72Articles
8Categories
2023-07-28Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 9[−]
28 JulMajor Security Flaw Discovered in Metabase BI Software – Urgent Update RequiredUsers of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an "extremely severe" flaw that could result in pre-authenticated remote code execution on affected installatio…THEHACKERNEWS.COM
28 JulA step-by-step guide for patching software vulnerabilitiesCoalition’s recent Cyber Threat Index 2023 predicts the average Common Vulnerabilities and Exposures (CVEs) rate will rise by 13% over 2022 to more than 1,900 per month in 2023.HELPNETSECURITY.COM
28 JulZimbra Patches Zero-Day Vulnerability Exploited in XSS AttacksNow tracked as CVE-2023-38750, the security flaw is a reflected Cross-Site Scripting (XSS) discovered by security researcher Clément Lecigne of Google Threat Analysis Group.BLEEPINGCOMPUTER.COM
28 JulExploitation of Recent Citrix ShareFile RCE Vulnerability BeginsThe first attempts to exploit CVE-2023-24489, a recent critical Citrix ShareFile remote code execution vulnerability, have been observed. The post Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins appeared first on SecurityWeek .SECURITYWEEK.COM
28 JulIvanti Releases Security Updates for EPMM to address CVE-2023-35081Ivanti has identified and released patches for a directory traversal vulnerability ( CVE-2023-35081 , CWE-22 ) in Ivanti Endpoint Manager Mobile (EPMM). This vulnerability allows an attacker with EPMM administrator privileges to write arbitrary files with the operating system pri…CISA.GOV
28 JulCISA Releases Malware Analysis Reports on Barracuda BackdoorsCISA has published three malware analysis reports on malware variants associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. It was exploite…CISA.GOV
28 JulMAR-10454006-r2.v1 SEASPY BackdoorNotification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in…CISA.GOV
28 JulMAR-10454006-r3.v1 Exploit Payload BackdoorNotification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in…CISA.GOV
28 JulMAR-10454006-r1.v2 SUBMARINE BackdoorNotification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in…CISA.GOV
⚠️ VULNERABILITY DISCLOSURE 17[−]
28 JulCybersecurity Agencies Warn Against IDOR Bugs Exploited for Data BreachesCybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. This includes a specific…THEHACKERNEWS.COM
28 JulCISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control AbuseThese vulnerabilities are frequently exploited by malicious actors in data breach incidents and have resulted in the compromise of personal, financial, and health information of millions of users and consumers.CISA.GOV
28 JulIndirect Instruction Injection in Multi-Modal LLMsInteresting research: “ (Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs “: Abstract: We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversa…SCHNEIER.COM
28 JulA Data Exfiltration Attack Scenario: The Porsche ExperienceAs part of Checkmarx's mission to help organizations develop and deploy secure software, the Security Research team started looking at the security posture of major car manufacturers. Porsche has a well-established Vulnerability Reporting Policy (Disclosure Policy)[1], it was con…THEHACKERNEWS.COM
28 JulHackers Abusing Windows Search Feature to Install Remote Access TrojansA legitimate Windows search feature is being exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT. The novel attack technique, per Trellix, takes advantage of th…THEHACKERNEWS.COM
28 JulNitrogen Malvertising - Sneaky Malware in Search AdsA recently detected malvertising campaign, known as Nitrogen, has been discovered exploiting Google Search and Bing ads to target users searching for IT tools. The Nitrogen campaign predominantly focuses on technology and non-profit organizations in North America. It operates by …CYWARE.COM
28 JulInnovative Attack Methodology Leverages the "search-ms" URI Protocol HandlerA legitimate Windows search feature could be exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.TRELLIX.COM
28 JulZimbra Patches Exploited Zero-Day VulnerabilityZimbra has released patches for a cross-site scripting (XSS) vulnerability that has been exploited in malicious attacks. The post Zimbra Patches Exploited Zero-Day Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
28 JulSTARK#MULE Targets Koreans with U.S. Military-themed Document LuresAn ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems. Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE. "Based o…THEHACKERNEWS.COM
28 JulWordPress Ninja Forms Plugin Flaw Lets Hackers Steal Submitted DataResearchers at Patchstack discovered and disclosed the three vulnerabilities to the plugin's developer, Saturday Drive, on June 22nd, 2023, warning that it affects NinjaForms versions 3.6.25 and older.BLEEPINGCOMPUTER.COM
28 JulIvanti patches new zero-day exploited in Norwegian govt attacksIvanti has fixed another vulnerability in the Endpoint Manager Mobile software (formerly MobileIron Core), exploited as a zero-day to breach the IT systems of a dozen ministries in Norway. [...]BLEEPINGCOMPUTER.COM
28 JulCISA: New Submarine malware found on hacked Barracuda ESG appliancesCISA says new malware known as Submarine was used to backdoor Barracuda ESG (Email Security Gateway) appliances by exploiting a now-patched zero-day bug. [...]BLEEPINGCOMPUTER.COM
28 JulLazarus Group Targets Microsoft IIS ServersNorth Korean Group Uses Watering Hole Techniques to Access, Distribute Malware The highly active, North Korea-linked Lazarus Group is targeting unpatched Microsoft Internet Information Services servers to escalate privileges and distribute malware. Researchers spotted the group u…DATABREACHTODAY.CO.UK
28 JulA Vulnerability in Ivanti Endpoint Manager Mobile Could Allow for Arbitrary Code ExecutionA vulnerability has been discovered in Ivanti Endpoint Manager (EPMM), formerly known as MobileIron Core; which could allow for arbitrary code execution. Ivanti Endpoint Manager Mobile is a mobile management software engine that enables IT to set policies for mobile devices, appl…CISECURITY.ORG
28 JulHackers Attack Apache Tomcat Servers to Deploy MalwareApache Tomcat, a free and open-source server, supports Jakarta Servlet, Expression Language, and WebSocket technologies, providing a “pure Java” HTTP web server environment. Apache Tomcat dominates with nearly 50% developer adoption, and it’s widely used in the …GBHACKERS.COM
28 JulAkira Ransomware Expands to Linux with In-built Tor WebsiteAccording to recent sources, threat actors have been working on a new variant of cross-platform ransomware that is named “Akira”. Akira was introduced to the cybersecurity sector in March 2023, which targets several financial institutions and organizations for stealing sensitive …GBHACKERS.COM
28 JulThe Role of Machine Learning in Fraud DetectionFraud has been a thorny issue in the digital space, and taming fraudsters has proved to be an overwhelming task because they rely on technology to advance attacks. In the e-commerce sector only, for instance, global fraud losses in 2022 amounted to $41 billion and are estimated t…GBHACKERS.COM
📢 SECURITY ADVISORIES 6[−]
28 JulMajor Security Flaw Discovered in Metabase BI Software – Urgent Update Required"An unauthenticated attacker can run arbitrary commands with the same privileges as the Metabase server on the server you are running Metabase on," Metabase said in an advisory released last week.THEHACKERNEWS.COM
28 JulTSA Revises Security Directives for Oil and Gas Pipelines to Test ResilienceThe Transportation Security Administration revised its security directive on cybersecurity for oil and natural gas pipelines Wednesday. The directive was issued and later renewed following the ransomware attack on Colonial Pipeline.CYBERSECURITYDIVE.COM
28 JulCISA to Establish Network of Regional Election Advisers for 2024Announced by Director Jen Easterly on Tuesday, the 10 advisers will support election officials working in their respective areas in an effort to “build even stronger connective tissue between state and local election officials and … CISA.”THERECORD.MEDIA
28 JulCISA warns of breach risks from IDOR web app vulnerabilitiesCISA warned today of the significant breach risks linked to insecure direct object reference (IDOR) vulnerabilities impacting web applications in a joint advisory with the Australian Cyber Security Centre (ACSC) and U.S. National Security Agency (NSA). [...]BLEEPINGCOMPUTER.COM
28 JulHawaii Community College admits paying ransom to extortionistsAfter a ransomware attack which saw the personal information of 28,000 individuals stolen by hackers, Hawaii Community College has confirmed that it has paid a ransom.GRAHAMCLULEY.COM
🔥 INCIDENT REPORTING 17[−]
28 JulIOTW: Data breach victim ordered to pay $1.21 million to Adidas and NBAThe victim of a credential stuffing attack is facing legal action after malicious actors took over her Paypal account and make fraudulent transactionsCSHUB.COM
28 JulWeekly Update 358Presently sponsored by: Kolide ensures that if a device isn't secure, it can't access your apps. It's Device Trust for Okta. Watch the demo today! IoT, breaches and largely business as usual so I'll skip that in the intro to this post and jump straight to the end: the impend…TROYHUNT.COM
28 JulUpdate: Hawaiʻi Community College Pays Ransom After Attackers Steal Personal Info of 28,000 PeopleThe attack was claimed by the NoEscape ransomware group, a new gang that emerged in May. Despite paying the ransom, the community college is still in the process of restoring its IT infrastructure.THERECORD.MEDIA
28 JulBreachForums Database and Private Chats for Sale in Hacker Data BreachWhile consumers are usually the ones worried about their information being exposed in data breaches, it's now the hacker's turn, as the notorious Breached cybercrime forum's database is up for sale and member data shared with Have I Been Pwned.BLEEPINGCOMPUTER.COM
28 JulEducation Sector has Highest Ransomware Victim CountA new report by Sophos revealed that 79% of higher and 80% of “lower” education institutions were compromised by ransomware over the past year – up from 64% and 56% in 2021, respectively.INFOSECURITY-MAGAZINE.COM
28 JulSEC Implements New Rule Requiring Firms to Disclose Cybersecurity Breaches in 4 DaysWhat happened? The SEC (Securities and Exchange Commission) has introduced new rules that require public companies to be more transparent about their cybersecurity risks and any breaches they experience.KNOWBE4.COM
28 JulHawai'i Community College pays ransomware gang to prevent data leakThe Hawaiʻi Community College has admitted that it paid a ransom to ransomware actors to prevent the leaking of stolen data of approximately 28,000 people. [...]BLEEPINGCOMPUTER.COM
28 JulIcedID Malware Adapts and Expands Threat with Updated BackConnect ModuleThe threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that's used for post-compromise activity on hacked systems, new findings from Team Cymru reveal. IcedID, also called BokBot, is a strain of malware similar to Emotet an…THEHACKERNEWS.COM
28 JulSTARK#MULE Targets Koreans with U.S. Military-Themed Document LuresAn ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems.THEHACKERNEWS.COM
28 JulIndustry Reactions to New SEC Cyber Incident Disclosure Rules: Feedback FridaySeveral industry professionals comment on the SEC’s new cybersecurity incident disclosure rules and their implications. The post Industry Reactions to New SEC Cyber Incident Disclosure Rules: Feedback Friday appeared first on SecurityWeek .SECURITYWEEK.COM
28 JulIn Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in AndroidWeekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 24, 2023. The post In Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in Android appeared first on SecurityWee…SECURITYWEEK.COM
28 JulISMG Editors: MOVEit Breach Fallout, Cybercrime InnovationAlso: Hospitals Warned of Web-Tracking Tools, U.S. DOJ Reorganizes Units In the latest weekly update, ISMG editors discuss the surging number of MOVEit breach victims and the state of ransomware innovation, why the federal government warned healthcare firms about the use of web t…DATABREACHTODAY.CO.UK
28 JulUS and Australia Warn Developers Over IDOR VulnerabilitiesFlaws That Give Back-End Access to an Object Can Cause Large Breaches, Agencies Say U.S. and Australian cybersecurity agencies are warning developers to guard against access flaws, saying that failure to institute authentication checks can lead to large data breaches. Broken acce…DATABREACHTODAY.CO.UK
28 JulCyber Security Today, Week in Review for Friday July 28, 2023This episode features a discussion on the latest news in artificial intelligence, women in cybersecurity and data breach reportingCYBERSECURITYTODAY.LIBSYN.COM
28 JulThe Week in Ransomware - July 28th 2023 - New extortion tacticsWith ransom payments declining, ransomware gangs are evolving their extortion tactics to utilize new methods to pressure victims. [...]BLEEPINGCOMPUTER.COM
28 Jul700,000 Sensitive Teacher, Student Records Exposed on WebResearcher Says Hackers Could Have Seen Salary Info, Child Abuse Reports and More A security researcher recently found a database exposed to the internet containing sensitive information on independent school students and faculty including financial data, salary, professional det…DATABREACHTODAY.CO.UK
28 JulHacker Using Google and Bing ads to Deliver Weaponized IT toolsThe latest research discovered malvertising campaigns abusing Google and Bing ads to target users seeking certain IT tools and deploying ransomware. This campaign targets several organizations in the technology and non-profit sectors in North America. This campaign exhibits simil…GBHACKERS.COM
🕵️ THREAT INTELLIGENCE 11[−]
28 JulISC Stormcast For Friday, July 28th, 2023 https://isc.sans.edu/podcastdetail/8592, (Fri, Jul 28th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
28 JulBlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic EntitiesThe Russian nation-state actor known as BlueBravo has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton, exemplifying the continuous evolution of the threat. The phishing campaign is characteriz…THEHACKERNEWS.COM
28 JulCoinsPaid Blames North Korean Hackers for $37 Million Cryptocurrency HeistCoinsPaid says North Korean hacking group Lazarus is likely responsible for the recent theft of $37 million in cryptocurrency. The post CoinsPaid Blames North Korean Hackers for $37 Million Cryptocurrency Heist appeared first on SecurityWeek .SECURITYWEEK.COM
28 JulWeintek Weincloud Vulnerabilities Allowed Manipulation, Damaging of ICS DevicesSeveral vulnerabilities found in Weintek Weincloud could have allowed hackers to manipulate and damage ICS, including PLCs and field devices. The post Weintek Weincloud Vulnerabilities Allowed Manipulation, Damaging of ICS Devices appeared first on SecurityWeek .SECURITYWEEK.COM
28 JulBlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic EntitiesThe Russian nation-state actor known as BlueBravo has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton, exemplifying the continuous evolution of the threat.THEHACKERNEWS.COM
28 JulYour KnowBe4 Fresh Content Updates from July 2023Check out the 28 new pieces of training content added in July, alongside the always fresh content update highlights, events and new features.KNOWBE4.COM
28 JulIcedID Malware Adapts and Expands Threat with Updated BackConnect ModuleThe latest analysis of the attack infrastructure from Team Cymru has revealed that the number of BackConnect C2s have shot up from 11 to 34 since January 23, 2023, with the average uptime of a server significantly reducing from 28 days to eight days.THEHACKERNEWS.COM
28 JulUS, Australia Issue Warning Over Access Control Vulnerabilities in Web ApplicationsUS and Australian government agencies provide guidance on addressing access control vulnerabilities in web applications. The post US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications appeared first on SecurityWeek .SECURITYWEEK.COM
28 JulFBI: Hackers Use AI for Sextortion, Explosives, Bad WebsitesChina Seeks to Level AI Playing Field by Stealing IP From US, FBI Official Says Adversaries use artificial intelligence to obtain explosives, advance sextortion schemes and propagate malware through malicious websites that appear legitimate. Intelligence officials grapple with em…DATABREACHTODAY.CO.UK
28 JulFriday Squid Blogging: Zaqistan FlagThe fictional nation of Zaqistan (in Utah) has a squid on its flag. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here .SCHNEIER.COM
28 JulWhatsApp’s New Record Feature Lets You Record And Send Short Videos In ChatsBy offering a rapid and secure way to share your voice, audio messaging on WhatsApp revolutionized how people communicate. Now that WhatsApp has introduced instant ‘video messages’, you may record and share short personal videos directly in the chat. This has to be the most signi…GBHACKERS.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
28 JulVulnerabilities Exposed Peloton Treadmills to Malware and Dos AttacksThe Peloton Treadmill operates on the Android 10 operating system, which may be susceptible to over 1100+ potential vulnerabilities from recent years. Additionally, leaving USB debugging enabled could increase the attack surface.HACKREAD.COM
28 JulRelated CherryBlos and FakeTrade Android Malware Involved in Scam CampaignsThe CherryBlos malware steals cryptocurrency wallet credentials and replaces withdrawal addresses, while the FakeTrade malware tricks users into downloading apps that promise increased income but prevent fund withdrawals.TRENDMICRO.COM
28 JulNew Android malware uses OCR to steal credentials from imagesTwo new Android malware families named 'CherryBlos' and 'FakeTrade' were discovered on Google Play, aiming to steal cryptocurrency credentials and funds or conduct scams. [...]BLEEPINGCOMPUTER.COM
28 JulRelated CherryBlos and FakeTrade Android Malware Involved in Scam CampaignsTrend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users.TRENDMICRO.COM
28 JulIs backdoor access oppressive? – Week in security with Tony AnscombeBills granting access to end-to-end encrypted systems, opportunity for cybercriminals, abuse by authority, human rights, and tech companies leaving the UK?WELIVESECURITY.COM
🎙️ PODCASTS 1[−]
28 JulCyber Security Today, July 28, 2023 - At least 8 million Americans hit in the latest MOVEit hack, and moreThis podcast reports on the need to patch MikroTik routers and Ivanti's Endpoint Manager Mobile and moreCYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 6[−]
28 JulShellCode Hidden with Steganography, (Fri, Jul 28th)When&#;x26;#;xc2;&#;x26;#;xa0;hunting, I&#;x26;#;39;m often surprised by the interesting pieces of code that you may discover... Attackers (or pentesters/redteamers) like to share scripts on VT to…ISC.SANS.EDU
28 JulDOD, OMB expect September release of proposed CMMC ruleThe rule has been delayed several times as the DOD revamp its approach, including changing to the longer proposed rule-making process. Originally, the expectation was that CMMC would come out as an interim final rule to be finalized in 60 days.NEXTGOV.COM
28 JulTwitter's rebranding to 'X' triggers Microsoft Edge security alertMicrosoft Edge web browser has been displaying security warnings after Twitter changed its name to 'X'. It's got to do with a security feature dubbed 'Progressive Web App Icon change', designed to keep users safe during app icon or name changes. [...]BLEEPINGCOMPUTER.COM
28 JulEvery Application Journey Needs a Cybersecurity PlatformTaking a Cybersecurity Mesh Platform Approach to Securing Applications Application journeys are fluid in practice because applications can live anywhere. Complex deployments with too many tools to configure and manage and overwhelmed IT teams lead to mistakes, so organizations sh…DATABREACHTODAY.CO.UK
28 JulApple says new App Store API rules will limit user fingerprintingStarting this fall, Apple has announced that developers will be required to provide a reason for using certain APIs that have the potential to collect information from their apps' users. [...]BLEEPINGCOMPUTER.COM
28 JulFlaw in Ninja Forms WordPress plugin allows hackers to steal submitted dataCritical security vulnerabilities in a WordPress plugin used on around 900,000 websites, allow malicious hackers to steal sensitive information entered on forms. Read more in my article on the Hot for Security blog.BITDEFENDER.COM