cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 09:27
Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape
Key Takeaways
🌀 Proofpoint has observed an increase in activity from specific malware families targeting Chinese-language speakers.
🌀 Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity.
🌀 Newly observed ValleyRAT is emerging as a new malware among Chinese-themed cybercrime activity, while Sainbox RAT and related variants are recently active as well.
🌀 The increase in Chinese language malware activity indicates an expansion of the Chinese malware ecosystem, either through increased availability or ease of access to payloads and target lists, as well as potentially increased activity by Chinese speaking cybercrime operators.
https://www.proofpoint.com/us/blog/threat-insight/chinese-malware-appears-earnest-across-cybercrime-threat-landscape
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 09:22
Authenticated Remote Code Execution and Missing Authentication in Atos Unify OpenScape
Two vulnerabilities have been identified in the Atos Unify OpenScape products Session Border Controller, Branch, and BCF. The first one allows a low-privileged attacker to execute arbitrary operating systems commands as root user. The second allows an unauthenticated attacker to access and execute various configuration scripts.
https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 09:17
3yrs of CAA ASSURE assessments. What we’ve learned
Introduction
We’re now in our third year of CREST CAA ASSURE auditing and we’ve learned a lot. The Cyber Assessment Framework (CAF) is big, there’s no denying that. It’s not something that you can complete overnight, it’s not something that requires minimal effort and can just be thrown at an auditor to interpret.
It demands context, justification, and understanding of the requirements and how to meet them.
https://www.pentestpartners.com/security-blog/3yrs-of-caa-assure-assessments-what-weve-learned/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 09:12
Chinese Spies Infected Dozens of Networks With Thumb Drive Malware
Security researchers found USB-based Sogu espionage malware spreading within African operations of European and US firms.
For much of the cybersecurity industry, malware spread via USB drives represents the quaint hacker threat of the past decade—or the one before that. But a group of China-backed spies appears to have figured out that global organizations with staff in developing countries still keep one foot in the technological past, where thumb drives are passed around like business cards and internet cafés are far from extinct. Over the past year, those espionage-focused hackers have exploited this geographic time warp to bring retro USB malware back to dozens of victims’ networks.
https://www.wired.com/story/china-usb-sogu-malware/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 09:07
Thinking about switching to Linux? 9 things you need to know
Now is the perfect time to migrate to Linux. Here's why.
Linux might not be on the mind of every consumer who uses a PC, but it's certainly growing in popularity. The reason for this growth has to do with several factors, including how deeply embedded Linux is within the enterprise business space, how the web browser has become the primary tool for most users, the incredible evolution of Linux on the desktop, the cost-effectiveness of Linux (it's completely free), and how the open-source operating system can save you from having to throw out that aging computer.
Add to those factors how user-friendly Linux has become and it's a perfect time for the masses to adopt Linux.
https://www.zdnet.com/article/thinking-about-switching-to-linux-9-things-you-need-to-know/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 09:02
Signal is now safeguarding against future computers that can surpass encryption
The PQXDH specification is designed as an added layer of protection
🌀 Signal is expanding its security measures by creating a new specification called PQXDH to protect against future quantum computers that could break encryption.
🌀 The developers believe it's only a matter of time before a quantum computer capable of breaking encrypted messages is created, possibly within the next 5 to 10 years.
🌀 Using a non-encrypted messaging app like SMS comes with risks such as data leakage and potential charges, making an end-to-end encrypted alternative like Signal a better choice for peace of mind.
https://www.androidpolice.com/signal-quantum-computers-encryption-security-messaging/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 08:57
Data breach reveals distressing info: people who order pineapple on pizza
Pizza Hut Australia warns 190,000 customers' data – including order history – has been accessed
Pizza Hut's Australian outpost has suffered a data breach.
The baked goods purveyor has delivered bitter news to around 190,000 customers: that their name, delivery address, email address, and phone numbers have been accessed by unautorised entities.
Even more seriously, pizza order histories have also leaked.
Yes, dear reader – that means the bad guys have seen a database of people who like pineapple on their pizzas.
We can only hope that whoever lifted the data doesn't devise some horrible extortion scheme, threatening to reveal that shameful secret to the victims' loved ones and employers.
https://www.theregister.com/2023/09/21/pizza_hut_australia_data_breach/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 08:53
P2PInfect botnet activity surges 600x with stealthier malware variants
The P2PInfect botnet worm is going through a period of highly elevated activity volumes starting in late August and then picking up again in September 2023.
P2PInfect was first documented by Unit 42 in July 2023 as a peer-to-peer malware that breaches Redis instances using a remote code execution flaw on internet-exposed Windows and Linux systems.
Cado Security researchers who have been following the botnet since late July 2023, report today seeing global activity, with most breaches impacting systems in China, the United States, Germany, Singapore, Hong Kong, the UK, and Japan.
https://www.bleepingcomputer.com/news/security/p2pinfect-botnet-activity-surges-600x-with-stealthier-malware-variants/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 08:50
T-Mobile users say other people’s account information is appearing in their app
T-Mobile customers are reportedly seeing other customers’ sensitive data, including contact numbers, device IDs, and credit card information when logging into their own accounts.
There’s some weirdness happening over at T-Mobile this morning. Multiple T-Mobile customers on X (formerly Twitter) and Reddit have reported that they’re able to see other users’ account data — including their current credit balance, purchase history, credit card information, and home address — when signing into their own T-Mobile accounts.
https://www.theverge.com/2023/9/20/23881825/t-mobile-account-security-breach-customer-information-leak
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Sep 2023 10:28
The privacy perils of the Metaverse
A recently released report from New York University claims that the Metaverse, an all-in-one virtual online space, poses a potentially major risk to user privacy. This is because headsets and other similar devices can collect an incredible amount of personal, physical and biometric information. The user isn’t always aware of the collection, or how it could be used in ways they don’t expect.
It’s worth asking at this point: what is the Metaverse?
https://www.malwarebytes.com/blog/personal/2023/09/the-privacy-perils-of-the-metaverse
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Sep 2023 10:17
Australian Law Firm Hack Affected 65 Government Agencies
Australian Federal Police, Department of Home Affairs Reportedly Among the Victims
An April ransomware attack against one of Australia's largest law firms swept up the data of 65 Australian government agencies, the country's newly appointed national cybersecurity coordinator said Monday.
The Russian-speaking Alphv hacking group - also known as BlackCat - claimed responsibility earlier this year for hacking HWL Ebsworth, publishing in late May what it said was 1.45 gigabytes of stolen law firm data. HWL Ebsworth in June acknowledged the hack and said it had obtained a court injunction against further dissemination of confidential firm data.
https://www.healthcareinfosecurity.com/australian-law-firm-hack-affected-65-government-agencies-a-23110
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Sep 2023 10:04
'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks
The threat cluster hasn't been seen before, but its custom Windows server backdoors have researchers intrigued thanks to their extremely effective stealth mechanisms.
A potentially novel threat actor recently compromised two Middle East-based telecommunications organizations, using two backdoors with previously unseen methods for stealthily loading malicious shellcode onto a target system.
In a report shared with Dark Reading, Cisco Talos named the intrusion set "ShroudedSnooper," as it could not correlate the activity with any previously identified groups.
https://www.darkreading.com/dr-global/shroudedsnooper-backdoors-ultra-stealth-mideast-telecom-attacks
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Sep 2023 09:56
Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
Researchers should be aware of threat actors repurposing older proof of concept (PoC) code to quickly craft a fake PoC for a newly released vulnerability. On Aug. 17, 2023, the Zero Day Initiative publicly reported a remote code execution (RCE) vulnerability in WinRAR tracked as CVE-2023-40477. They had disclosed it to the vendor on June 8, 2023. Four days after the public reporting of CVE-2023-40477, an actor using an alias of whalersplonk committed a fake PoC script to their GitHub repository.
The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited a SQL injection vulnerability in an application called GeoServer, which is tracked as CVE-2023-25157.
https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/
#oscp #iocteams #spread #snortteams
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Sep 2023 09:51
Pakistani APT Uses YouTube-Mimicking RAT to Spy on Android Devices
New versions of Pakistan-linked APT Transparent Tribe’s CapraRAT Android trojan mimic the appearance of YouTube.
Pakistan-linked state-sponsored threat actor Transparent Tribe has been observed using new versions of the CapraRAT Android trojan that mimic the appearance of YouTube, SentinelOne reports.
Also tracked as APT36 and Mythic Leopard and active since at least 2016, the threat actor is known for the targeting of government and military personnel in India and Pakistan, and was recently seen targeting the Indian education sector as well.
https://www.securityweek.com/pakistani-apt-uses-youtube-mimicking-rat-to-spy-on-android-devices/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Sep 2023 15:13
Chinese Hackers Target North American, APAC Firms in Web Skimmer Campaign
A Chinese threat actor has been observed targeting organizations in multiple industries to deploy web skimmers on online payment pages.
BlackBerry is warning of a widespread campaign targeting online payment businesses with web skimmers for more than a year.
Dubbed Silent Skimmer, the campaign initially focused on organizations in the APAC region, but has been targeting businesses in Canada and the United States as well since October 2022, and appears to be expanding to new areas.
https://www.securityweek.com/chinese-hackers-target-north-american-apac-firms-in-web-skimmer-campaign/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 09:25
Nagios XI vulnerabilities resulting in privilege escalation (& more)
During some standard research as part of the Outpost24 Ghost Labs Vulnerability Research department, I discovered four different vulnerabilities in Nagios XI (version 5.11.1 and lower). Three of these vulnerabilities (CVE-2023-40931, CVE-2023-40933 and CVE-2023-40934) allow users, with various levels of privileges, to access database fields via SQL Injections. The data obtained from these vulnerabilities may be used to further escalate privileges in the product and obtain sensitive user data such as password hashes and API token
The fourth vulnerability (CVE-2023-40932) allows Cross-Site Scripting via the Custom Logo component, which will render on every page, including the login page. This may be used to read and modify page data, such as plain-text passwords from login forms
https://outpost24.com/blog/nagios-xi-vulnerabilities
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 09:19
Arlo’s new security tags can disable your security system with a doorbell tap
There’s no price or exact launch date, but the new NFC tag promises to disarm Arlo’s Home Security System with just a touch when coming home.
Arlo is adding a new gadget to its smart home security lineup that should make it easier to disarm its Arlo Home Security system without digging through the company’s companion app or using its keypad once you’re in the house. The press release for Arlo’s new Essential product series — which includes a new video doorbell, outdoor camera, indoor camera, and XL security camera — mentions an “Arlo Security Tag” that can be held against the new doorbell itself to swiftly disarm the company’s security system when the little fob launches in “Q4 2023.”
https://www.theverge.com/2023/9/20/23881842/arlo-security-nfc-tag-smart-home-system-video-doorbell
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 09:15
Family of dad who drove off collapsed bridge, drowned after following app directions sues Google
The family of a North Carolina man who died after driving off a collapsed bridge as he followed directions given on Google Maps is suing the tech giant for negligence, saying it failed to update its navigation system after the span washed away nine years prior.
Philip Paxson was driving home from his oldest daughter’s birthday party on Sept. 30, 2022, when his Jeep plunged into Snow Creek in Hickory, causing him to drown, according to a lawsuit filed Tuesday by his family.
https://nypost.com/2023/09/20/google-sued-after-dad-philip-paxson-following-navigation-app-directions-drowned-after-plunging-off-collapsed-bridge/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 09:10
EXCLUSIVE: I'm a former defense official who warned about F-35 safety and security problems years ago - this is why it may have been HACKED or malfunctioned
🌀 A former Marine and watchdog revealed the F-35 is riddled with vulnerabilities
🌀 These vulnerabilities could let hackers brick fleets and take over weapons
🌀 The Marine said the missing F-35 likely malfunctioned - but a further investigation will need to be conducted before confirming
🌀 READ MORE: How did it take the Pentagon 28 HOURS to find missing F-35
A former US defense official who has warned about F-35 safety issues for years said a software glitch or cyberattack could have caused the missing jet to malfunction over South Carolina this weekend.
https://www.dailymail.co.uk/sciencetech/article-12535823/Im-former-defense-official-warned-F-35s-catalogue-safety-security-problems-years-ago-HACKED-malfunctioned.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 09:05
Sysadmin and spouse admit to part in 'massive' pirated Avaya licenses scam
Could spend 20 years in prison after selling $88M in ADI software keys
A sysadmin and his partner pleaded guilty this week to being part of a "massive" international ring that sold software licenses worth $88 million for "significantly below the wholesale price."
Brad and Dusti Pearce admitted one count of conspiracy to commit wire fraud and each face a maximum penalty of 20 years in prison. After agreeing to a plea deal, the Pearces must also forfeit at least $4 million as well as gold, silver, collectible coins, cryptocurrency, and a vehicle, and "make full restitution to their victims," the US Department of Justice said.
https://www.theregister.com/2023/09/20/avaya_guilty_pleas/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 09:00
What a mess! Clorox warns of "material impact" to its financial results following cyberattack
Clorox, the household cleaning product manufacturer, has admitted that its financial results for the first quarter could see a "material impact" after hackers attacked its systems.
In mid-August, Clorox revealed that its IT systems had been taken offline and its operations "temporarily impaired" after "unauthorised activity" on its network.
As a consequence, Clorox put emergency plans into operation and began manually processing and shipping orders from its manufacturing facilities.
https://www.bitdefender.com/blog/hotforsecurity/what-a-mess-clorox-warns-of-material-impact-to-its-financial-results-following-cyberattack/
https://www.cloroxco-updates.com/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 08:55
International Criminal Court Reveals Security Breach
The International Criminal Court (ICC) yesterday confirmed the discovery of suspicious activity inside its IT network but revealed little else of a worrying security breach last week.
The Netherlands-headquartered tribunal, which tries suspects of war crimes and crimes against humanity, posted a brief statement to X (formerly Twitter).
https://www.infosecurity-magazine.com/news/international-criminal-court/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 08:52
UK’s new online safety law adds to crackdown on Big Tech companies
LONDON (AP) — British lawmakers have approved an ambitious but controversial new internet safety law with wide-ranging powers to crack down on digital and social media companies like TikTok, Google, and Facebook and Instagram parent Meta.
The government says the online safety bill passed this week will make Britain the safest place in the world to be online. But digital rights groups say it threatens online privacy and freedom of speech.
The new law is the U.K.’s contribution to efforts in Europe and elsewhere to clamp down on the freewheeling tech industry dominated by U.S. companies. The European Union has its Digital Services Act,
https://apnews.com/article/online-safety-bill-uk-tech-regulation-4371bbb0d7442eed0f44bf7839443268
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
21 Sep 2023 08:48
GitLab Patches Critical Pipeline Execution Vulnerability
GitLab has released security updates to address a critical-severity vulnerability allowing an attacker to run pipelines as another user.
DevOps platform GitLab this week announced the release of security updates that address a critical-severity vulnerability allowing an attacker to run pipelines as another user.
Tracked as CVE-2023-5009 (CVSS score of 9.6) and affecting all GitLab Enterprise Edition (EE) versions before 16.2.7 and GitLab Community Edition (CE) versions before 16.3.4, the bug is a bypass of another flaw, CVE-2023-3932, which was addressed in August 2023.
https://www.securityweek.com/gitlab-patches-critical-pipeline-execution-vulnerability/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Sep 2023 10:24
Mullvad VPN completes migration to disk-less VPN infrastructure
VPN provider Mullvad announced today that it has completed the migration to a disk-less VPN infrastructure. The migration to servers that operate fully in RAM strengthens user privacy further and it also improves reliability and management of VPN servers.
Mullvad started the migration in early 2022 with two test WireGuard servers. The company created a special bootloader, stboot, for the purpose and continues to use a custom Linux kernel that is a heavily slimmed down version of the mainline branch.
https://www.ghacks.net/2023/09/20/mullvad-vpn-completes-migration-to-disk-less-vpn-infrastructure/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Sep 2023 10:11
German spy chief warns of cyberattacks targeting liquefied natural gas terminals
Bruno Kahl, the head of Germany’s foreign intelligence service, warned that liquefied natural gas (LNG) terminals in the country could be targeted by state-sponsored hackers.
As a result of the Russian invasion of Ukraine last year — believed to have cut Germany’s GDP by about 2.5% due to its dependence on gas pipelined from Russia — the country chartered three new LNG terminals, with plans for additional facilities in the future.
But these “new LNG landing facilities should be considered possible targets” for future cyberattacks, warned the spy chief at the Baden-Württemberg Cybersecurity Forum on Friday.
https://therecord.media/german-intelligence-warning-lng-terminals-cyberattacks
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Sep 2023 10:00
Chinese Group Exploiting Linux Backdoor to Target Governments
A Chinese-linked threat actor known as ‘Earth Lusca’ has been conducting cyber espionage campaigns against governments around the world via a previously unknown Linux backdoor, according to an analysis by Trend Micro.
The researchers, Joseph C Chen and Jaromir Horejsi, revealed they had been tracking the group since an initial publication about its activities in 2021. Since then, Earth Lusca has extended its operations to target governments around the world during the first half of 2023, primarily in countries in Southeast Asia, Central Asia and the Balkans.
https://www.infosecurity-magazine.com/news/chinese-group-linux-backdoor/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Sep 2023 09:55
Claimants in Celsius crypto bankruptcy targeted in phishing attack
Scammers are impersonating the bankruptcy claim agent for crypto lender Celsius in phishing attacks that attempt to steal funds from cryptocurrency wallets.
In July 2022, crypto lender Celsius filed for bankruptcy and froze withdrawals from user accounts. Customers have since filed claims against the company, hoping to recover a portion of the funds.
Over the past few days, people have reported receiving phishing emails pretending to be from Stretto, the Claims Agent for the Celsius bankruptcy proceeding.
https://www.bleepingcomputer.com/news/security/claimants-in-celsius-crypto-bankruptcy-targeted-in-phishing-attack/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Sep 2023 15:14
Windows Subsystem for Linux gets new 'mirrored' network mode
Microsoft has released Windows Subsystem for Linux (WSL) 2.0.0 with a set of new opt-in experimental features, including a new network mode and automated memory and disk size cleanup.
To start with, the newly added "Automatic memory reclaim" feature dynamically reduces the memory footprint of the WSL virtual machine (VM) while being used by reclaiming cached memory.
Another notable addition in this version is the "Sparse VHD" feature, which, as previously described, automatically shrinks the size of the WSL virtual hard disk (VHD).
https://www.bleepingcomputer.com/news/microsoft/windows-subsystem-for-linux-gets-new-mirrored-network-mode/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Sep 2023 05:17
Ask Meta to delete or block your personal data from third-party sources for AI training
All major and many smaller companies are betting big on AI. This generative AI needs large data sets, which gives companies with large user bases an Edge over those that don't.
Many use publicly available data, e.g., by scraping Internet sites, using APIs or downloading large data sets published for the purpose of training AI. This data, and other non-public data used to train AI, may contain personal information.
It is almost impossible for individual users to universally disallow the use of their personal data. Meta, Facebook's parent company, gives users a say in regards to third-party data that it uses for training AI.
https://www.ghacks.net/2023/09/18/you-can-ask-meta-to-not-use-personal-data-from-third-party-sources-for-ai-training/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
4200