🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
1 SepHackers Exploit Openfire Vulnerability To Deploy Kinsing MalwareThe Kinsing malware has resurfaced with a new attack method that exploits the Openfire vulnerability tracked as CVE-2023-32315. A path traversal attack caused by this vulnerability allows an unauthorized user access to the Openfire setup environment. Researchers from Aq…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 27[−]
1 SepMashing Enter to bypass Linux full disk encryption with TPM, Clevis, dracut and systemdsubmitted by L4s to secops 1 points | 0 comments https://pulsesecurity.co.nz/advisories/tpm-luks-bypass Mashing Enter to bypass Linux full disk encryption with TPM, Clevis, dracut and systemd::This vulnerability allows a physically-present attacker to control the full disk encryp…PULSESECURITY.CO.NZ
1 SepSapphireStealer: Open-source information stealer enables credential and data theftsubmitted by c0mmando to netsec 1 points | 0 comments https://blog.talosintelligence.com/sapphirestealer-goes-open-source/TALOSINTELLIGENCE.COM
1 SepExploring the traits of effective chief audit executivesChief audit executives (CAEs) have identified risk orientation, stakeholder management, and team leadership as the top three characteristics of the most effective individuals, according to Gartner. In April 2023, Gartner surveyed 114 CAEs across 180 areas to identify the most imp…HELPNETSECURITY.COM
1 SepSelf-introductionsubmitted by Zeroday to cybersecurity 1 points | 1 comments https://zeroday.co.uk/#/ AIAST – An advanced interactive application security testing tool identifying vulnerabilities in both self-developed code and open-source dependencies. Seamlessly integrate into CI/CD and can be …ZERODAY.CO.UK
1 SepMultiple Threats Target Adobe ColdFusion VulnerabilitiesAttackers are using the ColdFusion vulnerability to probe, establish reverse shells, and distribute malware, including XMRig Miner, Satan DDoS/Lucifer, RudeMiner, and BillGates/Setag backdoor.FORTINET.COM
1 SepCybersecurity startups to watch for in 2023The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovate faster because they are unfettered by an installed base. The downside, of…CSOONLINE.COM
1 SepCyber Security Today, Sept. 1, 2023 - Celebrate Women in Cyber SecurityThis episode reports on more bad packages in open-source repositories, and why you shouldn't play the date gameCYBERSECURITYTODAY.LIBSYN.COM
1 SepSourcegraph Discloses Data Breach Following Access Token LeakSourcegraph says customer information was breached after an engineer accidentally leaked an admin access token. The post Sourcegraph Discloses Data Breach Following Access Token Leak appeared first on SecurityWeek .SECURITYWEEK.COM
1 SepRussian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian MilitaryCybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to …THEHACKERNEWS.COM
1 SepIt's a Zero-day? It's Malware? No! It's Username and PasswordAs cyber threats continue to evolve, adversaries are deploying a range of tools to breach security defenses and compromise sensitive data. Surprisingly, one of the most potent weapons in their arsenal is not malicious code but simply stolen or weak usernames and passwords. This a…THEHACKERNEWS.COM
1 SepOpen-Source Information Stealer 'SapphireStealer' Enables Credential and Data TheftMultiple actors are using SapphireStealer, modifying and improving the original code to create several variants. The malware is often delivered through multi-stage infection processes, with attackers using open-source loaders like FUD-Loader.TALOSINTELLIGENCE.COM
1 SepIndustry Reactions to Qakbot Botnet Disruption: Feedback FridayIndustry professionals comment on the law enforcement operation targeting the Qakbot botnet and its implications. The post Industry Reactions to Qakbot Botnet Disruption: Feedback Friday appeared first on SecurityWeek .SECURITYWEEK.COM
1 SepThreat Actors Adopt, Modify Open Source ‘SapphireStealer’ Information StealerCisco has observed multiple threat actors adopting the SapphireStealer information stealer after its source code was released on GitHub. The post Threat Actors Adopt, Modify Open Source ‘SapphireStealer’ Information Stealer appeared first on SecurityWeek .SECURITYWEEK.COM
1 SepSpyware Vendor HackedA Brazilian spyware app vendor was hacked by activists: In an undated note seen by TechCrunch, the unnamed hackers described how they found and exploited several security vulnerabilities that allowed them to compromise WebDetetive’s servers and access its user databases. By explo…SCHNEIER.COM
1 SepRussian GRU Hacking Tools Dubbed 'Infamous Chisel' Targeting Ukrainian Military DevicesWestern intelligence and cybersecurity agencies published a report on Thursday highlighting a collection of hacking tools being used by Russia’s military intelligence service against Android devices operated by the Ukrainian Armed Forces.THERECORD.MEDIA
1 SepHow the FBI took down the notorious Qakbot botnetA global law enforcement operation this week took down and dismantled the notorious Qakbot botnet, touted as the largest U.S.-led financial and technical disruption of a botnet infrastructure. Qakbot is a banking trojan that became infamous for providing an initial foothold on a …TECHCRUNCH.COM
1 SepExperts Urge Immediate Juniper Firewall and Switch PatchingAttackers Actively Attempting to Chain Vulnerabilities for Remote Code Execution Security experts are warning organizations with Juniper Networks SRX firewalls and EX switches to update them immediately to patch multiple vulnerabilities attackers have been targeting to remotely e…DATABREACHTODAY.CO.UK
1 SepVMware Releases Security Update for ToolsVMware has released a security update to address a vulnerability in VMware Tools. A cyber threat actor can exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0019 and apply the necessar…CISA.GOV
1 SepHacker group compromises MSSQL servers to deploy FreeWorld ransomwarePoorly secured Microsoft SQL (MSSQL) servers have become a favorite target for many groups of attackers including ransomware gangs. In a recent attack campaign dubbed DB#JAMMER hackers used brute-force attacks to compromise MSSQL servers and deploy Cobalt Strike and a variant of …CSOONLINE.COM
1 SepSecure the Cloud and See ROI, Attack Your Way to Accurate Answers - ESW #330In this interview, Raghu discusses the specific challenges in securing the cloud and how to overcome them. He shares how to make your life easier by making security a team sport, how to gain the visibility you need across clouds, data centers, and endpoints, and how to get a retu…YOUTUBE.COM
1 SepThreat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld RansomwareThreat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain called FreeWorld. Cybersecurity firm Securonix, which has dubbed the campaign DB#JAMMER, said it stands out for the way the toolset and infrastructure is em…THEHACKERNEWS.COM
1 SepForever 21 Systems Hacked: 500,000+ Users AffectedIn a recent development, Forever 21 disclosed a cyber incident that came to light on March 20, 2023, affecting a limited number of its systems. Forever 21 is a multinational fast fashion retailer headquartered in Los Angeles, California, United States. Originally founded as…GBHACKERS.COM
1 SepSourcegraph Discloses Data Breach Following Access Token LeakAccording to the platform, the admin access token used in the attack was leaked in a July 14 commit that passed internal code analysis tools. The token “had broad privileges to view and modify account information on Sourcegraph.com”.SECURITYWEEK.COM
1 SepMicrosoft reminds of Windows 11 21H2 forced updates before end of serviceMicrosoft has reminded customers that systems running Windows 11 21H2 will be force-updated before reaching the end of servicing next month. [...]BLEEPINGCOMPUTER.COM
1 Sep'Earth Estries' APT Hackers Are Cyberespionage ProsTrend Micro Calls the Group Well-Resourced and Sophisticated A cyberespionage campaign by a well-funded but lesser-known hacking group is using previously unknown backdoors to hack government agencies and tech companies. The group, dubbed Earth Estries by Trend Micro, appears wel…DATABREACHTODAY.CO.UK
1 SepExploit released for critical VMware SSH auth bypass vulnerabilityProof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool (formerly known as vRealize Network Insight). [...]BLEEPINGCOMPUTER.COM
1 SepExploit Code Published for Critical-Severity VMware Security DefectExploit code and root-cause analysis released by SinSinology documents the problem as a case where VMWare “forgot to regenerate” SSH keys. The post Exploit Code Published for Critical-Severity VMware Security Defect appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 3[−]
1 SepRevisiting 16shop Phishing Kit, Trend-Interpol PartnershipIn this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign.TRENDMICRO.COM
1 SepRising Cyber Incidents Challenge Healthcare OrganizationsHealthcare organizations are facing many cybersecurity challenges that require them to increasingly prioritize cybersecurity and compliance, according to a report by Claroty.HELPNETSECURITY.COM
🔥 INCIDENT REPORTING 15[−]
1 SepParamount Pictures data breach exposes personal dataThe personal data accessed includes names, dates of birth and Social Security NumbersCSHUB.COM
1 SepNew Targeted Smishing Campaign Attacking the US Citizens to Steal Payment DataSmishing is a type of cyberattack in which attackers use SMS (text messages) to trick individuals into revealing the following type of Personal and financial data or information:- In attacks like this, threat actors mimic government, bank, or postal agencies like USPS to seem leg…GBHACKERS.COM
1 SepPrime Therapeutics LLC (Prime)/Magellan Rx Issues Notification of Data Security IncidentOn July 11, 2023, Prime became aware that an unauthorized actor obtained access to an employee's mobile email account containing documents that included members' PHI, including name, address, date of birth, member ID number, and medication(s).FINANCE.YAHOO.COM
1 SepHow Ducktail capitalizes on compromised business, ad accountsQuite some money can be made from selling compromised business and ad accounts on social media platforms, and the Ducktail threat actor has specialized in just that. “We observed that an account deemed ‘low-grade’ sells for around 350,000 Vietnamese dong (~$15 U…HELPNETSECURITY.COM
1 SepUpdate: ALPHV Group Takes Credit for Ransomware Attack on Georgia CountyForsyth County officials had acknowledged an attack in June, but offered few details about what happened. On Tuesday, AlphV took credit for the attack and added the county to its leak site, threatening to expose 350GB of allegedly stolen data.THERECORD.MEDIA
1 SepGolf gear giant Callaway data breach exposes info of 1.1 millionTopgolf Callaway (Callaway) suffered a data breach at the start of August, which exposed the sensitive personal and account data of more than a million customers. [...]BLEEPINGCOMPUTER.COM
1 SepFree Decryptor Available for ‘Key Group’ RansomwareEclecticIQ has released a free decryption tool to help victims of the Key Group ransomware recover their data without paying a ransom. The post Free Decryptor Available for ‘Key Group’ Ransomware appeared first on SecurityWeek .SECURITYWEEK.COM
1 SepIntroducing the Sophos Incident Response Services RetainerAn elite team of incident response experts on standby to get you back to business quickly in the event of a breach.SOPHOS.COM
1 SepCyberattacks Targeting Government Agencies and Institutions Increases in Q2 by 40%New data shows a massive uptick in attacks across all industries, but a particularly worrisome growth in interest in targeting the public sector – and the indicators of who’s responsible may surprise you.KNOWBE4.COM
1 SepNew “Early Warning” System in the U.K. Tips Off Ransomware TargetsBritish Intelligence has come up with a potentially very effective means to disrupt ransomware attacks, but there seems to still be a few kinks in the system.KNOWBE4.COM
1 SepFunding, SentinelOne/Wiz rumors, Layoffs, NordVPN's skunkworks, ChatGPT Enterprise - ESW #330There's still serious, late stage funding for compelling tech in cybersecurity, SpyCloud proves with it's $110M Series D. We discuss the SentinelOne/Wiz merger rumors. Sadly layoffs and even company failures are still occurring, thought Tyler thinks the market downturn is close t…YOUTUBE.COM
1 SepFree Decryptor Available for ‘Key Group’ RansomwareAlso known as keygroup777, Key Group is a Russian-speaking cybercrime actor known for selling personally identifiable information (PII) and access to compromised devices, as well as extorting victims for money.SECURITYWEEK.COM
1 SepLogicMonitor Customers Hit by Hackers Due to Weak Default PasswordsSome customers of the network security company LogicMonitor have been hacked due to the use of default passwords, TechCrunch has learned. A LogicMonitor spokesperson confirmed “a security incident” affecting some of the company’s customers.TECHCRUNCH.COM
1 SepData Breach Could Affect More Than 100,000 in Pima CountyMore than 100,000 Pima County residents could be affected by a nationwide data breach that affected the company that handled COVID-19 case investigations and contact tracing here, officials say.TUCSON.COM
1 SepGolf Gear Giant Callaway Data Breach Exposes Info of 1.1 MillionTopgolf Callaway (Callaway) suffered a data breach at the start of August, which exposed the sensitive personal and account data of more than a million customers. Callaway is an American golf equipment maker and seller.BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 20[−]
1 SepPotential Weaponizing of Honeypot Logs [Guest Diary], (Thu, Aug 31st)[This is a Guest Diary by James Turner, an ISC intern as part of the SANS.edu BACS program]
ISC.SANS.EDU
1 SepBadBazaar espionage tool targets Android users via trojanized Signal and Telegram appssubmitted by c0mmando to netsec 2 points | 0 comments https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/WELIVESECURITY.COM
1 SepISC Stormcast For Friday, September 1st, 2023 https://isc.sans.edu/podcastdetail/8642, (Fri, Sep 1st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
1 SepUnderstand the fine print of your cyber insurance policiesA significant gap is emerging between insurance providers, as organizations skip the fine print and seek affordable and comprehensive coverage, potentially putting them in a tough place when they need to use this safety net, according to a Delinea report. The report found that th…HELPNETSECURITY.COM
1 SepCybercriminals use research contests to create new attack methodsAdversary-sponsored research contests on cybercriminal forums focus on new methods of attack and evasion, according to Sophos. The contests mirror legitimate security conference ‘Call For Papers’ and provide the winners considerable financial rewards and recognition from peers an…HELPNETSECURITY.COM
1 SepNew infosec products of the week: September 1, 2023Here’s a look at the most interesting products from the past week, featuring releases from Ciphertex Data Security, ComplyCube, Fortinet, and MixMode. Ciphertex strengthens data security with SecureNAS CX-160KSSD-X The SecureNAS CX-160KSSD-X storage unit is powered by an Intel Xe…HELPNETSECURITY.COM
1 SepOver $1 Million Offered at New Pwn2Own Automotive Hacking ContestZDI is offering more than $1 million at the Pwn2Own Automotive hacking contest, hosted in January at the Automotive World conference in Tokyo. The post Over $1 Million Offered at New Pwn2Own Automotive Hacking Contest appeared first on SecurityWeek .SECURITYWEEK.COM
1 SepBadBazaar Malware Attacking Android Users via Weaponized Telegram & Signal AppsThe Android BadBazaar malware is being distributed through the Google Play store, Samsung Galaxy Store, and dedicated websites mimicimg Signal Plus Messenger and FlyGram malicious applications. These active campaigns are connected to the China-aligned APT…GBHACKERS.COM
1 SepElon Musk Says X, Formerly Twitter, Will Have Voice and Video Calls, Updates Privacy PolicyTwitter has updated its privacy policies, which will allow for the collection of biometric data and employment history, among other information. The post Elon Musk Says X, Formerly Twitter, Will Have Voice and Video Calls, Updates Privacy Policy appeared first on SecurityWeek .SECURITYWEEK.COM
1 SepYou Asked and Here It Is! KnowBe4's New Content Manager Feature is UnveiledWe heard you, and we're thrilled to tell you about the all-new Content Manager feature for KMSAT!KNOWBE4.COM
1 SepIn Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPsWeekly cybersecurity news roundup providing a summary of noteworthy stories that might have slipped under the radar. The post In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs appeared first on SecurityWeek .SECURITYWEEK.COM
1 SepNearly One-Quarter of Financial-Themed Spam Emails are Phishing AttacksWhile spam tends to be dismissed as being more an annoyance, new research shows that there is a very real and ever-present threat in emails that are marked as “spam”.KNOWBE4.COM
1 SepNew Adversary in the Middle Platform Circumvents MFA Protections “At Scale”As Phishing as a Service (PhaaS) kits continue to evolve, news like recent attacks using the Greatness toolkit demonstrate how easy it is for novice attackers to access accounts despite multi-factor authentication (MFA) being enabled.KNOWBE4.COM
1 SepThreats of Today & Post-Quantum Future: Optimal Zero Trust Framework RoadmapRoadmap to optimal zero trust.DATABREACHTODAY.CO.UK
1 SepAI cars, Sandstorm, BGP, Earth Estries, DOE, Aria, Aaran Leyland and More - SWN #323AI vs. Hunter Thompson, Sandstorm, BGP, Earth Estries, DOE, VMWare Aria, Key Group, DSA, Aaran Leyland, and More on this edition of the Security Weekly News. →Subscribe to our podcasts: https://securityweekly.com/subscribe →Join our community Discord: https://securityweekly.com/d…YOUTUBE.COM
1 SepGamaredon Hackers Amplified Hacks Amid Kyiv CounteroffensiveThe FSB-Linked Group Is Growing in Sophistication, Say Ukrainian Cyber Defenders A hacking group linked to Russian domestic intelligence agency the FSB has intensified attacks in tandem with a Ukrainian military push to expel Russian invaders, say Kyiv cyber defenders. Gamaredon …DATABREACHTODAY.CO.UK
1 SepISMG Editors: Identity Security SpecialIdentity Security Expert Jeremy Grant on AI and Digital Identity Risks In the latest weekly update, Jeremy Grant of Venable joins three ISMG editors to discuss why the U.S. government is taking a back seat on digital identity issues, the risks of artificial intelligence, and take…DATABREACHTODAY.CO.UK
1 SepFriday Squid Blogging: We’re Genetically Engineering Squid NowIs this a good idea? The transparent squid is a genetically altered version of the hummingbird bobtail squid , a species usually found in the tropical waters from Indonesia to China and Japan. It’s typically smaller than a thumb and shaped like a dumpling. And like other ce…SCHNEIER.COM
1 SepUK Cyber Agency Warns of Prompt Injection Attacks in AIHackers Can Deploy Prompt Injection Attacks to Gain Access to Confidential Data Threat actors are manipulating the technology behind large language model chatbots to access confidential information, generate offensive content and "trigger unintended consequences," warns the U.K. …DATABREACHTODAY.CO.UK
1 SepTech Companies on Precipice of UK Online Safety BillBill 'Poses a serious threat' to end-to-end encryption, Apple Says U.S. tech companies are stepping up warnings to British lawmakers over a government proposal they say will fatally weaken security and privacy protections for users. The House of Lords is set to return the bill to…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 3[−]
1 SepPeeling Back the Layers of RemcosRAT MalwareThe Remcos RAT utilizes complex obfuscation techniques to evade detection and deliver a sophisticated remote access payload. It has multiple stages of execution, including VBS and PowerShell scripts, to download and execute the final payload.MCAFEE.COM
1 SepNew SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean ActivistsA new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear. The intrusion singled out an unnamed activist, who was contacted in late August 2023 and received a malicious LNK file from an add…THEHACKERNEWS.COM
1 SepNew SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean ActivistsThe intrusion singled out an unnamed activist, who was contacted in late August 2023 and received a malicious LNK file from an address impersonating a member of the organization, non-profit entity Interlabs said in a new report.THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
1 SepCyber Security Today, Week in Review for the week ending Sept. 1, 2023This episode features discussion on International Women in Cybersecurity Day, a Canadian cybercrime report, the takedown of the Quakbot bot and the attacks on Barracuda Networks' ESG email gatewaysCYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 11[−]
1 SepClassiscam Scam-as-a-Service Raked $64.5 Million During the COVID-19 PandemicThe Classiscam scam-as-a-service program has reaped the criminal actors $64.5 million in illicit earnings since its emergence in 2019. "Classiscam campaigns initially started out on classified sites, on which scammers placed fake advertisements and used social engineering techniq…THEHACKERNEWS.COM
1 Sep"Smishing Triad" Targeted USPS and US Citizens for Data TheftThe campaign, conducted by a group called "Smishing Triad," impersonates various postal services and government agencies to deceive victims into providing personal and financial information.RESECURITY.COM
1 SepWhat OSINT is, and why it’s dangerous | Kaspersky official blogWhat’s the danger in OSINT, and how to protect your company against attackers using it.KASPERSKY.COM
1 SepDiscover the latest innovations in Sophos EndpointConstant innovation that drives business value is at the heart of Sophos Endpoint. Read on to discover the latest enhancements that reduce cyber risk and accelerate strategic focus.SOPHOS.COM
1 SepLidl recalls Paw Patrol snacks after website on packaging displayed pornSupermarket giant Lidl has issued a recall of Paw Patrol snacks after the website listed on the products’ packaging began displaying explicit content unsuitable for children. Lidl, which operates more than 12,000 stores globally, is urging shoppers in the United Kingdom to …TECHCRUNCH.COM
1 SepClassiscam Scam-as-a-Service Raked in $64.5 Million During the COVID-19 PandemicAmong the methods employed by cybercriminals to carry out the scheme is to trick users into buying falsely-advertised goods or services via social engineering schemes and directing potential victims to the automatically generated phishing sites.THEHACKERNEWS.COM
1 SepWhy is .US Being Used to Phish So Many of Us?Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Als…KREBSONSECURITY.COM
1 SepMicrosoft retires Visual Studio for Mac, support ends in a yearMicrosoft has announced it is retiring Visual Studio for Mac and that support for the latest version, 17.6, will continue for another year, until August 31, 2024. [...]BLEEPINGCOMPUTER.COM
1 SepThreat Modeling Essentials for Generative AI in HealthcareIt's critical for healthcare sector entities considering - or already using - generative AI applications to create an extensive threat modeling infrastructure and understand all attack vectors, said Mervyn Chapman, principal consultant at consulting and managed services firm Ahea…DATABREACHTODAY.CO.UK
1 SepQakbot Takedown: The Road Ahead is Long and WindingA long and challenging journey against cybercrime around the worldTRENDMICRO.COM
1 SepMicrosoft is killing WordPad in Windows after 28 yearsMicrosoft announced today that it will deprecate WordPad with a future Windows update as it's no longer under active development, though the company did not specify the precise timing of this change. [...]BLEEPINGCOMPUTER.COM