⚠️ VULNERABILITY DISCLOSURE 6[−]
19 AugCyber Criminals Exploiting Google Drive, OneDrive to Hide Malicious TrafficThreat actors are actively modifying their TTPs to counter the advanced security mechanisms and tools to accomplish their illicit goals for several malicious purposes. Hiding malicious traffic in cloud storage platforms is not a new concept completely, and it seems that threat ac…GBHACKERS.COM
19 AugWinRAR Flaw Lets Hackers Run Programs When You Open RAR ArchivesA high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can execute commands on a computer simply by opening an archive.BLEEPINGCOMPUTER.COM
19 AugUpdate: Companies Respond to ‘Downfall’ Intel CPU VulnerabilityAWS said its customers’ data and cloud instances are not affected by Downfall and no action is required. The cloud giant did note that it has “designed and implemented its infrastructure with protections against this class of issues”.SECURITYWEEK.COM
19 AugNew Juniper Junos OS Flaws Expose Devices to Remote Attacks - Patch NowNetworking hardware company Juniper Networks has released an "out-of-cycle" security update to address multiple flaws in the J-Web component of Junos OS that could be combined to achieve remote code execution on susceptible installations. The four vulnerabilities have a cumulativ…THEHACKERNEWS.COM
19 AugMultiple Vulnerabilities in Junos OS Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in Junos OS, which. when chained together. could allow for remote code execution. Junos OS is an operating system that runs across all Juniper routing, switching, and security infrastructure. Successful chain exploitation of these vul…CISECURITY.ORG
19 AugCuba Ransomware Deploys New Tools to Target U.S. Critical Infrastructure Sector and IT Integrator in Latin AmericaThe group's toolkit includes custom and off-the-shelf parts, such as the BUGHATCH downloader and the Metasploit framework. The attacks often start with the compromise of valid credentials through a credentials reuse scheme or vulnerability exploits.BLOGS.BLACKBERRY.COM
🔥 INCIDENT REPORTING 6[−]
19 AugUpdate: Man Arrested in Northern Ireland Police Data LeakThe unnamed man was questioned by detectives who were said to be "investigating criminality linked to last week's freedom of information data breach," but has now been released on bail to allow for further inquiries, the PSNI stated.THEREGISTER.COM
19 AugRansomware Gang Threatens Raleigh Housing Authority Months After Devastating AttackA ransomware gang has started posting sensitive personal information connected to a devastating attack on the Raleigh Housing Authority (RHA) that disrupted the organization for weeks in May.THERECORD.MEDIA
19 AugIllinois Hospital Notifies Patients, Employees of Data Breach After Royal Gang PostingIn late May, reports said the Royal ransomware gang had posted data from the organization on its leak site. As of May 23, the hospital had said it was still investigating the incident.THERECORD.MEDIA
19 AugWoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support ScamsCybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that's engineered to conduct tech support scams. The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, l…THEHACKERNEWS.COM
19 AugGermany’s National Bar Association Investigating Ransomware AttackThe German Federal Bar (BRAK) Association discovered the attack on August 2. The group is an umbrella organization overseeing 28 regional bars across Germany and representing about 166,000 lawyers nationally and internationally.THERECORD.MEDIA
19 AugNew BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Toolssubmitted by Lanky_Pomegranate530 to cybersecurity -21 points | 0 comments https://thehackernews.com/2023/08/new-blackcat-ransomware-variant-adopts.html?m=1THEHACKERNEWS.COM
🕵️ THREAT INTELLIGENCE 5[−]
19 AugThousands of Android Malware Apps Using Stealthy APK Compression to Evade DetectionThreat actors are using Android Package (APK) files with unknown or unsupported compression methods to elude malware analysis. That's according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples…THEHACKERNEWS.COM
19 Aug10 Best Linux Distributions In 2023The Linux Distros is generally acknowledged as the third of the holy triplet of PC programs, along with Windows and macOS. Here we have provided you with a top 10 best Linux distros in 2023 for all professionals. Hence Linux can be defined as the most rebellious among the three, …GBHACKERS.COM
19 AugForeign Intelligence Entities Eyeing US Space AgenciesChina, Russia Are Leading Foreign Intelligence Threats to the U.S. Space Industry U.S. intelligence agencies are warning about unnamed foreign intelligence entities targeting the private space sector to steal sensitive data related to satellite payloads and disrupting and degradi…DATABREACHTODAY.CO.UK
19 AugHackers use VPN provider's code certificate to sign malwareThe China-aligned APT (advanced persistent threat) group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the Ivacy VPN provider. [...]BLEEPINGCOMPUTER.COM
19 AugSearch Engines for Researcherssubmitted by L4s to secops 2 points | 0 comments https://docs.google.com/spreadsheets/d/1n8pdECu4ucPUay2q1iJ98CI2BT-89nqjpzBVuyRZ0K8/ Search Engines for Researchers::undefinedDOCS.GOOGLE.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
19 AugRust devs push back as Serde project ships precompiled binariesSerde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary. This has generated a fair amount of concern among some developers who highlight the future legal and technical issues this may pose, along with a potential for sup…BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 1[−]
19 AugCellebrite asks cops to keep its phone hacking tech ‘hush hush’For years, cops and other government authorities all over the world have been using phone hacking technology provided by Cellebrite to unlock phones and obtain the data within. And the company has been keen on keeping the use of its technology “hush hush.” As part of the deal wit…TECHCRUNCH.COM