cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 05:28
Flipper Zero Custom BLE Spam for Android & Windows!! NO ONE IS SAFE ANYMORE!!!
In this week's video, the SPAM IS SPREADING! Thanks to community member Spooky, now the Flipper Zero can use some of the same BLE Spam that everyone's been showing on Apple devices! What's even cooler is that now you can customize the text and image of your BLE spam. It even works on Windows!!
https://invidious.fdn.fr/watch?v=d8cSKNmBwX4
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 05:20
Chilean telecom giant GTD hit by the Rorschach ransomware gang
Chile's Grupo GTD warns that a cyberattack has impacted its Infrastructure as a Service (IaaS) platform, disrupting online services.
Grupo GTD is a telecommunications company offering services throughout Latin America, with a presence in Chile, Spain, Columbia, and Peru. The company provides various IT services, including internet access, mobile and landline telephone, and data center and IT managed services.
On the morning of October 23rd, GTD suffered a cyberattack that impacted numerous services, including its data centers, internet access, and Voice-over-IP (VoIP).
https://www.bleepingcomputer.com/news/security/chilean-telecom-giant-gtd-hit-by-the-rorschach-ransomware-gang/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
25 Oct 2023 15:06
New England Biolabs leak sensitive data
On September 18th, the Cybernews research team discovered two publicly hosted environment files (.env) attributed to New England Biolabs.
Leaving environment files open to the public is one of the simplest mistakes that web admins can make, but it can have disastrous consequences. Despite leaving some of its sensitive credentials exposed, New England Biolabs seems to have dodged a bullet.
https://securityaffairs.com/152995/data-breach/new-england-biolabs-leak-sensitive-data.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
25 Oct 2023 15:01
They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird
Stefan Thomas lost the password to an encrypted USB drive holding 7,002 bitcoins. One team of hackers believes they can unlock it—if they can get Thomas to let them.
At 9:30 am on a Wednesday in late September, a hacker who asked to be called Tom Smith sent me a nonsensical text message: “query voltage recurrence.”
Those three words were proof of a remarkable feat—and potentially an extremely valuable one. A few days earlier, I had randomly generated those terms, set them as the passphrase on a certain model of encrypted USB thumb drive known as an IronKey S200, and shipped the drive across the country to Smith and his teammates in the Seattle lab of a startup called Unciphered.
https://www.wired.com/story/unciphered-ironkey-password-cracking-bitcoin/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
25 Oct 2023 14:57
Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers
ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible
ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS vulnerability in the Roundcube Webmail server on October 11th, 2023. This is a different vulnerability than CVE-2020-35730, which was also exploited by the group according to our research.
https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
25 Oct 2023 14:52
DC Board of Elections hit with major hack by cybercriminals who stole voter data and records
🌀 The data breach was carried out earlier this month by a known hacking group
🌀 Voter information, such as driver's licenses, is now on the dark web
🌀 The FBI and Homeland Security are assisting with the investigation
🌀 READ MORE: Details 40 MILLION voters are exposed in a cyber attack
Social security numbers, driver's licenses and other personal information of thousands of Americans were stolen from a voter registration agency.
The District of Columbia Board of Elections (DCBOE) revealed that its full voter roll systems were accessed in a data breach this month, allowing hackers to identify specific individuals.
https://www.dailymail.co.uk/sciencetech/article-12666619/DC-Board-Elections-hit-major-hack-cybercriminals-stole-voter-data-records.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
25 Oct 2023 14:42
Spanish police make 34 arrests, dismantling cybercriminal gang that stole 4 million people's data
Spanish police have arrested 34 suspected members of a criminal gang that are alleged to have run a variety of scams to steal data from over four million people.
Law enforcement agents across the country took part in 16 searches that not only seized electronic equipment and computer databases, four expensive vehicles, and $80,000 Euros but also confiscated a baseball bat, a katana, and two firearms.
According to a press release by Spain's Policía Nacional, the criminal gang is thought to have made almost three million Euros through email, phone, and SMS text scams -
https://www.bitdefender.com/blog/hotforsecurity/spanish-police-make-34-arrests-dismantling-cybercriminal-gang-that-stole-4-million-peoples-data/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
25 Oct 2023 14:34
AI-generated child sexual abuse images could flood the internet. A watchdog is calling for action
NEW YORK (AP) — The already-alarming proliferation of child sexual abuse images on the internet could become much worse if something is not done to put controls on artificial intelligence tools that generate deepfake photos, a watchdog agency warned on Tuesday.
In a written report, the U.K.-based Internet Watch Foundation urges governments and technology providers to act quickly before a flood of AI-generated images of child sexual abuse overwhelms law enforcement investigators and vastly expands the pool of potential victims.
https://apnews.com/article/ai-artificial-intelligence-child-sexual-abuse-c8f17de56d41f05f55286eb6177138d2
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
25 Oct 2023 14:29
ASVEL's sensitive data breached in a cyberattack
Private documents, players' data, passports, ID cards, contract information, and other sensitive data has been stolen.
On the day of the second game of the new EuroLeague season, bad news reached LDLC ASVEL Villeurbanne's camp.
According to a Cybernews report, the French organization has been hit with a cyberattack by a ransomware gang, NoEscape.
https://basketnews.com/news-195760-asvels-sensitive-data-breached-in-a-cyberattack.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
24 Oct 2023 16:21
PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web
Hundreds of millions of PII records belonging to Indian residents, including Aadhaar cards, are being offered for sale on the Dark Web.
PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web
In early October, Resecurity’s HUNTER (HUMINT) unit identified hundreds of millions of personally identifiable information (PII) records belonging to Indian residents, including Aadhaar cards, being offered for sale on the Dark Web. An Aadhaar is a unique, 12-digit individual identification number “issued by the Unique Identification Authority of India on behalf of the Government of India,” according to the UIDAI website.
https://securityaffairs.com/152957/security/pii-indian-citizens-dark-web.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
24 Oct 2023 16:11
5 southwestern Ontario hospitals hit by cyberattack, patient appointments to be rescheduled
IT provider investigating whether patient data compromised
Online services such as patient records and email have been down since Monday morning at five southwestern Ontario hospitals following a cyberattack, according to the hospitals' IT provider.
TransForm is a local non-profit founded by Windsor Regional Hospital, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, Bluewater Health and the Chatham-Kent Health Alliance to run IT, supply chain and accounts, according to the organization's website.
https://www.cbc.ca/news/canada/windsor/windsor-hospital-system-1.7005158
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
24 Oct 2023 16:07
One login to rule them all: Should you sign in with Google or Facebook on other websites?
Why use and keep track of a zillion discrete accounts when you can log into so many apps and websites using your Facebook or Google credentials, right? Not so fast. What’s the trade-off?
“Continue with Google” – such a seamless way to sign up for and log into a website or app, especially since you likely are already logged into your Google account. All you need to do is tap or click the button and allow some of your personal data from your Google account to be shared with the third-party online service.
https://www.welivesecurity.com/en/cybersecurity/one-login-rule-them-all-should-sign-in-google-facebook-other-websites/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
24 Oct 2023 15:51
Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware
As a cybersecurity company, Kaspersky is constantly dealing with known and brand-new malware samples. As part of our crimeware reporting service, we provide our customers with technical reports on the evolution of existing crimeware families, as well as newly emerging ones. In this article, we share excerpts from our reports on malware that has been active for less than a year: the GoPIX stealer targeting the PIX payment system, which is gaining popularity in Brazil; the Lumar multipurpose stealer advertised on the dark web; and the Rhysida ransomware supporting old Windows versions.
https://securelist.com/crimeware-report-gopix-lumar-rhysida/110871/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
24 Oct 2023 15:46
Police Dismantle Multimillion-Dollar Scam Gang
Police in Spain have said they cracked a major organized crime ring which it’s claimed made at least €3m ($3.2m) from various online scams and fraud.
National Police officers swooped on 16 locations in the provinces of Madrid, Málaga, Huelva, Alicante and Murcia where they arrested 34 suspects and seized firearms, a baseball bat, a katana sword, €80,000 in cash, four luxury vehicles and a database containing information on millions of victims.
https://www.infosecurity-magazine.com/news/police-dismantle-scam-gang/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
24 Oct 2023 15:42
From Copacabana to Barcelona: The Cross-Continental Threat of Brazilian Banking Malware
Key Takeaways
A new version of Grandoreiro malware from TA2725 targets both Mexico and Spain. Previously this malware has only targeted victims in Brazil and Mexico.
Overview
Proofpoint researchers have long tracked clusters of malicious activity using banking malware to target users and organizations in Brazil and surrounding countries. Recently, researchers observed multiple threat clusters targeting Spain from threat actors and malware that have traditionally targeted Portuguese and Spanish speakers in Brazil, Mexico, and other parts of the Americas.
https://www.proofpoint.com/us/blog/threat-insight/copacabana-barcelona-cross-continental-threat-brazilian-banking-malware
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 05:22
Seiko “BlackCat” Data Breach: 60,000 Records on the Line
Seiko Group Corporation (SGC) has recently confirmed the extent of a data breach that it disclosed initially in August. The company’s latest notice focuses on the security of 60,000 records.
The data breach notification, originally published on its website on August 10, resulted from unauthorized access detected on July 28 2023 after the ransomware gang BlackCat listed Seiko on its data leak site. The incident was reported to the Personal Information Protection Committee and the Tokyo Metropolitan Police.
https://www.infosecurity-magazine.com/news/seiko-blackcat-breach-affects-60000/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 05:15
Firefox, Chrome Updates Patch High-Severity Vulnerabilities
Firefox and Chrome updates released this week resolve multiple high-severity memory safety vulnerabilities.
Mozilla and Google this week announced software updates for Firefox and Chrome that address multiple high-severity vulnerabilities, including memory safety bugs.
On Tuesday, Mozilla released Firefox 119 with patches for 11 vulnerabilities, including three high-severity issues.
The first of the flaws, CVE-2023-5721, is an insufficient activation-delay bug that could result in the user unintentionally activating or dismissing browser prompts and dialogues, potentially allowing clickjacking, Mozilla notes in its advisory.
https://www.securityweek.com/firefox-chrome-updates-patch-high-severity-vulnerabilities/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
25 Oct 2023 15:03
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto
Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada.
They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro smartphone, as well as printers, smart speakers, Network Attached Storage (NAS) devices, and surveillance cameras from Western Digital, QNAP, Synology, Canon, Lexmark, and Sonos.
Pentest Limited was the first to demo a zero-day on Samsung's flagship Galaxy S23 device by exploiting improper input validation weakness to gain code execution, earning $50,000 and 5 Master of Pwn points.
https://www.bleepingcomputer.com/news/security/samsung-galaxy-s23-hacked-twice-on-first-day-of-pwn2own-toronto/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
25 Oct 2023 14:58
Philadelphia cyberattack compromised health data of city employees
Philadelphia reported that a recent cyberattack compromised personal information — including health data — of city employees.
Philadelphia on Friday disclosed it had been hit by a cyberattack in May and that the malicious actors may have accessed the personal and health data of city employees through their email accounts.
In a Notice of Privacy Incident statement, city officials said they became aware of “suspicious activity” in city email systems in May. The city launched an investigation, which determined that between May 26 and July 28, an unauthorized actor may have gained access to certain city email accounts.
https://statescoop.com/philadelphia-city-health-data-cyberattack-orange-county/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
25 Oct 2023 14:55
Facebook, Instagram fuel youth mental health crisis with addictive apps: lawsuit
Meta was slapped with a bombshell lawsuit by nearly three dozen states on Tuesday alleging the Facebook and Instagram parent has fueled a youth mental health crisis by exploiting the addictive nature of their social media platforms.
The joint lawsuit, filed in California federal court by 33 states including New York, alleges that Meta has “ignored the sweeping damage these platforms have caused to the mental and physical health of our nation’s youth” and engaged in “deceptive and unlawful conduct.”
https://nypost.com/2023/10/24/business/meta-platforms-sued-by-33-states-for-allegedly-contributing-to-youth-mental-health-crisis/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
25 Oct 2023 14:47
When is a privacy button not a privacy button? When Google runs it, claims lawsuit
'It looks like even Sundar Pichai is confused about how this control works'
A recently released video deposition in long-running lawsuit over Google tracking its users has claimed that even the CEO Sundar Pichai isn't clear on what's going on below him.
For the past three years, Google has been fighting a lawsuit that claims the company has a misleading menu that promises privacy but fails to provide it.
It's all about a setting called Web & App Activity (WAA) and a subsetting referred to as sWAA that extends purported privacy protection to "include Chrome history and activity from sites, apps, and devices that use Google services." The relevant menu button is available via one's Google Accounts web page.
https://www.theregister.com/2023/10/24/google_privacy_button/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
25 Oct 2023 14:38
API Security Flaw Impacted Grammarly, Vidio and Bukalapak
Salt Security has revealed research unveiling critical API security vulnerabilities in the OAuth protocol implementations of popular online platforms like Grammarly, Vidio and Bukalapak.
These vulnerabilities, which have now been addressed, had the potential to compromise user credentials and enable full account takeovers, endangering billions of users.
https://www.infosecurity-magazine.com/news/api-security-flaw-grammarly-vidio/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
25 Oct 2023 14:30
Russian hackers exploit Roundcube zero-day to steal govt emails
The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day in attacks targeting European government entities and think tanks since at least October 11.
The Roundcube development team released security updates fixing the Stored Cross-Site Scripting (XSS) vulnerability (CVE-2023-5631) reported by ESET researchers on October 16.
These security patches were pushed five days after the Slovak cybersecurity company detected Russian threat actors using the zero-day in real-world attacks.
https://www.bleepingcomputer.com/news/security/russian-hackers-exploit-roundcube-zero-day-to-steal-govt-emails/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
25 Oct 2023 14:22
The outstanding stealth of Operation Triangulation
Introduction
In our previous blogpost on Triangulation, we discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. We mentioned, among other things, that it is able to execute additional modules. We also mentioned that this operation was quite stealthy. This article details one important aspect of this attack – the stealth that was exercised by the threat actor behind it. Along the way, we will also reveal more information about the components used in this attack.
https://securelist.com/triangulation-validators-modules/110847/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
24 Oct 2023 16:17
Equifax data breach claims are extended
The Equifax data breach extension has led to an extended window for individuals to claim compensation for financial and time-related setbacks caused by the breach. If you were impacted by the breach and experienced financial losses or time-related expenses between January 23, 2020, and January 22, 2024, you may be eligible for compensation.
To be eligible for a claim at Equifax data breach extension, you must have been impacted by the Equifax data breach and experienced financial losses or time-related expenses between January 23, 2020, and January 22, 2024. The following expenses are eligible for reimbursement:
https://www.ghacks.net/2023/10/24/how-to-file-a-claim-on-equifax-data-breach-extension/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
24 Oct 2023 16:10
New York health network restores services after crippling cyberattack
A hospital network in New York was able to restore its online systems on Saturday after a week of issues caused by a cyberattack.
Westchester Medical Center Health Network released a statement on October 16, warning that HealthAlliance Hospital, Margaretville Hospital and Mountainside Residential Care Center were “experiencing a potential cybersecurity threat and an IT system outage.”
The provider was forced to divert ambulances away from all three facilities throughout the week and faced backlash from community members for not fully explaining the situation. Its phone, email and internet services were knocked offline.
https://therecord.media/new-york-medical-network-cyberattack-diversions
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
24 Oct 2023 16:05
I heard a strange man talk to my daughter in her room — our baby monitor was hacked
An Australian dad was ready to fight an intruder in his 1-year-old daughter’s room — but when he entered, no one was there.
Now, rapper J-Milla and his partner, Poppy Radbone, are warning parents about hackers accessing baby monitors.
“Someone hacked into our baby monitor and was talking to our 1-year-old baby,” reads the text atop the couple’s TikTok, which has more than 1.2 million views since it was posted last week.
https://nypost.com/2023/10/23/lifestyle/parents-say-baby-monitor-was-hacked-someone-talked-to-child/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
24 Oct 2023 15:48
Irish National Police Records of Seized Vehicles Exposed in 3rd Party Contractor Data Breach
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained over 500k records containing identification documents and other potentially sensitive information. The documents appear to be associated with the Irish National Police Database of automobile seizures and the private towing and storage contractors.
https://www.vpnmentor.com/news/report-irish-police-breach/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
24 Oct 2023 15:44
Double Trouble: Quasar RAT's Dual DLL Sideloading in Focus
In a sophisticated twist to the traditional sideloading tactics, the Quasar RAT introduces a novel dual DLL sideloading technique, ingeniously utilizing two commonly trusted Microsoft files: "ctfmon.exe" and "calc.exe." Such a method not only leverages the inherent trust these files enjoy within the Windows ecosystem but also presents an increased challenge to threat detection mechanisms. This article dives deep into the meticulous design and execution of these sideloading techniques, illustrating how they stealthily introduce, deploy, and run malicious payloads under the radar.
https://www.uptycs.com/blog/quasar-rat
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
24 Oct 2023 15:36
DC Board of Elections Says Full Voter Roll Compromised in Data Breach
The District of Columbia Board of Elections says full voter roll compromised in a recent data breach at hosting provider DataNet.
The District of Columbia Board of Elections (DCBOE) on Friday announced that its full voter roll might have been accessed in a recent data breach at a third-party services provider.
The incident was initially disclosed on October 6, when the agency said that a threat actor accessed 600,000 lines of US voter data after breaching DataNet, which provides website hosting services to DCBOE.
https://www.securityweek.com/dc-board-of-elections-says-full-voter-roll-compromised-in-data-breach/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
4200