cRyPtHoN™ INFOSEC (EN)
02 Nov 2023 04:21
Google CEO defends paying Apple and others to make Google the default search engine on devices
WASHINGTON (AP) — Testifying in the biggest U.S. antitrust case in a quarter century, Google CEO Sundar Pichai defended his company’s practice of paying Apple and other tech companies to make Google the default search engine on their devices, saying the intent was to make the user experience “seamless and easy.’’
The Department of Justice contends that Google — a company whose very name is synonymous with scouring the internet — pays off tech companies to lock out rival search engines to smother competition and innovation. According to court documents the government entered into the record last week, the payments came to more than $26 billion in 2021,
https://apnews.com/article/google-apple-antitrust-default-search-engine-6f6755230dfda8e57d23903ac9dc79ab
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
02 Nov 2023 04:17
Conducting Robust Learning for Empire Command and Control Detection
PowerShell Empire is a popular post-exploitation framework used by threat actors, and it remains an ongoing threat. Using machine learning (ML) and artificial intelligence (AI) methods, we have developed an extremely effective system to detect Empire's command and control (C2) traffic.
In this article, we review the Empire framework, examine Empire C2 traffic and discuss issues affecting ML-based C2 detection. The primary issue is adversarial attacks, a category of AI attack that threat actors can use to poison or evade ML-based detection. We solved this challenge by developing a learning system using a more robust model with adversarial training.
https://unit42.paloaltonetworks.com/empire-c2-helps-train-machine-learning-framework/
#oscp #iocteams #spread #snortteams
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
02 Nov 2023 04:11
NextGen interoperability tool vulnerable to RCE attack
Threat actors could execute on a remote code execution vulnerability in Mirth Connect, a cross-platform communications tool, to gain access and compromise data, according to the NIST national vulnerability database.
MITRE entered CVE-2023-43208 into the catalog of vulnerability exploits on Thursday and the National Institute of Standards and Technology says the flaw, which impacts certain versions of NextGen software and could result in remote code execution, is currently waiting for analysis.
WHY IT MATTERS
"Instances of NextGen Healthcare Mirth Connect before version 4.4.1 are vulnerable to unauthenticated remote code execution Mirth Connect by NextGen Healthcare," according to NIST.
https://www.healthcareitnews.com/news/nextgen-interoperability-tool-vulnerable-rce-attack
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
02 Nov 2023 04:04
Who killed Mozi? Finally putting the IoT zombie botnet in its grave
How ESET Research found a kill switch that had been used to take down one of the most prolific botnets out there
In August 2023, the notorious Mozi botnet, infamous for exploiting vulnerabilities in hundreds of thousands of IoT devices each year, experienced a sudden and unanticipated nosedive in activity. First observed in India on August 8th, 2023 and a week later in China on August 16th, this mysterious disappearance stripped Mozi bots of most of their functionality.
https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
02 Nov 2023 03:55
Chrome 119 Patches 15 Vulnerabilities
Chrome 119 is rolling out to Linux, macOS, and Windows users with patches for 15 vulnerabilities.
Google on Tuesday announced the release of Chrome 119 to the stable channel with patches for 15 vulnerabilities, including 13 reported by external researchers.
Three of the externally reported bugs have a severity rating of ‘high’, and are described as inappropriate implementation in Payments (CVE-2023-5480), insufficient data validation in USB (CVE-2023-5482), and integer overflow in USB (CVE-2023-5849).
https://www.securityweek.com/chrome-119-patches-15-vulnerabilities/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 08:29
Samsung Auto Blocker: new Samsung Galaxy Security tool
Samsung Auto Blocker is a new security tool for Samsung Galaxy devices that promises to protect devices from certain threats. The opt-in feature is part of One UI 6, which Samsung is rolling out currently to first Samsung Galaxy devices alongside Android 14.
Samsung describes Auto Blocker as "an opt-in package of additional security measures that gives users more choice as they explore the customizations enabled by Samsung Galaxy’s open ecosystem".
Samsung Galaxy owners may enable Auto Blocker in the Settings under Security and Privacy > Auto Blocker.
https://ghacks.net/2023/11/01/samsung-auto-blocker-new-samsung-galaxy-security-tool/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 08:22
Russia to launch its own version of VirusTotal due to US snooping fears
The Russian government plans to have its own analogous version of the malware scanning platform VirusTotal up and running within the next two years, due to concerns the U.S. government could access data from the popular Google-owned service.
VirusTotal is an online service that lets organizations upload suspected malware to be checked against a range of antivirus tools. These checks are shared with the cybersecurity community, creating a library of malware signatures to help detect attempted attacks and develop threat intelligence.
https://therecord.media/russia-launching-own-malware-repository-virustotal
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 08:18
FDA medical IoT cyber device compliance. FD&C 524b
Medical cyber device market
There are over 10,000 medical device companies across the world, 6,500+ of which are headquartered in the United States. While these organizations range from the F500 to smaller start-ups, the combined value of these companies is staggering. The FDA predicts that within the next five years, the medical device market will balloon to over $300 billion dollars annually (source: Statistca). That’s larger than the annual GDP of more than half of the states in the US.
https://www.pentestpartners.com/security-blog/fda-medical-iot-cyber-device-compliance-fdc-524b/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 08:14
FujiFilm printer credentials encryption issue fixed
🌀 Many multi-function printers made by FujiFilm Business Innovation Corporation (Fujifilm) which includes Apeos, ApeosPro, PrimeLink and RevoriaPress brands as well as Xerox Corporation (Xerox) which includes VersaLink, PrimeLink, and WorkCentre brands, allow administrators to store credentials on them to allow users to upload scans and other files to FTP and SMB file servers.
🌀 With the default configuration of these printers, it’s possible to retrieve these credentials in an encrypted format without authenticating to the printer.
🌀 A vulnerability in the encryption process of these credentials means that you can decrypt them with responses from the web interface. This has been given the ID CVE-2023-46327.
https://www.pentestpartners.com/security-blog/fujifilm-printer-credentials-encryption-issue-fixed/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 08:09
How Telegram Became a Terrifying Weapon in the Israel-Hamas War
Hamas posted gruesome images and videos that were designed to go viral. Sources argue that Telegram’s lax moderation ensured they were seen around the world.
At around 8 am local time the morning of October 7, Haaretz’s cyber and disinformation reporter, Omer Benjakob, was woken by his wife at their home in the historic port city of Jaffa. Something was happening in southern Israel, she said, but Benjakob shrugged it off, presuming “another round of the same shit.” Flare-ups between the Israel Defense Forces (IDF) and militants in southern Israel are not uncommon. “No, no,” Benjakob’s wife insisted. “It’s more serious.”
https://www.wired.com/story/telegram-hamas-israel-conflict/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 08:03
How GoGuardian Invades Student Privacy
GoGuardian is a student monitoring tool that watches over twenty-seven million students across ten thousand schools, but what it does exactly, and how well it works, isn’t easy for students to know. To learn more about its functionality, accuracy, and impact on students, we filed dozens of public records requests and analyzed tens of thousands of results from the software. Using data from multiple schools in both red and blue states, what we uncovered was that, by design, GoGuardian is a red flag machine—its false positives heavily outweigh its ability to accurately determine whether the content of a site is harmful.
https://www.eff.org/deeplinks/2023/10/how-goguardian-invades-student-privacy
https://www.redflagmachine.com/learn-more
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 07:55
Mass exploitation of CitrixBleed vulnerability, including a ransomware group
Three days ago, AssetNote posted an excellent write up about CitrixBleed aka CVE-2023–4966 in Citrix Netscaler/ADC/AAA/whatever it is called today.
This vulnerability is now under mass exploitation. A few weeks ago it was under limited targeted exploitation to allow network access. It’s not AssetNote’s fault — it was clear multiple groups had already obtained technical details.
The patch became available on October 10th. Even if you applied the patch and rebooted, you still have a problem as session token persist.
https://doublepulsar.com/mass-exploitation-of-citrixbleed-vulnerability-including-a-ransomware-group-1405cbb9de18?gi=15d559a6c17f
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 07:48
India's biggest data breach? Hacking gang claims to have stolen 815 million people's personal information
The personal information of more than 815 million people in India has reportedly been leaked online.
According to local media reports, hackers have offered for sale the personally identifiable information (PII) - including that found on Aadhaar identity cards - belonging to hundreds of millions of Indian residents.
A threat actor calling themselves "pwn0001" posted on the Breach Forums black hat hacking site said that they had the records of 815 million people available, including Aadhaar and passport information, names, phone numbers, and addresses.
https://www.bitdefender.com/blog/hotforsecurity/indias-biggest-data-breach-hacking-gang-claims-to-have-stolen-815-million-peoples-personal-information/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 07:43
Kaspersky Exposes Lazarus’ New Campaign Exploiting Legitimate Software
Woburn, MA – October 27, 2023 — A new campaign by the infamous Lazarus group that is targeting organizations worldwide has been uncovered by Kaspersky's Research and Analysis Team (GReAT). The research presented at Security Analyst Summit (SAS) revealed a sophisticated APT campaign distributed via malware and spread through legitimate software.
The GReAT team identified a series of cyber incidents that involved targets being infected through legitimate software designed to encrypt web communication using digital certificates. Despite vulnerabilities being reported and patched, organizations worldwide still used the flawed version of the software, providing an entry point for the infamous Lazarus group.
https://usa.kaspersky.com/about/press-releases/2023_kaspersky-exposes-lazarus-new-campaign-exploiting-legitimate-software
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 07:37
Avast confirms it tagged Google app as malware on Android phones
Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday.
On affected devices, users were warned to immediately uninstall the Google app because it could secretly send SMS messages, download and install other apps, or steal their sensitive information.
Others saw a different alert, telling them that the Google app was a trojan that could provide remote access to their device and allow attackers to install malware and steal the users' data.
https://www.bleepingcomputer.com/news/security/avast-confirms-it-tagged-google-app-as-malware-on-android-phones/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
02 Nov 2023 04:19
Threat Brief: Citrix Bleed CVE-2023-4966
On Oct. 10, 2023, Citrix published a patch for their Netscaler ADC and Netscaler Gateway products. One particular vulnerability that this patch is meant to mitigate has come to be known as Citrix Bleed (CVE-2023-4966).
This nickname was given because the vulnerability can leak sensitive information from the device’s memory, which can include session tokens. Attackers can then use these credentials to gain a foothold into systems via session hijacking. At the time of the patch, Citrix was unaware of ongoing attacks using this vulnerability but has since stated that they have observed threat actors using it.
https://unit42.paloaltonetworks.com/threat-brief-cve-2023-4966-netscaler-citrix-bleed/
#oscp #iocteams #spread #snortteams
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
02 Nov 2023 04:15
Meta faces EU ban on Facebook, Instagram targeted advertising
The European Data Protection Board has extended the temporary ban on targeted advertising on Facebook and Instagram, imposed by the Norwegian Data Protection Authority (DPA) in July.
As the Norwegian DPA (Datatilsynet) explained in July, Meta uses content preferences, the info users post on Facebook and Instagram, and their location information to build personalized profiles for targeted advertising, a tactic commonly known as behavioral advertising.
The European watchdog's 27 October urgent binding decision instructs Ireland's Data Protection Commission (DPC) to ban the processing of personal data for behavioral advertising across the entire European Economic Area (EEA) within two weeks.
https://www.bleepingcomputer.com/news/technology/meta-faces-eu-ban-on-facebook-instagram-targeted-advertising/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
02 Nov 2023 04:09
Accessible ActiveMQ Service Report
Introduction
This report identifies accessible Apache ActiveMQ servers on port 61616/TCP. ActiveMQ is a popular open source multi-protocol message broker.
ActiveMQ has a set of security features which should be enabled if possible.
Additionally, different ActiveMQ versions have had multiple CVE found in them in the past.
https://www.shadowserver.org/what-we-do/network-reporting/accessible-activemq-service-report/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
02 Nov 2023 03:59
Hunting Vulnerable Kernel Drivers
In information security, even seemingly insignificant issues could pose a significant threat. One notable vector of attack is through device drivers used by legitimate software developers. There are numerous available drivers to support legacy hardware in every industry, some of which are from businesses that have long stopped supporting the device. To continue operations, organizations rely upon these deprecated device drivers.
This creates a unique attack vector, as Microsoft Windows allows loading kernel drivers with signatures whose certificates are expired or revoked. This policy facilitates threat actors to disable security software functions or install bootkits using known vulnerable drivers.
https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 08:33
WiHD leak exposes details of all torrent users
World-in-HD (WiHD), a French private video torrent community, left an open instance exposing the emails and passwords of all of its users and administrators.
WiHD, a popular torrent tracker specializing in HD movies, inadvertently exposed tens of thousands of its users, the Cybernews research team has recently discovered.
WiHD is a private tracker dedicated to distributing high-definition video content. Registered users can access French and English-language TV series, movies, animation, and other content.
https://securityaffairs.com/153296/deep-web/wihd-data-leak.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 08:24
Five Guys discloses hack of 2 employees’ emails
The disclosure comes weeks after the company agreed to settle a federal class action suit stemming from a 2022 attack.
Five Guys disclosed a security breach where hackers gained access to the email accounts of two employees, according to consumer disclosure letters filed Friday with the attorneys general of California and Maine.
The breaches, discovered on June 7, were the result of business email compromise, Sam Chamberlain, COO of Five Guys, said in the filing with the Office of the Maine Attorney General. The Lorton, Va.-based hamburger chain, which has about 1,700 locations worldwide, did not indicate how many total individuals were impacted, but only three Maine residents were affected.
https://www.cybersecuritydive.com/news/five-guys-hack-employees-emails/698185/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 08:20
IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations
ReversingLabs has highlighted threats in npm, PyPI and RubyGEMS in recent years. This finding shows NuGet is equally exposed to malicious activities by threat actors.
ReversingLabs has identified connections between a malicious campaign that was recently discovered and reported by the firm Phylum and several hundred malicious packages published to the NuGet package manager since the beginning of August. The latest discoveries are evidence of what seems to be an ongoing and coordinated campaign.
Furthermore, ReversingLabs research shows how malicious actors are continuously improving their techniques and responding to the disruption of their campaigns.
https://www.reversinglabs.com/blog/iamreboot-malicious-nuget-packages-exploit-msbuild-loophole
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 08:17
This Florida School District Banned Cellphones. Here’s What Happened.
Schools in Orlando took a tougher approach than a new state law required. Student engagement increased. So did the hunt for contraband phones
One afternoon last month, hundreds of students at Timber Creek High School in Orlando poured into the campus’s sprawling central courtyard to hang out and eat lunch. For members of an extremely online generation, their activities were decidedly analog.
Dozens sat in small groups, animatedly talking with one another. Others played pickleball on makeshift lunchtime courts. There was not a cellphone in sight — and that was no accident.
https://www.nytimes.com/2023/10/31/technology/florida-school-cellphone-tiktok-ban.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 08:12
Republicans renew calls for TikTok ban as anti-Israel posts dominate app
Republican lawmakers are increasingly concerned about a tide of anti-Israel content on TikTok during the war with Hamas – and they are renewing their push to ban the China-owned app, The Post has learned.
While TikTok is highly secretive about the algorithms that distribute millions of short-form videos on the app daily, there are some telltale signs of the disproportionate amount of anti-Israel content on the app versus videos favoring Palestinians.
For example, the top result for the search phrase “stand with Palestine” had been viewed nearly 3 billion times as of Oct. 26, while the top result for “stand with Israel” was viewed just over 200 million times, according to one analysis that went viral on X.
https://nypost.com/2023/10/31/business/republicans-renew-calls-for-tiktok-ban-as-anti-israel-posts-dominate-app/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 08:06
Facebook and Instagram users threaten to DELETE their accounts as Meta reveals you'll have to pay €10/month for ad-free access
🌀 Meta has announced a subscription to have adverts removed from the platforms
🌀 It is launching a new paid-for option to comply with European Union regulations
Facebook and Instagram users have blasted the launch of a new paid-for service to remove adverts from the two platforms.
Mark Zuckerberg's Meta, the parent company which owns the two social media sites, said it was launching the subscription option to comply with EU regulations.
https://www.dailymail.co.uk/sciencetech/article-12692355/Facebook-Instagram-users-threaten-DELETE-accounts-Meta-reveals-youll-pay-10-month-ad-free-access.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 08:00
iOS 17.1 update still no defense against Flipper Zero iPhone crashes
Apple's latest iOS release does fix a raft of iPhone issues. Sadly, the Flipper Zero lockup bug remains a threat to any iOS device in its immediate vicinity.
All eyes are on iOS 17.1 to fix a raft of iPhone issues, from the overheating problems that made iPhones almost too hot to touch (early reports are positive here), that odd screen burn-in problem that wasn't burn-in (yes, that one seems fixed), to the more obscure nighttime rebooting bug (jury is out on this one). But there's one bug that I've been asked about more than any other.
https://www.zdnet.com/article/ios-17-1-update-still-no-defense-against-flipper-zero-iphone-crashes/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 07:53
What is a phishing text message?
Don't get scammed through texting
The internet is filled with scams. Fake ads, phishing emails, spam calls, and text messages are some of the ways you can lose your data and money. Nowadays, many scams are created by bots powered by advanced algorithms. Phishing texts are another type of scam, and they're growing in popularity. You can still be vulnerable even if you use one of our favorite Android phones. Let's look at what these so-called "phishing texts" are and how you can protect yourself against them.
https://www.androidpolice.com/what-is-phishing-text-message/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 07:46
Indian politicians say Apple warned them of state-sponsored attacks
Nobody knows which state, but India’s government never quite shrugged off claims it uses spyware
Indian politicians and media figures have reported that Apple has warned them their accounts may be under attack by state-sponsored actors.
All of the politicians who received the warnings are members of opposition parties. One recipient, MP Mahua Moitra, shared a screenshot of the email she received from threat-notifications@apple.com, which stated “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID.”
https://www.theregister.com/2023/11/01/india_apple_state_attack_warnings/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 07:39
Arid Viper disguising mobile spyware as updates for non-malicious Android applications
Arid Viper mobile malware shares similarities with non-malicious dating application
The mobile malware deployed by Arid Viper in this campaign shares similarities with the non-malicious dating application Skipped, in that it has a similar name and uses the same shared project on the application development platform Firebase. These overlaps, explained in further detail below, suggest the Arid Viper operators may be linked to Skipped’s developers, and/or they may have illicitly copied characteristics of the non-malicious application in order to entice and deceive users into downloading their malware.
https://blog.talosintelligence.com/arid-viper-mobile-spyware/
#oscp #iocteams #spread #snortteams
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
01 Nov 2023 07:34
From Albania to the Middle East: The Scarred Manticore is Listening
Check Point Research, in collaboration with Sygnia’s Incident Response Team, has been tracking and responding to the activities of Scarred Manticore, an Iranian nation-state threat actor that primarily targets government and telecommunication sectors in the Middle East. Scarred Manticore, linked to the prolific Iranian actor OilRig (a.k.a APT34, EUROPIUM, Hazel Sandstorm), has persistently pursued high-profile organizations, leveraging access to systematically exfiltrate data using tailor-made tools.
In the latest campaign, the threat actor leveraged the LIONTAIL framework, a sophisticated set of custom loaders and memory resident shellcode payloads.
https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
4200