Infosec Press

Reader

Read the latest posts from Infosec Press.

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, missing or in any other way off, please let me know!


Highlight

🧑‍✈️ Recall feature in Microsoft Copilot+ PCs raises privacy concerns privacy – Microsoft's Recall feature in Copilot+ PCs, raises privacy concerns and undergoes investigation by the UK data watchdog. Users may be able manage and delete snapshots, but potential risks to privacy and security remain. https://securityaffairs.com/163609/security/microsoft-recall-feature-copilot-pcs.html

🔍 New Windows AI feature records everything you’ve done on your PC privacy – Microsoft's Recall feature records user activities, raising privacy concerns. https://arstechnica.com/gadgets/2024/05/microsofts-new-recall-feature-will-record-everything-you-do-on-your-pc/

🐕‍🦺 Personal AI Assistants and Privacy – Schneier on Security privacy – Bruce Schneier explores the privacy concerns surrounding Microsoft's AI-powered digital assistant, Recall, highlighting the need for trustworthy AI to protect users' data and emphasizing transparency in the development of such systems. https://www.schneier.com/blog/archives/2024/05/personal-ai-assistants-and-privacy.html


News For All

🌪️ Privacy, human rights, and Tornado Cash privacy – Developer of Tornado Cash service sentenced in laundering case, igniting concerns over financial privacy, law enforcement intervention, and crypto misuse. Privacy rights clash with anti-money laundering laws, sparking debates over encryption and financial surveillance. https://www.citationneeded.news/tornado-cash/

🚔 Police caught circumventing city bans on face recognition privacy – Police bypassing facial recognition bans through neighboring agencies. https://www.theregister.com/2024/05/20/cops_circumvent_facial_recognition/

💰 HHS offering $50 million for proposals to improve hospital cybersecurity security news – HHS funds hospital cybersecurity tools to combat cyberattacks. https://therecord.media/hhs-offering-funding-cybersecurity-hospital

💧 EPA will step up inspections of water sector cybersecurity security news – EPA increasing water sector cybersecurity inspections due to rising threats. https://cyberscoop.com/epa-water-inspections-cyber-alert/

🌐 Fi Router Doubles as an Apple AirTag – Krebs on Security security research – Research finds Apple's Wi-Fi geolocation API used to track devices globally. https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/

🧬 Homeland Security has collected DNA data from 1.5 million immigrants in four years, researchers find privacy – DHS collected DNA from 1.5M immigrants for database, raising privacy concerns. https://therecord.media/homeland-security-collected-dna-millions-immigrants

🙅‍♂️ From trust to trickery: Brand impersonation over the email attack vector security research – Talos researchers uncover techniques used by threat actors to embed brand logos in emails for brand impersonation, with insights into detected cases. https://blog.talosintelligence.com/from-trust-to-trickery-brand-impersonation/

👀 A consumer-grade spyware app found in check-in systems of 3 US hotels security news – spyware app pcTattletale discovered on check-in systems of three Wyndham hotels, enabling unauthorized access to guest details and vulnerabilities, highlighting concerns over privacy and security. https://securityaffairs.com/163550/uncategorized/spyware-app-check-in-systems-3-wyndham-hotels.html

️🧑‍⚖️ Crooks plant backdoor in software used by courtrooms around the world security news https://arstechnica.com/security/2024/05/crooks-plant-backdoor-in-software-used-by-courtrooms-around-the-world/

👨‍👩‍👧‍👦 You can now share passwords within your Google family group security news – Google's newest Google Play services update allows family group members to securely share passwords saved in Google Password Manager. https://www.theverge.com/2024/5/23/24163560/google-password-manager-share-passwords-family-group

💳 Cyber Signals: Inside the growing risk of gift card fraud cybercrime – Microsoft observes rise in gift card fraud by group Storm-0539 targeting cloud environments for fraudulent gift card creation. https://www.microsoft.com/en-us/security/blog/2024/05/23/cyber-signals-inside-the-growing-risk-of-gift-card-fraud/

🤖 Google’s “AI Overview” can give false, misleading, and dangerous answers security news – sometimes humorous or misleading answers, especially when treating jokes as facts and relying on questionable sourcing like troll forums or fan fiction sites. https://arstechnica.com/information-technology/2024/05/googles-ai-overview-can-give-false-misleading-and-dangerous-answers/


Some More, For the Curious

🎒 KB4581: Veeam Backup Enterprise Manager Vulnerabilities (CVE vulnerability https://www.veeam.com/kb4581

📧 New 'Siren' mailing list aims to share threat intelligence for open source projects security news – Siren mailing list for open source threat intelligence sharing. https://therecord.media/openssf-siren-open-source-threat-intelligence-mailing-list

😮‍💨 Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign security research – pro-Russian influence campaign targets Western democracies. https://blog.sekoia.io/master-of-puppets-uncovering-the-doppelganger-pro-russian-influence-campaign/

🪀 Critical Fluent Bit bug affects all major cloud providers vulnerability – Critical vulnerability in Fluent Bit affects major cloud providers. https://www.theregister.com/2024/05/21/fluent_bit_flaw/

⏩ Beyond the Basics: Exploring Uncommon NTLM Relay Attack Techniques hacking write-up https://www.guidepointsecurity.com/blog/beyond-the-basics-exploring-uncommon-ntlm-relay-attack-techniques/

👨‍💻 GitHub Enterprise Server patches critical vulnerability vulnerability https://www.theregister.com/2024/05/22/github_enterprise_server_patch/

🏮 Crimeware report: Acrid, ScarletStealer and Sys01 stealers security research https://securelist.com/crimeware-report-stealers/112633/

🌀 5 Reasons Why Every Developer Should Incorporate Common Weakness Enumeration (CWE) into Their Software Development Life Cycle (SDLC) security research https://infosec-mashup.santolaria.net/p/5-reasons-why-every-developer-should

🔚 Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM) vulnerability – Ivanti addressed multiple critical SQL injection vulnerabilities in Endpoint Manager (EPM) 2022 SU5 and prior versions, allowing attackers within the network to execute code. https://securityaffairs.com/163587/security/ivanti-endpoint-manager-critical-sql-injection.html

⚔️ How ransomware abuses BitLocker security news – BitLocker repurposed for ransomware in incident response effort, using VBS script for unauthorized file encryption. https://securelist.com/ransomware-abuses-bitlocker/112643/

🕵️ Stark Industries Solutions: An Iron Hammer in the Cloud – Krebs on Security cybercrime – Stark Industries Solutions emerged before the Russian invasion of Ukraine and is behind massive DDoS attacks, used to conceal cyberattacks and disinformation campaigns. https://krebsonsecurity.com/2024/05/stark-industries-solutions-an-iron-hammer-in-the-cloud/

🥡 An XSS flaw in GitLab allows attackers to take over accounts vulnerability https://securityaffairs.com/163649/hacking/gitlab-xss-flaw.html

🛖 MITRE December 2023 attack: threat actors created rogue VMs to evade detection security news – MITRE Corporation reported a breach in their NERVE network caused by China-linked nation-state actors, who chained two Ivanti Connect Secure zero-day flaws. https://securityaffairs.com/163658/apt/mitre-december-2023-attack-rogue-vms.html more info https://mastodon.social/@campuscodi/112503791372484604

CISA Corner 👀 [...]remove connectivity on all [...] devices connected to the [...] internet https://www.cisa.gov/news-events/alerts/2024/05/21/rockwell-automation-encourages-customers-assess-and-secure-public-internet-exposed-assets Chromium again, NextGen Healthcare Mirth Connect https://www.cisa.gov/news-events/alerts/2024/05/20/cisa-adds-two-known-exploited-vulnerabilities-catalog Apache Flink https://www.cisa.gov/news-events/alerts/2024/05/23/cisa-adds-one-known-exploited-vulnerability-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Not Simon 🐐

Country: Russia Organization: Foreign Intelligence Service (SVR) Objective: Espionage

Aliases:

  • APT29 (MITRE, Mandiant, Kaspersky, BlackBerry, Infoblox, )
  • Cozy Bear (CrowdStrike)
  • The Dukes (F-Secure)
  • Group 100 (Talos)
  • Iron Hemlock (SecureWorks)
  • Nobelium (formerly used by Microsoft)
  • Midnight Blizzard (Microsoft)
  • Iron Hemlock (SecureWorks)
  • Cloaked Ursa (Palo Alto)
  • BlueBravo (Recorded Future)
  • Cloaked Ursa (Unit 42)
 
Read more...

from Not Simon 🐐

Country: Islamic Republic of Iran Organization: Ministry of Intelligence and Security (MOIS) Objective: Espionage

Aliases:

  • MuddyWater (CERTFA, Check Point, Cisco Talos Intelligence, Clearsky, Deep Instinct, ESET Research, Group-IB, MITRE, Kaspersky, Trellix, Unit 42)
  • Seedworm (Symantec)
  • TEMP.Zagros (FireEye)
  • Static Kitten (CrowdStrike)
  • MERCURY (formerly used by Microsoft)
  • Mango Sandstorm (Microsoft)
  • Boggy Serpens (Unit 42)
  • ENT-11 (NTT Security)
  • TA450 (Proofpoint)
  • Cobalt Ulster (SecureWorks)
  • ATK 51 (Thales)
  • T-APT-14 (Tencent)
  • ITG17 (IBM)
  • Yellow Nix (PWC)
  • Earth Vetala (Trend Micro)

Vulnerabilities Exploited

  • CVE-2023-27350 (CVSSv3: 9.8 critical) PaperCut MF/NG Improper Access Control Vulnerability. Source: Microsoft
  • CVE-2021-45046 (CVSSv3: 9.0 critical) Apache Log4j2 Remote Code Execution Vulnerability (also related to Log4Shell). Source: Microsoft
  • CVE-2021-44228 (CVSSv3: 10.0 critical) Apache Log4j2 Remote Code Execution Vulnerability (aka Log4Shell). Source: Microsoft
  • CVE-2020-0688 (CVSSv3: 8.8 high) Microsoft Exchange Validation Key Remote Code Execution Vulnerability. Source: CISA, SentinelOne
  • CVE-2020-1472 (CVSSv3: 10.0 critical) Netlogon Elevation of Privilege Vulnerability (aka ZeroLogon). Source: Clearsky, CISA
  • CVE-2020-0688 (CVSSv3: 8.8 high) Microsoft Exchange Validation Key Remote Code Execution Vulnerability. Source: Clearsky
  • CVE-2017-0199 (CVSSv3: 7.8 high) Microsoft Office/WordPad Remote Code Execution Vulnerability. Source: Clearsky, CISA

References

Links (Sorted in Chronological Order)

2024

2023

2022

2021

2020

2019

2018

2017

 
Read more...

from Not Simon 🐐

Country: People's Republic of China (PRC) Organization: Hubei State Security Department (HSSD), of the Ministry of State Security (MSS) Objective: Espionage

Aliases:

  • BRONZE VINEWOOD (Secureworks)
  • Judgment Panda (CrowdStrike)
  • Red keres (PwC)
  • TA412 (Proofpoint)
  • Violet Typhoon (Microsoft)
  • ZIRCONIUM (formerly used by Microsoft, MITRE)
  • RedBravo (Recorded Future)

Front Company

  • Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ, 武汉晓睿智科技有限责任公司)

Identified Members

  • Ni Gaobin (倪高彬)
  • Weng Ming (翁明)
  • Cheng Feng (程锋)
  • Peng Yaowen (彭耀文)
  • Sun Xiaohui (孙小辉)
  • Xiong Wang (熊旺)
  • Zhao Guangzong (赵光宗)
 
Read more...

from Not Simon 🐐

Country: Russia Organization: Military Unit 74455, of the Main Center for Special Technologies (GTsST), of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), formerly known as the Main Intelligence Directorate Objective: Espionage, Attack, Influence Operations

Aliases:

  • UAC-0133 (CERT-UA)
  • Sandworm Team (Trend Micro, MITRE)
  • Sandworm (ESET, Rapid7)
  • Iron Viking (SecureWorks)
  • CTG-7263 (SecureWorks)
  • APT44 (Google Cloud, Mandiant)
  • FROZENBARENTS (Google Threat Analysis Group)
  • IRIDIUM (formerly used by Microsoft)
  • Seashell Blizzard (Microsoft)
  • Voodoo Bear (CrowdStrike)
  • ELECTRUM (Dragos)
  • Quedagh
  • Black Energy (Group)
  • TEMP.Noble

Personas Used

  • Cyber Army of Russia Reborn

Identified Members

 
Read more...

from beverageNotes

I've been slacking again.

This evening, I'm finishing off a Basil Hayden Toast Small Batch. It's 80 proof, “artfully aged”, but no age statement.

It starts with some toasted marshmallow and cinnamon on the nose. Leads with some carmel, cinnamon, and maybe cherry or peach. There's a hint of toasted marshmallow in the middle, but the finish is a little weak.

I like it, I think it's a fairly inexpensive bottle—this one in particular was a gift.

It's got some oaky heat that lingers after the sip. I prefer to have it with an ice cube. A splash of water is also a good choice, if you prefer the heat.

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

⚠️ Not all scams are easy to spot warning – Scammers utilize coincidental timing and correct details to trick even smart individuals. https://www.emsisoft.com/en/blog/45650/not-all-scams-are-easy-to-spot/

🦮 Guidance for organisations considering payment in ransomware incidents cyber defense – Guidance for organizations on ransomware incidents, emphasizing alternatives to paying. https://www.ncsc.gov.uk/guidance/organisations-considering-payment-in-ransomware-incidents

🛡️ CISA and Partners Release Guidance for Civil Society Organizations on Mitigating Cyber Threats with Limited Resources security news – CISA, DHS, FBI, and international partners release cyber threat mitigation guidance for civil society organizations to combat state-sponsored threats. https://www.cisa.gov/news-events/alerts/2024/05/14/cisa-and-partners-release-guidance-civil-society-organizations-mitigating-cyber-threats-limited

🛤️ Google and Apple deliver support for unwanted tracking alerts in Android and iOS security news – Google and Apple collaborate on alerting users of unwanted tracking. https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html

🔒 Encrypted mail service still okay with giving PII to cops security news – ProtonMail under scrutiny for disclosing user data to police; US Patent and Trademark Office exposes private addresses online again; LockBit ransomware hits Wichita, Kansas, disrupting city services. https://www.theregister.com/2024/05/13/infosec_in_brief/

🔓 Europol confirms incident after data break-in claims security news – Europol investigates claims of stolen data from Europol Platform for Experts by cybercriminal IntelBroker. No compromise of core systems, but confidential data samples leaked. Incident raises concerns over security of sensitive EU and law enforcement data. https://www.theregister.com/2024/05/13/europol_data_breach/

💻 How Did Authorities Identify the Alleged Lockbit Boss? – Krebs on Security cybercrime – The U.S. DoJ charges Russian Dmitry Yuryevich Khoroshev as LockBit leader involved in extensive ransomware-related crimes, traced through forum usernames and domain registrations. Khoroshev's cyber activity predates notorious cybercrime forums, suggesting prior involvement in ransomware schemes. Indictment details financial strategy and offers insight into underground activities. https://krebsonsecurity.com/2024/05/how-did-authorities-identify-the-alleged-lockbit-boss/

🤖 Android is getting an AI-powered scam call detection feature security news – Google is developing an AI-powered scam call detection feature for Android, utilizing Gemini Nano to spot fraudulent language and warn users in real-time, aiming to prevent falling victim to phone scams. It will be an opt-in feature, ensuring privacy by running locally and offline. https://www.theverge.com/2024/5/14/24156212/google-android-ai-gemini-scam-call-detection-feature-io

🏙️ City of Helsinki suffered a data breach data breach – The City of Helsinki experienced a significant data breach that impacted students, guardians, and personnel, with threat actors gaining access to various personal and sensitive information. https://securityaffairs.com/163088/data-breach/city-of-helsinki-data-breach.html

🔨 Christie's takes website offline after cyberattack, delays live auction security news – Christie's auction house website taken offline due to a cyberattack, delaying a live auction; clients can still participate in auctions via different methods while the issue is resolved. Limited information was provided about the cyberattack. https://therecord.media/christies-website-down-auction-delayed-cyberattack

🔒 Threat actors may have exploited a zero security news – Apple releases urgent security updates addressing code execution vulnerabilities in iPhones, iPads, and macOS, including a memory corruption flaw in the Real-Time Kernel (RTKit) which may have been exploited as a zero-day. https://securityaffairs.com/163096/hacking/apple-iphones-zero-day-exploited.html

📱 Android will be able to detect if your phone has been snatched security news – Google introduces security features in Android 15 beta, including Theft Detection Lock to prevent unauthorized access if the phone is stolen, private spaces for hidden apps with unique PIN, and Play Protect updates for threat detection and app permissions monitoring. https://www.theverge.com/2024/5/15/24157068/android-15-ai-theft-detection-lock-privacy-security

🔍 EU probes Meta over its provisions for protecting children security news – European Commission probes Meta over potential breaches of Digital Services Act (DSA) related to protecting minors on Facebook and Instagram, examining issues such as addictive behavior, access to inappropriate content, and privacy measures. https://www.theregister.com/2024/05/16/eu_investigates_meta_over_its/


Some More, For the Curious

🕵️ In den Datenstrom eintauchen: Ein Werkzeugkasten für Analysten von Android-Apps security research https://www.kuketz-blog.de/in-den-datenstrom-eintauchen-ein-werkzeugkasten-fuer-analysten-von-android-apps/

🚫 Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule vulnerability – Injecting specific strings can shut down websites protected by WAF, causing Denial of Service. https://blog.sicuranext.com/response-filter-denial-of-service-a-new-way-to-shutdown-a-website/

🐟 Using MITM to bypass FIDO2 phishing security research – Research reveals potential vulnerabilities in FIDO2 authentication, highlighting the importance of implementing Token Binding for enhanced security. https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/

🌜 To the Moon and back(doors): Lunar landing in diplomatic missions security research – ESET Lunar toolset infiltrated European MFA using backdoors LunarWeb and LunarMail, attributed to Turla APT group. https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/

🪵 Log4Shell shows no sign of fading, spotted in 30% of CVE exploits security news – survey reveals organizations still have insecure protocols on WAN, aiding lateral movement; Log4Shell exploit identified in 30% of outbound CVE exploits despite being three years old. https://www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols/

🔒 The xz apocalypse that almost was security news – A recap of the backdoor incident in the xz library, detailing the timeline of events, community contributions, potential scale of impact, and industry insights on OpenSSH servers. Despite the wide adoption of OpenSSH and xz, the incident, while significant, was not as catastrophic as feared due to the vigilance of the large community. https://www.bitsight.com/blog/xz-apocalypse-almost-was

🔣 Diagrams and Symbols in Threat Models security research https://shostack.org/blog/diagrams-and-symbols-in-threat-models/

👮 FBI Seizes BreachForums Website security news https://www.schneier.com/blog/archives/2024/05/fbi-seizes-breachforums-website.html

♨️ CISA spreads Black Basta advice amid Ascension infection security news – CISA and Health-ISAC issue bulletins on Black Basta ransomware gang after the attack on US healthcare provider Ascension, advising on defense strategies and outlining the group's tactics. https://www.theregister.com/2024/05/13/cisa_ascension_ransomware/

🦆 QakBot attacks with Windows zero-day (CVE-2024-30051) vulnerability – A zero-day vulnerability in the Windows Desktop Window Manager was discovered and exploited in the wild, leading to privilege escalation. The vulnerability, CVE-2024-30051, was reported to Microsoft and a patch was released on May 14, 2024. https://securelist.com/cve-2024-30051/112618/

🛹 MITRE released EMB3D Threat Model for embedded devices cyber defense – MITRE released the EMB3D threat model for critical infrastructure embedded devices, aiming to improve security by providing insights on cyber threats and device features for vendors, operators, and researchers across various industries. https://securityaffairs.com/163144/security/mitre-released-emb3d-framework.html

🦊 Foxit PDF Reader “Flawed Design” : Hidden Dangers Lurking in Common Tools security research https://blog.checkpoint.com/research/foxit-pdf-reader-flawed-design-hidden-dangers-lurking-in-common-tools/

🛞 Rounding up some of the major headlines from RSA security news – Recap of top stories and trends from RSA Conference, focusing on AI, build security initiative, technologies countering deepfakes, and Microsoft disclosing a zero-day vulnerability. Major headlines include healthcare network disruption, Google and Apple alert for unwanted device tracking, and Christie's cyber attack. https://blog.talosintelligence.com/threat-source-newsletter-may-16-2024/

CISA Corner KEV – Google Chromium, D-Link and Microsoft https://www.cisa.gov/news-events/alerts/2024/05/13/cisa-adds-one-known-exploited-vulnerability-catalog https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-adds-three-known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2024/05/14/cisa-adds-two-known-exploited-vulnerabilities-catalog Siemens Advisories https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-releases-seventeen-industrial-control-systems-advisories Updates by Adobe, Microsoft, Apple and Cisco https://www.cisa.gov/news-events/alerts/2024/05/15/adobe-releases-security-updates-multiple-products https://www.cisa.gov/news-events/alerts/2024/05/14/microsoft-releases-may-2024-security-updates https://www.cisa.gov/news-events/alerts/2024/05/14/apple-releases-security-updates-multiple-products https://www.cisa.gov/news-events/alerts/2024/05/16/cisco-releases-security-updates-multiple-products


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Stories of Salt

This page will be expanded over time. Send DM's to @fauxialist_alternative on Instagram with suggested additions.

NFP's and Lobbying Groups

Other good resources

  • Palestine Free Trade Australia – Sydney-based NFP importing goods from Palestine. Runs a general humanitarian appeal, as well as an education project in partnership with Friends of Hebron Sydney.
 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlights

💰 Krypto-Betrüger: Sechs Österreicher festgenommen cybercrime – Six Austrians were arrested for running an online scam involving a supposed new cryptocurrency, defrauding investors of millions. Europol coordinated the operation, seizing over 500,000 euros in cryptocurrencies, 250,000 euros in fiat, and other assets. The suspects falsely claimed to open an online trading company with a new cryptocurrency, carrying out an Initial Coin Offering (ICO) without transparency, leading investors to realize they were deceived in February 2018. https://www.heise.de/news/Krypto-Betrueger-Sechs-Oesterreicher-festgenommen-9714300.html

Lockbit Corner 🛑 Law enforcement seized Lockbit group's website again cybercrime – Law enforcement seizes Lockbit group's website, threatens to reveal identities. https://securityaffairs.com/162778/cyber-crime/law-enforcement-seized-lockbit-site-again.html

⛓️ U.S. Charges Russian Man as Boss of LockBit Ransomware Group – Krebs on Security cybercrime – U.S. charges Russian man as boss of LockBit ransomware group, part of elaborate criminal network. https://krebsonsecurity.com/2024/05/u-s-charges-russian-man-as-boss-of-lockbit-ransomware-group/

🎙️ In interview, LockbitSupp says authorities outed the wrong guy cybercrime – LockBit leader denies being correctly identified. https://therecord.media/lockbitsupp-interview-ransomware-cybercrime-lockbit

🍧 LockBit gang claimed responsibility for the attack on City of Wichita cybercrime – The City of Wichita was hit by a LockBit ransomware attack, leading to network shutdown. The LockBit gang threatened to leak stolen data, prompting an investigation by third-party experts and law enforcement. Systems remain offline, with no definitive timeline for restoration. https://securityaffairs.com/162910/cyber-crime/city-of-wichita-lockbit-ransomware.html


News For All

🥠 Stealing cookies: Researchers describe how to bypass modern authentication security research – Researchers detail bypassing modern authentication via MITM attack. https://cyberscoop.com/stealing-cookies-researchers-describe-how-to-bypass-modern-authentication/

🔐 Why Your VPN May Not Be As Secure As It Claims – Krebs on Security security research – Researchers reveal VPN vulnerability via rogue DHCP server attacks. https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/

💸 Online Scams: Are These All Scams? Distinguishing the Legit from the Scam cybercrime – Sophisticated scammers create fake websites and emails, deceiving users. https://asec.ahnlab.com/en/65091/

🔑 Yubico bolsters authentication security with updated YubiKey 5 series devices security news – Yubico releases updated security keys with enhanced features. https://www.theverge.com/2024/5/7/24150918/yubico-5-7-firmware-update-security-key-yubikey-5

🔗 April 2024’s Most Wanted Malware: Surge in Androxgh0st Attacks and the Decline of LockBit3 security research – significant increase in AndroXgh0st malware attacks during April 2024, alongside a noticeable decrease in LockBit3.0 attacks, highlighting the shifting landscape of cybersecurity threats. https://blog.checkpoint.com/security/april-2024s-most-wanted-malware-surge-in-androxgh0st-attacks-and-the-decline-of-lockbit3/

🔍 New Case Study: The Malicious Comment security news – Malicious code hidden in 'Thank you' image compromised online shoppers. https://thehackernews.com/2024/05/new-case-study-malicious-comment.html

⛔ Stolen children’s health records posted online in extortion bid data breach – Children's health records from NHS Dumfries and Galloway published by cybercriminals for extortion. https://therecord.media/scotland-nhs-children-records-posted-extortion-ransomware

🧠 Back to the Hype: An Update on How Cybercriminals Are Using GenAI cybercrime – Cybercriminals continue to use generative AI, focusing on jailbreaking capabilities and emerging deepfake services for criminal activities. https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/back-to-the-hype-an-update-on-how-cybercriminals-are-using-genai

✈️ Boeing confirms attempted $200 million ransomware extortion attempt cybercrime – Boeing faced a $200 million ransomware demand from LockBit, part of a larger cyberattack. Boeing did not pay the ransom and the incident impacted its parts and distribution business. https://cyberscoop.com/boeing-confirms-attempted-200-million-ransomware-extortion-attempt/

🚔 FBI Warns US Retailers That Cybercriminals Are Targeting Their Gift Card Systems warning – FBI warns US retailers of a cybercriminal group targeting staff with phishing attacks to create fraudulent gift cards, highlighting the financial losses and sophisticated tactics used. https://www.tripwire.com/state-of-security/fbi-warns-us-retailers-cybercriminals-are-targeting-their-gift-card-systems

❤️‍🩹 Major health care system hobbled by ‘cyber incident’ cybercrime – Ascension health care system suffers a cyber incident causing disruptions to clinical operations, affecting medical services, patient records access, and necessitating manual documentation. Incident follows recent high-profile attacks in the healthcare industry, highlighting the need for cybersecurity standards. https://cyberscoop.com/major-health-care-system-hobbled-by-cyber-incident/

📢 Dell discloses data breach impacting millions of customers data breach – Dell revealed a data breach affecting millions of customers, exposing names, physical addresses, and hardware purchase data. Financial details and sensitive information were not compromised. https://securityaffairs.com/162942/cyber-crime/dell-data-breach-2.html

📱 Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials malware – Malicious Android apps impersonate popular services to trick users into installing them, then request extensive permissions to steal credentials and perform malicious activities, such as accessing contact lists, SMS messages, and launching phishing pages mimicking social media and financial services. https://thehackernews.com/2024/05/malicious-android-apps-pose-as-google.html

🪲 Google fixes fifth actively exploited Chrome zero vulnerability – Google patched the fifth zero-day vulnerability in Chrome this year, a use-after-free issue in the Visuals component, actively exploited in the wild, without disclosing details about the attacks. https://securityaffairs.com/162976/hacking/5th-chrome-zero-day-2024.html

😨 You've Been Breached: What Now? cyber defense – Breaches are inevitable in cybersecurity; after a breach, focus shifts to identifying the blast radius, providing temporary work credentials for affected employees, accountability at the executive level, and implementing incident response planning and a comprehensive cybersecurity strategy for recovery. https://www.darkreading.com/cyberattacks-data-breaches/you-have-been-breached-what-now


Some More, For the Curious

⚔️ MITRE attributes the recent attack to China security news – MITRE discloses security breach attributed to China-linked UNC5221. https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html

🫢 RemcosRAT Distributed Using Steganography security research – RemcosRAT distributed using steganography technique, warns of malware infection risks. https://asec.ahnlab.com/en/65111/

🗣️ Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution vulnerability – Cisco Talos discloses three zero-day vulnerabilities, two allowing code execution. https://blog.talosintelligence.com/vulnerability-roundup-zero-days-may-8-2024/

🤌 Breaking down Microsoft’s pivot to placing cybersecurity as a top priority security news – Microsoft faced criticism over their security practices, prompting a new focus on cybersecurity as a top priority with six pillars. The announcement includes re-prioritizing efforts to enhance internal systems and respond to threats promptly. The new governance structure is designed to centralize security efforts and hold leadership accountable for progress. Despite past issues, this shift demonstrates a commitment to improving security practices and ensuring Microsoft products are a safe choice for users. https://doublepulsar.com/breaking-down-microsofts-pivot-to-placing-cybersecurity-as-a-top-priority-734467a8db01

⚙️ 21115: An Oracle VirtualBox LPE Used to Win Pwn2Own vulnerability – The exploit involved a bug in the VGA device heap memory, which could be triggered by setting specific values. Through a series of steps, the exploit gained increased VRAM access, disabled critical sections, achieved buffer overread and overflow, and executed arbitrary code, ultimately demonstrating control over the host system. https://www.thezdi.com/blog/2024/5/9/cve-2024-21115-an-oracle-virtualbox-lpe-used-to-win-pwn2own

🚗 GhostStripe attack haunts self-driving cars by making them ignore road signs security news – novel hack called “GhostStripe” that targets autonomous vehicles by manipulating road sign visibility to the vehicles' cameras, making the signs unrecognizable to the self-driving system and thus potentially leading to dangerous driving errors. https://www.theregister.com/2024/05/10/baidu_apollo_hack/

🥅 Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation cyber defense – Juniper Threat Labs is monitoring the Ivanti Pulse Secure authentication bypass and remote code execution vulnerabilities being exploited by Mirai botnet. https://blogs.juniper.net/en-us/security/protecting-your-network-from-opportunistic-ivanti-pulse-secure-vulnerability-exploitation

🐡 Unmasking Tycoon 2FA: A Stealthy Phishing Kit Used to Bypass Microsoft 365 and Google MFA security research – the Tycoon 2FA phishing kit, which exploits session cookies to bypass multifactor authentication for Microsoft 365 and Gmail, employing a business model via Telegram to sell phishing services and significantly impacting cybersecurity efforts. https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass

CISA Corner 🪫 CISA Advisory – alpitronic Hypercharger EV Charger vulnerability – Vulnerability in alpitronic Hypercharger EV charger allows attackers to disable the device, bypass payment, and access payment data due to the use of default credentials. Mitigations include changing default passwords, limiting network exposure, and implementing secure access methods. https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02

⚠️ #StopRansomware: Black Basta security news – The joint advisory from FBI, CISA, HHS, and MS-ISAC reveals details on Black Basta, a ransomware variant impacting critical infrastructure sectors, including Healthcare and Public Health, outlining TTPs and IOCs to assist organizations in protecting against Black Basta and other ransomware threats. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a

🤹 ASD’s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies https://www.cisa.gov/news-events/alerts/2024/05/09/asds-acsc-cisa-and-partners-release-secure-design-guidance-choosing-secure-and-verifiable

 
Read more...

from Sirius

Prefácio de Albert Einstein sobre a introdução à Lucrécio.

Titus Lucretius Carus (c. 94 a.C. – c. 50 a.C.) era um poeta e filósofo epicurista romano que, em seu De rerum natura (Da Natureza das Coisas), descreveu o universo como a combinação do vazio e uma coleção de minúsculas partículas semelhantes a átomos em movimento perpétuo (seguindo os seus mestres Demócrito e Epicuro), com o diferencial de ter adicionado a elas um desvio imprevisível, chamado clinamen, que as leva a colidir e compor formas mais complexas.

Tal estrutura não permite a vida após a morte, apenas a disseminação do corpo e da alma de volta às partículas. O imperativo estabelecido por Lucrécio, seguindo os ensinamentos de Epicuro, era que o homem maximizasse o prazer e minimizasse a dor na única vida que lhe estava disponível. No universo de Lucrécio era impensável que os deuses, absortos nos seus próprios afazeres, tivessem algum interesse nos assuntos humanos. O homem era livre para seguir seu próprio caminho.

Einstein, em suas correspondências, realiza uma introdução ao pensamento de Lucrécio, a qual segue abaixo com as devidas vênias por eventual má tradução do idioma alemão:

Introdução a Lucrécio

PREFÁCIO

Para qualquer pessoa que não esteja totalmente imersa no espírito de nosso tempo, mas ocasionalmente se sinta como um espectador em relação ao seu mundo e especialmente à mentalidade intelectual dos contemporâneos, a obra de Lucrécio exercerá seu encanto. Aqui se vê como um homem dotado de interesse científico e especulativo, com sensibilidade e pensamento vivos, concebe o mundo, alguém independente que também não tem ideia dos resultados da ciência natural atual que nos são ensinados na infância, antes de podermos conscientemente ou criticamente enfrentá-los.

Deve causar uma profunda impressão a firme confiança que Lucrécio, como fiel discípulo de Demócrito e Epicuro, deposita na compreensibilidade, respectivamente, na conexão causal de todos os acontecimentos mundiais. Ele está firmemente convencido, a ponto de acreditar que pode até mesmo provar, que tudo se baseia no movimento regular de átomos imutáveis, aos quais ele não atribui outras qualidades além das geométrico-mecânicas. Diz-se que as qualidades sensoriais do calor, do frio, da cor, do cheiro e do sabor remontam aos movimentos dos átomos, assim como todos os fenômenos da vida. Ele pensa que a alma e o espírito são formados a partir de átomos particularmente leves, atribuindo (inconsistentemente) qualidades particulares da matéria a caracteres experienciais específicos.

Ele tem como objetivo principal do seu trabalho a libertação das pessoas do medo servil causado pela religião e pela superstição, que é nutrido e explorado pelos sacerdotes para seus próprios fins. Certamente ele se preocupa com isso. Mas ele parece ter sido motivado principalmente pela necessidade de convencer os seus leitores da necessidade da visão de mundo atomista-mecânica, mesmo que não ousasse dizê-lo abertamente aos seus leitores romanos, que eram provavelmente mais práticos. Sua admiração por Epicuro, pela cultura e pela língua grega em geral, que ele coloca bem acima do latim, é comovente. Os romanos devem ser elogiados por permitirem que isso fosse dito. Onde está a nação moderna que nutre e expressa tal nobre sentimento em relação a uma contemporânea? Os versos de Diels são tão naturais que se esquece que se está diante de uma tradução.

Berlim, junho de 1924.

Albert Einstein

Eventualmente editarei esse texto para acrescentar alguns trechos do Da Natureza das Coisas.

 
Leia mais...

from Kevin Neely's Security Notes

The annual Verizon Data Breach Investigation Report is out, and along with it an accounting of the #cybersecurity compromise and data breach happenings for the past year. As always, it's filled with data analysis and some trending commentary from the previous DBIR report.

The following is a TL;DR summary generated using fabric by Daniel Miessler with some very minor editing.

SUMMARY:

This year, the 2024 DBIR reveals a significant rise in vulnerability exploitation and ransomware attacks, emphasizing the urgent need for enhanced cybersecurity measures.

  • Vulnerability exploitation tripled from last year, driven by zero-day vulnerabilities.
  • Ransomware and extortion-related breaches accounted for 32% of all breaches.
  • Human error remains a significant factor, involved in 68% of breaches.
  • Third-party breaches increased by 68%, highlighting supply chain vulnerabilities.
  • Financially motivated attacks dominate, with ransomware and extortion leading the charge.
  • The median loss from #ransomware and extortion attacks was $46,000.
  • Phishing remains a critical initial attack vector, with a notable increase in reporting rates.
  • The use of stolen credentials and exploitation of vulnerabilities are top methods for system intrusion.
  • The #MOVEit vulnerability significantly impacted the threat landscape, affecting numerous industries, continuing the trend of “secure file transfer” systems being a significant risk to both company and customer data.
  • MOVEit and remote access (e.g. VPN) compromises are the focus of successful system-compromise attacks.

STATISTICS:

  • 180% increase in attacks involving vulnerability exploitation.
  • Ransomware accounts for 23% of breaches, with pure extortion at 9%.
  • Human element involved in 68% of breaches.
  • 15% of breaches involved third-party vulnerabilities.
  • Errors contributed to 28% of breaches.
  • Financial motives behind 92% of industries targeted by ransomware.
  • Median loss from ransomware/extortion attacks is $46,000.
  • 20% of users reported phishing attempts in simulations.
  • Median time to click on a phishing email is 21 seconds.
  • Exploitation of vulnerabilities as the initial breach action doubled from last year.

QUOTES:

  • “Ransomware and extortion-related threats continue to evolve, posing significant risks across industries.”
  • “The human element remains a critical vulnerability in cybersecurity defenses.”
  • “Supply chain vulnerabilities are increasingly being exploited by attackers.”
  • “Misdelivery errors highlight the ongoing challenge of human error in data breaches.”
  • “Financially motivated attacks dominate the cyber threat landscape.”
  • “The MOVEit vulnerability has had a profound impact on the cybersecurity threat landscape.”
  • “Increased reporting rates for phishing attempts indicate growing awareness among users.”
  • “The rapid response to phishing emails underscores the need for continuous user education.”
  • “Stolen credentials and vulnerability exploitation remain preferred methods for attackers.”
  • “The rise in third-party breaches underscores the importance of vendor security assessments.”

RECOMMENDATIONS:

  • Implement multi-factor authentication to mitigate the risk of stolen credentials.
  • Regularly update and patch systems to protect against vulnerability exploitation.
  • Conduct continuous phishing awareness training for all employees.
  • Perform thorough security assessments of third-party vendors and suppliers.
  • Deploy endpoint detection and response solutions to identify and mitigate ransomware attacks.
  • Encourage the reporting of phishing attempts and provide clear reporting procedures.
  • Utilize web application firewalls to protect against basic web application attacks.
  • Establish robust data backup and recovery processes to minimize the impact of ransomware.
  • Monitor for unusual activity indicating the misuse of privileges by internal actors.
 
Read more...

from Bruno Miguel

Fastfetch custom configuration

Neofetch is no more. The git repository for the venerable tool to show off the users' window manager configurations on /r/unixporn was archived and will no longer be maintained. Granted, it hadn't received a commit for around 3 years, so this is not unexpected. Thankfully, many tools of this kind abound in the FOSS world. One is Fastfetch, which is very similar to Neofetch but supposedly faster. Moments ago, I installed Fastfech and wasted a little bit of time configuring it. Why? Because.

The main difference between the two, from a user point of view, is that JSONC is used for Fastfetch's configuration. You can see all the options for the built-in modules on the schema present at the tool's repository or the documentation. You can also use my configuration below as a starting point.

{
    "$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json",
    "logo": {
        "type": "file",
        "source": "$HOME/.config/fastfetch/logo.txt"
    },
    "display": {
        "separator": "  -> "
    },
    "modules": [
        {
            "type": "custom",
            "format": "┌────────────────────────────────────────────────────────────┐"
        },
        {
            "type": "os",
            "key": "│  OS"
        },
        {
                "type": "kernel",
                "key": "│  Kernel"
        },
        {
            "type": "packages",
            "key": "│  Packages",
        },
        {
            "type": "wm",
            "key": "│  WM",
        },
        {
            "type": "terminal",
            "key": "│  Terminal",
        },
        {
            "type": "shell",
            "key": "│  Shell"
        },
        {
            "type": "display",
            "key": "│  Display"
        },
        {
            "type": "cpu",
            "key": "│  CPU",
        },
        {
            "type": "gpu",
            "key": "│  GPU",
        },
        {
            "type": "memory",
            "key": "│  Memory",
        },
        {
            "type": "swap",
            "key": "│  Swap"
        },
        {
            "type": "custom",
            "format": "└────────────────────────────────────────────────────────────┘"
        },
        "break",
        {
            "type": "colors"
        }
    ]
}

If you want something different, there are several options, such as Nitch, Pfetch, Catnip, and Meowfetch. I'm the maintainer for the meowfetch-git package on Arch Linux's AUR, and I recommend it if you want to see a kitty every time you display your system info on the terminal.

via It's FOSS

#Neofetch #Fastfetch #UnixPorn #Linux #FOSS

 
Read more...

from Bruno Miguel

Grand Utopia map overview Image from the Grand Utopia website. All rights reserved to the project

I uninstalled Euro Truck Simulator 2 (ETS2) a few weeks ago. I needed the space to install another game and try it out. That game was cool but not as good as ETS2, so I replaced it with the truck driving simulator. However, after watching a streamer use it, I added the Grand Utopia mod.

Grand Utopia is a map mod of a fictional island, partially inspired by the game's French map. The best thing about it is it uses a 1:1 scale, unlike the official game maps, which means a trip takes around the same time as it would in real life for its distance. The scenery is also well made but uses more graphic elements, so expect it to utilize more resources.

I've been playing with this mod for over a week and enjoy it very much. The new places to unlock, the beautiful sceneries, and the 1:1 scale add to a pleasant gaming experience. I cannot recommend it enough.

If you want to try Grand Utopia, there's one thing you need to do: create a new profile. It won't work with your current profiles and will even crash the game if you try to force it on an existing one.

#Linux #LinuxGaming #ETS2 #EuroTruckSimulator2 #Gaming

 
Read more...