cRyPtHoN™ INFOSEC (EN)
18 Oct 2023 10:23
The internet is littered with fake reviews. Amazon, Glassdoor and others are trying to fight back
NEW YORK (AP) — Some of the most used platforms for travel and online shopping said Tuesday they’re going to team up to battle fake reviews.
Amazon, reviews site Glassdoor and Trustpilot, as well as travel companies Expedia Group, Booking.com and Tripadvisor said in an announcement they’re launching a coalition that aims to protect access to “trustworthy consumer reviews” worldwide.
The companies said the members of the group, which will be called Coalition for Trusted Reviews, will look for best practices for hosting online reviews and share methods on how to detect fake ones.
https://apnews.com/article/fake-reviews-amazon-glassdoor-expedia-trustpilot-43a478ac0b27d6bb773a3bbdba1858b1
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Oct 2023 10:17
FBI warns of extortion groups targeting plastic surgery offices
The FBI warns that cybercriminals are using spoofed emails and phone numbers to target plastic surgery offices across the United States for extortion in phishing attacks that spread malware.
After gaining access to their networks, the attackers steal data from compromised systems that they'll use to extort surgeons and patients.
Documents stolen in these breaches can contain very sensitive data, including personally identifiable information, sensitive medical records, and, in some cases, even intimate photographs taken for medical purposes.
https://www.bleepingcomputer.com/news/security/fbi-warns-of-extortion-groups-targeting-plastic-surgery-offices/
https://www.ic3.gov/Media/Y2023/PSA231017
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Oct 2023 10:12
KwikTrip all but says IT outage was caused by a cyberattack
Kwik Trip has released another statement on an ongoing outage, all but confirming it suffered a cyberattack that has led to IT system disruptions.
Kwik Trip is a US chain of over 800 convenience stores and gas stations in Michigan, Minnesota, and Wisconsin, also operating under the name Kwik Star in Illinois, Iowa, and South Dakota. The company employs over 35,000 people.
Since October 8th, Kwik Trip/Kwik Star has been experiencing an IT outage impacting their Kwik Rewards program, support systems, phones, and email.
https://www.redpacketsecurity.com/kwiktrip-all-but-says-it-outage-was-caused-by-a-cyberattack/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Oct 2023 11:42
Signal denies claims of an alleged zero-day flaw in its platform
Encrypted messaging app Signal denied claims of an alleged zero-day flaw in its platform after a responsible investigation.
The popular encrypted messaging app Signal denied claims of an alleged zero-day vulnerability in its platform. The company launched an investigation into the claims after they have seen the vague viral reports alleging a zero-day vulnerability.
“PSA: we have seen the vague viral reports alleging a Signal 0-day vulnerability. After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels.” reads the tweet published by the company.
https://securityaffairs.com/152539/hacking/signal-denies-0day-claims.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Oct 2023 11:38
iPhone 15 Pro Max users are reporting 'screen burn' issues that leave a ghostly image on the display - adding to a growing list of problems for Apple
🌀 In the latest snag for the new iPhone 15, users have reported 'screen burn' issues
🌀 Some have found iPhone 15 Pro display discoloured by ghostly lingering images
Ever since Apple launched the iPhone 15 it seems as if each new week has brought a fresh crop of problems to blight the flagship smartphone.
Unfortunately for the Californian tech giant, this one is no exception.
That's because users have reported encountering severe 'screen burn' issues which leave phantom images on the display.
https://www.dailymail.co.uk/sciencetech/article-12636027/iPhone-15-Pro-Max-screen-burn-issues-image-display-Apple.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Oct 2023 11:19
A hack in hand is worth two in the bush
Dissecting the alleged hack of a private power station in Israel
The ongoing conflict between Israel and Hamas has also extended into the digital domain. The involvement of hackers highlights the evolving nature of warfare in the 21st century, where traditional military operations are complemented by sophisticated cyber tactics, and where the boundaries between state-sponsored, hacktivist, and independent actors blur.
So far, various cyber activities in the digital realm have been observed, including DDoS-attacks, information warfare, and hacktivism campaigns. As the conflict continues, we anticipate potential wiper or ransomware malware attacks in the future.
https://securelist.com/a-hack-in-hand-is-worth-two-in-the-bush/110794/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Oct 2023 11:15
Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict
Hacktivists have claimed to hit Israeli websites through DDoS and defacement attacks following the outbreak of conflict between Israel and Hamas. Cybersecurity experts now warn of signs of more impactful attacks being attempted.
Researchers from Radware found that Israel endured 143 DDoS attacks between October 2 and October 10, making it the most targeted nation state during that period. These attacks were all claimed by hacktivists on the messaging service Telegram.
https://www.infosecurity-magazine.com/news/concern-hacktivism-israel-hamas/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Oct 2023 11:09
PSA: Critical Unauthenticated Arbitrary File Upload Vulnerability in Royal Elementor Addons and Templates Being Actively Exploited
Today, on October 13, 2023, the Wordfence Threat Intelligence Team became aware of a vulnerability that was recently patched in Royal Elementor Addons and Templates, a WordPress plugin installed on over 200,000 sites, that makes it possible for unauthenticated attackers to upload arbitrary files to vulnerable sites.
This allows unauthenticated attackers to upload PHP files containing malicious content, such as a backdoor, that makes remote code execution possible and leads to a complete compromise of the site. We have blocked over 46,169 attacks targeting this vulnerability in the past 30 days,
https://www.wordfence.com/blog/2023/10/psa-critical-unauthenticated-arbitrary-file-upload-vulnerability-in-royal-elementor-addons-and-templates-being-actively-exploited/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Oct 2023 11:05
Blocking Dedicated Attacking Hosts Is Not Enough: In-Depth Analysis of a Worldwide Linux XorDDoS Campaign
We recently detected a new campaign from the XorDDoS Trojan that led us to conduct an in-depth investigation that unveiled concealed network infrastructure that carries a large amount of command and control (C2) traffic. When we compared the most recent wave of XorDDoS attacks with a campaign from 2022, we found the only difference between the campaigns was in the configuration of the C2 hosts. While the attacking domains remain unchanged, the attackers have migrated their offensive infrastructure to hosts running on legitimate public hosting services.
Even though numerous security vendors have already classified the C2 domains as malicious and barred them,
https://unit42.paloaltonetworks.com/new-linux-xorddos-trojan-campaign-delivers-malware/
#oscp #iocteams #spread #snortteams
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Oct 2023 11:01
Malicious “RedAlert - Rocket Alerts” Application Targets Israeli Phone Calls, SMS, and User Information
On October 13, 2023, Cloudflare’s Cloudforce One Threat Operations Team became aware of a website hosting a Google Android Application impersonating the legitimate RedAlert - Rocket Alerts application (https://play.google.com/store/apps/details?id=com.red.alert&hl=en&pli=1). More than 5,000 rockets have been launched into Israel since the attacks from Hamas began on October 7th 2023. RedAlert - Rocket Alerts developed by Elad Nava allows individuals to receive timely and precise alerts about incoming airstrikes. Many people living in Israel rely on these alerts to seek safety - a service which has become increasingly important given the newest escalations in the region
https://blog.cloudflare.com/malicious-redalert-rocket-alerts-application-targets-israeli-phone-calls-sms-and-user-information
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
16 Oct 2023 10:15
YouTube Takes on Ad Blockers with Warning Pop-Ups
Using YouTube? You might need to disable your ad blocker or whitelist YouTube.com.
YouTube has been actively displaying pop-up warnings to users who have ad blockers installed on their browsers, urging them to disable them.
YouTube has recently started showing a pop-up message to users using ad blockers, warning them that ad blockers are not allowed on YouTube and asking them to either disable their ad blocker or subscribe to YouTube Premium.
https://www.hackread.com/youtube-ad-blockers-warning-pop-ups/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
16 Oct 2023 09:55
Signal says there is no evidence rumored zero-day bug is real
Signal messenger has investigated rumors spreading online over the weekend of a zero-day security vulnerability related to the 'Generate Link Previews' feature, stating that there is no evidence this vulnerability is real.
This statement comes after numerous sources told BleepingComputer and reported on Twitter that a new zero-day vulnerability allowed for a full takeover of devices.
After contacting Signal about the zero-day last night, they released a statement on Twitter stating that they have investigated the rumors and have found no evidence that this flaw is real.
https://www.bleepingcomputer.com/news/security/signal-says-there-is-no-evidence-rumored-zero-day-bug-is-real/
https://twitter.com/gaughen/status/1713368501929300300
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
15 Oct 2023 11:09
Is It Possible to Delete Yourself From the Internet Altogether?
Believe it or not, the internet is now over half a century old. Of course, it has really come in leaps and bounds in the last few decades, with technological advances and innovations making global communication easier than ever.
The explosion of apps, social media platforms and e-commerce portals that this has instigated has encouraged us to part with more and more of our personal information… but it appears that we may have finally reached a tipping point in this regard. In a recent survey, over 80% of respondents said they were concerned about how their online data is used by others.
https://www.hackread.com/is-it-possible-to-delete-yourself-internet/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
15 Oct 2023 11:01
Update now! Atlassian Confluence vulnerability is being actively exploited
Microsoft Threat Intelligence has revealed that it has been tracking the active exploitation of a vulnerability in Atlassian Confluence software since September 14, 2023. At the time the attacks were first observed the vulnerability was a zero-day, meaning that no update was available, so defenders had "zero days" to patch the flaw.
The vulnerability has since been issued an ID, CVE-2023-22515, and rated with the highest possible severity, a CVSS score of ten. Atlassian's October 4 advisory warns that "Publicly accessible Confluence Data Center and Server versions ... are at critical risk and require immediate attention."
https://www.malwarebytes.com/blog/news/2023/10/atlassian-confluence-zero-day
https://twitter.com/MsftSecIntel/status/1711871732644970856
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
15 Oct 2023 07:52
What is HSTS: HTTP Strict Transport Security
HSTS or HTTP Strict Transport Security is a protocol that can make it more difficult for attackers to modify or intercept traffic between a user and your website. Understanding what HSTS is and how it functions is crucial for anyone keen on protecting their site, as proper implementation can help to ensure that your website’s visitors are protected from attacks.
In this post, we’ll take a closer look at this feature, benefits and advantages to enabling it on your web server, and how to implement it in Apache, NGINX, and the Sucuri Firewall.
https://blog.sucuri.net/2023/10/what-is-hsts-http-strict-transport-security.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Oct 2023 10:19
TXOne Networks Identifies Three Vulnerabilities Impacting Weintek cMT3000 HMI Web CGI (ICSA-23-285-12)
With the advent of the Industry 4.0 era, automated production and manufacturing systems are introducing built-in web browsers in HMI (Human-Machine Interface) devices, granting users direct access to PLCs (Programmable Logic Controllers), controllers, and embedded devices. Users can modify system parameters through the web interface to achieve efficiency and cost-saving objectives. While these features offer convenience, reduce equipment setup costs, and even boost work efficiency, they also introduce cybersecurity risks.
https://www.txone.com/blog/txone-identifies-three-vulnerabilities-impacting-weintek-cmt3000-hmi/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Oct 2023 10:15
IT admins are just as culpable for weak password use
New data from Outpost24 reveals that IT administrators could be just as predictable as end-users when it comes to passwords. An analysis of just over 1.8 million passwords ranks ‘admin’ as the most popular password with over 40,000 entries, with additional findings pointing to a continued acceptance of default passwords.
This data on administrator credentials is obtained from Outpost24’s Threat Intelligence solution, Threat Compass, which provides actionable intelligence around stolen user credentials. Threat Compass detects compromised credentials obtained by malware and notifies security teams to mitigate the targeted threat as soon as possible.
https://outpost24.com/blog/it-admins-weak-password-use/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Oct 2023 10:08
How to Secure your WiFi
It’s important to secure your WiFi connection to prevent unauthorized access to your computer files and Internet activity.
Wireless networks are extremely convenient, allowing access to the Internet without being connected to a cord. But networks can extend more than 300 feet from the router, allowing anyone in the vicinity to access your home network.
This is dangerous for several reasons.
https://blogs.quickheal.com/how-to-secure-wifi/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Oct 2023 11:40
Redirect YouTube Videos in Firefox to play them without Ads
Google is cracking down on the use of content blockers on YouTube. More and more users see the Ad blockers are not allowed on YouTube message when they try to play videos.
Not all of these users have a content blocker installed. Some Edge users experienced the prompts recently, even if they had no content blocker installed.
It is a constant battle between creators and supporters of content blockers and Google. Whenever Google makes a change that blocks videos for users, fixes are added to filter lists to address this.
https://www.ghacks.net/2023/10/16/redirect-youtube-videos-in-firefox-to-play-them-without-ads/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Oct 2023 11:28
Israelis told to secure their home security cameras against hackers
The Government of Israel has told the owners of private home security cameras to urgently secure them against being hacked.
The advice, which is being given in the wake of a dramatic heightening of the conflict between Israel and Hamas, was published in Hebrew in the form of four steps, which can be summed up as:
1️⃣ Change the camera’s admin password.
2️⃣ Enable two-step verificiation if avaialble
3️⃣ Configure automatic security updates in the camera.
4️⃣ If you are having problems changing your camera’s settings, “simply cover the camera or disconnect from the electricity temporarily.”
https://grahamcluley.com/israelis-told-to-secure-their-home-security-cameras-against-hackers/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Oct 2023 11:18
Disclosing the BLOODALCHEMY backdoor
BLOODALCHEMY is a new, actively developed, backdoor that leverages a benign binary as an injection vehicle, and is a part of the REF5961 intrusion set.
BLOODALCHEMY is an x86 backdoor written in C and found as shellcode injected into a signed benign process. It was discovered in our analysis and is part of the REF5961 intrusion set, which you can read about here.
BLOODALCHEMY requires a specific loader to be run because it isn't reflexive (it doesn’t have the capability to load and execute by itself). Additionally, BLOODALCHEMY isn’t compiled as position independent (when loaded at a different base address than the preferred one the binary has to be patched to take into account the new “position”).
https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Oct 2023 11:12
Discord, I Want to Play a Game
Discord is the first choice for gamers when they want to chat with some friends while playing an online computer game. Moreover, it is also a major choice for users that simply want to communicate with their friends and family. All of these make Discord one of the most used collaborative applications worldwide, gathering millions of people.
This popularity has made Discord a common application on almost any computer, including those that are used exclusively for work. Because of that, Discord traffic is frequent in corporate networks, something that malicious actors have realized.
https://www.trellix.com/en-au/about/newsroom/stories/research/discord-i-want-to-play-a-game.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Oct 2023 11:07
Kenyan Facebook moderators accuse Meta of not negotiating sincerely
NAIROBI, Kenya (AP) — The lawyer representing 184 former Facebook content moderators based in Kenya who sued the site’s parent company, Meta, over working conditions and pay told the judge Monday that Meta has not been sincere in trying to reach an out-of-court settlement as agreed in the last court session.
Lawyer Mercy Mutemi said the talks had collapsed and the former moderators want to proceed with a contempt of court case against Meta.
https://apnews.com/article/kenya-facebook-content-moderators-lawsuit-1602c705457443d215e9530cd365f337
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Oct 2023 11:03
Russian Sandworm hackers breached 11 Ukrainian telcos since May
The state-sponsored Russian hacking group tracked as 'Sandworm' has compromised eleven telecommunication service providers in Ukraine between May and September 2023.
That is based on a new report by Ukraine's Computer Emergency Response Team (CERT-UA) citing 'public resources' and information retrieved from some breached providers.
The agency states that the Russian hackers "interfered" with the communication systems of 11 telcos in the country, leading to service interruptions and potential data breaches.
https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-breached-11-ukrainian-telcos-since-may/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Oct 2023 10:55
Counter-OSINT & privacy guide: how to protect your personal data
https://github.com/soxoj/counter-osint-guide-en
#osint #guide
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
16 Oct 2023 10:09
Regulator, insurers and customers all coming for Progress after MOVEit breach
Also, CISA cataloging new ransomware data points, 17k WP sites hijacked by malware in Sept., and more critical vulns
Infosec in brief The fallout from the exploitation of bugs in Progress Software's MOVEit file transfer software continues, with the US Securities and Exchange Commission (SEC) now investigating the matter, and lots of affected parties seeking compensation.
Progress admitted to the ill winds of corporate responsibility blowing its way in a quarterly SEC 10-Q filing. Per the disclosure, it received a subpoena from the SEC on October 2, in which the Commission asked for "various documents and information relating to the MOVEit Vulnerability."
https://www.theregister.com/2023/10/16/infosec_in_brief/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
16 Oct 2023 09:54
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
Void Rabisu is an intrusion set associated with both financially motivated ransomware attacks and targeted campaigns on Ukraine and countries supporting Ukraine. Among the threat actor’s previous targets were the Ukrainian government and military, their energy and water utility sectors, EU politicians, spokespersons of a certain EU government, and security conference participants.
https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
15 Oct 2023 11:03
AgentTesla Spreads Through CHM and PDF Files in Recent Attacks
AgentTesla is an information stealer built on the .NET framework, designed to infiltrate computers and surreptitiously extract sensitive information from the victim’s machine. It initially appeared in 2014, and since then, it has been continuously evolving and spreading worldwide. Its primary objective is to harvest victim credentials and personal data. Furthermore, AgentTesla possesses functionalities such as keylogging, capturing clipboard data, accessing the file system, and transferring data to a Command and Control (C&C) server.
https://cyble.com/blog/agenttesla-spreads-through-chm-and-pdf-files-in-recent-attacks/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
15 Oct 2023 10:57
Ubuntu 23.10 released with new Ubuntu App Center and security improvements
Canonical released Ubuntu 23.10, codename Mantic Minotaur, to the public. The new release of the Linux distribution introduces a large number of changes, including an upgrade to Linux kernel 6.5, a new Ubuntu App Center, support for TMP-backed full-disk encryption, a standalone firmware updater, support for new hardware, including Raspberry Pi 6, and more.
Desktop users find the new version listed on the official download page on the Ubuntu website already. Only the legacy ISO is available at the time, as the maintainers address a last-minute issue in the official Ubuntu Desktop 23.10 and Ubuntu Budgie 23.10 releases.
https://www.ghacks.net/2023/10/15/ubuntu-23-10-released-with-new-ubuntu-app-center-and-security-improvements/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
15 Oct 2023 06:44
New cyber algorithm shuts down malicious robotic attack
Australian researchers have designed an algorithm that can intercept a man-in-the-middle (MitM) cyberattack on an unmanned military robot and shut it down in seconds.
In an experiment using deep learning neural networks to simulate the behaviour of the human brain, artificial intelligence experts from Charles Sturt University and the University of South Australia (UniSA) trained the robot’s operating system to learn the signature of a MitM eavesdropping cyberattack. This is where attackers interrupt an existing conversation or data transfer.
https://www.unisa.edu.au/media-centre/Releases/2023/new-cyber-algorithm-shuts-down-malicious-robotic-attack/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
4200