cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 07:21
Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)
Executive Summary
While tracking the evolution of Pensive Ursa (aka Turla, Uroburos), Unit 42 researchers came across a new, upgraded variant of Kazuar. Not only is Kazuar another name for the enormous and dangerous cassowary bird, Kazuar is an advanced and stealthy .NET backdoor that Pensive Ursa usually uses as a second stage payload.
Pensive Ursa is a Russian-based threat group operating since at least 2004, which is linked to the Russian Federal Security Service (FSB).
https://unit42.paloaltonetworks.com/pensive-ursa-uses-upgraded-kazuar-backdoor/
#oscp #iocteams #spread #snortteams
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 07:15
CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys
Unit 42 researchers have identified an active campaign we are calling EleKtra-Leak, which performs automated targeting of exposed identity and access management (IAM) credentials within public GitHub repositories. As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and long-lasting cryptojacking operations. We believe these operations have been active for at least two years and are still active today.
We found that the actor was able to detect and use the exposed IAM credentials within five minutes of their initial exposure on GitHub.
https://unit42.paloaltonetworks.com/malicious-operations-of-exposed-iam-keys-cryptojacking/
#oscp #iocteams #spread #snortteams
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 06:32
Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency
A man from Orlando was sentenced to prison for SIM Swapping conspiracy that led to the theft of approximately $1M in cryptocurrency.
Jordan Dave Persad (20), from Orlando, Florida, was sentenced to 30 months in prison for SIM Swapping conspiracy, followed by three years of supervised release. He pleaded guilty to Conspiracy to Commit Computer Fraud.
United States District Judge Diane J. Humetewa also ordered Persad to pay $945,833 in restitution.
https://securityaffairs.com/153257/cyber-crime/florida-man-sentenced-sim-swapping.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 06:27
Huawei, Vivo phones tag Google app as TrojanSMS-PA malware
Huawei, Honor, and Vivo smartphones and tablets are displaying strange 'Security threat' alerts urging the deletion of the Google app, warning that it is detected as the 'TrojanSMS-PA' malware.
In what appears to be a false positive, these security alerts warn that "immediate uninstallation is advised," as the app is now considered high risk, as shown by the alert below from one of BleepingComputer's devices.
https://www.bleepingcomputer.com/news/security/huawei-vivo-phones-tag-google-app-as-trojansms-pa-malware/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 06:23
Hackers Accessed 632,000 Email Addresses at US Justice, Defense Departments
🌀 Federal report gives new details on scope of MOVEit attack
🌀 Email addresses, links to surveys among compromised data
A Russian-speaking hacking group obtained access to the email addresses of about 632,000 US federal employees at the departments of Defense and Justice as part of the sprawling MOVEit hack last summer, according to a report on the wide-ranging attack obtained through a Freedom of Information Act request.
https://www.bloomberg.com/news/articles/2023-10-30/hackers-accessed-632-000-email-addresses-at-defense-doj
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 06:16
How does my private information appear on ‘people-search’ sites
We live in a time when we are constantly worried about our safety and privacy while searching the internet. Particularly knowing that we have entered our contact and financial information on multiple websites.
What is perhaps most unnerving is learning that our personal information has somehow made its way to a people search site, easily accessed by Google even though we did not choose to give our information to these services.
https://nypost.com/2023/10/29/tech/how-does-my-private-information-appear-on-people-search-sites/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 06:05
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked
Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices.
Cisco released patches for most releases of its IOS XE software but thousands of systems continue to be compromised, internet scans show.
CVE-2023-20198 exploit details
Researchers at Horizon3.ai, a company providing security assessment services, have shared details on how an attacker can bypass authentication on Cisco IOS XE devices vulnerable to CVE-2023-20198.
https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-cisco-ios-xe-flaw-many-hosts-still-hacked/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 05:59
Stanford says it is investigating after hacker group threatens to release confidential information
The ransomware group ‘Akira’ claims to have obtained 430 gigabytes of data from the university
Stanford University said Monday it was investigating a “cybersecurity incident” after a ransomware group threatened to release confidential information from the university’s Department of Public Safety on the dark web.
According to a screenshot posted to social media by cybersecurity analyst Brett Callow, the ransomware group ‘Akira’ holds 430 gigabytes worth of internal data from the Department of Public Safety, including confidential documents and private information. The group instructed those interested in the information to contact them.
https://www.eastbaytimes.com/2023/10/30/stanford-says-it-is-investigating-after-hacker-group-threatens-to-release-confidential-information/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 05:53
US regulators sue SolarWinds and its security chief for alleged cyber neglect ahead of Russian hack
U.S. regulators on Monday sued SolarWinds, a Texas-based technology company whose software was breached in a massive 2020 Russian cyberespionage campaign, for fraud for failing to disclose security deficiencies ahead of the stunning hack.
The company’s top security executive was also named in the complaint filed by the Securities and Exchange Commission seeking unspecified civil penalties, reimbursement of “ill-gotten gains” and the executive’s removal.
https://apnews.com/article/solarwinds-sec-hack-cybersecurity-fraud-90ecb2bee1bf2d681bb4b11c78fab032
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 05:48
Ottawa bans WeChat, Kaspersky from government-issued phones
The federal government is banning the Chinese social media app WeChat and Russia's Kaspersky Lab antivirus applications from all government-issued phones, citing security concerns.
President of the Treasury Board Anita Anand announced the ban Monday. She said her government regularly monitors potential threats and takes "immediate action to address risks."
https://www.msn.com/en-ca/news/canada/ottawa-bans-wechat-kaspersky-from-government-issued-phones/ar-AA1j6s99
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 05:43
/channel/cRyPtHoN_INFOSEC_FR/15247
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
30 Oct 2023 09:14
Linus Torvalds releases Linux 6.6 after running out of excuses for further work
Removes references to the NSA, adds KSMBD in-kernel server SMB networking
After a typically calm development process, Linus Torvalds has given the world a new cut of the Linux kernel – version 6.6 to be precise.
The penguin emperor last week worried that release candidate 7 was "certainly on the bigger side of our rc7 releases in the 6.x series" and "bigger than I'd have liked it to be" – but also free of "issues that would be showstoppers."
Torvalds suggested a "quiet and normal" week of kernel coding would see him release a full version on Sunday US time.
His worries proved unfounded.
https://www.theregister.com/2023/10/30/linux_6_6_debuts/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
30 Oct 2023 08:21
New Hunters International ransomware possible rebrand of Hive
A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag.
This theory is supported by analysis of the new encryptor revealing multiple code overlaps between the two ransomware gangs.
Hunters in denial
Security researchers analyzing a sample of the Hunters International malware discovered a striking resemblance to the code used in Hive ransomware attacks.
More specifically, malware analyst and reverse engineer rivitna, who first spotted the new encryptor, came to the conclusion that Hunters International malware was a sample of Hive ransomware version 6.
https://www.bleepingcomputer.com/news/security/new-hunters-international-ransomware-possible-rebrand-of-hive/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
28 Oct 2023 12:11
This special YouTube Adblocker skips ads instead of blocking them
Google is cracking down on the use of content blockers on YouTube. More and more users see prompts that "ad blockers are not allowed on YouTube". Currently, Google appears to test various designs and restrictions. YouTube users may bypass YouTube's anti-adblocker prompts for now, but there is no telling for how long these will work.
Even major content blockers such as uBlock Origin run into issues from time to time. These do get addressed quickly though, but it is still annoying when it happens.
There are alternatives to blocking ads on YouTube. One of them is to redirect videos to privacy friendly third-party sites.
https://ghacks.net/2023/10/28/this-special-youtube-adblocker-skips-ads-instead-of-blocking-them/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
28 Oct 2023 11:58
TikTok Streamers Are Staging ‘Israel vs. Palestine’ Live Matches to Cash In on Virtual Gifts
TikTokkers are using a little-known livestreaming feature to falsely represent Israelis and Palestinians—and the company is taking a cut of costly in-app gifts viewers give to participants.
TikTokkers are using a little-known livestreaming feature to cash in on the huge interest in the Israel-Hamas war despite having no links to the crisis. TikTok, meanwhile, is taking up to 50 percent of the earnings.
https://www.wired.com/story/tiktok-live-matches-israel-hamas-war/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 07:20
British Library knocked offline by weekend cyberattack
The British Library has been hit by a major IT outage affecting its website and many of its services following a "cyber incident" that impacted its systems on Saturday, October 28.
The ongoing outage also affects other services, including our phone lines and onsite library services in London and Yorkshire.
The British Library's facilities, including Reading Rooms for personal study, are still operational, and collection items requested on or before October 26 are accessible onsite.
https://www.bleepingcomputer.com/news/security/british-library-knocked-offline-by-weekend-cyberattack/
https://twitter.com/britishlibrary/status/1719338957907825151
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 07:10
Refresh: Compromising F5 BIG-IP With Request Smuggling | CVE-2023-46747
Overview
In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. We decided to focus on the F5 BIG-IP suite, as F5 products are fairly ubiquitous among large corporations. We targeted the F5 BIG-IP Virtual Edition with the goal of finding an unauthenticated vulnerability that would result in complete compromise of the target server.
As a result of our research we were able to identify an authentication bypass issue that led to complete compromise of an F5 system with the Traffic Management User Interface (TMUI) exposed.
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 06:29
Toronto Public Library facing disruptions due to cyberattack
Canada’s largest public library system said it is dealing with a cyberattack that brought down its website, member services pages and limited access to its digital collections.
The Toronto Public Library serves more than 1.2 million members with more than 12 million items spread across 100 branches. It said on Saturday afternoon that it was experiencing technical difficulties with online services as well as in-branch WiFi and printing.
By Sunday, the city-run organization confirmed that it was dealing with a cybersecurity incident. The library’s website has been replaced with a temporary page with a statement explaining the situation.
https://therecord.media/toronto-public-library-cyberattack-disruptions
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 06:25
Distribution of Remcos RAT Disguised as Payslip
AhnLab Security Emergency response Center (ASEC) has discovered circumstances of the Remcos remote control malware being distributed through an email disguised as a payslip.
As shown in Figure 1, the identified Remcos RAT was distributed under an email subject that read ‘This is a confirmation document for your payment transfer’, deceiving the readers. The attached compressed cab file contains an EXE file (Remcos RAT) disguised with a PDF file icon as shown in Figure 2.
https://asec.ahnlab.com/en/58195/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 06:20
20 scary cybersecurity facts and figures for a haunting Halloween
Cybersecurity Awareness Month draws to a close and Halloween is just around the corner, so here is a bunch of spine-tingling figures about some very real tricks and threats lurking online
October is Cybersecurity Awareness Month (CSAM) in the US and Canada and European Cybersecurity Month (ECMS) on the other side of the pond. These campaigns represent a great opportunity to share best practice and improve awareness of all things cybersecurity among businesses and consumers alike.
https://www.welivesecurity.com/en/cybersecurity/20-scary-cybersecurity-facts-figures-haunting-halloween/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 06:09
Help, Android 14 ate my Pixel! Bug causes endless reboots, loss of storage access
Fix on the way but for those trapped in boot loop hell, data recovery isn't certain
Google has confirmed that some people's Pixel devices have lost access to local storage or become trapped in reboot loops after applying the Android 14 software update.
Reports of problems began showing up earlier this month, shortly after the October 4 release of Android 14.
Bug reports filed to Google's Issue Tracker on October 17 and 24 describe Pixel 6 and Pixel 7 devices that can no longer access locally stored photos and other documents, or conduct updates, because the hardware reports having no space to store files. They also describe being stuck in a loop of constant reboots.
https://www.theregister.com/2023/10/30/google_android_14_pixel_bug/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 06:03
Unpatched NGINX ingress controller bugs can be abused to steal Kubernetes cluster secrets
Just tricks, no treats with these 3 vulns
Three unpatched high-severity bugs in the NGINX ingress controller can be abused by miscreants to steal credentials and other secrets from Kubernetes clusters.
The vulnerabilities, tracked as CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886, were disclosed on October 27, and are listed as currently awaiting triage. It's unclear if any of the flaws have been exploited.
The Register did not immediately receive a response to questions, including if the bugs have been found and exploited and when a patch will be issued.
https://www.theregister.com/2023/10/30/unpatched_nginx_ingress_controller_bugs/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 05:55
Report Links ChatGPT to 1265% Rise in Phishing Emails
The SlashNext State of Phishing Report 2023 has unveiled a concerning trend in the cybersecurity landscape, revealing a 1265% surge in malicious phishing emails since Q4 2022.
The annual report, compiled by SlashNext Threat Labs, encompasses an analysis of threats observed across email, mobile and browser channels over 12 months, from Q4 2022 to Q3 2023. The report also emphasized a noteworthy 967% increase in credential phishing attacks.
https://www.infosecurity-magazine.com/news/chatgpt-linked-rise-phishing/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 05:51
RCE exploit for Wyze Cam v3 publicly released, patch now
A security researcher has published a proof-of-concept (PoC) exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices.
Wyze Cam v3 is a top-selling, inexpensive indoor/outdoor security camera with support for color night vision, SD card storage, cloud connectivity for smartphone control, IP65 weatherproofing, and more.
Security researcher Peter Geissler (aka bl4sty) recently discovered two flaws in the latest Wyze Cam v3 firmware that can be chained together for remote code execution on vulnerable devices.
https://www.bleepingcomputer.com/news/security/rce-exploit-for-wyze-cam-v3-publicly-released-patch-now/
https://github.com/blasty/unwyze
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
31 Oct 2023 05:46
The Wiki-Slack Attack
What do you get when you share a Wikipedia link on Slack? As eSentire Threat Response Unit (TRU) security researchers Keegan Keplinger and Joe Stewart discovered, threat actors can be presented with a clever way in which to redirect business professionals to attacker-controlled websites.
It works like this. A threat actor selects a subject in Wikipedia that they believe will interest the type of business professionals they are targeting. For example, if the cybercriminals are targeting publicly traded companies, they might select a Wikipedia entry detailing the latest Securities and Exchange Commission’s (SEC) cybersecurity regulations that are being implemented.
https://www.esentire.com/blog/the-wiki-slack-attack
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
30 Oct 2023 09:20
Surge in QR Code Quishing: Check Point Records 587% Attack Spike
Explore insights into the rise of Quishing attacks, the risks associated with QR code exploitation, and crucial preventive measures to protect against this growing cybersecurity threat.
Check Point’s Harmony Email team has reported a startling increase of 587% in QR code phishing or Quishing attacks. This shocking rise was observed between August and September 2023. Researchers noted thousands of QR code-related attacks each month.
https://www.hackread.com/qr-code-quishing-check-point-attack-spike/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
30 Oct 2023 08:25
LockBit alleges it boarded Boeing, stole 'sensitive data'
ALSO: CISA begs for a consistent budget, Las Vegas school breach; Nigeria arrests six cyber princes, the week's critical vulnerabilities
Security In Brief Notorious ransomware gang LockBit has reportedly exfiltrated “a tremendous amount of sensitive data from aerospace outfit Boeing.
VX underground published a screenshot of Lockbit’s announcement, and threat to expose data if Boeing does not engage with it by November 2nd.
Boeing has told US media it is investigating Lockbit’s claims.
https://www.theregister.com/2023/10/30/security_in_brief/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
29 Oct 2023 17:30
Pirate IPTV network in Austria dismantled and $1.74 million seized
The Austrian police have arrested 20 people across the country linked to an illegal IPTV network that, between 2016 and 2023, decrypted copyright-protected broadcasts and redistributed them to thousands of customers.
Investigation into the illegal network started after a complaint was filed in Germany, leading to the discovery of a criminal enterprise consisting of 80 perpetrators, all Turkish citizens.
The piracy ring operated on a hierarchy of suppliers, who decrypted and supplied TV signals, and resellers, who bought access to the signal for up to $50/year and resold it to end customers for up to $200/year.
https://www.bleepingcomputer.com/news/security/pirate-iptv-network-in-austria-dismantled-and-174-million-seized/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
28 Oct 2023 12:08
Stanford University investigating cyberattack after ransomware claims
Stanford University is investigating a cybersecurity incident within its Department of Public Safety after a ransomware gang claimed it attacked the school on Friday.
A spokesperson for the university directed Recorded Future News to a statement published late on Friday afternoon explaining that it is in the process of figuring out the details of the incident.
“We are continuing to investigate a cybersecurity incident at the Stanford University Department of Public Safety (SUDPS) to determine the extent of what may have been impacted,” the school said.
https://therecord.media/stanford-investigating-cyberattack-after-ransomware
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
28 Oct 2023 11:50
CCleaner says hackers stole users’ personal data during MOVEit mass-hack
The maker of the popular optimization app CCleaner has confirmed hackers stole a trove of personal information about its paid customers following a data breach in May.
In an email sent to customers, Gen Digital, the multinational software company that owns CCleaner, Avast, NortonLifeLock and Avira brands, said that the hackers exploited a vulnerability in the widely used MOVEit file transfer tool, which is used by thousands of organizations, including CCleaner, to move large sets of sensitive data over the internet.
https://techcrunch.com/2023/10/27/ccleaner-says-hackers-stole-users-personal-data-during-moveit-mass-hack/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
4200