cRyPtHoN™ INFOSEC (EN)
12 Oct 2023 11:33
How to delete your Google search history
Keep your browsing habits a secret
Whether you forgot to use Incognito mode or fancy clearing out old data, deleting your Google Search history is a straightforward process. Google saves all your activity in Search to your Google account, giving you access to everything you searched.
We show you how to delete your Google Search history from the Google Search app, the Google Chrome app, and Chrome for desktop. As long as you're signed in with the same account, deleting your search history deletes it from all devices, ideal if you use a Chromebook for work on the go. While you're at it, why not protect your digital privacy with these quick and simple steps?
https://www.androidpolice.com/delete-google-search-history/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
12 Oct 2023 11:29
US Navy sailor admits selling secret military blueprints to China for $15K
Worth it for 20 years behind bars?
A US Navy service member pleaded guilty yesterday to receiving thousands of dollars in bribes from a Chinese spymaster in exchange for passing on American military secrets.
Petty Officer Wenheng Zhao, 26, aka Thomas Zhao, of Monterey Park, California, now faces up to 20 years in prison for two federal felony offenses: conspiring with a People's Republic of China (PRC) intelligence officer, and receiving a bribe. Sentencing is scheduled for January 8.
According to the US Justice Department and court documents [PDF], Zhao worked at Naval Base Ventura County, located in Port Hueneme, California, and held a US security clearance that gave him access to material up to and including "secret" data.
https://www.theregister.com/2023/10/11/us_navy_china_spy/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
12 Oct 2023 11:26
Social media is awash in misinformation about Israel-Gaza war, but Musk’s X is the most egregious
While Twitter has always struggled with combating misinformation about major news events, it was still the go-to place to find out what’s happening in the world. But the Israel-Hamas war has underscored how the platform now transformed into X has become not only unreliable but is actively promoting falsehoods.
Experts say that under Elon Musk the platform has deteriorated to the point that it’s not just failing to clamp down on misinformation but is favoring posts by accounts that pay for its blue-check subscription service, regardless of who runs them.
https://apnews.com/article/social-media-gaza-israel-hamas-misinformation-cb5192215d0f89d8a413606d0ec73cf4
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
12 Oct 2023 11:22
BianLian extortion group claims recent Air Canada breach
The BianLian extortion group claims to have stolen 210GB of data after breaching the network of Air Canada, the country's largest airline and a founding member of Star Alliance.
While the company said in a statement issued in September that systems compromised in the breach included "limited personal information of some employees and certain records," the attackers now claim that the stolen documents contained much more extensive information.
The threat actors also shared screenshots of the stolen data on their dark web data leak website as proof and a detailed description of what was stolen from the airline's network.
https://www.bleepingcomputer.com/news/security/bianlian-extortion-group-claims-recent-air-canada-breach/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 07:19
Hackers on WordPress Websites Hacking Spree with Balada Malware
If you use WordPress, update to the latest version.
Thousands of WordPress websites have been hacked as hackers exploit a vulnerability in the tagDiv Composer front-end page builder plugin.
https://www.hackread.com/hackers-wordpress-websites-hacking-balada-malware/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 07:13
The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum
A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum.
Cybersecurity researchers 3xp0rt reported that a threat actor that goes online with the moniker ‘kapuchin0’ (and also uses the alias Gookee) has leaked the source code of the HelloKitty ransomware on the XSS forum.
kapuchin0 claims that the leaked code is the first breach of the HelloKitty ransomware.
https://securityaffairs.com/152182/malware/hellokitty-ransomware-source-code-leaked.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 07:10
Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan
Intelligence gathering is likely motive in campaign targeting a variety of sectors.
A previously unknown advanced persistent threat (APT) group used custom malware and multiple publicly available tools to target a number of organizations in the manufacturing, IT, and biomedical sectors in Taiwan.
A government agency located in the Pacific Islands, as well as organizations in Vietnam and the U.S., also appear to have been hit as part of this campaign. This activity began in February 2023 and continued until at least May 2023.
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 06:33
IoT Secure Development Guide
This guide deals with threat modelling and early stages of development so that security issues and controls are identified before committing to manufacturing. Current attack methods, and the pitfalls we find in embedded designs, have been highlighted so that a finished product is as secure as it can be. This also makes testing and validation straightforward.
This guide is not just for technical developers, but for project managers and business analysts involved in product creation. Security is not binary or absolute. Business decisions will need to be made as to whether extra costs are worthwhile in a secure software development life cycle.
https://www.pentestpartners.com/security-blog/iot-secure-development-guide/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 06:27
Virus Bulletin PUA – a love letter
Late nights at VB2023 featured intriguing interactions between security experts and the somewhat enigmatic world of grayware purveyors
Late night at VB2023 is when the goblins come out – crafted visages of carefully-played fans cum lures foisted by the industry of potentially unwanted application (PUA) vendors, sponsored- and pay-per-click application installers, and other download monetizers that form up a multibillion dollar ecosystem. And in case you are wondering what they want, it is to entice the unblocking of borderline – really borderline – creepy software that they want reputable security software vendors to ignore and stop blocking. We know, because we are frequently asked by them to do so.
https://www.welivesecurity.com/en/cybersecurity/virus-bulletin-pua-a-love-letter/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 06:22
Costco accused of sharing customers’ ‘highly personal’ health data with Facebook owner Meta
Costco has allegedly handed customers’ private information over to Facebook parent Meta without their consent, according to a lawsuit filed in Seattle federal court
Court documents obtained by The Post allege that Costco installed Meta’s analytical tool, Meta Pixel, on its website
The tech tracks website visitors and activities, and thus gives Meta access to customers’ personal data as well as pharmacy users’ “highly personal health information.”
The code is designed to help businesses track the effectiveness of their advertising, according to Meta’s Help Center, though it’s unclear why Costco would need to use the technology in the health care portion of its website, where customers can order or refill prescriptions
https://nypost.com/2023/10/10/costco-accused-of-sharing-customers-health-data-with-meta/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 06:14
Hackers advertised 23andMe stolen data two months ago
Genetic testing company 23andMe has been investigating a security incident after hackers advertised a trove of alleged stolen user data on a hacking forum last week. But the alleged stolen data may have been circulating for much longer than first known.
TechCrunch has also found that some of the advertised stolen data matches known 23andMe user information.
On August 11, a hacker on a known cybercrime forum called Hydra advertised a set of 23andMe user data that matches some of the data leaked last week on another hacking forum called BreachForums.
https://techcrunch.com/2023/10/10/hackers-advertised-23andme-stolen-data-two-months-ago/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 05:59
Fresh curl tomorrow will patch 'worst' security flaw in ages
It’s bad, folks. Pair of CVEs incoming on October 11
Start your patch engines – a new version of curl is due tomorrow that addresses a pair of flaws, one of which lead developer Daniel Stenberg describes as "probably the worst curl security flaw in a long time."
Curl 8.4.0 will hit at around 0600 UTC (0800 CEST, 0700 BST, 0200 EST, 2300 PDT) on October 11 and deal with CVE-2023-38545, which affects both libcurl and the curl tool, and CVE-2023-38546, which only affects libcurl.
The release has no API or ABI changes, so the update should slot in without too much aggravation.
https://www.theregister.com/2023/10/10/curl_patch_in_update/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 05:47
Flagstar Bank MOVEit Breach Affects 800K Customer Records
Flagstar Bank, a prominent Michigan-based financial services provider, has warned 837,390 of its US customers about a data breach that occurred through a third-party service provider, Fiserv.
The breach exposed the personal information of a substantial number of customers. It was traced back to vulnerabilities in MOVEit Transfer, a file transfer software used by Fiserv for payment processing and mobile banking services.
https://www.infosecurity-magazine.com/news/flagstar-bank-moveit-breach/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 05:41
Spanish airline Air Europa hit by credit card system breach
MADRID (Reuters) -Spanish airline Air Europa has suffered a cyberattack on its online payment system that let some of its customers' credit card details exposed, the company said on Tuesday.
The airline emailed customers whose credit card details were affected and notified the relevant financial institutions, it added. It did not specify the number of customers affected, nor did it estimate the financial impact of the cyberattack. The company said no other information had been exposed.
"There is no evidence that the breach was ultimately used to commit fraud," the airline said.
https://www.msn.com/en-us/money/companies/spanish-airline-air-europa-hit-by-credit-card-system-breach/ar-AA1hYK2t
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 05:36
Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business
Microsoft patches more than 100 vulnerabilities across the Windows ecosystem and warned that three are already being exploited in the wild.
Microsoft’s security response team on Tuesday pushed out a massive batch of software and OS updates to cover more than 100 vulnerabilities across the Windows ecosystem and warned that three of the flaws are already being exploited in the wild.
As part of the scheduled batch of Patch Tuesday fixes, Microsoft joined with tech giants AWS, Google and Cloudflare to address the ‘HTTP/2 Rapid Reset’ zero-day (see separate SecurityWeek coverage) that exposed the internet to massive DDoS attacks.
https://www.securityweek.com/microsoft-fixes-exploited-zero-days-in-wordpad-skype-for-business/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
12 Oct 2023 11:31
Smashing Security podcast #343: Four-legged girlfriends, LoveGPT, and a military intelligence failure
Dream girlfriends, AI love scams, and an alleged spy who is said to have made a series of blunders.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown’s Thom Langford.
Warning: This podcast may contain nuts, adult themes, and rude language.
https://grahamcluley.com/smashing-security-podcast-343/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
12 Oct 2023 11:28
US Smashes Annual Data Breach Record With Three Months Left
There were 2116 reported US data breaches and leaks in the first nine months of 2023, making it the worst year on record with a whole quarter left to go, according to the Identity Theft Resource Center (ITRC).
The non-profit, which tracks publicly reported breaches in the US, said there were 733 “data compromises” in Q3 2023, a 22% decline from the previous quarter. However, despite the relative slump, this was enough to drag the total for the year past the previous all-time high of 1862 set in 2021.
https://www.infosecurity-magazine.com/news/us-smashes-data-breach-record/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
12 Oct 2023 11:24
Backdoor Masquerading as Legitimate Plugin
As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In the event of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other complications that may arise as a result of an infection. During the cleanup, malware samples are added to our Threat Intelligence database, which contains over 3.65 million unique malicious samples. Our recently launched Wordfence CLI scanner detects 99% of these samples and indicators of compromise, when using the commercial signature set, and can scan your site even if WordPress is no longer functional.
https://www.wordfence.com/blog/2023/10/backdoor-masquerading-as-legitimate-plugin/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
12 Oct 2023 11:20
ICS Patch Tuesday: Siemens Ruggedcom Devices Affected by Nozomi Component Flaws
ICS Patch Tuesday: Siemens and Schneider Electric release over a dozen advisories addressing more than 40 vulnerabilities.
Siemens and Schneider Electric’s Patch Tuesday advisories for October 2023 address more than 40 vulnerabilities affecting their products.
https://www.securityweek.com/ics-patch-tuesday-siemens-ruggedcom-devices-affected-by-nozomi-component-flaws/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 07:16
Some iPhone users are saying their phone turned off automatically at night
iPhone users are reporting a mysterious bug that turned off their phone at night. The issue doesn't seem to be specific to iPhone 15 models.
Mystery bug turns off iPhone automatically at night
The issue came to light when a reddit user made a post stating that when they woke up to their phone's alarm, their iPhone displayed a prompt to enter their SIM card's pin to unlock the device. FaceID would not work until they had typed the code.
The user, intrigued by why the iPhone had asked for the PIN, checked their battery stats, which can be found under Settings > Battery > Last 24 Hours. This is when they noticed that their phone's battery chart was showing a blank period specifically between 3 and 7 AM.
https://www.ghacks.net/2023/10/11/some-iphone-users-are-saying-their-phone-turned-off-automatically-at-night/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 07:12
Safexpay Technology's payment gateway hacked, Thane Police probe Rs 16,180-cr scam
As per the investigations, the ongoing fraud came to light after a complaint that some persons had allegedly hacked into the 6-year-old STPL's payment gateway, and the monies were then transferred to hundreds of bank accounts.
In a shocking development, the Thane Police have said that payment gateway of Safexpay Technology Pvt Ltd (STPL) was allegedly hacked, revealing a massive scam of siphoning off Rs 18,180-crore, including some money transferred abroad, is now being probed, here on Monday.
The Shrinagar Police Station has lodged an FIR and probing the matter along with the Thane Police Cyber Cell, said top officials.
https://ciso.economictimes.indiatimes.com/news/cybercrime-fraud/safexpay-technologys-payment-gateway-hacked-thane-police-probe-rs-16180-cr-scam/104291770
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 06:34
Cloudflare, Google, and Amazon explain what’s behind the largest DDoS attacks ever
Internet giants say a newly uncovered HTTP/2 vulnerability has been used to launch DDoS attacks that were far beyond any previously recorded.
Cloudflare, Google, Microsoft, and Amazon all say they successfully mitigated what two of the companies called the biggest DDoS layer 7 attacks they’ve recorded in August and September, though none said who the attacks were directed against. The companies say the attacks were possible because of a zero-day vulnerability in the HTTP/2 protocol they’ve named “HTTP/2 Rapid Reset.”
https://www.theverge.com/2023/10/10/23911186/ddos-http2-vulnerability-blocked-amazon-aws-cloudflare-google-cloud
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 06:31
Savvy Israel-linked hacking group reemerges amid Gaza fighting
Predatory Sparrow, which has been linked to an attack on an Iranian steel facility last year, reemerged after a long hiatus Monday
After going quiet for nearly a year, a potent hacking group with suspected links to the Israeli government reemerged online Monday, an indication that as the conflict between Israel and Hamas drags on, digital actors could play a greater role.
As the deadly violence between Israeli and Hamas fighters continues to unfold, the bulk of the fighting continues to be kinetic military operations. But since fighting began Saturday, a flurry of shadowy “hacktivist” groups on both sides of the conflict have knocked websites offline with distributed denial-of-service attacks,
https://cyberscoop.com/predatory-sparrow-israel-gaza-cyber/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 06:25
The reality of Apple watch pen testing
Introduction
We were approached to do an Apple Watch application test. It seems this isn’t a service offered by many companies (including us, although we’ve done plenty of work on Android Wear before) but also, little information exists online about attempts, experiences or if it’s even possible. So, what can be done and what are the limitations?
TL;DR
🌀 API testing can be done as normal, like an iOS application
🌀 Limitations are mostly related to access to the Watch’s filesystem and running processes
🌀 Companion Watch applications are usually bundled with APIs, which allows us to do reverse engineering
🌀 Bluetooth testing is difficult with Apple devices
🌀 Testing of Apple Watch applications can still provide meaningful testing and assurance
https://www.pentestpartners.com/security-blog/the-reality-of-apple-watch-pen-testing/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 06:16
Newly discovered Android malware has infected thousands of devices
The malware was installed on these devices prior to shipping. Here's what else you need to know.
I'm not one to mince words or make you wait for the payoff, so I'll get right to the point.
If you've purchased a T95 (or similar knockoff) streaming box that runs Android, chances are that your unit was shipped with pre-installed malware. But this isn't your ordinary piece of malware. Instead, we're looking at the possibility of two different Trojans: Badbox and Peachpit, both of which are pretty nasty bits of code.
https://www.zdnet.com/article/newly-discovered-android-malware-has-infected-thousands-of-devices/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 06:03
Hacktivists send fake nuclear attack warning via Israeli Red Alert app
Hackers have exploited a flaw in a widely-used app that warns of missile attacks against Israel to send a fake alert that a nuclear strike is imminent.
The AnonGhost hacktivist group said on its Telegram channel that it had managed to breach the "Red Alert" app to send a warning that "The Nuclear Bomb is coming" and distribute notifications saying "death to Israel."
Some of the fake alerts were accompanied by a swastika.
https://www.bitdefender.com/blog/hotforsecurity/hacktivists-send-fake-nuclear-attack-warning-via-israeli-red-alert-app/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 05:53
Wireshark Tutorial: Identifying Hosts and Users
When a host within an organization's network is infected or otherwise compromised, responders need to quickly identify the affected host and user. In some organizations, this could involve reviewing a packet capture (pcap) of network traffic generated by the affected host.
This tutorial uses Wireshark to identify host and user data in pcaps. This is the third in a series of tutorials that provide tips and tricks to help security professionals more effectively use Wireshark. This article was first published in March 2019 and is being updated for 2023.
https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/
#oscp #iocteams #spread #snortteams
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 05:43
Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform
One of the biggest challenges we face in analyzing Android application package (APK) samples at scale is the diversity of Android platform versions that malware authors use. When trying to utilize static and dynamic analysis techniques in the malware detection space, the sheer variety of platform versions can feel overwhelming.
In this article, we will discuss this issue of how malware authors use obfuscation to make analyzing their Android malware more challenging. We will review two such case studies to illustrate those obfuscation techniques in action. Finally, we’ll cover some overall techniques researchers can use to address these obstacles.
https://unit42.paloaltonetworks.com/hooking-framework-in-sandbox-to-analyze-android-apk/
#oscp #iocteams #spread #snortteams
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 05:38
Mirai DDoS malware variant expands targets with 13 router exploits
A Mirai-based DDoS (distributed denial of service) malware botnet tracked as IZ1H9 has added thirteen new payloads to target Linux-based routers and routers from D-Link, Zyxel, TP-Link, TOTOLINK, and others.
Fortinet researchers report observing a peak in the exploitation rates around the first week of September, reaching tens of thousands of exploitation attempts against vulnerable devices.
IZ1H9 compromises devices to enlist them to its DDoS swarm and then launches DDoS attacks on specified targets, presumably on the order of clients renting its firepower.
https://www.bleepingcomputer.com/news/security/mirai-ddos-malware-variant-expands-targets-with-13-router-exploits/
https://www.fortinet.com/blog/threat-research/Iz1h9-campaign-enhances-arsenal-with-scores-of-exploits
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
11 Oct 2023 05:34
One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems
CVE-2023-43641
This directory contains a simple PoC for libcue CVE-2023-43641. Downloading CVE-2023-43641-poc-simple.cue should trigger the bug on most GNOME systems, because tracker-miners automatically scans files in ~/Downloads. If the filename has a .cue extension, then tracker-miners uses libcue to scan the file. The PoC triggers an out-of-bounds array access, which causes the tracker-extract process to crash.
We are delaying the release of the full PoC, which exploits the vulnerability to get code execution in tracker-extract.
https://github.com/github/securitylab/tree/3cb0ebc37170149ef5e91a3bd641631c4eeedd06/SecurityExploits/libcue/track_set_index_CVE-2023-43641
📡@
📡@
📡@
📡@
📡@
Читать полностью…
4200