Infosec Press

Reader

Read the latest posts from Infosec Press.

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🎭 Massive hack-for-hire scandal rocks Italian political elites cybercrime – A hack-for-hire scheme exposed sensitive data of top Italian politicians, raising serious concerns about democracy and privacy. Investigations have led to arrests and calls for stronger security measures. https://www.politico.eu/article/hacking-scandal-italy-matteo-renzi-sergio-mattarella-equalize-nunzio-samuele-calamucci/

💻 Black Basta affiliates used Microsoft Teams in recent attacks security research – Black Basta ransomware affiliates are now using Microsoft Teams to impersonate IT support, tricking employees into granting access and spreading malware through malicious QR codes. https://securityaffairs.com/170311/cyber-crime/black-basta-ransomware-microsoft-teams.html

🔓 Free, France’s second-largest telecoms company, confirms being hit by cyberattack data breach – Free confirmed a cyberattack that compromised personal data of subscribers, with over 19 million potentially affected. The company has reported the breach and is enhancing security measures. https://therecord.media/france-telecom-free-cyberattack

🤖 Hospitals adopt error-prone AI transcription tools despite warnings security news – OpenAI's Whisper tool is generating fabricated medical transcripts, raising serious concerns for patient care. Despite warnings, many healthcare providers are using it, risking accuracy in critical situations. https://arstechnica.com/ai/2024/10/hospitals-adopt-error-prone-ai-transcription-tools-despite-warnings/

📚 Die digitale Bildung unter der Lupe: Eine Analyse von Schul- und Lern-Apps privacy – The article examines school and learning apps, focusing on their effectiveness and privacy implications. It emphasizes the need for scrutiny in digital education tools to protect user data. https://www.kuketz-blog.de/die-digitale-bildung-unter-der-lupe-eine-analyse-von-schul-und-lern-apps/

🏃‍♂️ Macron's bodyguards show his location by sharing Strava data privacy – An investigation revealed that President Macron's bodyguards inadvertently shared their locations on Strava, exposing sensitive information about his whereabouts and security arrangements. https://www.theregister.com/2024/10/29/macron_location_strava/

🏡 QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024 vulnerability – QNAP patched a critical zero-day vulnerability (CVE-2024-50388) exploited at Pwn2Own Ireland 2024, allowing remote code execution on TS-464 NAS devices. The flaw was quickly addressed following the demonstration. https://securityaffairs.com/170386/uncategorized/qnap-fixed-zero-day-cve-2024-50388-pwn2own-ireland-2024.html

🦠 Malware campaign expands its use of fake CAPTCHAs malware – A new malware campaign utilizes fake CAPTCHAs to deliver Lumma and Amadey malware, targeting users on various websites. Clicking the CAPTCHA triggers malicious code, leading to data theft and browser credential extraction. https://therecord.media/fake-captcha-malware-campaign-lumma-amadey

🤬 Google CEO says over 25% of new Google code is generated by AI security news – Google's CEO announced that AI now generates over 25% of new code at the company, aiding developers' productivity. While AI tools are popular, concerns about bugs and security remain. Comment: I can't express how scary this sounds to me. https://arstechnica.com/ai/2024/10/google-ceo-says-over-25-of-new-google-code-is-generated-by-ai/

🎢 Windows Themes 0-day opens door to NTLM credential theft vulnerability – A zero-day vulnerability in Windows Themes allows attackers to steal NTLM credentials by tricking users into handling malicious theme files. A free micropatch from Acros Security is available while awaiting a Microsoft fix. https://www.theregister.com/2024/10/30/zeroday_windows_themes/

📞 New version of Android malware FakeCall redirects bank calls to scammers cybercrime – The updated FakeCall malware for Android redirects bank calls to scammers, stealing sensitive information and funds. It mimics the Android dialer, tricking users into granting it default call handler permissions. https://securityaffairs.com/170410/malware/fakecall-malware-intercepts-outgoing-bank-calls.html

🛒 Satori Threat Intelligence Alert: Phish ’n’ Ships Fakes Online Shops to Steal Money and Credit Card Information cybercrime – Satori uncovered a fraud operation, Phish ’n’ Ships, exploiting fake online shops to steal credit card information. The scheme, which has affected hundreds of thousands of consumers, uses infected websites to redirect users to counterfeit stores, resulting in significant financial losses. https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-phish-n-ships-fakes-online-shops-to-steal-money-and-credit-card-information

🎣 Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files security research – Midnight Blizzard, a Russian threat actor, is executing a spear-phishing campaign targeting government and academic sectors using signed RDP files to redirect victims to actor-controlled servers for intelligence collection. https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/

🍽️ Fired Disney worker accused of hacking into restaurant menus, replacing them with Windings and false peanut allergy information security news – A former Disney employee allegedly hacked the restaurant menu system, changing fonts to Wingdings and removing allergy info, risking safety. He faces multiple charges, including a denial-of-service attack on Disney staff. https://www.bitdefender.com/en-us/blog/hotforsecurity/fired-disney-worker-hacking-restaurant-menus-replacing-false-peanut-allergy/

🛎️ Booking.com Phishers May Leave You With Reservations cybercrime – A spear-phishing campaign targeting Booking.com users exploits stolen credentials from hotel partners, allowing scammers to send fraudulent messages. Booking.com is enhancing security measures, including mandatory 2FA, but threats persist as cybercriminals adapt. https://krebsonsecurity.com/2024/11/booking-com-phishers-may-leave-you-with-reservations/


Some More, For the Curious

👮‍♀️ Law Enforcement Deanonymizes Tor Users security news – German police have managed to deanonymize several Tor users by monitoring known relays and applying timing analysis, raising concerns about the effectiveness of Tor's anonymity. https://www.schneier.com/blog/archives/2024/10/law-enforcement-deanonymizes-tor-users.html

🔐 Five Eyes tell tech startups to take infosec seriously cyber defense – The Five Eyes nations have issued security principles for tech startups to combat threats like IP theft. They emphasize understanding risks, securing products, and managing partnerships as essential practices. https://www.theregister.com/2024/10/29/five_eyes_secure_innovation_campaign/

🦠 Fog and Akira ransomware attacks exploit SonicWall VPN flaw warning – Fog and Akira ransomware groups are exploiting a critical SonicWall VPN vulnerability (CVE-2024-40766) to breach corporate networks, emphasizing the need for urgent patching to mitigate risks. https://securityaffairs.com/170359/cyber-crime/fog-akira-ransomware-sonicwall-vpn-flaw.html

🔍 How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware cybercrime – U.S. prosecutors charged Maxim Rudometov for developing Redline malware, tracing him through opsec mistakes like using identifiable email and social accounts, leading to his arrest in Operation Magnus. https://techcrunch.com/2024/10/29/how-a-series-of-opsec-failures-led-us-authorities-to-the-alleged-developer-of-the-redline-password-stealing-malware/

🎛️ Writing a BugSleep C2 server and detecting its traffic with Snort security research – Researchers analyzed the BugSleep RAT, detailing its C2 protocol and methods for traffic detection using Snort. They implemented rules to identify and block its communications effectively. https://blog.talosintelligence.com/writing-a-bugsleep-c2-server/

👺 Here’s the paper no one read before declaring the demise of modern cryptography security news – Amidst alarmist claims about quantum computing threatening encryption, experts clarify that recent research does not break RSA or AES. Instead, it finds known vulnerabilities using quantum methods without significant advancements. https://arstechnica.com/information-technology/2024/10/the-sad-bizarre-tale-of-hype-fueling-fears-that-modern-cryptography-is-dead/

🔑 Hackers find 15,000 credentials by scanning for git configuration data breach – Sysdig discovered over 15,000 stolen cloud service credentials in an open AWS bucket, collected by the EMERALDWHALE operation targeting exposed git configurations for spam and phishing campaigns. https://cyberscoop.com/sysdig-git-credentials-cloud-service-emeraldwhale/

🔓 Chinese state-backed hackers breached 20 Canadian government networks over four years, agency warns security news – Chinese hackers have compromised 20 Canadian government networks in four years, targeting critical infrastructure and innovation sectors. The threat includes espionage, IP theft, and influence operations, as noted by Canada’s cyber agency. https://therecord.media/canada-20-government-agencies-hacked-china-last-four-years

❎ Colorado scrambles to change voting-system passwords after accidental leak data breach – The Colorado Department of State is urgently updating passwords after accidentally posting a spreadsheet with partial voting system passwords online. Officials assert there is no immediate security threat, but the GOP criticizes the handling of the incident. https://arstechnica.com/tech-policy/2024/10/colorado-scrambles-to-change-voting-system-passwords-after-accidental-leak/

🐱 Hack Nintendo's Alarmo to run code (cat pics)? Let's-a go! hacking write-up – Hacker GaryOderNichts exploited a vulnerability in Nintendo's Alarmo clock to run custom code, including displaying cat pictures. The hack utilized findings from researcher Naomi Smith and involved accessing the device's firmware. https://www.theregister.com/2024/11/01/hack_nintendos_alarmo/

🔓 Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack vulnerability – A critical zero-click vulnerability in Synology's default photo app allows attackers to steal data from millions of NAS devices without user interaction. Researchers warn this could lead to ransomware attacks and unauthorized access. https://www.wired.com/story/synology-zero-click-vulnerability/

🔑 An Okta login bug bypassed checking passwords on some long usernames vulnerability – A vulnerability in Okta allowed logins without password checks for usernames over 52 characters for three months. The issue has been fixed by switching the cryptographic algorithm used for cache keys. https://www.theverge.com/2024/11/1/24285874/okta-52-character-login-password-authentication-bypass

🚿 Chinese threat actors use Quad7 botnet in password-spray attacks cybercrime – Microsoft warns that Chinese threat actors are using the Quad7 botnet to conduct password-spray attacks, targeting SOHO devices and VPNs to steal credentials. The botnet exploits vulnerabilities in various routers to relay brute-force attacks. https://securityaffairs.com/170503/malware/quad7-botnet-used-by-chinese-threat-actors.html

🧰 BOFHound: AD CS Integration cyber defense – The BOFHound tool now supports parsing Active Directory Certificate Services (AD CS) objects for better attack path mapping in BloodHound. It allows for manual LDAP queries and enhances visibility into AD environments while maintaining stealth. https://posts.specterops.io/bofhound-ad-cs-integration-91b706bc7958

🔧 A Deeper Look at FortiJump (FortiManager CVE-2024-47575) vulnerability – CVE-2024-47575, known as FortiJump, is a critical vulnerability in FortiManager that allowed unauthorized access to devices due to missing authentication. Although the flaw has been patched, researchers warn about the potential for command injection exploits. https://bishopfox.com/blog/a-look-at-fortijump-cve-2024-47575


CISA Corner

🔒 Apple Releases Security Updates for Multiple Products security news – Apple has released critical security updates for various products to address vulnerabilities and enhance user protection. Users are encouraged to apply these updates promptly. https://www.cisa.gov/news-events/alerts/2024/10/29/apple-releases-security-updates-multiple-products 📧 Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments cybercrime – CISA reports a large-scale spear-phishing campaign targeting government and IT sectors using malicious RDP files. Organizations are urged to implement security measures like restricting RDP connections and enabling multi-factor authentication. https://www.cisa.gov/news-events/alerts/2024/10/31/foreign-threat-actor-conducting-large-scale-spear-phishing-campaign-rdp-attachments

⚠️ Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation vulnerability – Fortinet has revised its advisory for the critical FortiManager vulnerability (CVE-2024-47575), adding new workarounds and indicators of compromise. CISA urges users to apply updates and monitor for malicious activity. https://www.cisa.gov/news-events/alerts/2024/10/30/fortinet-updates-guidance-and-indicators-compromise-following-fortimanager-vulnerability

⚙️ CISA Releases Three Industrial Control Systems Advisories warning – CISA has issued three advisories addressing vulnerabilities in Siemens, Solar-Log, and Delta Electronics ICS devices, urging users to review them for security updates and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/29/cisa-releases-three-industrial-control-systems-advisories ⚙️ CISA Releases Four Industrial Control Systems Advisories warning – CISA has issued four advisories addressing vulnerabilities in Rockwell Automation and Mitsubishi Electric ICS products, urging users to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/31/cisa-releases-four-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Kevin Neely's Security Notes

I’ve been a “dabbler” with crewAI for a while now, having come across it in March of 2024 and tinkering when I have some time. I love the idea of task-based LLM actions that are specific enough that you can use lower cost but specifically-trained models for the tasks, even running those models on your own hardware. A few weeks back, my team at work used CrewAI for a hackathon in an effort to automate an onerous process, and it came out pretty well!

So, when I saw that they have a couple official training videos on a new e-learning platform called DeepLearning.ai, I figured I’d check them out. #CrewAI is evolving rapidly, and the some of the notes I’ve taken over the past 8 months aren’t even applicable anymore, so I figured this was a great way to level-set and fill in gaps in my knowledge.

I’m not going to describe CrewAI here, other than it’s a framework for easily building multi-agent teams and requires little to no coding experience. How CrewAI works is well-explained in the first fifteen minutes of the course, so at least listen to that part!

About the Course

The course, Multi AI Agent Systems with crewAI, follows a flow familiar to anyone that has taken online courses, and is taught by the creator of crewAI, João Moura. The lessons, ranging from a minute to 18 minutes, are a mix of descriptive lecture and hands-on coding. For the lessons where coding is involved, the window handily split-screens and on one side is an iPython notebook environment with the code pre-populated, so you can work through it as João explains what the code does.

You can also get an indication of the course and CrewAI by checking out my crewAI experimentation repo on GitHub.

Target Audience Analysis

Professionals working in project management, artificial intelligence, and team leadership can greatly enhance their skills in constructing multi-agent teams. Those keen on optimizing team performance, utilizing state-of-the-art technologies for collaborative work, and streamlining task execution processes would discover value in enrolling in specialized online classes tailored to augment their proficiency in this realm. Addressing prevalent challenges like steering diverse teams, accomplishing project goals in intricate scenarios, and keeping pace with evolving team dynamics is indispensable for professionals aiming to excel in their respective roles.

Content Outline

Introduction to Multi-Agent Teams

Familiarizing with the basics of multi-agent teams and their significance in managing complex tasks effectively.

Importance of Building Multi-Agent Teams for Complex Tasks

Unveiling the reasons why seamless collaboration among agents is crucial for successful task fulfillment.

Strategies for Creating Effective Multi-Agent Teams

Scrutinizing established methodologies for assembling and overseeing high-performing multi-agent teams.

Multi-Agent Crew Performance Examples

The bulk of the course is working through five clear examples of building multi-agent systems with CrewAI. The result is a set of real-world instances where multi-agent teams can perform and achieve remarkable results across diverse problems.

write_article

The first example is super simple: take a task you might do with a single prompt with an #LLM chatbot, such as chatGPT, and have it performed by multple agents, each with their own persona. This performs no research and the output is purely from the LLM, making it an easy entrypoint for anyone. (Hint: I had it write an article about taking an online course for developing multi-agent teams, and even incorporated a bit of it into this.)     – this one required an update from the training to run on the latest version of crewai.     – older versions of crewai used an integer for the verbose declaration, and if you are running the latest, you need to change that to a binary, e.g. True.

This example is definitely one you’ll want to revisit after you learn how to use and assign tools to your agents in the following lessons.

customer_support

This creates a customer support agent that can answer questions about a specific product or service. It does this by accessing the URL with the support documentation.

customer_outreach

This example creates some marketing lead material to reach out to a specific company that is a potential customer or partner for a second, i.e. “your” company.

event_planning

This example uses multiple agents to research, identify, create the logistics, and then create some marketing material for an event. It takes in parameters like city, size, and budget in order to find a viable venue. – I believe it was this one where I had to fiddle with the asynchronicity of the agents, since I understand that CrewAI needs to have the last agent to perform a task be performing that itself. I could have that wrong, but I had to change that to make mine work.

This is actually a super-cool example, but I found that the LLMs did not adhere to the parameters, often getting venues too small or ignoring the input I would provide while they were performing their tasks. That’s to be expected, however, and I think experimentation is the name of the game when it comes to building these systems.

resume_builder

The final one was to have the agents create bespoke resumes, based upon the job one is applying for. As opposed to the event planning exercise, the output on this one was very good, and I was impressed with how well it could craft a resume for the specific job, as well as anticipate some of the interview questions and provide some hints for how to answer them.

Conclusion

This course provides a clear and thorough introduction to crewAI, bringing the attendees to an intermediate level of being able to use the framework. By immersing themselves in the intricacies of multi-agent team dynamics, professionals can acquire the requisite knowledge and proficiency to thrive in today's collaborative work settings. Embracing online classes tailored to address the subtleties of forming effective multi-agent teams represents a proactive stride towards honing essential skills and keeping abreast in the ever-dynamic professional sphere.

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

⏳ Sicherheit: Worauf du beim Kauf eines neuen Android-Smartphones achten solltest security news – Many Android manufacturers fail to provide timely security updates, often delaying patches for years, leaving users vulnerable to threats and privacy issues. https://www.kuketz-blog.de/sicherheit-worauf-du-beim-kauf-eines-neuen-android-smartphones-achten-solltest/

🔎 Watch: Inside the FBI’s Secret Phone Company security research – The FBI secretly operated Anom, a secure app used by criminals, revealing how law enforcement exploited its popularity to monitor organized crime without users' knowledge. https://www.404media.co/watch-inside-the-fbis-secret-phone-company/

🧨 Internet Archive was breached twice in a month security news – The Internet Archive faced two breaches within a month, exposing 31 million user records due to mishandled authentication tokens, raising serious concerns about their security practices. https://securityaffairs.com/170068/data-breach/internet-archive-second-data-breach.html

🔒 HM Surf macOS vuln potentially exploited by Adloader malware vulnerability – A macOS vulnerability (CVE-2024-44133) may allow malware like Adloader to exploit user privacy by accessing cameras and microphones. Apple users are urged to update their systems immediately. https://www.theregister.com/2024/10/21/microsoft_macos_hm_surf/

🚧 ICE's $2 Million Contract With a Spyware Vendor Is Under White House Review privacy – ICE's $2 million contract with Paragon Solutions for spyware is under review for compliance with Biden's executive order on spyware, raising concerns about privacy and civil liberties. https://www.wired.com/story/ice-paragon-contract-white-house-review/

👤 Meta brings back face scanning to combat scams and account hacking privacy – Meta reintroduces facial recognition on Facebook and Instagram to help users recover hacked accounts and fight scam ads impersonating celebrities, following privacy concerns that led to its earlier removal. https://www.theverge.com/2024/10/22/24276593/meta-facebook-instagram-facial-recognition-tools-test-celeb-bait

🚨 Samsung zero-day flaw actively exploited in the wild vulnerability – A Samsung zero-day vulnerability (CVE-2024-44068) is being actively exploited, allowing privilege escalation on vulnerable Android devices. Security updates were released in October 2024 to address the issue. https://securityaffairs.com/170119/security/samsung-zero-day-activey-exploited.html

😉 Google Online Security Blog: 5 new protections on Google Messages to help keep you safe security news – Google introduces five new security features in Google Messages aimed at enhancing user safety, including spam protection and improved verification for messages, to combat scams and protect privacy. https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html

📱 WhatsApp is making a massive change to the way it saves your contacts security news – WhatsApp introduces a built-in contact manager that allows users to save contacts within the app, independent of their smartphone’s address book, enhancing privacy and ease of use. https://www.theverge.com/2024/10/22/24276714/whatsapp-built-in-contacts-address-book

🚫 Googles Manifest V3: Ein Schlag für Werbeblocker und Nutzerrechte privacy – Google's Manifest V3 introduces changes that undermine ad blockers and user rights, raising concerns about online privacy and control over web experiences. https://www.kuketz-blog.de/googles-manifest-v3-ein-schlag-fuer-werbeblocker-und-nutzerrechte/

📍 The Global Surveillance Free-for-All in Mobile Ad Data privacy – A lawsuit highlights how mobile ad data enables tracking of individuals, including law enforcement officers, through services like Babel Street, raising significant privacy concerns amidst a growing data broker industry. https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/

🦺 Ransomware gang stoops to new low, targets prominent nonprofit for disabled people cybercrime – The Rhysida ransomware group has targeted Easterseals, a nonprofit for disabled individuals, demanding $1.3 million after accessing personal data of nearly 15,000 people in a cyberattack. https://therecord.media/easterseals-central-illinois-data-breach

💣 The EU Throws a Hand Grenade on Software Liability security news – The EU is introducing strict software liability laws to hold software makers accountable for defects, contrasting with the US approach, which is lagging due to lobbying and lack of political will. https://news.risky.biz/the-eu-throws-a-hand-grenade-on-software-liability/

💸 LinkedIn hit with $335 million fine for using member data for ad targeting without consent privacy – Ireland's Data Protection Commission fined LinkedIn €310 million for violating GDPR by using member data for ads without consent, marking one of the largest fines against a tech company for data misuse. https://therecord.media/linkedin-hit-with-335-million-fine-gdpr-ireland

🕵️‍♂️ HYPR is latest firm to reveal hiring of fraudulent IT worker overseas cybercrime – HYPR exposed an incident involving a fraudulent IT worker from a contracting agency, highlighting the need for enhanced vetting processes to prevent hiring scams amid rising concerns of fake remote employees. https://cyberscoop.com/hypr-hired-fraudulent-tech-worker-overseas/

🥽 How the ransomware attack at Change Healthcare went down: A timeline cybercrime – A ransomware attack on Change Healthcare in February 2024 led to a massive data breach affecting over 100 million people, revealing vulnerabilities in cybersecurity and prompting extensive investigations. https://techcrunch.com/2024/10/24/how-the-ransomware-attack-at-change-healthcare-went-down-a-timeline/

🔧 It Is Now Legal to Hack McFlurry Machines (and Medical Devices) to Fix Them security news – A new federal rule allows the circumvention of digital locks on McFlurry machines and medical devices for repair purposes, highlighting ongoing issues with manufacturer control over equipment and the need for further repair legislation. https://www.404media.co/it-is-now-legal-to-hack-mcflurry-machines-and-medical-devices-to-fix-them/

🤔 Prominent crypto critic says someone offered bribes to take down a blog post security news – Molly White, a crypto critic, reported being offered bribes to remove a post about a fraud case involving Roman Ziemian. After declining the bribe, she received a dubious DMCA takedown request from someone claiming to be a lawyer. https://techcrunch.com/2024/10/25/prominent-crypto-critic-says-someone-offered-bribes-to-take-down-a-blog-post/


Some More, For the Curious

🛡️ Update #1 Kritische Zero-Day Schwachstelle in FortiManager wird aktiv ausgenutzt – Update verfügbar warning – The article discusses CERT.at, Austria's Computer Emergency Response Team, focusing on its role in cybersecurity, incident response, and providing guidance to organizations on protecting against cyber threats. https://www.cert.at/de/warnungen/2024/10/kritische-zero-day-schwachstelle-in-fortimanager-wird-aktiv-ausgenutzt-update-verfugbar

💸 Stealers on the rise: Kral, AMOS, Vidar and ACR security research – Information stealers are proliferating, targeting credentials and cryptocurrency data, with methods ranging from malicious downloads to deceptive phishing tactics. Cybercriminals profit from these attacks, threatening privacy. https://securelist.com/kral-amos-vidar-acr-stealers/114237/

👻 Sneaky Ghostpulse malware loader hides inside PNG pixels security research – The Ghostpulse malware now extracts its payload from PNG image pixels, making detection harder. This evolution showcases increasing sophistication in cybercriminal tactics to evade security measures. https://www.theregister.com/2024/10/22/ghostpulse_malware_loader_png/

🛡️ Justice Department rule aims to curb the sale of Americans’ personal data overseas privacy – The Justice Department proposed regulations to restrict the sale of Americans' personal data to adversarial countries, enhancing privacy protections while imposing compliance requirements on companies. https://cyberscoop.com/justice-department-data-broker-regulation-china-russia-iran/

🙂‍↔️ No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer security research – Recent claims that China's quantum computer has cracked military-grade encryption are exaggerated. Experts affirm that modern cryptography remains secure for the foreseeable future. https://www.schneier.com/blog/archives/2024/10/no-the-chinese-have-not-broken-modern-encryption-systems-with-a-quantum-computer.html

🛠️ VMware fixes critical RCE, make-me-root bugs in vCenter – for the second time vulnerability – VMware has issued a second patch for critical vulnerabilities in vCenter Server that could allow remote code execution and privilege escalation, urging all users to update immediately. https://www.theregister.com/2024/10/22/vmware_rce_vcenter_bugs/

🍪 Threat Spotlight: WarmCookie/BadSpace malware – WarmCookie, a malware family active since April 2024, is used for initial access and persistence, enabling further malware deployment like CSharp-Streamer-RAT. Its distribution involves malspam and malvertising tactics. https://blog.talosintelligence.com/warmcookie-analysis/

😈 Lazarus APT steals cryptocurrency and user data via a decoy MOBA game security news – Lazarus APT uses a fake MOBA game to exploit a Google Chrome zero-day vulnerability, gaining access to victims' PCs. The group targets cryptocurrency and evolves its tactics with sophisticated social engineering. https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/

👋 Meet ZachXBT, the Masked Vigilante Tracking Down Billions in Crypto Scams and Thefts security news – ZachXBT, an anonymous crypto investigator, has traced billions in stolen funds, including a recent $243 million Bitcoin theft, leading to arrests of the alleged hackers and advocating for justice for victims. https://www.wired.com/story/meet-zachxbt-243-million-crypto-theft/

🌍 Removal of Russian coders spurs debate about Linux kernel’s politics security news – The Linux kernel's maintainer removed Russian developers from the MAINTAINERS file due to compliance with US sanctions, sparking debate over the intersection of open source and international politics. https://arstechnica.com/information-technology/2024/10/russian-coders-removed-from-linux-maintainers-list-due-to-sanction-concerns/


CISA Corner

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-9537, a ScienceLogic SL1 vulnerability, to its Known Exploited Vulnerabilities Catalog, highlighting the need for federal agencies to address active threats promptly. https://www.cisa.gov/news-events/alerts/2024/10/21/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-38094, a Microsoft SharePoint deserialization vulnerability, to its Known Exploited Vulnerabilities Catalog, highlighting its risks to federal networks and the need for remediation. https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-47575, a missing authentication vulnerability in Fortinet FortiManager, to its Known Exploited Vulnerabilities Catalog, urging users to apply patches to mitigate risks. https://www.cisa.gov/news-events/alerts/2024/10/23/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has included CVE-2024-20481 (Cisco ASA and FTD DoS vulnerability) and CVE-2024-37383 (RoundCube Webmail XSS vulnerability) in its Known Exploited Vulnerabilities Catalog due to active exploitation risks. https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-adds-two-known-exploited-vulnerabilities-catalog

⚙️ ICONICS and Mitsubishi Electric Products vulnerability – A vulnerability (CVE-2024-7587) in ICONICS and Mitsubishi Electric products allows for potential data disclosure and tampering due to incorrect default permissions. Users are urged to update to mitigate risks. https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01 ⚙️ CISA Releases Four Industrial Control Systems Advisories vulnerability – CISA issued four ICS advisories addressing security vulnerabilities in various systems, VIMESA VHF/FM, iniNet Spider Control, Deep Sea Electronics, OMNET Proteus https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-releases-four-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from stndinq

  • basic intro instructions for whisper transcription application – link
  • basic intro instructions for using yt-dlp to download media – link
 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🤖 Chatbot Traps: How to Avoid Job Scams cybercrime – Job seekers are at risk from AI-driven scams that produce convincing fake job offers and impersonate real companies. Stay alert and cautious when engaging with online recruiters. https://connect.geant.org/2024/10/14/chatbot-traps-how-to-avoid-job-scams

📦 WordPress Jetpack plugin critical flaw impacts 27 million sites vulnerability – A critical flaw in the Jetpack plugin allowed logged-in users to access others' form submissions. An update has been issued, but caution is advised. https://securityaffairs.com/169848/uncategorized/wordpress-jetpack-plugin-critical-flaw.html

🦟 Hackers reportedly impersonate cyber firm ESET to target organizations in Israel cybercrime – Hackers impersonating ESET have targeted Israeli organizations with phishing emails containing wiper malware. ESET denies any compromise of its systems and is investigating the incident. https://therecord.media/hackers-impersonate-eset-wiper-malware

🏨 New Telekopye Scam Toolkit Targeting Booking.com and Airbnb Users cybercrime – ESET Research uncovers the Telekopye scam network, exploiting compromised accounts on Booking.com and Airbnb to create phishing pages that steal personal and payment information from travelers. https://hackread.com/telekopye-scam-toolkit-hit-booking-com-airbnb-users/

🗃️ Cyberangriff auf Internet Archive offenbar von russischen Hackern durchgeführt security news – Die russische Hackergruppe SN_BLACKMETA gestand, das Internet Archive durch DDoS-Angriffe angegriffen zu haben, um auf die Situation in Gaza aufmerksam zu machen. https://www.heise.de/news/Cyberangriff-auf-Internet-Archive-offenbar-von-russischen-Hackern-durchgefuehrt-9983833.html

😤 The biggest data breaches in 2024: 1 billion stolen records and rising security news – 2024 has seen over 1 billion records stolen in significant data breaches affecting multiple companies. https://techcrunch.com/2024/10/14/2024-in-data-breaches-1-billion-stolen-records-and-rising/

🎮 Pokemon dev Game Freak discloses data breach data breach – Game Freak confirmed a cyberattack in August resulted in leaked source code and designs for unpublished Pokémon games, affecting the personal data of 2,606 individuals. https://securityaffairs.com/169817/data-breach/game-freak-data-breach.html

👮 This AI Tool Helped Convict People of Murder. Then Someone Took a Closer Look security news – WIRED's investigation reveals that Global Intelligence's Cybercheck tool, used in criminal cases, often produces unverified and inaccurate geolocation data, raising concerns about its reliability in court. https://www.wired.com/story/cybercheck-crime-reports-prosecutions/

🔑 Password manager makers want to let you securely transfer passkeys security news – The FIDO Alliance has introduced draft specifications for securely transferring passkeys between password managers, addressing a significant gap in credential management. https://www.theverge.com/2024/10/15/24270875/password-manager-makers-transfer-passkeys-fido-alliance

🚔 Sweden, Finland partner to take down Sipulitie criminal marketplace cybercrime – Swedish and Finnish law enforcement shut down the Sipulitie marketplace, a Tor-based site for selling narcotics, seizing its servers and disrupting criminal activities in Scandinavia. https://therecord.media/sweden-filand-take-down-sipulitie-criminal-marketplace

🏥 Nearly 400 US healthcare institutions hit with ransomware over last year, Microsoft says security news – Microsoft's report reveals that 389 U.S. healthcare institutions faced ransomware attacks in the past year, with increased coordination among nation-states and cybercriminals. Social engineering remains a prevalent access method. https://therecord.media/ransomware-healthcare-microsoft-last-year

📱 From QR to compromise: The growing “quishing” threat security news – Sophos reports on the rise of 'quishing' attacks, where QR codes in PDF attachments are used to phish corporate credentials, highlighting vulnerabilities in mobile security. https://news.sophos.com/en-us/2024/10/16/quishing/

📍 Here’s how attackers are getting around phishing defenses security news – Hackers are bypassing phishing defenses by manipulating natural language processing (NLP) tools with benign text and links, allowing malicious emails to evade detection, according to Egress research. https://cyberscoop.com/email-natural-language-obfuscation-phishing-egress/

🚗 Volkswagen checking ransomware data threat from 8Base data breach – The 8Base ransomware group claims to have stolen confidential Volkswagen files and is threatening to release them, but Volkswagen reports no impact on its IT infrastructure and is monitoring the situation. https://www.theregister.com/2024/10/16/volkswagen_ransomware_data_loss/

⚖️ French government uses biased algorithm to detect welfare fraud, rights groups say privacy – Amnesty International and 14 organizations have filed a complaint against France's CNAF, alleging its discriminatory algorithm unfairly targets low-income and marginalized welfare recipients for fraud detection. https://therecord.media/french-government-biased-algorithm-welfare

💻 Casio says 'no prospect of recovery yet' after ransomware attack cybercrime – Casio reports ongoing issues nearly two weeks after a ransomware attack, with many systems still down and shipping affected. https://techcrunch.com/2024/10/17/casio-says-no-prospect-of-recovery-yet-after-ransomware-attack/

🔓 Brazilian police arrested the hacker who stole everyone’s SSN cybercrime – Brazilian police arrested a hacker responsible for a breach exposing 2.9 billion records, including 270 million Social Security numbers. https://www.theverge.com/2024/10/17/24272271/brazilian-police-usdod-hacker-arrest-national-public-data

🛡️ Google Chrome’s uBlock Origin Purge Has Begun privacy – Google is implementing new Chrome extension standards that will disable the legacy version of uBlock Origin, pushing users to switch to uBlock Origin Lite, which offers reduced ad-blocking capabilities. https://www.wired.com/story/google-chrome-ublock-origin-extension/

🧬 23andMe faces an uncertain future — so does your genetic data security news – Following a data breach and financial struggles, 23andMe's future is uncertain, raising concerns about the privacy of its 15 million customers' genetic data. https://techcrunch.com/2024/10/19/23andme-faces-an-uncertain-future-so-does-your-genetic-data/


Some More, For the Curious

🔍 DORA-Kernkonzepte verstehen: Fokus auf “Kritische oder wichtige Funktionen” security news – DORA legt einen umfassenden Rahmen für das IKT-Risikomanagement fest, um digitale operative Widerstandsfähigkeit zu gewährleisten, indem kritische Funktionen identifiziert und verwaltet werden. https://sec-consult.com/de/blog/detail/dora-core-concepts-critical-or-important-functions-in-focus/

🐱‍Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack) security research – The Meow attack targets unsecured databases like Elasticsearch and MongoDB, corrupting data for fun rather than profit. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/feline-hackers-among-us-a-deep-dive-and-simulation-of-the-meow-attack/

🪩 Perfectl Malware malware – The Perfctl malware, discovered by Aqua Security, exploits over 20,000 misconfigurations and a critical Apache vulnerability to stealthily mine cryptocurrency and create persistent backdoors on infected systems. https://www.schneier.com/blog/archives/2024/10/perfectl-malware.html

📱 Trump campaign gets 'unhackable' phones security news – The Trump campaign is using 'unhackable' phones and computers from Green Hills Software, aiming to prevent data breaches ahead of the election, despite skepticism about the absolute security claims. https://www.theregister.com/2024/10/14/trump_unhackable_phones/

🦠 Expanding the Investigation: Deep Dive into Latest TrickMo Samples malware – New variants of the TrickMo banking Trojan utilize advanced evasion techniques and can steal unlock patterns, posing significant threats to user data and financial security. https://www.zimperium.com/blog/expanding-the-investigation-deep-dive-into-latest-trickmo-samples/

🛰️ How satellites are pushing security innovation at Amazon security research – Amazon integrates security into its culture and development processes, particularly in Project Kuiper, which aims to provide secure satellite-based internet with robust encryption and key management. https://cyberscoop.com/amazon-cybersecurity-culture-project-kuiper/

🪫 Organizations can substantially lower vulnerabilities with secure-by-design practices, report finds security research – A report from Secure Code Warrior reveals that training developers in secure-by-design practices can reduce software vulnerabilities by over 50%. https://cyberscoop.com/secure-by-design-return-investment-code-warrior/

🛜 Cisco confirms ongoing probe into alleged data breach data breach – Cisco is investigating claims of a data breach involving sensitive files allegedly stolen and sold by cybercriminals, with no evidence found yet of impacted systems. Law enforcement is involved. https://www.theregister.com/2024/10/15/cisco_confirm_ongoing_investigation/

🎁 Tinkerers Are Taking Old Redbox Kiosks Home and Reverse Engineering Them security news – Following Redbox's bankruptcy, enthusiasts are acquiring abandoned kiosks to reverse engineer their operating systems, even running games like Doom on them, while also liberating DVDs from the machines. https://www.404media.co/tinkerers-are-taking-old-redbox-kiosks-home-and-reverse-engineering-them/

🔧 VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX vulnerability – VMware has addressed a high-severity SQL injection vulnerability (CVE-2024-38814) in its HCX platform, allowing non-admin users to execute remote code. Updates are available for affected versions. https://securityaffairs.com/169904/security/vmware-sql-injection-flaw-cve-2024-38814.html

🔒 What I’ve learned in my first 7-ish years in cybersecurity security news – After nearly seven years in cybersecurity at Cisco Talos, the author reflects on their journey from journalism to tech, emphasizing the importance of asking questions, collaboration, and the evolving nature of threats. https://blog.talosintelligence.com/threat-source-newsletter-oct-17-2024/

🔒 F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP vulnerability – F5 has patched a high-severity elevation of privilege vulnerability (CVE-2024-45844) in BIG-IP and a medium-severity XSS flaw (CVE-2024-47139) in BIG-IQ, urging organizations to restrict access to mitigate risks. https://securityaffairs.com/170022/security/f5-patches-big-ip-elevation-of-privilege-bug.html

🐍 Open source LLM tool primed to sniff out Python zero-days security research – Protect AI is launching Vulnhuntr, an open-source tool that uses AI to identify zero-day vulnerabilities in Python code, marking a significant advancement in vulnerability detection. https://www.theregister.com/2024/10/20/python_zero_day_tool/


CISA Corner

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its KEV Catalog, including critical issues in Microsoft Windows, Mozilla Firefox, and SolarWinds, emphasizing the need for federal agencies to remediate them promptly. https://www.cisa.gov/news-events/alerts/2024/10/15/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-40711, a deserialization vulnerability in Veeam Backup and Replication, to its KEV Catalog, emphasizing the need for federal agencies to remediate it promptly. https://www.cisa.gov/news-events/alerts/2024/10/17/cisa-adds-one-known-exploited-vulnerability-catalog

⚠️ Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations warning – A joint advisory warns of Iranian cyber actors using brute force and credential access techniques to target U.S. critical infrastructure sectors, emphasizing the need for enhanced cybersecurity measures and vigilance. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-290a

⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – CISA issued two advisories on October 15, 2024, addressing vulnerabilities in Siemens Siveillance Video Cameras and Schneider Electric Data Center Expert, urging users to review for mitigations. https://www.cisa.gov/news-events/alerts/2024/10/15/cisa-releases-two-industrial-control-systems-advisories ⚙️ CISA Releases Seven Industrial Control Systems Advisories vulnerability – CISA has issued seven advisories detailing vulnerabilities in industrial control systems, urging users to review them for security measures and updates. https://www.cisa.gov/news-events/alerts/2024/10/17/cisa-releases-seven-industrial-control-systems-advisories

📜 Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM) security news – CISA has released a guidance document on Software Bill of Materials (SBOM), outlining key concepts and processes for representing software components, aimed at promoting adoption and transparency. https://www.cisa.gov/news-events/alerts/2024/10/15/guidance-framing-software-component-transparency-establishing-common-software-bill-materials-sbom

🩹 Oracle Releases Quarterly Critical Patch Update Advisory for October 2024 security news – Oracle's October 2024 Critical Patch Update Advisory addresses vulnerabilities in various products, some of which could allow cyber attackers to gain control of affected systems. Users are urged to apply updates. https://www.cisa.gov/news-events/alerts/2024/10/17/oracle-releases-quarterly-critical-patch-update-advisory-october-2024


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

💳 So stehlen Kriminelle mit gefälschten FinanzOnline-Benachrichtigungen Ihre Bankomatkarte cybercrime – Kriminelle nutzen gefälschte Onlinebanking-Seiten, um Bankdaten zu stehlen. Nutzer erhalten betrügerische Benachrichtigungen über Kartensperrungen und sollen ihre alte Karte zurücksenden. https://www.watchlist-internet.at/news/so-stehlen-kriminelle-kartenwechsel-scam/


News For All

🤖 Your robot vacuum cleaner might be spying on you privacy – A security flaw in Ecovacs robot vacuums allows remote access to cameras and microphones, exposing users to privacy risks. Updates are coming, but not soon enough for some customers. https://www.bitdefender.com/en-us/blog/hotforsecurity/your-robot-vacuum-cleaner-might-be-spying-on-you/

🤔 Cops often hush up use of facial recognition tools privacy – U.S. police frequently use facial recognition technology without disclosing it to suspects, leading to wrongful arrests. This raises concerns about privacy and accountability in law enforcement practices. https://www.theregister.com/2024/10/07/cops_love_facial_recognition_and/

🔒 Google brings better bricking to Androids, to curtail crims security news – Google is rolling out features to enhance Android security, making it harder for thieves to profit from stolen phones by requiring credentials for factory resets and biometric verification for sensitive actions. https://www.theregister.com/2024/10/08/google_android_security/

⚖️ Twitter Acts Fast on Nonconsensual Nudity If It Thinks It’s a Copyright Violation privacy – A study reveals Twitter removes nonconsensual nude images quickly if reported for copyright violations but delays action on similar reports for nonconsensual content, highlighting legal gaps. https://www.404media.co/twitter-acts-fast-on-nonconsensual-nudity-if-it-thinks-its-a-copyright-violation/

🔄 What Google’s U-Turn on Third-Party Cookies Means for Chrome Privacy privacy – Google paused its plans to eliminate third-party cookies in Chrome, citing backlash from various stakeholders. Critics argue this compromises user privacy while Google emphasizes user choice in tracking. https://www.wired.com/story/google-chrome-third-party-cookies-privacy-rollback/

🔍 Credit monitoring and supply chain risk company hacked data breach – CreditRiskMonitor reported a data breach where sensitive employee information was stolen, though customer data remained unaffected. The company is offering impacted individuals 24 months of free credit monitoring. https://cyberscoop.com/credit-risk-monitor-cyber-crmz-ransomware/

📱 Don’t use iPhone Mirroring at work, experts warn privacy – Experts warn against using iPhone Mirroring at work due to privacy risks, as it can expose personal app data to employers. Apple is aware and working on a fix. https://www.theregister.com/2024/10/08/iphone_mirroring_at_work/

📚 The Editors Protecting Wikipedia from AI Hoaxes security news – Wikipedia editors have launched WikiProject AI Cleanup to address the rise of unsourced, poorly-written AI-generated content on the platform, aiming to preserve the quality of information. https://www.404media.co/the-editors-protecting-wikipedia-from-ai-hoaxes/

💉 Trinity ransomware targets healthcare orgs cybercrime – Trinity ransomware has infected at least one U.S. healthcare provider, employing double extortion tactics. Experts warn healthcare organizations to enhance security measures against such attacks. https://www.theregister.com/2024/10/09/trinity_ransomware_targets_healthcare_orgs/

🔑 How to use Apple’s new Passwords app on iOS and macOS security news – Apple's new Passwords app replaces previous password management methods, allowing users to store and manage passwords, passkeys, and Wi-Fi credentials across devices. It offers autofill, sharing, and security alerts. https://www.theverge.com/24264400/passwords-apple-ios-macos-how-to

📉 National Public Data files for bankruptcy after info leak security news – National Public Data filed for bankruptcy after a massive data breach affecting potentially hundreds of millions. The company faces multiple lawsuits and regulatory challenges following the incident. https://www.theregister.com/2024/10/09/national_public_data_bankrupt/

🔒 The Internet Archive is under attack, with a breach revealing info for 31 million accounts data breach – The Internet Archive confirmed a breach exposing data for 31 million accounts, including email addresses and hashed passwords. The site also faced a DDoS attack following the incident. https://www.theverge.com/2024/10/9/24266419/internet-archive-ddos-attack-pop-up-message

📱 How Telegram Turbocharges Organised Crime cybercrime – A UN report highlights Telegram's role in facilitating organized crime, including cyber fraud, money laundering, and criminal marketplaces, emphasizing the need for stricter regulations to combat these activities. https://news.risky.biz/how-telegram-turbocharges-organised-crime/

⚠️ Mozilla issued an urgent Firefox update to fix actively exploited flaw vulnerability – Mozilla released an urgent update for Firefox to fix a critical use-after-free vulnerability (CVE-2024-9680) actively exploited in attacks, urging users to upgrade immediately. https://securityaffairs.com/169590/security/mozilla-firefox-actively-exploited-flaw.html

🛡️ Blue Team, Red Team, and Purple Team: An Overview security news – This article discusses the roles of Blue, Red, and Purple Teams in cybersecurity, highlighting defensive operations, adversarial simulations, and collaborative efforts to enhance security measures. https://www.blackhillsinfosec.com/red-blue-and-purple-teams/

😷 14,000 medical devices are online, unsecured and vulnerable security research – A report reveals over 14,000 exposed medical devices globally, with nearly half in the U.S. Many lack basic security measures, making them prime targets for cybercriminals amid increasing healthcare attacks. https://cyberscoop.com/medical-devices-online-health-censys/

🐖 Pig Butchering Scams Are Going High Tech cybercrime – The UNODC reports a surge in high-tech 'pig butchering' scams in Southeast Asia, utilizing generative AI and deepfakes to enhance fraud. These scams, alongside cryptocurrency drainers, are increasingly sophisticated and pose significant challenges for law enforcement. https://www.wired.com/story/pig-butchering-scams-go-high-tech/

⛓️‍💥 'Chat control': The EU's controversial CSAM-scanning legal proposal explained privacy – The EU's proposed legislation to combat child sexual abuse material (CSAM) threatens user privacy by mandating scanning of private communications on messaging apps, raising concerns about encryption and mass surveillance. https://techcrunch.com/2024/10/12/chat-control-the-eus-controversial-csam-scanning-legal-proposal-explained/

🔒 How to Stop Your Data From Being Used to Train AI privacy – As generative AI increasingly utilizes online data, users can take steps to opt out of having their content used for training. The article outlines various platforms and methods to help protect personal data from being scraped. https://www.wired.com/story/how-to-stop-your-data-from-being-used-to-train-ai/

⚠️ Magenta ID wurde deaktiviert: Vorsicht vor täuschend echter Phishing-Mail warning – Eine täuschend echte Phishing-Mail mit dem Betreff „Aktion erforderlich: Reaktivierung Ihrer Magenta ID“ fordert zur Aktivierung einer nicht existierenden ID auf. Drei Hinweise entlarven die Betrugsmasche. https://futurezone.at/digital-life/magenta-id-wurde-deaktiviert-mail-phishing-rechnung-hinweise-betrug-warnung/402960708


Some More, For the Curious

🎉 Kyiv's hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin's birthday security news – Ukrainian hackers reportedly disrupted VGTRK operations, wiping servers and backups on Putin's birthday, amid ongoing cyber conflict between Russia and Ukraine. https://securityaffairs.com/169486/cyber-warfare-2/kyivs-hackers-hit-russian-state-media.html

🧓 The 30-year-old internet backdoor law that came back to bite security news – Chinese hackers compromised U.S. telecom wiretap systems, highlighting risks of backdoor laws like CALEA, which mandate access to customer data but create vulnerabilities for abuse. https://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-law-that-came-back-to-bite/

💰 MoneyGram says hackers stole customers' personal information and transaction data data breach – MoneyGram confirmed a cyberattack resulted in the theft of customers' personal and transaction data, affecting names, addresses, and some Social Security numbers. Investigation is ongoing. https://techcrunch.com/2024/10/07/moneygram-says-hackers-stole-customers-personal-information-and-transaction-data/

🗃️ ADT says hacker stole encrypted internal employee data after compromising business partner security news – ADT reported a breach where a hacker accessed its network through a compromised third-party partner, stealing encrypted employee data. No customer information was believed to be affected. https://therecord.media/adt-hacker-stole-encrypted-data-after-breaching-third-party

🛡️ Following the Trail of Flax Typhoon to Uncover Newly Discovered Vulnerabilities in Linear Emerge Access Control Devices security research – A vulnerability, CVE-2024-9441, affects Linear Emerge E3 series devices and is unpatched, raising concerns of imminent exploitation. Organizations are urged to isolate affected devices. https://vulncheck.com/blog/flax-typhoon-linear-merge

🔧 Zero Day Initiative — The October 2024 Security Update Review security news – Adobe and Microsoft released significant security updates in October 2024, addressing numerous vulnerabilities including critical code execution bugs. Users are urged to promptly apply patches to mitigate risks. https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review

🚫 Russia and Turkey ban Discord messaging app security news – Russia and Turkey have blocked Discord, citing non-compliance with local laws and misuse for illegal activities. The bans have sparked backlash, highlighting the platform's importance for communication. https://therecord.media/discord-messaging-app-banned-russia-turkey

🔍 Two never-before-seen tools, from same group, infect air-gapped devices security research – Researchers discovered two sophisticated toolsets used by a suspected Russian hacking group to compromise air-gapped devices for data theft, highlighting their evolving capabilities and modular design. https://arstechnica.com/security/2024/10/two-never-before-seen-tools-from-same-group-infect-air-gapped-devices/

⌨️ Hackers targeted Android users by exploiting zero-day bug in Qualcomm chips vulnerability – Qualcomm confirmed hackers exploited a zero-day vulnerability (CVE-2024-43047) in its chipsets used in Android devices, with indications of targeted exploitation. Fixes have been made available to device manufacturers. https://techcrunch.com/2024/10/09/hackers-were-targeting-android-users-with-qualcomm-zero-day/

🌐 OpenAI says it has disrupted 20-plus foreign influence networks in past year security news – OpenAI disrupted over 20 foreign influence operations using its AI tools to manipulate political sentiments and elections. The report highlights ongoing threats from nations like Russia and Iran. https://cyberscoop.com/openai-threat-report-foreign-influence-generative-ai/

🚔 Dutch cops reveal takedown of 'largest dark web market' cybercrime – Dutch police arrested the alleged administrators of Bohemia and Cannabia, the largest dark web marketplaces, which processed €12 million monthly. The operators attempted an exit scam after becoming aware of the investigation. https://www.theregister.com/2024/10/10/cannabia_bohemia_darkweb_market_investigation/

🪙 FBI created a crypto token so it could watch it being abused security news – The FBI developed its own cryptocurrency, NexFundAI, to monitor fraudulent activities in the crypto market, leading to arrests in three countries for alleged wash trading and manipulation schemes. https://www.theregister.com/2024/10/11/fbi_nexfundai_crypto_fraud_sting/

🔧 GitLab fixed a critical flaw that could allow arbitrary CI vulnerability – GitLab patched a critical vulnerability (CVE-2024-9164) that allowed unauthorized CI/CD pipeline execution. The update also addressed several high and medium severity issues in both Community and Enterprise Editions. https://securityaffairs.com/169671/security/gitlab-fixed-critical-flaw-cve-2024-9164.html

📦 Malicious packages in open-source repositories are surging security research – A report by Sonatype reveals a 150% increase in malicious packages in open-source repositories over the past year, highlighting security vulnerabilities and the slow response to patching them. https://cyberscoop.com/open-source-security-supply-chain-sonatype/

💻 Ransomware operators exploited Veeam Backup & Replication flaw CVE vulnerability – Ransomware operators are exploiting the critical CVE-2024-40711 vulnerability in Veeam Backup & Replication to deploy malware and create rogue accounts. Sophos warns of attacks leveraging compromised credentials and outdated VPNs. https://securityaffairs.com/169679/cyber-crime/ransomware-groups-exploit-veeam-backup-replication-bug.html

📁 File hosting services misused for identity phishing security research – Microsoft reports that ransomware operators are exploiting legitimate file hosting services to conduct phishing attacks, using tactics to evade detection and compromise user identities, leading to business email compromise (BEC) attacks. https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/


CISA Corner

🚨 Avoid Scams After Disaster Strikes warning – CISA warns of increased cyber scams following natural disasters, urging caution with emails and social media related to hurricanes. Verify information from trusted sources before responding. https://www.cisa.gov/news-events/alerts/2024/10/08/avoid-scams-after-disaster-strikes

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has included three vulnerabilities in its Known Exploited Vulnerabilities Catalog, highlighting risks from active exploitation. Agencies are required to remediate these vulnerabilities to protect federal networks. https://www.cisa.gov/news-events/alerts/2024/10/08/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting risks from active exploitation in Fortinet and Ivanti products. Federal agencies must remediate these vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2024/10/09/cisa-adds-three-known-exploited-vulnerabilities-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🐖 The Pig Butchering Invasion Has Begun cybercrime – Global pig butchering scams, rooted in Southeast Asia, exploit vulnerable populations and net billions. Operations are expanding worldwide, raising serious human trafficking and financial crime concerns. https://www.wired.com/story/pig-butchering-scam-invasion/

🔍 Remote ID verification tech is often biased and wrong security news – A GSA study reveals remote identity verification technologies are biased, with significant error rates affecting marginalized groups. The tech’s reliability raises concerns for government and user equity. https://www.theregister.com/2024/09/30/remote_identity_verification_biased/

📚 Massive E-Learning Platform Udemy Gave Teachers a Gen AI 'Opt-Out Window'. It's Already Over. privacy – Udemy's brief opt-out period for teachers to exclude their content from generative AI training has passed, sparking backlash over perceived intellectual property theft and biased communication. https://www.404media.co/massive-e-learning-platform-udemy-gave-teachers-a-gen-ai-opt-out-window-its-already-over/

🎯 North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence security news – North Korea's APT Kimsuky targeted German defense contractor Diehl Defence through a phishing campaign involving fake job offers, raising significant concerns due to the company's military manufacturing role. https://securityaffairs.com/169162/apt/kimsuky-apt-hit-diehl-defence.html

🫴 Paypal Opted You Into Sharing Data Without Your Knowledge privacy – PayPal has been criticized for automatically opting users into data sharing with third parties for personalized shopping, raising privacy concerns as users were unaware of this change. https://www.404media.co/paypal-personalized-shopping-opt-out/

📰 News agency AFP hit by cyberattack, client services impacted cybercrime – AFP confirmed a cyberattack affecting its IT systems and client services, prompting investigations with France’s cybersecurity agency. Global news coverage remains unaffected, but partners were warned about potential FTP credential compromises. https://securityaffairs.com/169175/hacking/news-agency-afp-hit-by-cyberattack-client-services-impacted.html

🚔 Multinational police effort hits sections of Lockbit ransomware operation security news – An international police effort led to arrests and seizures targeting the LockBit ransomware group, including a suspected developer in France and sanctions against affiliates linked to Evil Corp, amid ongoing efforts to disrupt cybercrime. https://cyberscoop.com/lockbit-arrests-ransomware-fbi-uk-nca-evil-corp/

🏥 UMC Health System diverted patients following a ransomware attack cybercrime – UMC Health System in Texas diverted patients after a ransomware attack caused a network outage. The hospital is investigating the breach and working to restore services while ensuring patient care. https://securityaffairs.com/169198/cyber-crime/umc-health-system-cyberattack.html

🕵️‍♀️ ICE Signs $2 Million Contract With Spyware Maker Paragon Solutions security news – ICE has contracted Israeli spyware vendor Paragon Solutions for $2 million amid ongoing scrutiny of commercial spyware. The contract raises questions about ethical surveillance practices and human rights implications. https://www.wired.com/story/ice-paragon-solutions-contract/

📊 Thunderbird für Android: Telemetrie-Daten werden bereits beim Start erfasst privacy – Die Beta-Version von Thunderbird für Android überträgt Telemetriedaten ohne Einwilligung an Mozilla. Dies verstößt gegen Datenschutzgesetze und enttäuscht Nutzer, die eine Opt-In-Lösung erwarten. https://www.kuketz-blog.de/thunderbird-fuer-android-telemetrie-daten-werden-bereits-beim-start-erfasst/

🪩 A Network of AI ‘Nudify’ Sites Are a Front for Notorious Russian Hackers cybercrime – Fake AI ‘nudify’ sites are revealed to be fronts for Fin7, a Russian hacking group, designed to steal credentials. The sites lure users with the promise of generating nonconsensual content. https://www.404media.co/a-network-of-ai-nudify-sites-are-a-front-for-notorious-russian-hackers-2/

🔍 Telegram has disclosed criminal data to authorities for years, Durov says security news – Telegram's founder, Pavel Durov, clarified that the platform has long disclosed user data to law enforcement upon legal request, emphasizing recent updates to privacy policies do not signify a major shift in practices. https://therecord.media/telegram-disclosing-criminal-data-law-enforcement-durov-statement

💰 Men Stole Over $1 Million From DoorDash Delivery Drivers By Impersonating Them to Customer Service cybercrime – Two men impersonated DoorDash drivers to steal over $1 million by hijacking accounts and redirecting payments. They used stolen personal information to bypass security and change account details. https://www.404media.co/men-stole-over-1-million-from-doordash-delivery-drivers-by-impersonating-them-to-customer-service/

🔐 The feds still can’t get into Eric Adams’ phone security news – NYC Mayor Eric Adams forgot the new passcode to his phone after changing it, complicating federal investigators' efforts to access it amid ongoing fraud and bribery charges against him. https://www.theverge.com/2024/10/2/24260626/fbi-eric-adams-locked-phone-forgotten-changed-password

📸 License Plate Readers Are Creating a US-Wide Database of More Than Just Cars privacy – License plate readers in the US are compiling extensive databases that capture political affiliations and personal beliefs, raising concerns about privacy and surveillance as they collect data beyond just vehicle information. https://www.wired.com/story/license-plate-readers-political-signs-bumper-stickers/

🔒 DOJ, Microsoft seize 107 domains used in Russian attacks security news – The DOJ and Microsoft seized 107 domains linked to Russia's Callisto Group, disrupting a phishing campaign targeting US government agencies and other organizations, aimed at stealing sensitive information. https://www.theregister.com/2024/10/03/russian_phishing_domains_seized/

👮‍♀️ Dutch police breached by a state actor data breach – A state actor has been blamed for hacking into the Dutch police system, exposing contact details of officers. The investigation is ongoing, with security measures implemented to protect affected personnel. https://securityaffairs.com/169328/hacking/dutch-police-breached-by-state-actor.html

👓 Harvard duo modifies Meta glasses to grab strangers' info security news – Harvard students developed 'I-XRAY,' a system using Meta smart glasses to identify individuals and compile personal information from publicly available sources, highlighting privacy concerns in the AI era. https://www.theregister.com/2024/10/04/harvard_engineer_meta_smart_glasses/

💼 Crook made millions by breaking into execs’ Office365 inboxes, feds say cybercrime – UK national Robert B. Westbrook has been charged with a hack-to-trade scheme, illegally accessing Office365 accounts of US executives to steal financial reports, earning approximately $3.75 million from insider trading. https://arstechnica.com/security/2024/10/crook-made-millions-by-breaking-into-execs-office365-inboxes-feds-say/

🎥 Meta’s new “Movie Gen” AI system can deepfake video from a single photo security news – Meta's Movie Gen AI can create realistic videos from a single photo, generating deepfakes and personalized content. While it offers innovative editing and sound synthesis features, it raises significant ethical concerns. https://arstechnica.com/ai/2024/10/metas-new-movie-gen-ai-system-can-deepfake-video-from-a-single-photo/

🔒 Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs security news – Apple's iOS 18.0.1 and iPadOS 18.0.1 updates address two vulnerabilities that could expose audio snippets and passwords. The flaws were fixed with improved validation checks, with no known active exploits reported. https://securityaffairs.com/169381/mobile-2/apple-ios-18-0-1.html

🛬 Ryanair faces GDPR turbulence over customer ID checks security news – Ireland's Data Protection Commission is investigating Ryanair's ID verification process for customers booking through third-party sites, focusing on compliance with GDPR regarding the use of biometric data. https://www.theregister.com/2024/10/05/irish_dpc_ryanair_probe/


Some More, For the Curious

🎒 Danger is Still Lurking in the NVD Backlog security news – The National Vulnerability Database still has a significant backlog of over 18,000 vulnerabilities, with 72.4% unanalyzed. Progress has been made, but many critical vulnerabilities remain unassessed. https://vulncheck.com/blog/nvd-backlog-exploitation-lurking

🔒 More frequent disruption operations needed to dent ransomware gangs, officials say security news – Officials urge for increased frequency of disruption operations against ransomware gangs, as current efforts have proven insufficient. New strategies and international cooperation are essential to combat the rising threat. https://cyberscoop.com/counter-ransomware-initiative-summit-white-house-odni/

🛠️ capa Explorer Web: A Web-Based Tool for Program Capability Analysis security research – Mandiant introduces capa Explorer Web, a browser-based tool for visualizing program capabilities identified by the capa reverse engineering tool, enhancing analysis with interactive features and integration with VirusTotal. https://cloud.google.com/blog/topics/threat-intelligence/capa-explorer-web-program-capability-analysis/

🕵️‍♂️ Notorious Evil Corp Hackers Targeted NATO Allies for Russian Intelligence cybercrime – Evil Corp has been linked to Russian intelligence agencies and tasked with espionage against NATO allies. The group, known for its Dridex malware and ransomware operations, has extorted over $300 million. https://www.wired.com/story/evil-corp-lockbit-russian-intelligence/

🛡️ Level Up Your Security Skills with the New Microsoft Sentinel Ninja Training! security news – Microsoft Sentinel Ninja Training has been revamped with interactive modules, hands-on labs, and real-world scenarios to enhance skills in threat detection and incident response, integrating with Defender XDR for streamlined operations. https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/level-up-your-security-skills-with-the-new-microsoft-sentinel/ba-p/4260106

🚨 Russian authorities arrest nearly 100 in raids tied to cybercriminal money laundering cybercrime – Russian authorities arrested nearly 100 individuals linked to the UAPS payment system and Cryptex exchanges in a money laundering investigation, handling over $1.2 billion in illicit funds for cybercriminals. https://cyberscoop.com/russian-cybercrime-raids-cryptex-uaps/

🔒 14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries vulnerability – Forescout identified 14 vulnerabilities in DrayTek routers, affecting over 704,000 devices globally. Two critical flaws could enable severe attacks, prompting urgent updates from DrayTek. https://securityaffairs.com/169267/security/draytek-routers-flaws-impacts-700000-devices.html

💻 Threat actor believed to be spreading new MedusaLocker variant since 2022 malware – Cisco Talos reports a financially motivated threat actor distributing a new MedusaLocker ransomware variant, 'BabyLockerKZ,' targeting organizations globally since 2022, with a shift from Europe to South America. https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/

📧 Weird Zimbra Vulnerability vulnerability – A Zimbra vulnerability allows hackers to execute remote commands via malformed emails. While exploitation is easy, large-scale infections are unlikely. Defenders should monitor for suspicious email patterns. https://www.schneier.com/blog/archives/2024/10/weird-zimbra-vulnerability.html

⚠️ The Silent Epidemic: Uncovering the Dangers of Alert Fatigue and How to Overcome It security news – Alert fatigue poses a significant threat to cybersecurity, overwhelming security teams and causing critical alerts to be overlooked. Organizations must adopt automation tools and education to mitigate these risks. https://www.cybereason.com/blog/the-silent-epidemic-uncovering-the-dangers-of-alert-fatigue-and-how-to-overcome-it

🛰️ Black Hills Information Security hacking write-up – The article discusses the history and future of satellite technology, highlighting vulnerabilities and notable attacks, including spoofing and jamming. It emphasizes the risks of cyberattacks on satellites and the need for robust security measures. https://www.blackhillsinfosec.com/satellite-hacking/

🐍 Thousands of Linux systems infected by stealthy malware since 2021 malware – A stealthy malware strain named Perfctl has infected thousands of Linux systems since 2021, exploiting over 20,000 misconfigurations and a critical vulnerability, allowing for cryptocurrency mining and unauthorized access. https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/

📊 Introducing the Use Cases Mapper workbook cyber defense – The Use Case Mapper Workbook aids organizations in optimizing Microsoft Sentinel by mapping common security use cases to the MITRE ATT&CK framework, identifying gaps in security solutions, and facilitating updates. https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/introducing-the-use-cases-mapper-workbook/ba-p/4202058


CISA Corner

⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog warning – CISA has added four actively exploited vulnerabilities to its catalog, including critical command injection issues in routers and a deserialization flaw in SAP, posing serious risks to federal networks. https://www.cisa.gov/news-events/alerts/2024/09/30/cisa-adds-four-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added an Ivanti Endpoint Manager SQL Injection vulnerability to its Known Exploited Vulnerabilities Catalog, highlighting risks that malicious actors pose to federal networks. https://www.cisa.gov/news-events/alerts/2024/10/02/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has included a new vulnerability, CVE-2024-45519, affecting Synacor Zimbra, in its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, posing risks to federal networks. https://www.cisa.gov/news-events/alerts/2024/10/03/cisa-adds-one-known-exploited-vulnerability-catalog

⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – CISA issued two advisories on October 1, 2024, highlighting vulnerabilities in Optigo Networks and Mitsubishi Electric ICS. Users are urged to review the advisories for mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/01/cisa-releases-two-industrial-control-systems-advisories ⚙️ CISA Releases Three Industrial Control Systems Advisories vulnerability – CISA issued three advisories on October 3, 2024, addressing vulnerabilities in TEM Opera Plus, Subnet Solutions, and Delta Electronics ICS. Users are urged to review for security details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/03/cisa-releases-three-industrial-control-systems-advisories

🔐 ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations security news – The ASD’s ACSC, alongside CISA and international partners, released a guide outlining six principles for enhancing cybersecurity in operational technology environments to mitigate risks associated with business decisions. https://www.cisa.gov/news-events/alerts/2024/10/01/asds-acsc-cisa-fbi-nsa-and-international-partners-release-guidance-principles-ot-cybersecurity


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Jack Fortin

Tips for Getting the Best Car Loan Rates in British Columbia

Car Loan Rates in British Columbia

Getting the best BC auto loan rate might improve your finances. With changing interest rates and loan possibilities, it's important to know how to receive the best terms. This detailed guide will help you negotiate BC automobile financing and get the best vehicle loan rates.

1. Knowing BC Car Finance

Before applying for a vehicle loan, you must understand BC auto financing. Knowing the sorts of vehicle loans, interest rate considerations, and competing financial institutions is necessary. British Columbia vehicle finance includes online, credit union, and bank loans. Each option has benefits and downsides, and rates depend on credit history, loan amount, and term.

2. Improve Credit Score

Credit score is crucial to getting a cheap vehicle loan rate. Lenders evaluate creditworthiness and interest rates based on credit scores. Lower interest rates are characteristic of better credit scores.

3. BC Auto Loan Rates Compare

Compare BC auto loan rates from several lenders to get the best deals. Different lenders and financial profiles charge different interest rates. Compare rates from banks, credit unions, and internet lenders using web tools. Ask lenders about their rates and any specials or reductions.

4. Get BC Auto Loan Pre-Approval

Pre-approval for a BC auto loans may speed up car buying. Your financial information is reviewed by a lender to establish your maximum loan amount and interest rate before you start car shopping. Pre-approval defines your budget and attracts dealerships. It demonstrates you're serious and can acquire financing, providing you negotiation leverage.

5. Consider Loan Term

The period of your auto loan affects your monthly payments and total interest. Longer loan periods may cut monthly payments but increase interest payments. Consider your budget and financial objectives when choosing a loan term. If you can afford larger monthly payments, a shorter loan period may save you money. If you require lower payments, a longer term may be easier but cost more.

6. Negotiate Car Loan Terms

Never be scared to negotiate your BC auto finance. Many lenders may provide better rates if you have strong credit and are pre-approved. Interest rate, loan period, and fees are negotiable. Being proactive and talking to lenders may get you a better rate or loan terms.

7. Can I Extend My Car Loan?

If you want a car loan extension, then you should examine the advantages and downsides first. Extended terms may lower monthly payments but increase interest charges throughout the loan's life. Discuss loan term extensions with your lender to determine their influence on loan expenses. Make sure the new terms fit your financial objectives and don't cause debt.

8. Read Your Loan Agreement Carefully

Before signing a vehicle loan, read the terms. Consider the interest rate, loan length, payment plan, and fees and penalties. Understanding your loan agreement helps you prevent surprises and hidden fees. Ask your lender for clarification if needed.

Conclusion

The finest car loan rates in British Columbia need preparation and thought. Understanding for BC auto loan approved, boosting your credit score, comparing rates, and negotiating conditions may improve your loan prospects. Check the loan term and agreement to make sure it fits your financial objectives. You can better understand the vehicle loan process and locate the best financing plan with these advices.

 
Read more...

from Not Simon 🐐

Country: People's Republic of China Organization: N/A Objective: Espionage (Page Last Updated: October 26, 2024)

Aliases:

Vulnerabilities Exploited

  • ProxyLogon (Sources: ESET, Kaspersky, Sygnia):
    • CVE-2021-26855 (9.8 critical, in CISA's KEV Catalog) Microsoft Exchange Server Remote Code Execution Vulnerability
    • CVE-2021-26857 (7.8 high, in CISA's KEV Catalog) Microsoft Exchange Server Remote Code Execution Vulnerability
    • CVE-2021-26858 (7.8 high, in CISA's KEV Catalog) Microsoft Exchange Server Remote Code Execution Vulnerability
    • CVE-2021-27065 (7.8 high, in CISA's KEV Catalog)
  • unidentified Microsoft SharePoint and Oracle Opera business software vulnerabilities (Source: ESET)
  • CVE-2017-11882 (7.8 high, in CISA's KEV Catalog. Note: associated with alias Tropic Trooper) Microsoft Office Memory Corruption Vulnerability Source: Trend Micro
  • CVE-2012-0158 (8.8 high, in CISA's KEV Catalog. Note: associated with alias Tropic Trooper, KeyBoy) Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability Sources: Unit 42, Citizen Lab
  • CVE-2017-0199 (7.8 high, in CISA's KEV Catalog. Note: associated with alias Tropic Trooper) Microsoft Office and WordPad Remote Code Execution Vulnerability Source: Citizen Lab
  • CVE-2015-1641 (7.8 high, in CISA's KEV Catalog. Note: associated with alias KeyBoy) Microsoft Office Memory Corruption Vulnerability Source: Citizen Lab

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2021

2020

2018

2017

2016

2015

2013

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from Not Simon 🐐

Country: People's Republic of China Organization: Integrity Technology Group Objective: Espionage, Information theft (Page last updated: October 13, 2024)

Aliases (sorted alphabetically):

Associated Company

Integrity Technology Group (Integrity Tech) (Source: FBI (PDF)) aka Yongxin Zhicheng, 永信至诚

Vulnerabilities Exploited

Source: FBI

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2020

  • May 20, 2020?? – PRC Ministry of State Security: 前沿 | 网络靶场,未来安全的基础设施 (web archive of a MSS-run periodical reprinted on IntegrityTech's website, English translation: “Frontier | Cyber ​​Range, the secure infrastructure of the future”)

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from Stories of Salt

Read more...

from Sirius

Para quem inicia no Mastodon aqui vão algumas explicações sobre a importância que as hashtags possuem.

Imagem de hashtags A hashtag é uma palavra ou frase que, uma vez precedida pelo símbolo de cerquilha (#), sem espaços, transforma-se em uma etiqueta ou rótulo, na forma de um hiperlink que leva para uma página com outras publicações relacionadas ao mesmo tema.

No Mastodon, bem como em toda federação ActivityPub, a compreensão de suas funcionalidades é essencial, inclusive por questões de acessibilidade.

Barra de pesquisa do Mastodon

Por motivos técnicos de privacidade o Mastodon foi inicialmente desenhado para permitir apenas as seguintes formas de busca:

  1. Por hashtags (#exemplo);
  2. Pessoas (@nomedousuário@domínio);
  3. URL (links) de perfis e de posts;

Atualmente o mastodon permite a busca por texto simples, mas para que as postagens dos usuários se tornem visíveis é necessário que optem por isso (então se você quer que o texto de suas postagens públicas sejam vistos na busca, acesse as configurações de sua conta e marque para permitir essa opção).

A pesquisa por hashtags é precisa e abrange todas as pessoas de instâncias federadas à sua, independentemente de você seguir a pessoa ou não, e sem a influência de qualquer algoritmo.

Note também que você pode seguir uma hashtag, caso seja um assunto do seu interesse, clicando no botão destacado acima. Quando você segue uma hashtag, todas as postagens das pessoas pertencentes à sua instância ou das instâncias federadas à sua, independentemente ou não de você segui-las, que contenham essa hashtag, serão exibidas na sua página inicial.

Usando Hashtags e Noções de Respeito

As hashtags, portanto, devem ter um # no início e não podem ter alguns caracteres especiais no início e no meio (ponto, espaço, arroba, asterisco, etc.).

O sistema de hashtags atualmente não diferencia a acentuação e alguns caracteres especiais que são permitidos, como o (ç), por exemplo, de modo que as hashtags #política e #politica (sem acento no i) ou #paçoca e #pacoca, são unificadas pela busca da plataforma.

Se você deseja pesquisar uma frase, digite tudo como uma palavra, como #CatsOfMastodon.

Se você deseja que sua postagem seja encontrada com mais facilidade nas pesquisas, inclua muitas hashtags relevantes. Não há problema em usar muitas dessas etiquetas, as pessoas entendem que são necessárias nesse tipo de sistema de busca.

Ademais, o uso das Hashtags devem respeitar uma relevante questão de acessibilidade. Existem muitos usuários cegos no Mastodon e no Fediverso que usam leitores de tela para converter texto em áudio.

Portanto, ao postar hashtags, existe uma formatação correta, que consiste no uso do método chamado de CamelCase (onde cada palavra começa com uma letra maiúscula), por exemplo #CatsOfMastodon em vez de #catsofmastodon. As letras maiúsculas permitem que os aplicativos de leitura de tela separem as palavras corretamente e leiam a hashtag em voz alta corretamente.

Aliás, é importante mencionar uma hashtag super relevante do universo Mastodon, a famosa #Alt4Me.

Quando uma imagem de uma postagem não possui descrição e há a hashtag #Alt4Me adicionada a ela pela pessoa que a postou, isso pode significar que o autor da postagem não consegue adicionar uma descrição (por exemplo, devido a uma deficiência), mas esteja ciente de que é necessário, então ele adicionou a etiqueta preventivamente.

A hashtag #Alt4Me geralmente significa que uma pessoa cega quer que você escreva uma descrição da imagem. Responda à postagem com a hashtag e forneça a descrição.

Note que a sistemática de hashtags não faz distinção se as palavras estão em caixa alta ou caixa baixa, portanto, #CatsOfMastodon ou #catsofmastodon são exatamente a mesma coisa para fins de pesquisa, de modo que o único diferencial em seguir o “CamelCase” está em propiciar um ambiente mais acessível às pessoas cegas, que deve ser respeitado.

Hashtags e filtros

Outra funcionalidade importante das hashtags é que elas permitem às pessoas que não querem ver postagens relacionadas a determinado assunto ou tema, que utilizem um filtro cuja função é tornar esses posts invisíveis, sem a necessidade de silenciar, bloquear ou deixar de seguir um usuário.

Ao utilizar o Mastodon é muito importante que você compreenda que se trata de uma rede social que recebe e acolhe pessoas que vieram de outras redes sociais, de propriedade capitalista, buscando um ambiente menos tóxico.

Sendo assim, existem temas que devem ser rotulados pelas hashtags não só para facilitar que pessoas interessadas os encontrem, mas também para permitir que pessoas que se incomodam com eles os filtrem.

Vamos usar como exemplo o caso do futebol. Eu adoro o esporte, tenho meu time de coração (Flamengo) mas convenhamos que há pessoas que não veem a menor graça e, ademais, existe uma “cultura do futebol” em nosso País, que é extremamente problemática, incluindo violência entre torcidas, machismo, homofobia e racismo.

Não custa nada, portanto, incluir a hashtag #futebol em suas postagens sobre o tema, ou outras em temas sensíveis, como #PolíticaPartidária.

Evidentemente você também tem a ferramenta dos avisos de conteúdo, mas acho a hashtag mais eficiente, pelo fato de permitir que os interessados encontrem a postagem, bem como os desinteressados a tornem completamente invisível sem sequer a necessidade de ler o aviso de conteúdo sobre o tema.

Aqui explico, portanto, como filtrar as hashtags.

No menu lateral vá em Preferências > Filtros e depois clique em Adicionar Filtro. Abrirá a seguinte tela:

Aba de filtros no Mastodon

O título do filtro, indicado pela seta vermelha, como o nome diz, é apenas um título, para te ajudar a encontrar o filtro em sua lista de filtros.

A seta verde indica o tempo de validade do filtro (que pode ser permanente, como visto no exemplo). Às vezes você não se importa em visualizar algo sobre futebol ou política, mas durante os jogos ou durante o período eleitoral, você não quer ser inundado de postagens sobre o tema, de modo que pode criar um filtro com duração provisória.

Em “Contextos do filtro” (retângulo rosa) você escolhe onde o filtro vai exercer sua função de ocultar mensagens, no exemplo dado marquei a opção de ocultar as postagens da página inicial e das linhas públicas, mas você pode fazer uma filtragem mais severa, se preferir, filtrando perfis de usuário e conversas.

Em “Filter action” você pode escolher se a postagem filtrada vai ser indicada para você com um aviso ou se ela desaparecerá completamente sem qualquer notificação, como se a postagem jamais tivesse existido.

Em “Palavra-chave ou frase”, indicado pela seta amarela na parte de baixo, você digita a hashtag que quer filtrar.

Após Salvar Novo Filtro, conforme o botão indicado pela seta azul, você não irá visualizar qualquer postagem em sua linha do tempo ou nas linhas públicas que contenham a hashtag selecionada (no caso do nosso exemplo: #futebol).

Você pode adicionar quantos filtros desejar.

Essas eram as minhas considerações a respeito das hashtags. Espero que aproveitem bastante e criem muitas hashtags interessantes no universo brasileiro do Mastodon.

#Hashtag #MastoDicas #Mastodon #Tutorial

 
Leia mais...

from Not Simon 🐐

Country: Islamic Republic of Iran Organization: Ministry of Intelligence and Security (MOIS) Objective: Espionage, Sabotage (Page last updated October 12, 2024)

Aliases (sorted alphabetically):

Sub-group:

Known Associates

  • Mojtaba Mostafavi. Source: U.S. Treasury (linked by PwC, via Lab Dookhtegan leaks)
  • Farzin Karimi Mazlganchai: PwC

Vulnerabilities Exploited

  • CVE-2024-30088, (CVSS3v1: 7.0 high) Windows Kernel Elevation of Privilege Vulnerability Source: Trend Micro
  • CVE-2019-0604 (CVE, NVD. CVSSv3.1: 9.8 critical, in CISA's KEV Catalog) Microsoft SharePoint Remote Code Execution Vulnerability Source: Microsoft
  • CVE-2017-11882 (CVE, NVD. CVSSv3.1: 7.8 high, in CISA's KEV Catalog) Microsoft Office Memory Corruption Vulnerability Source: Mandiant
  • CVE-2017-0199 (CVE, NVD, CVSS3v1: 7.8 high, in CISA's KEV Catalog) Microsoft Office and WordPad Remote Code Execution Vulnerability Source: Unit 42

Tactics, Techniques, and Procedures (TTPs)

Known Tools Used

As listed by MITRE

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...

from Not Simon 🐐

Country: People's Republic of China Organization: Loosely connected private contractors operating on behalf of China’s Ministry of State Security (MSS). Some have worked at Chengdu 404 Network Technology Objective: Espionage, Information theft, Financial crime (Page last updated: September 22, 2024)

Aliases (sorted alphabetically):

Subgroups

Identified Members

Associated Company

Chengdu Si Lingsi (404) Network Technology Company Ltd. (成都市肆零肆网络科技有限公司)

Vulnerabilities Exploited

  • CVE-2018-0824 (7.5 high, in CISA's KEV Catalog) Microsoft COM for Windows Remote Code Execution Vulnerability Source: Cisco
  • CVE-2017-0199 (7.8 high, in CISA's KEV Catalog) Microsoft Office and WordPad Remote Code Execution Vulnerability Sources: Clearsky, Fortinet, FireEye
  • CVE-2019-3396 (9.8 critical, in CISA's KEV Catalog) Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability. Sources: FireEye, Fortinet
  • CVE-2015-1641 (7.8 high, in CISA's KEV Catalog) Microsoft Office Memory Corruption Vulnerability Source: Fortinet
  • CVE-2012-0158 (8.8 high, in CISA's KEV Catalog) Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability Sources: Fortinet, FireEye
  • CVE-2017-11882 (7.8 high, in CISA's KEV Catalog) Microsoft Office Memory Corruption Vulnerability Source: FireEye

The following 7 vulnerabilities have the same source: U.S. DOJ

  • CVE-2019-19781 (9.8 critical, in CISA's KEV Catalog) Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability Additional sources: FireEye, Fortinet
  • CVE-2019-11510 (10.0 critical, in CISA's KEV Catalog) Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
  • CVE-2019-16920 (9.8 critical, in CISA's KEV Catalog) D-Link Multiple Routers Command Injection Vulnerability
  • CVE-2019-16278 (9.8 critical) Nostromo 1.9.6 Directory Traversal/ Remote Command Execution Vulnerability
  • CVE-2019-1652 (7.2 high, in CISA's KEV Catalog) Cisco Small Business Routers Improper Input Validation Vulnerability. Additional source: FireEye
  • CVE-2019-1653 (7.5 high, in CISA's KEV Catalog) Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability. Additional source: FireEye
  • CVE-2020-10189 (9.8 critical, in CISA's KEV Catalog) Zoho ManageEngine Desktop Central File Upload Vulnerability. Additional sources: FireEye, Fortinet

The following 2 vulnerabilities have the same source: Mandiant

  • CVE-2021-44228 (10.0 critical, in CISA's KEV Catalog) Apache Log4j2 Remote Code Execution Vulnerability (aka Log4Shell).
  • CVE-2021-44207 (8.1 high) Acclaim USAHERDS Hard-Coded Credentials Vulnerability

Tactics, Techniques, and Procedures

Mapped to MITRE ATT&CK Navigator Layers

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2013

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat

 
Read more...