🚨 CISA KEV 1[−]
2 Jan KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-7024 Google Chromium WebRTC Heap Buffer Overflow Vulnerability CVE-2023-7101 Spreadsheet::ParseExcel Remote Code Execution Vulnerability Thes…CISA.GOV
⚠️ VULNERABILITY DISCLOSURE 15[−]
2 Jan650,000+ Malicious Domains Registered Resembling ChatGPTHackers abuse the ChatGPT name for malicious domains to exploit the credibility associated with the ChatGPT model, deceiving users into trusting fraudulent websites. Leveraging the model’s reputation enables them to trick individuals into:- H2 2023’s ransomware …GBHACKERS.COM
2 JanEssential skills for today’s threat analystsSkilled threat hunters can play a dual role for organizations, hunting for threat actors as well as ensuring budget is directed at tools and technology that will bolster the hunting capabilities, according to the SANS 2023 Threat Hunting survey . However, a lack of skilled staff …CSOONLINE.COM
2 Jan141: The Pig ButcherThe #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and co…DARKNETDIARIES.COM
2 JanMisconfigurations in Google Kubernetes Engine (GKE) Lead to a Privilege Escalation Exploit ChainA dual privilege escalation chain in Google Kubernetes Engine (GKE) and Anthos Service Mesh (ASM) allowed attackers to gain complete control over Kubernetes clusters, highlighting the importance of regular updates and proactive security measures.SOCRADAR.IO
2 Jan10 Most Common Types of Cyber Attacks in 2023Cyber attacks are evolving rapidly with advancements in technology, as threat actors exploit new vulnerabilities in:- The rise of the following sophisticated techniques demonstrates a growing level of complexity:- Moreover, the expansion of Internet of Things (IoT) devices provid…GBHACKERS.COM
2 JanHospitals Ask Courts to Force Cloud Storage Firm to Return Stolen DataTwo New York hospitals are seeking a court order to retrieve stolen data stored on a cloud storage company's servers after a ransomware attack. The stolen data includes sensitive information such as patients' personal and health information.BLEEPINGCOMPUTER.COM
2 JanGoogle Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode'Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the “incognito” or “private” mode on web browsers. The class-actio…THEHACKERNEWS.COM
2 JanMalware Abuses Google OAuth Endpoint to ‘Revive’ Cookies, Hijack AccountsMultiple information-stealing malware families are exploiting an undocumented Google OAuth endpoint called "MultiLogin" to restore expired authentication cookies and gain unauthorized access to users' accounts.BLEEPINGCOMPUTER.COM
2 JanZeppelin2 Ransomware Builder for Sale on Dark WebA user on an underground forum is promoting the sale of Zeppelin2 ransomware, offering its source code and a cracked version of its builder tool. Zeppelin2 has been used since 2019, targeting various sectors including healthcare and technology.THECYBEREXPRESS.COM
2 JanBPF Memory Forensics with Volatility 3submitted by L4s to secops 1 points | 0 comments https://lolcads.github.io/posts/2023/12/bpf_memory_forensics_with_volatility3/ BPF Memory Forensics with Volatility 3::BPF Memory Forensics with Volatility 3 Introduction and Motivation Have you ever wondered how an eBPF rootkit lo…LOLCADS.GITHUB.IO
2 JanNew Black Basta Decryptor Exploits Ransomware Flaw to Recover FilesWhile the decryptor only works on older versions of Black Basta and has been patched in newer attacks, it provides hope for victims who were affected between November 2022 and the recent bug fix.BLEEPINGCOMPUTER.COM
2 JanFree Decryptor Released for Black Basta RansomwareA vulnerability in Black Basta ransomware’s encryption algorithm allows researchers to create a free decryptor. The post Free Decryptor Released for Black Basta Ransomware appeared first on SecurityWeek .SECURITYWEEK.COM
2 JanJuniper Releases Security Advisory for Juniper Secure AnalyticsJuniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure Analytics. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper advis…CISA.GOV
2 JanOnline museum collections down after cyberattack on service providerMuseum software solutions provider Gallery Systems has disclosed that its ongoing IT outages were caused by a ransomware attack last week. [...]BLEEPINGCOMPUTER.COM
2 JanEuropean Central Bank to Put Banks Through Cyber Stress Test109 Banks to Participate in Simulated Cyberattacks to Assess Cyber Resiliency The European Central Bank beginning this month will conduct cyber stress tests on banks to determine their resilience against cyberattacks. The agency is requiring 109 banks in Europe to perform vulnera…DATABREACHTODAY.CO.UK
📢 SECURITY ADVISORIES 2[−]
2 JanTikTok Editorial AnalysisTikTok seems to be skewing things in the interests of the Chinese Communist Party. (This is a serious analysis, and the methodology looks sound.) Conclusion: Substantial Differences in Hashtag Ratios Raise Concerns about TikTok’s Impartiality Given the research above, we as…SCHNEIER.COM
🔥 INCIDENT REPORTING 15[−]
2 JanCybercriminals Launched ‘Leaksmas’ Event in the Dark Web Exposing Massive Volumes of Leaked PII and Compromised DataOn Christmas Eve, multiple threat actors released substantial data leaks, potentially causing significant financial damage and adverse effects such as identity theft and fraud globally.SECURITYAFFAIRS.COM
2 JanPro-Palestinian Operation Claims Dozens of Data Breaches Against Israeli FirmsPro-Palestinian hackers belonging to the group Cyber Toufan have successfully breached and leaked data from numerous Israeli entities, including foreign companies doing business with Israel.THERECORD.MEDIA
2 JanHackers Attack UK’s Nuclear Waste Services Through LinkedInThe United Kingdom's Radioactive Waste Management (RWM) company recently experienced a cyberattack attempt through LinkedIn. Although the attack was unsuccessful, concerns have been raised about the security of critical nuclear infrastructure.HACKREAD.COM
2 JanCactus Ransomware Gang Hit the Swedish Retail and Grocery Provider CoopThe Cactus ransomware group has claimed to have hacked Coop, one of the largest retail and grocery providers in Sweden. They are threatening to release a large amount of personal information.SECURITYAFFAIRS.COM
2 JanNew DLL Hijacking Technique Let Attackers Bypass Windows Security MechanismsDLL hijacking is a technique where a malicious DLL (Dynamic Link Library) is placed in a directory that a vulnerable application searches before the legitimate one. When the application is launched, it unknowingly loads the malicious DLL instead, allowing attackers to:- Rec…GBHACKERS.COM
2 JanInc Ransom Ransomware Gang Claims to Have Breached Xerox CorpThe Inc Ransom ransomware group has published several documents, including emails and an invoice, as proof of the hack. It is unclear how much data has been stolen from Xerox Corp.SECURITYAFFAIRS.COM
2 JanVictoria court recordings exposed in reported ransomware attackAustralia's Court Services Victoria (CSV) is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack. [...]BLEEPINGCOMPUTER.COM
2 JanXerox says subsidiary XBS U.S. breached after ransomware gang leaks dataThe U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers, and a limited amount of personal information might have been exposed, according to an announcement by the parent company, Xerox Corporation. [...]BLEEPINGCOMPUTER.COM
2 JanAustralian Court Service Hacked, Hearing Recordings at RiskThe Court Services Victoria (CSV) took immediate action to isolate and disable the affected network, but recordings from November 1 to December 21, 2023, may have been accessed.INFOSECURITY-MAGAZINE.COM
2 JanAPI Security Trends: Collaborative Strategies for LeadersForrester's Sandy Carielli Shares Highlights From API Security Report Forrester analyst Sandy Carielli highlights key API security aspects in Forrester's report titled The Eight Components of API Security," which covers governance, discovery, testing, authentication and protectio…DATABREACHTODAY.CO.UK
2 JanLockBit 3.0 Claims Attack on Australian Auto Dealer EagersEagers Says It Doesn't Know Full Extent of Hack But Has Started Contacting Victims Brisbane-based retail group Eagers Automotive is investigating a cyberattack that disrupted parts of its regional operations and compromised the personal information of some of its customers. Eager…DATABREACHTODAY.CO.UK
2 JanMerry 'Leaksmas'! Hackers Give Away 50 Million Pieces of PIIHoliday Leaks Could Result in More Digital Identity Theft and Fraud, Report Warns Hackers celebrated the year-end holidays with a malicious "Free Leaksmas" posting on the dark web, releasing 50 million stolen consumer records, including credit card information. Researchers said t…DATABREACHTODAY.CO.UK
2 JanOrbit Chain loses $86 million in the last fintech hack of 2023Orbit Chain has experienced a security breach that has resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin. [...]BLEEPINGCOMPUTER.COM
2 JanStates and Congress Wrestle With Cybersecurity After Iran Attacks Small Town Water UtilitiesThe hacking of a municipal water plant is prompting new warnings from U.S. security officials at a time when governments are wrestling with how to harden water utilities against cyberattacks. The post States and Congress Wrestle With Cybersecurity After Iran Attacks Small Town Wa…SECURITYWEEK.COM
🕵️ THREAT INTELLIGENCE 15[−]
2 JanWeaponization of AI: The New Ethics of Cyber Warsubmitted by UBER_GheistXL to cybersecurity 1 points | 0 comments https://youtu.be/jTwCGKQv2SI?si=9-J846ofz_X8qzkfYOUTU.BE
2 JanISC Stormcast For Tuesday, January 2nd, 2024 https://isc.sans.edu/podcastdetail/8792, (Tue, Jan 2nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
2 JanMultiple Flaws in Google Kubernetes Engine Let Attackers Escalate PrivilegesGoogle Kubernetes Engine (GEK) has been detected with two flaws that a threat actor can utilize to create significant damage in case the threat actor already has access inside the Kubernetes cluster. The first issue was associated with FluentBit with default configuration. Fluent…GBHACKERS.COM
2 JanVirginia’s Fairfax Schools Urged to Toughen Privacy Safeguards After Data Probesubmitted by jyunwai to cybersecurity 1 points | 0 comments https://www.the74million.org/article/fairfax-district-urged-to-clean-up-student-privacy-protections/THE74MILLION.ORG
2 JanNew DLL Search Order Hijacking Technique Targets WinSxS folderAttackers can abuse a new DLL search order hijacking technique to execute code in applications within the WinSxS folder. The post New DLL Search Order Hijacking Technique Targets WinSxS folder appeared first on SecurityWeek .SECURITYWEEK.COM
2 JanWhy Don’t We Care About Identity Security? - Don Baham - CSP #155Identity & Access Management - Why do organizations still insist that provisioning/deprovisioning is an IT function? Effective IAM requires collaboration across the business units and responsibilities for multiple departments. Join us as we discuss IAM and some of the challenges …YOUTUBE.COM
2 JanNew Year's Resolution - SWN VaultI know, you thought we were going to renounce cigars, bourbon, and overeating, but wrong. This show is all about security. So, while we join the thousands who are walking off the pounds during their soon-to-be last visit to our new gym, join us as we provide you with something th…YOUTUBE.COM
2 JanUSENIX Security '23 - 422 talkssubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/0f026788-f940-4764-8e9e-5a56e93b0371.png USENIX Security '23 Technical Sessions USENIX Security '23 playlistINFOSEC.PUB
2 JanGUEST ESSAY: Leveraging DevSecOps to quell cyber risks in a teeming threat landscapeIn today’s digital landscape, organizations face numerous challenges when it comes to mitigating cyber risks. Related: How AI is transforming DevOps The constant evolution of technology, increased connectivity, and sophisticated cyber threats pose significant challenges to …LASTWATCHDOG.COM
2 JanHacktivists Shut Down Top State-Owned Belarusian News AgencyBelarusian Cyber-Partisans Claim New Year's Weekend Attack Wiped Servers, Backups Over the New Year's holiday weekend, Belarusian hacktivists shut down the country's leading state-owned media outlet, claiming they had wiped the main website servers and backups of BelTA. The group…DATABREACHTODAY.CO.UK
2 JanA Dream Team Security Awareness Training Program?Every person and organization is different and requires slightly different methods and ways of learning. But every person and organization can benefit by more frequent security awareness training (SAT).KNOWBE4.COM
2 Jan[Security Masterminds] Beyond the Technical: Cultivating Empathy in CybersecurityCybersecurity exists to protect people and their information. In our recent discussion on Security Masterminds, Julie provided unique insights on putting people at the center of cybersecurity.KNOWBE4.COM
2 JanAre Security Appliances fit for Purpose in a Decentralized Workplace?Security appliances are amongst the most riskiest enterprise devices and are a often method for threat actors to infiltrate a business. The post Are Security Appliances fit for Purpose in a Decentralized Workplace? appeared first on SecurityWeek .SECURITYWEEK.COM
2 JanFingerprinting SSH Identification Strings, (Tue, Jan 2nd)For HTTP, logging and fingerprinting browser user agents is standard practice. Many anti-automation tricks use the user agent and compare it to other browser artifacts, for example, supported JavaScript APIs, to detect bots. SSH offers an "identification string" with a format man…ISC.SANS.EDU
2 JanState AG Hits Hospital With $300K Fine for Web Tracker UseNewYork-Presbyterian Disabled Website, Patient Portal Trackers in 2022 State regulators fined a New York hospital $300,000 to settle privacy violations related to the organization's prior use of tracking tools in its websites and patient portal. Regulators said the hospital viola…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 1[−]
2 JanNew JinxLoader Targeting Users with Formbook and XLoader MalwareThe malware is distributed through phishing emails impersonating Abu Dhabi National Oil Company (ADNOC) and drops the JinxLoader executable upon opening password-protected RAR archive attachments.THEHACKERNEWS.COM
📡 INFOSEC NEWS 14[−]
2 JanClash of Clans Gamers at Risk While Using Third-Party AppA third-party app called Clash Base Designer Easy Copy, which is used by Clash of Clans players to create custom base layouts, exposed its Firebase database and user-sensitive information. The app has over 100,000 downloads on the Google Play store.SECURITYAFFAIRS.COM
2 JanPalo Alto Networks Closes Talon Cyber Security AcquisitionThe integration of Talon's Enterprise Browser with Prisma SASE will provide enhanced data protection for users across all applications and devices, addressing the security risks posed by web browsing on unmanaged devices.DARKREADING.COM
2 JanNew Version of Meduza Stealer Released in Dark WebThis updated version of Meduza Stealer includes support for more software clients, an upgraded credit card grabber, and improved mechanisms for storing and extracting credentials and tokens.SECURITYAFFAIRS.COM
2 JanGoogle Settles Lawsuit Over Tracking People in ‘Incognito Mode'Google has agreed to settle a $5 billion privacy lawsuit that accused the company of collecting personal data from users even when they were in "private browsing mode" on its Chrome browser.EURONEWS.COM
2 JanThe Definitive Enterprise Browser Buyer's GuideSecurity stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and clo…THEHACKERNEWS.COM
2 JanSpotify Music Converter TuneFab Puts Users at Risk Due to Misconfigured MongoDB InstanceTuneFab converter, a tool used to convert copyrighted music from streaming platforms, exposed over 151 million records of users' private data due to a misconfiguration on MongoDB.SECURITYAFFAIRS.COM
2 JanPentagon Reveals Updated Cost Estimates for CMMC ImplementationThe Pentagon has provided new cost estimates for implementing its Cybersecurity Maturity Model Certification program, with projected costs totaling around $4 billion for contractors and other non-government entities over a 20-year period.DEFENSESCOOP.COM
2 JanCybercrime, AI Supremacy And The Metaverse - The Tech Stories That Will Dominate 2024PACKETSTORMSECURITY.COM
2 JanNew Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 ProtectionsThe technique leverages executables in the trusted WinSxS folder, making it possible to run nefarious code without elevated privileges and introduce potentially vulnerable binaries into the attack chain.THEHACKERNEWS.COM
2 JanAndroid Game Developer’s Google Drive Misconfiguration Leaks Information on Nearly One Million UsersA simple Google Drive configuration mistake by Japanese game developer Ateam resulted in the potential exposure of sensitive information for nearly one million individuals, highlighting the importance of properly securing cloud services.BLEEPINGCOMPUTER.COM
2 JanGoogle Groups is ending support for Usenet to combat spamGoogle has officially announced it's ceasing support for Usenet groups on its Google Groups platform, a move partly attributed to the platform's increasing struggle with spam content. [...]BLEEPINGCOMPUTER.COM
2 JanSteam drops support for Windows 7 and 8.1 to boost securitySteam is no longer supported on Windows 7, Windows 8, and Windows 8.1 as of January 1, with the company recommending users upgrade to a newer operating system. [...]BLEEPINGCOMPUTER.COM