cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 10:23
Beware of these popular Temu scams circulating social media
Bad actors are tricking people into using their Temu promotional codes to receive discounts, deals, and free items, leaving you with nothing. Here's how to spot and avoid them.
If you're a fan of Temu, you're familiar with the app's referral code system. If you're unfamiliar, Temu offers referral codes for users to share with friends and family. If enough people use someone's referral code, both parties receive rewards, discounts, and free items from Temu.
https://www.zdnet.com/article/beware-of-these-popular-temu-scams-circulating-social-media/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 10:10
Ex-Navy IT manager jailed for selling people's data on the dark web
A former US Navy IT manager has been sentenced to five years and five months in prison after illegally hacking a database containing personally identifiable information (PII) and selling it on the dark web.
32-year-old Marquis Cooper, of Selma, California, was a chief petty officer in the US Navy's Seventh Fleet when he opened an account in August 2018 with a company that maintains a PII database for millions of people.
https://www.tripwire.com/state-of-security/ex-navy-it-manager-jailed-selling-peoples-data-dark-web
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 09:54
Exploring The Malicious Usage of QR Codes
Discover the history, types, and threats of QR codes, including quishing and QRLJacking. Learn why QR phishing is effective and how it exploits user trust, convenience, and bypasses security filters.
Understanding QR Codes: A Brief History
QR codes, or quick response codes, have become ubiquitous in recent years. These two-dimensional barcodes were invented by a Japanese automobile manufacturing company in 1994 and were initially used to track vehicle parts during the manufacturing process. However, it wasn’t until the smartphone era that QR codes gained widespread popularity.
https://slashnext.com/blog/exploring-the-malicious-usage-of-qr-codes/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 09:44
EU demands Meta and TikTok detail efforts to curb disinformation from Israel-Hamas war
LONDON (AP) — The European Union on Thursday demanded Meta and TikTok detail their efforts to curb illegal content and disinformation during the Israel-Hamas war, flexing the power of a new law that threatens billions in fines if tech giants fail to do enough to protect users.
The European Commission, the 27-nation bloc’s executive branch, formally requested that the social media companies provide information on how they’re complying with pioneering digital rules aimed at cleaning up online platforms.
The commission asked Meta and TikTok to explain the measures they have taken to reduce the risk of spreading and amplifying terrorist and violent content, hate speech and disinformation.
https://apnews.com/article/meta-tiktok-eu-europe-digital-services-act-81c682d25bd2bd62333ba64564dde9e5
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 09:35
Clever malvertising attack uses Punycode to look like KeePass's official website
Threat actors are known for impersonating popular brands in order to trick users. In a recent malvertising campaign, we observed a malicious Google ad for KeePass, the open-source password manager which was extremely deceiving. We previously reported on how brand impersonations are a common occurrence these days due to a feature known as tracking templates, but this attack used an additional layer of deception.
The malicious actors registered a copycat internationalized domain name that uses Punycode, a special character encoding, to masquerade as the real KeePass site. The difference between the two sites is visually so subtle it will undoubtably fool many people.
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Oct 2023 12:36
Old WinRAR vulnerability is exploited by government-backed actors
WinRAR users who have not updated the archiving software in some time may want to do so immediately. A report by Google's Threat Analysis Group TAG suggests that government-backed actors are exploiting a vulnerability in WinRAR for which a fix has been available for some time.
We published information about the WinRAR update that addressed the issue in August when it first came out. WinRAR 6.23 fixed the issue. It allowed malicious actors to run code on devices on successful exploitation of the vulnerability.
All it requires is that users open a specially crafted WinRAR archive on their devices. WinRAR users can patch the issue by downloading and installing the latest version, which is WinRAR 6.24 at the time of writing.
https://www.ghacks.net/2023/10/19/old-winrar-vulnerability-is-exploited-by-government-backed-actors/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Oct 2023 12:30
North Korean Hackers Exploiting Critical Flaw in DevOps Tool
Pyongyang Hackers Exploiting Critical TeamCity Server Bug
Researchers at Microsoft said Wednesday that North Korean nation-state threat actors tracked as Diamond Sleet and Onyx Sleet are exploiting a remote code execution vulnerability affecting multiple versions of the JetBrains TeamCity server.
JetBrains on Sept. 21 issued a critical security update to patch its TeamCity build management and continuous integration server.
https://www.bankinfosecurity.com/north-korean-hackers-exploiting-critical-flaw-in-devops-tool-a-23350
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Oct 2023 12:18
Plastic surgeries warned by the FBI that they are being targeted by cybercriminals
Plastic surgeries across the United States have been issued a warning that they are being targeted by cybercriminals in plots designed to steal sensitive data including patients' medical records and photographs that will be later used for extortion.
The warning, which was issued by the FBI yesterday and is directed towards plastic surgery offices and patients, advises that extortionists have been using a multi-stage approach to maximise their criminal profits.
https://www.tripwire.com/state-of-security/plastic-surgeries-warned-fbi-they-are-being-targeted-cybercriminals
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Oct 2023 12:14
CIA exposed to potential intelligence interception due to X's URL bug
Musk's mega-app-in-waiting goes from chopping headlines to profile URLs
An ethical hacker has exploited a bug in the way X truncates URLs to take over a CIA Telegram channel used to receive intelligence.
Kevin McSheehan, who uses the online handle "Pad," spotted the issue after hovering over the link to the CIA's Telegram channel displayed on its X social media profile.
After the CIA updated its profile at some point after September 27, the Telegram link shortened, cutting off part of the full username, allowing McSheehan to register the new, unregistered handle.
https://www.theregister.com/2023/10/18/cia_x_url_bug/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Oct 2023 12:09
BlackCat Climbs the Summit With a New Tactic
BlackCat operators recently announced new updates to their tooling, including a utility called Munchkin that allows attackers to propagate the BlackCat payload to remote machines and shares on a victim organization network. For the past two years, the BlackCat ransomware operators have continued to evolve and iterate their tooling as part of their ransomware-as-a-service (RaaS) business model.
As part of a recent investigation, Unit 42 researchers have acquired an instance of Munchkin that is unique, in that it is loaded in a customized Alpine virtual machine (VM). This new tactic of leveraging a customized VM to deploy malware has been gaining traction in recent months,
https://unit42.paloaltonetworks.com/blackcat-ransomware-releases-new-utility-munchkin/
#oscp #iocteams #spread #snortteams
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Oct 2023 12:03
Tens of Thousands of Cisco Devices Hacked via Zero-Day Vulnerability
Tens of thousands of Cisco devices have reportedly been hacked via the exploitation of the zero-day vulnerability CVE-2023-20198.
Cisco warned customers on Monday that a critical IOS XE zero-day has been exploited by threat actors to gain elevated privileges on devices. The company is working on a patch and in the meantime it has urged customers to implement mitigations.
The vulnerability impacts the IOS XE web user interface, which is delivered with the default image, and it allows a remote, unauthenticated attacker to add level 15 access accounts that provide complete control over the targeted system.
https://www.securityweek.com/tens-of-thousands-of-cisco-devices-hacked-via-zero-day-vulnerability/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Oct 2023 10:48
Brave appears to install VPN Services without user consent
If you have the Brave Browser installed on your Windows devices, then you may also have Brave VPN services installed on the machine. Brave installs these services without user consent on Windows devices.
Brave Firewall + VPN is an extra service that Brave users may subscribe to for a monthly fee. Launched in mid-2022, it is a cooperation between Brave Software, maker of Brave Browser, and Guardian, the company that operates the VPN and the firewall solution. The firewall and VPN solution is available for $9.99 per month.
Brave Software is not the only browser maker that has integrated a VPN solution in its browser. Mozilla, maker of Firefox, entered into a cooperation with Mullvad and launched Mozilla VPN in 2020.
https://www.ghacks.net/2023/10/18/brave-is-installing-vpn-services-without-user-consent/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Oct 2023 10:44
TV advertising sales giant affected by ransomware attack
A television advertising sales and technology company joinly owned by the three largest U.S. cable operators was hit with a ransomware attack in recent weeks that affected operations.
Ampersand — owned by Comcast Corporation, Charter Communications and Cox Communications — provides viewership data to advertisers about 85 million households and has existed since 1981. Last weekend, the Black Basta ransomware gang claimed to have attacked the company, according to cybersecurity researcher Dominic Alvieri.
In a statement to Recorded Future News, the company confirmed it had dealt with a ransomware incident but declined to say when the attack occurred or whether a ransom would be paid.
https://therecord.media/ampersand-television-advertising-sales-company-ransomware
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Oct 2023 10:37
IBM Says 631K Affected in Johnson & Johnson Database Breach
IBM Blames 'Technical Method' for Allowing Unauthorized Access to Patient Info
The data breach, which was publicly disclosed last month by IBM and Johnson & Johnson but was just posted this week on the Department of Health and Human Services' HIPAA Breach Reporting Tool website, is also already the subject of at least two proposed federal class action lawsuits filed against the companies.
On Oct. 2, a federal judge in the U.S. District Court for the Southern District of New York who is handling the two lawsuits, which were filed in late September, ordered that the pair of cases be consolidated.
https://www.bankinfosecurity.com/ibm-says-631k-affected-in-johnson-johnson-database-breach-a-23335
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Oct 2023 10:29
APT trends report Q3 2023
For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
This is our latest installment, focusing on activities that we observed during Q3 2023.
https://securelist.com/apt-trends-report-q3-2023/110752/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 10:16
Google will start scanning for Android malware in real time
Having to worry less about what's on your phone is a win in our book
🌀 Android users can take advantage of the openness of their smartphone by sideloading apps outside the Google Play Store, but this can be risky due to potential malware.
🌀 Google has introduced an enhanced version of Google Play Protect to provide better protection against malicious apps, including real-time scanning at the code-level.
🌀 The new version of Google Play Protect will be rolled out in India first before expanding to the rest of the world, offering stronger protection for Android users globally.
https://www.androidpolice.com/google-play-protect-enhanced/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 10:06
Casio keyed up after data loss hits customers in 149 countries
Crooks broke into the ClassPad server and swiped online learning database
Japanese electronics giant Casio said miscreant broke into its ClassPad server and stole a database with personal information belonging to customers in 149 countries
ClassPad is Casio education web app, and in a Wednesday statement on its website, the firm said an intruder breached a ClassPad server and swiped hundreds of thousands of "items" belonging to individuals and organizations around the globe
As of Oct 18, the crooks accessed 91,921 items belonging to Japanese customers, including individuals and 1,108 educational institution customers, as well as 35,049 items belonging to customers from 148 other countries. If Casio finds additional customers were compromised, it promises to update this count
https://www.theregister.com/2023/10/19/casio_data_theft
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 09:48
North Korean Attackers Exploiting Critical CI/CD Vulnerability
North Korean threat actors are actively exploiting a critical vulnerability in a continuous integration/continuous deployment (CI/CD) application used in software development, Microsoft has warned.
The tech giant said it has observed two North Korean nation-state actors – Diamond Sleet and Onyx Sleet – exploiting the remote code execution vulnerability, CVE-2023-42793, since early October 2023.
https://www.infosecurity-magazine.com/news/north-korean-exploiting-critical/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
20 Oct 2023 09:37
E-Root admin faces 20 years for selling stolen RDP, SSH accounts
Sandu Diaconu, the operator of the E-Root marketplace, has been extradited to the U.S. to face a maximum imprisonment penalty of 20 years for selling access to compromised computers.
The Moldovan defendant was arrested in the U.K. in May 2021 while attempting to flee the country following the authorities' seizure of E-Root's domains in late 2020.
Last month, Diaconu consented to be extradited to the United States for wire fraud, money laundering, computer fraud, and access device fraud.
https://www.bleepingcomputer.com/news/security/e-root-admin-faces-20-years-for-selling-stolen-rdp-ssh-accounts/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Oct 2023 12:37
A flaw in Synology DiskStation Manager allows admin account takeover
A vulnerability in Synology DiskStation Manager (DSM) could be exploited to decipher an administrator’s password.
Researchers from Claroty’s Team82 discovered a vulnerability, tracked as CVE-2023-2729 (CVSS score 5.9), in Synology DiskStation Manager (DSM).
Team82 discovered the use of a weak random number generator in Synology’s DiskStation Manager (DSM) Linux-based operating system running on the NAS products.
https://securityaffairs.com/152645/hacking/synology-diskstation-manager-admin-account-takeover.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Oct 2023 12:34
Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms
Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information.
Tracked as CVE-2023-4966 (CVSS score: 9.4), the vulnerability impacts the following supported versions -
https://thehackernews.com/2023/10/critical-citrix-netscaler-flaw.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Oct 2023 12:19
Threat Brief: Cisco IOS XE Web UI Privilege Escalation Vulnerability
On Oct. 16, 2023, Cisco published a security advisory detailing an actively exploited privilege escalation zero-day vulnerability impacting Cisco IOS XE devices. The vulnerability (CVE-2023-20198) has a criticality score of 10, according to the National Vulnerability Database, and it would allow an attacker to create an account with the highest privileges possible.
According to our attack surface telemetry, analysts have observed 22,074 implanted IOS XE devices since at least 18 October 2023.
Cisco recommends customers disable the HTTP Server feature on all internet-facing systems or untrusted networks.
https://unit42.paloaltonetworks.com/threat-brief-cve-2023-20198-cisco-ios-xe/
#oscp #iocteams #spread #snortteams
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Oct 2023 12:16
Money-making scripts attack organizations
In April of this year, the FBI published an advisory on attacks targeting government, law enforcement, and non-profit organizations. Attackers download scripts onto victims’ devices, delivering several types of malware all at once. The main aim is to utilize company resources for mining, steal data using keyloggers, and gain backdoor access to systems.
According to our telemetry data, we have detected numerous scripts, executables, and associated links under this campaign since late 2022. We were still finding new versions at the time of writing, so the threat to B2B is still live. Enterprise resources and data remain at risk.
https://securelist.com/miner-keylogger-backdoor-attack-b2b/110761/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Oct 2023 12:12
Hacker Group GhostSec Unveils New Generation Ransomware Implant
Dark web watchdog SOCRadar has revealed that GhostSec, a self-described "vigilante" group that has recently turned to financially motivated cyber activity, has released a novel type of ransomware, called GhostLocker.
GhostSec presents GhostLocker as a game-changing locking software that includes military-grade encryption during runtime and the promise of complete undetectability.
https://www.infosecurity-magazine.com/news/hacker-ghostsec-unveils-new/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
19 Oct 2023 12:07
Ukrainian activists hack Trigona ransomware gang, wipe servers
A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available.
The Ukrainian Cyber Alliance fighters say they exfiltrated all of the data from the threat actor’s systems, including source code and database records, which may include decryption keys.
Trigona ransomware out of commission
Ukrainian Cyber Alliance hackers gained access to Trigona ransomware’s infrastructure by using a public exploit for CVE-2023-22515, a critical vulnerability in Confluence Data Center and Server that can be leveraged remotely to escalate privileges.
https://www.bleepingcomputer.com/news/security/ukrainian-activists-hack-trigona-ransomware-gang-wipe-servers/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Oct 2023 10:49
D-Link confirms data breach, but downplayed the impact
Taiwanese manufacturer D-Link confirmed a data breach after a threat actor offered for sale on BreachForums stolen data.
The global networking equipment and technology company D-Link confirmed a data breach after a threat actor earlier this month offered for sale on the BreachForums platform the stolen data.
The company became aware of the a claim of data breach on October 2, 2023 and immediately launched an investigation into the alleged incident with the help of the security firm Trend Micro.
D-Link pointed out that the incident did not impact its operations.
https://securityaffairs.com/152631/hacking/d-link-confirmed-data-breach.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Oct 2023 10:46
Knight Ransomware Group Claims Cyberattack on BMW Munique Motors
Interestingly, despite the severity of the claims, the website for BMW Munique Motors remains operational and shows no overt signs of an attack.
The notorious Knight ransomware group has asserted responsibility for a cyberattack on BMW Munique Motors, the authorized BMW dealership for the State of Rondônia. This cyberattack claim was posted on the dark web channel frequently used by the Knight ransomware group.
Adding to the gravity of the situation, the threat actors left a message for visitors, stating, “At the end of the countdown, the download links will be displayed here.”
https://thecyberexpress.com/cyberattack-on-bmw-munique-motors/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Oct 2023 10:43
Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems.
The vulnerabilities, tracked as CVE-2023-37265 and CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10.
Sonar security researcher Thomas Chauchefoin, who discovered the bugs, said they "allow attackers to get around authentication requirements and gain full access to the CasaOS dashboard."
https://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Oct 2023 10:36
Operation King TUT: The universe of threats in LATAM
ESET researchers reveal a growing sophistication in threats affecting the LATAM region by employing evasion techniques and high-value targeting
Much like the life and mysterious demise of Pharaoh Tutankhamun, also known as King Tut, the threat landscape in Latin America (LATAM) remains shrouded in mystery. This is primarily due to the limited global attention on the evolving malicious campaigns within the region. While notable events like ATM attacks, the banking trojans born in Brazil, and the Machete cyberespionage operations have garnered media coverage, we are aware that there is more to the story.
https://www.welivesecurity.com/en/eset-research/operation-king-tut-universe-threats-latam/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Oct 2023 10:26
Fake Browser Updates Used in Malware Distribution
Cybersecurity researchers from Proofpoint have identified a rising trend in threat activity that employs fake browser updates to disseminate malware.
At least four distinct threat clusters have been tracked utilizing this deceptive tactic. Fake browser updates are compromised websites that display fake notifications mimicking popular browsers like Chrome, Firefox or Edge, luring users into downloading malicious software instead of legitimate updates.
https://www.infosecurity-magazine.com/news/fake-browser-updates-malware/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
4200