware groups, the rise of the education sector as a key target, and the trends in geographic distribution of attacks.
Massive cybercrime URL shortening service uncovered via DNS data
A threat actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected.
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port…
Atlassian warns of critical Confluence flaw leading to data loss
Australian software company Atlassian warned admins to immediately patch Internet-exposed Confluence instances against a critical security flaw that could lead to data loss following successful exploitation.