🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
3 FebCritical Vulnerability in Mastodon Sparks Patching FrenzyMastodon users and administrators need to upgrade to the latest version to patch a critical vulnerability (CVE-2024-23832) that allows attackers to take over accounts remotely.THEREGISTER.COM
3 FebMastodon Vulnerability Allows Hackers to Hijack Any Decentralized AccountThe decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. "Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the mainta…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 5[−]
3 FebAnyDesk Says Hackers Breached its Production Servers, Reset PasswordsThe attackers stole source code and code signing certificates. AnyDesk responded by revoking security certificates, replacing systems, and reassuring customers that it is safe to use the software.BLEEPINGCOMPUTER.COM
3 FebMastodon vulnerability allows attackers to take over accountsMastodon, the free and open-source decentralized social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account. [...]BLEEPINGCOMPUTER.COM
3 FebCIA Vault7 WikiLeaks source sentenced 40 years (convicted of possessing child sexual abuse material)submitted by clever_banana to securitynews 1 points | 0 comments https://www.aljazeera.com/news/2024/2/2/ex-cia-software-engineer-who-leaked-to-wikileaks-sentenced-to-40-years Ex-CIA software engineer who leaked to WikiLeaks sentenced to 40 years 2 Feb 2024 Joshua Schulte had bee…ALJAZEERA.COM
3 FebDeluder: Python utility for intercepting traffic of applications. Deluder can be used as an alternative for EchoMirage. It supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the b...submitted by L4s to secops 1 points | 0 comments https://github.com/Warxim/deluder Deluder: Python utility for intercepting traffic of applications. Deluder can be used as an alternative for EchoMirage. It supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the b…GITHUB.COM
3 FebAnyDesk Hacked: Popular Remote Desktop Software Mandates Password ResetRemote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The German company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified …THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 4[−]
3 FebAnyDesk - Cybersecurity incident, public statementsubmitted by Penguincoder to cybersecurity 1 points | 0 comments https://anydesk.com/en/public-statementANYDESK.COM
3 FebIran-Linked Hackers Claim Attack on Albania’s Institute of StatisticsThe hackers claimed to have accessed over 100 terabytes of Albania’s geographic information system and population data, although the institute denied that recent census data was compromised.THERECORD.MEDIA
3 FebClorox says cyberattack caused $49 million in expensesClorox has confirmed that a September 2023 cyberattack has so far cost the company $49 million in expenses related to the response to the incident. [...]BLEEPINGCOMPUTER.COM
3 FebU.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber AttacksThe U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries. The officials include Hamid R…THEHACKERNEWS.COM
🕵️ THREAT INTELLIGENCE 2[−]
3 FebDShield Sensor Log Collection with Elasticsearch, (Sat, Feb 3rd)This is fork from the original work by Scott Jensen [ 1 ][ 2 ] originally published here as guest diary part of the SANS.edu BACS program. This update has a number of new features now available in Github [ 4 ].
ISC.SANS.EDU
3 FebIn Other News: Palo Alto Loses Patent Lawsuit, Identity Firms Get Funding, Government HackersNoteworthy stories that might have slipped under the radar: Palo Alto Networks ordered to pay $150 million in patent lawsuit, identity solutions firms get big funding, government hacker techniques. The post In Other News: Palo Alto Loses Patent Lawsuit, Identity Firms Get Funding…SECURITYWEEK.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
3 FebmacOS Malware Campaign Showcases Novel Delivery TechniqueThe backdoor, called Activator, employs a unique delivery method that backdoors the victim during the installation process, making it challenging to remove the infection even if the cracked software is removed.DARKREADING.COM
📡 INFOSEC NEWS 3[−]
3 FebFake Voicemail as Credential Harvesting LureThe attackers disguise the email to appear as if it's from a legitimate brand, using social engineering techniques to lure recipients into clicking on what seems to be an embedded voicemail but is actually a credential harvesting page.AVANAN.COM
3 FebSouth African Railways Lost Over $1M in Phishing ScamThe Passenger Rail Agency of South Africa (PRASA) reported a loss of 30.6 million rand due to a phishing scam, with only half of the stolen money recovered. Insider threats, such as ghost email accounts, are suspected.DARKREADING.COM
3 FebCheck if you're in Google Chrome's third-party cookie phaseout testGoogle has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. [...]BLEEPINGCOMPUTER.COM