cRyPtHoN™ INFOSEC (EN)
24 Oct 2023 15:34
1Password discloses security incident linked to Okta breach
1Password, a popular password management platform used by over 100,000 businesses, suffered a security incident after hackers gained access to its Okta ID management tenant.
"We detected suspicious activity on our Okta instance related to their Support System incident. After a thorough investigation, we concluded that no 1Password user data was accessed," reads a very brief security incident notification from 1Password CTO Pedro Canahuati.
"On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps."
https://www.bleepingcomputer.com/news/security/1password-discloses-security-incident-linked-to-okta-breach/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
23 Oct 2023 10:27
Okta says hackers breached its support system and viewed customer files
Hackers obtained valid credentials, but Okta doesn't say how.
Identity and authentication management provider Okta said hackers managed to view private customer information after gaining access to credentials to its customer support management system.
“The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases,” Okta Chief Security Officer David Bradbury said Friday. He suggested those files comprised HTTP archive, or HAR, files, which company support personnel use to replicate customer browser activity during troubleshooting sessions.
https://arstechnica.com/security/2023/10/okta-says-hackers-breached-its-support-system-and-viewed-customer-files/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
23 Oct 2023 10:19
Indian authorities raid fake tech support rings after tipoff from Amazon and Microsoft
Also went after crypto-crooks who sought money to buy miners for fake token
Acting on information from Microsoft and Amazon, India's Central Bureau of Investigation (CBI) has raided alleged fake tech support operators and other tech-related crims across the country.
The Bureau shared news of a Thursday operation that saw it conduct 76 searches in relation to five cases.
The Bureau stated its effort "was conducted in collaboration with national and international agencies, alongside private sector giants," and described two of its targets as international tech support fraud scams that "impersonated a global IT major and a multinational corporation with an online technology-driven trading platform."
https://www.theregister.com/2023/10/20/india_tech_supoprt_scam_raids/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
23 Oct 2023 09:18
Google Chrome's new "IP Protection" will hide users' IP addresses
Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers.
Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to strike a balance between ensuring users' privacy and the essential functionalities of the web.
IP addresses allow websites and online services to track activities across websites, thereby facilitating the creation of persistent user profiles. This poses significant privacy concerns as, unlike third-party cookies, users currently lack a direct way to evade such covert tracking.
https://www.bleepingcomputer.com/news/google/google-chromes-new-ip-protection-will-hide-users-ip-addresses/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Oct 2023 12:00
A threat actor is selling access to Facebook and Instagram’s Police Portal
A threat actor is selling access to Facebook and Instagram’s Police Portal used by law enforcement agencies to request data relating to users under investigation.
Cyber security researcher Alon Gal, co-founder & CTO of Hudson Rock, first reported that a threat actor is selling access to Facebook and Instagram’s Police Portal.
The portal allows law enforcement agencies to request data relating to users (IP, phones, DMs, device info) or request the removal of posts and the ban of accounts.
https://securityaffairs.com/152811/cyber-crime/facebook-and-instagrams-police-portal-access.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Oct 2023 11:53
American Family Insurance confirms cyberattack is behind IT outages
Insurance giant American Family Insurance has confirmed it suffered a cyberattack and shut down portions of its IT systems after customers reported website outages all week.
American Family Insurance (AmFam) is an insurance company focusing on commercial and personal property, casualty, auto, and life insurance, as well as offering investment and retirement planning The company employs 13,000 people and has a 2022 revenue of $14.4 billion.
In an email to BleepingComputer, American Family Insurance confirmed that they detected unusual activity on their network and shut off IT systems to prevent the spread of the cyberattack.
https://www.bleepingcomputer.com/news/security/american-family-insurance-confirms-cyberattack-is-behind-it-outages/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Oct 2023 14:21
Report: This Chrome feature may leak frequently visited sites
Google Chrome and all other Chromium-based web browsers collect site engagement statistics. It measures how "engaged" a user is with a particular site. The score ranges from 0 to 100, with 100 being "super engaged" and 0 not at all.
The browser uses signals to compute the score. Signals may include clicking and scrolling, keypresses, media playback, or direct navigations.
All users of Chromium-based browsers can open the information for their browser profile. Just load chrome://site-engagement/ in the browser's address bar to look at the list.
https://www.ghacks.net/2023/10/21/report-this-chrome-feature-may-leak-frequently-visited-sites/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Oct 2023 14:18
Critical RCE flaws found in SolarWinds access audit solution
Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges.
SolarWinds ARM is a tool that enables organizations to manage and audit user access rights across their IT environments. It offers Microsoft Active Directory integration, role-based access control, visual feedback, and more.
Through Trend Micro’s Zero Day Initiative (ZDI), researchers reported eight flaws in the SolarWinds solution on June 22, three of them with critical severity.
https://www.bleepingcomputer.com/news/security/critical-rce-flaws-found-in-solarwinds-access-audit-solution/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Oct 2023 00:04
VMware Workstation 17.5 Player fixes a security issue
If you use VMWare Workstation Player to run virtual machines on your devices, you may want to update the existing version of the application to the newly released 17.5 version.
VMWare Workstation 17.5 Player fixes a security issue in the application, enhances security by switching encryption schemes, and makes a number of other changes.
Users who run VMWare Workstation Player already on their devices will receive an update notification the next time they run the client. The option to download and install the update is available, but it can also be skipped entirely or postponed.
Downloads are also available on the official project website already.
https://www.ghacks.net/2023/10/20/vmware-workstation-17-5-player-fixes-a-security-issue/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 23:55
Exploited SSH Servers Offered in the Dark web as Proxy Pools
Aqua Nautilus researchers have shed brighter light on a long-standing threat to SSH in the context of the cloud. More specifically, the threat actor harnessed our SSH server to be a slave proxy and pass traffic through it. In this blog, we will explain this threat, demonstrate how attackers exploit SSH, what actions they take upon gaining initial access, and the implications of these attacks on organizations and businesses.
https://blog.aquasec.com/threat-alert-exploited-ssh-servers-offered-in-the-dark-web-as-proxy-pools
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 23:40
CVE-2023-22515-Scan
This is simple scanner for CVE-2023-22515, a critical vulnerability in Atlassian Confluence Data Center and Server that is actively being exploited in the wild by threat actors in order "to create unauthorized Confluence administrator accounts and access Confluence instances". The vulnerability was initially described as a "privilege escalation" issue, but Atlassian later changed the classification to "broken access control" in their security advisory.
https://github.com/ErikWynter/CVE-2023-22515-Scan
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 23:25
International Criminal Court says cyberattack was attempted espionage
The International Criminal Court (ICC), the world’s only permanent international court with a mandate to investigate and prosecute genocide, crimes against humanity and war crimes, has determined that a September cyberattack against its systems was attempted espionage.
The court, headquartered in The Hague, Netherlands, confirmed last month that hackers had infiltrated its network. In an update posted Friday, the ICC said it had since determined that this incident was a “targeted and sophisticated attack” with the “objective of espionage.”
https://techcrunch.com/2023/10/20/war-crimes-tribunal-cyberattack-espionage-russia/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 23:17
DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals
Vietnam-based cybercriminals are believed to be behind to attacks using DarkGate malware, which have targeted organizations in the UK, US and India since 2018.
WithSecure researchers have tracked these attacks to an active cluster of cybercriminals using the Ducktail infostealer, which has been used in recent campaigns targeting Meta business accounts.
https://www.infosecurity-magazine.com/news/darkgate-malware-vietnam/
https://labs.withsecure.com/publications/darkgate-malware-campaign
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 22:59
Philippine Military Ordered to Stop Using Artificial Intelligence Apps Due to Security Risks
The Philippine defense chief ordered the 163,000-member military to stop using applications that harness AI to generate personal portraits, saying they could pose security risks.
The Philippine defense chief has ordered all defense personnel and the 163,000-member military to refrain from using digital applications that harness artificial intelligence to generate personal portraits, saying they could pose security risks.
Defense Secretary Gilberto Teodoro Jr. issued the order in an Oct. 14 memorandum, as Philippine forces have been working to weaken decades-old communist and Muslim insurgencies and defend territorial interests in the disputed South China Sea.
https://www.securityweek.com/philippine-military-ordered-to-stop-using-artificial-intelligence-apps-due-to-security-risks/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 10:39
Eastern European energy and defense firms targeted with MATA backdoor
Hackers have targeted more than a dozen oil, gas and defense firms in Eastern Europe with an updated version of the MATA backdoor framework, according to recent research.
The MATA backdoor was previously attributed to the North Korean hacker group Lazarus.
Researchers at the cybersecurity firm Kaspersky, who uncovered the campaign, did not directly link the latest attacks to Lazarus. However, they noted that the majority of malicious Microsoft Word documents created by the hackers had a Korean font called Malgun Gothic, suggesting that the developer is either familiar with Korean or works in a Korean environment.
https://therecord.media/eastern-europe-energy-and-defense-targeted-mata
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
23 Oct 2023 10:32
MI5 chief warns of Chinese cyber espionage reached an unprecedented scale
MI5 chief warns Chinese cyber espionage reached an epic scale, more than 20,000 people in the UK have now been targeted.
The head of MI5, Ken McCallum, warns that Chinese spies targeted more than 20,000 people in the UK.
During a meeting of security chiefs of the Five Eyes alliance held in California, McCallum told BBC that the Chinese cyber espionage reached an epic scale.
Chinese cyber espionage aims at obtaining commercial secrets and intellectual property to advantage the government of Beijing.
https://securityaffairs.com/152855/intelligence/mi5-warns-chinese-cyber-espionage.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
23 Oct 2023 10:22
H1 2023 in Cybersecurity
Once a year, Check Point Research releases a “mid-year report”: a summary of the first half of the calendar year in cybersecurity, including all of the major changes, trends, and events that defined January through June. Obviously a lot happens in that time, and so the reports end up rather long. Which is why, sometimes, we’ll do one of these episodes to summarize. Not every detail, but the biggest, most important things you should know.
https://research.checkpoint.com/2023/h1-2023-in-cybersecurity/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
23 Oct 2023 09:55
China crackdown on cyber scams in Southeast Asia nets thousands but leaves networks intact
BANGKOK (AP) — Zhang Hongliang, a former restaurant manager in central China, took various gigs in and outside China to support his family after losing his job during the COVID-19 pandemic.
In March, a job offer to teach Chinese cooking at a restaurant led him into a cyber scam compound in Myanmar, where he was instead ordered to lure Chinese into giving up their savings for fake investment schemes via social media platforms.
Zhang is one of tens of thousands of people, mostly but not all Chinese, who have become ensnared in cyber scam networks run by powerful Chinese criminal syndicates in Southeast Asia.
https://apnews.com/article/china-southeast-asia-cyberscam-criminal-myanmar-4d749243cd4c95d697060d8cef59cabb
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Oct 2023 12:04
Chinese Scammers Use Fake Loan Apps for Money Laundering
A large number of victims of these scams are unsuspecting users in India.
Beware of fake banking and loan apps that offer instant loans but, in reality, collect your Personal Identifying Information (PII) and financial data, while also requesting excessive permissions to access data on your phone.
The cybersecurity researchers at CloudSEK have found a new scam campaign in which Chinese scammers are targeting the Indian digital payment system using illegal instant loan apps. The scammers have lured thousands of victims, making false promises of substantial loans on easy instalments and after obtaining personal details and fees, they vanish.
https://www.hackread.com/chinese-scammers-fake-loan-apps-money-laundering/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
22 Oct 2023 11:58
How to block Windows 11 from using Diagnostic Data to show Ads
Microsoft's Windows 11 operating system has so many preferences for showing advertisement and promotions that it is hard to keep up. Did you know that Windows may use diagnostic data to show you ads?
Microsoft words these options differently, usually by adding "tips" and "recommendations" to the description to make the main intention less obvious.
Microsoft introduced a core change to Telemetry when it released Windows 10. Basic diagnostic data is now collected and submitted to Microsoft in Windows 10 and 11. Windows 11 users may opt-in to send optional diagnostic data; this is not recommended for most, as it includes data about visited websites or how apps and features are used.
https://www.ghacks.net/2023/10/22/how-to-block-windows-11-from-using-diagnostic-data-to-show-ads/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Oct 2023 14:23
US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide
The U.S. government seized 17 website domains used by North Korean IT workers in a fraudulent scheme to defraud businesses worldwide.
The U.S. government announced the seizure of 17 website domains used by North Korean information technology (IT) workers as part of a fraudulent scheme illicit scheme to defraud businesses worldwide.
The illicit funds defraud U.S. and foreign businesses, evade sanctions and fund the development of the DPRK government’s weapons program.
https://securityaffairs.com/152790/security/north-korean-it-workers-scammers.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Oct 2023 14:19
Vietnamese Hackers Hit Digital Marketers With Info Stealers
Under Fire: US, UK and India; Attackers Often Wield DarkGate Info-Stealing Malware
Cybercrime groups in Vietnam are targeting the digital marketing sector in the United Kingdom, United States and India with multiple malware strains, including the widely used DarkGate information stealer, security researchers report.
Security firm WithSecure's Detection and Response Team said it tracked multiple Vietnamese cybercrime groups running social engineering campaigns in September, designed to trick marketing professionals into downloading malicious files masquerading as job descriptions and salary details.
https://www.healthcareinfosecurity.com/vietnamese-hackers-hit-digital-marketers-infostealers-a-23360
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Oct 2023 00:14
New Windows Infostealer ‘ExelaStealer’ Being Sold on Dark Web
Another day, another malware threat against Windows devices and users!
Be cautious of the newly advertised ExelaStealer infostealer malware, now making the rounds on dark web forums and Telegram. Its primary aim is to target Windows-based devices.
FortiGuard Labs has discovered a new infostealer in the cybercrime landscape called ExelaStealer mostly targeting Windows devices.
The infostealer is written in Python but uses resources in many different languages when required.
https://www.hackread.com/windows-infostealer-exelastealer-sold-on-dark-web/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 23:59
Tampered OpenCart Authentication Aids Credit Card Skimming Attack
Using out of date software is the leading cause of website compromise, so keeping your environment patched and up to date is one of the most important responsibilities of a website administrator. It’s not uncommon to employ the use of custom code on websites, and spend small fortunes on software developers to tailor their website just the way they want it. However, the usage of customised code can sometimes inadvertently lock a website administrator into using an out of date CMS installation long after its expiry date, particularly if they no longer have access to their old developer (or sufficient funds to hire a new one).
https://blog.sucuri.net/2023/10/tampered-opencart-authentication-aids-credit-card-skimming-attack.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 23:49
Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity
Recorded Future's research group, Insikt Group, has identified an application disseminated on a Telegram Channel used by members/supporters of the Hamas terrorist organization.
The application is configured to communicate with Hamas's Izz ad-Din al-Qassam Brigades website. Infrastructure analysis associated with the website led to the identification of a cluster of domains that mimic the domain registration tradecraft of TAG-63 (AridViper, APT-C-23, Desert Falcon), a cyber group that we believe operates at the behest of the Hamas terrorist organization. We also observed that these domains were interconnected via a Google Analytics code.
https://www.recordedfuture.com/hamas-application-infrastructure-reveals-possible-overlap-tag-63-iranian-threat-activity
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 23:29
'The CIA dropped the ball here': Hacker hijacked the CIA's secure contact link for Russian informants due to Twitter flaw
🌀 Twitter change meant informants' information could be hijacked
🌀 'Pro-CIA patriot' hacker directed them to his own channel
An American hacker was able to use a glitch on the CIA's X account (formerly known as Twitter) to direct potential informants to his own Telegram channel.
The link on the CIA's Twitter channel offers informants ways to covertly contact the agency - and large amounts of the text is in Russian, to enable people within the country to contact the CIA.
https://www.dailymail.co.uk/sciencetech/article-12650617/The-CIA-dropped-ball-Hacker-hijacked-CIAs-secure-contact-link-Russian-informants-Twitter-flaw.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 23:20
Admin behind E-Root stolen creds souk extradited to US
There was a young man from Moldova, who the Feds just want to roll over, but with 20 inside, and nowhere to hide, he just wants it all to be over
A Moldovan who allegedly ran the compromised-credential marketplace E-Root has been extradited from the UK to America to stand trial.
Sandu Diaconu, 31, along with another individual whose name has been redacted from court documents, allegedly operated the illicit souk selling access to compromised servers worldwide between 2015 and 2020.
"The Marketplace existed primarily as a place for individuals to buy and sell RDP and SSH access (login credentials) to compromised servers, which was used to facilitate a wide range of illegal activity, such as ransomware attacks, fraudulent wire transfers, and tax fraud," the indictment says [PDF].
https://www.theregister.com/2023/10/20/eroot_admin_extradited/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 23:00
Okta says its support system was breached using stolen credentials
Okta says attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials.
"The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases," said Okta's Chief Security Officer David Bradbury.
"It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted."
https://www.bleepingcomputer.com/news/security/okta-says-its-support-system-was-breached-using-stolen-credentials/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 10:42
The Ragnar Locker ransomware is under control now
In a major breakthrough in the ongoing battle against cybercrime, a coalition of international law enforcement agencies has successfully seized the Tor negotiation and data leak sites belonging to the notorious Ragnar Locker ransomware operation.
The seizure message displayed on the sites confirms that this action is part of a coordinated effort against the Ragnar Locker group, as reported by BleepingComputer, with a press release expected to provide more details.
https://www.ghacks.net/2023/10/20/rangnar-locker-ransomware/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 10:38
Crambus: New Campaign Targets Middle Eastern Government
Iran-linked attackers compromised multiple computers and servers over the course of eight months.
The Iranian Crambus espionage group (aka OilRig, MuddyWater, APT34) staged an eight-month-long intrusion against a government in the Middle East between February and September 2023. During the compromise, the attackers stole files and passwords and, in one case, installed a PowerShell backdoor (dubbed PowerExchange) that was used to monitor incoming mails sent from an Exchange Server in order to execute commands sent by the attackers in the form of emails, and surreptitiously forwarded results to the attackers.
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/crambus-middle-east-government
📡@
📡@
📡@
📡@
📡@
Читать полностью…
4200