cRyPtHoN™ INFOSEC (EN)
28 Oct 2023 11:42
Have you accidentally hired a North Korean IT worker who’s spying on your company?
South Korea and the United States’s FBI are warning organisations that they might have inadvertently recruited a North Korean spy to work in their IT department.
The USA and South Korea first issued advice to companies in 2022 about the measures they should take to avoid hiring North Korean freelance coders and IT staff, warning of risks including the theft of intellectual property, data, and funds, as well as reputational harm and legal consequences.
https://grahamcluley.com/have-you-accidentally-hired-a-north-korean-it-worker-whos-spying-on-your-company/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
28 Oct 2023 11:31
Nigerian Police Dismantle Major Cybercrime Hub
Nigerian police have uncovered and shut down a cybercrime recruitment and training center in the country’s capital.
A post on X (formerly Twitter) by the Nigerian Police Force (NPF) claimed that its National Cybercrime Center (NCCC) made six arrests after officers raided the hub in the Dantata Estate area of Abuja.
“The investigation and operation was initiated in response to a series of intelligence reports that indicated a deep involvement of the syndicate in various cybercrimes, including business email compromise, romance scams, and high yield investment program fraud,” the post explained.
https://www.infosecurity-magazine.com/news/nigerian-police-dismantle-major/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
27 Oct 2023 05:21
Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps
Cloudflare mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks exploiting the flaw HTTP/2 Rapid Reset.
Cloudflare DDoS threat report of 2023 states that the company has mitigated thousands of hyper-volumetric HTTP distributed denial-of-service attacks.
89 of the attacks mitigated by the company exceeded 100 million requests per second (rps), the largest attack peaked at 201 million rps, which is three times higher than the previous largest attack on record (71M rps). These attacks exploited the HTTP/2 Rapid Reset vulnerability (CVE-2023-44487).
https://securityaffairs.com/153082/hacking/cloudflare-hyper-volumetric-http-distributed-ddos-attacks.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
27 Oct 2023 04:47
Ambulances diverted after New York hospitals hit by cyber attack
It's all too easy sometimes to imagine that a cyber attack is confined to the digital world, and that - although disruptive - it may not have serious consequences in real life.
Maybe the attack which happened last week in New York will make you think differently.
A cyber attack hit the infrastructure of Westchester Medical Center Health Network, impacting the computer systems of HealthAlliance Hospital in Kingston along with Margaretville Hospital and Mountainside Residential Care Center.
https://www.bitdefender.com/blog/hotforsecurity/ambulances-diverted-after-new-york-hospitals-hit-by-cyber-attack/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
27 Oct 2023 04:31
How to catch a wild triangle
In the beginning of 2023, thanks to our Kaspersky Unified Monitoring and Analysis Platform (KUMA) SIEM system, we noticed suspicious network activity that turned out to be an ongoing attack targeting the iPhones and iPads of our colleagues. The moment we understood that there was a clear pattern in the connections, and that the devices could have been infected, we initiated a standard digital forensics and incident response (DFIR) protocol for such cases – moving around the office, collecting the devices, and inspecting their contents. The ultimate goal was to locate and extract the malware, to find the point of entry (hopefully, a 0-day) and to develop a protocol for scanning the iDevices for active infection.
https://securelist.com/operation-triangulation-catching-wild-triangle/110916/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
27 Oct 2023 04:18
Windows 10 KB5031445 preview update fixes ctfmon.exe memory leak, 9 issues
Microsoft has released the optional KB5031445 Preview cumulative update for Windows 10 22H2 with nine improvements or fixes, including a fix for a memory leak in ctfmon.exe.
The KB5031445 cumulative update preview is part of Microsoft's "optional non-security preview updates" schedule, which are typically released on the fourth Tuesday of every month. This update allows Windows admins to test upcoming fixes and features that will be released in the upcoming November Patch Tuesday.
Unlike Patch Tuesday cumulative updates, the preview updates do not include security updates.
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5031445-preview-update-fixes-ctfmonexe-memory-leak-9-issues/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
27 Oct 2023 04:08
Doctor Web’s September 2023 review of virus activity on mobile devices
In early Sept, Doctor Web published a study of Android.Pandora.2, a backdoor that creates a botnet of infected devices and can carry out DDoS attacks at the command of threat actors. In the middle of the month, our specialists informed users about malicious programs from the Android.Spy.Lydia family. These multi-functional spyware trojans target Iranian users. Members of this family are camouflaged as a financial platform for online trading; they can perform various malicious actions at the command of attackers. This includes intercepting and sending SMS, collecting information about user phonebook contacts, hijacking clipboard contents, loading phishing websites, and so on. The Android.Spy.Lydia trojans can be used in a variety of fraudulent schemes and to steal personal data
https://news.drweb.com/show/review/?lng=en&i=14767
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
27 Oct 2023 03:37
iLeakage: Browser-based Timerless Speculative Execution Attacks on Apple Devices
https://ileakage.com/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 07:02
New England Biolabs leak sensitive data
On September 18th, the Cybernews research team discovered two publicly hosted environment files (.env) attributed to New England Biolabs.
Leaving environment files open to the public is one of the simplest mistakes that web admins can make, but it can have disastrous consequences. Despite leaving some of its sensitive credentials exposed, New England Biolabs seems to have dodged a bullet.
https://securityaffairs.com/152995/data-breach/new-england-biolabs-leak-sensitive-data.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 07:00
CoinFlip Data Breach Exposes Personal Information of Over 36,646 Customers
The Bitcoin ATM operator detected unauthorized access to its systems in August which in fact took place a day before.
The Bitcoin ATM operator, CoinFlip recently filed a data breach notice with the official Vermont Government. The CoinFlip data breach notification was also shared with its customers in September this year. However, it was not reported in the media, also due to the absence of the same being claimed by a cybercriminal group.
https://thecyberexpress.com/coinflip-data-breach-impacts-36646-individuals/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 06:56
Alleged Airbnb Data Breach Exposes 1.2 Million User Records!
Airbnb's data breach is an unexpected 'room' service, as hackers try to check-in on a million user secrets.
A significant data breach has allegedly compromised Airbnb’s security, potentially exposing the personal information of 1.2 million users.
A threat actor, who goes by the name ‘Sheriff’ on the darkweb, has come forward, claiming the Airbnb data breach, which includes sensitive details such as names, email addresses, countries of residence, cities, and more.
https://thecyberexpress.com/airbnb-data-breach-millions-records-on-sale/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 06:49
Okta’s Latest Security Breach Is Haunted by the Ghost of Incidents Past
A recent breach of authentication giant Okta has impacted nearly 200 of its clients. But repeated incidents and the company’s delayed disclosure have security experts calling foul.
On Friday, October 20, the identity management platform Okta said it suffered an intrusion in its customer support system. As an access and authentication service, a breach of Okta always comes with risks to other organizations, and the company confirmed that “certain Okta customers” were affected. Okta tells WIRED that it notified “around 1 percent” of its 18,400 customers that they were impacted.
https://www.wired.com/story/okta-support-system-breach-disclosure/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 05:52
Apple releases iOS 16.7.2 and iOS 15.8 security updates to patch old hardware
Devices as old as the iPhone 6S and iPad Air 2 are still getting patches.
Apple is releasing a slew of updates for its latest operating systems today, including iOS and iPadOS 17.1, macOS Sonoma 14.1, watchOS 10.1, and others. The company is also releasing security updates for a few previous-generation operating systems, so that people who aren't ready to upgrade (and older devices that can't upgrade) will still be protected from new exploits.
Those updates include iOS and iPadOS 16.7.2 and 15.8, macOS Ventura 13.6.1, macOS Monterey 12.7.1, and the Safari 17.1 update for both of those macOS versions.
https://arstechnica.com/gadgets/2023/10/apple-releases-ios-16-7-2-and-ios-15-8-security-updates-to-patch-old-hardware/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 05:47
How it feels to be a victim of deepfake pornography
Helen Mort is an award-winning poet and author.
She’s also an unwitting victim of deepfake pornography. She didn’t know until someone directed her towards sexually-explicit deepfake images on a porn site. Images which had her own face edited onto another woman’s body.
She doesn’t know who deepfaked her using personal photographs that they found online, but the results have clearly affected her deeply.
https://grahamcluley.com/how-it-feels-to-be-a-victim-of-deepfake-pornography/
https://www.theguardian.com/technology/ng-interactive/2023/oct/25/my-blonde-gf-a-disturbing-story-of-deepfake-pornography
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 05:39
Winter Vivern: Zero-Day XSS Exploit Targets Roundcube Servers
ESET Research has discovered a significant cybersecurity threat as the Winter Vivern group exploited a zero-day cross-site scripting (XSS) vulnerability in the Roundcube Webmail server.
The new campaign, described in an advisory published today, targeted Roundcube Webmail servers of governmental entities and a think tank in Europe. ESET Research promptly reported the vulnerability to the Roundcube team on October 12, and the team acknowledged and patched it within a short timeframe, releasing security updates on October 16.
https://www.infosecurity-magazine.com/news/winter-vivern-zero-day-targets/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
28 Oct 2023 11:38
Apple Private Wi-Fi hasn't worked for the past three years
Not exactly the MAC daddy
Three years after Apple introduced a menu setting called Private Wi-Fi Address, a way to spoof network identifiers called MAC addresses, the privacy protection may finally work as advertised, thanks to a software fix.
"To communicate with a Wi-Fi network, a device must identify itself to the network using a unique network address called a Media Access Control (MAC) address," Apple explains in its documentation.
"If the device always uses the same Wi-Fi MAC address across all networks, network operators and other network observers can more easily relate that address to the device's network activity and location over time. This allows a kind of user tracking or profiling, and it applies to all devices on all Wi-Fi networks."
https://www.theregister.com/2023/10/27/apple_private_wifi_fixed/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
28 Oct 2023 11:27
Lazarus hackers breached dev repeatedly to deploy SIGNBT malware
The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer.
The fact that Lazarus breached the same victim multiple times indicates that the hackers aimed to steal source code or attempt a supply chain attack.
"This recurring breach suggested a persistent and determined threat actor with the likely objective of stealing valuable source code or tampering with the software supply chain, and they continued to exploit vulnerabilities in the company's software while targeting other software makers," explains Kaspersky.
https://www.bleepingcomputer.com/news/security/lazarus-hackers-breached-dev-repeatedly-to-deploy-signbt-malware/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
27 Oct 2023 05:19
Beware of the Flipper Zero Bluetooth spam attacks
As we previously covered, Flipper Zero is a portable, open-source multi-tool device for pentesters and geeks. It can be used to interact with a variety of electronic devices, including RFID tags, radio remotes, iButton, and digital access keys but recently it has come back to the talk with a worrying feature.
A custom Flipper Zero firmware called "Xtreme" has added a new feature to perform Bluetooth spam attacks on Android and Windows devices.
This feature, called "BLE Spam," allows users to send a variety of spam messages to nearby devices, including phishing links, malware, and even denial-of-service attacks.
https://www.ghacks.net/2023/10/26/flipper-zero-bluetooth-spam-attack/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
27 Oct 2023 04:42
ServiceNow quietly addresses unauthenticated data exposure flaw from 2015
Researcher who publicized issue brands company’s communication 'appalling'
ServiceNow is issuing a fix for a flaw that exposes data after a researcher published a method for unauthenticated attackers to steal an organization's sensitive files.
Security researcher Aaron Costello highlighted apparent issues with the default configurations of ServiceNow's widgets, allowing for personal data to be exposed.
https://www.theregister.com/2023/10/26/servicenow_data_exposure_flaw/
https://www.enumerated.ie/index/servicenow-data-exposure
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
27 Oct 2023 04:25
When PAM Goes Rogue: Malware Uses Authentication Modules for Mischief
Executive Summary
In this article, we’ll explore the use of pluggable authentication module (PAM) application programming interfaces (APIs) in malicious software. We’ll also demonstrate why keeping an eye on PAM APIs in a sandboxed environment could be useful.
PAM is a widely used framework for authentication and authorization on Linux systems. Many popular applications and services on Linux systems rely on PAM and use its APIs for authentication, which includes SSH service, GNOME Display Manager (GDM) and system services such as sudo.
https://unit42.paloaltonetworks.com/linux-pam-apis/
#oscp #iocteams #spread #snortteams
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
27 Oct 2023 04:14
StripedFly worming miner hides sophisticated code and espionage-ready capabilities
Woburn, MA – October 26, 2023 – Kaspersky experts have uncovered a previously unknown, highly sophisticated malware, dubbed StripedFly, affecting over a million victims around the world since at least 2017. Initially acting as a cryptocurrency miner, it turned out to be a complex malware with a multi-functional wormable framework
In 2022 Kaspersky's Global Research and Analysis Team encountered two unexpected detections within the WININIT.EXE process, triggered by code sequences that were earlier observed in Equation malware. StripedFly activity had been ongoing since at least 2017 and had effectively evaded prior analysis, previously being misclassified as a cryptocurrency miner
https://usa.kaspersky.com/about/press-releases/2023_stripedfly-a-worming-miner-hiding-sophisticated-code-and-espionage-ready-capabilities
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
27 Oct 2023 03:59
NextGen Mirth Connect Remote Code Execution Vulnerability (CVE-2023-43208)
Summary
Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability, CVE-2023-43208. If you’re a user of Mirth Connect, you’ll want to upgrade to the latest patch release, 4.4.1, as of this writing.
https://www.horizon3.ai/nextgen-mirth-connect-remote-code-execution-vulnerability-cve-2023-43208/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
27 Oct 2023 03:16
iLeakage Attack Exploits Safari to Steal Sensitive Data From Macs, iPhones
New iLeakage side-channel speculative execution attack exploits Safari to steal sensitive information from Macs and iPhones.
A team of academic researchers has disclosed the details of a new Spectre-style side-channel attack that exploits Safari to steal sensitive information from Macs, iPhones and iPads.
Described as a timerless speculative execution attack and named iLeakage, the new method can be used to induce Safari to render an arbitrary webpage and harvest information from that page.
https://www.securityweek.com/ileakage-attack-exploits-safari-to-steal-sensitive-data-from-macs-iphones/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 07:01
Ukraine cyber officials warn of a ‘surge’ in Smokeloader attacks on financial, government entities
Suspected Russian cybercriminals have increased their attacks against Ukrainian financial and government organizations using Smokeloader malware, according to Ukrainian cybersecurity officials.
Since May of this year, the malware operators have targeted Ukrainian organizations with intense phishing attacks, primarily attempting to infiltrate their systems and steal sensitive information, according to research published Tuesday by Ukraine's National Cyber Security Coordination Center (NCSСС).
https://therecord.media/surge-in-smokeloader-malware-attacks-targeting-ukrainian-financial-gov-orgs
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 06:58
Over 9,500 Bank of Canton customers may have had personal information exposed due to data breach
Thousands of Massachusetts customers who use the Bank of Canton may have had personal information, such as account numbers and social security numbers, exposed following a data breach, a bank spokesperson confirmed to Boston 25.
Approximately 9,540 people who use the Bank of Canton may have had their banking information exposed after Fiserv, one of the bank’s vendors, was impacted by a cyber security incident around or on May 27, 2023.
https://news.yahoo.com/over-9-500-bank-canton-194312091.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 06:55
Hackers that breached Las Vegas casinos rely on violent threats, research shows
While best known for its social engineering techniques, a criminal hacking group known as "the Com" sometimes uses threats of violence.
The prolific hacking group made up primarily of young people that was behind a recent breach that crippled several Las Vegas resorts has made graphic threats of violence as part of its attempts to force victims to give up their credentials, according to research released Wednesday.
According to researchers with Microsoft’s threat intelligence and incident response divisions, members of the group it tracks as Octo Tempest — also known as 0ktapus, Scattered Spider or UNC3944 —
https://cyberscoop.com/com-scattered-spider-tradecraft/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 06:19
Google Play’s policy update cracks down on ‘offensive’ AI apps, disruptive notifications
Google is taking aim at potentially problematic generative AI apps with a new policy, to be enforced starting early next year, that will require developers of Android applications published on its Play Store to offer the ability to report or flag offensive AI-generated content. The new policy will insist that flagging and reporting can be done in-app and developers should use the report to inform their own approaches to filtering and moderation, the company says.
https://techcrunch.com/2023/10/25/google-plays-policy-update-cracks-down-on-offensive-ai-apps-disruptive-notifications/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 05:49
What is phishing: Types of attacks and how to prevent them
No, you are not entitled to $10,500,000 U.S. dollars from the Bank of Burundi
Most people use the internet for anything and everything, from interacting with work colleagues to exploring the world of AI chatbots. And while the internet is a beautiful tool for these reasons and many others, it can also hurt people's security and privacy. For one, large corporations like Amazon and Google find novel ways to squeeze every drop of data out of our online presence in the name of the bottom line. On that note, you can follow these simple steps to improve your digital privacy on Android.
https://www.androidpolice.com/what-is-phishing/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 05:41
Canada goosed as attackers shutter hospitals and China deepfakes its politicians.
Eh? Canucks cracked by cyber crims
Cybercriminals have Canada in the crosshairs, with five Ontario hospitals and a fresh Spamoflague disinformation campaign targeting "dozens" of Canadian government officials, including the PM.
The cyberattack against five southern Ontario hospitals has shut down IT systems, forcing them to cancel patient appointments over "the next few days," according to service provider TransForm. The statement said it was investigating whether any patient data was accessed during the incident, but couldn't say for sure yet.
https://www.theregister.com/2023/10/25/canadian_hospitals_spamoflague/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
26 Oct 2023 05:29
XFW - Xtreme Firmware for the Flipper Zero
This firmware is a complete overhaul of the Official Firmware, and also features lots of awesome code-bits from Unleashed.
What makes it special?
We have spent many hours perfecting this code even further, and getting the most out of it.
The goal of this Firmware is to regularly bring out amazing updates based on what the community wants, with an actual understanding of whats going on. Fixing bugs that are regularly talked about, removing unstable / broken applications (.FAP) and actually using the level system that just sits abandoned everywhere else.
https://github.com/Flipper-XFW/Xtreme-Firmware
📡@
📡@
📡@
📡@
📡@
Читать полностью…
4200